mpls wan configuration files guide - august 2014 · introduction august 2014 series 2 introduction...

MPLS WANConfiguration Files Guide

August 2014 Series

Table of Contents

Table of ContentsPreface ........................................................................................................................................1

Introduction .................................................................................................................................2

Product List .................................................................................................................................4

WAN-Aggregation Devices – Dual MPLS and MPLS Dynamic Design Models ...............................7WAN-D3750X ............................................................................................................................. 8CE-ASR1002X-1 ....................................................................................................................... 15CE-ASR1001-2 ......................................................................................................................... 20

WAN Remote-Site Devices – Dual MPLS and MPLS Dynamic Design Models .............................26Remote Site 200: Single-Router, Single-Link with Distribution Layer (MPLS-A) ........................ 28

RS200-3925-1 ..................................................................................................................... 28RS200-D4500X-VSS ............................................................................................................ 34

Remote Site 201: Single-Router, Single-Link with Access-Layer Stack (MPLS-A) .................... 46RS201-2911 .......................................................................................................................... 46

Remote Site 202: Single-Router, Single-Link (MPLS-B) ............................................................ 52RS202-2911 ......................................................................................................................... 52

Remote Site 203: Single-Router, Single-Link with Access Layer Stack (MPLS-A) .................... 57RS203-2921-1 ...................................................................................................................... 57

Remote Site 204: Single-Router, Single-Link (MPLS-A) ............................................................ 62RS204-1941 ......................................................................................................................... 62

Remote Site 205: Single-Router, Single-Link (MPLS-B) ............................................................ 67RS205-4451X ....................................................................................................................... 67

Remote Site 206: Dual-Router, Dual-Link with Access-Layer Stack (MPLS-A/MPLS-B) ........... 71RS206-3925-1 ..................................................................................................................... 71RS206-3925-2 ..................................................................................................................... 77

Remote Site 207: Single-Router, Dual-Link (MPLS-A/MPLS-B) ................................................. 83RS207-2921 ......................................................................................................................... 83

Remote Site 208: Dual-router, Dual-Link with Distribution Layer (MPLS-A/MPLS-B) ................. 89RS208-2951-1 ...................................................................................................................... 90RS208-2951-2...................................................................................................................... 96RS208-D3750X .................................................................................................................. 102

Table of Contents

WAN-Aggregation Devices—MPLS Static Design Model ........................................................... 112CE-ISR4451X-3 .......................................................................................................................113

WAN Remote-Site Devices—MPLS Static Design Model ........................................................... 119Remote Site 100: Single-Router, Single-Link with Local DHCP (MPLS-C Static) ......................120

RS100-1941 ........................................................................................................................120Remote Site 101: Single-Router, Single-Link with Local DHCP (MPLS-C Static) ......................124

RS101-2911 .........................................................................................................................124Remote Site 102: 890 Series Single-Router, Single-Link with Local DHCP (MPLS-C Static) .. 130

RS102-891 ......................................................................................................................... 130

Preface August 2014 Series1

PrefaceCisco Validated Designs (CVDs) present systems that are based on common use cases or engineering priorities. CVDs incorporate a broad set of technologies, features, and applications that address customer needs. They incorporate a broad set of technologies, features, and applications to address customer needs. Cisco engineers have comprehensively tested and documented each CVD in order to ensure faster, more reliable, and fully predictable deployment.

This guide provides, as a comprehensive reference, the complete network device configurations that are implemented in the corresponding CVD design guide.

CVD Foundation SeriesThis CVD Foundation guide is a part of the August 2014 Series. As Cisco develops a CVD Foundation series, the guides themselves are tested together, in the same network lab. This approach assures that the guides in a series are fully compatible with one another. Each series describes a lab-validated, complete system.

The CVD Foundation series incorporates wired and wireless LAN, WAN, data center, security, and network management technologies. Using the CVD Foundation simplifies system integration, allowing you to select solutions that solve an organization’s problems—without worrying about the technical complexity.

To ensure the compatibility of designs in the CVD Foundation, you should use guides that belong to the same release. For the most recent CVD Foundation guides, please visit the CVD Foundation web site.

Comments and QuestionsIf you would like to comment on a guide or ask questions, please use the feedback form.

http://cvddocs.com/fw/1000-w

http://cvddocs.com/feedback/?id=240-14b

Introduction August 2014 Series2

IntroductionThis document provides the available configuration files for the products used in the MPLS WAN Technology Design Guide. It is a companion document to the design guide as a reference for engineers who are evaluating or deploying CVD.

Both the MPLS WAN Technology Design Guide and the MPLS WAN Configuration Files Guide provide the complete list of products used in the lab testing of this design.

http://cvddocs.com/fw/245-14b



Introduction August 2014 Series3

Figure 1 - CVD enterprise network architecture overview

21

89Remote Site Regional SiteRemote Site

Teleworker /Mobile Worker

AccessSwitches

AccessSwitches

WANRouters

Cisco WAASWAAS

WANRoutersWAN

Router

AccessSwitch

Hardware andSoftware VPN

Wireless LANController

DistributionSwitchesAccess

Switches

WAN Aggregation

Internet Edge

Data Center

Headquarters

WANRoutersWAAS

VPN WANRouters

Remote-SiteWireless LAN

Controllers

UCS Rack-mountServers

UCS Rack-mountServer

Wireless LANControllers

Email SecurityAppliance

Firewall

RA-VPNWeb Security

Appliance

Guest WirelessLAN Controller

Data CenterFirewalls

CommunicationsManagers

UCS BladeChassis

DMZ Servers

DMZ Switches

Nexus2000

Storage

WAAS CentralManager

Nexus5500

UserAccessLayer

InternetPSTN PSTNMPLSWANs

Building 1 Building 2 Building 3

Core VSSSwitch

DistributionSwitch Layer

VoiceGateway

Product List August 2014 Series4

Product ListWAN Aggregation

Functional Area Product Description Part Numbers Software

WAN-aggregation Router Aggregation Services 1002X Router ASR1002X-5G-VPNK9 IOS-XE 15.4(2)S Advanced Enterprise feature set

Aggregation Services 1002 Router ASR1002-5G-VPN/K9

Aggregation Services 1001 Router ASR1001-2.5G-VPNK9

Cisco ISR 4451-X Security Bundle w/SEC license PAK ISR4451-X-SEC/K9 IOS-XE 15.4(2)S securityk9 feature set

WAN Remote SiteFunctional Area Product Description Part Numbers Software

Modular WAN Remote-site Router

Cisco ISR 4451 w/ 4GE,3NIM,2SM,8G FLASH, 4G DRAM, IP Base, SEC, AX license with: DATA, AVC, ISR-WAAS with 2500 connection RTU

ISR4451-X-AX/K9 IOS-XE 15.4(2)S securityk9 feature set appxk9 feature set

Cisco ISR 3945 w/ SPE150, 3GE, 4EHWIC, 4DSP, 4SM, 256MBCF, 1GBDRAM, IP Base, SEC, AX licenses with; DATA, AVC, and WAAS/vWAAS with 2500 connection RTU

C3945-AX/K9 15.3(3)M3 securityk9 feature set datak9 feature set uck9 feature setCisco ISR 3925 w/ SPE100 (3GE, 4EHWIC, 4DSP, 2SM,

256MBCF, 1GBDRAM, IP Base, SEC, AXlicenses with; DATA, AVC, WAAS/vWAAS with 2500 connection RTU

C3925-AX/K9

Unified Communications Paper PAK for Cisco 3900 Series SL-39-UC-K9

Cisco ISR 2951 w/ 3 GE, 4 EHWIC, 3 DSP, 2 SM, 256MB CF, 1GB DRAM, IP Base, SEC, AX license with; DATA, AVC, and WAAS/vWAAS with 1300 connection RTU

C2951-AX/K9

Cisco ISR 2921 w/ 3 GE, 4 EHWIC, 3 DSP, 1 SM, 256MB CF, 1GB DRAM, IP Base, SEC, AX license with; DATA, AVC, and WAAS/vWAAS with 1300 connection RTU

C2921-AX/K9

Cisco ISR 2911 w/ 3 GE,4 EHWIC, 2 DSP, 1 SM, 256MB CF, 1GB DRAM, IP Base, SEC, AX license with; DATA, AVC and WAAS/vWAAS with 1300 connection RTU

C2911-AX/K9

Unified Communications Paper PAK for Cisco 2900 Series SL-29-UC-K9

Cisco ISR 1941 Router w/ 2 GE, 2 EHWIC slots, 256MB CF, 2.5GB DRAM, IP Base, DATA, SEC, AX license with; AVC and WAAS-Express

C1941-AX/K9 15.3(3)M3 securityk9 feature set datak9 feature set

Fixed WAN Remote-site Router

Cisco 891 Router CISCO891W-AGN-A-K9 15.3(3)M3 securityk9 feature set datak9 feature set

WAAS-Express/AVC/Advanced IP with upgrade up to 1GB DRAM for Cisco 800 Series Routers

FL-C800-APP


LAN Access LayerFunctional Area Product Description Part Numbers Software

Modular Access Layer Switch

Cisco Catalyst 4500E Series 4507R+E 7-slot Chassis with 48Gbps per slot

WS-C4507R+E 3.3.1XO(15.1.1XO1) IP Base feature set

Cisco Catalyst 4500E Supervisor Engine 8-E, Unified Access, 928Gbps

WS-X45-SUP8-E

Cisco Catalyst 4500E 12-port 10GbE SFP+ Fiber Module WS-X4712-SFP+E

Cisco Catalyst 4500E 48-Port 802.3at PoE+ 10/100/1000 (RJ-45)

WS-X4748-RJ45V+E


WS-C4507R+E 3.5.3E(15.2.1E3) IP Base feature set

Cisco Catalyst 4500E Supervisor Engine 7L-E, 520Gbps WS-X45-SUP7L-E

Cisco Catalyst 4500E 48 Ethernet 10/100/1000 (RJ45) PoE+,UPoE ports

WS-X4748-UPOE+E

Cisco Catalyst 4500E 48 Ethernet 10/100/1000 (RJ45) PoE+ ports

WS-X4648-RJ45V+E

Stackable Access Layer Switch

Cisco Catalyst 3850 Series Stackable 48 Ethernet 10/100/1000 PoE+ ports

WS-C3850-48F 3.3.3SE(15.0.1EZ3) IP Base feature set

Cisco Catalyst 3850 Series Stackable 24 Ethernet 10/100/1000 PoE+ Ports

WS-C3850-24P

Cisco Catalyst 3850 Series 2 x 10GE Network Module C3850-NM-2-10G


Cisco Catalyst 3650 Series 24 Ethernet 10/100/1000 PoE+ and 2x10GE or 4x1GE Uplink

WS-C3650-24PD 3.3.3SE(15.0.1EZ3) IP Base feature set

Cisco Catalyst 3650 Series 24 Ethernet 10/100/1000 PoE+ and 4x1GE Uplink

WS-C3650-24PS

Cisco Catalyst 3650 Series Stack Module C3650-STACK

Cisco Catalyst 3750-X Series Stackable 48 Ethernet 10/100/1000 PoE+ ports

WS-C3750X-48PF-S 15.2(1)E3 IP Base feature set

Cisco Catalyst 3750-X Series Stackable 24 Ethernet 10/100/1000 PoE+ ports

WS-C3750X-24P-S

Cisco Catalyst 3750-X Series Two 10GbE SFP+ and Two GbE SFP ports network module

C3KX-NM-10G

Cisco Catalyst 3750-X Series Four GbE SFP ports network module

C3KX-NM-1G

Cisco Catalyst 2960-X Series 24 10/100/1000 Ethernet and 2 SFP+ Uplink

WS-C2960X-24PD 15.0(2)EX5 LAN Base feature set

Cisco Catalyst 2960-X FlexStack-Plus Hot-Swappable Stacking Module

C2960X-STACK

Standalone Access Layer Switch

Cisco Catalyst 3650 Series 24 Ethernet 10/100/1000 PoE+ and 4x1GE Uplink

WS-C3650-24PS 3.3.3SE(15.01EZ3) IP Base feature set


LAN Distribution LayerFunctional Area Product Description Part Numbers Software

Modular Distribution Layer Virtual Switch Pair

Cisco Catalyst 6800 Series 6807-XL 7-Slot Modular Chassis C6807-XL 15.1(2)SY3 IP Services feature setCisco Catalyst 6500 VSS Supervisor 2T with 2 ports 10GbE and

PFC4VS-S2T-10G

Cisco Catalyst 6500 4-port 40GbE/16-port 10GbE Fiber Module w/DFC4

WS-X6904-40G-2T

Cisco Catalyst 6500 4-port 10GbE SFP+ adapter for WX-X6904-40G module

CVR-CFP-4SFP10G

Cisco Catalyst 6500 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX

Cisco Catalyst 6500 Distributed Forwarding Card 4 WS-F6K-DFC4-A

Cisco Catalyst 6500 Series 6506-E 6-Slot Chassis WS-C6506-E

Cisco Catalyst 6500 VSS Supervisor 2T with 2 ports 10GbE and PFC4

VS-S2T-10G

Cisco Catalyst 6500 4-port 40GbE/16-port 10GbE Fiber Module w/DFC4

WS-X6904-40G-2T

Cisco Catalyst 6500 4-port 10GbE SFP+ adapter for WX-X6904-40G module

CVR-CFP-4SFP10G

Cisco Catalyst 6500 48-port GigE Mod (SFP) WS-X6748-SFP


Cisco Catalyst 6500 24-port GigE Mod (SFP) WS-X6724-SFP


Extensible Fixed Distribution Layer Virtual Switch Pair

Cisco Catalyst 6800 Series 6880-X Extensible Fixed Aggregation Switch (Standard Tables)

C6880-X-LE 15.1(2)SY3 IP Services feature set

Cisco Catalyst 6800 Series 6880-X Multi Rate Port Card (Standard Tables)

C6880-X-LE-16P10G

Modular Distribution Layer Virtual Switch Pair


WS-C4507R+E 3.5.3E(15.2.1E3) Enterprise Services feature setCisco Catalyst 4500E Supervisor Engine 7-E, 848Gbps WS-X45-SUP7-E

Cisco Catalyst 4500E 12-port 10GbE SFP+ Fiber Module WS-X4712-SFP+E

Cisco Catalyst 4500E 48-Port 802.3at PoE+ 10/100/1000 (RJ-45)

WS-X4748-RJ45V+E

Fixed Distribution Layer Virtual Switch Pair

Cisco Catalyst 4500-X Series 32 Port 10GbE IP Base Front-to-Back Cooling

WS-C4500X-32SFP+ 3.5.3E(15.2.1E3) Enterprise Services feature set

Stackable Distribution Layer Switch

Cisco Catalyst 3850 Series Stackable Switch with 12 SFP Ethernet

WS-C3850-12S 3.3.3SE(15.0.1EZ3) IP Services feature set



Cisco Catalyst 3750-X Series Stackable 12 GbE SFP ports WS-C3750X-12S-E 15.2(1)E3 IP Services feature setCisco Catalyst 3750-X Series Two 10GbE SFP+ and Two GbE

SFP ports network moduleC3KX-NM-10G

Cisco Catalyst 3750-X Series Four GbE SFP ports network module

C3KX-NM-1G

WAN-Aggregation Devices – Dual MPLS and MPLS Dynamic Design Models August 2014 Series7

WAN-Aggregation Devices – Dual MPLS and MPLS Dynamic Design Models

This section includes configuration files corresponding to the Dual MPLS design model as referenced in Figure 2. These configuration files also apply to the MPLS Dynamic design model.

Figure 2 - WAN-aggregation design—Dual MPLS and MPLS Dynamic design models

22

54

(150 Mbps)(300 Mbps)

Port-channel1(gig1/0/1, gig2/0/1)



gig0/0/3gig0/0/3

WAN-D3750X

CE-ASR1001-2CE-ASR1002X-1

AS=65511192.168.3.0/30

↑ (.1), (.2) ↓

10.4.32.0/30↑ (.1), (.2) ↓

10.4.32.8/30↑ (.9), (.10) ↓

192.168.4.0/30↑ (.1), (.2) ↓


MPLS AAS 65401

MPLS BAS 65402

The following table provides the loopback addresses for the WAN aggregation devices in the Dual MPLS and MPLS Dynamic design models.

Table 1 - Loopback addresses

Hostname Loopback0

WAN-D3750X 10.4.32.240/32

CE-ASR1002X-1 10.4.32.241/32

CE-ASR1001-2 10.4.32.242/32


The following table provides a summary of the various distribution layer switch device interconnections to other WAN-aggregation components.

Table 2 - Dual MPLS design model—distribution layer switch port channel information

Port channel Member interfaces Layer3/Layer2 Connected device

1 gig1/0/1 gig2/0/1

Layer 3 CE-ASR1002X-1

2 gig1/0/2 gig2/0/2

Layer 3 CE-ASR1001-2

WAN-D3750X

This guide uses the following conventions for commands that you enter at the command-line interface (CLI).

Commands to enter at a CLI prompt: configure terminal

Commands that specify a value for a variable: ntp server 10.10.48.17

Commands with variables that you must de�ne: class-map [highest class name]

Commands at a CLI or script prompt: Router# enable

Long commands that line wrap are underlined. Enter them as one command:

police rate 10000 pps burst 10000 packets conform-action

Noteworthy parts of system output (or of device con�guration �les) are highlighted: interface Vlan64 ip address 10.5.204.5 255.255.255.0

How to Read Commands

version 15.2

no service pad

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

!

hostname WAN-D3750X

!

!

!

logging buffered 1000000

enable secret 5 $1$ssq/$J5zW2nln0tp6NsQDx48yK1

!

username admin password 7 121A540411045D5679

aaa new-model

!

!


aaa group server tacacs+ TACACS-SERVERS

server name TACACS-SERVER-1

!

aaa authentication login default group TACACS-SERVERS local

aaa authorization console

aaa authorization exec default group TACACS-SERVERS local

!

!

aaa session-id common

clock timezone PST -8 0

clock summer-time PDT recurring

switch 1 provision ws-c3750x-24

switch 2 provision ws-c3750x-24

stack-mac persistent timer 0

system mtu routing 1500

!

ip routing

!

ip domain-name cisco.local

ip name-server 10.4.48.10

ip multicast-routing distributed

vtp mode transparent

udld enable

!

mls qos map policed-dscp 0 10 18 24 46 to 8

mls qos map cos-dscp 0 8 16 24 32 46 48 56

mls qos srr-queue input bandwidth 70 30

mls qos srr-queue input threshold 1 80 90

mls qos srr-queue input priority-queue 2 bandwidth 30

mls qos srr-queue input cos-map queue 1 threshold 2 3

mls qos srr-queue input cos-map queue 1 threshold 3 6 7


mls qos srr-queue input dscp-map queue 1 threshold 2 24

mls qos srr-queue input dscp-map queue 1 threshold 3 48 49 50 51 52 53 54 55



mls qos srr-queue input dscp-map queue 2 threshold 3 46 47

mls qos srr-queue output cos-map queue 1 threshold 3 4 5

mls qos srr-queue output cos-map queue 2 threshold 1 2





mls qos srr-queue output dscp-map queue 1 threshold 3 32 33 40 41 42 43 44 45

mls qos srr-queue output dscp-map queue 1 threshold 3 46 47




mls qos srr-queue output dscp-map queue 2 threshold 1 36 37 38 39

mls qos srr-queue output dscp-map queue 2 threshold 2 24




mls qos srr-queue output dscp-map queue 4 threshold 1 8 9 11 13 15

mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14

mls qos queue-set output 1 threshold 1 100 100 50 200




mls qos queue-set output 1 buffers 15 25 40 20

mls qos

!

!

key chain LAN-KEY

key 1

key-string 7 08221D5D0A16544541

!

license boot level ipservices

license boot level ipservices switch 2

!

spanning-tree mode rapid-pvst

spanning-tree portfast bpduguard default

spanning-tree extend system-id

spanning-tree vlan 1-4094 priority 24576

!

!

port-channel load-balance src-dst-ip

!

vlan internal allocation policy ascending

!

ip ssh source-interface Loopback0

ip ssh version 2

ip scp server enable

!

!

macro name EgressQoS

mls qos trust dscp

queue-set 2

srr-queue bandwidth share 1 30 35 5

priority-queue out

@

!

!

interface Loopback0

ip address 10.4.32.240 255.255.255.255


ip pim sparse-mode

!

interface Port-channel1

description connection to CE-ASR1002-1

no switchport

ip address 10.4.32.1 255.255.255.252

ip pim sparse-mode

logging event link-status

carrier-delay msec 0

!


description connection to CE-ASR1001-2

no switchport

ip address 10.4.32.9 255.255.255.252

ip pim sparse-mode



!


description Link to C6500-VSS

no switchport

ip address 10.4.40.42 255.255.255.252

ip pim sparse-mode


!

interface FastEthernet0

no ip address

no ip route-cache

shutdown

!

interface GigabitEthernet1/0/1

description CE-ASR1002-1

no switchport

no ip address


logging event trunk-status

logging event bundle-status



queue-set 2

priority-queue out

mls qos trust dscp

macro description EgressQoS

channel-protocol lacp

channel-group 1 mode active

!




no switchport

no ip address






queue-set 2

priority-queue out

mls qos trust dscp




!

interface TenGigabitEthernet1/1/1

description Link to C6500-VSS port 1

no switchport

no ip address





priority-queue out

mls qos trust dscp




!



no switchport

no ip address






queue-set 2

priority-queue out

mls qos trust dscp




!




no switchport

no ip address






queue-set 2

priority-queue out

mls qos trust dscp




!


description Link to C6500-VSS port 2

no switchport

no ip address





priority-queue out

mls qos trust dscp




!

interface Vlan1

no ip address

shutdown

!

!

router eigrp LAN

!

address-family ipv4 unicast autonomous-system 100

!

af-interface default

passive-interface

exit-af-interface

!

af-interface Port-channel38

summary-address 10.4.32.0 255.255.248.0

summary-address 10.5.0.0 255.255.0.0

summary-address 10.255.240.0 255.255.240.0

summary-address 192.168.3.0 255.255.255.0

summary-address 192.168.4.0 255.255.255.0


authentication mode md5

authentication key-chain LAN-KEY

no passive-interface

exit-af-interface

!





exit-af-interface

!





exit-af-interface

!

topology base

exit-af-topology

network 10.4.0.0 0.1.255.255

eigrp router-id 10.4.32.240

exit-address-family

!

!

no ip http server

ip http authentication aaa

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip pim autorp listener

ip pim register-source Loopback0

ip tacacs source-interface Loopback0

!

logging esm config

logging trap errors

logging 10.4.48.35

logging 10.4.48.36

access-list 55 permit 10.4.48.0 0.0.0.255

!

snmp-server community cisco RO 55

snmp-server community cisco123 RW 55

snmp-server trap-source Loopback0

tacacs server TACACS-SERVER-1

address ipv4 10.4.48.15

key 7 03375E08140A35674B10

!

!


!

line con 0

line vty 0 4

exec-timeout 0 0

transport preferred none

transport input ssh

line vty 5 15

exec-timeout 0 0


transport input ssh

!

!

ntp source Loopback0

ntp server 10.4.48.17

end

CE-ASR1002X-1version 15.4




no platform punt-keepalive disable-kernel-core

!

hostname CE-ASR1002-1

!

boot-start-marker

boot system bootflash:asr1000rp1-adventerprisek9.03.12.00.S.154-2.S-std.bin

boot-end-marker

!

!

vrf definition Mgmt-intf

!

address-family ipv4

exit-address-family

!

address-family ipv6

exit-address-family

!

enable secret 5 /DtCCr53Q4B18jSIm1UEqu7cNVZTOhxTZyUnZdsSrsw

!

aaa new-model

!

!



!





!

!




!

ip domain name cisco.local


!

!

multilink bundle-name authenticated

!

key chain LAN-KEY

key 1

key-string 7 070C285F4D06

!

!

!

username admin password 7 0205554808095E731F

!

redundancy

mode none

!


ip ssh version 2


!

class-map match-any DATA

match dscp af21

class-map match-any BGP-ROUTING

match protocol bgp

class-map match-any INTERACTIVE-VIDEO

match dscp cs4 af41

class-map match-any CRITICAL-DATA

match dscp cs3 af31

class-map match-any VOICE

match dscp ef

class-map match-any SCAVENGER

match dscp cs1 af11

class-map match-any NETWORK-CRITICAL

match dscp cs2 cs6

!

policy-map MARK-BGP

class BGP-ROUTING


set dscp cs6

policy-map WAN

class VOICE

priority percent 10

class INTERACTIVE-VIDEO

priority percent 23

class CRITICAL-DATA

bandwidth percent 15

random-detect dscp-based

class DATA



class SCAVENGER

bandwidth percent 5

class NETWORK-CRITICAL

bandwidth percent 3

service-policy MARK-BGP

class class-default


random-detect

policy-map WAN-INTERFACE-G0/0/3

class class-default

shape average 300000000

service-policy WAN

!

interface Loopback0

ip address 10.4.32.241 255.255.255.255

ip pim sparse-mode

!


ip address 10.4.32.2 255.255.255.252

ip pim sparse-mode

no negotiation auto

!


description WAN-D3750X Gig1/0/1

no ip address

negotiation auto

cdp enable


!



no ip address

negotiation auto


!



no ip address

shutdown

negotiation auto

!


description MPLS PE router

bandwidth 300000

ip address 192.168.3.1 255.255.255.252

negotiation auto

service-policy output WAN-INTERFACE-G0/0/3

!

interface GigabitEthernet0

vrf forwarding Mgmt-intf

no ip address

shutdown

negotiation auto

!

!

!

router eigrp LAN

!


!


passive-interface

exit-af-interface

!





exit-af-interface

!

topology base

default-metric 300000 100 255 1 1500

distribute-list route-map BLOCK-TAGGED-ROUTES in

redistribute bgp 65511

exit-af-topology

network 10.4.0.0 0.1.255.255


nsf

exit-address-family

!

!

router bgp 65511

bgp router-id 10.4.32.241


bgp log-neighbor-changes

network 0.0.0.0

network 192.168.3.0 mask 255.255.255.252

redistribute eigrp 100

neighbor 10.4.32.242 remote-as 65511

neighbor 10.4.32.242 update-source Loopback0

neighbor 10.4.32.242 next-hop-self


!

ip forward-protocol nd

!

no ip http server







!

logging 10.4.48.35


!

route-map BLOCK-TAGGED-ROUTES deny 10

match tag 65401 65402 65512

!

route-map BLOCK-TAGGED-ROUTES permit 20

!




!



key 7 01200307490E12242455

!

!

control-plane

!

!

line con 0

logging synchronous


stopbits 1

line aux 0

stopbits 1

line vty 0 4



transport input ssh

line vty 5 15


transport input ssh

!



!

end

CE-ASR1001-2version 15.4





!

hostname CE-ASR1001-2

!

boot-start-marker

boot system bootflash:asr1001-universalk9.03.12.00.S.154-2.S-std.bin

boot-end-marker

!

aqm-register-fnf

!


!

address-family ipv4

exit-address-family

!

address-family ipv6

exit-address-family

!


!

aaa new-model

!

!



!




!

!


!




!

!



!


!

!

key chain LAN-KEY

key 1

key-string 7 0822455D0A16

!

username admin password 7 094F1F1A1A0A464058

!

redundancy

mode none

!

!


ip ssh version 2


!


match dscp af21


match protocol bgp


match dscp cs4 af41


match dscp cs3 af31


match dscp ef


match dscp cs1 af11


match dscp cs2 cs6

!

policy-map MARK-BGP

class BGP-ROUTING

set dscp cs6

policy-map WAN

class VOICE

priority percent 10



priority percent 23

class CRITICAL-DATA



class DATA



class SCAVENGER

bandwidth percent 5


bandwidth percent 3


class class-default


random-detect


class class-default


service-policy WAN

!

!

interface Loopback0

ip address 10.4.32.242 255.255.255.255

ip pim sparse-mode

!


ip address 10.4.32.6 255.255.255.252

ip pim sparse-mode

no negotiation auto

!



no ip address

negotiation auto


!



no ip address

negotiation auto


!


no ip address

shutdown

negotiation auto


!


description MPLS PE router

bandwidth 150000

ip address 192.168.4.1 255.255.255.252


!


no ip address

shutdown

negotiation auto

!


no ip address

shutdown

negotiation auto

!


no ip address

shutdown

negotiation auto

!


no ip address

shutdown

negotiation auto

!



no ip address

shutdown

negotiation auto

!

!

router eigrp LAN

!


!


passive-interface

exit-af-interface

!





exit-af-interface


!

topology base

default-metric 150000 100 255 1 1500

distribute-list route-map BLOCK-TAGGED-ROUTES in


exit-af-topology

network 10.4.0.0 0.1.255.255


nsf

exit-address-family

!

router bgp 65511

bgp router-id 10.4.32.242


network 0.0.0.0

network 192.168.3.0 mask 255.255.255.252

redistribute eigrp 100


neighbor 10.4.32.241 update-source Loopback0



!


!

no ip http server







!

!

logging 10.4.48.35


!

route-map BLOCK-TAGGED-ROUTES deny 10

match tag 65401 65402 65512

!

route-map BLOCK-TAGGED-ROUTES permit 20

!




!




key 7 0235015819031B0A4957

!

!

control-plane

!

!

!

line con 0

logging synchronous


stopbits 1

line aux 0

stopbits 1

line vty 0 4

access-class 55 in


transport input ssh

line vty 5 15

access-class 55 in


transport input ssh

!



!

end

WAN Remote-Site Devices – Dual MPLS and MPLS Dynamic Design Models August 2014 Series26

WAN Remote-Site Devices – Dual MPLS and MPLS Dynamic Design Models

This section includes configuration files corresponding to the Dual MPLS design model as referenced in Figure 3. Each remote-site type has its respective devices grouped together along with any other relevant configuration information. The Autonomous System Number (ASN) used in CVD configurations is 65511.

Figure 3 - WAN remote-site designs—Dual MPLS and MPLS Dynamic

22

55

Nonredundant Redundant Links Redundant Links & Routers

MPLS WAN

Remote Site 200(Distribution Layer)

Remote Site 201(Access Stack)

Remote Site 202(MPLS-B)


Remote Site 204

Remote Site 205(MPLS-B)


Remote Site 208(Distribution Layer)

Remote Site 207

MPLS MPLS A MPLS B MPLS BMPLS A


Table 3 - Remote-site MPLS WAN connection details

Location Net block MPLS CE MPLS PE Carrier AS LAN interfaces Loopbacks

Remote Site 200 (Single-router, single-link with distribution layer)

10.5.0.0/21 (gig0/0) 192.168.3.17 192.168.3.18 65401 (A) (gig0/1, gig0/2) 10.255.251.200 (router)

Remote Site 201 (Single-router, single-link with access-layer stack)


Remote Site 202 (Single-router, single-link)

10.5.64.0/21 (gig0/0) 192.168.4.5 192.168.4.6 65402 (B) (gig0/2) 10.255.252.202 (router)

Remote Site 203 (Single-router, single-link with access-layer stack)



10.5.56.0/21 (gig0/0) 192.168.3.29 192.168.3.30 65401 (A) (gig0/1) 10.255.251.204 (router)


10.5.32.0/21 (gig0/0/0) 192.168.4.37

192.168.4.38 65402 (B) (gig0/0/3) 10.255.252.205 (router)

Remote Site 206 (Dual-router, dual-link with access-layer stack)

10.5.8.0/21 (gig0/0) 192.168.3.9 (gig0/0) 192.168.4.9

192.168.3.10 192.168.4.10

65401 (A) 65402 (B)

(gig0/1, gig0/2) (gig0/1, gig0/2)

10.255.251.206 (router 1) 10.255.252.206 (router 2)

Remote Site 207 (Single-router, dual-link)

10.5.16.0/21 (gig0/0) 192.168.3.13 (gig0/1) 192.168.4.13

192.168.3.14 192.168.4.14

65401 (A) 65402 (B)

(gig0/2) 10.255.251.207 (router)

Remote Site 208 (Dual-router, dual-link with distribution layer)

10.5.80.0/21 (gig0/0) 192.168.3.45 (gig0/0) 192.168.4.45

192.168.3.46 192.168.4.45

65401 (A) 65402 (B)

(gig0/1, gig0/2) (gig0/1, gig0/2)

10.255.251.208 (router 1) 10.255.252.208 (router 2)

The following table lists the policed-rate link speeds for the remote-site quality-of-service (QoS) traffic shaping policies.

Table 4 - Remote-site policed-rate link speeds

Location Net block MPLS link speed

Remote Site 200 10.5.0.0/21 50 Mbps

Remote Site 201 10.5.40.0/21 10 Mbps

Remote Site 202 10.5.64.0/21 10 Mbps

Remote Site 203 10.5.48.0/21 20 Mbps

Remote Site 204 10.5.56.0/21 2 Mbps

Remote Site 205 10.5.32.0/21 10 Mbps

Remote Site 206 (dual-link) 10.5.8.0/21 50/25 Mbps




Remote Site 200: Single-Router, Single-Link with Distribution Layer (MPLS-A)

Table 5 - Remote Site 200—IP address information

Location Net block Data wired subnet Voice wired subnet Loopbacks and switches

Remote Site 200 10.5.0.0/21 10.5.1.0/24 (VLAN 100) 10.5.3.0/24 (VLAN 102)

10.5.2.0/24 (VLAN 101) 10.5.4.0/24 (VLAN 103)

10.255.251.200 (router) 10.5.7.254 (distribution switch) 10.5.7.2 (access switch 1) 10.5.7.3 (access switch 2)

The following two tables provide additional information to connect to the distribution layer.

Table 6 - Remote Site 200—router connection to distribution layer

Remote-site information Connection to distribution layer switchPort-Channel subinterface and IP assignments

Location Net block Router Port channel

Member interfaces

Subinterface VLAN Network

Remote Site 200 10.5.0.0/21 RS200-3925-1 1 gig0/1 gig0/2

Port-channel1.50 50 10.5.0.0/30

Table 7 - Remote Site 200—distribution layer switch connections


1 Ten1/1/1 Ten2/1/1

Layer 2 (VLAN 50) RS200-3925-1

10 Ten1/1/3 Ten1/1/4

Ten2/1/3

Ten2/1/4

Layer 2 (VLAN 100,101,106) RS200-A3850

11 Ten1/1/15 Ten2/1/15

Layer 2 (VLAN 102,103,106) RS200-A3750X-PR1

RS200-3925-1version 15.3




!

hostname RS200-3925-1

!

!

!


!

aaa new-model


!

!



!




!

!


!



!

no ipv6 cef

ipv6 spd queue min-threshold 62

ipv6 spd queue max-threshold 63

!

!

ip source-route

ip cef

!

!

!

ip multicast-routing

!

!


!


!

!

!

key chain LAN-KEY

key 1


!

voice-card 0

!

!

hw-module sm 2

!

!

username admin password 7 070C705F4D06485744

!

redundancy


!

!


ip ssh version 2


!


match dscp af21


match protocol bgp


match dscp cs4 af41


match dscp cs3 af31


match dscp ef


match dscp cs1 af11


match dscp cs2 cs6

!

!

policy-map MARK-BGP

class BGP-ROUTING

set dscp cs6

policy-map WAN

class VOICE

priority percent 10


priority percent 23

class CRITICAL-DATA



class DATA



class SCAVENGER

bandwidth percent 5


bandwidth percent 3


class class-default


random-detect

policy-map WAN-INTERFACE-G0/0

class class-default



service-policy WAN

!

!

interface Loopback0

ip address 10.255.251.200 255.255.255.255

ip pim sparse-mode

!


description EtherChannel link to RS200-D4500X-VSS

no ip address

hold-queue 150 in

!

interface Port-channel1.50

description R1 routed link to distribution layer

encapsulation dot1Q 50

ip address 10.5.0.1 255.255.255.252

ip pim sparse-mode

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

bandwidth 50000

ip address 192.168.3.17 255.255.255.252

duplex auto

speed auto

no cdp enable

service-policy output WAN-INTERFACE-G0/0

!


description RS200-D4500X-VSS Ten1/1/1

no ip address

duplex auto

speed auto

channel-group 1

!


description RS200-D4500X-VSS Ten2/1/1

no ip address

duplex auto

speed auto

channel-group 1

!

interface Vlan1

no ip address

!


!

router eigrp LAN

!


!


passive-interface

exit-af-interface

!

af-interface Port-channel1.50




exit-af-interface

!





exit-af-interface

!

topology base

default-metric 50000 100 255 1 1500


exit-af-topology

network 10.4.0.0 0.1.255.255

network 10.255.0.0 0.0.255.255


exit-address-family

!

router bgp 65511

bgp router-id 10.255.251.200


network 10.5.1.0 mask 255.255.255.0

network 10.5.2.0 mask 255.255.255.0

network 10.5.3.0 mask 255.255.255.0

network 10.5.4.0 mask 255.255.255.0

network 10.5.24.0 mask 255.255.248.0

network 10.255.251.200 mask 255.255.255.255

network 10.255.253.200 mask 255.255.255.255

network 192.168.3.16 mask 255.255.255.252

aggregate-address 10.5.0.0 255.255.248.0 summary-only


!


!




no ip http server




!


!

logging 10.4.48.35

!

!

nls resp-timeout 1

cpd cr-id 1

!

snmp-server community cisco RO

snmp-server community cisco123 RW




key 7 04680E051D2458650C00

!

control-plane

!

!

mgcp profile default

!

!

gatekeeper

shutdown

!

!

line con 0

logging synchronous


line aux 0

line vty 0 4


transport input ssh

line vty 5 15


transport input ssh

!

scheduler allocate 20000 1000



!

end


RS200-D4500X-VSSversion 15.2

no service pad




service compress-config

!

hostname RS200-D4500X-VSS

!

!

!

vrf definition mgmtVrf

!

address-family ipv4

exit-address-family

!

address-family ipv6

exit-address-family

!


!

username admin password 7 0508571C22431F5B4A

aaa new-model

!

!



!




!

!




!

switch virtual domain 98

switch mode virtual

mac-address use-virtual

!

udld enable

!

ip vrf Liin-vrf

!





ip device tracking

!

!


!

!

key chain LAN-KEY

key 1


!

power redundancy-mode combined

!

mac access-list extended VSL-BPDU

permit any 0180.c200.0000 0000.0000.0003

mac access-list extended VSL-CDP

permit any host 0100.0ccc.cccc

mac access-list extended VSL-DOT1x

permit any any 0x888E

mac access-list extended VSL-GARP

permit any host 0180.c200.0020

mac access-list extended VSL-LLDP

permit any host 0180.c200.000e

mac access-list extended VSL-MGMT

permit host 36b7.bad6.1dbc any

permit any host 36b7.bad6.1dbc

permit host 6ae7.16d3.2f74 any

permit any host 6ae7.16d3.2f74

permit host 6e27.541b.765a any

permit any host 6e27.541b.765a

permit host 92d5.2d45.e893 any

permit any host 92d5.2d45.e893

mac access-list extended VSL-SSTP

permit any host 0100.0ccc.cccd

!

!





!

redundancy

mode sso

!



!

vlan 50

name R1

!

vlan 54

name R2

!

vlan 99

!

vlan 100

name Data

!

vlan 101

name Voice

!

vlan 102

name Data2

!

vlan 103

name Voice2

!

vlan 106

name Management

!

vlan 148

name Server_VLAN_1

!

vlan 149

name Server_VLAN_2

!

vlan 153

name FirewallOutsideVLAN

!

vlan 999

name AntiVLANhopping

!


ip ssh version 2


!

class-map match-any MULTIMEDIA-STREAMING-QUEUE

match dscp af31 af32 af33

class-map match-any VSL-MGMT-PACKETS

match access-group name VSL-MGMT

class-map match-any VSL-DATA-PACKETS

match any

class-map match-any CONTROL-MGMT-QUEUE


match dscp cs2 cs3 cs6 cs7

class-map match-any VSL-L2-CONTROL-PACKETS

match access-group name VSL-DOT1x

match access-group name VSL-BPDU

match access-group name VSL-CDP

match access-group name VSL-LLDP

match access-group name VSL-SSTP

match access-group name VSL-GARP

class-map match-any VSL-L3-CONTROL-PACKETS

match access-group name VSL-IPV4-ROUTING

match access-group name VSL-BFD

match access-group name VSL-DHCP-CLIENT-TO-SERVER

match access-group name VSL-DHCP-SERVER-TO-CLIENT

match access-group name VSL-DHCP-SERVER-TO-SERVER

match access-group name VSL-IPV6-ROUTING

class-map match-any TRANSACTIONAL-DATA-QUEUE


class-map match-any VSL-MULTIMEDIA-TRAFFIC

match dscp af41

match dscp af42

match dscp af43

match dscp af31

match dscp af32

match dscp af33

match dscp af21

match dscp af22

match dscp af23

class-map match-any SCAVENGER-QUEUE

match dscp cs1

class-map match-any VSL-VOICE-VIDEO-TRAFFIC

match dscp ef

match dscp cs4

match dscp cs5

class-map match-any MULTIMEDIA-CONFERENCING-QUEUE


class-map match-any BULK-DATA-QUEUE


class-map match-any PRIORITY-QUEUE

match dscp cs4 cs5 ef

class-map match-any VSL-SIGNALING-NETWORK-MGMT

match dscp cs2

match dscp cs3

match dscp cs6

match dscp cs7

!

policy-map 1P7Q1T

class PRIORITY-QUEUE


priority

class CONTROL-MGMT-QUEUE

bandwidth remaining percent 10

class MULTIMEDIA-CONFERENCING-QUEUE


class MULTIMEDIA-STREAMING-QUEUE


class TRANSACTIONAL-DATA-QUEUE


dbl

class BULK-DATA-QUEUE


dbl

class SCAVENGER-QUEUE


class class-default


dbl

policy-map VSL-Queuing-Policy

class VSL-MGMT-PACKETS

bandwidth percent 5

class VSL-L2-CONTROL-PACKETS

bandwidth percent 5

class VSL-L3-CONTROL-PACKETS

bandwidth percent 5

class VSL-VOICE-VIDEO-TRAFFIC


class VSL-SIGNALING-NETWORK-MGMT


class VSL-MULTIMEDIA-TRAFFIC


class VSL-DATA-PACKETS


class class-default

bandwidth percent 5

!

!


service-policy output 1P7Q1T

@

!

!

interface Loopback0

ip address 10.5.7.254 255.255.255.255

ip pim sparse-mode

!



description EtherChannel Link to RS200-3925-1

switchport

switchport trunk allowed vlan 50,99

switchport mode trunk

!


description EtherChannel Link to RS200-A3750X-PR1

switchport

switchport trunk native vlan 999

switchport trunk allowed vlan 102,103,106




!


description EtherChannel Link to RS200-A3850

switchport





!


switchport


switchport nonegotiate

switch virtual link 1

!


switchport



switch virtual link 2

!


vrf forwarding mgmtVrf

no ip address

speed auto

duplex auto

!


description Link to RS200-3925-1 Gig0/1







channel-group 1 mode on

!


description Link to RS200-A3850 Port Ten3/1/1










!












!










!




no lldp transmit

no lldp receive

no cdp enable


service-policy output VSL-Queuing-Policy

!





no lldp transmit

no lldp receive

no cdp enable



!


switchport mode access


dual-active fast-hello

!









!









!












!













!










!




no lldp transmit

no lldp receive

no cdp enable



!




no lldp transmit

no lldp receive

no cdp enable



!


switchport mode access


dual-active fast-hello

!

interface Vlan1

no ip address

!

interface Vlan50

ip address 10.5.0.2 255.255.255.252

ip pim sparse-mode

!


interface Vlan54

ip address 10.5.0.6 255.255.255.252

ip pim sparse-mode

!

interface Vlan100

ip address 10.5.1.1 255.255.255.0

ip helper-address 10.4.48.10

ip pim sparse-mode

!

interface Vlan101

ip address 10.5.2.1 255.255.255.0


ip pim sparse-mode

!

interface Vlan102

ip address 10.5.3.1 255.255.255.0


ip pim sparse-mode

!

interface Vlan103

ip address 10.5.4.1 255.255.255.0


ip pim sparse-mode

!

interface Vlan106

ip address 10.5.7.1 255.255.255.128


ip pim sparse-mode

!

interface Vlan148

ip address 10.5.24.1 255.255.255.0

ip pim sparse-mode

!

interface Vlan149

ip address 10.5.25.1 255.255.255.0

ip pim sparse-mode

!

interface Vlan153

description SR Firewall Outside SVI

ip address 10.5.26.1 255.255.255.128

!

!

router eigrp LAN

!


!



passive-interface

exit-af-interface

!

af-interface Vlan50

summary-address 10.5.24.0 255.255.248.0




exit-af-interface

!

af-interface Vlan54

summary-address 10.5.24.0 255.255.248.0




exit-af-interface

!

topology base

redistribute static route-map static-to-eigrp

exit-af-topology

network 10.4.0.0 0.1.255.255


eigrp stub connected summary redistributed

nsf

exit-address-family

!


no ip http server





!

ip route 10.5.27.0 255.255.255.0 Vlan153 10.5.26.126

ip route 10.5.28.0 255.255.255.0 Vlan153 10.5.26.126


!

!

ip access-list extended STATIC-ROUTES

permit ip host 10.5.27.0 host 255.255.255.0

permit ip host 10.5.28.0 host 255.255.255.0

ip access-list extended VSL-BFD

permit udp any any eq 3784

ip access-list extended VSL-DHCP-CLIENT-TO-SERVER

permit udp any eq bootpc any eq bootps

ip access-list extended VSL-DHCP-SERVER-TO-CLIENT

permit udp any eq bootps any eq bootpc


ip access-list extended VSL-DHCP-SERVER-TO-SERVER

permit udp any eq bootps any eq bootps

ip access-list extended VSL-IPV4-ROUTING

permit ip any 224.0.0.0 0.0.0.255

!


!

route-map REDISTRIBUTE-LIST permit 10

match ip address STATIC-ROUTES

set metric 1000000 10 255 1 1500

!

!




snmp-server host 10.4.48.35 cisco123

!



key 7 113A1C0605171F270133

!

!

ipv6 access-list VSL-IPV6-ROUTING

permit ipv6 any FF02::/124

!

!

line con 0


stopbits 1

line vty 0 4

access-class 55 in


transport input ssh

line vty 5 15

access-class 55 in


transport input ssh

!

!

module provision switch 1

chassis-type 72 base-mac 30E4.DBF8.E450

slot 1 slot-type 402 base-mac 30E4.DBF8.E450

slot 2 slot-type 400 base-mac 0022.BDF3.9428

!

module provision switch 2

chassis-type 72 base-mac 30E4.DBF9.25B8

slot 1 slot-type 402 base-mac 30E4.DBF9.25B8


!


ntp update-calendar


end

Remote Site 201: Single-Router, Single-Link with Access-Layer Stack (MPLS-A)



Remote Site 201 10.5.40.0/21 10.5.44.0/24 (VLAN 64) 10.5.45.0/24 (VLAN 69) 10.255.251.201 (router) 10.5.44.5 (access switch)

RS201-2911version 15.3




!

hostname RS201-2911

!

!

!

enable secret 5 $1$Rmfp$Btut/0xCUYDOmlruhEsPt1

!

aaa new-model

!

!



!


aaa authentication login MODULE none



!

!

!

!

!


!




!

no ipv6 cef



!

!

ip source-route

ip auth-proxy max-login-attempts 5

ip admission max-login-attempts 5

ip cef

!

!

!


!

!



!


!

!

!

!

voice-card 0

!

!

!

!

!

!

!

license udi pid CISCO2911/K9 sn FTX1347A1TN

license boot module c2900 technology-package datak9

hw-module sm 1

!

!

!

username admin password 7 04585A150C2E1D1C5A

!

redundancy

!

!

!



ip ssh version 2


!


match dscp af21


match protocol bgp


match dscp cs4 af41


match dscp cs3 af31


match dscp ef


match dscp cs1 af11


match dscp cs2 cs6

!

!

policy-map MARK-BGP

class BGP-ROUTING

set dscp cs6

policy-map WAN

class VOICE

priority percent 10


priority percent 23

class CRITICAL-DATA



class DATA



class SCAVENGER

bandwidth percent 5


bandwidth percent 3


class class-default


random-detect


class class-default


service-policy WAN

!

!


!

!

interface Loopback0

ip address 10.255.251.201 255.255.255.255

ip pim sparse-mode

!


description EtherChannel link to RS201-A2960X

no ip address

hold-queue 150 in

!


description Wired Data


ip address 10.5.44.1 255.255.255.0


ip pim sparse-mode

!


description Wired Voice


ip address 10.5.45.1 255.255.255.0


ip pim sparse-mode

!


bandwidth 10000

ip address 192.168.3.21 255.255.255.252

duplex auto

speed auto

no cdp enable


!


description RS201-A2960X Gig2/0/24

no ip address

duplex auto

speed auto

channel-group 1

!



no ip address

duplex auto

speed auto

channel-group 1

!


interface Vlan1

no ip address

!

!

!

!

router bgp 65511

bgp router-id 10.255.251.201


network 10.5.44.0 mask 255.255.255.0

network 10.5.45.0 mask 255.255.255.0

network 10.255.251.201 mask 255.255.255.255

network 192.168.3.20 mask 255.255.255.252



!


!



no ip http server




!


!

!

logging 10.4.48.35


!

!

!

!

!






key 7 0538030C33495A221C1C

!

!

!

control-plane

!

!


!


!

!

!

!

!

gatekeeper

shutdown

!

!

!

line con 0

logging synchronous


line aux 0

line vty 0 4

access-class 55 in


transport input ssh

line vty 5 15

access-class 55 in


transport input ssh

!




!

end


Remote Site 202: Single-Router, Single-Link (MPLS-B)Table 9 - Remote Site 202—IP address information




service config




!

hostname RS202-2911

!

!

!


!

aaa new-model

!

!



!




!

!

!

!

!


!



!

no ipv6 cef

ip source-route

ip cef

!

!



!

!



!

!

!

!

!

voice-card 0

!

!

!

!

!

!

!

license udi pid CISCO2911/K9 sn FTX1347A1TC

!

!

username admin password 7 0205554808095E731F

!

redundancy

!

!

!

!


ip ssh version 2


!


match dscp af21


match protocol bgp


match dscp cs4 af41


match dscp cs3 af31


match dscp ef


match dscp cs1 af11


match dscp cs2 cs6

!

!


policy-map MARK-BGP

class BGP-ROUTING

set dscp cs6

policy-map WAN

class VOICE

priority percent 10


priority percent 23

class CRITICAL-DATA



class DATA



class SCAVENGER

bandwidth percent 5


bandwidth percent 3


class class-default


random-detect


class class-default


service-policy WAN

!

!

!

interface Loopback0

ip address 10.255.252.202 255.255.255.255

ip pim sparse-mode

!


bandwidth 10000

ip address 192.168.4.5 255.255.255.252

duplex auto

speed auto

no cdp enable


!


no ip address

duplex auto

speed auto

!

interface GigabitEthernet0/2.64




ip address 10.5.68.1 255.255.255.0


ip pim sparse-mode

!




ip address 10.5.69.1 255.255.255.0


ip pim sparse-mode

!

!

router bgp 65511

bgp router-id 10.255.252.202


network 10.5.68.0 mask 255.255.255.0

network 10.5.69.0 mask 255.255.255.0

network 10.255.252.202 mask 255.255.255.255

network 192.168.4.4 mask 255.255.255.252



!


!



no ip http server




!


!

!

logging 10.4.48.35

!

!

!

!

!







key 7 122A0014000E182F2F32

!

!

!

control-plane

!

!

!


!

!

!

!

!

gatekeeper

shutdown

!

!

!

line con 0

logging synchronous


line aux 0

line vty 0 4


transport input ssh

line vty 5 15


transport input ssh

!




!

end


Remote Site 203: Single-Router, Single-Link with Access Layer Stack (MPLS-A)




RS203-2921-1version 15.3




no service password-recovery

!


!

!

!


!

aaa new-model

!

!



!





!

!

!

!

!




!

ip cef

!

!

!




!


!

!

voice-card 0

!

hw-module pvdm 0/0

!

hw-module sm 1

!

!

username admin password 7 06055E324F41584B56

!

redundancy

!

!

!


ip ssh version 2


!

track 50 ip sla 100 reachability

!


match dscp af21


match protocol bgp


match dscp cs4 af41


match dscp cs3 af31


match dscp ef


match dscp cs1 af11


match dscp cs2 cs6

!

policy-map MARK-BGP

class BGP-ROUTING

set dscp cs6

policy-map WAN

class VOICE

priority percent 10



priority percent 23

class CRITICAL-DATA



class DATA



class SCAVENGER

bandwidth percent 5


bandwidth percent 3


class class-default


random-detect


class class-default


service-policy WAN

!

!

!

!

interface Loopback0

ip address 10.255.251.203 255.255.255.255

ip pim sparse-mode

!



no ip address

hold-queue 150 in

!


description Data


ip address 10.5.52.2 255.255.255.0


ip pim sparse-mode

!


description Voice


ip address 10.5.53.2 255.255.255.0


ip pim sparse-mode

!



bandwidth 20000

ip address 192.168.3.25 255.255.255.252

ip tcp adjust-mss 1360

duplex auto

speed auto

no cdp enable


!



no ip address

duplex auto

speed auto

channel-group 1

!



no ip address

duplex auto

speed auto

channel-group 1

!

!!

router bgp 65511

bgp router-id 10.255.251.203


network 10.5.52.0 mask 255.255.255.0

network 10.5.53.0 mask 255.255.255.0

network 10.255.251.203 mask 255.255.255.255

network 192.168.3.24 mask 255.255.255.252



!


!

no ip http server



!




!

!

logging host 10.4.48.38




access-list 67 permit 192.0.2.2

!

!




snmp-server enable traps entity-sensor threshold

snmp-server host 10.4.48.38 cisco





key 7 03375E08140A35674B10

!

control-plane

!

!


!

gatekeeper

shutdown

!

line con 0

logging synchronous


line aux 0

line 2

no activation-character

no exec


transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line 67

access-class 67 in

login authentication MODULE


no exec


transport input all

transport output none

stopbits 1

line vty 0 4


transport input ssh

line vty 5 15


transport input ssh


!



ntp update-calendar


!

end

Remote Site 204: Single-Router, Single-Link (MPLS-A)Table 11 - Remote Site 204—IP address information







!

hostname RS204-1941

!

!

!

no logging console

enable secret 5 $1$RrQw$FEwDKjP09Uafh7ycdtSkE0

!

aaa new-model

!

!



!




!

!

!

!

!


!




!

no ipv6 cef

ip source-route



ip cef

!

!

!


!

!



!


!

license udi pid CISCO1941/K9 sn FTX140980GQ

license boot module c1900 technology-package datak9

!

!

username admin password 7 011057175804575D72

!

redundancy

!

!

!

!


ip ssh version 2


!


match dscp af21


match protocol bgp


match dscp cs4 af41


match dscp cs3 af31


match dscp ef


match dscp cs1 af11


match dscp cs2 cs6


!

!

policy-map MARK-BGP

class BGP-ROUTING

set dscp cs6

policy-map WAN

class VOICE

priority percent 10


priority percent 23

class CRITICAL-DATA



class DATA



class SCAVENGER

bandwidth percent 5


bandwidth percent 3


class class-default


random-detect


class class-default


service-policy WAN

!

!

!

!

!

interface Loopback0

ip address 10.255.251.204 255.255.255.255

ip pim sparse-mode

!


description Link to MPLS-A

bandwidth 2000

ip address 192.168.3.29 255.255.255.252

duplex auto

speed auto

no cdp enable


!




no ip address

duplex auto

speed auto

!




ip address 10.5.60.1 255.255.255.0


ip pim sparse-mode

!




ip address 10.5.61.1 255.255.255.0


ip pim sparse-mode

!

router bgp 65511

bgp router-id 10.255.251.204


network 10.5.60.0 mask 255.255.255.0

network 10.5.61.0 mask 255.255.255.0

network 10.255.251.204 mask 255.255.255.255

network 192.168.3.28 mask 255.255.255.252



!


!



no ip http server




!


!

ip sla responder

logging 10.4.48.35

!

!

!

!

!







key 7 0812494D1B1C113C1712

!

!

!

control-plane

!

!

line con 0


line aux 0

line 2


no exec


transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4


transport input ssh

line vty 5 15


transport input ssh

!




!

end


Remote Site 205: Single-Router, Single-Link (MPLS-B)Table 12 - Remote Site 205—IP address information



RS205-4451Xversion 15.4





!

hostname RS205-4451X

!

!

!

logging buffered 1000000


!

aaa new-model

!

!



!




!

!




!



!


!

!

license boot level appxk9

license boot level securityk9



!

username admin password 7 0007421507545A545C

!

redundancy

mode none

!

!


ip ssh version 2


!


match dscp af21


match protocol bgp


match dscp cs4 af41


match dscp cs3 af31


match dscp ef


match dscp cs1 af11


match dscp cs2 cs6

match access-group name ISAKMP

!

policy-map MARK-BGP

class BGP-ROUTING

set dscp cs6

policy-map WAN

class VOICE

priority percent 10


priority percent 23

class CRITICAL-DATA



class DATA



class SCAVENGER

bandwidth percent 5


bandwidth percent 3


class class-default



random-detect


class class-default


service-policy WAN

!

!

interface Loopback0

ip address 10.255.252.205 255.255.255.255

ip pim sparse-mode

!

!

!


bandwidth 10000

ip address 192.168.4.37 255.255.255.252

ip tcp adjust-mss 1360

negotiation auto

no cdp enable


!

!

!


no ip address

negotiation auto

!

interface GigabitEthernet0/0/3.64


ip address 10.5.36.1 255.255.255.0


ip pim sparse-mode

!

interface GigabitEthernet0/0/3.69


ip address 10.5.37.1 255.255.255.0


ip pim sparse-mode

!

router bgp 65511

bgp router-id 10.255.252.205


network 10.5.36.0 mask 255.255.255.0

network 10.5.37.0 mask 255.255.255.0

network 10.255.252.205 mask 255.255.255.255

network 192.168.4.36 mask 255.255.255.252




!

!


no ip http server




ip route 10.5.36.8 255.255.255.255 VirtualPortGroup31


!

!




!



key 7 00371605165E1F2D0A38

!

!

!

control-plane

!

!

line con 0

logging synchronous


stopbits 1

line aux 0

stopbits 1

line vty 0 4

exec-timeout 0 0


transport input ssh

line vty 5 15


transport input ssh

!



!

end


Remote Site 206: Dual-Router, Dual-Link with Access-Layer Stack (MPLS-A/MPLS-B)



Remote Site 206 10.5.8.0/21 10.5.12.0/24 (VLAN 64) 10.5.13.0/24 (VLAN 69) 10.255.251.206 (router 1) 10.255.252.206 (router 2) 10.5.12.5 (access switch)

RS206-3925-1version 15.3




!


!

!

!

enable secret 5 $1$E6Pr$6ve4899UvKc3Ep931aMCV/

!

aaa new-model

!

!



!




!

!


!



!

no ipv6 cef



ip source-route



ip cef

!



!

!


!


!

!

key chain LAN-KEY

key 1


!

voice-card 0

!

license boot module c3900 technology-package securityk9

hw-module sm 1

!

username admin password 7 0508571C22431F5B4A

!

redundancy

!


ip ssh version 2


!

track 50 ip sla 100 reachability

!


match dscp af21


match protocol bgp


match dscp cs4 af41


match dscp cs3 af31


match dscp ef


match dscp cs1 af11


match dscp cs2 cs6

!

!

policy-map MARK-BGP

class BGP-ROUTING

set dscp cs6

policy-map WAN


class VOICE

priority percent 10


priority percent 23

class CRITICAL-DATA



class DATA



class SCAVENGER

bandwidth percent 5


bandwidth percent 3


class class-default


random-detect


class class-default


service-policy WAN

!

!

interface Loopback0

ip address 10.255.251.206 255.255.255.255

ip pim sparse-mode

!



no ip address

hold-queue 150 in

!




ip address 10.5.12.2 255.255.255.0


ip pim dr-priority 110

ip pim sparse-mode

standby version 2

standby 1 ip 10.5.12.1

standby 1 priority 110

standby 1 preempt

standby 1 authentication md5 key-string 7 110A4816141D5A5E57

standby 1 track 50 decrement 10

!





ip address 10.5.13.2 255.255.255.0



ip pim sparse-mode

standby version 2



standby 1 preempt

standby 1 authentication md5 key-string 7 130646010803557878

standby 1 track 50 decrement 10

!


description Transit Network


ip address 10.5.8.1 255.255.255.252

ip pim sparse-mode

!


bandwidth 50000

ip address 192.168.3.9 255.255.255.252

duplex auto

speed auto

no cdp enable


!


no ip address

duplex auto

speed auto

channel-group 1

!


no ip address

duplex auto

speed auto

channel-group 1

!

!

router eigrp LAN

!


!


passive-interface


exit-af-interface

!





exit-af-interface

!

topology base

default-metric 50000 100 255 1 1500


exit-af-topology

network 10.4.0.0 0.1.255.255

network 10.255.0.0 0.0.255.255


exit-address-family

!

!

router bgp 65511

bgp router-id 10.255.251.206


network 10.5.12.0 mask 255.255.255.0

network 10.5.13.0 mask 255.255.255.0

network 10.255.251.206 mask 255.255.255.255

network 10.255.252.206 mask 255.255.255.255

network 192.168.3.8 mask 255.255.255.252





neighbor 192.168.3.10 route-map PREFER-MPLS-A in

neighbor 192.168.3.10 route-map NO-TRANSIT-AS out

!


!

ip as-path access-list 1 permit _65401$

ip as-path access-list 10 permit ^$



no ip http server




!


!

!


ip sla 100

icmp-echo 192.168.3.10 source-interface GigabitEthernet0/0

threshold 1000

timeout 1000

frequency 15

ip sla schedule 100 life forever start-time now

logging 10.4.48.35


!

!

!

!

nls resp-timeout 1

cpd cr-id 1

route-map NO-TRANSIT-AS permit 10

match as-path 10

!

route-map PREFER-MPLS-A permit 10

match as-path 1

set local-preference 200

!


!

!






key 7 0538030C33495A221C1C

!

!

!

control-plane

!

!


!

!

gatekeeper

shutdown

!

line con 0

logging synchronous


line aux 0

line vty 0 4


access-class 55 in


transport input ssh

line vty 5 15

access-class 55 in


transport input ssh

!




!

end

RS206-3925-2version 15.3




!


!

!

!

!

!

enable secret 5 $1$fWE4$yQItBXlCdkEFFiUhHQXTe0

!

aaa new-model

!

!



!




!

!


!



!

no ipv6 cef




ip source-route



ip cef

!

!

!


!

!


!


!

!

key chain LAN-KEY

key 1


!

voice-card 0

!

!

license udi pid C3900-SPE100/K9 sn FOC134601WE

hw-module sm 1

!

!

!


!

redundancy

!

!


ip ssh version 2


!


match dscp af21


match protocol bgp


match dscp cs4 af41


match dscp cs3 af31


match dscp ef



match dscp cs1 af11


match dscp cs2 cs6

!

!

policy-map MARK-BGP

class BGP-ROUTING

set dscp cs6

policy-map WAN

class VOICE

priority percent 10


priority percent 23

class CRITICAL-DATA



class DATA



class SCAVENGER

bandwidth percent 5


bandwidth percent 3


class class-default


random-detect


class class-default


service-policy WAN

!

!

interface Loopback0

ip address 10.255.252.206 255.255.255.255

ip pim sparse-mode

!



no ip address

hold-queue 150 in

!




ip address 10.5.12.3 255.255.255.0




ip pim sparse-mode

standby version 2



standby 1 preempt

standby 1 authentication md5 key-string 7 104D580A061843595F

!




ip address 10.5.13.3 255.255.255.0



ip pim sparse-mode

standby version 2



standby 1 preempt

standby 1 authentication md5 key-string 7 110A4816141D5A5E57

!


description Transit Network


ip address 10.5.8.2 255.255.255.252

!


bandwidth 25000

ip address 192.168.4.9 255.255.255.252

ip pim sparse-mode

duplex auto

speed auto

!


no ip address

duplex auto

speed auto

channel-group 2

!


no ip address

duplex auto

speed auto

channel-group 2

!

interface Vlan1

no ip address


!

!

router eigrp LAN

!


!


passive-interface

exit-af-interface

!





exit-af-interface

!

topology base

default-metric 25000 100 255 1 1500


exit-af-topology

network 10.4.0.0 0.1.255.255

network 10.255.0.0 0.0.255.255


exit-address-family

!

!

router bgp 65511

bgp router-id 10.255.252.206


network 10.5.12.0 mask 255.255.255.0

network 10.5.13.0 mask 255.255.255.0

network 10.255.251.206 mask 255.255.255.255

network 10.255.252.206 mask 255.255.255.255

network 192.168.4.8 mask 255.255.255.252






!


!




no ip http server





!


!

!

logging 10.4.48.35


!

!

nls resp-timeout 1

cpd cr-id 1


match as-path 10

!

!






key 7 0538030C33495A221C1C

!

control-plane

!

!


!

!

gatekeeper

shutdown

!

!

line con 0

logging synchronous


line aux 0

line vty 0 4

access-class 55 in


transport input ssh

line vty 5 15

access-class 55 in


transport input ssh

!





!

end

Remote Site 207: Single-Router, Dual-Link (MPLS-A/MPLS-B)








!

hostname RS207-2921

!

!

!

enable secret 5 $1$QTJi$3MjRbu2d.MfadRwjWExUr.

!

aaa new-model

!

!



!




!

!


!



!

no ipv6 cef

!

ip source-route

ip cef


!

!

!


!

!



!


!

!

!

!

!

voice-card 0

!

!

!

!

hw-module pvdm 0/0

!

!

!

username admin password 7 104D580A061843595F

!

redundancy

!

!

!

!


ip ssh version 2


!


match dscp af21


match protocol bgp


match dscp cs4 af41


match dscp cs3 af31


match dscp ef


match dscp cs1 af11



match dscp cs2 cs6

!

!

policy-map MARK-BGP

class BGP-ROUTING

set dscp cs6

policy-map WAN

class VOICE

priority percent 10


priority percent 23

class CRITICAL-DATA



class DATA



class SCAVENGER

bandwidth percent 5


bandwidth percent 3


class class-default


random-detect


class class-default


service-policy WAN


class class-default


service-policy WAN

!

!

!

!

!

!

interface Loopback0

ip address 10.255.251.207 255.255.255.255

ip pim sparse-mode

!


description MPLS A WAN Uplink

bandwidth 20000


ip address 192.168.3.13 255.255.255.252

ip pim sparse-mode

duplex auto

speed auto

no cdp enable


!


description MPLS B WAN Uplink

bandwidth 10000

ip address 192.168.4.13 255.255.255.252

ip pim sparse-mode

duplex auto

speed auto

no cdp enable


!


no ip address

duplex auto

speed auto

!




ip address 10.5.20.1 255.255.255.0


ip pim sparse-mode

!




ip address 10.5.21.1 255.255.255.0


ip pim sparse-mode

!

!

router bgp 65511

bgp router-id 10.255.251.207


network 10.5.20.0 mask 255.255.255.0

network 10.5.21.0 mask 255.255.255.0

network 10.255.251.207 mask 255.255.255.255

network 192.168.3.12 mask 255.255.255.252

network 192.168.4.12 mask 255.255.255.252








!


!





no ip http server




!


!

logging 10.4.48.35

!

!

!

!


match as-path 10

!


match as-path 1


!


!

!






key 7 0538030C33495A221C1C

!

!

!

control-plane

!

!

mgcp fax t38 ecm

!



!

!

!

!

!

gatekeeper

shutdown

!

!

!

line con 0

logging synchronous


line aux 0

line vty 0 4


transport input ssh

line vty 5 15


transport input ssh

!




!

end


Remote Site 208: Dual-router, Dual-Link with Distribution Layer (MPLS-A/MPLS-B)




10.5.82.0/24 (VLAN 101) 10.5.84.0/24 (VLAN 103)

10.255.251.208 (router 1) 10.255.252.208 (router 2) 10.5.87.254 (distribution switch) 10.5.87.2 (access switch 1) 10.5.87.3 (access switch 2) 10.5.87.4 (access switch 3)

The following two tables provide additional information to connect to the distribution layer.

Table 16 - Remote Site 208—router connections to distribution layer

Remote-site information Connection to distribution layer switch Port-Channel subinterface and IP assignments

Location Net block Router Port channel

Member interfaces

Subinterface VLAN Network

Remote Site 208

10.5.80.0/21 RS208-2951-1 1 gig0/1 gig0/2

Port-channel1.50 50 10.5.80.0/30

Port-channel1.99 (transit network)

99 10.5.80.8/30

RS208-2951-2 2 gig0/1 gig0/2

Port-channel2.54 54 10.5.80.4/30

Port-channel2.99 (transit network)

99 10.5.80.8/30

Table 17 - Remote Site 208—distribution layer switch connections


1 gig1/0/12 gig2/0/12

Layer 2 (VLAN 50, 99) RS208-2951-1

2 gig1/0/11 gig2/0/11

Layer 2 (VLAN 54, 99) RS208-2951-2

10 gig1/0/1 gig2/0/1

Layer 2 (VLAN 100,101,106) RS208-A2960X

11 gig1/0/2 gig2/0/2


12 gig1/0/3 gig2/0/3



RS208-2951-1version 15.3




!


!

!

!


!

aaa new-model

!

!



!





!

!

!

!

!


!



!

no ipv6 cef

!

!

ip source-route

ip cef

!

!

!


!

!


!



!

!

!

!

!

!

key chain LAN-KEY

key 1

key-string 7 121A0C041104

voice-card 0

!

!

hw-module sm 2

!

!

!

username admin password 7 141443180F0B7B7977

!

redundancy

!

!

!

!


ip ssh version 2


!


match dscp af21


match protocol bgp


match dscp cs4 af41


match dscp cs3 af31


match dscp ef


match dscp cs1 af11


match dscp cs2 cs6

!

!

policy-map MARK-BGP

class BGP-ROUTING

set dscp cs6

policy-map WAN


class VOICE

priority percent 10


priority percent 23

class CRITICAL-DATA



class DATA



class SCAVENGER

bandwidth percent 5


bandwidth percent 3


class class-default


random-detect


class class-default


service-policy WAN

!

!

!

!

!

!

interface Loopback0

ip address 10.255.251.208 255.255.255.255

ip pim sparse-mode

!


description EtherChannel link to RS208-D3750X

no ip address

hold-queue 150 in

!


description R1 router link to distribution layer


ip address 10.5.80.1 255.255.255.252

ip pim sparse-mode

!


description Transit Net


ip address 10.5.80.9 255.255.255.252


ip pim sparse-mode

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!


bandwidth 25000

ip address 192.168.3.45 255.255.255.252

duplex auto

speed auto

no cdp enable


!


description RS208-D3750X Gig1/0/12

no ip address

duplex auto

speed auto

channel-group 1

!



no ip address

duplex auto

speed auto

channel-group 1

!

interface Vlan1

no ip address

!

!

!

router eigrp LAN

!


!


passive-interface

exit-af-interface

!





exit-af-interface

!






exit-af-interface

!

topology base

default-metric 50000 100 255 1 1500


exit-af-topology

network 10.5.0.0 0.0.255.255

network 10.255.0.0 0.0.255.255


exit-address-family

!

router bgp 65511

bgp router-id 10.255.251.208


network 10.5.81.0 mask 255.255.255.0

network 10.5.83.0 mask 255.255.255.0

network 10.255.251.208 mask 255.255.255.255

network 10.255.252.208 mask 255.255.255.255

network 192.168.3.44 mask 255.255.255.252







!


!





no ip http server




!


!

logging 10.4.48.35

!

!

!


!

nls resp-timeout 1

cpd cr-id 1


match as-path 10

!


match as-path 1


!


!

!






key 7 0235015819031B0A4957

!

!

!

control-plane

!

!

!


!

!

!

!

!

gatekeeper

shutdown

!

!

!

line con 0

logging synchronous


line aux 0

line vty 0 4


transport input all

line vty 5 15


transport input all


!



ntp update-calendar


!

end

RS208-2951-2version 15.3




!


!

!

!


!

aaa new-model

!

!



!





!

!

!

!

!


!



!

no ipv6 cef

ip source-route

ip cef

!

!

!



!

!


!


!

!

!

!

!

!

!

key chain LAN-KEY

key 1

key-string 7 121A0C041104

voice-card 0

!

!

!

!

!

!

!

license udi pid CISCO2951/K9 sn FHK1425F25D

hw-module pvdm 0/0

!

hw-module sm 2

!

!

!

username admin password 7 110A4816141D5A5E57

!

redundancy

!

!

!

!


ip ssh version 2


!


match dscp af21


match protocol bgp


match dscp cs4 af41



match dscp cs3 af31


match dscp ef


match dscp cs1 af11


match dscp cs2 cs6

!

!

policy-map MARK-BGP

class BGP-ROUTING

set dscp cs6

policy-map WAN

class VOICE

priority percent 10


priority percent 23

class CRITICAL-DATA



class DATA



class SCAVENGER

bandwidth percent 5


bandwidth percent 3


class class-default


random-detect


class class-default


service-policy WAN

!

!

!

!

!

interface Loopback0

ip address 10.255.252.208 255.255.255.255

ip pim sparse-mode

!


description EtherChannel link to RS208-D3750X


no ip address

hold-queue 150 in

!


description R2 routed link to RS208-D3750X


ip address 10.5.80.5 255.255.255.252

ip wccp 61 redirect in

ip pim sparse-mode

!


description Transit net


ip address 10.5.80.10 255.255.255.252

ip pim sparse-mode

!


bandwidth 25000

ip address 192.168.4.45 255.255.255.252

duplex auto

speed auto

no cdp enable


!



no ip address

duplex auto

speed auto

channel-group 2

!



no ip address

duplex auto

speed auto

channel-group 2

!

interface Vlan1

no ip address

!

!

!

router eigrp LAN

!


!



passive-interface

exit-af-interface

!





exit-af-interface

!





exit-af-interface

!

topology base

default-metric 35000 100 255 1 1500


exit-af-topology

network 10.5.0.0 0.0.255.255

network 10.255.0.0 0.0.255.255


exit-address-family

!

router bgp 65511

bgp router-id 10.255.252.208


network 10.5.81.0 mask 255.255.255.0

network 10.5.83.0 mask 255.255.255.0

network 10.255.251.208 mask 255.255.255.255

network 10.255.252.208 mask 255.255.255.255

network 192.168.4.44 mask 255.255.255.252






!


!




no ip http server





!


!

logging 10.4.48.35

!

!

!

!

nls resp-timeout 1

cpd cr-id 1


match as-path 10

!

!






key 7 107D0C1A17120620091D

!

!

!

control-plane

!

!

!


!

!

!

!

!

gatekeeper

shutdown

!

!

!

line con 0

logging synchronous


line aux 0

line vty 0 4


transport input ssh

line vty 5 15



transport input ssh

!




!

end

RS208-D3750Xversion 15.2

no service pad




!

hostname RS208-D3750X

!

!

!

enable secret 5 $1$nkmH$RUDemQ4M9cIly7DgFP9ht/

!

username admin password 7 094F1F1A1A0A464058

aaa new-model

!

!



!




!

!

!




switch 1 provision ws-c3750x-12s

switch 2 provision ws-c3750x-12s

stack-mac persistent timer 0

system mtu routing 1500

ip routing

!

!

!





ip device tracking


udld enable

!

mls qos map policed-dscp 0 10 18 to 8

mls qos map cos-dscp 0 8 16 24 32 46 48 56

mls qos srr-queue input bandwidth 70 30

mls qos srr-queue input threshold 1 80 90

mls qos srr-queue input priority-queue 2 bandwidth 30


mls qos srr-queue input cos-map queue 1 threshold 3 6 7


mls qos srr-queue input dscp-map queue 1 threshold 2 24




mls qos srr-queue input dscp-map queue 2 threshold 3 46 47








mls qos srr-queue output dscp-map queue 1 threshold 3 46 47



mls qos srr-queue output dscp-map queue 2 threshold 1 36 37 38 39

mls qos srr-queue output dscp-map queue 2 threshold 2 24




mls qos srr-queue output dscp-map queue 4 threshold 1 8 9 11 13 15

mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14





mls qos queue-set output 1 buffers 15 25 40 20

mls qos

!

key chain LAN-KEY

key 1

key-string 7 13061E010803


!

license boot level ipservices switch 1

!

!





!

!

!

port-channel load-balance src-dst-ip

!

!


!

vlan 50

name R1-link

!

vlan 54

name R2-link

!

vlan 99

name Transit-net

!

vlan 100

name Data_VLAN_1

!

vlan 101

name Voice_VLAN_1

!

vlan 102

name Data_VLAN_2

!

vlan 103

name Voice_VLAN_2

!

vlan 104

name Wireless-Data

!

vlan 105

name Wireless-Voice

!

vlan 106

name Management

!

vlan 999


!

ip ftp username cisco

ip ftp password 7 14141B180F0B

ip ssh version 2


!

!


mls qos trust dscp

queue-set 1


priority-queue out

@

!

!

interface Loopback0

ip address 10.5.87.254 255.255.255.255

ip pim sparse-mode

!


description EtherChannel link to RS208-2951-1

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 50,99-106


spanning-tree portfast trunk

!


description EtherChannel link to RS208-2951-2




spanning-tree portfast trunk

!


description EtherChannel link to Access Switch RS208-A2960X



switchport trunk allowed vlan 100-106


!


description EtherChannel link to Access Switch RS208-A3750X-PR1





!



description EtherChannel link to Access Switch RS208-A3750X-PR2





!


no ip address

no ip route-cache

shutdown

!


description Link to Access Switch RS208-A2960X Gig1/0/49








priority-queue out

mls qos trust dscp




!


description Link to Access Switch RS208-A3750X-PR1 Gig1/1








priority-queue out

mls qos trust dscp




!


description Link to Access Switch RS208-A3750X-PR2 Gig1/1/1









priority-queue out

mls qos trust dscp




!









priority-queue out

mls qos trust dscp



!









priority-queue out

mls qos trust dscp



!

!


description Link to Access Switch RS208-A2960X Gig1/0/50








priority-queue out


mls qos trust dscp




!


description Link to Access Switch RS208-A3750X-PR1 Gig1/2








priority-queue out

mls qos trust dscp




!


description Link to Access Switch RS208-A3750X-PR2 Gig1/1/2








priority-queue out

mls qos trust dscp




!

!









priority-queue out

mls qos trust dscp




!









priority-queue out

mls qos trust dscp



!


!

!

interface Vlan1

no ip address

shutdown

!

interface Vlan50

ip address 10.5.80.2 255.255.255.252

ip pim sparse-mode

!

interface Vlan54

ip address 10.5.80.6 255.255.255.252

ip pim sparse-mode

!

interface Vlan100

description Data VLAN 1

ip address 10.5.81.1 255.255.255.0


ip pim sparse-mode

!

interface Vlan101

description Voice VLAN 1

ip address 10.5.82.1 255.255.255.0


ip pim sparse-mode

!

interface Vlan102

description Data VLAN 2

ip address 10.5.83.1 255.255.255.0


ip pim sparse-mode


!

interface Vlan103

description Voice VLAN 2

ip address 10.5.84.1 255.255.255.0


ip pim sparse-mode

!

interface Vlan104

ip address 10.5.85.1 255.255.255.0

!

interface Vlan105

ip address 10.5.86.1 255.255.255.0

!

interface Vlan106

description Management

ip address 10.5.87.1 255.255.255.128

ip pim sparse-mode

!

!

router eigrp LAN

!


!


passive-interface

exit-af-interface

!

af-interface Vlan50




exit-af-interface

!

af-interface Vlan54




exit-af-interface

!

topology base

exit-af-topology

network 10.4.0.0 0.1.255.255


eigrp stub connected summary

nsf

exit-address-family

!



!

no ip http server



!


!

!




!

!








key 7 107D0C1A17120620091D

!

!

!

!

line con 0


line vty 0 4

length 0


transport input ssh

line vty 5 15


transport input ssh

!


end

WAN-Aggregation Devices—MPLS Static Design Model August 2014 Series112

WAN-Aggregation Devices—MPLS Static Design Model

This section includes configuration files corresponding to the MPLS Static design model as referenced in Figure 4.

Figure 4 - WAN-aggregation design—MPLS Static

22

56(300 Mbps)

Port-channel 6(gig1/0/7, gig2/0/7)

gig0/0/3

WAN-D3750X

CE-ISR4451X-3

VPLS A

192.168.5.0/30↑ (.1), (.2) ↓

10.4.32.0/30↑ (.37), (.38) ↓

Port-channel 6(gig0/0/1, gig0/0/2)

MPLS CStatic

The following table provides the loopback addresses for the WAN aggregation devices in the MPLS Static design model.

Table 18 - Loopback addresses

Hostname Loopback0

WAN-D3750X 10.4.32.240/32

CE-ISR4451X-3 10.4.32.248 /32

The following table provides a summary of the various distribution layer switch device interconnections to other WAN-aggregation components.

Table 19 - MPLS Static design model—distribution layer switch port channel information

Port-channel Member interfaces Layer3/Layer2 Connected device

6 gig1/0/7 gig2/0/7

Layer 3 CE-ISR4451X-3


CE-ISR4451X-3version 15.4





!

hostname CE-ISR4451X-3

!

boot-start-marker

boot system bootflash:isr4400-universalk9.03.12.00.S.154-2.S-std.SPA.bin

boot-end-marker

!

!


!

address-family ipv4

exit-address-family

!

address-family ipv6

exit-address-family

!

enable secret 5 $1$yPHZ$Ak3YjTIaLHOI2FTo6OBPj1

!

aaa new-model

!

!



!




!

!

!

!

!




!

!




!

!

!

!

subscriber templating

!


!

!

!

key chain LAN-KEY

key 1

key-string 7 130646010803557878

key chain WAN-KEY

key 1


!


!

username admin password 7 03070A180500701E1D

!

redundancy

mode none

!

!

ip tftp source-interface GigabitEthernet0


ip ssh version 2


!


match dscp af21


match dscp cs4 af41


match dscp cs3 af31


match dscp ef


match dscp cs1 af11

class-map match-any TP-MEDIA

match protocol telepresence-media


match dscp cs2 cs6

!

policy-map WAN

class VOICE


priority percent 10


priority percent 23

class CRITICAL-DATA



class DATA



class SCAVENGER

bandwidth percent 5


bandwidth percent 3

class class-default


random-detect


class class-default


service-policy WAN

!

!

!

!

interface Loopback0

ip address 10.4.32.248 255.255.255.255

!


description Link to WAN-D3750X

ip address 10.4.32.38 255.255.255.252

ip pim sparse-mode


no negotiation auto

!

!



no ip address

negotiation auto

channel-group 6

!



no ip address

negotiation auto

channel-group 6

!


!


description Connect to MPLS-C

bandwidth 300000

ip address 192.168.5.1 255.255.255.252

ip pim sparse-mode

negotiation auto

no cdp enable


!



no ip address

shutdown

negotiation auto

!

!

router eigrp LAN

!


!


passive-interface

exit-af-interface

!





exit-af-interface

!

topology base

default-metric 300000 300 255 1 1500

redistribute eigrp 202 route-map SET-ROUTE-TAG-DMVPN

redistribute static

exit-af-topology

network 10.4.0.0 0.1.255.255


exit-address-family

!

!

!


no ip http server



ip http secure-trustpoint TP-self-signed-3924407788


ip http client secure-trustpoint TP-self-signed-3924407788



ip route 10.5.232.0 255.255.254.0 192.168.5.2 250

ip route 10.5.234.0 255.255.254.0 192.168.5.2 250

ip route 10.5.236.0 255.255.254.0 192.168.5.2 250

ip route 10.255.250.0 255.255.255.0 192.168.5.2 250

ip route 192.168.5.0 255.255.255.0 192.168.5.2


!

!

!


access-list 155 permit icmp any any

!

route-map SET-ROUTE-TAG-DMVPN permit 10

match interface Tunnel10

set tag 65512

!




!



key 7 00371605165E1F2D0A38

!

!

!

control-plane

!

!

line con 0

logging synchronous


stopbits 1

line aux 0

stopbits 1

line vty 0 4

access-class 55 in

exec-timeout 0 0


transport input ssh

line vty 5 15

access-class 55 in


transport input ssh


!



!

end

WAN Remote-Site Devices—MPLS Static Design Model August 2014 Series119

WAN Remote-Site Devices—MPLS Static Design Model

This section includes configuration files corresponding to the MPLS static design model as referenced in Figure 5. Each remote-site type has its respective devices grouped together along with any other relevant configuration information. The Autonomous System Number (ASN) used in CVD configurations is 65511.

Figure 5 - WAN remote-site designs—MPLS Static

MPLS WAN

Nonredundant

Remote Site 100

Remote Site 101

Remote Site 102 22

82

MPLS

The following table lists the specific details for the MPLS WAN and DMVPN WAN connections at each site.

Table 20 - Remote-site MPLS and DMVPN WAN connection details

Location Net block MPLS CE MPLS PE Carrier ASLAN interfaces Loopbacks

Remote Site 100 (Single-router, single-link with local DHCP)

10.5.232.0/23 (gig0/0) 192.168.5.5 192.168.5.6 Statically routed (C)

(gig0/1) 10.255.250.100 (router)

Remote Site 101 (Single-router, single-link with local DHCP)

10.5.234.0/23 (gig0/0) 192.168.5.9 192.168.5.10 Statically routed (C)

(gig0/1)

(gig0/2)

10.255.250.101 (router)

Remote Site 102 (890 Series single-router, single-link with local DHCP)

10.5.236.0/23 (gig0) 192.168.5.13 192.168.5.14 Statically routed (C)

(fa0) 10.255.250.102 (router)

The following table lists the policed-rate link speeds for the remote-site QoS traffic shaping policies.

Table 21 - Remote-site link speeds

Location Net block MPLS link speed

Remote Site 100 10.5.232.0/23 10 Mbps

Remote Site 101 10.5.234.0/23 5 Mbps

Remote Site 103 10.5.236.0/23 2 Mbps


Remote Site 100: Single-Router, Single-Link with Local DHCP (MPLS-C Static)




10.255.250.100 (router) 10.5.232.5 (access switch)





!

hostname RS100-1941

!

!

!

enable secret 5 $1$r5r2$keUZiMxV/EW6m.SJa1M5S1

!

aaa new-model

!

!



!




!

!




service-module wlan-ap 0 bootimage autonomous

!

ip cef

!

!

ip dhcp excluded-address 10.5.232.1 10.5.232.19


!

ip dhcp pool DHCP-Wired-Data

network 10.5.232.0 255.255.255.0


default-router 10.5.232.1

domain-name cisco.local

dns-server 10.4.48.10

!

ip dhcp pool DHCP-Wired-Voice

network 10.5.233.0 255.255.255.0




!

!

!



no ipv6 cef

!


!

!

hw-module ism 0

!


!

redundancy

!

!

!

ip ftp source-interface Loopback0


ip ssh version 2


!

!


match dscp af21


match dscp cs4 af41


match dscp cs3 af31


match dscp ef


match dscp cs1 af11


match dscp cs2 cs6

!

!


policy-map WAN

class VOICE

priority percent 10


priority percent 23

class CRITICAL-DATA



class DATA



class SCAVENGER

bandwidth percent 5


bandwidth percent 3

class class-default


random-detect


class class-default


service-policy WAN

!

!

!

interface Loopback0

ip address 10.255.250.100 255.255.255.255

ip pim sparse-mode

!


no ip address

hold-queue 300 in

!

!


ip address 192.168.5.5 255.255.255.252

ip pim sparse-mode

ip virtual-reassembly in

ip virtual-reassembly out

duplex auto

speed auto

no cdp enable


!

!




no ip address

duplex auto

speed auto

!


description Data


ip address 10.5.232.1 255.255.255.0

ip pim sparse-mode

!


description Voice


ip address 10.5.233.1 255.255.255.0

ip pim sparse-mode

!


!

no ip http server



ip http secure-trustpoint TP-self-signed-2077264681

ip http client secure-trustpoint TP-self-signed-2077264681

!



ip route 0.0.0.0 0.0.0.0 192.168.5.6


!

!

!







key 7 15210E0F162F3F0F2D2A

!

!

!

control-plane

!

line con 0


line aux 0


line 2


no exec



stopbits 1

line 67


no exec


transport input all


line vty 0 4

exec-timeout 0 0


transport input ssh

line vty 5 15


transport input ssh

!



ntp update-calendar


!

end

Remote Site 101: Single-Router, Single-Link with Local DHCP (MPLS-C Static)








!

hostname RS101-2911

!

!

!


enable secret 5 $1$R41k$F0VkHCx5oQ9d4Ys0bQ85z1

!

aaa new-model

!

!



!





!

!

!




!

ip cef

!

!

!



!


network 10.5.234.0 255.255.255.0




!


network 10.5.235.0 255.255.255.0




!

!





no ipv6 cef

!


!


!

voice-card 0

!

!

hw-module pvdm 0/0

!

hw-module pvdm 0/1

!

hw-module sm 1

!

username admin password 7 104D580A061843595F

!

redundancy

!

!


ip ssh version 2


!


match dscp af21


match dscp cs4 af41


match dscp cs3 af31


match dscp ef


match dscp cs1 af11


match dscp cs2 cs6

match access-group name ISAKMP

!

policy-map WAN

class VOICE

priority percent 10


priority percent 23

class CRITICAL-DATA



class DATA



class SCAVENGER

bandwidth percent 5



bandwidth percent 3

class class-default


random-detect


class class-default


service-policy WAN


class class-default


service-policy WAN

!

!

interface Loopback0

ip address 10.255.250.101 255.255.255.255

ip pim sparse-mode

!

!



no ip address

hold-queue 150 in

!


description Data


ip address 10.5.234.1 255.255.255.0

ip pim sparse-mode

!


description Voice


ip address 10.5.235.1 255.255.255.0

ip pim sparse-mode

!


bandwidth 10000

ip address 192.168.5.9 255.255.255.252

load-interval 30

duplex auto

speed auto


!



no ip address


duplex auto

speed auto

channel-group 1

!



no ip address

duplex auto

speed auto

channel-group 1

!

!


!

no ip http server



!



ip route 0.0.0.0 0.0.0.0 192.168.5.10 250


!

!

!







key 7 03375E08140A35674B10

!

!

control-plane

!

!


!

!

gatekeeper

shutdown

!

!

!

line con 0

logging synchronous



line aux 0

line 2


no exec



stopbits 1

line 67

login authentication MODULE


no exec


transport input all


stopbits 1

line vty 0 4

exec-timeout 0 0


transport input ssh

line vty 5 15


transport input ssh

!



ntp update-calendar


!

end


Remote Site 102: 890 Series Single-Router, Single-Link with Local DHCP (MPLS-C Static)

Table 24 - Remote Site 102 IP address information







!

hostname RS102-891

!

!

!

enable secret 5 $1$iy4j$l335hcEvtwVNzNwF0PQMy.

!

aaa new-model

!

!



!




!

!




service-module wlan-ap 0 bootimage autonomous

!

ip cef

!

!



!


network 10.5.236.0 255.255.255.0





!


network 10.5.237.0 255.255.255.0




!

!

!



no ipv6 cef

!

!


!

license accept end user agreement

!

!

archive

log config

hidekeys

username admin password 7 110A4816141D5A5E57

!

redundancy

!

!


ip ssh version 2


!

!


match dscp af21


match dscp cs4 af41


match dscp cs3 af31


match dscp ef


match dscp cs1 af11


match dscp cs2 cs6


!

!

policy-map WAN

class VOICE

priority percent 10


priority percent 23

class CRITICAL-DATA



class DATA



class SCAVENGER

bandwidth percent 5


bandwidth percent 3

class class-default


random-detect

policy-map WAN-INTERFACE-G0

class class-default


service-policy WAN

!

!

!

interface Loopback0

ip address 10.255.250.102 255.255.255.255

ip pim sparse-mode

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!



no ip address

!


no ip address

!


switchport trunk allowed vlan 1,2,64,69,1002-1005

no ip address

shutdown

!


description RS102-A2960X

no ip address

duplex auto

speed auto

!

interface FastEthernet8.64


ip address 10.5.236.1 255.255.255.0

!

interface FastEthernet8.69


ip address 10.5.237.1 255.255.255.0

!


ip address 192.168.5.13 255.255.255.252

duplex auto

speed auto

service-policy output WAN-INTERFACE-G0

!

interface wlan-ap0

description Service module interface to manage the embedded AP

no ip address

arp timeout 0

!

interface Wlan-GigabitEthernet0

description Internal switch interface connecting to the embedded AP

no ip address

!

interface Vlan1

no ip address

!

interface Async1

no ip address

encapsulation slip

!

interface Group-Async0


physical-layer async

no ip address

encapsulation slip

no group-range

!


no ip http server



!

!



ip route 0.0.0.0 0.0.0.0 192.168.5.14


!

!




!



key 7 142417081E013E002131

!

!

!

control-plane

!


!

!

line con 0


line 1

modem InOut

speed 115200

flowcontrol hardware

line 2


no exec


transport input all

transport output pad telnet rlogin udptn ssh

line aux 0

line vty 0 4



transport input ssh

line vty 5 15


transport input ssh

!

scheduler max-task-time 5000


ntp update-calendar


!

end

Americas HeadquartersCisco Systems, Inc.San Jose, CA

Asia Pacific HeadquartersCisco Systems (USA) Pte. Ltd.Singapore

Europe HeadquartersCisco Systems International BV Amsterdam,The Netherlands

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.

ALL DESIGNS, SPECIFICATIONS, STATEMENTS, INFORMATION, AND RECOMMENDATIONS (COLLECTIVELY, “DESIGNS”) IN THIS MANUAL ARE PRESENTED “AS IS,” WITH ALL FAULTS. CISCO AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THE DESIGNS, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE DESIGNS ARE SUBJECT TO CHANGE WITHOUT NOTICE. USERS ARE SOLELY RESPONSIBLE FOR THEIR APPLICATION OF THE DESIGNS. THE DESIGNS DO NOT CONSTITUTE THE TECHNICAL OR OTHER PROFESSIONAL ADVICE OF CISCO, ITS SUPPLIERS OR PARTNERS. USERS SHOULD CONSULT THEIR OWN TECHNICAL ADVISORS BEFORE IMPLEMENTING THE DESIGNS. RESULTS MAY VARY DEPENDING ON FACTORS NOT TESTED BY CISCO.

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

© 2014 Cisco Systems, Inc. All rights reserved.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Please use the feedback form to send comments and suggestions about this guide.

Feedback

B-0000240-1 08/14

http://cvddocs.com/feedback/?id=240-14b

mpls wan configuration files guide - august 2014 · introduction august 2014 series 2 introduction...

Documents