|
|
This appendix contains sample configuration files for the following:
Use these sample configurations as models for the customization of your configurations. The portions of these configurations that you are likely to need to change for your network are printed in bold.
! no service finger service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption no service udp-small-servers no service tcp-small-servers ! hostname sjcms01 ! aaa new-model aaa authentication login CONSOLE none aaa authentication login ADMIN radius local aaa authentication ppp ADMIN if-needed radius local aaa authorization network radius aaa accounting network start-stop radius aaa accounting connection start-stop radius aaa accounting exec start-stop radius enable password cisco1 enable secret secret123 ! ! for copy rcp config file username justincase password doublesecret ip rcmd remote-username APMadmin ip routing ! ip subnet-zero no ip source-route ip name-server 192.168.10.1 ip radius source-interface Loopback1 clock timezone GMT 0 ! interface Loopback 1 description "MGMT Network and Async129" ip address 172.16.2.56 255.255.255.255 ! interface Ethernet1/0 description "To Failover switch" ip address 172.16.2.24 255.255.255.224 no ip directed-broadcast no shutdown ! interface Ethernet1/1 description "To Primary switch" ip address 172.16.1.24 255.255.255.224 no ip directed-broadcast no shutdown ! interface Async 129 description "OSS Modem Incoming Call" ip unnumbered Loopback1 encapsulation ppp async dynamic address async mode interactive peer default ip address 172.16.2.63 no cdp enable no fair-queue ppp authentication chap callin ADMIN ! router ospf 4242 passive-interface Loopback1 network 172.16.2.0 0.0.0.63 area 21 network 172.16.1.0 0.0.0.63 area 21 ! ! ip classless ! ip http server logging trap debugging logging facility syslog ! logging source uses logging IP logging 192.168.10.1 logging source-interface Loopback1 no access-list 10 access-list 10 permit 192.168.10.1 ! snmp-server community public RO snmp-server community private RW 10 snmp-server trap-source Loopback1 snmp-server location NOC-Center snmp-server contact Network-Administrator snmp-server system-shutdown snmp-server host 192.168.10.1 sjcms01 radius-server host 192.168.10.8 auth-port 1645 acct-port 1646 ! radius-server key bananas ! line con 0 session-timeout 45 exec-timeout 45 0 login authentication CONSOLE transport preferred none line 1 32 session-timeout 60 no exec login authentication ADMIN modem InOut transport input all flowcontrol hardware line aux 0 exec-timeout 15 0 autoselect during-login autoselect ppp login authentication ADMIN modem InOut transport preferred none transport input none flowcontrol hardware speed 115200 line vty 0 4 session-timeout 45 exec-timeout 45 password cisco2 transport preferred none login authentication ADMIN ! ntp server 192.168.10.1 end
! !begin set prompt sjsw01> set length 24 default set logout 20 ! Security: Use either enablepass or tacacs+ ! set enablepass ! set authentication enable tacacs ! set authentication enable tacacs ! set tacacs server ! set tacacs key ! #system set system baud 9600 set system modem disable set system name sjsw01 set system location NOC-Center set system contact Network-Administrator ! #snmp set snmp community read-only public set snmp community read-write private set snmp community read-write-all private set snmp rmon disable set snmp trap enable module set snmp trap enable chassis set snmp trap disable bridge set snmp trap disable repeater set snmp trap enable vtp set snmp trap enable auth ! #vtp set vtp domain us_pri_mlp mode server set vlan 1 name default type ethernet mtu 1500 said 100001 state active ! #ip set interface sc0 1 172.16.1.30 255.255.255.224 172.16.1.31 set interface sl0 0.0.0.0 0.0.0.0 set arp agingtime 1200 set ip redirect enable set ip unreachable enable set ip fragmentation enable set ip route 0.0.0.0 172.16.1.27 1 set ip alias default 0.0.0.0 ! #Command alias ! #switch port analyzer set span 1 2/24 both set span disable ! #bridge set bridge ipx snaptoether 8023raw set bridge ipx 8022toether 8023 set bridge ipx 8023rawtofddi snap ! #vlan set vlan 1 1/1-2 set vlan 1 2/1-24 ! #syslog set logging console enable set logging server enable ! use logging ip for the logging server address, for example: ! set logging server 192.168.10.1 set logging server 192.168.10.1 set logging level cdp 2 default set logging level cgmp 2 default set logging level disl 5 default set logging level dvlan 2 default set logging level earl 2 default set logging level fddi 2 default set logging level ip 2 default set logging level pruning 2 default set logging level snmp 2 default set logging level spantree 2 default set logging level sys 5 default set logging level tac 2 default set logging level tcp 2 default set logging level telnet 2 default set logging level tftp 2 default set logging level vtp 2 default set logging level vmps 2 default ! #ntp set ntp broadcastclient disable set ntp broadcastdelay 3000 set ntp client enable !ntp server 192.168.10.1 set ntp server 172.16.2.56 set timezone GMT 0 0 !set summertime enable ! #cam set cam agingtime 1 300 ! #cdp set cdp enable 1/1-2 set cdp enable 2/1-24 ! #trunks set trunk 1/1 auto 1-1000 set trunk 1/2 auto 1-1000 ! #spantree #vlan 1 set spantree enable 1 set spantree fwddelay 15 1 set spantree hello 2 1 set spantree maxage 20 1 set spantree priority 32 1 ! #trunk set spantree portfast 1/1-2 enable set spantree portfast 2/1-24 enable ! #module 1 set module name 1 set port enable 1/1-2 set port level 1/1-2 high set port duplex 1/1-2 full set port trap 1/1-2 enable set port name 1/1 RS01 set port name 1/2 RS02 ! #module 2 set module name 2 set module enable 2 set port enable 2/1-24 set port speed 2/1 10 set port speed 2/2-24 100 set port level 2/1-24 normal set port duplex 2/1 half set port duplex 2/2-24 full set port trap 2/1-24 enable set port name 2/1 CMS01 set port name 2/2 AS01 set port name 2/3 AS02 set port name 2/4 AS03 set port name 2/5 AS04 set port name 2/6 AS05 set port name 2/7 AS06 set port name 2/8 AS07 set port name 2/9 AS08 set port name 2/10 AS09 set port name 2/11 AS10 set port name 2/12 AS11 set port name 2/13 AS12 set port name 2/14 AS13 set port name 2/15 AS14 set port name 2/16 AS15 set port name 2/17 AS16 set port name 2/18 AS17 set port name 2/19 AS18 set port name 2/20 AS19 set port name 2/21 AS20 set port name 2/22 AS21 ! !end
! no service finger service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption no service udp-small-servers no service tcp-small-servers ! hostname sjas01 ! aaa new-model aaa authentication login CONSOLE none aaa authentication login ADMIN radius local aaa authentication login USERS radius aaa authentication ppp USERS&TUNNELS if-needed radius aaa authorization network radius if-authenticated aaa accounting network start-stop radius aaa accounting exec start-stop radius aaa accounting connection start-stop radius enable secret secret123 enable password cisco1 ! ! for copy rcp config file ip rcmd remote-username APMadmin ip routing username justincase password doublesecret ! username us_pri_mlp password secret ip subnet-zero no ip source-route ip name-server 192.168.10.1 ip radius source-interface Loopback1 ! no sgbp group us_pri_mlp ! sgbp group us_pri_mlp sgbp seed-bid default sgbp source-ip 172.16.1.33 ! sgbp members will be built at run time. ! There is one per peer NAS, fully meshed. ! Example: sgbp member Nas02 4.2.1.2 sgbp member sjas02 172.16.1.34 sgbp member sjas03 172.16.1.35 !async-bootp dns-server !async-bootp nbns-server ! vpdn enable ! vpdn source-ip 172.16.1.33 isdn switch-type primary-5ess clock timezone GMT 0 ! controller T1 0 framing esf fdl ansi clock source line primary linecode b8zs ! if T1, no of isdn channel=24, E1=31 pri-group timeslots 1-24 no shutdown ! controller T1 1 framing esf fdl ansi clock source line secondary linecode b8zs ! if T1, no of isdn channel=24, E1=31 pri-group timeslots 1-24 no shutdown ! controller T1 2 framing esf fdl ansi clock source internal linecode b8zs ! if T1, no of isdn channel=24, E1=31 pri-group timeslots 1-24 no shutdown ! controller T1 3 framing esf fdl ansi clock source internal linecode b8zs ! if T1, no of isdn channel=24, E1=31 pri-group timeslots 1-24 no shutdown ! controller T1 4 framing esf fdl ansi clock source internal linecode b8zs ! if T1, no of isdn channel=24, E1=31 pri-group timeslots 1-24 no shutdown ! controller T1 5 framing esf fdl ansi clock source internal linecode b8zs ! if T1, no of isdn channel=24, E1=31 pri-group timeslots 1-24 no shutdown ! controller T1 6 framing esf fdl ansi clock source internal linecode b8zs ! if T1, no of isdn channel=24, E1=31 pri-group timeslots 1-24 no shutdown ! controller T1 7 framing esf fdl ansi clock source internal linecode b8zs ! if T1, no of isdn channel=24, E1=31 pri-group timeslots 1-24 no shutdown ! interface Loopback0 description "L2F tunnel NAS pseudo interface" ip address 172.16.1.33 255.255.255.255 ! interface Loopback1 description "Management (SNMP & AAA) NAS pseudo interface" ip address 172.16.2.33 255.255.255.255 ! interface Ethernet0 description "To Failover path via Switch port on 7206" ip address 172.16.2.1 255.255.255.224 no shutdown no ip directed-broadcast ip route-cache no lat enabled no mop enabled default keepalive no fair-queue ! interface FastEthernet0 description "To Primary Switch path" ip address 172.16.1.1 255.255.255.224 ! no shutdown duplex full speed 100 no ip directed-broadcast ip route-cache no lat enabled no mop enabled default keepalive no fair-queue ! interface Serial0 no ip address no ip directed-broadcast shutdown no fair-queue ! interface Serial1 no ip address no ip directed-broadcast shutdown no fair-queue ! interface Serial2 no ip address no ip directed-broadcast shutdown no fair-queue ! interface Serial3 no ip address no ip directed-broadcast shutdown no fair-queue ! ! if North American isdn d channel=23, European=15 interface Serial0:23 description "PRI D channel" ip unnumbered Loopback0 encapsulation ppp isdn switch-type primary-5ess isdn incoming-voice modem peer default ip address pool sjas01 dialer rotary-group 1 no fair-queue no cdp enable no keepalive no shutdown dialer-group 1 ! interface Serial1:23 description "PRI D channel" ip unnumbered Loopback0 encapsulation ppp isdn switch-type primary-5ess isdn incoming-voice modem peer default ip address pool sjas01 dialer rotary-group 1 no fair-queue no cdp enable no keepalive no shutdown dialer-group 1 ! interface Serial2:23 description "PRI D channel" ip unnumbered Loopback0 encapsulation ppp isdn switch-type primary-5ess isdn incoming-voice modem peer default ip address pool sjas01 dialer rotary-group 1 no fair-queue no cdp enable no keepalive no shutdown dialer-group 1 ! interface Serial3:23 description "PRI D channel" ip unnumbered Loopback0 encapsulation ppp isdn switch-type primary-5ess isdn incoming-voice modem peer default ip address pool sjas01 dialer rotary-group 1 no fair-queue no cdp enable no keepalive no shutdown dialer-group 1 ! interface Serial4:23 description "PRI D channel" ip unnumbered Loopback0 encapsulation ppp isdn switch-type primary-5ess isdn incoming-voice modem peer default ip address pool sjas01 dialer rotary-group 1 no fair-queue no cdp enable no keepalive no shutdown dialer-group 1 ! interface Serial5:23 description "PRI D channel" ip unnumbered Loopback0 encapsulation ppp isdn switch-type primary-5ess isdn incoming-voice modem peer default ip address pool sjas01 dialer rotary-group 1 no fair-queue no cdp enable no keepalive no shutdown dialer-group 1 ! interface Serial6:23 description "PRI D channel" ip unnumbered Loopback0 encapsulation ppp isdn switch-type primary-5ess isdn incoming-voice modem peer default ip address pool sjas01 dialer rotary-group 1 no fair-queue no cdp enable no keepalive no shutdown dialer-group 1 ! interface Serial7:23 description "PRI D channel" ip unnumbered Loopback0 encapsulation ppp isdn switch-type primary-5ess isdn incoming-voice modem peer default ip address pool sjas01 dialer rotary-group 1 no fair-queue no cdp enable no keepalive no shutdown dialer-group 1 ! ! Delete the entire Group-Async1 if no modems are installed in stack ! interface Group-Async1 description "Async Incoming Call" ip unnumbered Loopback0 encapsulation ppp async dynamic address !if token card, IF_TOKEN_CARD=interactive, otherwise =dedicated async mode interactive no snmp trap link-status peer default ip address pool sjas01 ip tcp header-compression passive default keepalive no fair-queue no cdp enable ppp authentication chap callin USERS&TUNNELS ppp chap hostname whatremotesees ! T1 = 192, E1 = 240 group-range 1 92 group-range 1 184 ! T1 = 96, E1 = 120 ! interface Dialer1 ip unnumbered Loopback0 encapsulation ppp peer default ip address pool sjas01 ppp multilink ppp authentication chap callin USERS&TUNNELS ppp chap hostname whatremotesees dialer-group 1 dialer in-band no keepalive no cdp enable ! router ospf 4242 redistribute connected subnets passive-interface Loopback0 passive-interface Loopback1 passive-interface Serial0:23 passive-interface Serial1:23 passive-interface Serial2:23 passive-interface Serial3:23 passive-interface Serial4:23 passive-interface Serial5:23 passive-interface Serial6:23 passive-interface Serial7:23 network 172.16.2.0 0.0.0.63 area 21 network 172.16.1.0 0.0.0.63 area 21 summary-address 172.16.3.0 255.255.255.128 summary-address 172.16.3.128 255.255.255.192 ! ip local pool sjas01 172.16.3.1 172.16.3.184 ! ip classless ! ip http server logging trap debugging logging facility syslog ! logging source uses logging ip logging 192.168.10.1 logging source-interface Loopback1 no access-list 10 access-list 10 permit 192.168.10.1 ! snmp-server community public RO snmp-server community private RW 10 snmp-server trap-source Loopback1 snmp-server host 192.168.10.1 sjas01 snmp-server location NOC-Center snmp-server contact Network-Administrator snmp-server system-shutdown snmp-server enable traps envmon dialer-list 1 protocol ip permit radius-server host 192.168.10.8 auth-port 1645 acct-port 1646 ! radius-server key bananas ! line con 0 session-timeout 30 exec-timeout 15 0 logout-warning 60 transport preferred none login authentication CONSOLE line aux 0 line vty 0 4 session-timeout 45 exec-timeout 45 0 transport preferred none login authentication ADMIN line 1 92 autoselect during-login autoselect ppp login authentication USERS modem InOut transport preferred none autohangup line 1 184 autoselect during-login autoselect ppp login authentication USERS modem InOut transport preferred none autohangup ! ntp server 172.16.2.56 end
! no service finger service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption no service udp-small-servers no service tcp-small-servers ! hostname sjrs01 ! aaa new-model aaa authentication login CONSOLE none aaa authentication login ADMIN radius local aaa authorization network radius aaa accounting network start-stop radius aaa accounting connection start-stop radius aaa accounting exec start-stop radius enable password cisco1 enable secret secret123 ! ! for copy rcp config file username justincase password doublesecret ip rcmd remote-username APMadmin ip routing ! ip subnet-zero no ip source-route ip name-server 192.168.10.1 ip radius source-interface Loopback1 clock timezone GMT 0 clock calendar-valid ! interface Loopback1 description "Management (SNMP & AAA) pseudo interface" ip address 172.16.2.54 255.255.255.255 ! interface FastEthernet0/0 description "To Failover path Switch" ip address 172.16.2.27 255.255.255.224 full-duplex media-type 100basex no shutdown bandwidth 10000 no ip directed-broadcast ip route-cache default keepalive no fair-queue no mop enabled no lat enabled ! interface FastEthernet1/0 description "To Stack via SW01" ip address 172.16.1.27 255.255.255.224 no ip directed-broadcast ip route-cache default keepalive full-duplex no shutdown no mop enabled no lat enabled ! interface FastEthernet 5/0 description "To FastE0/0" no ip address bridge-group 2 default keepalive full-duplex no mop enabled no lat enabled no shutdown ! interface FastEthernet 5/1 ! description "Reserved for link to RS02 Eswitch FastE5/1" ! RS01 ! description "To RS01 Eswitch FastE5/1" ! RS02 no ip address bridge-group 2 default keepalive full-duplex no mop enabled no lat enabled no shutdown ! interface Ethernet 5/2 ! description "To CMS01 E1/0" ! RS01 ! description "To AS12 E0" ! RS02 no ip address bridge-group 2 default keepalive half-duplex no mop enabled no lat enabled no shutdown ! interface Ethernet 5/3 ! description "To AS01 E0" ! RS01 ! description "To AS13 E0" ! RS02 no ip address bridge-group 2 default keepalive half-duplex no mop enabled no lat enabled no shutdown ! interface Ethernet 5/4 ! description "To AS02 E0" ! RS01 ! description "To AS14 E0" ! RS02 no ip address bridge-group 2 default keepalive half-duplex no mop enabled no lat enabled no shutdown ! interface Ethernet 5/5 ! description "To AS03 E0" ! RS01 ! description "To AS15 E0" ! RS02 no ip address bridge-group 2 default keepalive half-duplex no mop enabled no lat enabled no shutdown ! interface Ethernet 5/6 ! description "To AS04 E0" ! RS01 ! description "To AS16 E0" ! RS02 no ip address bridge-group 2 default keepalive half-duplex no mop enabled no lat enabled no shutdown ! interface Ethernet 5/7 ! description "To AS05 E0" ! RS01 ! description "To AS17 E0" ! RS02 no ip address bridge-group 2 default keepalive half-duplex no mop enabled no lat enabled no shutdown ! interface Ethernet 5/8 ! description "To AS06 E0" ! RS01 ! description "To AS18 E0" ! RS02 no ip address bridge-group 2 default keepalive half-duplex no mop enabled no lat enabled no shutdown ! interface Ethernet 5/9 ! description "To AS07 E0" ! RS01 ! description "To AS19 E0" ! RS02 no ip address bridge-group 2 default keepalive half-duplex no mop enabled no lat enabled no shutdown ! interface Ethernet 5/10 ! description "To AS08 E0" ! RS01 ! description "To AS20 E0" ! RS02 no ip address bridge-group 2 default keepalive half-duplex no mop enabled no lat enabled no shutdown ! interface Ethernet 5/11 ! description "To AS09 E0" ! RS01 ! description "To AS21 E0" ! RS02 no ip address bridge-group 2 default keepalive half-duplex no mop enabled no lat enabled no shutdown ! interface Ethernet 5/12 ! description "To AS10 E0" ! RS01 no ip address bridge-group 2 default keepalive half-duplex no mop enabled no lat enabled no shutdown ! interface Ethernet 5/13 ! description "To AS11 E0" ! RS01 no ip address bridge-group 2 default keepalive half-duplex no mop enabled no lat enabled no shutdown ! router ospf 4242 passive-interface Loopback1 network 172.16.2.0 0.0.0.63 area 21 network 172.16.1.0 0.0.0.63 area 21 ! bridge irb bridge 2 protocol ieee ! RS01 has priority 1, RS02 has priority 2 bridge 2 priority 1 ! ip classless ! ip http server logging trap debugging logging facility syslog ! logging source uses logging IP logging 192.168.10.1 logging source-interface Loopback1 no access-list 10 access-list 10 permit 192.168.10.1 ! snmp-server community public RO snmp-server community private RW 10 snmp-server trap-source Loopback1 snmp-server host 192.168.10.1 sjrs01 snmp-server location NOC-Center snmp-server contact Network-Administrator snmp-server system-shutdown radius-server host 192.168.10.8 auth-port 1645 acct-port 1646 ! radius-server key bananas ! line con 0 session-timeout 30 exec-timeout 15 0 logout-warning 60 login authentication CONSOLE transport preferred none line aux 0 line vty 0 4 session-timeout 45 exec-timeout 45 0 login authentication ADMIN transport preferred none ! ntp server 172.16.2.56 end
|
|