[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013 MPLS Layer 3 (VPRN) Model P, PE and CE Routers Configuration Distributed Protocols – BGP/OSPF/EIGRP/RIP/STATIC Routes Definition: Layer 3 VPN (VPRN), or VPRN (virtual private routed network), utilizes layer 3 VRF (VPN/virtual routing and forwarding) to segment routing tables for each “customer” utilizing the service. The customer peers with the service provider router and the two exchange routes, which are placed into a routing table specific to the customer. Multiprotocol BGP (MP-BGP) is required in the cloud to utilize the service, which increases complexity of design and implementation. L3 VPNs are typically not deployed on utility networks due to their complexity; however a L3 VPN could be used to route traffic between corporate or datacenter locations. MPLS Layer 3 VPRN - peer-to-peer model using Multi Protocol- Border Gateway Protocol (iBGP) to redistribute VPN(VRF) information and transport using (eBGP), Customers use various transport protocols to establish connectivity to their respective Branch offices. Scenario: Summary Details of Configurations lies within this document: All “P” Routers exchange routes using OSPF inter area (Backbone Area). All “PE” Routers exchange internal routes using OSPF inter area, moreover using “IBGP” to exchange vpnv4 community routes. All “CE” Routers exchange routes (unicast traffic) using “eBGP” protocol ipv4 configuration within “PE” Routers. All “CE” Routers will be considered as VRF Customers and connected to MPLS VPN Super Backbone. All routes will be isolated for VRF traffic within PE Routers. Few Commands to verify configurations on “PE” Routers: show ip bgp vpnv4 all show vrf show ip bgp ipv4 unicast summary show ip route vrf “Customer3_Site1” show mpls ldp neighbor show mpls ldp bindings detail
114
Embed
MPLS Layer 3 (VPRN) Model P, PE and CE Routers ...€¦ · Multiprotocol BGP (MP-BGP) is required in the cloud to utilize the service, ... peer-to-peer model using Multi Protocol-
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
MPLS Layer 3 (VPRN) Model P, PE and CE Routers Configuration
Layer 3 VPN (VPRN), or VPRN (virtual private routed network), utilizes layer 3 VRF (VPN/virtual routing and forwarding) to segment routing tables for each “customer” utilizing the service. The customer peers with the service provider router and the two exchange routes, which are placed into a routing table specific to the customer. Multiprotocol BGP (MP-BGP) is required in the cloud to utilize the service, which increases complexity of design and implementation. L3 VPNs are typically not deployed on utility networks due to their complexity; however a L3 VPN could be used to route traffic between corporate or datacenter locations. MPLS Layer 3 VPRN - peer-to-peer model using Multi Protocol- Border Gateway Protocol (iBGP) to redistribute VPN(VRF) information and transport using (eBGP), Customers use various transport protocols to establish connectivity to their respective Branch offices.
Scenario: Summary Details of Configurations lies within this document:
All “P” Routers exchange routes using OSPF inter area (Backbone Area).
All “PE” Routers exchange internal routes using OSPF inter area, moreover using “IBGP” to exchange vpnv4 community routes.
All “CE” Routers exchange routes (unicast traffic) using “eBGP” protocol ipv4 configuration within “PE” Routers.
All “CE” Routers will be considered as VRF Customers and connected to MPLS VPN Super Backbone.
All routes will be isolated for VRF traffic within PE Routers.
Few Commands to verify configurations on “PE” Routers:
show ip bgp vpnv4 all
show vrf
show ip bgp ipv4 unicast summary
show ip route vrf “Customer3_Site1”
show mpls ldp neighbor
show mpls ldp bindings detail
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
PE1#show ip bgp vpnv4 all BGP table version is 17, local router ID is 4.4.4.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:1 (default for vrf Customer1_Site1) *> 101.101.101.0/24 172.10.10.1 65 32768 ? *>i102.102.102.0/24 6.6.6.6 65 100 0 ? *> 172.10.10.0/30 0.0.0.0 0 32768 ? *>i172.10.20.0/30 6.6.6.6 0 100 0 ? Route Distinguisher: 300:1 (default for vrf Customer3_Site1) *>i38.38.38.0/24 9.9.9.9 2297856 100 0 ? *> 108.108.108.0/24 172.10.50.1 2297856 32768 ? *> 172.10.50.0/30 0.0.0.0 0 32768 ? *>i172.10.60.0/30 9.9.9.9 0 100 0 ? PE1#show vrf Name Default RD Protocols Interfaces Customer1_Site1 100:1 ipv4 Se5/0 Customer3_Site1 300:1 ipv4 Se5/1 PE1#show ip route vrf Customer1_Site1 Routing Table: Customer1_Site1 Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 102.0.0.0/24 is subnetted, 1 subnets B 102.102.102.0 [200/65] via 6.6.6.6, 00:06:14 101.0.0.0/24 is subnetted, 1 subnets O 101.101.101.0 [110/65] via 172.10.10.1, 00:07:46, Serial5/0 172.10.0.0/30 is subnetted, 2 subnets C 172.10.10.0 is directly connected, Serial5/0 B 172.10.20.0 [200/0] via 6.6.6.6, 00:06:29
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
PE1#show mpls ldp neighbor Peer LDP Ident: 1.1.1.1:0; Local LDP Ident 4.4.4.4:0 TCP connection: 1.1.1.1.646 - 4.4.4.4.61215 State: Oper; Msgs sent/rcvd: 290/289; Downstream Up time: 03:50:17 LDP discovery sources: GigabitEthernet0/0, Src IP addr: 10.10.30.2 Addresses bound to peer LDP Ident: 10.10.10.1 1.1.1.1 10.10.30.2 10.10.40.2 10.10.90.1 10.10.104.1 Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 4.4.4.4:0 TCP connection: 3.3.3.3.646 - 4.4.4.4.55394 State: Oper; Msgs sent/rcvd: 290/286; Downstream Up time: 03:50:06 LDP discovery sources: GigabitEthernet2/0, Src IP addr: 10.10.103.2 Addresses bound to peer LDP Ident: 10.10.20.1 3.3.3.3 10.10.70.2 10.10.80.2 10.10.102.1 10.10.103.2 PE1#show ip bgp ipv4 unicast summary BGP router identifier 4.4.4.4, local AS number 1 BGP table version is 1, main routing table version 1 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 5.5.5.5 4 1 231 239 1 0 0 03:50:58 0 6.6.6.6 4 1 234 238 1 0 0 03:50:56 0 7.7.7.7 4 1 230 238 1 0 0 03:50:17 0 8.8.8.8 4 1 230 238 1 0 0 03:50:06 0 9.9.9.9 4 1 233 238 1 0 0 03:50:07 0
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
Details: P1 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400) Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 10.10.10.1 YES NVRAM up up GigabitEthernet1/0 unassigned YES NVRAM administratively down down GigabitEthernet2/0 10.10.30.2 YES NVRAM up up GigabitEthernet3/0 10.10.40.2 YES NVRAM up up GigabitEthernet4/0 10.10.90.1 YES NVRAM up up GigabitEthernet5/0 10.10.104.1 YES NVRAM up up SSLVPN-VIF0 unassigned NO unset up up Loopback0 1.1.1.1 YES NVRAM up up
P1#show running-config Building configuration... Current configuration : 4388 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname P1 ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 $1$Fu1r$YKF4ryo0r8QHyAl9tJUi71 ! aaa new-model ! ! aaa authentication login default local aaa authentication enable default enable aaa authorization console aaa authorization exec default local if-authenticated aaa authorization commands 15 default local if-authenticated ! ! aaa session-id common ip source-route ip cef !
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
no ip address shutdown duplex auto ! interface GigabitEthernet0/0 description Connected to P2 ip address 10.10.10.1 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point duplex full speed 1000 media-type gbic negotiation auto mpls ip ! interface GigabitEthernet1/0 no ip address shutdown negotiation auto ! interface GigabitEthernet2/0 description Connected to PE1 ip address 10.10.30.2 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point negotiation auto mpls ip ! interface GigabitEthernet3/0 description Connected to PE2 ip address 10.10.40.2 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point negotiation auto mpls ip ! interface GigabitEthernet4/0 description Connected to PE3 ip address 10.10.90.1 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point negotiation auto mpls ip ! interface GigabitEthernet5/0 description Connected to PE6-Backup Link ip address 10.10.104.1 255.255.255.252 ip ospf message-digest-key 1 md5 cisco
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
ip ospf network point-to-point negotiation auto mpls ip ! router ospf 1 log-adjacency-changes area 0 authentication message-digest network 1.1.1.0 0.0.0.255 area 0 network 10.10.10.0 0.0.0.255 area 0 network 10.10.30.0 0.0.0.255 area 0 network 10.10.40.0 0.0.0.255 area 0 network 10.10.90.0 0.0.0.255 area 0 network 10.10.104.0 0.0.0.255 area 0 ! ip forward-protocol nd ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 1000 ! logging alarm informational ! ! mpls ldp router-id Loopback0 ! control-plane ! gatekeeper shutdown ! ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 ! end P1#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
o - ODR, P - periodic downloaded static route Gateway of last resort is not set 1.0.0.0/24 is subnetted, 1 subnets C 1.1.1.0 is directly connected, Loopback0 2.0.0.0/24 is subnetted, 1 subnets O 2.2.2.0 [110/2] via 10.10.10.2, 03:29:37, GigabitEthernet0/0 3.0.0.0/24 is subnetted, 1 subnets O 3.3.3.0 [110/3] via 10.10.104.2, 03:28:28, GigabitEthernet5/0 [110/3] via 10.10.30.1, 03:29:37, GigabitEthernet2/0 [110/3] via 10.10.10.2, 03:29:37, GigabitEthernet0/0 4.0.0.0/24 is subnetted, 1 subnets O 4.4.4.0 [110/2] via 10.10.30.1, 03:29:37, GigabitEthernet2/0 5.0.0.0/24 is subnetted, 1 subnets O 5.5.5.0 [110/2] via 10.10.40.1, 03:29:27, GigabitEthernet3/0 6.0.0.0/24 is subnetted, 1 subnets O 6.6.6.0 [110/2] via 10.10.90.2, 03:29:27, GigabitEthernet4/0 7.0.0.0/24 is subnetted, 1 subnets O 7.7.7.0 [110/3] via 10.10.10.2, 03:28:49, GigabitEthernet0/0 8.0.0.0/24 is subnetted, 1 subnets O 8.8.8.0 [110/3] via 10.10.10.2, 03:28:39, GigabitEthernet0/0 9.0.0.0/24 is subnetted, 1 subnets O 9.9.9.0 [110/2] via 10.10.104.2, 03:28:29, GigabitEthernet5/0 10.0.0.0/30 is subnetted, 14 subnets C 10.10.10.0 is directly connected, GigabitEthernet0/0 O 10.10.20.0 [110/2] via 10.10.10.2, 03:29:37, GigabitEthernet0/0 C 10.10.30.0 is directly connected, GigabitEthernet2/0 C 10.10.40.0 is directly connected, GigabitEthernet3/0 O 10.10.50.0 [110/2] via 10.10.90.2, 03:29:27, GigabitEthernet4/0 [110/2] via 10.10.10.2, 03:29:37, GigabitEthernet0/0 O 10.10.60.0 [110/2] via 10.10.10.2, 03:29:37, GigabitEthernet0/0 O 10.10.70.0 [110/3] via 10.10.104.2, 03:28:29, GigabitEthernet5/0 [110/3] via 10.10.30.1, 03:29:37, GigabitEthernet2/0 [110/3] via 10.10.10.2, 03:28:29, GigabitEthernet0/0 O 10.10.80.0 [110/2] via 10.10.104.2, 03:28:29, GigabitEthernet5/0 C 10.10.90.0 is directly connected, GigabitEthernet4/0 O 10.10.100.0 [110/2] via 10.10.40.1, 03:29:27, GigabitEthernet3/0 [110/2] via 10.10.10.2, 03:29:37, GigabitEthernet0/0 O 10.10.101.0 [110/2] via 10.10.10.2, 03:29:37, GigabitEthernet0/0 O 10.10.102.0 [110/3] via 10.10.104.2, 03:28:30, GigabitEthernet5/0 [110/3] via 10.10.30.1, 03:29:39, GigabitEthernet2/0 [110/3] via 10.10.10.2, 03:28:30, GigabitEthernet0/0 O 10.10.103.0 [110/2] via 10.10.30.1, 03:29:39, GigabitEthernet2/0 C 10.10.104.0 is directly connected, GigabitEthernet5/0 P1#
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
Details: P2 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400) Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 10.10.10.2 YES NVRAM up up GigabitEthernet1/0 unassigned YES NVRAM administratively down down GigabitEthernet2/0 10.10.20.2 YES NVRAM up up GigabitEthernet3/0 10.10.50.2 YES NVRAM up up GigabitEthernet4/0 10.10.60.2 YES NVRAM up up GigabitEthernet5/0 10.10.101.1 YES NVRAM up up GigabitEthernet6/0 10.10.100.1 YES NVRAM up up SSLVPN-VIF0 unassigned NO unset up up Loopback0 2.2.2.2 YES NVRAM up up
P2#show running-config Building configuration... Current configuration : 4613 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname P2 ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 $1$R5V7$Cu6bO11GXhS.Yt2iox81X/ ! aaa new-model ! aaa authentication login default local aaa authentication enable default enable aaa authorization console aaa authorization exec default local if-authenticated aaa authorization commands 15 default local if-authenticated ! ! aaa session-id common ip source-route ip cef !
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
shutdown duplex auto ! interface GigabitEthernet0/0 description Connected to P1 ip address 10.10.10.2 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point duplex full speed 1000 media-type gbic negotiation auto mpls ip ! interface GigabitEthernet1/0 no ip address shutdown negotiation auto ! interface GigabitEthernet2/0 description Connected to P3 ip address 10.10.20.2 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point negotiation auto mpls ip ! interface GigabitEthernet3/0 description Connected to PE3 ip address 10.10.50.2 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point negotiation auto mpls ip ! interface GigabitEthernet4/0 description Connected to PE4 ip address 10.10.60.2 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point negotiation auto mpls ip ! interface GigabitEthernet5/0 description Connected to PE5 ip address 10.10.101.1 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
negotiation auto mpls ip ! interface GigabitEthernet6/0 description Connected to PE2 ip address 10.10.100.1 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point negotiation auto mpls ip ! router ospf 1 log-adjacency-changes area 0 authentication message-digest network 2.2.2.0 0.0.0.255 area 0 network 10.10.10.0 0.0.0.255 area 0 network 10.10.20.0 0.0.0.255 area 0 network 10.10.50.0 0.0.0.255 area 0 network 10.10.60.0 0.0.0.255 area 0 network 10.10.100.0 0.0.0.255 area 0 network 10.10.101.0 0.0.0.255 area 0 ! ip forward-protocol nd ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 1000 ! logging alarm informational ! mpls ldp router-id Loopback0 ! control-plane ! gatekeeper shutdown ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 ! end
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
P2# show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 1.0.0.0/24 is subnetted, 1 subnets O 1.1.1.0 [110/2] via 10.10.10.1, 03:31:12, GigabitEthernet0/0 2.0.0.0/24 is subnetted, 1 subnets C 2.2.2.0 is directly connected, Loopback0 3.0.0.0/24 is subnetted, 1 subnets O 3.3.3.0 [110/2] via 10.10.20.1, 03:31:12, GigabitEthernet2/0 4.0.0.0/24 is subnetted, 1 subnets O 4.4.4.0 [110/3] via 10.10.20.1, 03:31:12, GigabitEthernet2/0 [110/3] via 10.10.10.1, 03:31:12, GigabitEthernet0/0 5.0.0.0/24 is subnetted, 1 subnets O 5.5.5.0 [110/2] via 10.10.100.2, 03:31:12, GigabitEthernet6/0 6.0.0.0/24 is subnetted, 1 subnets O 6.6.6.0 [110/2] via 10.10.50.1, 03:31:02, GigabitEthernet3/0 7.0.0.0/24 is subnetted, 1 subnets O 7.7.7.0 [110/2] via 10.10.60.1, 03:30:26, GigabitEthernet4/0 8.0.0.0/24 is subnetted, 1 subnets O 8.8.8.0 [110/2] via 10.10.101.2, 03:30:16, GigabitEthernet5/0 9.0.0.0/24 is subnetted, 1 subnets O 9.9.9.0 [110/3] via 10.10.20.1, 03:30:16, GigabitEthernet2/0 [110/3] via 10.10.10.1, 03:30:06, GigabitEthernet0/0 10.0.0.0/30 is subnetted, 14 subnets C 10.10.10.0 is directly connected, GigabitEthernet0/0 C 10.10.20.0 is directly connected, GigabitEthernet2/0 O 10.10.30.0 [110/2] via 10.10.10.1, 03:31:13, GigabitEthernet0/0 O 10.10.40.0 [110/2] via 10.10.100.2, 03:31:13, GigabitEthernet6/0 [110/2] via 10.10.10.1, 03:31:13, GigabitEthernet0/0 C 10.10.50.0 is directly connected, GigabitEthernet3/0 C 10.10.60.0 is directly connected, GigabitEthernet4/0 O 10.10.70.0 [110/2] via 10.10.101.2, 03:30:16, GigabitEthernet5/0 [110/2] via 10.10.20.1, 03:31:13, GigabitEthernet2/0 O 10.10.80.0 [110/2] via 10.10.20.1, 03:31:13, GigabitEthernet2/0 O 10.10.90.0 [110/2] via 10.10.50.1, 03:31:03, GigabitEthernet3/0 [110/2] via 10.10.10.1, 03:31:13, GigabitEthernet0/0 C 10.10.100.0 is directly connected, GigabitEthernet6/0 C 10.10.101.0 is directly connected, GigabitEthernet5/0 O 10.10.102.0 [110/2] via 10.10.60.1, 03:30:26, GigabitEthernet4/0 [110/2] via 10.10.20.1, 03:31:13, GigabitEthernet2/0
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
O 10.10.103.0 [110/2] via 10.10.20.1, 03:31:14, GigabitEthernet2/0 O 10.10.104.0 [110/2] via 10.10.10.1, 03:31:14, GigabitEthernet0/0 P2#
Details: P3 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400) Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 10.10.20.1 YES NVRAM up up FastEthernet1/0 unassigned YES NVRAM administratively down down FastEthernet1/1 unassigned YES NVRAM administratively down down GigabitEthernet2/0 10.10.70.2 YES NVRAM up up GigabitEthernet3/0 10.10.80.2 YES NVRAM up up GigabitEthernet4/0 10.10.102.1 YES NVRAM up up GigabitEthernet5/0 10.10.103.2 YES NVRAM up up GigabitEthernet6/0 unassigned YES NVRAM administratively down down SSLVPN-VIF0 unassigned NO unset up up Loopback0 3.3.3.3 YES NVRAM up up
P3#show running-config Building configuration... Current configuration : 4546 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname P3 ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 $1$ByfJ$V8hy8JTK.MgR5t3noFnx91 ! aaa new-model ! aaa authentication login default local aaa authentication enable default enable aaa authorization console aaa authorization exec default local if-authenticated
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
! interface Ethernet0/0 no ip address shutdown duplex auto ! interface GigabitEthernet0/0 description Connected to P2 ip address 10.10.20.1 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point duplex full speed 1000 media-type gbic negotiation auto mpls ip ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet2/0 description Connected to PE5 ip address 10.10.70.2 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point negotiation auto mpls ip ! interface GigabitEthernet3/0 description Connected to PE6 ip address 10.10.80.2 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point negotiation auto mpls ip ! interface GigabitEthernet4/0 description Connected to PE4 ip address 10.10.102.1 255.255.255.252
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point negotiation auto mpls ip ! interface GigabitEthernet5/0 description Connected to PE1-Backup Link ip address 10.10.103.2 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point negotiation auto mpls ip ! interface GigabitEthernet6/0 no ip address shutdown negotiation auto ! router ospf 1 log-adjacency-changes area 0 authentication message-digest network 3.3.3.0 0.0.0.255 area 0 network 10.10.20.0 0.0.0.255 area 0 network 10.10.70.0 0.0.0.255 area 0 network 10.10.80.0 0.0.0.255 area 0 network 10.10.102.0 0.0.0.255 area 0 network 10.10.103.0 0.0.0.255 area 0 ! ip forward-protocol nd ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 1000 ! logging alarm informational ! mpls ldp router-id Loopback0 ! control-plane ! gatekeeper shutdown ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
stopbits 1 line vty 0 4 ! End P3# show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 1.0.0.0/24 is subnetted, 1 subnets O 1.1.1.0 [110/3] via 10.10.103.1, 03:31:56, GigabitEthernet5/0 [110/3] via 10.10.80.1, 03:30:51, GigabitEthernet3/0 [110/3] via 10.10.20.2, 03:31:56, GigabitEthernet0/0 2.0.0.0/24 is subnetted, 1 subnets O 2.2.2.0 [110/2] via 10.10.20.2, 03:31:56, GigabitEthernet0/0 3.0.0.0/24 is subnetted, 1 subnets C 3.3.3.0 is directly connected, Loopback0 4.0.0.0/24 is subnetted, 1 subnets O 4.4.4.0 [110/2] via 10.10.103.1, 03:31:56, GigabitEthernet5/0 5.0.0.0/24 is subnetted, 1 subnets O 5.5.5.0 [110/3] via 10.10.20.2, 03:31:56, GigabitEthernet0/0 6.0.0.0/24 is subnetted, 1 subnets O 6.6.6.0 [110/3] via 10.10.20.2, 03:31:47, GigabitEthernet0/0 7.0.0.0/24 is subnetted, 1 subnets O 7.7.7.0 [110/2] via 10.10.102.2, 03:31:12, GigabitEthernet4/0 8.0.0.0/24 is subnetted, 1 subnets O 8.8.8.0 [110/2] via 10.10.70.1, 03:31:02, GigabitEthernet2/0 9.0.0.0/24 is subnetted, 1 subnets O 9.9.9.0 [110/2] via 10.10.80.1, 03:31:02, GigabitEthernet3/0 10.0.0.0/30 is subnetted, 14 subnets O 10.10.10.0 [110/2] via 10.10.20.2, 03:31:57, GigabitEthernet0/0 C 10.10.20.0 is directly connected, GigabitEthernet0/0 O 10.10.30.0 [110/2] via 10.10.103.1, 03:31:57, GigabitEthernet5/0 O 10.10.40.0 [110/3] via 10.10.103.1, 03:31:57, GigabitEthernet5/0 [110/3] via 10.10.80.1, 03:30:52, GigabitEthernet3/0 [110/3] via 10.10.20.2, 03:30:52, GigabitEthernet0/0 O 10.10.50.0 [110/2] via 10.10.20.2, 03:31:57, GigabitEthernet0/0 O 10.10.60.0 [110/2] via 10.10.102.2, 03:31:12, GigabitEthernet4/0 [110/2] via 10.10.20.2, 03:31:57, GigabitEthernet0/0 C 10.10.70.0 is directly connected, GigabitEthernet2/0 C 10.10.80.0 is directly connected, GigabitEthernet3/0
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
O 10.10.90.0 [110/3] via 10.10.103.1, 03:31:57, GigabitEthernet5/0 [110/3] via 10.10.80.1, 03:30:52, GigabitEthernet3/0 [110/3] via 10.10.20.2, 03:30:52, GigabitEthernet0/0 O 10.10.100.0 [110/2] via 10.10.20.2, 03:31:57, GigabitEthernet0/0 O 10.10.101.0 [110/2] via 10.10.70.1, 03:31:02, GigabitEthernet2/0 [110/2] via 10.10.20.2, 03:31:57, GigabitEthernet0/0 C 10.10.102.0 is directly connected, GigabitEthernet4/0 C 10.10.103.0 is directly connected, GigabitEthernet5/0 O 10.10.104.0 [110/2] via 10.10.80.1, 03:31:02, GigabitEthernet3/0 P3#
Details: PE1 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400) Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 10.10.30.1 YES NVRAM up up FastEthernet1/0 unassigned YES NVRAM administratively down down FastEthernet1/1 unassigned YES NVRAM administratively down down GigabitEthernet2/0 10.10.103.1 YES NVRAM up up GigabitEthernet3/0 unassigned YES NVRAM administratively down down GigabitEthernet4/0 unassigned YES NVRAM administratively down down Serial5/0 172.10.10.2 YES NVRAM up down Serial5/1 172.10.50.2 YES NVRAM up down Serial5/2 unassigned YES NVRAM administratively down down Serial5/3 unassigned YES NVRAM administratively down down SSLVPN-VIF0 unassigned NO unset up up Loopback0 4.4.4.4 YES NVRAM up up
PE1#show running-config Building configuration... Current configuration : 6243 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname PE1 ! boot-start-marker boot-end-marker !
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
shutdown duplex auto speed auto ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet2/0 description Connected to P3-Backup-Link ip address 10.10.103.1 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point negotiation auto mpls ip ! interface GigabitEthernet3/0 no ip address shutdown negotiation auto ! interface GigabitEthernet4/0 no ip address shutdown negotiation auto ! interface Serial5/0 description Connected to Customer1_Site1 ip vrf forwarding Customer1_Site1 ip address 172.10.10.2 255.255.255.252 serial restart-delay 0 ! interface Serial5/1 description Connected to Customer3_Site1 ip vrf forwarding Customer3_Site1 ip address 172.10.50.2 255.255.255.252 serial restart-delay 0 ! interface Serial5/2 no ip address shutdown serial restart-delay 0 ! interface Serial5/3 no ip address shutdown
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
neighbor 7.7.7.7 send-community both neighbor 8.8.8.8 activate neighbor 8.8.8.8 send-community both neighbor 9.9.9.9 activate neighbor 9.9.9.9 send-community both exit-address-family ! address-family ipv4 vrf Customer3_Site1 redistribute eigrp 100 no synchronization exit-address-family ! address-family ipv4 vrf Customer1_Site1 redistribute connected redistribute ospf 100 vrf Customer1_Site1 match internal external 1 external 2 no synchronization exit-address-family ! ip forward-protocol nd ip http server ip http authentication local ! logging alarm informational ! mpls ldp router-id Loopback0 ! control-plane ! gatekeeper shutdown ! ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 privilege level 15 transport input telnet ssh line vty 5 15 privilege level 15 transport input telnet ssh ! end PE1#
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
Details: PE2 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400) Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 10.10.40.1 YES NVRAM up up FastEthernet1/0 unassigned YES NVRAM administratively down down FastEthernet1/1 unassigned YES NVRAM administratively down down GigabitEthernet2/0 10.10.100.2 YES NVRAM up up GigabitEthernet3/0 unassigned YES NVRAM administratively down down GigabitEthernet4/0 unassigned YES NVRAM administratively down down Serial5/0 172.10.30.2 YES NVRAM up down Serial5/1 unassigned YES NVRAM administratively down down Serial5/2 unassigned YES NVRAM administratively down down Serial5/3 unassigned YES NVRAM administratively down down SSLVPN-VIF0 unassigned NO unset up up Loopback0 5.5.5.5 YES NVRAM up up
PE2#show running-config Building configuration... Current configuration : 5489 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname PE2 ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 $1$PAHX$m2dAuLIKSr/Jb.k3114av0 ! aaa new-model ! ! aaa authentication login default local aaa authentication enable default enable aaa authorization console aaa authorization exec default local if-authenticated aaa authorization commands 15 default local if-authenticated ! !
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
hidekeys ! interface Loopback0 ip address 5.5.5.5 255.255.255.0 ip ospf network point-to-point ! interface Ethernet0/0 no ip address shutdown duplex auto ! interface GigabitEthernet0/0 description Connected to P1 ip address 10.10.40.1 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point duplex full speed 1000 media-type gbic negotiation auto mpls ip ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet2/0 description Connected to P2 ip address 10.10.100.2 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point negotiation auto mpls ip ! interface GigabitEthernet3/0 no ip address shutdown negotiation auto ! interface GigabitEthernet4/0
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
no ip address shutdown negotiation auto ! interface Serial5/0 description Connected to Customer2_Site1 ip vrf forwarding Customer2_Site1 ip address 172.10.30.2 255.255.255.252 serial restart-delay 0 ! interface Serial5/1 no ip address shutdown serial restart-delay 0 ! interface Serial5/2 no ip address shutdown serial restart-delay 0 ! interface Serial5/3 no ip address shutdown serial restart-delay 0 ! router ospf 1 log-adjacency-changes area 0 authentication message-digest network 5.5.5.0 0.0.0.255 area 0 network 10.10.40.0 0.0.0.255 area 0 network 10.10.100.0 0.0.0.255 area 0 network 0.0.0.0 255.255.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes neighbor 4.4.4.4 remote-as 1 neighbor 4.4.4.4 update-source Loopback0 neighbor 6.6.6.6 remote-as 1 neighbor 6.6.6.6 update-source Loopback0 neighbor 7.7.7.7 remote-as 1 neighbor 7.7.7.7 update-source Loopback0 neighbor 8.8.8.8 remote-as 1 neighbor 8.8.8.8 update-source Loopback0 neighbor 9.9.9.9 remote-as 1 neighbor 9.9.9.9 update-source Loopback0 no auto-summary !
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
address-family vpnv4 neighbor 4.4.4.4 activate neighbor 4.4.4.4 send-community both neighbor 6.6.6.6 activate neighbor 6.6.6.6 send-community both neighbor 7.7.7.7 activate neighbor 7.7.7.7 send-community both neighbor 8.8.8.8 activate neighbor 8.8.8.8 send-community both neighbor 9.9.9.9 activate neighbor 9.9.9.9 send-community both exit-address-family ! address-family ipv4 vrf Customer2_Site1 redistribute connected neighbor 172.10.30.1 remote-as 65000 neighbor 172.10.30.1 activate neighbor 172.10.30.1 as-override neighbor 172.10.30.1 advertisement-interval 5 no synchronization exit-address-family ! ip forward-protocol nd ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 1000 ! logging alarm informational ! mpls ldp router-id Loopback0 ! control-plane ! gatekeeper shutdown ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 ! end PE2#
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
Details: PE3 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400) Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 10.10.50.1 YES NVRAM up up FastEthernet1/0 unassigned YES NVRAM administratively down down FastEthernet1/1 unassigned YES NVRAM administratively down down GigabitEthernet2/0 10.10.90.2 YES NVRAM up up GigabitEthernet3/0 unassigned YES NVRAM administratively down down GigabitEthernet4/0 unassigned YES NVRAM administratively down down Serial5/0 172.10.20.2 YES NVRAM up down Serial5/1 172.10.70.2 YES NVRAM up down Serial5/2 unassigned YES NVRAM administratively down down Serial5/3 unassigned YES NVRAM administratively down down SSLVPN-VIF0 unassigned NO unset up up Loopback0 6.6.6.6 YES NVRAM up up
PE3#show running-config Building configuration... Current configuration : 6124 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname PE3 ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 $1$SpQm$7oMjWIsigrdCrhjrwoGIT1 ! aaa new-model ! ! aaa authentication login default local aaa authentication enable default enable aaa authorization console aaa authorization exec default local if-authenticated aaa authorization commands 15 default local if-authenticated ! !
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
username waqas privilege 15 secret 5 $1$zLOm$XHWI/HQ9Ghp9SdU8qdqaL. archive log config hidekeys ! interface Loopback0 ip address 6.6.6.6 255.255.255.0 ip ospf network point-to-point ! interface Ethernet0/0 no ip address shutdown duplex auto ! interface GigabitEthernet0/0 description Connected to P2 ip address 10.10.50.1 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point duplex full speed 1000 media-type gbic negotiation auto mpls ip ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet2/0 description Connected to P1 ip address 10.10.90.2 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point negotiation auto mpls ip ! interface GigabitEthernet3/0 no ip address shutdown
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
negotiation auto ! interface GigabitEthernet4/0 no ip address shutdown negotiation auto ! interface Serial5/0 description Connected to Customer1_Site2 ip vrf forwarding Customer1_Site2 ip address 172.10.20.2 255.255.255.252 serial restart-delay 0 ! interface Serial5/1 description Connected to Customer5_Site1 ip vrf forwarding Customer5_Site1 ip address 172.10.70.2 255.255.255.252 serial restart-delay 0 ! interface Serial5/2 no ip address shutdown serial restart-delay 0 ! interface Serial5/3 no ip address shutdown serial restart-delay 0 ! router ospf 100 vrf Customer1_Site2 log-adjacency-changes redistribute bgp 1 metric-type 1 subnets network 102.102.102.0 0.0.0.255 area 1 network 172.10.20.0 0.0.0.255 area 1 ! router ospf 1 log-adjacency-changes area 0 authentication message-digest network 6.6.6.0 0.0.0.255 area 0 network 10.10.50.0 0.0.0.255 area 0 network 10.10.90.0 0.0.0.255 area 0 network 0.0.0.0 255.255.255.255 area 0 ! router rip version 2 timers basic 20 40 40 80 ! address-family ipv4 vrf Customer5_Site1
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
redistribute bgp 1 metric transparent network 172.10.0.0 distribute-list 20 in no auto-summary exit-address-family ! router bgp 1 no synchronization bgp log-neighbor-changes neighbor 4.4.4.4 remote-as 1 neighbor 4.4.4.4 update-source Loopback0 neighbor 5.5.5.5 remote-as 1 neighbor 5.5.5.5 update-source Loopback0 neighbor 7.7.7.7 remote-as 1 neighbor 7.7.7.7 update-source Loopback0 neighbor 8.8.8.8 remote-as 1 neighbor 8.8.8.8 update-source Loopback0 neighbor 9.9.9.9 remote-as 1 neighbor 9.9.9.9 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 4.4.4.4 activate neighbor 4.4.4.4 send-community both neighbor 5.5.5.5 activate neighbor 5.5.5.5 send-community both neighbor 7.7.7.7 activate neighbor 7.7.7.7 send-community both neighbor 8.8.8.8 activate neighbor 8.8.8.8 send-community both neighbor 9.9.9.9 activate neighbor 9.9.9.9 send-community both exit-address-family ! address-family ipv4 vrf Customer5_Site1 redistribute connected redistribute rip no synchronization exit-address-family ! address-family ipv4 vrf Customer1_Site2 redistribute connected redistribute ospf 100 vrf Customer1_Site2 match internal external 1 external 2 no synchronization exit-address-family ! ip forward-protocol nd ip http server
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 1000 ! logging alarm informational ! mpls ldp router-id Loopback0 ! control-plane ! gatekeeper shutdown ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 ! end PE3#
Details: PE4 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400) Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 10.10.60.1 YES NVRAM up up FastEthernet1/0 unassigned YES NVRAM administratively down down FastEthernet1/1 unassigned YES NVRAM administratively down down GigabitEthernet2/0 10.10.102.2 YES NVRAM up up GigabitEthernet3/0 unassigned YES NVRAM administratively down down GigabitEthernet4/0 unassigned YES NVRAM administratively down down Serial5/0 172.10.40.2 YES NVRAM up down Serial5/1 172.10.100.2 YES NVRAM up down Serial5/2 unassigned YES NVRAM administratively down down Serial5/3 unassigned YES NVRAM administratively down down SSLVPN-VIF0 unassigned NO unset up up Loopback0 7.7.7.7 YES NVRAM up up
PE4#show running-config Building configuration... Current configuration : 5969 bytes
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname PE4 ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 $1$IPqX$YBoudhBEhD4NvQ9McbTZ3/ ! aaa new-model ! aaa authentication login default local aaa authentication enable default enable aaa authorization console aaa authorization exec default local if-authenticated aaa authorization commands 15 default local if-authenticated ! aaa session-id common ip source-route ip cef ! no ip domain lookup ip vrf Customer2_Site2 rd 200:1 route-target export 1:200 route-target import 1:200 ! ip vrf Customer4_Site1 rd 400:1 route-target export 1:400 route-target import 1:400 ! no ipv6 cef ! multilink bundle-name authenticated mpls label protocol ldp ! ! ! ! ! !
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
speed 1000 media-type gbic negotiation auto mpls ip ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet2/0 description Connected to P3 ip address 10.10.102.2 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point negotiation auto mpls ip ! interface GigabitEthernet3/0 no ip address shutdown negotiation auto ! interface GigabitEthernet4/0 no ip address shutdown negotiation auto ! interface Serial5/0 description Connected to Customer2_Site2 ip vrf forwarding Customer2_Site2 ip address 172.10.40.2 255.255.255.252 serial restart-delay 0 ! interface Serial5/1 description Connected to Customer4_Site1 ip vrf forwarding Customer4_Site1 ip address 172.10.100.2 255.255.255.252 serial restart-delay 0 ! interface Serial5/2
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
no ip address shutdown serial restart-delay 0 ! interface Serial5/3 no ip address shutdown serial restart-delay 0 ! router ospf 1 log-adjacency-changes area 0 authentication message-digest network 7.7.7.0 0.0.0.255 area 0 network 10.10.60.0 0.0.0.255 area 0 network 10.10.102.0 0.0.0.255 area 0 network 0.0.0.0 255.255.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes neighbor 4.4.4.4 remote-as 1 neighbor 4.4.4.4 update-source Loopback0 neighbor 5.5.5.5 remote-as 1 neighbor 5.5.5.5 update-source Loopback0 neighbor 6.6.6.6 remote-as 1 neighbor 6.6.6.6 update-source Loopback0 neighbor 8.8.8.8 remote-as 1 neighbor 8.8.8.8 update-source Loopback0 neighbor 9.9.9.9 remote-as 1 neighbor 9.9.9.9 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 4.4.4.4 activate neighbor 4.4.4.4 send-community both neighbor 5.5.5.5 activate neighbor 5.5.5.5 send-community both neighbor 6.6.6.6 activate neighbor 6.6.6.6 send-community both neighbor 8.8.8.8 activate neighbor 8.8.8.8 send-community both neighbor 9.9.9.9 activate neighbor 9.9.9.9 send-community both exit-address-family ! address-family ipv4 vrf Customer4_Site1 redistribute connected redistribute static
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
no synchronization exit-address-family ! address-family ipv4 vrf Customer2_Site2 redistribute connected neighbor 172.10.40.1 remote-as 65000 neighbor 172.10.40.1 activate neighbor 172.10.40.1 as-override neighbor 172.10.40.1 advertisement-interval 5 no synchronization exit-address-family ! ip forward-protocol nd ip route vrf Customer4_Site1 55.55.55.55 255.255.255.255 Serial5/1 172.10.100.1 3 ip route vrf Customer4_Site1 172.10.100.0 255.255.255.252 Serial5/1 172.10.100.1 3 ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 1000 ! logging alarm informational ! mpls ldp router-id Loopback0 ! control-plane ! gatekeeper shutdown ! ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 ! end PE4#
Details: PE5 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400)
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 10.10.70.1 YES NVRAM up up FastEthernet1/0 unassigned YES NVRAM administratively down down FastEthernet1/1 unassigned YES NVRAM administratively down down GigabitEthernet2/0 10.10.101.2 YES NVRAM up up GigabitEthernet3/0 unassigned YES NVRAM administratively down down GigabitEthernet4/0 unassigned YES NVRAM administratively down down Serial5/0 172.10.110.2 YES NVRAM up down Serial5/1 unassigned YES NVRAM administratively down down Serial5/2 unassigned YES NVRAM administratively down down Serial5/3 unassigned YES NVRAM administratively down down SSLVPN-VIF0 unassigned NO unset up up Loopback0 8.8.8.8 YES NVRAM up up
PE5#show running-config Building configuration... Current configuration : 5483 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname PE5 ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 $1$.D25$Keymcc9BQAVlsbC4PN/EN. ! aaa new-model ! ! aaa authentication login default local aaa authentication enable default enable aaa authorization console aaa authorization exec default local if-authenticated aaa authorization commands 15 default local if-authenticated ! ! aaa session-id common ip source-route ip cef !
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
! interface Ethernet0/0 no ip address shutdown duplex auto ! interface GigabitEthernet0/0 description Connected to P3 ip address 10.10.70.1 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point duplex full speed 1000 media-type gbic negotiation auto mpls ip ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet2/0 description Connected to P2 ip address 10.10.101.2 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point negotiation auto mpls ip ! interface GigabitEthernet3/0 no ip address shutdown negotiation auto ! interface GigabitEthernet4/0 no ip address shutdown negotiation auto ! interface Serial5/0
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
description Connected to Customer4_Site2 ip vrf forwarding Customer4_Site2 ip address 172.10.110.2 255.255.255.252 serial restart-delay 0 ! interface Serial5/1 no ip address shutdown serial restart-delay 0 ! interface Serial5/2 no ip address shutdown serial restart-delay 0 ! interface Serial5/3 no ip address shutdown serial restart-delay 0 ! router ospf 1 log-adjacency-changes area 0 authentication message-digest network 8.8.8.0 0.0.0.255 area 0 network 10.10.70.0 0.0.0.255 area 0 network 10.10.101.0 0.0.0.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes neighbor 4.4.4.4 remote-as 1 neighbor 4.4.4.4 update-source Loopback0 neighbor 5.5.5.5 remote-as 1 neighbor 5.5.5.5 update-source Loopback0 neighbor 6.6.6.6 remote-as 1 neighbor 6.6.6.6 update-source Loopback0 neighbor 7.7.7.7 remote-as 1 neighbor 7.7.7.7 update-source Loopback0 neighbor 9.9.9.9 remote-as 1 neighbor 9.9.9.9 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 4.4.4.4 activate neighbor 4.4.4.4 send-community both neighbor 5.5.5.5 activate neighbor 5.5.5.5 send-community both neighbor 6.6.6.6 activate
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
neighbor 6.6.6.6 send-community both neighbor 7.7.7.7 activate neighbor 7.7.7.7 send-community both neighbor 9.9.9.9 activate neighbor 9.9.9.9 send-community both exit-address-family ! address-family ipv4 vrf Customer4_Site2 redistribute connected redistribute static no synchronization exit-address-family ! ip forward-protocol nd ip route vrf Customer4_Site2 66.66.66.66 255.255.255.255 Serial5/0 172.10.110.1 3 ip route vrf Customer4_Site2 172.10.110.0 255.255.255.252 Serial5/0 172.10.110.1 3 ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 1000 ! logging alarm informational ! ! mpls ldp router-id Loopback0 ! control-plane ! gatekeeper shutdown ! ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 ! end PE5#
Details: PE6 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400)
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 10.10.80.1 YES NVRAM up up FastEthernet1/0 unassigned YES NVRAM administratively down down FastEthernet1/1 unassigned YES NVRAM administratively down down GigabitEthernet2/0 10.10.104.2 YES NVRAM up up GigabitEthernet3/0 unassigned YES NVRAM administratively down down GigabitEthernet4/0 unassigned YES NVRAM administratively down down Serial5/0 172.10.60.2 YES NVRAM up down Serial5/1 172.10.80.2 YES NVRAM up down Serial5/2 unassigned YES NVRAM administratively down down Serial5/3 unassigned YES NVRAM administratively down down SSLVPN-VIF0 unassigned NO unset up up Loopback0 9.9.9.9 YES NVRAM up up
PE6#show running-config Building configuration... Current configuration : 6066 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname PE6 ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 $1$QrkO$Kf65QUsRKnoHUzX40WuEC. ! aaa new-model ! ! aaa authentication login default local aaa authentication enable default enable aaa authorization console aaa authorization exec default local if-authenticated aaa authorization commands 15 default local if-authenticated ! ! aaa session-id common ip source-route ip cef !
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
username waqas privilege 15 secret 5 $1$F8Z7$6kkRJeSULFxPK/oO/He3M1 archive log config hidekeys ! ! interface Loopback0 ip address 9.9.9.9 255.255.255.0 ip ospf network point-to-point ! interface Ethernet0/0 no ip address shutdown duplex auto ! interface GigabitEthernet0/0 description Connected to P3 ip address 10.10.80.1 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point duplex full speed 1000 media-type gbic negotiation auto mpls ip ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet2/0 description Connected to P1-Backup Link ip address 10.10.104.2 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point negotiation auto mpls ip ! interface GigabitEthernet3/0 no ip address
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
shutdown negotiation auto ! interface GigabitEthernet4/0 no ip address shutdown negotiation auto ! interface Serial5/0 description Connected to Customer3_Site2 ip vrf forwarding Customer3_Site2 ip address 172.10.60.2 255.255.255.252 serial restart-delay 0 ! interface Serial5/1 description Conected to Customer5_Site2 ip vrf forwarding Customer5_Site2 ip address 172.10.80.2 255.255.255.252 serial restart-delay 0 ! interface Serial5/2 no ip address shutdown serial restart-delay 0 ! interface Serial5/3 no ip address shutdown serial restart-delay 0 ! router eigrp 100 auto-summary ! address-family ipv4 vrf Customer3_Site2 redistribute bgp 1 metric 10000 300 255 200 1500 network 38.0.0.0 network 172.10.0.0 no auto-summary autonomous-system 100 exit-address-family ! router ospf 1 log-adjacency-changes area 0 authentication message-digest network 9.9.9.0 0.0.0.255 area 0 network 10.10.80.0 0.0.0.255 area 0 network 10.10.104.0 0.0.0.255 area 0 !
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
exit-address-family ! ip forward-protocol nd ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 1000 ! logging alarm informational ! mpls ldp router-id Loopback0 ! control-plane ! gatekeeper shutdown ! ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 ! end PE6#
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
Details: Hostname: Customer1_Site1 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400) Connected to: PE1 Cryptography: ISAKMP-SA: IPSec -Site to Site VPN Routing Protocol: OSPF Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 101.101.101.101YES NVRAM up up FastEthernet1/0 unassigned YES NVRAM administratively down down FastEthernet1/1 unassigned YES NVRAM administratively down down Serial2/0 172.10.10.1 YES NVRAM up up Serial2/1 unassigned YES NVRAM administratively down down Serial2/2 unassigned YES NVRAM administratively down down Serial2/3 unassigned YES NVRAM administratively down down SSLVPN-VIF0 unassigned NO unset up up
Customer1_Site1#show crypto isakmp sa IPv4 Crypto ISAKMP SA dst src state conn-id slot status 172.10.20.1 172.10.10.1 QM_IDLE 1001 0 ACTIVE
Customer1_Site1#show crypto session Crypto session current status Interface: Serial2/0 Session status: UP-ACTIVE Peer: 172.10.20.1 port 500 IKE SA: local 172.10.10.1/500 remote 172.10.20.1/500 Active IPSEC FLOW: permit ip 101.101.101.0/255.255.255.0 102.102.102.0/255.255.255.0 Active SAs: 2, origin: crypto map Customer1_Site1#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
102.0.0.0/24 is subnetted, 1 subnets O IA 102.102.102.0 [110/129] via 172.10.10.2, 00:16:00, Serial2/0 101.0.0.0/24 is subnetted, 1 subnets C 101.101.101.0 is directly connected, GigabitEthernet0/0 172.10.0.0/30 is subnetted, 2 subnets C 172.10.10.0 is directly connected, Serial2/0 O IA 172.10.20.0 [110/65] via 172.10.10.2, 00:16:15, Serial2/0
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
Customer1_Site1#show running-config Building configuration... Current configuration : 4013 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Customer1_Site1 ! boot-start-marker boot-end-marker ! logging message-counter syslog ! no aaa new-model ip source-route ip cef ! ! ! ! ! ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated mpls label protocol ldp ! crypto pki trustpoint TP-self-signed-4279256517 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-4279256517 revocation-check none rsakeypair TP-self-signed-4279256517 ! ! crypto pki certificate chain TP-self-signed-4279256517 certificate self-signed 01 30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 34323739 32353635 3137301E 170D3133 31313136 31373536 34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32373932 35363531 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
interface Ethernet0/0 no ip address shutdown duplex auto ! interface GigabitEthernet0/0 ip address 101.101.101.101 255.255.255.0 ip ospf network point-to-point duplex full speed 1000 media-type gbic negotiation auto ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! interface Serial2/0 description Connected to ISP-PE1 ip address 172.10.10.1 255.255.255.252 serial restart-delay 0 crypto map CMAP ! interface Serial2/1 no ip address shutdown serial restart-delay 0 ! interface Serial2/2 no ip address shutdown serial restart-delay 0 ! interface Serial2/3 no ip address shutdown serial restart-delay 0 ! router ospf 100 log-adjacency-changes
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
network 101.101.101.0 0.0.0.255 area 1 network 172.10.10.0 0.0.0.255 area 1 ! ip forward-protocol nd ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 10000 ! logging alarm informational access-list 101 permit ip 101.101.101.0 0.0.0.255 102.102.102.0 0.0.0.255 ! control-plane ! gatekeeper shutdown ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 privilege level 15 login local transport input telnet ssh line vty 5 15 privilege level 15 login local transport input telnet ssh ! ! ! ! ! end
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
Details: Hostname: Customer1_Site2 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400) Connected to: PE3 Cryptography: ISAKMP-SA: IPSec -Site to Site VPN Routing Protocol: OSPF Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 102.102.102.102 YES NVRAM up up FastEthernet1/0 unassigned YES NVRAM administratively down down FastEthernet1/1 unassigned YES NVRAM administratively down down Serial2/0 172.10.20.1 YES NVRAM up up Serial2/1 unassigned YES NVRAM administratively down down Serial2/2 unassigned YES NVRAM administratively down down Serial2/3 unassigned YES NVRAM administratively down down SSLVPN-VIF0 unassigned NO unset up up Customer1_Site2#show crypto session Crypto session current status Interface: Serial2/0 Session status: UP-ACTIVE Peer: 172.10.10.1 port 500 IKE SA: local 172.10.20.1/500 remote 172.10.10.1/500 Active IPSEC FLOW: permit ip 102.102.102.0/255.255.255.0 101.101.101.0/255.255.255.0 Active SAs: 2, origin: crypto map Customer1_Site2#show running-config Building configuration... Current configuration : 3979 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Customer1_Site2 ! boot-start-marker boot-end-marker ! logging message-counter syslog ! no aaa new-model ip source-route
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
crypto ipsec security-association lifetime seconds 1800 ! crypto ipsec transform-set 50 esp-aes 256 esp-sha-hmac ! crypto map CMAP 10 ipsec-isakmp set peer 172.10.10.1 set security-association lifetime seconds 900 set transform-set 50 set pfs group5 match address 101 ! interface Ethernet0/0 no ip address shutdown duplex auto ! interface GigabitEthernet0/0 ip address 102.102.102.102 255.255.255.0 ip ospf network point-to-point duplex full speed 1000 media-type gbic negotiation auto ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! interface Serial2/0 ip address 172.10.20.1 255.255.255.252 serial restart-delay 0 crypto map CMAP ! interface Serial2/1 no ip address shutdown serial restart-delay 0 ! interface Serial2/2 no ip address
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
shutdown serial restart-delay 0 ! interface Serial2/3 no ip address shutdown serial restart-delay 0 ! router ospf 100 log-adjacency-changes network 102.102.102.0 0.0.0.255 area 1 network 172.10.20.0 0.0.0.255 area 1 ! ip forward-protocol nd ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 10000 ! logging alarm informational access-list 101 permit ip 102.102.102.0 0.0.0.255 101.101.101.0 0.0.0.255 ! control-plane ! gatekeeper shutdown ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 privilege level 15 login local transport input telnet ssh line vty 5 15 privilege level 15 login local transport input telnet ssh ! end Customer1_Site2#
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
Details: Hostname: Customer2_Site1 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400) Connected to: PE2 Cryptography: ISAKMP-SA: IPSec -Site to Site VPN Routing Protocol: BGP Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 105.105.105.105 YES NVRAM up up FastEthernet1/0 10.10.10.20 YES NVRAM up up FastEthernet1/1 unassigned YES NVRAM administratively down down Serial2/0 172.10.30.1 YES NVRAM up up Serial2/1 unassigned YES NVRAM administratively down down Serial2/2 unassigned YES NVRAM administratively down down Serial2/3 unassigned YES NVRAM administratively down down SSLVPN-VIF0 unassigned NO unset up up Loopback0 unassigned YES NVRAM administratively down down
Customer2_Site1#show crypto session Crypto session current status Interface: Serial2/0 Session status: UP-ACTIVE Peer: 172.10.40.1 port 500 IKE SA: local 172.10.30.1/500 remote 172.10.40.1/500 Active IPSEC FLOW: permit ip 105.105.105.0/255.255.255.0 106.106.106.0/255.255.255.0 Active SAs: 2, origin: crypto map Customer2_Site1#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set
172.10.0.0/30 is subnetted, 2 subnets B 172.10.40.0 [20/0] via 172.10.30.2, 00:15:04 C 172.10.30.0 is directly connected, Serial2/0 10.0.0.0/24 is subnetted, 1 subnets C 10.10.10.0 is directly connected, FastEthernet1/0 106.0.0.0/24 is subnetted, 1 subnets B 106.106.106.0 [20/0] via 172.10.30.2, 00:15:04 105.0.0.0/24 is subnetted, 1 subnets C 105.105.105.0 is directly connected, GigabitEthernet0/0
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
Customer2_Site1#show running-config Building configuration... Current configuration : 4250 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Customer2_Site1 ! boot-start-marker boot-end-marker ! logging message-counter syslog ! no aaa new-model ip source-route ip cef ! ! ! ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated mpls label protocol ldp ! ! ! ! ! ! ! ! ! ! ! ! ! ! crypto pki trustpoint TP-self-signed-4279256517 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-4279256517 revocation-check none
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
! ! ! ! ! ! ! interface Loopback0 no ip address ip ospf network point-to-point shutdown ! interface Ethernet0/0 no ip address shutdown duplex auto ! interface GigabitEthernet0/0 ip address 105.105.105.105 255.255.255.0 duplex full speed 1000 media-type gbic negotiation auto ! interface FastEthernet1/0 ip address 10.10.10.20 255.255.255.0 duplex auto speed auto ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! interface Serial2/0 description Connected to ISP-PE2 ip address 172.10.30.1 255.255.255.252 serial restart-delay 0 crypto map CMAP ! interface Serial2/1 no ip address shutdown serial restart-delay 0 ! interface Serial2/2 no ip address
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
shutdown serial restart-delay 0 ! interface Serial2/3 no ip address shutdown serial restart-delay 0 ! router bgp 65000 bgp log-neighbor-changes neighbor 172.10.30.2 remote-as 1 ! address-family ipv4 redistribute connected neighbor 172.10.30.2 activate neighbor 172.10.30.2 advertisement-interval 5 no auto-summary no synchronization exit-address-family ! ip forward-protocol nd ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 1000 ! ! ! logging alarm informational access-list 101 permit ip 105.105.105.0 0.0.0.255 106.106.106.0 0.0.0.255 ! ! ! ! ! ! mpls ldp router-id Loopback0 ! control-plane ! ! ! ! gatekeeper shutdown ! ! line con 0
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 privilege level 15 login local transport input telnet ssh line vty 5 15 privilege level 15 login local transport input telnet ssh ! end Customer2_Site1#
Details: Hostname: Customer2_Site2 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400) Connected to: PE4 Cryptography: ISAKMP-SA: IPSec -Site to Site VPN Routing Protocol: BGP Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 106.106.106.106 YES NVRAM up up FastEthernet1/0 unassigned YES NVRAM administratively down down FastEthernet1/1 unassigned YES NVRAM administratively down down Serial2/0 172.10.40.1 YES NVRAM up up Serial2/1 unassigned YES NVRAM administratively down down Serial2/2 unassigned YES NVRAM administratively down down Serial2/3 unassigned YES NVRAM administratively down down GigabitEthernet3/0 unassigned YES NVRAM administratively down down SSLVPN-VIF0 unassigned NO unset up up Loopback0 unassigned YES NVRAM administratively down down
Customer2_Site2#show crypto session Crypto session current status Interface: Serial2/0 Session status: UP-ACTIVE Peer: 172.10.30.1 port 500 IKE SA: local 172.10.40.1/500 remote 172.10.30.1/500 Active IPSEC FLOW: permit ip 106.106.106.0/255.255.255.0 105.105.105.0/255.255.255.0 Active SAs: 2, origin: crypto map
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
Customer2_Site2#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 172.10.0.0/30 is subnetted, 2 subnets C 172.10.40.0 is directly connected, Serial2/0 B 172.10.30.0 [20/0] via 172.10.40.2, 00:16:58 10.0.0.0/24 is subnetted, 1 subnets B 10.10.10.0 [20/0] via 172.10.40.2, 00:16:58 106.0.0.0/24 is subnetted, 1 subnets C 106.106.106.0 is directly connected, GigabitEthernet0/0 105.0.0.0/24 is subnetted, 1 subnets B 105.105.105.0 [20/0] via 172.10.40.2, 00:16:58 Customer2_Site2#show running-config Building configuration... Current configuration : 2376 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Customer2_Site2 ! boot-start-marker boot-end-marker ! logging message-counter syslog ! no aaa new-model ip source-route ip cef ! ! ! ! no ip domain lookup
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
no ipv6 cef ! multilink bundle-name authenticated mpls label protocol ldp ! ! ! ! ! ! ! ! ! ! ! ! archive log config hidekeys ! ! crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 lifetime 3600 crypto isakmp key linux123 address 172.10.30.1 ! crypto ipsec security-association lifetime seconds 1800 ! crypto ipsec transform-set 50 esp-aes 256 esp-sha-hmac ! crypto map CMAP 10 ipsec-isakmp set peer 172.10.30.1 set security-association lifetime seconds 900 set transform-set 50 set pfs group5 match address 101 ! ! interface Loopback0 no ip address ip ospf network point-to-point shutdown ! interface Ethernet0/0 no ip address shutdown
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
duplex auto ! interface GigabitEthernet0/0 ip address 106.106.106.106 255.255.255.0 duplex full speed 1000 media-type gbic negotiation auto ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! interface Serial2/0 description Connected to ISP-PE4 ip address 172.10.40.1 255.255.255.252 serial restart-delay 0 crypto map CMAP ! interface Serial2/1 no ip address shutdown serial restart-delay 0 ! interface Serial2/2 no ip address shutdown serial restart-delay 0 ! interface Serial2/3 no ip address shutdown serial restart-delay 0 ! interface GigabitEthernet3/0 no ip address shutdown negotiation auto ! router bgp 65000
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
bgp log-neighbor-changes neighbor 172.10.40.2 remote-as 1 ! address-family ipv4 redistribute connected neighbor 172.10.40.2 activate neighbor 172.10.40.2 advertisement-interval 5 no auto-summary no synchronization exit-address-family ! ip forward-protocol nd no ip http server no ip http secure-server ! logging alarm informational access-list 101 permit ip 106.106.106.0 0.0.0.255 105.105.105.0 0.0.0.255 ! mpls ldp router-id Loopback0 ! control-plane ! gatekeeper shutdown ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 login ! end Customer2_Site2#
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
Details: Hostname: Customer3_Site1 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400) Connected to: PE1 Cryptography: ISAKMP-SA: IPSec -Site to Site VPN Routing Protocol: EIGRP Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 unassigned YES NVRAM administratively down down FastEthernet1/0 unassigned YES NVRAM administratively down down FastEthernet1/1 unassigned YES NVRAM administratively down down Serial2/0 172.10.50.1 YES NVRAM up up Serial2/1 unassigned YES NVRAM administratively down down Serial2/2 unassigned YES NVRAM administratively down down Serial2/3 unassigned YES NVRAM administratively down down SSLVPN-VIF0 unassigned NO unset up up Loopback0 108.108.108.108 YES NVRAM up up
Customer3_Site1#show crypto session Crypto session current status Interface: Serial2/0 Session status: UP-ACTIVE Peer: 172.10.60.1 port 500 IKE SA: local 172.10.50.1/500 remote 172.10.60.1/500 Active IPSEC FLOW: permit ip 108.108.108.0/255.255.255.0 38.38.38.0/255.255.255.0 Active SAs: 2, origin: crypto map Customer3_Site1#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 38.0.0.0/24 is subnetted, 1 subnets D 38.38.38.0 [90/2809856] via 172.10.50.2, 00:05:46, Serial2/0 172.10.0.0/30 is subnetted, 2 subnets C 172.10.50.0 is directly connected, Serial2/0 D 172.10.60.0 [90/2681856] via 172.10.50.2, 00:05:46, Serial2/0 108.0.0.0/24 is subnetted, 1 subnets C 108.108.108.0 is directly connected, Loopback0
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
Customer3_Site1#show running-config Building configuration... Current configuration : 2246 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Customer3_Site1 ! boot-start-marker boot-end-marker ! logging message-counter syslog ! aaa new-model ! ! aaa authentication login default local ! aaa session-id common ip source-route ip cef ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated mpls label protocol ldp ! username waqas password 0 cisco archive log config hidekeys ! ! crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 lifetime 3600 crypto isakmp key technology111 address 172.10.60.1 ! crypto ipsec security-association lifetime seconds 1800 !
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
crypto ipsec transform-set 50 esp-aes 256 esp-sha-hmac ! crypto map CMAP 10 ipsec-isakmp set peer 172.10.60.1 set security-association lifetime seconds 900 set transform-set 50 set pfs group5 match address 101 ! interface Loopback0 ip address 108.108.108.108 255.255.255.0 ip ospf network point-to-point ! interface Ethernet0/0 no ip address shutdown duplex auto ! interface GigabitEthernet0/0 no ip address shutdown duplex full speed 1000 media-type gbic negotiation auto ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! interface Serial2/0 description Connected to ISP-PE1 ip address 172.10.50.1 255.255.255.252 serial restart-delay 0 crypto map CMAP ! interface Serial2/1 no ip address shutdown serial restart-delay 0
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
! interface Serial2/2 no ip address shutdown serial restart-delay 0 ! interface Serial2/3 no ip address shutdown serial restart-delay 0 ! router eigrp 100 network 108.0.0.0 network 172.10.0.0 no auto-summary ! ip forward-protocol nd no ip http server no ip http secure-server ! logging alarm informational access-list 101 permit ip 108.108.108.0 0.0.0.255 38.38.38.0 0.0.0.255 ! mpls ldp router-id Loopback0 ! control-plane ! gatekeeper shutdown ! line con 0 exec-timeout 0 0 password cisco logging synchronous login authentication local stopbits 1 line aux 0 stopbits 1 line vty 0 4 ! end Customer3_Site1#
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
Details: Hostname: Customer3_Site2 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400) Connected to: PE6 Cryptography: ISAKMP-SA: IPSec -Site to Site VPN Routing Protocol: EIGRP Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 unassigned YES NVRAM administratively down down FastEthernet1/0 unassigned YES NVRAM administratively down down FastEthernet1/1 unassigned YES NVRAM administratively down down Serial2/0 172.10.60.1 YES NVRAM up up Serial2/1 unassigned YES NVRAM administratively down down Serial2/2 unassigned YES NVRAM administratively down down Serial2/3 unassigned YES NVRAM administratively down down SSLVPN-VIF0 unassigned NO unset up up Loopback0 38.38.38.38 YES NVRAM up up
Customer3_Site2#show crypto session Crypto session current status Interface: Serial2/0 Session status: UP-ACTIVE Peer: 172.10.50.1 port 500 IKE SA: local 172.10.60.1/500 remote 172.10.50.1/500 Active IPSEC FLOW: permit ip 38.38.38.0/255.255.255.0 108.108.108.0/255.255.255.0 Active SAs: 2, origin: crypto map Customer3_Site2#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 38.0.0.0/24 is subnetted, 1 subnets C 38.38.38.0 is directly connected, Loopback0 172.10.0.0/30 is subnetted, 2 subnets D 172.10.50.0 [90/2681856] via 172.10.60.2, 00:09:39, Serial2/0 C 172.10.60.0 is directly connected, Serial2/0 108.0.0.0/24 is subnetted, 1 subnets D 108.108.108.0 [90/2809856] via 172.10.60.2, 00:09:39, Serial2/0
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
Customer3_Site2#show running-config Building configuration... Current configuration : 2106 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Customer3_Site2 ! boot-start-marker boot-end-marker ! logging message-counter syslog ! no aaa new-model ip source-route ip cef ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated mpls label protocol ldp ! archive log config hidekeys ! ! crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 lifetime 3600 crypto isakmp key technology111 address 172.10.50.1 ! crypto ipsec security-association lifetime seconds 1800 ! crypto ipsec transform-set 50 esp-aes 256 esp-sha-hmac ! crypto map CMAP 10 ipsec-isakmp set peer 172.10.50.1 set security-association lifetime seconds 900 set transform-set 50
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
set pfs group5 match address 101 ! interface Loopback0 ip address 38.38.38.38 255.255.255.0 ip ospf network point-to-point ! interface Ethernet0/0 no ip address shutdown duplex auto ! interface GigabitEthernet0/0 no ip address shutdown duplex full speed 1000 media-type gbic negotiation auto ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! interface Serial2/0 description Connected to ISP-PE6 ip address 172.10.60.1 255.255.255.252 serial restart-delay 0 crypto map CMAP ! interface Serial2/1 no ip address shutdown serial restart-delay 0 ! interface Serial2/2 no ip address shutdown serial restart-delay 0 !
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
interface Serial2/3 no ip address shutdown serial restart-delay 0 ! router eigrp 100 network 38.0.0.0 network 172.10.0.0 no auto-summary ! ip forward-protocol nd no ip http server no ip http secure-server ! logging alarm informational access-list 101 permit ip 38.38.38.0 0.0.0.255 108.108.108.0 0.0.0.255 ! mpls ldp router-id Loopback0 ! control-plane ! gatekeeper shutdown ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 login ! end Customer3_Site2#
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
Details: Hostname: Customer4_Site1 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400) Connected to: PE4 Cryptography: ISAKMP-SA: IPSec -Site to Site VPN Routing Protocol: Static Route Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 unassigned YES NVRAM administratively down down FastEthernet1/0 unassigned YES NVRAM administratively down down FastEthernet1/1 unassigned YES NVRAM administratively down down Serial2/0 172.10.100.1 YES NVRAM up up Serial2/1 unassigned YES NVRAM administratively down down Serial2/2 unassigned YES NVRAM administratively down down Serial2/3 unassigned YES NVRAM administratively down down SSLVPN-VIF0 unassigned NO unset up up Loopback0 55.55.55.55 YES NVRAM up up
Customer4_Site1#show crypto session Crypto session current status Interface: Serial2/0 Session status: UP-ACTIVE Peer: 172.10.110.1 port 500 IKE SA: local 172.10.100.1/500 remote 172.10.110.1/500 Active IPSEC FLOW: permit ip 55.55.55.0/255.255.255.0 66.66.66.0/255.255.255.0 Active SAs: 2, origin: crypto map Customer4_Site1#show running-config Building configuration... Current configuration : 4161 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Customer4_Site1 ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 $1$fa8R$L9ulv/zldcPAu11DGqMUF0 ! aaa new-model !
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
! crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 lifetime 3600 crypto isakmp key cisco123 address 172.10.110.1 ! crypto ipsec security-association lifetime seconds 1800 ! crypto ipsec transform-set 50 esp-aes 256 esp-sha-hmac ! crypto map CMAP 10 ipsec-isakmp set peer 172.10.110.1 set security-association lifetime seconds 900 set transform-set 50 set pfs group5 match address 101 ! interface Loopback0 ip address 55.55.55.55 255.255.255.0 ip ospf network point-to-point ! interface Ethernet0/0 no ip address shutdown duplex auto ! interface GigabitEthernet0/0 no ip address shutdown duplex full speed 1000 media-type gbic negotiation auto ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto !
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
interface Serial2/0 description Connected to ISP-PE4 ip address 172.10.100.1 255.255.255.252 serial restart-delay 0 crypto map CMAP ! interface Serial2/1 no ip address shutdown serial restart-delay 0 ! interface Serial2/2 no ip address shutdown serial restart-delay 0 ! interface Serial2/3 no ip address shutdown serial restart-delay 0 ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 172.10.100.2 ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 1000 ! logging alarm informational access-list 101 permit ip 55.55.55.0 0.0.0.255 66.66.66.0 0.0.0.255 ! mpls ldp router-id Loopback0 ! control-plane ! gatekeeper shutdown ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 ! end Customer4_Site1#
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
Details: Hostname: Customer4_Site2 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400) Connected to: PE5 Cryptography: ISAKMP-SA: IPSec -Site to Site VPN Routing Protocol: Static Route Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 unassigned YES NVRAM administratively down down FastEthernet1/0 unassigned YES NVRAM administratively down down FastEthernet1/1 unassigned YES NVRAM administratively down down Serial2/0 172.10.110.1 YES NVRAM up up Serial2/1 unassigned YES NVRAM administratively down down Serial2/2 unassigned YES NVRAM administratively down down Serial2/3 unassigned YES NVRAM administratively down down SSLVPN-VIF0 unassigned NO unset up up Loopback0 66.66.66.66 YES NVRAM up up
Customer4_Site2#show crypto session Crypto session current status Interface: Serial2/0 Session status: UP-ACTIVE Peer: 172.10.100.1 port 500 IKE SA: local 172.10.110.1/500 remote 172.10.100.1/500 Active IPSEC FLOW: permit ip 66.66.66.0/255.255.255.0 55.55.55.0/255.255.255.0 Active SAs: 2, origin: crypto map Customer4_Site2#show running-config Building configuration... Current configuration : 4161 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Customer4_Site2 ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 $1$.cOD$76pyQ37vIlKH1IMbILOF3/ ! aaa new-model !
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
! crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 lifetime 3600 crypto isakmp key cisco123 address 172.10.100.1 ! crypto ipsec security-association lifetime seconds 1800 ! crypto ipsec transform-set 50 esp-aes 256 esp-sha-hmac ! crypto map CMAP 10 ipsec-isakmp set peer 172.10.100.1 set security-association lifetime seconds 900 set transform-set 50 set pfs group5 match address 101 ! interface Loopback0 ip address 66.66.66.66 255.255.255.0 ip ospf network point-to-point ! interface Ethernet0/0 no ip address shutdown duplex auto ! interface GigabitEthernet0/0 no ip address shutdown duplex full speed 1000 media-type gbic negotiation auto ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto !
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
interface Serial2/0 description Connected to ISP-PE5 ip address 172.10.110.1 255.255.255.252 serial restart-delay 0 crypto map CMAP ! interface Serial2/1 no ip address shutdown serial restart-delay 0 ! interface Serial2/2 no ip address shutdown serial restart-delay 0 ! interface Serial2/3 no ip address shutdown serial restart-delay 0 ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 172.10.110.2 ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 1000 ! logging alarm informational access-list 101 permit ip 66.66.66.0 0.0.0.255 55.55.55.0 0.0.0.255 ! mpls ldp router-id Loopback0 ! control-plane ! gatekeeper shutdown ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 ! end Customer4_Site2#
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
Details: Hostname: Customer5_Site1 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400) Connected to: PE3 Cryptography: ISAKMP-SA: IPSec -Site to Site VPN Routing Protocol: RIP Version 2 Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 40.40.40.40 YES NVRAM up up GigabitEthernet1/0 unassigned YES NVRAM administratively down down Serial2/0 172.10.70.1 YES NVRAM up up Serial2/1 unassigned YES NVRAM administratively down down Serial2/2 unassigned YES NVRAM administratively down down Serial2/3 unassigned YES NVRAM administratively down down SSLVPN-VIF0 unassigned NO unset up up Loopback0 unassigned YES NVRAM administratively down down
Customer5_Site1#show crypto session Crypto session current status Interface: Serial2/0 Session status: UP-ACTIVE Peer: 172.10.80.1 port 500 IKE SA: local 172.10.70.1/500 remote 172.10.80.1/500 Active IPSEC FLOW: permit ip 40.40.40.0/255.255.255.0 41.41.41.0/255.255.255.0 Active SAs: 2, origin: crypto map Customer5_Site1#show running-config Building configuration... Current configuration : 4241 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Customer5_Site1 ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 $1$yti5$4DyRv.Fq2uT4ArW/LOA.p1 ! aaa new-model
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
ip ospf network point-to-point shutdown ! interface Ethernet0/0 no ip address shutdown duplex auto ! interface GigabitEthernet0/0 ip address 40.40.40.40 255.255.255.0 ip rip advertise 20 ip ospf network point-to-point duplex full speed 1000 media-type gbic negotiation auto ! interface GigabitEthernet1/0 no ip address shutdown negotiation auto ! interface Serial2/0 description Connected to ISP-PE3 ip address 172.10.70.1 255.255.255.252 ip rip advertise 20 serial restart-delay 0 crypto map CMAP ! interface Serial2/1 no ip address shutdown serial restart-delay 0 ! interface Serial2/2 no ip address shutdown serial restart-delay 0 ! interface Serial2/3 no ip address shutdown serial restart-delay 0 ! router rip version 2 timers basic 20 40 40 80 redistribute connected
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
network 40.0.0.0 network 172.10.0.0 no auto-summary ! ip forward-protocol nd ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 1000 ! ! ! logging alarm informational access-list 101 permit ip 40.40.40.0 0.0.0.255 41.41.41.0 0.0.0.255 ! ! ! ! ! ! mpls ldp router-id Loopback0 ! control-plane ! ! ! ! ! ! ! gatekeeper shutdown ! ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 ! end Customer5_Site1#
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
Customer 5 – Site 1 Cisco ASA 5520 Appliance Configuration ASA-Site2# show failover Failover On Failover unit Primary Failover LAN Interface: failover GigabitEthernet3 (up) Unit Poll frequency 1 seconds, holdtime 15 seconds Interface Poll frequency 5 seconds, holdtime 25 seconds Interface Policy 1 Monitored Interfaces 3 of 60 maximum Version: Ours 8.4(2), Mate 8.4(2) Last Failover at: 22:27:30 UTC Nov 29 2013 This host: Primary - Active Active time: 391 (sec) Interface outside (41.41.41.42): Normal (Waiting) Interface management (10.10.10.1): Normal (Waiting) Interface inside (0.0.0.0): Normal (Waiting) Interface SubnetTen (137.100.20.1): Normal (Not-Monitored) Interface SubnetTwenty (138.200.40.1): Normal (Not-Monitored) Other host: Secondary - Standby Ready Active time: 0 (sec) Interface outside (0.0.0.0): Normal (Waiting) Interface management (0.0.0.0): Normal (Waiting) Interface inside (0.0.0.0): Normal (Waiting) Interface SubnetTen (0.0.0.0): Normal (Not-Monitored) Interface SubnetTwenty (0.0.0.0): Normal (Not-Monitored) Stateful Failover Logical Update Statistics Link : state GigabitEthernet4 (up) Stateful Obj xmit xerr rcv rerr General 41 0 40 0 sys cmd 40 0 40 0 up time 0 0 0 0 RPC services 0 0 0 0 TCP conn 0 0 0 0 UDP conn 0 0 0 0 ARP tbl 0 0 0 0 Xlate_Timeout 0 0 0 0 IPv6 ND tbl 0 0 0 0 VPN IKEv1 SA 0 0 0 0 VPN IKEv1 P2 0 0 0 0 VPN IKEv2 SA 0 0 0 0 VPN IKEv2 P2 0 0 0 0 VPN CTCP upd 0 0 0 0 VPN SDI upd 0 0 0 0
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
VPN DHCP upd 0 0 0 0 SIP Session 0 0 0 0 Route Session 0 0 0 0 User-Identity 1 0 0 0 Logical Update Queue Information Cur Max Total Recv Q: 0 12 343 Xmit Q: 0 30 423 ASA-Site2# show running-config : Saved : ASA Version 8.4(2) ! hostname ASA-Site2 enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted names ! interface GigabitEthernet0 nameif outside security-level 0 ip address 41.41.41.42 255.255.255.0 ! interface GigabitEthernet1 nameif management security-level 0 ip address 10.10.10.1 255.255.255.0 ! interface GigabitEthernet2 nameif inside security-level 100 no ip address ! interface GigabitEthernet2.10 vlan 10 nameif SubnetTen security-level 100 ip address 137.100.20.1 255.255.255.0 ! interface GigabitEthernet2.20 vlan 20 nameif SubnetTwenty security-level 100 ip address 138.200.40.1 255.255.255.0 !
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
interface GigabitEthernet3 description LAN Failover Interface ! interface GigabitEthernet4 description STATE Failover Interface ! interface GigabitEthernet5 shutdown no nameif no security-level no ip address ! ftp mode passive same-security-traffic permit intra-interface object network Remote_Network subnet 198.168.10.0 255.255.255.0 object-group network DM_INLINE_NETWORK_1 network-object 137.100.0.0 255.255.0.0 network-object 138.200.40.0 255.255.255.0 access-list outside_cryptomap extended permit ip object-group DM_INLINE_NETWORK_1 object Remote_Network access-list outside_cryptomap extended permit ip 137.100.0.0 255.255.255.0 object Remote_Network pager lines 24 logging enable logging asdm informational mtu outside 1500 mtu management 1500 mtu inside 1500 mtu SubnetTen 1500 mtu SubnetTwenty 1500 failover failover lan unit primary failover lan interface failover GigabitEthernet3 failover key ***** failover link state GigabitEthernet4 failover interface ip failover 172.16.1.1 255.255.255.252 standby 172.16.1.2 failover interface ip state 172.16.2.1 255.255.255.252 standby 172.16.2.2 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-649-103.bin no asdm history enable arp timeout 14400 route outside 0.0.0.0 0.0.0.0 41.41.41.41 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
! policy-map global-policy class class-default user-statistics accounting ! service-policy global-policy global prompt hostname context call-home reporting anonymous call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email [email protected] destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily hpm topN enable crashinfo save disable Cryptochecksum:e3a7f2ef8e58bae0f978f5cb20364b6e : end
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
Details: Hostname: Customer5_Site2 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400) Connected to: PE6 Cryptography: ISAKMP-SA: IPSec -Site to Site VPN Routing Protocol: RIP Version 2 Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 41.41.41.41 YES NVRAM up up GigabitEthernet1/0 unassigned YES NVRAM administratively down down Serial2/0 172.10.80.1 YES NVRAM up up Serial2/1 unassigned YES NVRAM administratively down down Serial2/2 unassigned YES NVRAM administratively down down Serial2/3 unassigned YES NVRAM administratively down down SSLVPN-VIF0 unassigned NO unset up up Loopback0 unassigned YES NVRAM administratively down down
Customer5_Site2#show crypto session Crypto session current status Interface: Serial2/0 Session status: UP-ACTIVE Peer: 172.10.70.1 port 500 IKE SA: local 172.10.80.1/500 remote 172.10.70.1/500 Active IPSEC FLOW: permit ip 41.41.41.0/255.255.255.0 40.40.40.0/255.255.255.0 Active SAs: 2, origin: crypto map Customer5_Site2#show running-config Building configuration... Current configuration : 4241 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Customer5_Site2 ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 $1$MKo/$jnuFWWc2eeFbVWfrCvMxL0 !
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
no ip address ip ospf network point-to-point shutdown ! interface Ethernet0/0 no ip address shutdown duplex auto ! interface GigabitEthernet0/0 ip address 41.41.41.41 255.255.255.0 ip rip advertise 20 ip ospf network point-to-point duplex full speed 1000 media-type gbic negotiation auto ! interface GigabitEthernet1/0 no ip address shutdown negotiation auto ! interface Serial2/0 description Connected to ISP-PE6 ip address 172.10.80.1 255.255.255.252 ip rip advertise 20 serial restart-delay 0 crypto map CMAP ! interface Serial2/1 no ip address shutdown serial restart-delay 0 ! interface Serial2/2 no ip address shutdown serial restart-delay 0 ! interface Serial2/3 no ip address shutdown serial restart-delay 0 ! router rip version 2 timers basic 20 40 40 80
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
redistribute connected network 41.0.0.0 network 172.10.0.0 no auto-summary ! ip forward-protocol nd ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 1000 ! ! ! logging alarm informational access-list 101 permit ip 41.41.41.0 0.0.0.255 40.40.40.0 0.0.0.255 ! ! ! ! ! ! mpls ldp router-id Loopback0 ! control-plane ! ! ! ! ! ! ! gatekeeper shutdown ! ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 ! end Customer5_Site2#
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
Customer 5 – Site 2 Cisco ASA 5520 Appliance Configuration ASA-Site2# show failover Failover On Failover unit Secondary Failover LAN Interface: failover GigabitEthernet3 (up) Unit Poll frequency 1 seconds, holdtime 15 seconds Interface Poll frequency 5 seconds, holdtime 25 seconds Interface Policy 1 Monitored Interfaces 3 of 60 maximum Version: Ours 8.4(2), Mate 8.4(2) Last Failover at: 22:28:09 UTC Nov 29 2013 This host: Secondary - Standby Ready Active time: 0 (sec) Interface outside (0.0.0.0): Normal (Waiting) Interface management (0.0.0.0): Normal (Waiting) Interface inside (0.0.0.0): Normal (Waiting) Interface SubnetTen (0.0.0.0): Normal (Not-Monitored) Interface SubnetTwenty (0.0.0.0): Normal (Not-Monitored) Other host: Primary - Active Active time: 859 (sec) Interface outside (41.41.41.42): Normal (Waiting) Interface management (10.10.10.1): Normal (Waiting) Interface inside (0.0.0.0): Normal (Waiting) Interface SubnetTen (137.100.20.1): Normal (Not-Monitored) Interface SubnetTwenty (138.200.40.1): Normal (Not-Monitored) Stateful Failover Logical Update Statistics Link : state GigabitEthernet4 (up) Stateful Obj xmit xerr rcv rerr General 102 0 103 0 sys cmd 102 0 102 0 up time 0 0 0 0 RPC services 0 0 0 0 TCP conn 0 0 0 0 UDP conn 0 0 0 0 ARP tbl 0 0 0 0 Xlate_Timeout 0 0 0 0 IPv6 ND tbl 0 0 0 0 VPN IKEv1 SA 0 0 0 0 VPN IKEv1 P2 0 0 0 0 VPN IKEv2 SA 0 0 0 0 VPN IKEv2 P2 0 0 0 0 VPN CTCP upd 0 0 0 0 VPN SDI upd 0 0 0 0
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
VPN DHCP upd 0 0 0 0 SIP Session 0 0 0 0 Route Session 0 0 0 0 User-Identity 0 0 1 0 Logical Update Queue Information Cur Max Total Recv Q: 0 19 1803 Xmit Q: 0 1 102 ASA-Site2# show running-config : Saved : ASA Version 8.4(2) ! hostname ASA-Site2 enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted names ! interface GigabitEthernet0 nameif outside security-level 0 ip address 41.41.41.42 255.255.255.0 ! interface GigabitEthernet1 nameif management security-level 0 ip address 10.10.10.1 255.255.255.0 ! interface GigabitEthernet2 nameif inside security-level 100 no ip address ! interface GigabitEthernet2.10 vlan 10 nameif SubnetTen security-level 100 ip address 137.100.20.1 255.255.255.0 ! interface GigabitEthernet2.20 vlan 20 nameif SubnetTwenty security-level 100 ip address 138.200.40.1 255.255.255.0 !
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013
interface GigabitEthernet3 description LAN Failover Interface ! interface GigabitEthernet4 description STATE Failover Interface ! interface GigabitEthernet5 shutdown no nameif no security-level no ip address ! ftp mode passive same-security-traffic permit intra-interface object network Remote_Network subnet 198.168.10.0 255.255.255.0 object-group network DM_INLINE_NETWORK_1 network-object 137.100.0.0 255.255.0.0 network-object 138.200.40.0 255.255.255.0 access-list outside_cryptomap extended permit ip object-group DM_INLINE_NETWORK_1 object Remote_Network access-list outside_cryptomap extended permit ip 137.100.0.0 255.255.255.0 object Remote_Network pager lines 24 logging enable logging asdm informational mtu outside 1500 mtu management 1500 mtu inside 1500 mtu SubnetTen 1500 mtu SubnetTwenty 1500 failover failover lan unit secondary failover lan interface failover GigabitEthernet3 failover key ***** failover link state GigabitEthernet4 failover interface ip failover 172.16.1.1 255.255.255.252 standby 172.16.1.2 failover interface ip state 172.16.2.1 255.255.255.252 standby 172.16.2.2 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-649-103.bin no asdm history enable arp timeout 14400 route outside 0.0.0.0 0.0.0.0 41.41.41.41 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00
[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013