During the last few weeks I published a couple of blogposts concerning routing protocols such as BGP, OSPFv3, and EIGRP. (Use the “Cisco Router” tag on my blog to list all of them.) They are all part of my current Cisco lab that I am using for my CCNP TSHOOT exam preparation. While I depicted only the details of the routing protocols in those blogposts, I am showing my overall lab with all of its Cisco IOS configs here. Just to have the complete picture. There are a couple of not-yet-blogged configs such as VRRP, GLBP, NTP authentication, embedded event manager (EEM), or route-maps and distribute/prefix lists though.
This is the complete lab as already shown in all the other blogposts:
Configurations
Some quick notes about them (read: reminder to myself):
- The default config for all routers is based on this post: Basic Cisco Configuration. That is: timestamps, banner, SSH with ACLs, SSH public key authentication, SNMP with ACLs, NTP, logging, archive.
- R4 and R5 use three different FHRPs in sum. ;) On interfaces gi0/0 it is VRRP for legacy IP and HSRP for IPv6 (since my VRRP version is not able to handle IPv6 as well), while GLBP on interfaces gi0/1 for both Internet protocols. All four processes use MD5 authentication.
- All routers use NTP via IPv6 with MD5 authentication (since SHA-1 is not supported).
- On R2 there is an “event manager applet CONFIG-STARTED” that generates a syslog message and sends an email if an admin starts a configure session.
- Two GRE tunnels between R1 and R3, one over IPv6 and another over legacy IP. The latter uses a “keepalive” which is not possible for IPv6. No routing over those tunnels though.
- Route-Maps on R4 and R5 for BGP to set the local-preference for some networks to 200 to force only one router to be used. Sent to the Palo Alto firewall “out”. R4 with a route-map for IPv4 and R5 for IPv6.
- Just for fun: R2 uses an ACL for IPv4 and a prefix-list for IPv6 to filter outgoing EIGRP updates to R1. However, all networks are explicitly permitted, hence it’s just added security in case of misconfigurations on R3.
- On S2 there are two Raspberry Pis on ports 3 and 4 with PoE adapters.
- For all other details about the dynamic routing protocols refer to my previous blogposts.
- For even more protocols related to layer 2 refer to my CCNP SWITCH / Wireshark challenges post listing 22 protocols and 46 challenges around them.
Here are the full configurations for the five involved Cisco routers, from left to right according to the lab overview:
R4, iBGP to the left, OSPF to the right:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 |
! ! Last configuration change at 16:15:31 CET Thu Feb 22 2018 by weberjoh ! NVRAM config last updated at 16:38:44 CET Thu Feb 22 2018 by weberjoh ! NVRAM config last updated at 16:38:44 CET Thu Feb 22 2018 by weberjoh version 15.1 service timestamps debug datetime msec show-timezone year service timestamps log datetime msec show-timezone year service password-encryption ! hostname R4 ! boot-start-marker boot-end-marker ! ! security passwords min-length 12 logging buffered 64000 enable secret 5 $1$FdCb$spI/lHO.AREaK4fFrcLuw0 ! aaa new-model ! ! ! ! ! ! ! aaa session-id common ! clock timezone CET 1 0 clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00 no network-clock-participate wic 0 no network-clock-participate wic 1 ! dot11 syslog no ip source-route ! ! ip cef ! ! ! ip domain name weberlab.de ip name-server 2003:DE:2016:120::A08:53 ipv6 unicast-routing ipv6 cef ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! voice-card 0 ! crypto pki token default removal timeout 0 ! ! ! ! license udi pid CISCO2851 sn FCZ09417188 archive path scp://iosarchive:iospassword@scp.weberlab.de/$h-$t write-memory username weberjoh privilege 15 secret 5 $1$dZt.$HTgDJhM2cEld9SBRSrFfX1 ! redundancy ! ! controller E1 0/0/0 ! controller E1 0/1/0 ! ip ssh logging events ip ssh version 2 ip ssh dh min size 2048 ip ssh pubkey-chain username weberjoh key-hash ssh-rsa F6CB07741AC18888F65459330E8F2363 quit ! track 24 interface GigabitEthernet0/1 line-protocol ! track 25 interface GigabitEthernet0/1 line-protocol ! ! ! ! ! ! ! ! interface Loopback0 ip address 192.168.255.14 255.255.255.255 ipv6 address 2003:DE:2016:1FF::14/128 ipv6 ospf 1 area 0.0.0.0 ! interface GigabitEthernet0/0 description Uplink zu Dell-Switch Port 19 ip address 192.168.120.24 255.255.255.0 standby version 2 standby 25 ipv6 autoconfig standby 25 priority 110 standby 25 preempt standby 25 authentication md5 key-string 7 080B495D1C0A2C04260309252438332D21 standby 25 track 25 decrement 20 duplex auto speed auto ipv6 address 2003:DE:2016:120::24/64 ipv6 nd ra suppress all ipv6 ospf 1 area 0.0.0.0 vrrp 24 ip 192.168.120.4 vrrp 24 priority 110 vrrp 24 authentication md5 key-string 7 002E16151148380719245F vrrp 24 track 24 decrement 20 ! interface GigabitEthernet0/1 description Downlink zu S1 Port 1 ip address 192.168.121.4 255.255.255.0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 7 062C0029421F5A5556435F5859 ip ospf priority 100 glbp 136 ipv6 autoconfig glbp 136 priority 150 glbp 136 preempt glbp 136 authentication md5 key-string 7 13034247595F5C7F2F7471633621450642505303580E5100595640450C01040703070C5B580404010F57465301030D535A751A4A5C1A541614530A05727F262D30 glbp 137 ip 192.168.121.137 glbp 137 preempt glbp 137 authentication md5 key-string 7 0056155301035C5456724E1C5E480741430F5D00727F7179656676125240070555080D55050B014E1700015204010D000E0A53540C0454465E005E5C560E751E4F duplex auto speed auto ipv6 address 2003:DE:2016:121::4/64 ipv6 nd ra suppress all ipv6 ospf priority 100 ipv6 ospf 1 area 0.0.0.0 ipv6 ospf authentication ipsec spi 2311 sha1 7 0255250E2D505E7819185A3B214442522A5C727F76786A61744054415158070B0007712C544C300C0A ! router ospf 4 router-id 192.168.255.14 auto-cost reference-bandwidth 10000 passive-interface default no passive-interface GigabitEthernet0/1 network 192.168.120.0 0.0.0.255 area 0.0.0.0 network 192.168.121.0 0.0.0.255 area 0.0.0.0 default-information originate ! router bgp 64512 bgp router-id 192.168.255.14 bgp log-neighbor-changes no bgp default ipv4-unicast neighbor 2003:DE:2016:120::F02:443 remote-as 64512 neighbor 2003:DE:2016:120::F02:443 description Forti-v6 neighbor 2003:DE:2016:120::F02:443 password 7 012315550A52485E7119 neighbor 2003:DE:2016:1FF::1 remote-as 64512 neighbor 2003:DE:2016:1FF::1 description Palo-v6 Loopback neighbor 2003:DE:2016:1FF::1 password 7 080B4346074A4B4644 neighbor 2003:DE:2016:1FF::1 update-source Loopback0 neighbor 2003:DE:2016:1FF::15 remote-as 64512 neighbor 2003:DE:2016:1FF::15 description R5-Dual Loopback neighbor 2003:DE:2016:1FF::15 password 7 045D04090D205E neighbor 2003:DE:2016:1FF::15 update-source Loopback0 neighbor 192.168.120.33 remote-as 64512 neighbor 192.168.120.33 description Forti-v4 neighbor 192.168.120.33 password 7 0236170A5A5F41701C1B neighbor 192.168.255.1 remote-as 64512 neighbor 192.168.255.1 description Palo-v4 Loopback neighbor 192.168.255.1 update-source Loopback0 ! address-family ipv4 network 192.168.121.0 redistribute ospf 4 match internal external 1 external 2 neighbor 2003:DE:2016:1FF::15 activate neighbor 2003:DE:2016:1FF::15 next-hop-self neighbor 192.168.120.33 activate neighbor 192.168.120.33 next-hop-self neighbor 192.168.255.1 activate neighbor 192.168.255.1 next-hop-self neighbor 192.168.255.1 route-map BGP-to-Palo out exit-address-family ! address-family ipv6 redistribute ospf 1 match internal external 1 external 2 network 2003:DE:2016:121::/64 neighbor 2003:DE:2016:120::F02:443 activate neighbor 2003:DE:2016:120::F02:443 next-hop-self neighbor 2003:DE:2016:1FF::1 activate neighbor 2003:DE:2016:1FF::1 next-hop-self neighbor 2003:DE:2016:1FF::15 activate neighbor 2003:DE:2016:1FF::15 next-hop-self exit-address-family ! ip forward-protocol nd no ip http server no ip http secure-server ! ! ip route 0.0.0.0 0.0.0.0 192.168.120.1 ip route 192.168.255.1 255.255.255.255 GigabitEthernet0/0 192.168.120.1 ip route 192.168.255.2 255.255.255.255 GigabitEthernet0/0 192.168.120.33 ip route 192.168.255.15 255.255.255.255 GigabitEthernet0/0 192.168.120.25 ip ospf name-lookup ! ip access-list standard snmp-access-v4 permit 192.168.120.0 0.0.0.255 deny any ip access-list standard vty-access-v4 permit 192.168.0.0 0.0.255.255 log deny any log ! ! ip prefix-list IPv4-Loopbacks seq 5 permit 192.168.255.11/32 ip prefix-list IPv4-Loopbacks seq 10 permit 192.168.255.12/31 logging trap debugging logging host ipv6 2003:DE:2016:120::B10:514 ipv6 route 2003:DE:2016:1FF::1/128 GigabitEthernet0/0 2003:DE:2016:120::1 ipv6 route 2003:DE:2016:1FF::2/128 GigabitEthernet0/0 2003:DE:2016:120::F02:443 ipv6 route 2003:DE:2016:1FF::15/128 GigabitEthernet0/0 2003:DE:2016:120::25 ipv6 route ::/0 2003:DE:2016:120::1 ipv6 router ospf 1 router-id 192.168.255.14 auto-cost reference-bandwidth 10000 default-information originate passive-interface default no passive-interface GigabitEthernet0/1 ! ipv6 ospf name-lookup ! ! ! ! route-map BGP-to-Palo permit 10 match ip address prefix-list IPv4-Loopbacks set local-preference 200 ! route-map BGP-to-Palo permit 20 description This matches everything to be an explicit allow any at the end ! snmp-server community n5rAD1ig314IqfioYBWw RO ipv6 snmp-access-v6 snmp-access-v4 snmp-server ifindex persist snmp-server location On the top of the rack snmp-server contact Johannes Weber ! ! ! ! ipv6 access-list snmp-access-v6 permit ipv6 2003:DE:2016:120::/64 any deny ipv6 any any ! ipv6 access-list vty-access-v6 permit ipv6 2003:DE:2016::/48 any log deny ipv6 any any log ! control-plane ! ! ! ! mgcp profile default ! ! ! ! ! banner login ^C###################################### # Webernetz.net Labor # # Finger weg wenn du nicht ich bist! # ###################################### ^C ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous history size 100 line aux 0 line vty 0 4 access-class vty-access-v4 in exec-timeout 0 0 privilege level 15 ipv6 access-class vty-access-v6 in logging synchronous history size 100 transport input ssh ! scheduler allocate 20000 1000 ntp authentication-key 1 md5 113B3301213D15204E160B00626818722E133E4658 7 ntp authentication-key 2 md5 0650583F671F383B40360C161938192771057A3C67 7 ntp authentication-key 3 md5 050E2104106F47544C365B1C080317312771131A3C 7 ntp authenticate ntp trusted-key 1 ntp trusted-key 2 ntp trusted-key 3 ntp update-calendar ntp server ipv6 2.pool.ntp.org ntp server ntp1.weberlab.de key 1 ntp server ntp2.weberlab.de key 2 ntp server ntp3.weberlab.de key 3 prefer ntp server ipv6 2.de.pool.ntp.org end |
R5, same like R4: iBGP to the left, OSPF to the right:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 |
! ! Last configuration change at 16:12:24 CET Thu Feb 22 2018 by weberjoh ! NVRAM config last updated at 16:38:45 CET Thu Feb 22 2018 by weberjoh ! NVRAM config last updated at 16:38:45 CET Thu Feb 22 2018 by weberjoh version 15.1 service timestamps debug datetime msec show-timezone year service timestamps log datetime msec show-timezone year service password-encryption ! hostname R5 ! boot-start-marker boot-end-marker ! ! security passwords min-length 12 logging buffered 64000 enable secret 5 $1$FdCb$spI/lHO.AREaK4fFrcLuw0 ! aaa new-model ! ! ! ! ! ! ! aaa session-id common ! clock timezone CET 1 0 clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00 ! dot11 syslog no ip source-route ! ! ip cef ! ! ! ip domain name weberlab.de ip name-server 2003:DE:2016:120::A08:53 ipv6 unicast-routing ipv6 cef ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! voice-card 0 ! crypto pki token default removal timeout 0 ! ! ! ! license udi pid CISCO2851 sn FCZ132070SQ archive log config hidekeys path scp://iosarchive:iospassword@scp.weberlab.de/$h-$t write-memory username weberjoh privilege 15 secret 5 $1$dZt.$HTgDJhM2cEld9SBRSrFfX1 ! redundancy ! ! ip ssh logging events ip ssh version 2 ip ssh dh min size 2048 ip ssh pubkey-chain username weberjoh key-hash ssh-rsa F6CB07741AC18888F65459330E8F2363 quit ! ! ! ! ! ! ! ! interface Loopback0 ip address 192.168.255.15 255.255.255.255 ipv6 address 2003:DE:2016:1FF::15/128 ipv6 ospf 1 area 0.0.0.0 ! interface GigabitEthernet0/0 description Uplink zu Dell-Switch Port 20 ip address 192.168.120.25 255.255.255.0 standby version 2 standby 25 ipv6 autoconfig standby 25 preempt standby 25 authentication md5 key-string 7 09664B1A0C163E013F04010B25373F3627 duplex auto speed auto ipv6 address 2003:DE:2016:120::25/64 ipv6 nd ra suppress all ipv6 ospf 1 area 0.0.0.0 vrrp 24 ip 192.168.120.4 vrrp 24 authentication md5 key-string 7 11231C160201380D122F38 ! interface GigabitEthernet0/1 description Downlink zu S1 Port 2 ip address 192.168.121.5 255.255.255.0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 7 062C0029421F5A5556435F5859 ip ospf priority 50 glbp 136 ipv6 autoconfig glbp 136 preempt glbp 136 authentication md5 key-string 7 0827191B5B4A5D42165B5554292872296766704606400155010C00000157504C470B00075050560D530853525D0F024653500D0F530C704D48511F044F46090907 glbp 137 ip 192.168.121.137 glbp 137 priority 150 glbp 137 preempt glbp 137 authentication md5 key-string 7 0056155301035C5456724E1C5E480741430F5D00727F7179656676125240070555080D55050B014E1700015204010D000E0A53540C0454465E005E5C560E751E4F duplex auto speed auto ipv6 address 2003:DE:2016:121::5/64 ipv6 nd ra suppress all ipv6 ospf priority 50 ipv6 ospf 1 area 0.0.0.0 ipv6 ospf authentication ipsec spi 2311 sha1 7 0255250E2D505E7819185A3B214442522A5C727F76786A61744054415158070B0007712C544C300C0A ! router ospf 4 router-id 192.168.255.15 auto-cost reference-bandwidth 10000 passive-interface default no passive-interface GigabitEthernet0/1 network 192.168.120.0 0.0.0.255 area 0.0.0.0 network 192.168.121.0 0.0.0.255 area 0.0.0.0 default-information originate ! router bgp 64512 bgp router-id 192.168.255.15 bgp log-neighbor-changes no bgp default ipv4-unicast neighbor 2003:DE:2016:120::F02:443 remote-as 64512 neighbor 2003:DE:2016:120::F02:443 description Forti-v6 neighbor 2003:DE:2016:120::F02:443 password 7 046B18575E78021F594C neighbor 2003:DE:2016:1FF::1 remote-as 64512 neighbor 2003:DE:2016:1FF::1 description Palo-v6 Loopback neighbor 2003:DE:2016:1FF::1 password 7 080B4346074A4B4644 neighbor 2003:DE:2016:1FF::1 update-source Loopback0 neighbor 2003:DE:2016:1FF::14 remote-as 64512 neighbor 2003:DE:2016:1FF::14 description R4-Dual Loopback neighbor 2003:DE:2016:1FF::14 password 7 045D04090D205E neighbor 2003:DE:2016:1FF::14 update-source Loopback0 neighbor 192.168.120.33 remote-as 64512 neighbor 192.168.120.33 description Forti-v4 neighbor 192.168.120.33 password 7 06361C701D1747485542 neighbor 192.168.255.1 remote-as 64512 neighbor 192.168.255.1 description Palo-v4 Loopback neighbor 192.168.255.1 update-source Loopback0 ! address-family ipv4 network 192.168.121.0 redistribute ospf 4 match internal external 1 external 2 neighbor 2003:DE:2016:1FF::14 activate neighbor 2003:DE:2016:1FF::14 next-hop-self neighbor 192.168.120.33 activate neighbor 192.168.120.33 next-hop-self neighbor 192.168.255.1 activate neighbor 192.168.255.1 next-hop-self exit-address-family ! address-family ipv6 redistribute ospf 1 match internal external 1 external 2 network 2003:DE:2016:121::/64 neighbor 2003:DE:2016:120::F02:443 activate neighbor 2003:DE:2016:120::F02:443 next-hop-self neighbor 2003:DE:2016:1FF::1 activate neighbor 2003:DE:2016:1FF::1 next-hop-self neighbor 2003:DE:2016:1FF::1 route-map BGP-to-Palo out neighbor 2003:DE:2016:1FF::14 activate neighbor 2003:DE:2016:1FF::14 next-hop-self exit-address-family ! ip forward-protocol nd no ip http server no ip http secure-server ! ! ip route 0.0.0.0 0.0.0.0 192.168.120.1 ip route 192.168.255.1 255.255.255.255 GigabitEthernet0/0 192.168.120.1 ip route 192.168.255.2 255.255.255.255 GigabitEthernet0/0 192.168.120.33 ip route 192.168.255.14 255.255.255.255 GigabitEthernet0/0 192.168.120.24 ip ospf name-lookup ! ip access-list standard snmp-access-v4 permit 192.168.120.0 0.0.0.255 deny any ip access-list standard vty-access-v4 permit 192.168.0.0 0.0.255.255 log deny any log ! logging trap debugging logging host ipv6 2003:DE:2016:120:00:00:B10:514 ipv6 route 2003:DE:2016:1FF::1/128 GigabitEthernet0/0 2003:DE:2016:120::1 ipv6 route 2003:DE:2016:1FF::2/128 GigabitEthernet0/0 2003:DE:2016:120::F02:443 ipv6 route 2003:DE:2016:1FF::14/128 GigabitEthernet0/0 2003:DE:2016:120::24 ipv6 route ::/0 2003:DE:2016:120::1 ipv6 router ospf 1 router-id 192.168.255.15 auto-cost reference-bandwidth 10000 default-information originate passive-interface default no passive-interface GigabitEthernet0/1 ! ipv6 ospf name-lookup ! ! ipv6 prefix-list IPv6-Loopbacks seq 5 permit 2003:DE:2016:1FF::11/128 ipv6 prefix-list IPv6-Loopbacks seq 10 permit 2003:DE:2016:1FF::12/127 ! ! ! route-map BGP-to-Palo permit 10 match ipv6 address prefix-list IPv6-Loopbacks set local-preference 200 ! route-map BGP-to-Palo permit 20 description This matches everything to be an explicit allow any at the end ! snmp-server community n5rAD1ig314IqfioYBWw RO ipv6 snmp-access-v6 snmp-access-v4 snmp-server ifindex persist snmp-server location On the top of the rack snmp-server contact Johannes Weber ! ! ! ! ipv6 access-list vty-access-v6 permit ipv6 2003:DE:2016::/48 any log deny ipv6 any any log ! ipv6 access-list snmp-access-v6 permit ipv6 2003:DE:2016:120::/64 any deny ipv6 any any ! control-plane ! ! ! ! mgcp profile default ! ! ! ! ! banner login ^C###################################### # Webernetz.net Labor # # Finger weg wenn du nicht ich bist! # ###################################### ^C ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous history size 100 line aux 0 line vty 0 4 access-class vty-access-v4 in exec-timeout 0 0 privilege level 15 ipv6 access-class vty-access-v6 in logging synchronous history size 100 transport input ssh ! scheduler allocate 20000 1000 ntp authentication-key 1 md5 073D0B48782607295D2E2B284E71067415271D674A 7 ntp authentication-key 2 md5 115F4E1B3C433A2E410B35393D0F062E462A5F0A44 7 ntp authentication-key 3 md5 050E2104106F47544C365B1C080317312771131A3C 7 ntp authenticate ntp trusted-key 1 ntp trusted-key 2 ntp trusted-key 3 ntp update-calendar ntp server ipv6 2.pool.ntp.org ntp server ntp1.weberlab.de key 1 ntp server ntp2.weberlab.de key 2 ntp server ntp3.weberlab.de key 3 prefer ntp server ipv6 2.de.pool.ntp.org end |
R1, OSPF to the left, EIGRP to the right:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 |
! ! Last configuration change at 13:54:47 CET Thu Feb 22 2018 by weberjoh ! NVRAM config last updated at 16:38:47 CET Thu Feb 22 2018 by weberjoh ! NVRAM config last updated at 16:38:47 CET Thu Feb 22 2018 by weberjoh version 15.1 service timestamps debug datetime msec show-timezone year service timestamps log datetime msec show-timezone year service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! ! security passwords min-length 12 logging buffered 64000 enable secret 5 $1$FdCb$spI/lHO.AREaK4fFrcLuw0 ! aaa new-model ! ! ! ! ! ! ! aaa session-id common ! clock timezone CET 1 0 clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00 ! dot11 syslog no ip source-route ! ! ip cef ! ! ! ip domain name weberlab.de ip name-server 2003:DE:2016:120::A08:53 ipv6 unicast-routing ipv6 cef ! multilink bundle-name authenticated ! ! ! ! ! ! key chain EIGRP-Bose-Password key 1 key-string 7 0034000708565A575617495C1A485542 ! ! ! ! ! ! voice-card 0 ! crypto pki token default removal timeout 0 ! ! ! ! license udi pid CISCO2811 sn FCZ115171R6 archive path scp://iosarchive:iospassword@scp.weberlab.de/$h-$t write-memory username weberjoh privilege 15 secret 5 $1$dZt.$HTgDJhM2cEld9SBRSrFfX1 ! redundancy ! ! ip ssh logging events ip ssh version 2 ip ssh dh min size 2048 ip ssh pubkey-chain username weberjoh key-hash ssh-rsa F6CB07741AC18888F65459330E8F2363 quit ! ! ! ! ! ! ! ! interface Loopback0 ip address 192.168.255.11 255.255.255.255 ipv6 address 2003:DE:2016:1FF::11/128 ipv6 ospf 1 area 0.0.0.0 ! interface Tunnel0 ip address 172.16.255.1 255.255.255.252 keepalive 10 3 tunnel source Loopback0 tunnel destination 192.168.255.13 ! interface Tunnel1 ip address 172.16.255.5 255.255.255.252 tunnel source Loopback0 tunnel mode gre ipv6 tunnel destination 2003:DE:2016:1FF::13 ! interface FastEthernet0/0 description Uplink zu S1 Port 24 bandwidth 8000 ip address 192.168.121.42 255.255.255.0 ip flow ingress ip ospf authentication message-digest ip ospf message-digest-key 1 md5 7 1123160D19435840577E66777D duplex auto speed auto ipv6 address 2003:DE:2016:121::42/64 ipv6 nd ra suppress all ipv6 ospf 1 area 0.0.0.0 ipv6 ospf authentication ipsec spi 2311 sha1 7 0255250E2D505E7819185A3B214442522A5C727F76786A61744054415158070B0007712C544C300C0A ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 description Downlink zu R2 Port s0/3/0 bandwidth 8000 ip address 192.168.122.1 255.255.255.252 ip flow ingress ipv6 address 2003:DE:2016:122::/127 ipv6 nd ra suppress all ipv6 ospf 1 area 0.0.0.0 clock rate 8000000 ! interface Serial0/0/1 no ip address shutdown clock rate 2000000 ! ! router eigrp Bose ! address-family ipv4 unicast autonomous-system 4711 ! af-interface default authentication mode md5 authentication key-chain EIGRP-Bose-Password passive-interface exit-af-interface ! af-interface Serial0/0/0 no passive-interface exit-af-interface ! topology base default-metric 100000 100 255 50 1500 redistribute ospf 4 exit-af-topology network 192.168.121.0 network 192.168.122.0 0.0.0.3 network 192.168.255.11 0.0.0.0 eigrp router-id 192.168.255.11 exit-address-family ! address-family ipv6 unicast autonomous-system 4711 ! af-interface default authentication mode md5 authentication key-chain EIGRP-Bose-Password passive-interface exit-af-interface ! af-interface Serial0/0/0 no passive-interface exit-af-interface ! topology base default-metric 100000 100 255 50 1500 redistribute ospf 1 include-connected exit-af-topology eigrp router-id 192.168.255.11 exit-address-family ! router ospf 4 router-id 192.168.255.11 auto-cost reference-bandwidth 10000 summary-address 192.168.255.12 255.255.255.254 redistribute eigrp 4711 subnets passive-interface default no passive-interface FastEthernet0/0 network 192.168.121.0 0.0.0.255 area 0.0.0.0 network 192.168.122.0 0.0.0.3 area 0.0.0.0 network 192.168.255.11 0.0.0.0 area 0.0.0.0 ! ip forward-protocol nd no ip http server no ip http secure-server ! ! ip ospf name-lookup ! ip access-list standard snmp-access-v4 permit 192.168.120.0 0.0.0.255 deny any ip access-list standard vty-access-v4 permit 192.168.0.0 0.0.255.255 log deny any log ! logging trap debugging logging host ipv6 2003:DE:2016:120:00:00:B10:514 ipv6 router ospf 1 router-id 192.168.255.11 auto-cost reference-bandwidth 10000 summary-prefix 2003:DE:2016:1FF::12/127 passive-interface default no passive-interface FastEthernet0/0 redistribute eigrp 4711 include-connected ! ipv6 ospf name-lookup ! ! ! ! snmp-server community n5rAD1ig314IqfioYBWw RO ipv6 snmp-access-v6 snmp-access-v4 snmp-server ifindex persist snmp-server location On the top of the rack snmp-server contact Johannes Weber ! ! ! ! ipv6 access-list vty-access-v6 permit ipv6 2003:DE:2016::/48 any log deny ipv6 any any log ! ipv6 access-list snmp-access-v6 permit ipv6 2003:DE:2016:120::/64 any sequence 15 permit ipv6 2003:DE:2016:125::/64 any sequence 20 deny ipv6 any any ! control-plane ! ! ! ! mgcp profile default ! ! ! ! ! banner login ^C###################################### # Webernetz.net Labor # # Finger weg wenn du nicht ich bist! # ###################################### ^C ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous history size 100 line aux 0 line vty 0 4 access-class vty-access-v4 in exec-timeout 0 0 privilege level 15 ipv6 access-class vty-access-v6 in logging synchronous history size 100 transport input ssh ! scheduler allocate 20000 1000 ntp authentication-key 1 md5 113B3301213D15204E160B00626818722E133E4658 7 ntp authentication-key 2 md5 0650583F671F383B40360C161938192771057A3C67 7 ntp authentication-key 3 md5 050E2104106F47544C365B1C080317312771131A3C 7 ntp authenticate ntp trusted-key 1 ntp trusted-key 2 ntp trusted-key 3 ntp update-calendar ntp server ipv6 2.pool.ntp.org ntp server ntp1.weberlab.de key 1 ntp server ntp2.weberlab.de key 2 ntp server ntp3.weberlab.de key 3 prefer ntp server ipv6 2.de.pool.ntp.org end |
R2, running only EIGRP:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 |
! ! Last configuration change at 16:28:16 CET Thu Feb 22 2018 by weberjoh ! NVRAM config last updated at 16:38:48 CET Thu Feb 22 2018 by weberjoh ! NVRAM config last updated at 16:38:48 CET Thu Feb 22 2018 by weberjoh version 15.1 service timestamps debug datetime msec show-timezone year service timestamps log datetime msec show-timezone year service password-encryption ! hostname R2 ! boot-start-marker boot-end-marker ! ! ! card type command needed for slot/vwic-slot 0/0 security passwords min-length 12 logging buffered 64000 enable secret 5 $1$FdCb$spI/lHO.AREaK4fFrcLuw0 ! aaa new-model ! ! ! ! ! ! ! aaa session-id common ! clock timezone CET 1 0 clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00 network-clock-participate wic 1 ! dot11 syslog no ip source-route ! ! ip cef ! ! ! ip domain name weberlab.de ip name-server 2003:DE:2016:120::A08:53 ipv6 unicast-routing ipv6 cef ! multilink bundle-name authenticated ! ! ! ! ! ! key chain EIGRP-Bose-Password key 1 key-string 7 0034000708565A575617495C1A485542 ! ! ! ! ! ! voice-card 0 ! crypto pki token default removal timeout 0 ! ! ! ! license udi pid CISCO2811 sn FCZ1050731Z archive path scp://iosarchive:iospassword@scp.weberlab.de/$h-$t write-memory username weberjoh privilege 15 secret 5 $1$dZt.$HTgDJhM2cEld9SBRSrFfX1 ! redundancy ! ! ip ssh logging events ip ssh version 2 ip ssh dh min size 2048 ip ssh pubkey-chain username weberjoh key-hash ssh-rsa F6CB07741AC18888F65459330E8F2363 quit ! ! ! ! ! ! ! ! interface Loopback0 ip address 192.168.255.12 255.255.255.255 ipv6 address 2003:DE:2016:1FF::12/128 ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description Downlink zu S2 Port 1 ip address 192.168.127.1 255.255.255.0 duplex auto speed auto ipv6 address 2003:DE:2016:127::1/64 ipv6 nd ra suppress all ! interface BRI0/1/0 no ip address ! interface BRI0/1/1 no ip address ! interface Serial0/3/0 description Uplink zu R1 Port s0/0/0 bandwidth 8000 ip address 192.168.122.2 255.255.255.252 ipv6 address 2003:DE:2016:122::1/127 ipv6 nd ra suppress all no fair-queue ! interface Serial0/3/1 no ip address shutdown clock rate 2000000 ! ! router eigrp Bose ! address-family ipv4 unicast autonomous-system 4711 ! af-interface default authentication mode md5 authentication key-chain EIGRP-Bose-Password exit-af-interface ! topology base distribute-list EIGRP-Filter out Serial0/3/0 exit-af-topology network 192.168.122.0 0.0.0.3 network 192.168.127.0 network 192.168.255.12 0.0.0.0 eigrp router-id 192.168.255.12 exit-address-family ! address-family ipv6 unicast autonomous-system 4711 ! af-interface default authentication mode md5 authentication key-chain EIGRP-Bose-Password exit-af-interface ! topology base distribute-list prefix-list EIGRPv6-Filter out Serial0/3/0 exit-af-topology eigrp router-id 192.168.255.12 exit-address-family ! ip forward-protocol nd no ip http server no ip http secure-server ! ! ! ip access-list standard EIGRP-Filter permit 192.168.255.13 permit 192.168.255.12 permit 192.168.124.0 0.0.0.255 permit 192.168.127.0 0.0.0.255 permit 192.168.128.0 0.0.1.255 ip access-list standard snmp-access-v4 permit 192.168.120.0 0.0.0.255 deny any ip access-list standard vty-access-v4 permit 192.168.0.0 0.0.255.255 log deny any log ! logging trap debugging logging host ipv6 2003:DE:2016:120:00:00:B10:514 ! ! ipv6 prefix-list EIGRPv6-Filter seq 5 permit 2003:DE:2016:124::/64 ipv6 prefix-list EIGRPv6-Filter seq 10 permit 2003:DE:2016:127::/64 ipv6 prefix-list EIGRPv6-Filter seq 15 permit 2003:DE:2016:128::/62 ge 63 le 64 ipv6 prefix-list EIGRPv6-Filter seq 20 permit 2003:DE:2016:1FF::12/128 ipv6 prefix-list EIGRPv6-Filter seq 25 permit 2003:DE:2016:1FF::13/128 ! ! ! snmp-server community n5rAD1ig314IqfioYBWw RO ipv6 snmp-access-v6 snmp-access-v4 snmp-server ifindex persist snmp-server location On the top of the rack snmp-server contact Johannes Weber ! ! ! ! ipv6 access-list vty-access-v6 permit ipv6 2003:DE:2016::/48 any log deny ipv6 any any log ! ipv6 access-list snmp-access-v6 permit ipv6 2003:DE:2016:120::/64 any deny ipv6 any any ! control-plane ! ! voice-port 0/1/0 ! voice-port 0/1/1 ! voice-port 0/2/0 ! voice-port 0/2/1 ! ! ! mgcp profile default ! ! ! ! ! banner login ^C###################################### # Webernetz.net Labor # # Finger weg wenn du nicht ich bist! # ###################################### ^C ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous history size 100 line aux 0 line vty 0 4 access-class vty-access-v4 in exec-timeout 0 0 privilege level 15 ipv6 access-class vty-access-v6 in logging synchronous history size 100 transport input ssh ! scheduler allocate 20000 1000 ntp authentication-key 1 md5 113B3301213D15204E160B00626818722E133E4658 7 ntp authentication-key 2 md5 0650583F671F383B40360C161938192771057A3C67 7 ntp authentication-key 3 md5 050E2104106F47544C365B1C080317312771131A3C 7 ntp authenticate ntp trusted-key 1 ntp trusted-key 2 ntp trusted-key 3 ntp update-calendar ntp server ipv6 2.pool.ntp.org ntp server ipv6 2.de.pool.ntp.org ntp server ntp1.weberlab.de key 1 ntp server ntp2.weberlab.de key 2 ntp server ntp3.weberlab.de key 3 prefer event manager applet CONFIG-STARTED event cli pattern "configure terminal" sync no skip no occurs 1 action 1.0 syslog priority critical msg "Configuration mode was entered. Regards, JWE" action 2.0 mail server "192.168.110.24" to "johannes@webernetz.net" from "r2@weberlab.de" subject "Config Started at R2" body "Nur noch ein bisschen mehr Text." source-interface Loopback0 ! end |
R3, running only EIGRP, connecting several client subnets:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 |
! ! Last configuration change at 15:19:07 CET Thu Feb 22 2018 by weberjoh ! NVRAM config last updated at 16:38:49 CET Thu Feb 22 2018 by weberjoh ! NVRAM config last updated at 16:38:49 CET Thu Feb 22 2018 by weberjoh version 15.1 service timestamps debug datetime msec show-timezone year service timestamps log datetime msec show-timezone year service password-encryption ! hostname R3 ! boot-start-marker boot-end-marker ! ! security passwords min-length 12 logging buffered 64000 enable secret 5 $1$FdCb$spI/lHO.AREaK4fFrcLuw0 ! aaa new-model ! ! ! ! ! ! ! aaa session-id common ! clock timezone CET 1 0 clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00 ! dot11 syslog no ip source-route ! ! ip cef ! ip dhcp excluded-address 192.168.124.1 192.168.124.10 ip dhcp excluded-address 192.168.128.1 192.168.128.10 ip dhcp excluded-address 192.168.129.1 192.168.129.10 ! ip dhcp pool VLAN124-Clients network 192.168.124.0 255.255.255.0 default-router 192.168.124.1 dns-server 192.168.120.22 domain-name weberlab.de ! ip dhcp pool VLAN128-Clients network 192.168.128.0 255.255.255.0 dns-server 192.168.120.22 domain-name weberlab.de default-router 192.168.128.1 ! ip dhcp pool VLAN129-Clients network 192.168.129.0 255.255.255.0 default-router 192.168.129.1 dns-server 192.168.120.22 domain-name weberlab.de ! ! ip domain name weberlab.de ip name-server 2003:DE:2016:120::A08:53 ipv6 unicast-routing ipv6 cef ipv6 dhcp pool VLAN124-Clients dns-server 2003:DE:2016:120::A08:53 domain-name weberlab.de ! ipv6 dhcp pool VLAN128-Clients dns-server 2003:DE:2016:120::A08:53 domain-name weberlab.de ! ipv6 dhcp pool VLAN129-Clients dns-server 2003:DE:2016:120::A08:53 domain-name weberlab.de ! ! multilink bundle-name authenticated ! ! ! ! ! ! key chain EIGRP-Bose-Password key 1 key-string 7 0034000708565A575617495C1A485542 ! ! ! ! ! ! voice-card 0 ! crypto pki token default removal timeout 0 ! ! ! ! license udi pid CISCO2811 sn FCZ093171JF archive path scp://iosarchive:iospassword@scp.weberlab.de/$h-$t write-memory username weberjoh privilege 15 secret 5 $1$dZt.$HTgDJhM2cEld9SBRSrFfX1 ! redundancy ! ! ip ssh logging events ip ssh version 2 ip ssh dh min size 2048 ip ssh pubkey-chain username weberjoh key-hash ssh-rsa F6CB07741AC18888F65459330E8F2363 quit ip scp server enable ! ! ! ! ! ! ! ! interface Loopback0 ip address 192.168.255.13 255.255.255.255 ipv6 address 2003:DE:2016:1FF::13/128 ! interface Tunnel0 ip address 172.16.255.2 255.255.255.252 keepalive 10 3 tunnel source Loopback0 tunnel destination 192.168.255.11 ! interface Tunnel1 ip address 172.16.255.6 255.255.255.252 tunnel source Loopback0 tunnel mode gre ipv6 tunnel destination 2003:DE:2016:1FF::11 ! interface FastEthernet0/0 description Uplink zu S2 Port 2 no ip address duplex auto speed auto ! interface FastEthernet0/0.124 description VLAN124-Clients encapsulation dot1Q 124 ip address 192.168.124.1 255.255.255.0 ipv6 address 2003:DE:2016:124::1/64 ipv6 nd other-config-flag ! interface FastEthernet0/0.127 description Uplink Transfer Segment encapsulation dot1Q 127 ip address 192.168.127.2 255.255.255.0 ipv6 address 2003:DE:2016:127::2/64 ipv6 nd ra suppress all ! interface FastEthernet0/0.128 description VLAN128-Clients encapsulation dot1Q 128 ip address 192.168.128.1 255.255.255.0 ipv6 address 2003:DE:2016:128::1/64 ipv6 nd other-config-flag ! interface FastEthernet0/0.129 description VLAN129-Clients encapsulation dot1Q 129 ip address 192.168.129.1 255.255.255.0 ipv6 address 2003:DE:2016:129::1/64 ipv6 nd other-config-flag ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! ! router eigrp Bose ! address-family ipv4 unicast autonomous-system 4711 ! af-interface default authentication mode md5 authentication key-chain EIGRP-Bose-Password passive-interface exit-af-interface ! af-interface FastEthernet0/0.127 summary-address 192.168.128.0 255.255.254.0 no passive-interface exit-af-interface ! topology base exit-af-topology network 192.168.124.0 network 192.168.127.0 network 192.168.128.0 network 192.168.129.0 network 192.168.255.13 0.0.0.0 eigrp router-id 192.168.255.13 eigrp stub connected summary exit-address-family ! address-family ipv6 unicast autonomous-system 4711 ! af-interface default authentication mode md5 authentication key-chain EIGRP-Bose-Password passive-interface exit-af-interface ! af-interface FastEthernet0/0.127 summary-address 2003:DE:2016:128::/63 no passive-interface exit-af-interface ! topology base exit-af-topology eigrp router-id 192.168.255.13 eigrp stub connected summary exit-address-family ! ip forward-protocol nd no ip http server no ip http secure-server ! ! ! ip access-list standard snmp-access-v4 permit 192.168.120.0 0.0.0.255 deny any ip access-list standard vty-access-v4 permit 192.168.0.0 0.0.255.255 log deny any log ! logging trap debugging logging host ipv6 2003:DE:2016:120::B10:514 ! ! ! ! snmp-server community n5rAD1ig314IqfioYBWw RO ipv6 snmp-access-v6 snmp-access-v4 snmp-server ifindex persist snmp-server location On the top of the rack snmp-server contact Johannes Weber ! ! ! ! ipv6 access-list snmp-access-v6 permit ipv6 2003:DE:2016:120::/64 any deny ipv6 any any ! ipv6 access-list vty-access-v6 permit ipv6 2003:DE:2016::/48 any log deny ipv6 any any log ! control-plane ! ! ! ! mgcp profile default ! ! ! ! ! banner login ^C###################################### # Webernetz.net Labor # # Finger weg wenn du nicht ich bist! # ###################################### ^C ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous history size 100 line aux 0 line vty 0 4 access-class vty-access-v4 in exec-timeout 0 0 privilege level 15 ipv6 access-class vty-access-v6 in logging synchronous history size 100 transport input ssh ! scheduler allocate 20000 1000 ntp authentication-key 1 md5 113B3301213D15204E160B00626818722E133E4658 7 ntp authentication-key 2 md5 0650583F671F383B40360C161938192771057A3C67 7 ntp authentication-key 3 md5 050E2104106F47544C365B1C080317312771131A3C 7 ntp authenticate ntp trusted-key 1 ntp trusted-key 2 ntp trusted-key 3 ntp update-calendar ntp server ipv6 2.de.pool.ntp.org ntp server ntp1.weberlab.de key 1 ntp server ntp2.weberlab.de key 2 ntp server ntp3.weberlab.de key 3 prefer ntp server ipv6 2.pool.ntp.org end |
HSRP, VRRP, GLBP
At least for those FHRP protocols I have not yet shown any details in other blogposts. I won’t open another big thing here but want to list a few show commands for them. As already described above I am using VRRP for IPv4 and HSRP for IPv6 on the gi0/0 interfaces from R4 and R5, while two instances of GLBP for IPv6 and IPv4 on the gi0/1 interfaces.
HSRP:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
R4#show standby brief P indicates configured to preempt. | Interface Grp Pri P State Active Standby Virtual IP Gi0/0 25 110 P Active local FE80::225:45FF:FE60:17C0 FE80::5:73FF:FEA0:19 R4# R4# R4#show standby GigabitEthernet0/0 - Group 25 (version 2) State is Active 1 state change, last state change 10:07:55 Virtual IP address is FE80::5:73FF:FEA0:19 Active virtual MAC address is 0005.73a0.0019 Local virtual MAC address is 0005.73a0.0019 (v2 IPv6 default) Hello time 3 sec, hold time 10 sec Next hello sent in 1.968 secs Authentication MD5, key-string Preemption enabled Active router is local Standby router is FE80::225:45FF:FE60:17C0, priority 100 (expires in 8.928 sec) Priority 110 (configured 110) Track object 25 state Up decrement 20 Group name is "hsrp-Gi0/0-25" (default) R4# |
VRRP:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
R4#show vrrp brief Interface Grp Pri Time Own Pre State Master addr Group addr Gi0/0 24 110 3570 Y Master 192.168.120.24 192.168.120.4 R4# R4# R4#show vrrp GigabitEthernet0/0 - Group 24 State is Master Virtual IP address is 192.168.120.4 Virtual MAC address is 0000.5e00.0118 Advertisement interval is 1.000 sec Preemption enabled Priority is 110 Track object 24 state Up decrement 20 Authentication MD5, key-string Master Router is 192.168.120.24 (local), priority is 110 Master Advertisement interval is 1.000 sec Master Down interval is 3.570 sec R4# |
GLBP:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 |
R4#show glbp brief Interface Grp Fwd Pri State Address Active router Standby router Gi0/1 136 - 150 Active FE80::7:B4FF:FE00:8800 local FE80::225:45FF:FE60:17C1 Gi0/1 136 1 - Listen 0007.b400.8801 FE80::225:45FF:FE60:17C1 - Gi0/1 136 2 - Active 0007.b400.8802 local - Gi0/1 137 - 100 Standby 192.168.121.137 192.168.121.5 local Gi0/1 137 1 - Listen 0007.b400.8901 192.168.121.5 - Gi0/1 137 2 - Active 0007.b400.8902 local - R4# R4# R4#show glbp GigabitEthernet0/1 - Group 136 State is Active 1 state change, last state change 10:08:28 Virtual IP address is FE80::7:B4FF:FE00:8800 (auto-configured) Hello time 3 sec, hold time 10 sec Next hello sent in 2.432 secs Redirect time 600 sec, forwarder timeout 14400 sec Authentication MD5, key-string Preemption enabled, min delay 0 sec Active is local Standby is FE80::225:45FF:FE60:17C1, priority 100 (expires in 9.184 sec) Priority 150 (configured) Weighting 100 (default 100), thresholds: lower 1, upper 100 Load balancing: round-robin Group members: 0015.626a.fef1 (FE80::215:62FF:FE6A:FEF1) local 0025.4560.17c1 (FE80::225:45FF:FE60:17C1) authenticated There are 2 forwarders (1 active) Forwarder 1 State is Listen MAC address is 0007.b400.8801 (learnt) Owner ID is 0025.4560.17c1 Redirection enabled, 599.200 sec remaining (maximum 600 sec) Time to live: 14399.200 sec (maximum 14400 sec) Preemption enabled, min delay 30 sec Active is FE80::225:45FF:FE60:17C1 (primary), weighting 100 (expires in 9.248 sec) Client selection count: 1 Forwarder 2 State is Active 1 state change, last state change 10:07:54 MAC address is 0007.b400.8802 (default) Owner ID is 0015.626a.fef1 Redirection enabled Preemption enabled, min delay 30 sec Active is local, weighting 100 GigabitEthernet0/1 - Group 137 State is Standby 1 state change, last state change 10:08:18 Virtual IP address is 192.168.121.137 Hello time 3 sec, hold time 10 sec Next hello sent in 0.544 secs Redirect time 600 sec, forwarder timeout 14400 sec Authentication MD5, key-string Preemption enabled, min delay 0 sec Active is 192.168.121.5, priority 150 (expires in 8.672 sec) Standby is local Priority 100 (default) Weighting 100 (default 100), thresholds: lower 1, upper 100 Load balancing: round-robin Group members: 0015.626a.fef1 (192.168.121.4) local 0025.4560.17c1 (192.168.121.5) authenticated There are 2 forwarders (1 active) Forwarder 1 State is Listen MAC address is 0007.b400.8901 (learnt) Owner ID is 0025.4560.17c1 Time to live: 14397.920 sec (maximum 14400 sec) Preemption enabled, min delay 30 sec Active is 192.168.121.5 (primary), weighting 100 (expires in 9.152 sec) Forwarder 2 State is Active 1 state change, last state change 10:07:52 MAC address is 0007.b400.8902 (default) Owner ID is 0015.626a.fef1 Preemption enabled, min delay 30 sec Active is local, weighting 100 R4# |
That’s It
This was my last blogpost concerning CCNP exam topics. At least for now. I got the certificate on Feb 27, 2018. :D
After three books, 1600 pages, many days in my lab with approx 30 network protocols, etc. I passed my #CCNP certification today. Cheers! pic.twitter.com/Ovv4AAOXJO
— Johannes Weber 🎸 (@webernetz) February 27, 2018
Thanks for watching. ;) “And don’t forget to hit the subscribe button!”
Featured image “Frankfurt Main Panorama” by tausend und eins, fotografie is licensed under CC BY 2.0.