remove real experiences, rename clab to original name
This commit is contained in:
@@ -1,406 +0,0 @@
|
|||||||
hostname Leaf-01
|
|
||||||
!
|
|
||||||
!
|
|
||||||
vrf definition Mgmt-vrf
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv6
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
vrf definition green
|
|
||||||
rd 1:1
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
route-target export 1:1
|
|
||||||
route-target import 1:1
|
|
||||||
route-target export 1:1 stitching
|
|
||||||
route-target import 1:1 stitching
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv6
|
|
||||||
route-target export 1:1
|
|
||||||
route-target import 1:1
|
|
||||||
route-target export 1:1 stitching
|
|
||||||
route-target import 1:1 stitching
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
no aaa new-model
|
|
||||||
switch 1 provision c9300l-24p-4g
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip multicast-routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
login on-success log
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
l2vpn evpn
|
|
||||||
replication-type static
|
|
||||||
router-id Loopback1
|
|
||||||
default-gateway advertise
|
|
||||||
!
|
|
||||||
l2vpn evpn instance 101 vlan-based
|
|
||||||
encapsulation vxlan
|
|
||||||
replication-type static
|
|
||||||
!
|
|
||||||
l2vpn evpn instance 102 vlan-based
|
|
||||||
encapsulation vxlan
|
|
||||||
replication-type ingress
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki trustpoint TP-self-signed-2748515057
|
|
||||||
enrollment selfsigned
|
|
||||||
subject-name cn=IOS-Self-Signed-Certificate-2748515057
|
|
||||||
revocation-check none
|
|
||||||
rsakeypair TP-self-signed-2748515057
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
crypto pki trustpoint SLA-TrustPoint
|
|
||||||
enrollment pkcs12
|
|
||||||
revocation-check crl
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki certificate chain TP-self-signed-2748515057
|
|
||||||
certificate self-signed 01
|
|
||||||
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 0D050030
|
|
||||||
31312F30 2D060355 04030C26 494F532D 53656C66 2D536967 6E65642D 43657274
|
|
||||||
69666963 6174652D 32373438 35313530 3537301E 170D3236 30363130 30393433
|
|
||||||
30385A17 0D333630 36303930 39343330 385A3031 312F302D 06035504 030C2649
|
|
||||||
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37343835
|
|
||||||
31353035 37308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
|
|
||||||
0A028201 0100A4CA 45163B01 9C334AAA 046F7B18 E9F8D151 8996B5B5 CA96FC78
|
|
||||||
870C057E 929F7011 CAE9A00E E5DDD799 2C2581D3 413DFC7C 49B38DF0 48A0216E
|
|
||||||
4EF4C65C F1D1F4EF 545370F3 3FA69C4B 22948881 F7B28644 2A4F2865 026EF500
|
|
||||||
F57BBC11 4C13CEC6 841421DB 34EDCB47 510668FF 5FBF525E CF9020ED 51414B3D
|
|
||||||
07601E2A 4A30A706 2DDD6EEE B7B2AE7A C37820D3 C08BAA78 C1D030E7 B3F1C8EA
|
|
||||||
FECCFF10 363296DB 9E0C3A97 C1E7C416 75425A88 AEBB0AA0 6D0BC326 9043BC8C
|
|
||||||
CB75A544 AA9FFDB0 67E22FD9 5CE66812 B58FADDA 5B7993CA 4F7D7F37 B179642C
|
|
||||||
873C129B 2DAC8D5E 4BF6CF5D 03D41302 EA4A481E 53DF7648 00D7668A E6B1672F
|
|
||||||
1397D45A 21350203 010001A3 53305130 1D060355 1D0E0416 041447B1 391FE1B2
|
|
||||||
9088CF66 FCA5F571 4DDE8252 2C85301F 0603551D 23041830 16801447 B1391FE1
|
|
||||||
B29088CF 66FCA5F5 714DDE82 522C8530 0F060355 1D130101 FF040530 030101FF
|
|
||||||
300D0609 2A864886 F70D0101 0D050003 82010100 74081052 95A744B6 9812BACC
|
|
||||||
0743C4D2 0957BE9A D49CCB1B 36F41237 0F9C8512 F82BD6CF 7BC20495 C544C441
|
|
||||||
B37CC3B6 D3F2A35B 8B47EF95 E6545B01 763887D5 97D4A247 019D3387 D29DC699
|
|
||||||
25C45B3F 674662BB DFF0B1CC 6E50C91B 3C843D3E AEEC6BE1 6577D36F E99946F3
|
|
||||||
52E02B0E 162902B9 F6477EF8 C59D0955 D7351E18 671F96B8 B8569431 4A90FD04
|
|
||||||
C543996B 633FB9CB 48BA7FB6 EC39E137 11FA78DE 6E4FD609 FACC9D0C D1ED2A2C
|
|
||||||
3B7A7B1C 29D4F096 1CB08698 9E83B983 B4B7045C 7166B0A4 1C3E8E20 75F9FC2D
|
|
||||||
202298E3 F6328325 8790A997 C757940F 2B0543EC 3D01B7BC F48D979D 392C21D8
|
|
||||||
3017E967 7743A155 D97B6463 28E467DD 3E8D9D3F
|
|
||||||
quit
|
|
||||||
crypto pki certificate chain SLA-TrustPoint
|
|
||||||
certificate ca 01
|
|
||||||
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
|
|
||||||
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
|
|
||||||
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
|
|
||||||
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
|
|
||||||
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
|
|
||||||
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
|
|
||||||
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
|
|
||||||
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
|
|
||||||
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
|
|
||||||
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
|
|
||||||
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
|
|
||||||
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
|
|
||||||
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
|
|
||||||
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
|
|
||||||
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
|
|
||||||
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
|
|
||||||
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
|
|
||||||
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
|
|
||||||
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
|
|
||||||
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
|
|
||||||
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
|
|
||||||
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
|
|
||||||
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
|
|
||||||
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
|
|
||||||
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
|
|
||||||
D697DF7F 28
|
|
||||||
quit
|
|
||||||
!
|
|
||||||
!
|
|
||||||
license boot level network-advantage addon dna-advantage
|
|
||||||
memory free low-watermark processor 104985
|
|
||||||
!
|
|
||||||
diagnostic bootup level minimal
|
|
||||||
!
|
|
||||||
spanning-tree mode rapid-pvst
|
|
||||||
spanning-tree extend system-id
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
redundancy
|
|
||||||
mode sso
|
|
||||||
crypto engine compliance shield disable
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
transceiver type all
|
|
||||||
monitoring
|
|
||||||
!
|
|
||||||
vlan configuration 101
|
|
||||||
member evpn-instance 101 vni 10101
|
|
||||||
vlan configuration 102
|
|
||||||
member evpn-instance 102 vni 10102
|
|
||||||
vlan configuration 901
|
|
||||||
member vni 50901
|
|
||||||
!
|
|
||||||
!
|
|
||||||
class-map match-any system-cpp-police-ewlc-control
|
|
||||||
description EWLC Control
|
|
||||||
class-map match-any system-cpp-police-topology-control
|
|
||||||
description Topology control
|
|
||||||
class-map match-any system-cpp-police-sw-forward
|
|
||||||
description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
|
|
||||||
class-map match-any system-cpp-default
|
|
||||||
description EWLC Data, Inter FED Traffic
|
|
||||||
class-map match-any system-cpp-police-sys-data
|
|
||||||
description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
|
|
||||||
class-map match-any system-cpp-police-punt-webauth
|
|
||||||
description Punt Webauth
|
|
||||||
class-map match-any system-cpp-police-l2lvx-control
|
|
||||||
description L2 LVX control packets
|
|
||||||
class-map match-any system-cpp-police-forus
|
|
||||||
description Forus traffic
|
|
||||||
class-map match-any system-cpp-police-multicast-end-station
|
|
||||||
description MCAST END STATION
|
|
||||||
class-map match-any system-cpp-police-forus-addr-resolution
|
|
||||||
description Forus address resolution
|
|
||||||
class-map match-any system-cpp-police-high-rate-app
|
|
||||||
description High Rate Applications
|
|
||||||
class-map match-any system-cpp-police-multicast
|
|
||||||
description MCAST Data
|
|
||||||
class-map match-any system-cpp-police-meraki-next-tunnel
|
|
||||||
description Meraki Next tunnel
|
|
||||||
class-map match-any system-cpp-police-l2-control
|
|
||||||
description L2 control
|
|
||||||
class-map match-any system-cpp-police-dot1x-auth
|
|
||||||
description DOT1X Auth
|
|
||||||
class-map match-any system-cpp-police-data
|
|
||||||
description ICMP redirect, ICMP_GEN and BROADCAST
|
|
||||||
class-map match-any system-cpp-police-stackwise-virt-control
|
|
||||||
description Stackwise Virtual OOB
|
|
||||||
class-map match-any non-client-nrt-class
|
|
||||||
class-map match-any system-cpp-police-routing-control
|
|
||||||
description Routing control and Low Latency
|
|
||||||
class-map match-any system-cpp-police-protocol-snooping
|
|
||||||
description Protocol snooping
|
|
||||||
class-map match-any system-cpp-police-dhcp-snooping
|
|
||||||
description DHCP snooping
|
|
||||||
class-map match-any system-cpp-police-ios-routing
|
|
||||||
description L2 control, Topology control, Routing control, Low Latency
|
|
||||||
class-map match-any system-cpp-police-system-critical
|
|
||||||
description System Critical and Gold Pkt
|
|
||||||
class-map match-any system-cpp-police-ios-feature
|
|
||||||
description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
|
|
||||||
!
|
|
||||||
policy-map system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
interface Loopback0
|
|
||||||
ip address 172.16.255.3 255.255.255.255
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface Loopback1
|
|
||||||
ip address 172.16.254.3 255.255.255.255
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface Port-channel12
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
evpn ethernet-segment 1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet0/0
|
|
||||||
vrf forwarding Mgmt-vrf
|
|
||||||
no ip address
|
|
||||||
shutdown
|
|
||||||
negotiation auto
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/1
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.13.3 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/2
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.23.3 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/4
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/5
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/6
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/7
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/8
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/9
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/10
|
|
||||||
switchport mode trunk
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/11
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/12
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/13
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/14
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/15
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/16
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/17
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/18
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/19
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/20
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/21
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/22
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/23
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/24
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/2
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/4
|
|
||||||
!
|
|
||||||
interface AppGigabitEthernet1/0/1
|
|
||||||
!
|
|
||||||
interface Vlan1
|
|
||||||
no ip address
|
|
||||||
!
|
|
||||||
interface Vlan101
|
|
||||||
vrf forwarding green
|
|
||||||
ip address 10.1.101.1 255.255.255.0
|
|
||||||
!
|
|
||||||
interface Vlan102
|
|
||||||
vrf forwarding green
|
|
||||||
ip address 10.1.102.1 255.255.255.0
|
|
||||||
!
|
|
||||||
interface Vlan901
|
|
||||||
vrf forwarding green
|
|
||||||
ip unnumbered Loopback1
|
|
||||||
ipv6 enable
|
|
||||||
no autostate
|
|
||||||
!
|
|
||||||
interface nve1
|
|
||||||
no ip address
|
|
||||||
source-interface Loopback1
|
|
||||||
host-reachability protocol bgp
|
|
||||||
member vni 10101 mcast-group 225.0.0.101
|
|
||||||
member vni 10102 ingress-replication
|
|
||||||
member vni 50901 vrf green
|
|
||||||
!
|
|
||||||
router ospf 1
|
|
||||||
router-id 172.16.255.3
|
|
||||||
!
|
|
||||||
router bgp 65001
|
|
||||||
bgp log-neighbor-changes
|
|
||||||
no bgp default ipv4-unicast
|
|
||||||
neighbor 172.16.255.1 remote-as 65001
|
|
||||||
neighbor 172.16.255.1 update-source Loopback0
|
|
||||||
neighbor 172.16.255.2 remote-as 65001
|
|
||||||
neighbor 172.16.255.2 update-source Loopback0
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
redistribute static
|
|
||||||
redistribute connected
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family l2vpn evpn
|
|
||||||
neighbor 172.16.255.1 activate
|
|
||||||
neighbor 172.16.255.1 send-community both
|
|
||||||
neighbor 172.16.255.2 activate
|
|
||||||
neighbor 172.16.255.2 send-community both
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv4 vrf green
|
|
||||||
advertise l2vpn evpn
|
|
||||||
redistribute static
|
|
||||||
redistribute connected
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
ip forward-protocol nd
|
|
||||||
ip http server
|
|
||||||
ip http authentication local
|
|
||||||
ip http secure-server
|
|
||||||
ip pim rp-address 172.16.255.255
|
|
||||||
ip ssh bulk-mode 131072
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
control-plane
|
|
||||||
service-policy input system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
line con 0
|
|
||||||
stopbits 1
|
|
||||||
line vty 0 4
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
line vty 5 31
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
end
|
|
||||||
@@ -1,403 +0,0 @@
|
|||||||
hostname Leaf-02
|
|
||||||
!
|
|
||||||
!
|
|
||||||
vrf definition Mgmt-vrf
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv6
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
vrf definition green
|
|
||||||
rd 1:1
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
route-target export 1:1
|
|
||||||
route-target import 1:1
|
|
||||||
route-target export 1:1 stitching
|
|
||||||
route-target import 1:1 stitching
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv6
|
|
||||||
route-target export 1:1
|
|
||||||
route-target import 1:1
|
|
||||||
route-target export 1:1 stitching
|
|
||||||
route-target import 1:1 stitching
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
no aaa new-model
|
|
||||||
switch 1 provision c9300l-24p-4g
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip multicast-routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
login on-success log
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
l2vpn evpn
|
|
||||||
replication-type static
|
|
||||||
router-id Loopback1
|
|
||||||
default-gateway advertise
|
|
||||||
!
|
|
||||||
l2vpn evpn instance 101 vlan-based
|
|
||||||
encapsulation vxlan
|
|
||||||
!
|
|
||||||
l2vpn evpn instance 102 vlan-based
|
|
||||||
encapsulation vxlan
|
|
||||||
replication-type ingress
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki trustpoint TP-self-signed-4106980722
|
|
||||||
enrollment selfsigned
|
|
||||||
subject-name cn=IOS-Self-Signed-Certificate-4106980722
|
|
||||||
revocation-check none
|
|
||||||
rsakeypair TP-self-signed-4106980722
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
crypto pki trustpoint SLA-TrustPoint
|
|
||||||
enrollment pkcs12
|
|
||||||
revocation-check crl
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki certificate chain TP-self-signed-4106980722
|
|
||||||
certificate self-signed 01
|
|
||||||
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 0D050030
|
|
||||||
31312F30 2D060355 04030C26 494F532D 53656C66 2D536967 6E65642D 43657274
|
|
||||||
69666963 6174652D 34313036 39383037 3232301E 170D3236 30363130 30393433
|
|
||||||
32345A17 0D333630 36303930 39343332 345A3031 312F302D 06035504 030C2649
|
|
||||||
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 31303639
|
|
||||||
38303732 32308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
|
|
||||||
0A028201 01009849 F78BD093 74C4F07A A3855635 0B226D1D DB524A61 14AB07A6
|
|
||||||
6CC41BC9 29B861FA 10F734FE A0115CFF 44B53345 C2C5CCDB E6508E36 734F83D1
|
|
||||||
2586BBFA 55FBCA7D 731EEA2D 7F9C13F9 B6D04514 DE51D43E DD9BE04C 9841316B
|
|
||||||
9CD765D7 2A999541 D078E1F7 4BD9597A 5BA09FBA CBFD2EF7 92BBAD66 C4FA8535
|
|
||||||
2057BC14 1E11B218 7A021057 C7EBCDC9 FCED0B91 FD84E5A2 CAD4F661 FE66AA2B
|
|
||||||
ABF56705 125F5B97 521EE401 AF66FBAD 42ACAF73 4B7F3A2F 3FA2AE03 69DC2A88
|
|
||||||
F7616397 B13E3B37 A762AFA4 D51576B7 3F0A039B 40C64DDB 39F2F686 2EF72BED
|
|
||||||
2729B749 FBE8DF8D 8A6FFB1B 569E2220 C1A81171 5481BB56 E470941D 3311E8BD
|
|
||||||
C9C59E75 06FF0203 010001A3 53305130 1D060355 1D0E0416 04141AB2 BB3AB3AE
|
|
||||||
642F201E BA75F878 589FFAEA D5D0301F 0603551D 23041830 1680141A B2BB3AB3
|
|
||||||
AE642F20 1EBA75F8 78589FFA EAD5D030 0F060355 1D130101 FF040530 030101FF
|
|
||||||
300D0609 2A864886 F70D0101 0D050003 82010100 81BBF69B F9F2A5B6 7F3CF96D
|
|
||||||
506E8D43 964DAF2A D9221CF1 D84E4841 CE94D992 2F383B63 A782E3AE 730C0D05
|
|
||||||
9D60B3ED 9A899D23 F4F741F5 B3CCAD4B CBABEDE8 F9151F0A 3917E943 DF117766
|
|
||||||
3EF0FB53 0D5402EC ED33225C C267C600 5E22DD5A 4D62D87B 84D58914 37FA19E6
|
|
||||||
F25C4B0E E6A9A72D D82F58C3 3D9BA708 96F92047 443276F4 848F07CB 0275B5D7
|
|
||||||
A3A9EA89 76E1C857 9C5C1FD6 C8AD6829 63A45513 4122EE6B 2DC85CDF 6DC4D8F4
|
|
||||||
9A649698 6E60811F 9935D7BD BFC23EAB 6B669C74 FE480A50 DEC87777 6EDF0E59
|
|
||||||
D198B7DC 29ADEE47 F562740E 870D9503 36816813 48CACEA0 AB336A54 A25BA97F
|
|
||||||
A4631BDF 907B0213 DA1B804E 72F4FA8B AFA4F633
|
|
||||||
quit
|
|
||||||
crypto pki certificate chain SLA-TrustPoint
|
|
||||||
certificate ca 01
|
|
||||||
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
|
|
||||||
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
|
|
||||||
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
|
|
||||||
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
|
|
||||||
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
|
|
||||||
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
|
|
||||||
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
|
|
||||||
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
|
|
||||||
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
|
|
||||||
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
|
|
||||||
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
|
|
||||||
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
|
|
||||||
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
|
|
||||||
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
|
|
||||||
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
|
|
||||||
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
|
|
||||||
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
|
|
||||||
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
|
|
||||||
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
|
|
||||||
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
|
|
||||||
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
|
|
||||||
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
|
|
||||||
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
|
|
||||||
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
|
|
||||||
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
|
|
||||||
D697DF7F 28
|
|
||||||
quit
|
|
||||||
!
|
|
||||||
!
|
|
||||||
license boot level network-advantage addon dna-advantage
|
|
||||||
memory free low-watermark processor 104985
|
|
||||||
!
|
|
||||||
diagnostic bootup level minimal
|
|
||||||
!
|
|
||||||
spanning-tree mode rapid-pvst
|
|
||||||
spanning-tree extend system-id
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
redundancy
|
|
||||||
mode sso
|
|
||||||
crypto engine compliance shield disable
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
transceiver type all
|
|
||||||
monitoring
|
|
||||||
!
|
|
||||||
vlan configuration 101
|
|
||||||
member evpn-instance 101 vni 10101
|
|
||||||
vlan configuration 102
|
|
||||||
member evpn-instance 102 vni 10102
|
|
||||||
vlan configuration 901
|
|
||||||
member vni 50901
|
|
||||||
!
|
|
||||||
!
|
|
||||||
class-map match-any system-cpp-police-ewlc-control
|
|
||||||
description EWLC Control
|
|
||||||
class-map match-any system-cpp-police-topology-control
|
|
||||||
description Topology control
|
|
||||||
class-map match-any system-cpp-police-sw-forward
|
|
||||||
description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
|
|
||||||
class-map match-any system-cpp-default
|
|
||||||
description EWLC Data, Inter FED Traffic
|
|
||||||
class-map match-any system-cpp-police-sys-data
|
|
||||||
description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
|
|
||||||
class-map match-any system-cpp-police-punt-webauth
|
|
||||||
description Punt Webauth
|
|
||||||
class-map match-any system-cpp-police-l2lvx-control
|
|
||||||
description L2 LVX control packets
|
|
||||||
class-map match-any system-cpp-police-forus
|
|
||||||
description Forus traffic
|
|
||||||
class-map match-any system-cpp-police-multicast-end-station
|
|
||||||
description MCAST END STATION
|
|
||||||
class-map match-any system-cpp-police-forus-addr-resolution
|
|
||||||
description Forus address resolution
|
|
||||||
class-map match-any system-cpp-police-high-rate-app
|
|
||||||
description High Rate Applications
|
|
||||||
class-map match-any system-cpp-police-multicast
|
|
||||||
description MCAST Data
|
|
||||||
class-map match-any system-cpp-police-meraki-next-tunnel
|
|
||||||
description Meraki Next tunnel
|
|
||||||
class-map match-any system-cpp-police-l2-control
|
|
||||||
description L2 control
|
|
||||||
class-map match-any system-cpp-police-dot1x-auth
|
|
||||||
description DOT1X Auth
|
|
||||||
class-map match-any system-cpp-police-data
|
|
||||||
description ICMP redirect, ICMP_GEN and BROADCAST
|
|
||||||
class-map match-any system-cpp-police-stackwise-virt-control
|
|
||||||
description Stackwise Virtual OOB
|
|
||||||
class-map match-any non-client-nrt-class
|
|
||||||
class-map match-any system-cpp-police-routing-control
|
|
||||||
description Routing control and Low Latency
|
|
||||||
class-map match-any system-cpp-police-protocol-snooping
|
|
||||||
description Protocol snooping
|
|
||||||
class-map match-any system-cpp-police-dhcp-snooping
|
|
||||||
description DHCP snooping
|
|
||||||
class-map match-any system-cpp-police-ios-routing
|
|
||||||
description L2 control, Topology control, Routing control, Low Latency
|
|
||||||
class-map match-any system-cpp-police-system-critical
|
|
||||||
description System Critical and Gold Pkt
|
|
||||||
class-map match-any system-cpp-police-ios-feature
|
|
||||||
description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
|
|
||||||
!
|
|
||||||
policy-map system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
interface Loopback0
|
|
||||||
ip address 172.16.255.4 255.255.255.255
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface Loopback1
|
|
||||||
ip address 172.16.254.4 255.255.255.255
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface Port-channel12
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
evpn ethernet-segment 1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet0/0
|
|
||||||
vrf forwarding Mgmt-vrf
|
|
||||||
no ip address
|
|
||||||
shutdown
|
|
||||||
negotiation auto
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/1
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.14.4 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/2
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.24.4 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/4
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/5
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/6
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/7
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/8
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/9
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/10
|
|
||||||
switchport mode trunk
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/11
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/12
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/13
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/14
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/15
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/16
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/17
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/18
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/19
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/20
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/21
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/22
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/23
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/24
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/2
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/4
|
|
||||||
!
|
|
||||||
interface AppGigabitEthernet1/0/1
|
|
||||||
!
|
|
||||||
interface Vlan1
|
|
||||||
no ip address
|
|
||||||
!
|
|
||||||
interface Vlan101
|
|
||||||
vrf forwarding green
|
|
||||||
ip address 10.1.101.1 255.255.255.0
|
|
||||||
!
|
|
||||||
interface Vlan102
|
|
||||||
vrf forwarding green
|
|
||||||
ip address 10.1.102.1 255.255.255.0
|
|
||||||
!
|
|
||||||
interface Vlan901
|
|
||||||
vrf forwarding green
|
|
||||||
ip unnumbered Loopback1
|
|
||||||
ipv6 enable
|
|
||||||
no autostate
|
|
||||||
!
|
|
||||||
interface nve1
|
|
||||||
no ip address
|
|
||||||
source-interface Loopback1
|
|
||||||
host-reachability protocol bgp
|
|
||||||
member vni 10101 mcast-group 225.0.0.101
|
|
||||||
member vni 50901 vrf green
|
|
||||||
member vni 10102 ingress-replication
|
|
||||||
!
|
|
||||||
router ospf 1
|
|
||||||
router-id 172.16.255.4
|
|
||||||
!
|
|
||||||
router bgp 65001
|
|
||||||
bgp log-neighbor-changes
|
|
||||||
no bgp default ipv4-unicast
|
|
||||||
neighbor 172.16.255.1 remote-as 65001
|
|
||||||
neighbor 172.16.255.1 update-source Loopback0
|
|
||||||
neighbor 172.16.255.2 remote-as 65001
|
|
||||||
neighbor 172.16.255.2 update-source Loopback0
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family l2vpn evpn
|
|
||||||
neighbor 172.16.255.1 activate
|
|
||||||
neighbor 172.16.255.1 send-community both
|
|
||||||
neighbor 172.16.255.2 activate
|
|
||||||
neighbor 172.16.255.2 send-community both
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv4 vrf green
|
|
||||||
advertise l2vpn evpn
|
|
||||||
redistribute static
|
|
||||||
redistribute connected
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
ip forward-protocol nd
|
|
||||||
ip http server
|
|
||||||
ip http authentication local
|
|
||||||
ip http secure-server
|
|
||||||
ip pim rp-address 172.16.255.255
|
|
||||||
ip ssh bulk-mode 131072
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
control-plane
|
|
||||||
service-policy input system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
line con 0
|
|
||||||
stopbits 1
|
|
||||||
line vty 0 4
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
line vty 5 31
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
end
|
|
||||||
@@ -1,351 +0,0 @@
|
|||||||
hostname Spine-01
|
|
||||||
!
|
|
||||||
!
|
|
||||||
vrf definition Mgmt-vrf
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv6
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
no aaa new-model
|
|
||||||
switch 2 provision c9300l-24p-4g
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip multicast-routing
|
|
||||||
!
|
|
||||||
ip dhcp pool webuidhcp
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
login on-success log
|
|
||||||
ipv6 nd cache expire refresh
|
|
||||||
ipv6 unicast-routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki trustpoint SLA-TrustPoint
|
|
||||||
enrollment pkcs12
|
|
||||||
revocation-check crl
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
crypto pki trustpoint TP-self-signed-251052295
|
|
||||||
enrollment selfsigned
|
|
||||||
subject-name cn=IOS-Self-Signed-Certificate-251052295
|
|
||||||
revocation-check none
|
|
||||||
rsakeypair TP-self-signed-251052295
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki certificate chain SLA-TrustPoint
|
|
||||||
certificate ca 01
|
|
||||||
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
|
|
||||||
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
|
|
||||||
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
|
|
||||||
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
|
|
||||||
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
|
|
||||||
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
|
|
||||||
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
|
|
||||||
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
|
|
||||||
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
|
|
||||||
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
|
|
||||||
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
|
|
||||||
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
|
|
||||||
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
|
|
||||||
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
|
|
||||||
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
|
|
||||||
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
|
|
||||||
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
|
|
||||||
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
|
|
||||||
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
|
|
||||||
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
|
|
||||||
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
|
|
||||||
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
|
|
||||||
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
|
|
||||||
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
|
|
||||||
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
|
|
||||||
D697DF7F 28
|
|
||||||
quit
|
|
||||||
crypto pki certificate chain TP-self-signed-251052295
|
|
||||||
certificate self-signed 01
|
|
||||||
3082032E 30820216 A0030201 02020101 300D0609 2A864886 F70D0101 0D050030
|
|
||||||
30312E30 2C060355 04030C25 494F532D 53656C66 2D536967 6E65642D 43657274
|
|
||||||
69666963 6174652D 32353130 35323239 35301E17 0D323630 36313030 37353733
|
|
||||||
315A170D 33363036 30393037 35373331 5A303031 2E302C06 03550403 0C25494F
|
|
||||||
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3235 31303532
|
|
||||||
32393530 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 82010A02
|
|
||||||
82010100 D89BCFBD 5397ED82 DFCE3396 1664243E F8B16D1A EF4EA9FC 89661810
|
|
||||||
B86A1333 F49417A6 D2321D74 E43423FC 99CB1A86 704E5FC1 1F26C7E7 DCDBD99F
|
|
||||||
D85630C3 59237E9C 9A988DE5 15500356 0FB10E0F 3E8B1401 7C8E06A8 E3493E22
|
|
||||||
93AC7E5D 52433498 490F20EE C966121A 0FFDC547 E9C664D1 766EDF3D 13081CEC
|
|
||||||
AB2B202C 5FF1BB61 B98593BE 3700930E AF220152 F6BF1D1A 38B9CDC0 CB31C119
|
|
||||||
2E09E5F3 4CA6F02A 1FF916FC 4627CCB9 C32D8573 B69AF79B 699E91F3 0C79FECA
|
|
||||||
0DF90FF0 F8B005FA 63DF5302 64C3A1AE 6FD8C78E FE976E0C D03E9139 6B933048
|
|
||||||
13049514 105B1995 1267D0DC 3DA4CCBD 31703F2F 6914C8F3 7B1DB726 A2B07631
|
|
||||||
2180D6F7 02030100 01A35330 51301D06 03551D0E 04160414 147899D8 5CAC32ED
|
|
||||||
34315AED 87E8EFCA 2FEC840F 301F0603 551D2304 18301680 14147899 D85CAC32
|
|
||||||
ED34315A ED87E8EF CA2FEC84 0F300F06 03551D13 0101FF04 05300301 01FF300D
|
|
||||||
06092A86 4886F70D 01010D05 00038201 0100AAA6 FE2EC09B F9769A5C C0DAAE85
|
|
||||||
8D02A258 AB7E4510 807F9FEF 10FE774B 7B0F3EFE 117F850F 833B49B6 C20781B0
|
|
||||||
D89F5F9E FDEB06B1 74889F5E 5D2E9EEB 2ECDE82E 58EDA905 AD6D7313 66519DC7
|
|
||||||
6702F569 DDEAE0E6 24C302AF F784DFA3 F3FA0512 DD416C13 8AFC7D09 6EAE05E3
|
|
||||||
5E067BD9 3CC56564 3B92D3C1 1E4BC00C FD3C03A1 0E37A034 1C378323 4080AE0D
|
|
||||||
AAEB2A55 632CF3C0 35ACBDB4 F118B9FE 53C9D86A 2713FD54 C1ADA68B 043EC657
|
|
||||||
3CE61F31 61FEC1B9 75DCD39B 75E97238 A1CF89E0 47B037C1 8A886AD3 0F3D35DF
|
|
||||||
1822F3A2 1AD01417 77D4D683 274034B9 9721C84B A9203A29 06F916BF BEBEB112
|
|
||||||
F43BAFEB EC57AECF 57C0AED5 88A8DE69 F5A4
|
|
||||||
quit
|
|
||||||
!
|
|
||||||
!
|
|
||||||
license boot level network-advantage addon dna-advantage
|
|
||||||
memory free low-watermark processor 104985
|
|
||||||
!
|
|
||||||
diagnostic bootup level minimal
|
|
||||||
!
|
|
||||||
spanning-tree mode rapid-pvst
|
|
||||||
spanning-tree extend system-id
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
redundancy
|
|
||||||
mode sso
|
|
||||||
crypto engine compliance shield disable
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
transceiver type all
|
|
||||||
monitoring
|
|
||||||
!
|
|
||||||
!
|
|
||||||
class-map match-any system-cpp-police-ewlc-control
|
|
||||||
description EWLC Control
|
|
||||||
class-map match-any system-cpp-police-topology-control
|
|
||||||
description Topology control
|
|
||||||
class-map match-any system-cpp-police-sw-forward
|
|
||||||
description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
|
|
||||||
class-map match-any system-cpp-default
|
|
||||||
description EWLC Data, Inter FED Traffic
|
|
||||||
class-map match-any system-cpp-police-sys-data
|
|
||||||
description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
|
|
||||||
class-map match-any system-cpp-police-punt-webauth
|
|
||||||
description Punt Webauth
|
|
||||||
class-map match-any system-cpp-police-l2lvx-control
|
|
||||||
description L2 LVX control packets
|
|
||||||
class-map match-any system-cpp-police-forus
|
|
||||||
description Forus traffic
|
|
||||||
class-map match-any system-cpp-police-multicast-end-station
|
|
||||||
description MCAST END STATION
|
|
||||||
class-map match-any system-cpp-police-forus-addr-resolution
|
|
||||||
description Forus address resolution
|
|
||||||
class-map match-any system-cpp-police-high-rate-app
|
|
||||||
description High Rate Applications
|
|
||||||
class-map match-any system-cpp-police-multicast
|
|
||||||
description MCAST Data
|
|
||||||
class-map match-any system-cpp-police-meraki-next-tunnel
|
|
||||||
description Meraki Next tunnel
|
|
||||||
class-map match-any system-cpp-police-l2-control
|
|
||||||
description L2 control
|
|
||||||
class-map match-any system-cpp-police-dot1x-auth
|
|
||||||
description DOT1X Auth
|
|
||||||
class-map match-any system-cpp-police-data
|
|
||||||
description ICMP redirect, ICMP_GEN and BROADCAST
|
|
||||||
class-map match-any system-cpp-police-stackwise-virt-control
|
|
||||||
description Stackwise Virtual OOB
|
|
||||||
class-map match-any non-client-nrt-class
|
|
||||||
class-map match-any system-cpp-police-routing-control
|
|
||||||
description Routing control and Low Latency
|
|
||||||
class-map match-any system-cpp-police-protocol-snooping
|
|
||||||
description Protocol snooping
|
|
||||||
class-map match-any system-cpp-police-dhcp-snooping
|
|
||||||
description DHCP snooping
|
|
||||||
class-map match-any system-cpp-police-ios-routing
|
|
||||||
description L2 control, Topology control, Routing control, Low Latency
|
|
||||||
class-map match-any system-cpp-police-system-critical
|
|
||||||
description System Critical and Gold Pkt
|
|
||||||
class-map match-any system-cpp-police-ios-feature
|
|
||||||
description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
|
|
||||||
!
|
|
||||||
policy-map system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
interface Loopback0
|
|
||||||
ip address 172.16.255.1 255.255.255.255
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface Loopback1
|
|
||||||
ip address 172.16.254.1 255.255.255.255
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface Loopback2
|
|
||||||
ip address 172.16.255.255 255.255.255.255
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet0/0
|
|
||||||
vrf forwarding Mgmt-vrf
|
|
||||||
no ip address
|
|
||||||
shutdown
|
|
||||||
negotiation auto
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/1
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.13.1 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/2
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.14.1 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/4
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/5
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/6
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/7
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/8
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/9
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/10
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/11
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/12
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/13
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/14
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/15
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/16
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/17
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/18
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/19
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/20
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/21
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/22
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/23
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/24
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/1/1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/1/2
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/1/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/1/4
|
|
||||||
!
|
|
||||||
interface AppGigabitEthernet2/0/1
|
|
||||||
!
|
|
||||||
interface Vlan1
|
|
||||||
no ip address
|
|
||||||
shutdown
|
|
||||||
!
|
|
||||||
router ospf 1
|
|
||||||
router-id 172.16.255.1
|
|
||||||
!
|
|
||||||
router bgp 65001
|
|
||||||
template peer-policy RR-PP
|
|
||||||
route-reflector-client
|
|
||||||
send-community both
|
|
||||||
exit-peer-policy
|
|
||||||
!
|
|
||||||
template peer-session RR-PS
|
|
||||||
remote-as 65001
|
|
||||||
update-source Loopback0
|
|
||||||
exit-peer-session
|
|
||||||
!
|
|
||||||
bgp router-id 172.16.255.1
|
|
||||||
bgp log-neighbor-changes
|
|
||||||
no bgp default ipv4-unicast
|
|
||||||
neighbor 172.16.255.3 inherit peer-session RR-PS
|
|
||||||
neighbor 172.16.255.4 inherit peer-session RR-PS
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family l2vpn evpn
|
|
||||||
neighbor 172.16.255.3 activate
|
|
||||||
neighbor 172.16.255.3 send-community both
|
|
||||||
neighbor 172.16.255.3 inherit peer-policy RR-PP
|
|
||||||
neighbor 172.16.255.4 activate
|
|
||||||
neighbor 172.16.255.4 send-community both
|
|
||||||
neighbor 172.16.255.4 inherit peer-policy RR-PP
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
ip forward-protocol nd
|
|
||||||
ip http server
|
|
||||||
ip http secure-server
|
|
||||||
ip pim rp-address 172.16.255.255
|
|
||||||
ip msdp peer 172.16.254.2 connect-source Loopback1 remote-as 65001
|
|
||||||
ip ssh bulk-mode 131072
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
control-plane
|
|
||||||
service-policy input system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
line con 0
|
|
||||||
stopbits 1
|
|
||||||
line vty 0 4
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
line vty 5 31
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
end
|
|
||||||
@@ -1,347 +0,0 @@
|
|||||||
hostname Spine-02
|
|
||||||
!
|
|
||||||
!
|
|
||||||
vrf definition Mgmt-vrf
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv6
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
no aaa new-model
|
|
||||||
switch 1 provision c9300l-24p-4g
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip multicast-routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
login on-success log
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki trustpoint TP-self-signed-430895953
|
|
||||||
enrollment selfsigned
|
|
||||||
subject-name cn=IOS-Self-Signed-Certificate-430895953
|
|
||||||
revocation-check none
|
|
||||||
rsakeypair TP-self-signed-430895953
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
crypto pki trustpoint SLA-TrustPoint
|
|
||||||
enrollment pkcs12
|
|
||||||
revocation-check crl
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki certificate chain TP-self-signed-430895953
|
|
||||||
certificate self-signed 01
|
|
||||||
3082032E 30820216 A0030201 02020101 300D0609 2A864886 F70D0101 0D050030
|
|
||||||
30312E30 2C060355 04030C25 494F532D 53656C66 2D536967 6E65642D 43657274
|
|
||||||
69666963 6174652D 34333038 39353935 33301E17 0D323630 36313030 37353931
|
|
||||||
315A170D 33363036 30393037 35393131 5A303031 2E302C06 03550403 0C25494F
|
|
||||||
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3433 30383935
|
|
||||||
39353330 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 82010A02
|
|
||||||
82010100 A71865B6 6C5F0B06 665FCD05 19C66FF3 4D4B9157 EF422949 A4ACD2F2
|
|
||||||
ACF5AA84 6B593191 FF34BB5C 2A1F3064 DCF41C32 A8EA567D C7B1400B A9CD2CC6
|
|
||||||
55F61D16 792E6552 31D4B438 137EC154 47503D71 FDB8A4A7 71B3FE2A B36FF58C
|
|
||||||
F5356063 942A2DBC 99F20FC0 ABE7C186 940AF2A2 E94A30CF 7D6AA5D7 4A9C93BB
|
|
||||||
99A5779B A179C130 8839473E 04679619 897E139A 3B883DF0 484060CD 703D25A2
|
|
||||||
01153890 F65AE584 6C403826 7DDD0C8C B76D6690 D7FACB49 89B2CB22 619B1F18
|
|
||||||
3C090DAF 47443412 63FC7B3B DEDED46B 4B19BB16 6C2EA229 1946B513 813645F8
|
|
||||||
D029F8B4 878F3581 30A3D42A 37BE3C82 835EDC01 A4D028BC 76F777EC CE9440F2
|
|
||||||
26037F3F 02030100 01A35330 51301D06 03551D0E 04160414 77E8D640 80AF8B64
|
|
||||||
B2AFF1D6 AED32E71 F70417EA 301F0603 551D2304 18301680 1477E8D6 4080AF8B
|
|
||||||
64B2AFF1 D6AED32E 71F70417 EA300F06 03551D13 0101FF04 05300301 01FF300D
|
|
||||||
06092A86 4886F70D 01010D05 00038201 0100177A 72BD66A9 0BFFDBC2 B79A5E60
|
|
||||||
0D47EBD5 A52A2A4F 6CB07B34 55D37A8F 9DE892FB 8AEAD5BF 5D0766DD BC51BD4A
|
|
||||||
5D64DCDA 493D2D2E BB01BAC4 6D4AE47E FE0F0DDD 0628328B 9FAB4001 721E4F9A
|
|
||||||
CF4396D2 AA70CBCA E071F9AF C8248307 D75DABFA A9302E78 7D2AC3FF 2A62FAA7
|
|
||||||
E7AE7A15 EAFE2A27 36BE73BF C9B25B68 FE9A3837 715BD0F2 55B3FEBF 02EEAECC
|
|
||||||
469280FE B46A8105 C3D36F72 E18F6AC2 B3A62DA1 DE7A80B9 0E382EE0 6DD0315D
|
|
||||||
1E4D6120 386CB1E9 48301645 7A8F14F9 3CA2B26F 98C9E634 AB9E0E8A 863B8D1E
|
|
||||||
B64A5817 C92BEEDA 4086C3F7 81EA3F30 DA66BADA 8A16810F EAC7B4C4 6DF5420A
|
|
||||||
4733CCA2 A71746B9 E7762CF6 51C90F36 3E58
|
|
||||||
quit
|
|
||||||
crypto pki certificate chain SLA-TrustPoint
|
|
||||||
certificate ca 01
|
|
||||||
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
|
|
||||||
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
|
|
||||||
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
|
|
||||||
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
|
|
||||||
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
|
|
||||||
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
|
|
||||||
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
|
|
||||||
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
|
|
||||||
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
|
|
||||||
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
|
|
||||||
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
|
|
||||||
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
|
|
||||||
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
|
|
||||||
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
|
|
||||||
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
|
|
||||||
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
|
|
||||||
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
|
|
||||||
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
|
|
||||||
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
|
|
||||||
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
|
|
||||||
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
|
|
||||||
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
|
|
||||||
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
|
|
||||||
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
|
|
||||||
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
|
|
||||||
D697DF7F 28
|
|
||||||
quit
|
|
||||||
!
|
|
||||||
!
|
|
||||||
license boot level network-advantage addon dna-advantage
|
|
||||||
memory free low-watermark processor 104985
|
|
||||||
!
|
|
||||||
diagnostic bootup level minimal
|
|
||||||
!
|
|
||||||
spanning-tree mode rapid-pvst
|
|
||||||
spanning-tree extend system-id
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
redundancy
|
|
||||||
mode sso
|
|
||||||
crypto engine compliance shield disable
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
transceiver type all
|
|
||||||
monitoring
|
|
||||||
!
|
|
||||||
!
|
|
||||||
class-map match-any system-cpp-police-ewlc-control
|
|
||||||
description EWLC Control
|
|
||||||
class-map match-any system-cpp-police-topology-control
|
|
||||||
description Topology control
|
|
||||||
class-map match-any system-cpp-police-sw-forward
|
|
||||||
description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
|
|
||||||
class-map match-any system-cpp-default
|
|
||||||
description EWLC Data, Inter FED Traffic
|
|
||||||
class-map match-any system-cpp-police-sys-data
|
|
||||||
description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
|
|
||||||
class-map match-any system-cpp-police-punt-webauth
|
|
||||||
description Punt Webauth
|
|
||||||
class-map match-any system-cpp-police-l2lvx-control
|
|
||||||
description L2 LVX control packets
|
|
||||||
class-map match-any system-cpp-police-forus
|
|
||||||
description Forus traffic
|
|
||||||
class-map match-any system-cpp-police-multicast-end-station
|
|
||||||
description MCAST END STATION
|
|
||||||
class-map match-any system-cpp-police-forus-addr-resolution
|
|
||||||
description Forus address resolution
|
|
||||||
class-map match-any system-cpp-police-high-rate-app
|
|
||||||
description High Rate Applications
|
|
||||||
class-map match-any system-cpp-police-multicast
|
|
||||||
description MCAST Data
|
|
||||||
class-map match-any system-cpp-police-meraki-next-tunnel
|
|
||||||
description Meraki Next tunnel
|
|
||||||
class-map match-any system-cpp-police-l2-control
|
|
||||||
description L2 control
|
|
||||||
class-map match-any system-cpp-police-dot1x-auth
|
|
||||||
description DOT1X Auth
|
|
||||||
class-map match-any system-cpp-police-data
|
|
||||||
description ICMP redirect, ICMP_GEN and BROADCAST
|
|
||||||
class-map match-any system-cpp-police-stackwise-virt-control
|
|
||||||
description Stackwise Virtual OOB
|
|
||||||
class-map match-any non-client-nrt-class
|
|
||||||
class-map match-any system-cpp-police-routing-control
|
|
||||||
description Routing control and Low Latency
|
|
||||||
class-map match-any system-cpp-police-protocol-snooping
|
|
||||||
description Protocol snooping
|
|
||||||
class-map match-any system-cpp-police-dhcp-snooping
|
|
||||||
description DHCP snooping
|
|
||||||
class-map match-any system-cpp-police-ios-routing
|
|
||||||
description L2 control, Topology control, Routing control, Low Latency
|
|
||||||
class-map match-any system-cpp-police-system-critical
|
|
||||||
description System Critical and Gold Pkt
|
|
||||||
class-map match-any system-cpp-police-ios-feature
|
|
||||||
description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
|
|
||||||
!
|
|
||||||
policy-map system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
interface Loopback0
|
|
||||||
ip address 172.16.255.2 255.255.255.255
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface Loopback1
|
|
||||||
ip address 172.16.254.2 255.255.255.255
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface Loopback2
|
|
||||||
ip address 172.16.255.255 255.255.255.255
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet0/0
|
|
||||||
vrf forwarding Mgmt-vrf
|
|
||||||
no ip address
|
|
||||||
shutdown
|
|
||||||
negotiation auto
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/1
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.23.2 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/2
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.24.2 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/4
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/5
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/6
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/7
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/8
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/9
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/10
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/11
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/12
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/13
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/14
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/15
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/16
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/17
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/18
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/19
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/20
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/21
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/22
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/23
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/24
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/2
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/4
|
|
||||||
!
|
|
||||||
interface AppGigabitEthernet1/0/1
|
|
||||||
!
|
|
||||||
interface Vlan1
|
|
||||||
no ip address
|
|
||||||
!
|
|
||||||
router ospf 1
|
|
||||||
router-id 172.16.255.2
|
|
||||||
!
|
|
||||||
router bgp 65001
|
|
||||||
template peer-policy RR-PP
|
|
||||||
route-reflector-client
|
|
||||||
send-community both
|
|
||||||
exit-peer-policy
|
|
||||||
!
|
|
||||||
template peer-session RR-PS
|
|
||||||
remote-as 65001
|
|
||||||
update-source Loopback0
|
|
||||||
exit-peer-session
|
|
||||||
!
|
|
||||||
bgp router-id 172.16.255.2
|
|
||||||
bgp log-neighbor-changes
|
|
||||||
no bgp default ipv4-unicast
|
|
||||||
neighbor 172.16.255.3 inherit peer-session RR-PS
|
|
||||||
neighbor 172.16.255.4 inherit peer-session RR-PS
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family l2vpn evpn
|
|
||||||
neighbor 172.16.255.3 activate
|
|
||||||
neighbor 172.16.255.3 send-community both
|
|
||||||
neighbor 172.16.255.3 inherit peer-policy RR-PP
|
|
||||||
neighbor 172.16.255.4 activate
|
|
||||||
neighbor 172.16.255.4 send-community both
|
|
||||||
neighbor 172.16.255.4 inherit peer-policy RR-PP
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
ip forward-protocol nd
|
|
||||||
ip http server
|
|
||||||
ip http authentication local
|
|
||||||
ip http secure-server
|
|
||||||
ip pim rp-address 172.16.255.255
|
|
||||||
ip msdp peer 172.16.254.1 connect-source Loopback1 remote-as 65001
|
|
||||||
ip ssh bulk-mode 131072
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
control-plane
|
|
||||||
service-policy input system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
line con 0
|
|
||||||
stopbits 1
|
|
||||||
line vty 0 4
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
line vty 5 31
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
end
|
|
||||||
@@ -1,414 +0,0 @@
|
|||||||
hostname Leaf-01
|
|
||||||
!
|
|
||||||
!
|
|
||||||
vrf definition Mgmt-vrf
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv6
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
vrf definition green
|
|
||||||
rd 1:1
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
route-target export 1:1
|
|
||||||
route-target import 1:1
|
|
||||||
route-target export 1:1 stitching
|
|
||||||
route-target import 1:1 stitching
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv6
|
|
||||||
route-target export 1:1
|
|
||||||
route-target import 1:1
|
|
||||||
route-target export 1:1 stitching
|
|
||||||
route-target import 1:1 stitching
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
no aaa new-model
|
|
||||||
switch 1 provision c9300l-24p-4g
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip multicast-routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
login on-success log
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
l2vpn evpn
|
|
||||||
replication-type static
|
|
||||||
router-id Loopback1
|
|
||||||
default-gateway advertise
|
|
||||||
!
|
|
||||||
l2vpn evpn ethernet-segment 1
|
|
||||||
identifier type 0 00.00.00.00.00.00.00.00.01
|
|
||||||
redundancy all-active
|
|
||||||
df-election wait-time 1
|
|
||||||
!
|
|
||||||
l2vpn evpn instance 101 vlan-based
|
|
||||||
encapsulation vxlan
|
|
||||||
replication-type static
|
|
||||||
!
|
|
||||||
l2vpn evpn instance 102 vlan-based
|
|
||||||
encapsulation vxlan
|
|
||||||
replication-type ingress
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki trustpoint TP-self-signed-2748515057
|
|
||||||
enrollment selfsigned
|
|
||||||
subject-name cn=IOS-Self-Signed-Certificate-2748515057
|
|
||||||
revocation-check none
|
|
||||||
rsakeypair TP-self-signed-2748515057
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
crypto pki trustpoint SLA-TrustPoint
|
|
||||||
enrollment pkcs12
|
|
||||||
revocation-check crl
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki certificate chain TP-self-signed-2748515057
|
|
||||||
certificate self-signed 01
|
|
||||||
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 0D050030
|
|
||||||
31312F30 2D060355 04030C26 494F532D 53656C66 2D536967 6E65642D 43657274
|
|
||||||
69666963 6174652D 32373438 35313530 3537301E 170D3236 30363130 30393433
|
|
||||||
30385A17 0D333630 36303930 39343330 385A3031 312F302D 06035504 030C2649
|
|
||||||
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37343835
|
|
||||||
31353035 37308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
|
|
||||||
0A028201 0100A4CA 45163B01 9C334AAA 046F7B18 E9F8D151 8996B5B5 CA96FC78
|
|
||||||
870C057E 929F7011 CAE9A00E E5DDD799 2C2581D3 413DFC7C 49B38DF0 48A0216E
|
|
||||||
4EF4C65C F1D1F4EF 545370F3 3FA69C4B 22948881 F7B28644 2A4F2865 026EF500
|
|
||||||
F57BBC11 4C13CEC6 841421DB 34EDCB47 510668FF 5FBF525E CF9020ED 51414B3D
|
|
||||||
07601E2A 4A30A706 2DDD6EEE B7B2AE7A C37820D3 C08BAA78 C1D030E7 B3F1C8EA
|
|
||||||
FECCFF10 363296DB 9E0C3A97 C1E7C416 75425A88 AEBB0AA0 6D0BC326 9043BC8C
|
|
||||||
CB75A544 AA9FFDB0 67E22FD9 5CE66812 B58FADDA 5B7993CA 4F7D7F37 B179642C
|
|
||||||
873C129B 2DAC8D5E 4BF6CF5D 03D41302 EA4A481E 53DF7648 00D7668A E6B1672F
|
|
||||||
1397D45A 21350203 010001A3 53305130 1D060355 1D0E0416 041447B1 391FE1B2
|
|
||||||
9088CF66 FCA5F571 4DDE8252 2C85301F 0603551D 23041830 16801447 B1391FE1
|
|
||||||
B29088CF 66FCA5F5 714DDE82 522C8530 0F060355 1D130101 FF040530 030101FF
|
|
||||||
300D0609 2A864886 F70D0101 0D050003 82010100 74081052 95A744B6 9812BACC
|
|
||||||
0743C4D2 0957BE9A D49CCB1B 36F41237 0F9C8512 F82BD6CF 7BC20495 C544C441
|
|
||||||
B37CC3B6 D3F2A35B 8B47EF95 E6545B01 763887D5 97D4A247 019D3387 D29DC699
|
|
||||||
25C45B3F 674662BB DFF0B1CC 6E50C91B 3C843D3E AEEC6BE1 6577D36F E99946F3
|
|
||||||
52E02B0E 162902B9 F6477EF8 C59D0955 D7351E18 671F96B8 B8569431 4A90FD04
|
|
||||||
C543996B 633FB9CB 48BA7FB6 EC39E137 11FA78DE 6E4FD609 FACC9D0C D1ED2A2C
|
|
||||||
3B7A7B1C 29D4F096 1CB08698 9E83B983 B4B7045C 7166B0A4 1C3E8E20 75F9FC2D
|
|
||||||
202298E3 F6328325 8790A997 C757940F 2B0543EC 3D01B7BC F48D979D 392C21D8
|
|
||||||
3017E967 7743A155 D97B6463 28E467DD 3E8D9D3F
|
|
||||||
quit
|
|
||||||
crypto pki certificate chain SLA-TrustPoint
|
|
||||||
certificate ca 01
|
|
||||||
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
|
|
||||||
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
|
|
||||||
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
|
|
||||||
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
|
|
||||||
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
|
|
||||||
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
|
|
||||||
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
|
|
||||||
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
|
|
||||||
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
|
|
||||||
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
|
|
||||||
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
|
|
||||||
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
|
|
||||||
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
|
|
||||||
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
|
|
||||||
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
|
|
||||||
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
|
|
||||||
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
|
|
||||||
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
|
|
||||||
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
|
|
||||||
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
|
|
||||||
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
|
|
||||||
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
|
|
||||||
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
|
|
||||||
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
|
|
||||||
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
|
|
||||||
D697DF7F 28
|
|
||||||
quit
|
|
||||||
!
|
|
||||||
!
|
|
||||||
license boot level network-advantage addon dna-advantage
|
|
||||||
memory free low-watermark processor 104985
|
|
||||||
!
|
|
||||||
diagnostic bootup level minimal
|
|
||||||
!
|
|
||||||
spanning-tree mode rapid-pvst
|
|
||||||
spanning-tree extend system-id
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
redundancy
|
|
||||||
mode sso
|
|
||||||
crypto engine compliance shield disable
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
transceiver type all
|
|
||||||
monitoring
|
|
||||||
!
|
|
||||||
vlan configuration 101
|
|
||||||
member evpn-instance 101 vni 10101
|
|
||||||
vlan configuration 102
|
|
||||||
member evpn-instance 102 vni 10102
|
|
||||||
vlan configuration 901
|
|
||||||
member vni 50901
|
|
||||||
!
|
|
||||||
!
|
|
||||||
class-map match-any system-cpp-police-ewlc-control
|
|
||||||
description EWLC Control
|
|
||||||
class-map match-any system-cpp-police-topology-control
|
|
||||||
description Topology control
|
|
||||||
class-map match-any system-cpp-police-sw-forward
|
|
||||||
description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
|
|
||||||
class-map match-any system-cpp-default
|
|
||||||
description EWLC Data, Inter FED Traffic
|
|
||||||
class-map match-any system-cpp-police-sys-data
|
|
||||||
description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
|
|
||||||
class-map match-any system-cpp-police-punt-webauth
|
|
||||||
description Punt Webauth
|
|
||||||
class-map match-any system-cpp-police-l2lvx-control
|
|
||||||
description L2 LVX control packets
|
|
||||||
class-map match-any system-cpp-police-forus
|
|
||||||
description Forus traffic
|
|
||||||
class-map match-any system-cpp-police-multicast-end-station
|
|
||||||
description MCAST END STATION
|
|
||||||
class-map match-any system-cpp-police-forus-addr-resolution
|
|
||||||
description Forus address resolution
|
|
||||||
class-map match-any system-cpp-police-high-rate-app
|
|
||||||
description High Rate Applications
|
|
||||||
class-map match-any system-cpp-police-multicast
|
|
||||||
description MCAST Data
|
|
||||||
class-map match-any system-cpp-police-meraki-next-tunnel
|
|
||||||
description Meraki Next tunnel
|
|
||||||
class-map match-any system-cpp-police-l2-control
|
|
||||||
description L2 control
|
|
||||||
class-map match-any system-cpp-police-dot1x-auth
|
|
||||||
description DOT1X Auth
|
|
||||||
class-map match-any system-cpp-police-data
|
|
||||||
description ICMP redirect, ICMP_GEN and BROADCAST
|
|
||||||
class-map match-any system-cpp-police-stackwise-virt-control
|
|
||||||
description Stackwise Virtual OOB
|
|
||||||
class-map match-any non-client-nrt-class
|
|
||||||
class-map match-any system-cpp-police-routing-control
|
|
||||||
description Routing control and Low Latency
|
|
||||||
class-map match-any system-cpp-police-protocol-snooping
|
|
||||||
description Protocol snooping
|
|
||||||
class-map match-any system-cpp-police-dhcp-snooping
|
|
||||||
description DHCP snooping
|
|
||||||
class-map match-any system-cpp-police-ios-routing
|
|
||||||
description L2 control, Topology control, Routing control, Low Latency
|
|
||||||
class-map match-any system-cpp-police-system-critical
|
|
||||||
description System Critical and Gold Pkt
|
|
||||||
class-map match-any system-cpp-police-ios-feature
|
|
||||||
description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
|
|
||||||
!
|
|
||||||
policy-map system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
interface Loopback0
|
|
||||||
ip address 172.16.255.3 255.255.255.255
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface Loopback1
|
|
||||||
ip address 172.16.254.3 255.255.255.255
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface Port-channel12
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
evpn ethernet-segment 1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet0/0
|
|
||||||
vrf forwarding Mgmt-vrf
|
|
||||||
no ip address
|
|
||||||
shutdown
|
|
||||||
negotiation auto
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/1
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.13.3 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/2
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.23.3 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/4
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/5
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/6
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/7
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/8
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/9
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/10
|
|
||||||
switchport mode trunk
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/11
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/12
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
channel-group 12 mode active
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/13
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/14
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/15
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/16
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/17
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/18
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/19
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/20
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/21
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/22
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/23
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/24
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/2
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/4
|
|
||||||
!
|
|
||||||
interface AppGigabitEthernet1/0/1
|
|
||||||
!
|
|
||||||
interface Vlan1
|
|
||||||
no ip address
|
|
||||||
!
|
|
||||||
interface Vlan101
|
|
||||||
vrf forwarding green
|
|
||||||
ip address 10.1.101.1 255.255.255.0
|
|
||||||
!
|
|
||||||
interface Vlan102
|
|
||||||
vrf forwarding green
|
|
||||||
ip address 10.1.102.1 255.255.255.0
|
|
||||||
!
|
|
||||||
interface Vlan901
|
|
||||||
vrf forwarding green
|
|
||||||
ip unnumbered Loopback1
|
|
||||||
ipv6 enable
|
|
||||||
no autostate
|
|
||||||
!
|
|
||||||
interface nve1
|
|
||||||
no ip address
|
|
||||||
source-interface Loopback1
|
|
||||||
host-reachability protocol bgp
|
|
||||||
member vni 10101 mcast-group 225.0.0.101
|
|
||||||
member vni 10102 ingress-replication
|
|
||||||
member vni 50901 vrf green
|
|
||||||
!
|
|
||||||
router ospf 1
|
|
||||||
router-id 172.16.255.3
|
|
||||||
!
|
|
||||||
router bgp 65001
|
|
||||||
bgp log-neighbor-changes
|
|
||||||
no bgp default ipv4-unicast
|
|
||||||
neighbor 172.16.255.1 remote-as 65001
|
|
||||||
neighbor 172.16.255.1 update-source Loopback0
|
|
||||||
neighbor 172.16.255.2 remote-as 65001
|
|
||||||
neighbor 172.16.255.2 update-source Loopback0
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
redistribute static
|
|
||||||
redistribute connected
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family l2vpn evpn
|
|
||||||
neighbor 172.16.255.1 activate
|
|
||||||
neighbor 172.16.255.1 send-community both
|
|
||||||
neighbor 172.16.255.2 activate
|
|
||||||
neighbor 172.16.255.2 send-community both
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv4 vrf green
|
|
||||||
advertise l2vpn evpn
|
|
||||||
redistribute static
|
|
||||||
redistribute connected
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
ip forward-protocol nd
|
|
||||||
ip http server
|
|
||||||
ip http authentication local
|
|
||||||
ip http secure-server
|
|
||||||
ip pim rp-address 172.16.255.255
|
|
||||||
ip ssh bulk-mode 131072
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
control-plane
|
|
||||||
service-policy input system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
line con 0
|
|
||||||
stopbits 1
|
|
||||||
line vty 0 4
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
line vty 5 31
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
end
|
|
||||||
@@ -1,411 +0,0 @@
|
|||||||
hostname Leaf-02
|
|
||||||
!
|
|
||||||
!
|
|
||||||
vrf definition Mgmt-vrf
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv6
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
vrf definition green
|
|
||||||
rd 1:1
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
route-target export 1:1
|
|
||||||
route-target import 1:1
|
|
||||||
route-target export 1:1 stitching
|
|
||||||
route-target import 1:1 stitching
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv6
|
|
||||||
route-target export 1:1
|
|
||||||
route-target import 1:1
|
|
||||||
route-target export 1:1 stitching
|
|
||||||
route-target import 1:1 stitching
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
no aaa new-model
|
|
||||||
switch 1 provision c9300l-24p-4g
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip multicast-routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
login on-success log
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
l2vpn evpn
|
|
||||||
replication-type static
|
|
||||||
router-id Loopback1
|
|
||||||
default-gateway advertise
|
|
||||||
!
|
|
||||||
l2vpn evpn ethernet-segment 1
|
|
||||||
identifier type 0 00.00.00.00.00.00.00.00.01
|
|
||||||
redundancy all-active
|
|
||||||
df-election wait-time 1
|
|
||||||
!
|
|
||||||
l2vpn evpn instance 101 vlan-based
|
|
||||||
encapsulation vxlan
|
|
||||||
!
|
|
||||||
l2vpn evpn instance 102 vlan-based
|
|
||||||
encapsulation vxlan
|
|
||||||
replication-type ingress
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki trustpoint TP-self-signed-4106980722
|
|
||||||
enrollment selfsigned
|
|
||||||
subject-name cn=IOS-Self-Signed-Certificate-4106980722
|
|
||||||
revocation-check none
|
|
||||||
rsakeypair TP-self-signed-4106980722
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
crypto pki trustpoint SLA-TrustPoint
|
|
||||||
enrollment pkcs12
|
|
||||||
revocation-check crl
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki certificate chain TP-self-signed-4106980722
|
|
||||||
certificate self-signed 01
|
|
||||||
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 0D050030
|
|
||||||
31312F30 2D060355 04030C26 494F532D 53656C66 2D536967 6E65642D 43657274
|
|
||||||
69666963 6174652D 34313036 39383037 3232301E 170D3236 30363130 30393433
|
|
||||||
32345A17 0D333630 36303930 39343332 345A3031 312F302D 06035504 030C2649
|
|
||||||
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 31303639
|
|
||||||
38303732 32308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
|
|
||||||
0A028201 01009849 F78BD093 74C4F07A A3855635 0B226D1D DB524A61 14AB07A6
|
|
||||||
6CC41BC9 29B861FA 10F734FE A0115CFF 44B53345 C2C5CCDB E6508E36 734F83D1
|
|
||||||
2586BBFA 55FBCA7D 731EEA2D 7F9C13F9 B6D04514 DE51D43E DD9BE04C 9841316B
|
|
||||||
9CD765D7 2A999541 D078E1F7 4BD9597A 5BA09FBA CBFD2EF7 92BBAD66 C4FA8535
|
|
||||||
2057BC14 1E11B218 7A021057 C7EBCDC9 FCED0B91 FD84E5A2 CAD4F661 FE66AA2B
|
|
||||||
ABF56705 125F5B97 521EE401 AF66FBAD 42ACAF73 4B7F3A2F 3FA2AE03 69DC2A88
|
|
||||||
F7616397 B13E3B37 A762AFA4 D51576B7 3F0A039B 40C64DDB 39F2F686 2EF72BED
|
|
||||||
2729B749 FBE8DF8D 8A6FFB1B 569E2220 C1A81171 5481BB56 E470941D 3311E8BD
|
|
||||||
C9C59E75 06FF0203 010001A3 53305130 1D060355 1D0E0416 04141AB2 BB3AB3AE
|
|
||||||
642F201E BA75F878 589FFAEA D5D0301F 0603551D 23041830 1680141A B2BB3AB3
|
|
||||||
AE642F20 1EBA75F8 78589FFA EAD5D030 0F060355 1D130101 FF040530 030101FF
|
|
||||||
300D0609 2A864886 F70D0101 0D050003 82010100 81BBF69B F9F2A5B6 7F3CF96D
|
|
||||||
506E8D43 964DAF2A D9221CF1 D84E4841 CE94D992 2F383B63 A782E3AE 730C0D05
|
|
||||||
9D60B3ED 9A899D23 F4F741F5 B3CCAD4B CBABEDE8 F9151F0A 3917E943 DF117766
|
|
||||||
3EF0FB53 0D5402EC ED33225C C267C600 5E22DD5A 4D62D87B 84D58914 37FA19E6
|
|
||||||
F25C4B0E E6A9A72D D82F58C3 3D9BA708 96F92047 443276F4 848F07CB 0275B5D7
|
|
||||||
A3A9EA89 76E1C857 9C5C1FD6 C8AD6829 63A45513 4122EE6B 2DC85CDF 6DC4D8F4
|
|
||||||
9A649698 6E60811F 9935D7BD BFC23EAB 6B669C74 FE480A50 DEC87777 6EDF0E59
|
|
||||||
D198B7DC 29ADEE47 F562740E 870D9503 36816813 48CACEA0 AB336A54 A25BA97F
|
|
||||||
A4631BDF 907B0213 DA1B804E 72F4FA8B AFA4F633
|
|
||||||
quit
|
|
||||||
crypto pki certificate chain SLA-TrustPoint
|
|
||||||
certificate ca 01
|
|
||||||
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
|
|
||||||
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
|
|
||||||
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
|
|
||||||
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
|
|
||||||
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
|
|
||||||
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
|
|
||||||
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
|
|
||||||
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
|
|
||||||
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
|
|
||||||
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
|
|
||||||
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
|
|
||||||
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
|
|
||||||
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
|
|
||||||
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
|
|
||||||
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
|
|
||||||
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
|
|
||||||
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
|
|
||||||
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
|
|
||||||
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
|
|
||||||
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
|
|
||||||
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
|
|
||||||
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
|
|
||||||
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
|
|
||||||
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
|
|
||||||
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
|
|
||||||
D697DF7F 28
|
|
||||||
quit
|
|
||||||
!
|
|
||||||
!
|
|
||||||
license boot level network-advantage addon dna-advantage
|
|
||||||
memory free low-watermark processor 104985
|
|
||||||
!
|
|
||||||
diagnostic bootup level minimal
|
|
||||||
!
|
|
||||||
spanning-tree mode rapid-pvst
|
|
||||||
spanning-tree extend system-id
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
redundancy
|
|
||||||
mode sso
|
|
||||||
crypto engine compliance shield disable
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
transceiver type all
|
|
||||||
monitoring
|
|
||||||
!
|
|
||||||
vlan configuration 101
|
|
||||||
member evpn-instance 101 vni 10101
|
|
||||||
vlan configuration 102
|
|
||||||
member evpn-instance 102 vni 10102
|
|
||||||
vlan configuration 901
|
|
||||||
member vni 50901
|
|
||||||
!
|
|
||||||
!
|
|
||||||
class-map match-any system-cpp-police-ewlc-control
|
|
||||||
description EWLC Control
|
|
||||||
class-map match-any system-cpp-police-topology-control
|
|
||||||
description Topology control
|
|
||||||
class-map match-any system-cpp-police-sw-forward
|
|
||||||
description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
|
|
||||||
class-map match-any system-cpp-default
|
|
||||||
description EWLC Data, Inter FED Traffic
|
|
||||||
class-map match-any system-cpp-police-sys-data
|
|
||||||
description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
|
|
||||||
class-map match-any system-cpp-police-punt-webauth
|
|
||||||
description Punt Webauth
|
|
||||||
class-map match-any system-cpp-police-l2lvx-control
|
|
||||||
description L2 LVX control packets
|
|
||||||
class-map match-any system-cpp-police-forus
|
|
||||||
description Forus traffic
|
|
||||||
class-map match-any system-cpp-police-multicast-end-station
|
|
||||||
description MCAST END STATION
|
|
||||||
class-map match-any system-cpp-police-forus-addr-resolution
|
|
||||||
description Forus address resolution
|
|
||||||
class-map match-any system-cpp-police-high-rate-app
|
|
||||||
description High Rate Applications
|
|
||||||
class-map match-any system-cpp-police-multicast
|
|
||||||
description MCAST Data
|
|
||||||
class-map match-any system-cpp-police-meraki-next-tunnel
|
|
||||||
description Meraki Next tunnel
|
|
||||||
class-map match-any system-cpp-police-l2-control
|
|
||||||
description L2 control
|
|
||||||
class-map match-any system-cpp-police-dot1x-auth
|
|
||||||
description DOT1X Auth
|
|
||||||
class-map match-any system-cpp-police-data
|
|
||||||
description ICMP redirect, ICMP_GEN and BROADCAST
|
|
||||||
class-map match-any system-cpp-police-stackwise-virt-control
|
|
||||||
description Stackwise Virtual OOB
|
|
||||||
class-map match-any non-client-nrt-class
|
|
||||||
class-map match-any system-cpp-police-routing-control
|
|
||||||
description Routing control and Low Latency
|
|
||||||
class-map match-any system-cpp-police-protocol-snooping
|
|
||||||
description Protocol snooping
|
|
||||||
class-map match-any system-cpp-police-dhcp-snooping
|
|
||||||
description DHCP snooping
|
|
||||||
class-map match-any system-cpp-police-ios-routing
|
|
||||||
description L2 control, Topology control, Routing control, Low Latency
|
|
||||||
class-map match-any system-cpp-police-system-critical
|
|
||||||
description System Critical and Gold Pkt
|
|
||||||
class-map match-any system-cpp-police-ios-feature
|
|
||||||
description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
|
|
||||||
!
|
|
||||||
policy-map system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
interface Loopback0
|
|
||||||
ip address 172.16.255.4 255.255.255.255
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface Loopback1
|
|
||||||
ip address 172.16.254.4 255.255.255.255
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface Port-channel12
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
evpn ethernet-segment 1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet0/0
|
|
||||||
vrf forwarding Mgmt-vrf
|
|
||||||
no ip address
|
|
||||||
shutdown
|
|
||||||
negotiation auto
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/1
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.14.4 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/2
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.24.4 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/4
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/5
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/6
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/7
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/8
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/9
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/10
|
|
||||||
switchport mode trunk
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/11
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/12
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
channel-group 12 mode active
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/13
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/14
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/15
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/16
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/17
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/18
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/19
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/20
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/21
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/22
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/23
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/24
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/2
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/4
|
|
||||||
!
|
|
||||||
interface AppGigabitEthernet1/0/1
|
|
||||||
!
|
|
||||||
interface Vlan1
|
|
||||||
no ip address
|
|
||||||
!
|
|
||||||
interface Vlan101
|
|
||||||
vrf forwarding green
|
|
||||||
ip address 10.1.101.1 255.255.255.0
|
|
||||||
!
|
|
||||||
interface Vlan102
|
|
||||||
vrf forwarding green
|
|
||||||
ip address 10.1.102.1 255.255.255.0
|
|
||||||
!
|
|
||||||
interface Vlan901
|
|
||||||
vrf forwarding green
|
|
||||||
ip unnumbered Loopback1
|
|
||||||
ipv6 enable
|
|
||||||
no autostate
|
|
||||||
!
|
|
||||||
interface nve1
|
|
||||||
no ip address
|
|
||||||
source-interface Loopback1
|
|
||||||
host-reachability protocol bgp
|
|
||||||
member vni 10101 mcast-group 225.0.0.101
|
|
||||||
member vni 50901 vrf green
|
|
||||||
member vni 10102 ingress-replication
|
|
||||||
!
|
|
||||||
router ospf 1
|
|
||||||
router-id 172.16.255.4
|
|
||||||
!
|
|
||||||
router bgp 65001
|
|
||||||
bgp log-neighbor-changes
|
|
||||||
no bgp default ipv4-unicast
|
|
||||||
neighbor 172.16.255.1 remote-as 65001
|
|
||||||
neighbor 172.16.255.1 update-source Loopback0
|
|
||||||
neighbor 172.16.255.2 remote-as 65001
|
|
||||||
neighbor 172.16.255.2 update-source Loopback0
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family l2vpn evpn
|
|
||||||
neighbor 172.16.255.1 activate
|
|
||||||
neighbor 172.16.255.1 send-community both
|
|
||||||
neighbor 172.16.255.2 activate
|
|
||||||
neighbor 172.16.255.2 send-community both
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv4 vrf green
|
|
||||||
advertise l2vpn evpn
|
|
||||||
redistribute static
|
|
||||||
redistribute connected
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
ip forward-protocol nd
|
|
||||||
ip http server
|
|
||||||
ip http authentication local
|
|
||||||
ip http secure-server
|
|
||||||
ip pim rp-address 172.16.255.255
|
|
||||||
ip ssh bulk-mode 131072
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
control-plane
|
|
||||||
service-policy input system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
line con 0
|
|
||||||
stopbits 1
|
|
||||||
line vty 0 4
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
line vty 5 31
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
end
|
|
||||||
@@ -1,300 +0,0 @@
|
|||||||
hostname Server-01
|
|
||||||
!
|
|
||||||
!
|
|
||||||
vrf definition Mgmt-vrf
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv6
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
no aaa new-model
|
|
||||||
switch 1 provision c9300l-24p-4g
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
login on-success log
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki trustpoint TP-self-signed-2947407253
|
|
||||||
enrollment selfsigned
|
|
||||||
subject-name cn=IOS-Self-Signed-Certificate-2947407253
|
|
||||||
revocation-check none
|
|
||||||
rsakeypair TP-self-signed-2947407253
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
crypto pki trustpoint SLA-TrustPoint
|
|
||||||
enrollment pkcs12
|
|
||||||
revocation-check crl
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki certificate chain TP-self-signed-2947407253
|
|
||||||
certificate self-signed 01
|
|
||||||
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 0D050030
|
|
||||||
31312F30 2D060355 04030C26 494F532D 53656C66 2D536967 6E65642D 43657274
|
|
||||||
69666963 6174652D 32393437 34303732 3533301E 170D3236 30363130 30373537
|
|
||||||
34305A17 0D333630 36303930 37353734 305A3031 312F302D 06035504 030C2649
|
|
||||||
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 39343734
|
|
||||||
30373235 33308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
|
|
||||||
0A028201 0100D73C 961D9195 D3943475 3D1021D5 5256D366 283AF7EA 7E29EDF7
|
|
||||||
D436F20C 2540FD80 151BC2FF D73151B0 5BFEB37A 1BE4D77B 064DEE09 5755F88F
|
|
||||||
CEECF4B4 650429B9 584658ED 94B60905 3F149C23 BEF50154 40285A5C D299E976
|
|
||||||
260FDCC8 23A6E59F 15663A5A 5CFB84E2 9314243E 339BCF63 3D33F429 4F104A71
|
|
||||||
DA40BFDD 5FDA6AFE 4A6795F5 C1044EBA 4A103859 619C5B42 8259B4C2 E14AD3DA
|
|
||||||
11DD2F8B CC9FAF07 B034AC36 7B54FD31 098FB3B7 1EBFB9C1 D3F3A97D 3C2B9661
|
|
||||||
3E6D7523 0C0903D4 2D66ACD7 C1E59304 36E45B5D 0D4D1DD3 FA0A8FC5 9AE00618
|
|
||||||
6523D157 CD262001 0D180482 E4125F40 58741CDA 0C0BD373 4735365E 4E859EC2
|
|
||||||
18841214 7C7D0203 010001A3 53305130 1D060355 1D0E0416 041426FB E5DBB36E
|
|
||||||
EB590719 E507692E B3563C0F 0C60301F 0603551D 23041830 16801426 FBE5DBB3
|
|
||||||
6EEB5907 19E50769 2EB3563C 0F0C6030 0F060355 1D130101 FF040530 030101FF
|
|
||||||
300D0609 2A864886 F70D0101 0D050003 82010100 34AF340D 9C10640F F7CD722C
|
|
||||||
4F149DFF 30C38F3B B30ADF41 70248500 6E8024C0 0A9D1ACA B5F3CCE6 EA3C982D
|
|
||||||
DE4F1BEC 8E933EFA B15143B9 1E5502BE BE7B10B5 BDB57038 4AB184DD 0A55BA43
|
|
||||||
37FBB9C4 E1BFE983 960383BB 40F3906D 5C47E3EF BF9BDE3A 6B33C42B F290CF49
|
|
||||||
8E96CC07 A4AA1BD5 1EFD2579 3A195166 287E14B8 4979A3AF DC1718E6 1A820E75
|
|
||||||
1D1ECCC6 B53FBF9C E6589902 BB9021BD 2B387816 28202A9E F7784F8E 7E8E92BA
|
|
||||||
C0A9AB2C AAA8668C C6AEF3B8 41CBB3C0 A4165D11 B5C1A846 2EA25215 85306E99
|
|
||||||
BAAC1EF5 54517D54 BB9EF942 9226C5CE 816801FD E5FCE9DE 5A4B795D 107E6521
|
|
||||||
D87398DE EDCDDBD2 045AB631 3D37C325 0149EA49
|
|
||||||
quit
|
|
||||||
crypto pki certificate chain SLA-TrustPoint
|
|
||||||
certificate ca 01
|
|
||||||
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
|
|
||||||
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
|
|
||||||
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
|
|
||||||
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
|
|
||||||
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
|
|
||||||
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
|
|
||||||
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
|
|
||||||
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
|
|
||||||
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
|
|
||||||
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
|
|
||||||
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
|
|
||||||
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
|
|
||||||
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
|
|
||||||
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
|
|
||||||
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
|
|
||||||
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
|
|
||||||
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
|
|
||||||
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
|
|
||||||
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
|
|
||||||
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
|
|
||||||
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
|
|
||||||
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
|
|
||||||
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
|
|
||||||
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
|
|
||||||
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
|
|
||||||
D697DF7F 28
|
|
||||||
quit
|
|
||||||
!
|
|
||||||
!
|
|
||||||
license boot level network-advantage addon dna-advantage
|
|
||||||
memory free low-watermark processor 104985
|
|
||||||
!
|
|
||||||
diagnostic bootup level minimal
|
|
||||||
!
|
|
||||||
spanning-tree mode rapid-pvst
|
|
||||||
spanning-tree extend system-id
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
redundancy
|
|
||||||
mode sso
|
|
||||||
crypto engine compliance shield disable
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
transceiver type all
|
|
||||||
monitoring
|
|
||||||
!
|
|
||||||
!
|
|
||||||
class-map match-any system-cpp-police-ewlc-control
|
|
||||||
description EWLC Control
|
|
||||||
class-map match-any system-cpp-police-topology-control
|
|
||||||
description Topology control
|
|
||||||
class-map match-any system-cpp-police-sw-forward
|
|
||||||
description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
|
|
||||||
class-map match-any system-cpp-default
|
|
||||||
description EWLC Data, Inter FED Traffic
|
|
||||||
class-map match-any system-cpp-police-sys-data
|
|
||||||
description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
|
|
||||||
class-map match-any system-cpp-police-punt-webauth
|
|
||||||
description Punt Webauth
|
|
||||||
class-map match-any system-cpp-police-l2lvx-control
|
|
||||||
description L2 LVX control packets
|
|
||||||
class-map match-any system-cpp-police-forus
|
|
||||||
description Forus traffic
|
|
||||||
class-map match-any system-cpp-police-multicast-end-station
|
|
||||||
description MCAST END STATION
|
|
||||||
class-map match-any system-cpp-police-forus-addr-resolution
|
|
||||||
description Forus address resolution
|
|
||||||
class-map match-any system-cpp-police-high-rate-app
|
|
||||||
description High Rate Applications
|
|
||||||
class-map match-any system-cpp-police-multicast
|
|
||||||
description MCAST Data
|
|
||||||
class-map match-any system-cpp-police-meraki-next-tunnel
|
|
||||||
description Meraki Next tunnel
|
|
||||||
class-map match-any system-cpp-police-l2-control
|
|
||||||
description L2 control
|
|
||||||
class-map match-any system-cpp-police-dot1x-auth
|
|
||||||
description DOT1X Auth
|
|
||||||
class-map match-any system-cpp-police-data
|
|
||||||
description ICMP redirect, ICMP_GEN and BROADCAST
|
|
||||||
class-map match-any system-cpp-police-stackwise-virt-control
|
|
||||||
description Stackwise Virtual OOB
|
|
||||||
class-map match-any non-client-nrt-class
|
|
||||||
class-map match-any system-cpp-police-routing-control
|
|
||||||
description Routing control and Low Latency
|
|
||||||
class-map match-any system-cpp-police-protocol-snooping
|
|
||||||
description Protocol snooping
|
|
||||||
class-map match-any system-cpp-police-dhcp-snooping
|
|
||||||
description DHCP snooping
|
|
||||||
class-map match-any system-cpp-police-ios-routing
|
|
||||||
description L2 control, Topology control, Routing control, Low Latency
|
|
||||||
class-map match-any system-cpp-police-system-critical
|
|
||||||
description System Critical and Gold Pkt
|
|
||||||
class-map match-any system-cpp-police-ios-feature
|
|
||||||
description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
|
|
||||||
!
|
|
||||||
policy-map system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
interface Port-channel10
|
|
||||||
no switchport
|
|
||||||
ip address 10.1.101.100 255.255.255.0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet0/0
|
|
||||||
vrf forwarding Mgmt-vrf
|
|
||||||
no ip address
|
|
||||||
shutdown
|
|
||||||
negotiation auto
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/1
|
|
||||||
description vers Leaf-01
|
|
||||||
no switchport
|
|
||||||
no ip address
|
|
||||||
channel-group 10 mode active
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/2
|
|
||||||
description vers Leaf-02
|
|
||||||
no switchport
|
|
||||||
no ip address
|
|
||||||
channel-group 10 mode active
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/4
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/5
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/6
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/7
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/8
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/9
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/10
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/11
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/12
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/13
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/14
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/15
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/16
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/17
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/18
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/19
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/20
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/21
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/22
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/23
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/24
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/2
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/4
|
|
||||||
!
|
|
||||||
interface AppGigabitEthernet1/0/1
|
|
||||||
!
|
|
||||||
interface Vlan1
|
|
||||||
no ip address
|
|
||||||
!
|
|
||||||
ip forward-protocol nd
|
|
||||||
ip http server
|
|
||||||
ip http authentication local
|
|
||||||
ip http secure-server
|
|
||||||
ip ssh bulk-mode 131072
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
control-plane
|
|
||||||
service-policy input system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
line con 0
|
|
||||||
stopbits 1
|
|
||||||
line vty 0 4
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
line vty 5 31
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
end
|
|
||||||
@@ -1,351 +0,0 @@
|
|||||||
hostname Spine-01
|
|
||||||
!
|
|
||||||
!
|
|
||||||
vrf definition Mgmt-vrf
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv6
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
no aaa new-model
|
|
||||||
switch 2 provision c9300l-24p-4g
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip multicast-routing
|
|
||||||
!
|
|
||||||
ip dhcp pool webuidhcp
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
login on-success log
|
|
||||||
ipv6 nd cache expire refresh
|
|
||||||
ipv6 unicast-routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki trustpoint SLA-TrustPoint
|
|
||||||
enrollment pkcs12
|
|
||||||
revocation-check crl
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
crypto pki trustpoint TP-self-signed-251052295
|
|
||||||
enrollment selfsigned
|
|
||||||
subject-name cn=IOS-Self-Signed-Certificate-251052295
|
|
||||||
revocation-check none
|
|
||||||
rsakeypair TP-self-signed-251052295
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki certificate chain SLA-TrustPoint
|
|
||||||
certificate ca 01
|
|
||||||
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
|
|
||||||
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
|
|
||||||
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
|
|
||||||
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
|
|
||||||
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
|
|
||||||
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
|
|
||||||
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
|
|
||||||
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
|
|
||||||
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
|
|
||||||
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
|
|
||||||
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
|
|
||||||
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
|
|
||||||
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
|
|
||||||
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
|
|
||||||
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
|
|
||||||
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
|
|
||||||
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
|
|
||||||
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
|
|
||||||
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
|
|
||||||
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
|
|
||||||
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
|
|
||||||
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
|
|
||||||
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
|
|
||||||
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
|
|
||||||
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
|
|
||||||
D697DF7F 28
|
|
||||||
quit
|
|
||||||
crypto pki certificate chain TP-self-signed-251052295
|
|
||||||
certificate self-signed 01
|
|
||||||
3082032E 30820216 A0030201 02020101 300D0609 2A864886 F70D0101 0D050030
|
|
||||||
30312E30 2C060355 04030C25 494F532D 53656C66 2D536967 6E65642D 43657274
|
|
||||||
69666963 6174652D 32353130 35323239 35301E17 0D323630 36313030 37353733
|
|
||||||
315A170D 33363036 30393037 35373331 5A303031 2E302C06 03550403 0C25494F
|
|
||||||
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3235 31303532
|
|
||||||
32393530 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 82010A02
|
|
||||||
82010100 D89BCFBD 5397ED82 DFCE3396 1664243E F8B16D1A EF4EA9FC 89661810
|
|
||||||
B86A1333 F49417A6 D2321D74 E43423FC 99CB1A86 704E5FC1 1F26C7E7 DCDBD99F
|
|
||||||
D85630C3 59237E9C 9A988DE5 15500356 0FB10E0F 3E8B1401 7C8E06A8 E3493E22
|
|
||||||
93AC7E5D 52433498 490F20EE C966121A 0FFDC547 E9C664D1 766EDF3D 13081CEC
|
|
||||||
AB2B202C 5FF1BB61 B98593BE 3700930E AF220152 F6BF1D1A 38B9CDC0 CB31C119
|
|
||||||
2E09E5F3 4CA6F02A 1FF916FC 4627CCB9 C32D8573 B69AF79B 699E91F3 0C79FECA
|
|
||||||
0DF90FF0 F8B005FA 63DF5302 64C3A1AE 6FD8C78E FE976E0C D03E9139 6B933048
|
|
||||||
13049514 105B1995 1267D0DC 3DA4CCBD 31703F2F 6914C8F3 7B1DB726 A2B07631
|
|
||||||
2180D6F7 02030100 01A35330 51301D06 03551D0E 04160414 147899D8 5CAC32ED
|
|
||||||
34315AED 87E8EFCA 2FEC840F 301F0603 551D2304 18301680 14147899 D85CAC32
|
|
||||||
ED34315A ED87E8EF CA2FEC84 0F300F06 03551D13 0101FF04 05300301 01FF300D
|
|
||||||
06092A86 4886F70D 01010D05 00038201 0100AAA6 FE2EC09B F9769A5C C0DAAE85
|
|
||||||
8D02A258 AB7E4510 807F9FEF 10FE774B 7B0F3EFE 117F850F 833B49B6 C20781B0
|
|
||||||
D89F5F9E FDEB06B1 74889F5E 5D2E9EEB 2ECDE82E 58EDA905 AD6D7313 66519DC7
|
|
||||||
6702F569 DDEAE0E6 24C302AF F784DFA3 F3FA0512 DD416C13 8AFC7D09 6EAE05E3
|
|
||||||
5E067BD9 3CC56564 3B92D3C1 1E4BC00C FD3C03A1 0E37A034 1C378323 4080AE0D
|
|
||||||
AAEB2A55 632CF3C0 35ACBDB4 F118B9FE 53C9D86A 2713FD54 C1ADA68B 043EC657
|
|
||||||
3CE61F31 61FEC1B9 75DCD39B 75E97238 A1CF89E0 47B037C1 8A886AD3 0F3D35DF
|
|
||||||
1822F3A2 1AD01417 77D4D683 274034B9 9721C84B A9203A29 06F916BF BEBEB112
|
|
||||||
F43BAFEB EC57AECF 57C0AED5 88A8DE69 F5A4
|
|
||||||
quit
|
|
||||||
!
|
|
||||||
!
|
|
||||||
license boot level network-advantage addon dna-advantage
|
|
||||||
memory free low-watermark processor 104985
|
|
||||||
!
|
|
||||||
diagnostic bootup level minimal
|
|
||||||
!
|
|
||||||
spanning-tree mode rapid-pvst
|
|
||||||
spanning-tree extend system-id
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
redundancy
|
|
||||||
mode sso
|
|
||||||
crypto engine compliance shield disable
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
transceiver type all
|
|
||||||
monitoring
|
|
||||||
!
|
|
||||||
!
|
|
||||||
class-map match-any system-cpp-police-ewlc-control
|
|
||||||
description EWLC Control
|
|
||||||
class-map match-any system-cpp-police-topology-control
|
|
||||||
description Topology control
|
|
||||||
class-map match-any system-cpp-police-sw-forward
|
|
||||||
description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
|
|
||||||
class-map match-any system-cpp-default
|
|
||||||
description EWLC Data, Inter FED Traffic
|
|
||||||
class-map match-any system-cpp-police-sys-data
|
|
||||||
description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
|
|
||||||
class-map match-any system-cpp-police-punt-webauth
|
|
||||||
description Punt Webauth
|
|
||||||
class-map match-any system-cpp-police-l2lvx-control
|
|
||||||
description L2 LVX control packets
|
|
||||||
class-map match-any system-cpp-police-forus
|
|
||||||
description Forus traffic
|
|
||||||
class-map match-any system-cpp-police-multicast-end-station
|
|
||||||
description MCAST END STATION
|
|
||||||
class-map match-any system-cpp-police-forus-addr-resolution
|
|
||||||
description Forus address resolution
|
|
||||||
class-map match-any system-cpp-police-high-rate-app
|
|
||||||
description High Rate Applications
|
|
||||||
class-map match-any system-cpp-police-multicast
|
|
||||||
description MCAST Data
|
|
||||||
class-map match-any system-cpp-police-meraki-next-tunnel
|
|
||||||
description Meraki Next tunnel
|
|
||||||
class-map match-any system-cpp-police-l2-control
|
|
||||||
description L2 control
|
|
||||||
class-map match-any system-cpp-police-dot1x-auth
|
|
||||||
description DOT1X Auth
|
|
||||||
class-map match-any system-cpp-police-data
|
|
||||||
description ICMP redirect, ICMP_GEN and BROADCAST
|
|
||||||
class-map match-any system-cpp-police-stackwise-virt-control
|
|
||||||
description Stackwise Virtual OOB
|
|
||||||
class-map match-any non-client-nrt-class
|
|
||||||
class-map match-any system-cpp-police-routing-control
|
|
||||||
description Routing control and Low Latency
|
|
||||||
class-map match-any system-cpp-police-protocol-snooping
|
|
||||||
description Protocol snooping
|
|
||||||
class-map match-any system-cpp-police-dhcp-snooping
|
|
||||||
description DHCP snooping
|
|
||||||
class-map match-any system-cpp-police-ios-routing
|
|
||||||
description L2 control, Topology control, Routing control, Low Latency
|
|
||||||
class-map match-any system-cpp-police-system-critical
|
|
||||||
description System Critical and Gold Pkt
|
|
||||||
class-map match-any system-cpp-police-ios-feature
|
|
||||||
description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
|
|
||||||
!
|
|
||||||
policy-map system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
interface Loopback0
|
|
||||||
ip address 172.16.255.1 255.255.255.255
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface Loopback1
|
|
||||||
ip address 172.16.254.1 255.255.255.255
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface Loopback2
|
|
||||||
ip address 172.16.255.255 255.255.255.255
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet0/0
|
|
||||||
vrf forwarding Mgmt-vrf
|
|
||||||
no ip address
|
|
||||||
shutdown
|
|
||||||
negotiation auto
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/1
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.13.1 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/2
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.14.1 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/4
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/5
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/6
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/7
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/8
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/9
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/10
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/11
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/12
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/13
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/14
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/15
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/16
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/17
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/18
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/19
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/20
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/21
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/22
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/23
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/24
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/1/1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/1/2
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/1/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/1/4
|
|
||||||
!
|
|
||||||
interface AppGigabitEthernet2/0/1
|
|
||||||
!
|
|
||||||
interface Vlan1
|
|
||||||
no ip address
|
|
||||||
shutdown
|
|
||||||
!
|
|
||||||
router ospf 1
|
|
||||||
router-id 172.16.255.1
|
|
||||||
!
|
|
||||||
router bgp 65001
|
|
||||||
template peer-policy RR-PP
|
|
||||||
route-reflector-client
|
|
||||||
send-community both
|
|
||||||
exit-peer-policy
|
|
||||||
!
|
|
||||||
template peer-session RR-PS
|
|
||||||
remote-as 65001
|
|
||||||
update-source Loopback0
|
|
||||||
exit-peer-session
|
|
||||||
!
|
|
||||||
bgp router-id 172.16.255.1
|
|
||||||
bgp log-neighbor-changes
|
|
||||||
no bgp default ipv4-unicast
|
|
||||||
neighbor 172.16.255.3 inherit peer-session RR-PS
|
|
||||||
neighbor 172.16.255.4 inherit peer-session RR-PS
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family l2vpn evpn
|
|
||||||
neighbor 172.16.255.3 activate
|
|
||||||
neighbor 172.16.255.3 send-community both
|
|
||||||
neighbor 172.16.255.3 inherit peer-policy RR-PP
|
|
||||||
neighbor 172.16.255.4 activate
|
|
||||||
neighbor 172.16.255.4 send-community both
|
|
||||||
neighbor 172.16.255.4 inherit peer-policy RR-PP
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
ip forward-protocol nd
|
|
||||||
ip http server
|
|
||||||
ip http secure-server
|
|
||||||
ip pim rp-address 172.16.255.255
|
|
||||||
ip msdp peer 172.16.254.2 connect-source Loopback1 remote-as 65001
|
|
||||||
ip ssh bulk-mode 131072
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
control-plane
|
|
||||||
service-policy input system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
line con 0
|
|
||||||
stopbits 1
|
|
||||||
line vty 0 4
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
line vty 5 31
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
end
|
|
||||||
@@ -1,347 +0,0 @@
|
|||||||
hostname Spine-02
|
|
||||||
!
|
|
||||||
!
|
|
||||||
vrf definition Mgmt-vrf
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv6
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
no aaa new-model
|
|
||||||
switch 1 provision c9300l-24p-4g
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip multicast-routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
login on-success log
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki trustpoint TP-self-signed-430895953
|
|
||||||
enrollment selfsigned
|
|
||||||
subject-name cn=IOS-Self-Signed-Certificate-430895953
|
|
||||||
revocation-check none
|
|
||||||
rsakeypair TP-self-signed-430895953
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
crypto pki trustpoint SLA-TrustPoint
|
|
||||||
enrollment pkcs12
|
|
||||||
revocation-check crl
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki certificate chain TP-self-signed-430895953
|
|
||||||
certificate self-signed 01
|
|
||||||
3082032E 30820216 A0030201 02020101 300D0609 2A864886 F70D0101 0D050030
|
|
||||||
30312E30 2C060355 04030C25 494F532D 53656C66 2D536967 6E65642D 43657274
|
|
||||||
69666963 6174652D 34333038 39353935 33301E17 0D323630 36313030 37353931
|
|
||||||
315A170D 33363036 30393037 35393131 5A303031 2E302C06 03550403 0C25494F
|
|
||||||
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3433 30383935
|
|
||||||
39353330 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 82010A02
|
|
||||||
82010100 A71865B6 6C5F0B06 665FCD05 19C66FF3 4D4B9157 EF422949 A4ACD2F2
|
|
||||||
ACF5AA84 6B593191 FF34BB5C 2A1F3064 DCF41C32 A8EA567D C7B1400B A9CD2CC6
|
|
||||||
55F61D16 792E6552 31D4B438 137EC154 47503D71 FDB8A4A7 71B3FE2A B36FF58C
|
|
||||||
F5356063 942A2DBC 99F20FC0 ABE7C186 940AF2A2 E94A30CF 7D6AA5D7 4A9C93BB
|
|
||||||
99A5779B A179C130 8839473E 04679619 897E139A 3B883DF0 484060CD 703D25A2
|
|
||||||
01153890 F65AE584 6C403826 7DDD0C8C B76D6690 D7FACB49 89B2CB22 619B1F18
|
|
||||||
3C090DAF 47443412 63FC7B3B DEDED46B 4B19BB16 6C2EA229 1946B513 813645F8
|
|
||||||
D029F8B4 878F3581 30A3D42A 37BE3C82 835EDC01 A4D028BC 76F777EC CE9440F2
|
|
||||||
26037F3F 02030100 01A35330 51301D06 03551D0E 04160414 77E8D640 80AF8B64
|
|
||||||
B2AFF1D6 AED32E71 F70417EA 301F0603 551D2304 18301680 1477E8D6 4080AF8B
|
|
||||||
64B2AFF1 D6AED32E 71F70417 EA300F06 03551D13 0101FF04 05300301 01FF300D
|
|
||||||
06092A86 4886F70D 01010D05 00038201 0100177A 72BD66A9 0BFFDBC2 B79A5E60
|
|
||||||
0D47EBD5 A52A2A4F 6CB07B34 55D37A8F 9DE892FB 8AEAD5BF 5D0766DD BC51BD4A
|
|
||||||
5D64DCDA 493D2D2E BB01BAC4 6D4AE47E FE0F0DDD 0628328B 9FAB4001 721E4F9A
|
|
||||||
CF4396D2 AA70CBCA E071F9AF C8248307 D75DABFA A9302E78 7D2AC3FF 2A62FAA7
|
|
||||||
E7AE7A15 EAFE2A27 36BE73BF C9B25B68 FE9A3837 715BD0F2 55B3FEBF 02EEAECC
|
|
||||||
469280FE B46A8105 C3D36F72 E18F6AC2 B3A62DA1 DE7A80B9 0E382EE0 6DD0315D
|
|
||||||
1E4D6120 386CB1E9 48301645 7A8F14F9 3CA2B26F 98C9E634 AB9E0E8A 863B8D1E
|
|
||||||
B64A5817 C92BEEDA 4086C3F7 81EA3F30 DA66BADA 8A16810F EAC7B4C4 6DF5420A
|
|
||||||
4733CCA2 A71746B9 E7762CF6 51C90F36 3E58
|
|
||||||
quit
|
|
||||||
crypto pki certificate chain SLA-TrustPoint
|
|
||||||
certificate ca 01
|
|
||||||
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
|
|
||||||
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
|
|
||||||
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
|
|
||||||
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
|
|
||||||
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
|
|
||||||
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
|
|
||||||
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
|
|
||||||
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
|
|
||||||
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
|
|
||||||
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
|
|
||||||
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
|
|
||||||
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
|
|
||||||
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
|
|
||||||
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
|
|
||||||
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
|
|
||||||
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
|
|
||||||
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
|
|
||||||
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
|
|
||||||
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
|
|
||||||
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
|
|
||||||
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
|
|
||||||
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
|
|
||||||
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
|
|
||||||
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
|
|
||||||
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
|
|
||||||
D697DF7F 28
|
|
||||||
quit
|
|
||||||
!
|
|
||||||
!
|
|
||||||
license boot level network-advantage addon dna-advantage
|
|
||||||
memory free low-watermark processor 104985
|
|
||||||
!
|
|
||||||
diagnostic bootup level minimal
|
|
||||||
!
|
|
||||||
spanning-tree mode rapid-pvst
|
|
||||||
spanning-tree extend system-id
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
redundancy
|
|
||||||
mode sso
|
|
||||||
crypto engine compliance shield disable
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
transceiver type all
|
|
||||||
monitoring
|
|
||||||
!
|
|
||||||
!
|
|
||||||
class-map match-any system-cpp-police-ewlc-control
|
|
||||||
description EWLC Control
|
|
||||||
class-map match-any system-cpp-police-topology-control
|
|
||||||
description Topology control
|
|
||||||
class-map match-any system-cpp-police-sw-forward
|
|
||||||
description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
|
|
||||||
class-map match-any system-cpp-default
|
|
||||||
description EWLC Data, Inter FED Traffic
|
|
||||||
class-map match-any system-cpp-police-sys-data
|
|
||||||
description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
|
|
||||||
class-map match-any system-cpp-police-punt-webauth
|
|
||||||
description Punt Webauth
|
|
||||||
class-map match-any system-cpp-police-l2lvx-control
|
|
||||||
description L2 LVX control packets
|
|
||||||
class-map match-any system-cpp-police-forus
|
|
||||||
description Forus traffic
|
|
||||||
class-map match-any system-cpp-police-multicast-end-station
|
|
||||||
description MCAST END STATION
|
|
||||||
class-map match-any system-cpp-police-forus-addr-resolution
|
|
||||||
description Forus address resolution
|
|
||||||
class-map match-any system-cpp-police-high-rate-app
|
|
||||||
description High Rate Applications
|
|
||||||
class-map match-any system-cpp-police-multicast
|
|
||||||
description MCAST Data
|
|
||||||
class-map match-any system-cpp-police-meraki-next-tunnel
|
|
||||||
description Meraki Next tunnel
|
|
||||||
class-map match-any system-cpp-police-l2-control
|
|
||||||
description L2 control
|
|
||||||
class-map match-any system-cpp-police-dot1x-auth
|
|
||||||
description DOT1X Auth
|
|
||||||
class-map match-any system-cpp-police-data
|
|
||||||
description ICMP redirect, ICMP_GEN and BROADCAST
|
|
||||||
class-map match-any system-cpp-police-stackwise-virt-control
|
|
||||||
description Stackwise Virtual OOB
|
|
||||||
class-map match-any non-client-nrt-class
|
|
||||||
class-map match-any system-cpp-police-routing-control
|
|
||||||
description Routing control and Low Latency
|
|
||||||
class-map match-any system-cpp-police-protocol-snooping
|
|
||||||
description Protocol snooping
|
|
||||||
class-map match-any system-cpp-police-dhcp-snooping
|
|
||||||
description DHCP snooping
|
|
||||||
class-map match-any system-cpp-police-ios-routing
|
|
||||||
description L2 control, Topology control, Routing control, Low Latency
|
|
||||||
class-map match-any system-cpp-police-system-critical
|
|
||||||
description System Critical and Gold Pkt
|
|
||||||
class-map match-any system-cpp-police-ios-feature
|
|
||||||
description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
|
|
||||||
!
|
|
||||||
policy-map system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
interface Loopback0
|
|
||||||
ip address 172.16.255.2 255.255.255.255
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface Loopback1
|
|
||||||
ip address 172.16.254.2 255.255.255.255
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface Loopback2
|
|
||||||
ip address 172.16.255.255 255.255.255.255
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet0/0
|
|
||||||
vrf forwarding Mgmt-vrf
|
|
||||||
no ip address
|
|
||||||
shutdown
|
|
||||||
negotiation auto
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/1
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.23.2 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/2
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.24.2 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/4
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/5
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/6
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/7
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/8
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/9
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/10
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/11
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/12
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/13
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/14
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/15
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/16
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/17
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/18
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/19
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/20
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/21
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/22
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/23
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/24
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/2
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/4
|
|
||||||
!
|
|
||||||
interface AppGigabitEthernet1/0/1
|
|
||||||
!
|
|
||||||
interface Vlan1
|
|
||||||
no ip address
|
|
||||||
!
|
|
||||||
router ospf 1
|
|
||||||
router-id 172.16.255.2
|
|
||||||
!
|
|
||||||
router bgp 65001
|
|
||||||
template peer-policy RR-PP
|
|
||||||
route-reflector-client
|
|
||||||
send-community both
|
|
||||||
exit-peer-policy
|
|
||||||
!
|
|
||||||
template peer-session RR-PS
|
|
||||||
remote-as 65001
|
|
||||||
update-source Loopback0
|
|
||||||
exit-peer-session
|
|
||||||
!
|
|
||||||
bgp router-id 172.16.255.2
|
|
||||||
bgp log-neighbor-changes
|
|
||||||
no bgp default ipv4-unicast
|
|
||||||
neighbor 172.16.255.3 inherit peer-session RR-PS
|
|
||||||
neighbor 172.16.255.4 inherit peer-session RR-PS
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family l2vpn evpn
|
|
||||||
neighbor 172.16.255.3 activate
|
|
||||||
neighbor 172.16.255.3 send-community both
|
|
||||||
neighbor 172.16.255.3 inherit peer-policy RR-PP
|
|
||||||
neighbor 172.16.255.4 activate
|
|
||||||
neighbor 172.16.255.4 send-community both
|
|
||||||
neighbor 172.16.255.4 inherit peer-policy RR-PP
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
ip forward-protocol nd
|
|
||||||
ip http server
|
|
||||||
ip http authentication local
|
|
||||||
ip http secure-server
|
|
||||||
ip pim rp-address 172.16.255.255
|
|
||||||
ip msdp peer 172.16.254.1 connect-source Loopback1 remote-as 65001
|
|
||||||
ip ssh bulk-mode 131072
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
control-plane
|
|
||||||
service-policy input system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
line con 0
|
|
||||||
stopbits 1
|
|
||||||
line vty 0 4
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
line vty 5 31
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
end
|
|
||||||
@@ -1,363 +0,0 @@
|
|||||||
hostname Acces-01
|
|
||||||
!
|
|
||||||
!
|
|
||||||
vrf definition Mgmt-vrf
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv6
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
no aaa new-model
|
|
||||||
switch 1 provision c9300l-24t-4g
|
|
||||||
switch 2 provision c9300l-24t-4g
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
login on-success log
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki trustpoint TP-self-signed-1855158953
|
|
||||||
enrollment selfsigned
|
|
||||||
subject-name cn=IOS-Self-Signed-Certificate-1855158953
|
|
||||||
revocation-check none
|
|
||||||
rsakeypair TP-self-signed-1855158953
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
crypto pki trustpoint SLA-TrustPoint
|
|
||||||
enrollment pkcs12
|
|
||||||
revocation-check crl
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki certificate chain TP-self-signed-1855158953
|
|
||||||
certificate self-signed 01
|
|
||||||
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 0D050030
|
|
||||||
31312F30 2D060355 04030C26 494F532D 53656C66 2D536967 6E65642D 43657274
|
|
||||||
69666963 6174652D 31383535 31353839 3533301E 170D3236 30363130 31323030
|
|
||||||
32385A17 0D333630 36303931 32303032 385A3031 312F302D 06035504 030C2649
|
|
||||||
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38353531
|
|
||||||
35383935 33308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
|
|
||||||
0A028201 0100A0FC 28DCFEB1 51334B66 82B2D625 997681D2 239049D2 C3F1DAD3
|
|
||||||
0DFB7A79 48B494AF 4E9A63E4 A62D1AE9 2F3959FB 6153BB07 0C1DDEDC 1D9F4E27
|
|
||||||
BD56DF67 562E608D D6B7EE68 E75125A5 EE04B02B A8EE23C4 5E2E80D5 0F75F349
|
|
||||||
4CAB259F 57DE2459 0595C89B 8F972F29 54006AD7 0C67F416 5BDBE29E 6557695D
|
|
||||||
0763F793 1D7BBA4C E1445C4D C26B4CFD C58FF8B8 DC91A9A7 D5EC287A F167B3CB
|
|
||||||
16DEB643 601C98AD 90D76C1E 0E0DD88E 464F906D F0D5C5C1 AE17A694 90775093
|
|
||||||
AE20CAF8 F05C3974 2A2A8668 322DDB03 05621885 E6E7C1B7 AF6384FC F8D1B865
|
|
||||||
E1BB5788 704FE5CA 6096BE5A 7CDADEE1 0FFEC364 46470AE7 BBA09990 15DA18FF
|
|
||||||
E05E7D46 B1770203 010001A3 53305130 1D060355 1D0E0416 0414D225 6A1B1A99
|
|
||||||
A5FBF7FB DC557609 45A053B7 9516301F 0603551D 23041830 168014D2 256A1B1A
|
|
||||||
99A5FBF7 FBDC5576 0945A053 B7951630 0F060355 1D130101 FF040530 030101FF
|
|
||||||
300D0609 2A864886 F70D0101 0D050003 82010100 021970C7 4E6C0C86 56C38FEA
|
|
||||||
EF075272 9B2FF043 3B7D2C1C D0BB7C83 0F06ECC9 F380AA49 E0A41706 194EF7AC
|
|
||||||
1BE8BFA8 9B7C335A A8E66C84 89945443 B9F6FF1F 2BB06B5B 16E29073 07364FE2
|
|
||||||
3705AB86 31B4A086 FB2E9663 FFE621D5 A4B0A061 B6B53967 F791EF19 0207B5E5
|
|
||||||
40D4BD4D F55C43F0 2C8A4C28 FF935D32 BBC00FBD D2E1B111 57EB0539 88864EA7
|
|
||||||
5BF6B49E 29721B90 17395B19 E23B84E9 FE3A4267 01A5AA4F 2F2C87EC ACC1A22C
|
|
||||||
ABF60ACE 6F0D7B31 D6C8DF51 654309EA 25497513 819269A6 DDC8D7EC 99135A7C
|
|
||||||
895B1320 AF02B0E1 6207D49A 8FA483BF F96F04EB 4A9783E1 0F9E3D54 97428020
|
|
||||||
071BCF24 08F5C4E3 5BDB06EF 00A20C74 3AFE60BB
|
|
||||||
quit
|
|
||||||
crypto pki certificate chain SLA-TrustPoint
|
|
||||||
certificate ca 01
|
|
||||||
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
|
|
||||||
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
|
|
||||||
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
|
|
||||||
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
|
|
||||||
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
|
|
||||||
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
|
|
||||||
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
|
|
||||||
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
|
|
||||||
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
|
|
||||||
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
|
|
||||||
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
|
|
||||||
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
|
|
||||||
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
|
|
||||||
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
|
|
||||||
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
|
|
||||||
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
|
|
||||||
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
|
|
||||||
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
|
|
||||||
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
|
|
||||||
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
|
|
||||||
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
|
|
||||||
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
|
|
||||||
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
|
|
||||||
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
|
|
||||||
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
|
|
||||||
D697DF7F 28
|
|
||||||
quit
|
|
||||||
!
|
|
||||||
!
|
|
||||||
license boot level network-advantage addon dna-advantage
|
|
||||||
memory free low-watermark processor 104985
|
|
||||||
!
|
|
||||||
diagnostic bootup level minimal
|
|
||||||
!
|
|
||||||
spanning-tree mode rapid-pvst
|
|
||||||
spanning-tree extend system-id
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
redundancy
|
|
||||||
mode sso
|
|
||||||
crypto engine compliance shield disable
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
transceiver type all
|
|
||||||
monitoring
|
|
||||||
!
|
|
||||||
!
|
|
||||||
class-map match-any system-cpp-police-ewlc-control
|
|
||||||
description EWLC Control
|
|
||||||
class-map match-any system-cpp-police-topology-control
|
|
||||||
description Topology control
|
|
||||||
class-map match-any system-cpp-police-sw-forward
|
|
||||||
description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
|
|
||||||
class-map match-any system-cpp-default
|
|
||||||
description EWLC Data, Inter FED Traffic
|
|
||||||
class-map match-any system-cpp-police-sys-data
|
|
||||||
description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
|
|
||||||
class-map match-any system-cpp-police-punt-webauth
|
|
||||||
description Punt Webauth
|
|
||||||
class-map match-any system-cpp-police-l2lvx-control
|
|
||||||
description L2 LVX control packets
|
|
||||||
class-map match-any system-cpp-police-forus
|
|
||||||
description Forus traffic
|
|
||||||
class-map match-any system-cpp-police-multicast-end-station
|
|
||||||
description MCAST END STATION
|
|
||||||
class-map match-any system-cpp-police-forus-addr-resolution
|
|
||||||
description Forus address resolution
|
|
||||||
class-map match-any system-cpp-police-high-rate-app
|
|
||||||
description High Rate Applications
|
|
||||||
class-map match-any system-cpp-police-multicast
|
|
||||||
description MCAST Data
|
|
||||||
class-map match-any system-cpp-police-meraki-next-tunnel
|
|
||||||
description Meraki Next tunnel
|
|
||||||
class-map match-any system-cpp-police-l2-control
|
|
||||||
description L2 control
|
|
||||||
class-map match-any system-cpp-police-dot1x-auth
|
|
||||||
description DOT1X Auth
|
|
||||||
class-map match-any system-cpp-police-data
|
|
||||||
description ICMP redirect, ICMP_GEN and BROADCAST
|
|
||||||
class-map match-any system-cpp-police-stackwise-virt-control
|
|
||||||
description Stackwise Virtual OOB
|
|
||||||
class-map match-any non-client-nrt-class
|
|
||||||
class-map match-any system-cpp-police-routing-control
|
|
||||||
description Routing control and Low Latency
|
|
||||||
class-map match-any system-cpp-police-protocol-snooping
|
|
||||||
description Protocol snooping
|
|
||||||
class-map match-any system-cpp-police-dhcp-snooping
|
|
||||||
description DHCP snooping
|
|
||||||
class-map match-any system-cpp-police-ios-routing
|
|
||||||
description L2 control, Topology control, Routing control, Low Latency
|
|
||||||
class-map match-any system-cpp-police-system-critical
|
|
||||||
description System Critical and Gold Pkt
|
|
||||||
class-map match-any system-cpp-police-ios-feature
|
|
||||||
description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
|
|
||||||
!
|
|
||||||
policy-map system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
interface Port-channel24
|
|
||||||
switchport trunk allowed vlan 101,102
|
|
||||||
switchport mode trunk
|
|
||||||
!
|
|
||||||
interface GigabitEthernet0/0
|
|
||||||
vrf forwarding Mgmt-vrf
|
|
||||||
no ip address
|
|
||||||
shutdown
|
|
||||||
negotiation auto
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/2
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/4
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/5
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/6
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/7
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/8
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/9
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/10
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/11
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/12
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/13
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/14
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/15
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/16
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/17
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/18
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/19
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/20
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/21
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/22
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/23
|
|
||||||
switchport trunk allowed vlan 101,102
|
|
||||||
switchport mode trunk
|
|
||||||
channel-group 24 mode active
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/24
|
|
||||||
switchport trunk allowed vlan 101,102
|
|
||||||
switchport mode trunk
|
|
||||||
channel-group 24 mode active
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/2
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/4
|
|
||||||
!
|
|
||||||
interface AppGigabitEthernet1/0/1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/2
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/4
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/5
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/6
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/7
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/8
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/9
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/10
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/11
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/12
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/13
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/14
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/15
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/16
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/17
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/18
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/19
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/20
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/21
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/22
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/23
|
|
||||||
switchport trunk allowed vlan 101,102
|
|
||||||
switchport mode trunk
|
|
||||||
channel-group 24 mode active
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/24
|
|
||||||
switchport trunk allowed vlan 101,102
|
|
||||||
switchport mode trunk
|
|
||||||
channel-group 24 mode active
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/1/1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/1/2
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/1/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/1/4
|
|
||||||
!
|
|
||||||
interface AppGigabitEthernet2/0/1
|
|
||||||
!
|
|
||||||
interface Vlan1
|
|
||||||
no ip address
|
|
||||||
!
|
|
||||||
ip forward-protocol nd
|
|
||||||
ip http server
|
|
||||||
ip http authentication local
|
|
||||||
ip http secure-server
|
|
||||||
ip ssh bulk-mode 131072
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
control-plane
|
|
||||||
service-policy input system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
line con 0
|
|
||||||
stopbits 1
|
|
||||||
line vty 0 4
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
line vty 5 31
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
end
|
|
||||||
@@ -1,430 +0,0 @@
|
|||||||
hostname Leaf-01
|
|
||||||
!
|
|
||||||
!
|
|
||||||
vrf definition Mgmt-vrf
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv6
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
vrf definition green
|
|
||||||
rd 1:1
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
route-target export 1:1
|
|
||||||
route-target import 1:1
|
|
||||||
route-target export 1:1 stitching
|
|
||||||
route-target import 1:1 stitching
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv6
|
|
||||||
route-target export 1:1
|
|
||||||
route-target import 1:1
|
|
||||||
route-target export 1:1 stitching
|
|
||||||
route-target import 1:1 stitching
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
no aaa new-model
|
|
||||||
switch 1 provision c9300l-24p-4g
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip multicast-routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
login on-success log
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
l2vpn evpn
|
|
||||||
replication-type static
|
|
||||||
router-id Loopback1
|
|
||||||
default-gateway advertise
|
|
||||||
!
|
|
||||||
l2vpn evpn ethernet-segment 1
|
|
||||||
identifier type 0 00.00.00.00.00.00.00.00.01
|
|
||||||
redundancy all-active
|
|
||||||
df-election wait-time 1
|
|
||||||
!
|
|
||||||
l2vpn evpn ethernet-segment 2
|
|
||||||
identifier type 0 00.00.00.00.00.00.00.00.02
|
|
||||||
redundancy all-active
|
|
||||||
df-election wait-time 1
|
|
||||||
!
|
|
||||||
l2vpn evpn instance 101 vlan-based
|
|
||||||
encapsulation vxlan
|
|
||||||
replication-type static
|
|
||||||
!
|
|
||||||
l2vpn evpn instance 102 vlan-based
|
|
||||||
encapsulation vxlan
|
|
||||||
replication-type ingress
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki trustpoint TP-self-signed-2748515057
|
|
||||||
enrollment selfsigned
|
|
||||||
subject-name cn=IOS-Self-Signed-Certificate-2748515057
|
|
||||||
revocation-check none
|
|
||||||
rsakeypair TP-self-signed-2748515057
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
crypto pki trustpoint SLA-TrustPoint
|
|
||||||
enrollment pkcs12
|
|
||||||
revocation-check crl
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki certificate chain TP-self-signed-2748515057
|
|
||||||
certificate self-signed 01
|
|
||||||
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 0D050030
|
|
||||||
31312F30 2D060355 04030C26 494F532D 53656C66 2D536967 6E65642D 43657274
|
|
||||||
69666963 6174652D 32373438 35313530 3537301E 170D3236 30363130 30393433
|
|
||||||
30385A17 0D333630 36303930 39343330 385A3031 312F302D 06035504 030C2649
|
|
||||||
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37343835
|
|
||||||
31353035 37308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
|
|
||||||
0A028201 0100A4CA 45163B01 9C334AAA 046F7B18 E9F8D151 8996B5B5 CA96FC78
|
|
||||||
870C057E 929F7011 CAE9A00E E5DDD799 2C2581D3 413DFC7C 49B38DF0 48A0216E
|
|
||||||
4EF4C65C F1D1F4EF 545370F3 3FA69C4B 22948881 F7B28644 2A4F2865 026EF500
|
|
||||||
F57BBC11 4C13CEC6 841421DB 34EDCB47 510668FF 5FBF525E CF9020ED 51414B3D
|
|
||||||
07601E2A 4A30A706 2DDD6EEE B7B2AE7A C37820D3 C08BAA78 C1D030E7 B3F1C8EA
|
|
||||||
FECCFF10 363296DB 9E0C3A97 C1E7C416 75425A88 AEBB0AA0 6D0BC326 9043BC8C
|
|
||||||
CB75A544 AA9FFDB0 67E22FD9 5CE66812 B58FADDA 5B7993CA 4F7D7F37 B179642C
|
|
||||||
873C129B 2DAC8D5E 4BF6CF5D 03D41302 EA4A481E 53DF7648 00D7668A E6B1672F
|
|
||||||
1397D45A 21350203 010001A3 53305130 1D060355 1D0E0416 041447B1 391FE1B2
|
|
||||||
9088CF66 FCA5F571 4DDE8252 2C85301F 0603551D 23041830 16801447 B1391FE1
|
|
||||||
B29088CF 66FCA5F5 714DDE82 522C8530 0F060355 1D130101 FF040530 030101FF
|
|
||||||
300D0609 2A864886 F70D0101 0D050003 82010100 74081052 95A744B6 9812BACC
|
|
||||||
0743C4D2 0957BE9A D49CCB1B 36F41237 0F9C8512 F82BD6CF 7BC20495 C544C441
|
|
||||||
B37CC3B6 D3F2A35B 8B47EF95 E6545B01 763887D5 97D4A247 019D3387 D29DC699
|
|
||||||
25C45B3F 674662BB DFF0B1CC 6E50C91B 3C843D3E AEEC6BE1 6577D36F E99946F3
|
|
||||||
52E02B0E 162902B9 F6477EF8 C59D0955 D7351E18 671F96B8 B8569431 4A90FD04
|
|
||||||
C543996B 633FB9CB 48BA7FB6 EC39E137 11FA78DE 6E4FD609 FACC9D0C D1ED2A2C
|
|
||||||
3B7A7B1C 29D4F096 1CB08698 9E83B983 B4B7045C 7166B0A4 1C3E8E20 75F9FC2D
|
|
||||||
202298E3 F6328325 8790A997 C757940F 2B0543EC 3D01B7BC F48D979D 392C21D8
|
|
||||||
3017E967 7743A155 D97B6463 28E467DD 3E8D9D3F
|
|
||||||
quit
|
|
||||||
crypto pki certificate chain SLA-TrustPoint
|
|
||||||
certificate ca 01
|
|
||||||
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
|
|
||||||
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
|
|
||||||
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
|
|
||||||
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
|
|
||||||
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
|
|
||||||
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
|
|
||||||
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
|
|
||||||
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
|
|
||||||
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
|
|
||||||
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
|
|
||||||
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
|
|
||||||
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
|
|
||||||
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
|
|
||||||
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
|
|
||||||
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
|
|
||||||
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
|
|
||||||
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
|
|
||||||
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
|
|
||||||
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
|
|
||||||
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
|
|
||||||
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
|
|
||||||
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
|
|
||||||
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
|
|
||||||
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
|
|
||||||
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
|
|
||||||
D697DF7F 28
|
|
||||||
quit
|
|
||||||
!
|
|
||||||
!
|
|
||||||
license boot level network-advantage addon dna-advantage
|
|
||||||
memory free low-watermark processor 104985
|
|
||||||
!
|
|
||||||
diagnostic bootup level minimal
|
|
||||||
!
|
|
||||||
spanning-tree mode rapid-pvst
|
|
||||||
spanning-tree extend system-id
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
redundancy
|
|
||||||
mode sso
|
|
||||||
crypto engine compliance shield disable
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
transceiver type all
|
|
||||||
monitoring
|
|
||||||
!
|
|
||||||
vlan configuration 101
|
|
||||||
member evpn-instance 101 vni 10101
|
|
||||||
vlan configuration 102
|
|
||||||
member evpn-instance 102 vni 10102
|
|
||||||
vlan configuration 901
|
|
||||||
member vni 50901
|
|
||||||
!
|
|
||||||
!
|
|
||||||
class-map match-any system-cpp-police-ewlc-control
|
|
||||||
description EWLC Control
|
|
||||||
class-map match-any system-cpp-police-topology-control
|
|
||||||
description Topology control
|
|
||||||
class-map match-any system-cpp-police-sw-forward
|
|
||||||
description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
|
|
||||||
class-map match-any system-cpp-default
|
|
||||||
description EWLC Data, Inter FED Traffic
|
|
||||||
class-map match-any system-cpp-police-sys-data
|
|
||||||
description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
|
|
||||||
class-map match-any system-cpp-police-punt-webauth
|
|
||||||
description Punt Webauth
|
|
||||||
class-map match-any system-cpp-police-l2lvx-control
|
|
||||||
description L2 LVX control packets
|
|
||||||
class-map match-any system-cpp-police-forus
|
|
||||||
description Forus traffic
|
|
||||||
class-map match-any system-cpp-police-multicast-end-station
|
|
||||||
description MCAST END STATION
|
|
||||||
class-map match-any system-cpp-police-forus-addr-resolution
|
|
||||||
description Forus address resolution
|
|
||||||
class-map match-any system-cpp-police-high-rate-app
|
|
||||||
description High Rate Applications
|
|
||||||
class-map match-any system-cpp-police-multicast
|
|
||||||
description MCAST Data
|
|
||||||
class-map match-any system-cpp-police-meraki-next-tunnel
|
|
||||||
description Meraki Next tunnel
|
|
||||||
class-map match-any system-cpp-police-l2-control
|
|
||||||
description L2 control
|
|
||||||
class-map match-any system-cpp-police-dot1x-auth
|
|
||||||
description DOT1X Auth
|
|
||||||
class-map match-any system-cpp-police-data
|
|
||||||
description ICMP redirect, ICMP_GEN and BROADCAST
|
|
||||||
class-map match-any system-cpp-police-stackwise-virt-control
|
|
||||||
description Stackwise Virtual OOB
|
|
||||||
class-map match-any non-client-nrt-class
|
|
||||||
class-map match-any system-cpp-police-routing-control
|
|
||||||
description Routing control and Low Latency
|
|
||||||
class-map match-any system-cpp-police-protocol-snooping
|
|
||||||
description Protocol snooping
|
|
||||||
class-map match-any system-cpp-police-dhcp-snooping
|
|
||||||
description DHCP snooping
|
|
||||||
class-map match-any system-cpp-police-ios-routing
|
|
||||||
description L2 control, Topology control, Routing control, Low Latency
|
|
||||||
class-map match-any system-cpp-police-system-critical
|
|
||||||
description System Critical and Gold Pkt
|
|
||||||
class-map match-any system-cpp-police-ios-feature
|
|
||||||
description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
|
|
||||||
!
|
|
||||||
policy-map system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
interface Loopback0
|
|
||||||
ip address 172.16.255.3 255.255.255.255
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface Loopback1
|
|
||||||
ip address 172.16.254.3 255.255.255.255
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface Port-channel12
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
evpn ethernet-segment 1
|
|
||||||
!
|
|
||||||
interface Port-channel14
|
|
||||||
switchport trunk allowed vlan 101,102
|
|
||||||
switchport mode trunk
|
|
||||||
evpn ethernet-segment 2
|
|
||||||
!
|
|
||||||
interface GigabitEthernet0/0
|
|
||||||
vrf forwarding Mgmt-vrf
|
|
||||||
no ip address
|
|
||||||
shutdown
|
|
||||||
negotiation auto
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/1
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.13.3 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/2
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.23.3 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/4
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/5
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/6
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/7
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/8
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/9
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/10
|
|
||||||
switchport mode trunk
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/11
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/12
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
channel-group 12 mode active
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/13
|
|
||||||
switchport trunk allowed vlan 101,102
|
|
||||||
switchport mode trunk
|
|
||||||
channel-group 14 mode active
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/14
|
|
||||||
switchport trunk allowed vlan 101,102
|
|
||||||
switchport mode trunk
|
|
||||||
channel-group 14 mode active
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/15
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/16
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/17
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/18
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/19
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/20
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/21
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/22
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/23
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/24
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/2
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/4
|
|
||||||
!
|
|
||||||
interface AppGigabitEthernet1/0/1
|
|
||||||
!
|
|
||||||
interface Vlan1
|
|
||||||
no ip address
|
|
||||||
!
|
|
||||||
interface Vlan101
|
|
||||||
vrf forwarding green
|
|
||||||
ip address 10.1.101.1 255.255.255.0
|
|
||||||
!
|
|
||||||
interface Vlan102
|
|
||||||
vrf forwarding green
|
|
||||||
ip address 10.1.102.1 255.255.255.0
|
|
||||||
!
|
|
||||||
interface Vlan901
|
|
||||||
vrf forwarding green
|
|
||||||
ip unnumbered Loopback1
|
|
||||||
ipv6 enable
|
|
||||||
no autostate
|
|
||||||
!
|
|
||||||
interface nve1
|
|
||||||
no ip address
|
|
||||||
source-interface Loopback1
|
|
||||||
host-reachability protocol bgp
|
|
||||||
member vni 10101 mcast-group 225.0.0.101
|
|
||||||
member vni 10102 ingress-replication
|
|
||||||
member vni 50901 vrf green
|
|
||||||
!
|
|
||||||
router ospf 1
|
|
||||||
router-id 172.16.255.3
|
|
||||||
!
|
|
||||||
router bgp 65001
|
|
||||||
bgp log-neighbor-changes
|
|
||||||
no bgp default ipv4-unicast
|
|
||||||
neighbor 172.16.255.1 remote-as 65001
|
|
||||||
neighbor 172.16.255.1 update-source Loopback0
|
|
||||||
neighbor 172.16.255.2 remote-as 65001
|
|
||||||
neighbor 172.16.255.2 update-source Loopback0
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
redistribute static
|
|
||||||
redistribute connected
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family l2vpn evpn
|
|
||||||
neighbor 172.16.255.1 activate
|
|
||||||
neighbor 172.16.255.1 send-community both
|
|
||||||
neighbor 172.16.255.2 activate
|
|
||||||
neighbor 172.16.255.2 send-community both
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv4 vrf green
|
|
||||||
advertise l2vpn evpn
|
|
||||||
redistribute static
|
|
||||||
redistribute connected
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
ip forward-protocol nd
|
|
||||||
ip http server
|
|
||||||
ip http authentication local
|
|
||||||
ip http secure-server
|
|
||||||
ip pim rp-address 172.16.255.255
|
|
||||||
ip ssh bulk-mode 131072
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
control-plane
|
|
||||||
service-policy input system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
line con 0
|
|
||||||
stopbits 1
|
|
||||||
line vty 0 4
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
line vty 5 31
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
end
|
|
||||||
@@ -1,427 +0,0 @@
|
|||||||
hostname Leaf-02
|
|
||||||
!
|
|
||||||
!
|
|
||||||
vrf definition Mgmt-vrf
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv6
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
vrf definition green
|
|
||||||
rd 1:1
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
route-target export 1:1
|
|
||||||
route-target import 1:1
|
|
||||||
route-target export 1:1 stitching
|
|
||||||
route-target import 1:1 stitching
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv6
|
|
||||||
route-target export 1:1
|
|
||||||
route-target import 1:1
|
|
||||||
route-target export 1:1 stitching
|
|
||||||
route-target import 1:1 stitching
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
no aaa new-model
|
|
||||||
switch 1 provision c9300l-24p-4g
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip multicast-routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
login on-success log
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
l2vpn evpn
|
|
||||||
replication-type static
|
|
||||||
router-id Loopback1
|
|
||||||
default-gateway advertise
|
|
||||||
!
|
|
||||||
l2vpn evpn ethernet-segment 1
|
|
||||||
identifier type 0 00.00.00.00.00.00.00.00.01
|
|
||||||
redundancy all-active
|
|
||||||
df-election wait-time 1
|
|
||||||
!
|
|
||||||
l2vpn evpn ethernet-segment 2
|
|
||||||
identifier type 0 00.00.00.00.00.00.00.00.02
|
|
||||||
redundancy all-active
|
|
||||||
df-election wait-time 1
|
|
||||||
!
|
|
||||||
l2vpn evpn instance 101 vlan-based
|
|
||||||
encapsulation vxlan
|
|
||||||
!
|
|
||||||
l2vpn evpn instance 102 vlan-based
|
|
||||||
encapsulation vxlan
|
|
||||||
replication-type ingress
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki trustpoint TP-self-signed-4106980722
|
|
||||||
enrollment selfsigned
|
|
||||||
subject-name cn=IOS-Self-Signed-Certificate-4106980722
|
|
||||||
revocation-check none
|
|
||||||
rsakeypair TP-self-signed-4106980722
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
crypto pki trustpoint SLA-TrustPoint
|
|
||||||
enrollment pkcs12
|
|
||||||
revocation-check crl
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki certificate chain TP-self-signed-4106980722
|
|
||||||
certificate self-signed 01
|
|
||||||
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 0D050030
|
|
||||||
31312F30 2D060355 04030C26 494F532D 53656C66 2D536967 6E65642D 43657274
|
|
||||||
69666963 6174652D 34313036 39383037 3232301E 170D3236 30363130 30393433
|
|
||||||
32345A17 0D333630 36303930 39343332 345A3031 312F302D 06035504 030C2649
|
|
||||||
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 31303639
|
|
||||||
38303732 32308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
|
|
||||||
0A028201 01009849 F78BD093 74C4F07A A3855635 0B226D1D DB524A61 14AB07A6
|
|
||||||
6CC41BC9 29B861FA 10F734FE A0115CFF 44B53345 C2C5CCDB E6508E36 734F83D1
|
|
||||||
2586BBFA 55FBCA7D 731EEA2D 7F9C13F9 B6D04514 DE51D43E DD9BE04C 9841316B
|
|
||||||
9CD765D7 2A999541 D078E1F7 4BD9597A 5BA09FBA CBFD2EF7 92BBAD66 C4FA8535
|
|
||||||
2057BC14 1E11B218 7A021057 C7EBCDC9 FCED0B91 FD84E5A2 CAD4F661 FE66AA2B
|
|
||||||
ABF56705 125F5B97 521EE401 AF66FBAD 42ACAF73 4B7F3A2F 3FA2AE03 69DC2A88
|
|
||||||
F7616397 B13E3B37 A762AFA4 D51576B7 3F0A039B 40C64DDB 39F2F686 2EF72BED
|
|
||||||
2729B749 FBE8DF8D 8A6FFB1B 569E2220 C1A81171 5481BB56 E470941D 3311E8BD
|
|
||||||
C9C59E75 06FF0203 010001A3 53305130 1D060355 1D0E0416 04141AB2 BB3AB3AE
|
|
||||||
642F201E BA75F878 589FFAEA D5D0301F 0603551D 23041830 1680141A B2BB3AB3
|
|
||||||
AE642F20 1EBA75F8 78589FFA EAD5D030 0F060355 1D130101 FF040530 030101FF
|
|
||||||
300D0609 2A864886 F70D0101 0D050003 82010100 81BBF69B F9F2A5B6 7F3CF96D
|
|
||||||
506E8D43 964DAF2A D9221CF1 D84E4841 CE94D992 2F383B63 A782E3AE 730C0D05
|
|
||||||
9D60B3ED 9A899D23 F4F741F5 B3CCAD4B CBABEDE8 F9151F0A 3917E943 DF117766
|
|
||||||
3EF0FB53 0D5402EC ED33225C C267C600 5E22DD5A 4D62D87B 84D58914 37FA19E6
|
|
||||||
F25C4B0E E6A9A72D D82F58C3 3D9BA708 96F92047 443276F4 848F07CB 0275B5D7
|
|
||||||
A3A9EA89 76E1C857 9C5C1FD6 C8AD6829 63A45513 4122EE6B 2DC85CDF 6DC4D8F4
|
|
||||||
9A649698 6E60811F 9935D7BD BFC23EAB 6B669C74 FE480A50 DEC87777 6EDF0E59
|
|
||||||
D198B7DC 29ADEE47 F562740E 870D9503 36816813 48CACEA0 AB336A54 A25BA97F
|
|
||||||
A4631BDF 907B0213 DA1B804E 72F4FA8B AFA4F633
|
|
||||||
quit
|
|
||||||
crypto pki certificate chain SLA-TrustPoint
|
|
||||||
certificate ca 01
|
|
||||||
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
|
|
||||||
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
|
|
||||||
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
|
|
||||||
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
|
|
||||||
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
|
|
||||||
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
|
|
||||||
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
|
|
||||||
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
|
|
||||||
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
|
|
||||||
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
|
|
||||||
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
|
|
||||||
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
|
|
||||||
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
|
|
||||||
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
|
|
||||||
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
|
|
||||||
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
|
|
||||||
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
|
|
||||||
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
|
|
||||||
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
|
|
||||||
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
|
|
||||||
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
|
|
||||||
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
|
|
||||||
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
|
|
||||||
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
|
|
||||||
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
|
|
||||||
D697DF7F 28
|
|
||||||
quit
|
|
||||||
!
|
|
||||||
!
|
|
||||||
license boot level network-advantage addon dna-advantage
|
|
||||||
memory free low-watermark processor 104985
|
|
||||||
!
|
|
||||||
diagnostic bootup level minimal
|
|
||||||
!
|
|
||||||
spanning-tree mode rapid-pvst
|
|
||||||
spanning-tree extend system-id
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
redundancy
|
|
||||||
mode sso
|
|
||||||
crypto engine compliance shield disable
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
transceiver type all
|
|
||||||
monitoring
|
|
||||||
!
|
|
||||||
vlan configuration 101
|
|
||||||
member evpn-instance 101 vni 10101
|
|
||||||
vlan configuration 102
|
|
||||||
member evpn-instance 102 vni 10102
|
|
||||||
vlan configuration 901
|
|
||||||
member vni 50901
|
|
||||||
!
|
|
||||||
!
|
|
||||||
class-map match-any system-cpp-police-ewlc-control
|
|
||||||
description EWLC Control
|
|
||||||
class-map match-any system-cpp-police-topology-control
|
|
||||||
description Topology control
|
|
||||||
class-map match-any system-cpp-police-sw-forward
|
|
||||||
description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
|
|
||||||
class-map match-any system-cpp-default
|
|
||||||
description EWLC Data, Inter FED Traffic
|
|
||||||
class-map match-any system-cpp-police-sys-data
|
|
||||||
description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
|
|
||||||
class-map match-any system-cpp-police-punt-webauth
|
|
||||||
description Punt Webauth
|
|
||||||
class-map match-any system-cpp-police-l2lvx-control
|
|
||||||
description L2 LVX control packets
|
|
||||||
class-map match-any system-cpp-police-forus
|
|
||||||
description Forus traffic
|
|
||||||
class-map match-any system-cpp-police-multicast-end-station
|
|
||||||
description MCAST END STATION
|
|
||||||
class-map match-any system-cpp-police-forus-addr-resolution
|
|
||||||
description Forus address resolution
|
|
||||||
class-map match-any system-cpp-police-high-rate-app
|
|
||||||
description High Rate Applications
|
|
||||||
class-map match-any system-cpp-police-multicast
|
|
||||||
description MCAST Data
|
|
||||||
class-map match-any system-cpp-police-meraki-next-tunnel
|
|
||||||
description Meraki Next tunnel
|
|
||||||
class-map match-any system-cpp-police-l2-control
|
|
||||||
description L2 control
|
|
||||||
class-map match-any system-cpp-police-dot1x-auth
|
|
||||||
description DOT1X Auth
|
|
||||||
class-map match-any system-cpp-police-data
|
|
||||||
description ICMP redirect, ICMP_GEN and BROADCAST
|
|
||||||
class-map match-any system-cpp-police-stackwise-virt-control
|
|
||||||
description Stackwise Virtual OOB
|
|
||||||
class-map match-any non-client-nrt-class
|
|
||||||
class-map match-any system-cpp-police-routing-control
|
|
||||||
description Routing control and Low Latency
|
|
||||||
class-map match-any system-cpp-police-protocol-snooping
|
|
||||||
description Protocol snooping
|
|
||||||
class-map match-any system-cpp-police-dhcp-snooping
|
|
||||||
description DHCP snooping
|
|
||||||
class-map match-any system-cpp-police-ios-routing
|
|
||||||
description L2 control, Topology control, Routing control, Low Latency
|
|
||||||
class-map match-any system-cpp-police-system-critical
|
|
||||||
description System Critical and Gold Pkt
|
|
||||||
class-map match-any system-cpp-police-ios-feature
|
|
||||||
description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
|
|
||||||
!
|
|
||||||
policy-map system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
interface Loopback0
|
|
||||||
ip address 172.16.255.4 255.255.255.255
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface Loopback1
|
|
||||||
ip address 172.16.254.4 255.255.255.255
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface Port-channel12
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
evpn ethernet-segment 1
|
|
||||||
!
|
|
||||||
interface Port-channel14
|
|
||||||
switchport trunk allowed vlan 101,102
|
|
||||||
switchport mode trunk
|
|
||||||
evpn ethernet-segment 2
|
|
||||||
!
|
|
||||||
interface GigabitEthernet0/0
|
|
||||||
vrf forwarding Mgmt-vrf
|
|
||||||
no ip address
|
|
||||||
shutdown
|
|
||||||
negotiation auto
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/1
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.14.4 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/2
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.24.4 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/4
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/5
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/6
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/7
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/8
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/9
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/10
|
|
||||||
switchport mode trunk
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/11
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/12
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
channel-group 12 mode active
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/13
|
|
||||||
switchport trunk allowed vlan 101,102
|
|
||||||
switchport mode trunk
|
|
||||||
channel-group 14 mode active
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/14
|
|
||||||
switchport trunk allowed vlan 101,102
|
|
||||||
switchport mode trunk
|
|
||||||
channel-group 14 mode active
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/15
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/16
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/17
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/18
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/19
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/20
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/21
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/22
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/23
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/24
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/2
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/4
|
|
||||||
!
|
|
||||||
interface AppGigabitEthernet1/0/1
|
|
||||||
!
|
|
||||||
interface Vlan1
|
|
||||||
no ip address
|
|
||||||
!
|
|
||||||
interface Vlan101
|
|
||||||
vrf forwarding green
|
|
||||||
ip address 10.1.101.1 255.255.255.0
|
|
||||||
!
|
|
||||||
interface Vlan102
|
|
||||||
vrf forwarding green
|
|
||||||
ip address 10.1.102.1 255.255.255.0
|
|
||||||
!
|
|
||||||
interface Vlan901
|
|
||||||
vrf forwarding green
|
|
||||||
ip unnumbered Loopback1
|
|
||||||
ipv6 enable
|
|
||||||
no autostate
|
|
||||||
!
|
|
||||||
interface nve1
|
|
||||||
no ip address
|
|
||||||
source-interface Loopback1
|
|
||||||
host-reachability protocol bgp
|
|
||||||
member vni 10101 mcast-group 225.0.0.101
|
|
||||||
member vni 50901 vrf green
|
|
||||||
member vni 10102 ingress-replication
|
|
||||||
!
|
|
||||||
router ospf 1
|
|
||||||
router-id 172.16.255.4
|
|
||||||
!
|
|
||||||
router bgp 65001
|
|
||||||
bgp log-neighbor-changes
|
|
||||||
no bgp default ipv4-unicast
|
|
||||||
neighbor 172.16.255.1 remote-as 65001
|
|
||||||
neighbor 172.16.255.1 update-source Loopback0
|
|
||||||
neighbor 172.16.255.2 remote-as 65001
|
|
||||||
neighbor 172.16.255.2 update-source Loopback0
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family l2vpn evpn
|
|
||||||
neighbor 172.16.255.1 activate
|
|
||||||
neighbor 172.16.255.1 send-community both
|
|
||||||
neighbor 172.16.255.2 activate
|
|
||||||
neighbor 172.16.255.2 send-community both
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv4 vrf green
|
|
||||||
advertise l2vpn evpn
|
|
||||||
redistribute static
|
|
||||||
redistribute connected
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
ip forward-protocol nd
|
|
||||||
ip http server
|
|
||||||
ip http authentication local
|
|
||||||
ip http secure-server
|
|
||||||
ip pim rp-address 172.16.255.255
|
|
||||||
ip ssh bulk-mode 131072
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
control-plane
|
|
||||||
service-policy input system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
line con 0
|
|
||||||
stopbits 1
|
|
||||||
line vty 0 4
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
line vty 5 31
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
end
|
|
||||||
@@ -1,300 +0,0 @@
|
|||||||
hostname Server-01
|
|
||||||
!
|
|
||||||
!
|
|
||||||
vrf definition Mgmt-vrf
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv6
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
no aaa new-model
|
|
||||||
switch 1 provision c9300l-24p-4g
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
login on-success log
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki trustpoint TP-self-signed-2947407253
|
|
||||||
enrollment selfsigned
|
|
||||||
subject-name cn=IOS-Self-Signed-Certificate-2947407253
|
|
||||||
revocation-check none
|
|
||||||
rsakeypair TP-self-signed-2947407253
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
crypto pki trustpoint SLA-TrustPoint
|
|
||||||
enrollment pkcs12
|
|
||||||
revocation-check crl
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki certificate chain TP-self-signed-2947407253
|
|
||||||
certificate self-signed 01
|
|
||||||
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 0D050030
|
|
||||||
31312F30 2D060355 04030C26 494F532D 53656C66 2D536967 6E65642D 43657274
|
|
||||||
69666963 6174652D 32393437 34303732 3533301E 170D3236 30363130 30373537
|
|
||||||
34305A17 0D333630 36303930 37353734 305A3031 312F302D 06035504 030C2649
|
|
||||||
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 39343734
|
|
||||||
30373235 33308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
|
|
||||||
0A028201 0100D73C 961D9195 D3943475 3D1021D5 5256D366 283AF7EA 7E29EDF7
|
|
||||||
D436F20C 2540FD80 151BC2FF D73151B0 5BFEB37A 1BE4D77B 064DEE09 5755F88F
|
|
||||||
CEECF4B4 650429B9 584658ED 94B60905 3F149C23 BEF50154 40285A5C D299E976
|
|
||||||
260FDCC8 23A6E59F 15663A5A 5CFB84E2 9314243E 339BCF63 3D33F429 4F104A71
|
|
||||||
DA40BFDD 5FDA6AFE 4A6795F5 C1044EBA 4A103859 619C5B42 8259B4C2 E14AD3DA
|
|
||||||
11DD2F8B CC9FAF07 B034AC36 7B54FD31 098FB3B7 1EBFB9C1 D3F3A97D 3C2B9661
|
|
||||||
3E6D7523 0C0903D4 2D66ACD7 C1E59304 36E45B5D 0D4D1DD3 FA0A8FC5 9AE00618
|
|
||||||
6523D157 CD262001 0D180482 E4125F40 58741CDA 0C0BD373 4735365E 4E859EC2
|
|
||||||
18841214 7C7D0203 010001A3 53305130 1D060355 1D0E0416 041426FB E5DBB36E
|
|
||||||
EB590719 E507692E B3563C0F 0C60301F 0603551D 23041830 16801426 FBE5DBB3
|
|
||||||
6EEB5907 19E50769 2EB3563C 0F0C6030 0F060355 1D130101 FF040530 030101FF
|
|
||||||
300D0609 2A864886 F70D0101 0D050003 82010100 34AF340D 9C10640F F7CD722C
|
|
||||||
4F149DFF 30C38F3B B30ADF41 70248500 6E8024C0 0A9D1ACA B5F3CCE6 EA3C982D
|
|
||||||
DE4F1BEC 8E933EFA B15143B9 1E5502BE BE7B10B5 BDB57038 4AB184DD 0A55BA43
|
|
||||||
37FBB9C4 E1BFE983 960383BB 40F3906D 5C47E3EF BF9BDE3A 6B33C42B F290CF49
|
|
||||||
8E96CC07 A4AA1BD5 1EFD2579 3A195166 287E14B8 4979A3AF DC1718E6 1A820E75
|
|
||||||
1D1ECCC6 B53FBF9C E6589902 BB9021BD 2B387816 28202A9E F7784F8E 7E8E92BA
|
|
||||||
C0A9AB2C AAA8668C C6AEF3B8 41CBB3C0 A4165D11 B5C1A846 2EA25215 85306E99
|
|
||||||
BAAC1EF5 54517D54 BB9EF942 9226C5CE 816801FD E5FCE9DE 5A4B795D 107E6521
|
|
||||||
D87398DE EDCDDBD2 045AB631 3D37C325 0149EA49
|
|
||||||
quit
|
|
||||||
crypto pki certificate chain SLA-TrustPoint
|
|
||||||
certificate ca 01
|
|
||||||
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
|
|
||||||
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
|
|
||||||
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
|
|
||||||
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
|
|
||||||
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
|
|
||||||
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
|
|
||||||
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
|
|
||||||
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
|
|
||||||
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
|
|
||||||
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
|
|
||||||
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
|
|
||||||
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
|
|
||||||
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
|
|
||||||
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
|
|
||||||
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
|
|
||||||
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
|
|
||||||
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
|
|
||||||
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
|
|
||||||
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
|
|
||||||
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
|
|
||||||
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
|
|
||||||
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
|
|
||||||
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
|
|
||||||
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
|
|
||||||
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
|
|
||||||
D697DF7F 28
|
|
||||||
quit
|
|
||||||
!
|
|
||||||
!
|
|
||||||
license boot level network-advantage addon dna-advantage
|
|
||||||
memory free low-watermark processor 104985
|
|
||||||
!
|
|
||||||
diagnostic bootup level minimal
|
|
||||||
!
|
|
||||||
spanning-tree mode rapid-pvst
|
|
||||||
spanning-tree extend system-id
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
redundancy
|
|
||||||
mode sso
|
|
||||||
crypto engine compliance shield disable
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
transceiver type all
|
|
||||||
monitoring
|
|
||||||
!
|
|
||||||
!
|
|
||||||
class-map match-any system-cpp-police-ewlc-control
|
|
||||||
description EWLC Control
|
|
||||||
class-map match-any system-cpp-police-topology-control
|
|
||||||
description Topology control
|
|
||||||
class-map match-any system-cpp-police-sw-forward
|
|
||||||
description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
|
|
||||||
class-map match-any system-cpp-default
|
|
||||||
description EWLC Data, Inter FED Traffic
|
|
||||||
class-map match-any system-cpp-police-sys-data
|
|
||||||
description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
|
|
||||||
class-map match-any system-cpp-police-punt-webauth
|
|
||||||
description Punt Webauth
|
|
||||||
class-map match-any system-cpp-police-l2lvx-control
|
|
||||||
description L2 LVX control packets
|
|
||||||
class-map match-any system-cpp-police-forus
|
|
||||||
description Forus traffic
|
|
||||||
class-map match-any system-cpp-police-multicast-end-station
|
|
||||||
description MCAST END STATION
|
|
||||||
class-map match-any system-cpp-police-forus-addr-resolution
|
|
||||||
description Forus address resolution
|
|
||||||
class-map match-any system-cpp-police-high-rate-app
|
|
||||||
description High Rate Applications
|
|
||||||
class-map match-any system-cpp-police-multicast
|
|
||||||
description MCAST Data
|
|
||||||
class-map match-any system-cpp-police-meraki-next-tunnel
|
|
||||||
description Meraki Next tunnel
|
|
||||||
class-map match-any system-cpp-police-l2-control
|
|
||||||
description L2 control
|
|
||||||
class-map match-any system-cpp-police-dot1x-auth
|
|
||||||
description DOT1X Auth
|
|
||||||
class-map match-any system-cpp-police-data
|
|
||||||
description ICMP redirect, ICMP_GEN and BROADCAST
|
|
||||||
class-map match-any system-cpp-police-stackwise-virt-control
|
|
||||||
description Stackwise Virtual OOB
|
|
||||||
class-map match-any non-client-nrt-class
|
|
||||||
class-map match-any system-cpp-police-routing-control
|
|
||||||
description Routing control and Low Latency
|
|
||||||
class-map match-any system-cpp-police-protocol-snooping
|
|
||||||
description Protocol snooping
|
|
||||||
class-map match-any system-cpp-police-dhcp-snooping
|
|
||||||
description DHCP snooping
|
|
||||||
class-map match-any system-cpp-police-ios-routing
|
|
||||||
description L2 control, Topology control, Routing control, Low Latency
|
|
||||||
class-map match-any system-cpp-police-system-critical
|
|
||||||
description System Critical and Gold Pkt
|
|
||||||
class-map match-any system-cpp-police-ios-feature
|
|
||||||
description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
|
|
||||||
!
|
|
||||||
policy-map system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
interface Port-channel10
|
|
||||||
no switchport
|
|
||||||
ip address 10.1.101.100 255.255.255.0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet0/0
|
|
||||||
vrf forwarding Mgmt-vrf
|
|
||||||
no ip address
|
|
||||||
shutdown
|
|
||||||
negotiation auto
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/1
|
|
||||||
description vers Leaf-01
|
|
||||||
no switchport
|
|
||||||
no ip address
|
|
||||||
channel-group 10 mode active
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/2
|
|
||||||
description vers Leaf-02
|
|
||||||
no switchport
|
|
||||||
no ip address
|
|
||||||
channel-group 10 mode active
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/4
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/5
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/6
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/7
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/8
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/9
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/10
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/11
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/12
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/13
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/14
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/15
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/16
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/17
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/18
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/19
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/20
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/21
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/22
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/23
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/24
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/2
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/4
|
|
||||||
!
|
|
||||||
interface AppGigabitEthernet1/0/1
|
|
||||||
!
|
|
||||||
interface Vlan1
|
|
||||||
no ip address
|
|
||||||
!
|
|
||||||
ip forward-protocol nd
|
|
||||||
ip http server
|
|
||||||
ip http authentication local
|
|
||||||
ip http secure-server
|
|
||||||
ip ssh bulk-mode 131072
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
control-plane
|
|
||||||
service-policy input system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
line con 0
|
|
||||||
stopbits 1
|
|
||||||
line vty 0 4
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
line vty 5 31
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
end
|
|
||||||
@@ -1,351 +0,0 @@
|
|||||||
hostname Spine-01
|
|
||||||
!
|
|
||||||
!
|
|
||||||
vrf definition Mgmt-vrf
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv6
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
no aaa new-model
|
|
||||||
switch 2 provision c9300l-24p-4g
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip multicast-routing
|
|
||||||
!
|
|
||||||
ip dhcp pool webuidhcp
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
login on-success log
|
|
||||||
ipv6 nd cache expire refresh
|
|
||||||
ipv6 unicast-routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki trustpoint SLA-TrustPoint
|
|
||||||
enrollment pkcs12
|
|
||||||
revocation-check crl
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
crypto pki trustpoint TP-self-signed-251052295
|
|
||||||
enrollment selfsigned
|
|
||||||
subject-name cn=IOS-Self-Signed-Certificate-251052295
|
|
||||||
revocation-check none
|
|
||||||
rsakeypair TP-self-signed-251052295
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki certificate chain SLA-TrustPoint
|
|
||||||
certificate ca 01
|
|
||||||
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
|
|
||||||
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
|
|
||||||
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
|
|
||||||
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
|
|
||||||
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
|
|
||||||
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
|
|
||||||
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
|
|
||||||
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
|
|
||||||
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
|
|
||||||
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
|
|
||||||
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
|
|
||||||
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
|
|
||||||
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
|
|
||||||
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
|
|
||||||
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
|
|
||||||
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
|
|
||||||
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
|
|
||||||
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
|
|
||||||
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
|
|
||||||
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
|
|
||||||
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
|
|
||||||
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
|
|
||||||
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
|
|
||||||
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
|
|
||||||
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
|
|
||||||
D697DF7F 28
|
|
||||||
quit
|
|
||||||
crypto pki certificate chain TP-self-signed-251052295
|
|
||||||
certificate self-signed 01
|
|
||||||
3082032E 30820216 A0030201 02020101 300D0609 2A864886 F70D0101 0D050030
|
|
||||||
30312E30 2C060355 04030C25 494F532D 53656C66 2D536967 6E65642D 43657274
|
|
||||||
69666963 6174652D 32353130 35323239 35301E17 0D323630 36313030 37353733
|
|
||||||
315A170D 33363036 30393037 35373331 5A303031 2E302C06 03550403 0C25494F
|
|
||||||
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3235 31303532
|
|
||||||
32393530 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 82010A02
|
|
||||||
82010100 D89BCFBD 5397ED82 DFCE3396 1664243E F8B16D1A EF4EA9FC 89661810
|
|
||||||
B86A1333 F49417A6 D2321D74 E43423FC 99CB1A86 704E5FC1 1F26C7E7 DCDBD99F
|
|
||||||
D85630C3 59237E9C 9A988DE5 15500356 0FB10E0F 3E8B1401 7C8E06A8 E3493E22
|
|
||||||
93AC7E5D 52433498 490F20EE C966121A 0FFDC547 E9C664D1 766EDF3D 13081CEC
|
|
||||||
AB2B202C 5FF1BB61 B98593BE 3700930E AF220152 F6BF1D1A 38B9CDC0 CB31C119
|
|
||||||
2E09E5F3 4CA6F02A 1FF916FC 4627CCB9 C32D8573 B69AF79B 699E91F3 0C79FECA
|
|
||||||
0DF90FF0 F8B005FA 63DF5302 64C3A1AE 6FD8C78E FE976E0C D03E9139 6B933048
|
|
||||||
13049514 105B1995 1267D0DC 3DA4CCBD 31703F2F 6914C8F3 7B1DB726 A2B07631
|
|
||||||
2180D6F7 02030100 01A35330 51301D06 03551D0E 04160414 147899D8 5CAC32ED
|
|
||||||
34315AED 87E8EFCA 2FEC840F 301F0603 551D2304 18301680 14147899 D85CAC32
|
|
||||||
ED34315A ED87E8EF CA2FEC84 0F300F06 03551D13 0101FF04 05300301 01FF300D
|
|
||||||
06092A86 4886F70D 01010D05 00038201 0100AAA6 FE2EC09B F9769A5C C0DAAE85
|
|
||||||
8D02A258 AB7E4510 807F9FEF 10FE774B 7B0F3EFE 117F850F 833B49B6 C20781B0
|
|
||||||
D89F5F9E FDEB06B1 74889F5E 5D2E9EEB 2ECDE82E 58EDA905 AD6D7313 66519DC7
|
|
||||||
6702F569 DDEAE0E6 24C302AF F784DFA3 F3FA0512 DD416C13 8AFC7D09 6EAE05E3
|
|
||||||
5E067BD9 3CC56564 3B92D3C1 1E4BC00C FD3C03A1 0E37A034 1C378323 4080AE0D
|
|
||||||
AAEB2A55 632CF3C0 35ACBDB4 F118B9FE 53C9D86A 2713FD54 C1ADA68B 043EC657
|
|
||||||
3CE61F31 61FEC1B9 75DCD39B 75E97238 A1CF89E0 47B037C1 8A886AD3 0F3D35DF
|
|
||||||
1822F3A2 1AD01417 77D4D683 274034B9 9721C84B A9203A29 06F916BF BEBEB112
|
|
||||||
F43BAFEB EC57AECF 57C0AED5 88A8DE69 F5A4
|
|
||||||
quit
|
|
||||||
!
|
|
||||||
!
|
|
||||||
license boot level network-advantage addon dna-advantage
|
|
||||||
memory free low-watermark processor 104985
|
|
||||||
!
|
|
||||||
diagnostic bootup level minimal
|
|
||||||
!
|
|
||||||
spanning-tree mode rapid-pvst
|
|
||||||
spanning-tree extend system-id
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
redundancy
|
|
||||||
mode sso
|
|
||||||
crypto engine compliance shield disable
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
transceiver type all
|
|
||||||
monitoring
|
|
||||||
!
|
|
||||||
!
|
|
||||||
class-map match-any system-cpp-police-ewlc-control
|
|
||||||
description EWLC Control
|
|
||||||
class-map match-any system-cpp-police-topology-control
|
|
||||||
description Topology control
|
|
||||||
class-map match-any system-cpp-police-sw-forward
|
|
||||||
description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
|
|
||||||
class-map match-any system-cpp-default
|
|
||||||
description EWLC Data, Inter FED Traffic
|
|
||||||
class-map match-any system-cpp-police-sys-data
|
|
||||||
description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
|
|
||||||
class-map match-any system-cpp-police-punt-webauth
|
|
||||||
description Punt Webauth
|
|
||||||
class-map match-any system-cpp-police-l2lvx-control
|
|
||||||
description L2 LVX control packets
|
|
||||||
class-map match-any system-cpp-police-forus
|
|
||||||
description Forus traffic
|
|
||||||
class-map match-any system-cpp-police-multicast-end-station
|
|
||||||
description MCAST END STATION
|
|
||||||
class-map match-any system-cpp-police-forus-addr-resolution
|
|
||||||
description Forus address resolution
|
|
||||||
class-map match-any system-cpp-police-high-rate-app
|
|
||||||
description High Rate Applications
|
|
||||||
class-map match-any system-cpp-police-multicast
|
|
||||||
description MCAST Data
|
|
||||||
class-map match-any system-cpp-police-meraki-next-tunnel
|
|
||||||
description Meraki Next tunnel
|
|
||||||
class-map match-any system-cpp-police-l2-control
|
|
||||||
description L2 control
|
|
||||||
class-map match-any system-cpp-police-dot1x-auth
|
|
||||||
description DOT1X Auth
|
|
||||||
class-map match-any system-cpp-police-data
|
|
||||||
description ICMP redirect, ICMP_GEN and BROADCAST
|
|
||||||
class-map match-any system-cpp-police-stackwise-virt-control
|
|
||||||
description Stackwise Virtual OOB
|
|
||||||
class-map match-any non-client-nrt-class
|
|
||||||
class-map match-any system-cpp-police-routing-control
|
|
||||||
description Routing control and Low Latency
|
|
||||||
class-map match-any system-cpp-police-protocol-snooping
|
|
||||||
description Protocol snooping
|
|
||||||
class-map match-any system-cpp-police-dhcp-snooping
|
|
||||||
description DHCP snooping
|
|
||||||
class-map match-any system-cpp-police-ios-routing
|
|
||||||
description L2 control, Topology control, Routing control, Low Latency
|
|
||||||
class-map match-any system-cpp-police-system-critical
|
|
||||||
description System Critical and Gold Pkt
|
|
||||||
class-map match-any system-cpp-police-ios-feature
|
|
||||||
description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
|
|
||||||
!
|
|
||||||
policy-map system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
interface Loopback0
|
|
||||||
ip address 172.16.255.1 255.255.255.255
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface Loopback1
|
|
||||||
ip address 172.16.254.1 255.255.255.255
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface Loopback2
|
|
||||||
ip address 172.16.255.255 255.255.255.255
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet0/0
|
|
||||||
vrf forwarding Mgmt-vrf
|
|
||||||
no ip address
|
|
||||||
shutdown
|
|
||||||
negotiation auto
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/1
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.13.1 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/2
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.14.1 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/4
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/5
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/6
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/7
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/8
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/9
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/10
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/11
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/12
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/13
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/14
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/15
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/16
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/17
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/18
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/19
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/20
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/21
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/22
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/23
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/24
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/1/1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/1/2
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/1/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/1/4
|
|
||||||
!
|
|
||||||
interface AppGigabitEthernet2/0/1
|
|
||||||
!
|
|
||||||
interface Vlan1
|
|
||||||
no ip address
|
|
||||||
shutdown
|
|
||||||
!
|
|
||||||
router ospf 1
|
|
||||||
router-id 172.16.255.1
|
|
||||||
!
|
|
||||||
router bgp 65001
|
|
||||||
template peer-policy RR-PP
|
|
||||||
route-reflector-client
|
|
||||||
send-community both
|
|
||||||
exit-peer-policy
|
|
||||||
!
|
|
||||||
template peer-session RR-PS
|
|
||||||
remote-as 65001
|
|
||||||
update-source Loopback0
|
|
||||||
exit-peer-session
|
|
||||||
!
|
|
||||||
bgp router-id 172.16.255.1
|
|
||||||
bgp log-neighbor-changes
|
|
||||||
no bgp default ipv4-unicast
|
|
||||||
neighbor 172.16.255.3 inherit peer-session RR-PS
|
|
||||||
neighbor 172.16.255.4 inherit peer-session RR-PS
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family l2vpn evpn
|
|
||||||
neighbor 172.16.255.3 activate
|
|
||||||
neighbor 172.16.255.3 send-community both
|
|
||||||
neighbor 172.16.255.3 inherit peer-policy RR-PP
|
|
||||||
neighbor 172.16.255.4 activate
|
|
||||||
neighbor 172.16.255.4 send-community both
|
|
||||||
neighbor 172.16.255.4 inherit peer-policy RR-PP
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
ip forward-protocol nd
|
|
||||||
ip http server
|
|
||||||
ip http secure-server
|
|
||||||
ip pim rp-address 172.16.255.255
|
|
||||||
ip msdp peer 172.16.254.2 connect-source Loopback1 remote-as 65001
|
|
||||||
ip ssh bulk-mode 131072
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
control-plane
|
|
||||||
service-policy input system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
line con 0
|
|
||||||
stopbits 1
|
|
||||||
line vty 0 4
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
line vty 5 31
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
end
|
|
||||||
@@ -1,347 +0,0 @@
|
|||||||
hostname Spine-02
|
|
||||||
!
|
|
||||||
!
|
|
||||||
vrf definition Mgmt-vrf
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv6
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
no aaa new-model
|
|
||||||
switch 1 provision c9300l-24p-4g
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip multicast-routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
login on-success log
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki trustpoint TP-self-signed-430895953
|
|
||||||
enrollment selfsigned
|
|
||||||
subject-name cn=IOS-Self-Signed-Certificate-430895953
|
|
||||||
revocation-check none
|
|
||||||
rsakeypair TP-self-signed-430895953
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
crypto pki trustpoint SLA-TrustPoint
|
|
||||||
enrollment pkcs12
|
|
||||||
revocation-check crl
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki certificate chain TP-self-signed-430895953
|
|
||||||
certificate self-signed 01
|
|
||||||
3082032E 30820216 A0030201 02020101 300D0609 2A864886 F70D0101 0D050030
|
|
||||||
30312E30 2C060355 04030C25 494F532D 53656C66 2D536967 6E65642D 43657274
|
|
||||||
69666963 6174652D 34333038 39353935 33301E17 0D323630 36313030 37353931
|
|
||||||
315A170D 33363036 30393037 35393131 5A303031 2E302C06 03550403 0C25494F
|
|
||||||
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3433 30383935
|
|
||||||
39353330 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 82010A02
|
|
||||||
82010100 A71865B6 6C5F0B06 665FCD05 19C66FF3 4D4B9157 EF422949 A4ACD2F2
|
|
||||||
ACF5AA84 6B593191 FF34BB5C 2A1F3064 DCF41C32 A8EA567D C7B1400B A9CD2CC6
|
|
||||||
55F61D16 792E6552 31D4B438 137EC154 47503D71 FDB8A4A7 71B3FE2A B36FF58C
|
|
||||||
F5356063 942A2DBC 99F20FC0 ABE7C186 940AF2A2 E94A30CF 7D6AA5D7 4A9C93BB
|
|
||||||
99A5779B A179C130 8839473E 04679619 897E139A 3B883DF0 484060CD 703D25A2
|
|
||||||
01153890 F65AE584 6C403826 7DDD0C8C B76D6690 D7FACB49 89B2CB22 619B1F18
|
|
||||||
3C090DAF 47443412 63FC7B3B DEDED46B 4B19BB16 6C2EA229 1946B513 813645F8
|
|
||||||
D029F8B4 878F3581 30A3D42A 37BE3C82 835EDC01 A4D028BC 76F777EC CE9440F2
|
|
||||||
26037F3F 02030100 01A35330 51301D06 03551D0E 04160414 77E8D640 80AF8B64
|
|
||||||
B2AFF1D6 AED32E71 F70417EA 301F0603 551D2304 18301680 1477E8D6 4080AF8B
|
|
||||||
64B2AFF1 D6AED32E 71F70417 EA300F06 03551D13 0101FF04 05300301 01FF300D
|
|
||||||
06092A86 4886F70D 01010D05 00038201 0100177A 72BD66A9 0BFFDBC2 B79A5E60
|
|
||||||
0D47EBD5 A52A2A4F 6CB07B34 55D37A8F 9DE892FB 8AEAD5BF 5D0766DD BC51BD4A
|
|
||||||
5D64DCDA 493D2D2E BB01BAC4 6D4AE47E FE0F0DDD 0628328B 9FAB4001 721E4F9A
|
|
||||||
CF4396D2 AA70CBCA E071F9AF C8248307 D75DABFA A9302E78 7D2AC3FF 2A62FAA7
|
|
||||||
E7AE7A15 EAFE2A27 36BE73BF C9B25B68 FE9A3837 715BD0F2 55B3FEBF 02EEAECC
|
|
||||||
469280FE B46A8105 C3D36F72 E18F6AC2 B3A62DA1 DE7A80B9 0E382EE0 6DD0315D
|
|
||||||
1E4D6120 386CB1E9 48301645 7A8F14F9 3CA2B26F 98C9E634 AB9E0E8A 863B8D1E
|
|
||||||
B64A5817 C92BEEDA 4086C3F7 81EA3F30 DA66BADA 8A16810F EAC7B4C4 6DF5420A
|
|
||||||
4733CCA2 A71746B9 E7762CF6 51C90F36 3E58
|
|
||||||
quit
|
|
||||||
crypto pki certificate chain SLA-TrustPoint
|
|
||||||
certificate ca 01
|
|
||||||
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
|
|
||||||
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
|
|
||||||
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
|
|
||||||
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
|
|
||||||
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
|
|
||||||
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
|
|
||||||
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
|
|
||||||
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
|
|
||||||
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
|
|
||||||
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
|
|
||||||
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
|
|
||||||
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
|
|
||||||
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
|
|
||||||
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
|
|
||||||
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
|
|
||||||
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
|
|
||||||
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
|
|
||||||
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
|
|
||||||
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
|
|
||||||
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
|
|
||||||
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
|
|
||||||
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
|
|
||||||
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
|
|
||||||
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
|
|
||||||
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
|
|
||||||
D697DF7F 28
|
|
||||||
quit
|
|
||||||
!
|
|
||||||
!
|
|
||||||
license boot level network-advantage addon dna-advantage
|
|
||||||
memory free low-watermark processor 104985
|
|
||||||
!
|
|
||||||
diagnostic bootup level minimal
|
|
||||||
!
|
|
||||||
spanning-tree mode rapid-pvst
|
|
||||||
spanning-tree extend system-id
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
redundancy
|
|
||||||
mode sso
|
|
||||||
crypto engine compliance shield disable
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
transceiver type all
|
|
||||||
monitoring
|
|
||||||
!
|
|
||||||
!
|
|
||||||
class-map match-any system-cpp-police-ewlc-control
|
|
||||||
description EWLC Control
|
|
||||||
class-map match-any system-cpp-police-topology-control
|
|
||||||
description Topology control
|
|
||||||
class-map match-any system-cpp-police-sw-forward
|
|
||||||
description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
|
|
||||||
class-map match-any system-cpp-default
|
|
||||||
description EWLC Data, Inter FED Traffic
|
|
||||||
class-map match-any system-cpp-police-sys-data
|
|
||||||
description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
|
|
||||||
class-map match-any system-cpp-police-punt-webauth
|
|
||||||
description Punt Webauth
|
|
||||||
class-map match-any system-cpp-police-l2lvx-control
|
|
||||||
description L2 LVX control packets
|
|
||||||
class-map match-any system-cpp-police-forus
|
|
||||||
description Forus traffic
|
|
||||||
class-map match-any system-cpp-police-multicast-end-station
|
|
||||||
description MCAST END STATION
|
|
||||||
class-map match-any system-cpp-police-forus-addr-resolution
|
|
||||||
description Forus address resolution
|
|
||||||
class-map match-any system-cpp-police-high-rate-app
|
|
||||||
description High Rate Applications
|
|
||||||
class-map match-any system-cpp-police-multicast
|
|
||||||
description MCAST Data
|
|
||||||
class-map match-any system-cpp-police-meraki-next-tunnel
|
|
||||||
description Meraki Next tunnel
|
|
||||||
class-map match-any system-cpp-police-l2-control
|
|
||||||
description L2 control
|
|
||||||
class-map match-any system-cpp-police-dot1x-auth
|
|
||||||
description DOT1X Auth
|
|
||||||
class-map match-any system-cpp-police-data
|
|
||||||
description ICMP redirect, ICMP_GEN and BROADCAST
|
|
||||||
class-map match-any system-cpp-police-stackwise-virt-control
|
|
||||||
description Stackwise Virtual OOB
|
|
||||||
class-map match-any non-client-nrt-class
|
|
||||||
class-map match-any system-cpp-police-routing-control
|
|
||||||
description Routing control and Low Latency
|
|
||||||
class-map match-any system-cpp-police-protocol-snooping
|
|
||||||
description Protocol snooping
|
|
||||||
class-map match-any system-cpp-police-dhcp-snooping
|
|
||||||
description DHCP snooping
|
|
||||||
class-map match-any system-cpp-police-ios-routing
|
|
||||||
description L2 control, Topology control, Routing control, Low Latency
|
|
||||||
class-map match-any system-cpp-police-system-critical
|
|
||||||
description System Critical and Gold Pkt
|
|
||||||
class-map match-any system-cpp-police-ios-feature
|
|
||||||
description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
|
|
||||||
!
|
|
||||||
policy-map system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
interface Loopback0
|
|
||||||
ip address 172.16.255.2 255.255.255.255
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface Loopback1
|
|
||||||
ip address 172.16.254.2 255.255.255.255
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface Loopback2
|
|
||||||
ip address 172.16.255.255 255.255.255.255
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet0/0
|
|
||||||
vrf forwarding Mgmt-vrf
|
|
||||||
no ip address
|
|
||||||
shutdown
|
|
||||||
negotiation auto
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/1
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.23.2 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/2
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.24.2 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/4
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/5
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/6
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/7
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/8
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/9
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/10
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/11
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/12
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/13
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/14
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/15
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/16
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/17
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/18
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/19
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/20
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/21
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/22
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/23
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/24
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/2
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/4
|
|
||||||
!
|
|
||||||
interface AppGigabitEthernet1/0/1
|
|
||||||
!
|
|
||||||
interface Vlan1
|
|
||||||
no ip address
|
|
||||||
!
|
|
||||||
router ospf 1
|
|
||||||
router-id 172.16.255.2
|
|
||||||
!
|
|
||||||
router bgp 65001
|
|
||||||
template peer-policy RR-PP
|
|
||||||
route-reflector-client
|
|
||||||
send-community both
|
|
||||||
exit-peer-policy
|
|
||||||
!
|
|
||||||
template peer-session RR-PS
|
|
||||||
remote-as 65001
|
|
||||||
update-source Loopback0
|
|
||||||
exit-peer-session
|
|
||||||
!
|
|
||||||
bgp router-id 172.16.255.2
|
|
||||||
bgp log-neighbor-changes
|
|
||||||
no bgp default ipv4-unicast
|
|
||||||
neighbor 172.16.255.3 inherit peer-session RR-PS
|
|
||||||
neighbor 172.16.255.4 inherit peer-session RR-PS
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family l2vpn evpn
|
|
||||||
neighbor 172.16.255.3 activate
|
|
||||||
neighbor 172.16.255.3 send-community both
|
|
||||||
neighbor 172.16.255.3 inherit peer-policy RR-PP
|
|
||||||
neighbor 172.16.255.4 activate
|
|
||||||
neighbor 172.16.255.4 send-community both
|
|
||||||
neighbor 172.16.255.4 inherit peer-policy RR-PP
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
ip forward-protocol nd
|
|
||||||
ip http server
|
|
||||||
ip http authentication local
|
|
||||||
ip http secure-server
|
|
||||||
ip pim rp-address 172.16.255.255
|
|
||||||
ip msdp peer 172.16.254.1 connect-source Loopback1 remote-as 65001
|
|
||||||
ip ssh bulk-mode 131072
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
control-plane
|
|
||||||
service-policy input system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
line con 0
|
|
||||||
stopbits 1
|
|
||||||
line vty 0 4
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
line vty 5 31
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
end
|
|
||||||
@@ -1,363 +0,0 @@
|
|||||||
hostname Acces-01
|
|
||||||
!
|
|
||||||
!
|
|
||||||
vrf definition Mgmt-vrf
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv6
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
no aaa new-model
|
|
||||||
switch 1 provision c9300l-24t-4g
|
|
||||||
switch 2 provision c9300l-24t-4g
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
login on-success log
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki trustpoint TP-self-signed-1855158953
|
|
||||||
enrollment selfsigned
|
|
||||||
subject-name cn=IOS-Self-Signed-Certificate-1855158953
|
|
||||||
revocation-check none
|
|
||||||
rsakeypair TP-self-signed-1855158953
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
crypto pki trustpoint SLA-TrustPoint
|
|
||||||
enrollment pkcs12
|
|
||||||
revocation-check crl
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki certificate chain TP-self-signed-1855158953
|
|
||||||
certificate self-signed 01
|
|
||||||
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 0D050030
|
|
||||||
31312F30 2D060355 04030C26 494F532D 53656C66 2D536967 6E65642D 43657274
|
|
||||||
69666963 6174652D 31383535 31353839 3533301E 170D3236 30363130 31323030
|
|
||||||
32385A17 0D333630 36303931 32303032 385A3031 312F302D 06035504 030C2649
|
|
||||||
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38353531
|
|
||||||
35383935 33308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
|
|
||||||
0A028201 0100A0FC 28DCFEB1 51334B66 82B2D625 997681D2 239049D2 C3F1DAD3
|
|
||||||
0DFB7A79 48B494AF 4E9A63E4 A62D1AE9 2F3959FB 6153BB07 0C1DDEDC 1D9F4E27
|
|
||||||
BD56DF67 562E608D D6B7EE68 E75125A5 EE04B02B A8EE23C4 5E2E80D5 0F75F349
|
|
||||||
4CAB259F 57DE2459 0595C89B 8F972F29 54006AD7 0C67F416 5BDBE29E 6557695D
|
|
||||||
0763F793 1D7BBA4C E1445C4D C26B4CFD C58FF8B8 DC91A9A7 D5EC287A F167B3CB
|
|
||||||
16DEB643 601C98AD 90D76C1E 0E0DD88E 464F906D F0D5C5C1 AE17A694 90775093
|
|
||||||
AE20CAF8 F05C3974 2A2A8668 322DDB03 05621885 E6E7C1B7 AF6384FC F8D1B865
|
|
||||||
E1BB5788 704FE5CA 6096BE5A 7CDADEE1 0FFEC364 46470AE7 BBA09990 15DA18FF
|
|
||||||
E05E7D46 B1770203 010001A3 53305130 1D060355 1D0E0416 0414D225 6A1B1A99
|
|
||||||
A5FBF7FB DC557609 45A053B7 9516301F 0603551D 23041830 168014D2 256A1B1A
|
|
||||||
99A5FBF7 FBDC5576 0945A053 B7951630 0F060355 1D130101 FF040530 030101FF
|
|
||||||
300D0609 2A864886 F70D0101 0D050003 82010100 021970C7 4E6C0C86 56C38FEA
|
|
||||||
EF075272 9B2FF043 3B7D2C1C D0BB7C83 0F06ECC9 F380AA49 E0A41706 194EF7AC
|
|
||||||
1BE8BFA8 9B7C335A A8E66C84 89945443 B9F6FF1F 2BB06B5B 16E29073 07364FE2
|
|
||||||
3705AB86 31B4A086 FB2E9663 FFE621D5 A4B0A061 B6B53967 F791EF19 0207B5E5
|
|
||||||
40D4BD4D F55C43F0 2C8A4C28 FF935D32 BBC00FBD D2E1B111 57EB0539 88864EA7
|
|
||||||
5BF6B49E 29721B90 17395B19 E23B84E9 FE3A4267 01A5AA4F 2F2C87EC ACC1A22C
|
|
||||||
ABF60ACE 6F0D7B31 D6C8DF51 654309EA 25497513 819269A6 DDC8D7EC 99135A7C
|
|
||||||
895B1320 AF02B0E1 6207D49A 8FA483BF F96F04EB 4A9783E1 0F9E3D54 97428020
|
|
||||||
071BCF24 08F5C4E3 5BDB06EF 00A20C74 3AFE60BB
|
|
||||||
quit
|
|
||||||
crypto pki certificate chain SLA-TrustPoint
|
|
||||||
certificate ca 01
|
|
||||||
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
|
|
||||||
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
|
|
||||||
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
|
|
||||||
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
|
|
||||||
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
|
|
||||||
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
|
|
||||||
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
|
|
||||||
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
|
|
||||||
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
|
|
||||||
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
|
|
||||||
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
|
|
||||||
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
|
|
||||||
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
|
|
||||||
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
|
|
||||||
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
|
|
||||||
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
|
|
||||||
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
|
|
||||||
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
|
|
||||||
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
|
|
||||||
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
|
|
||||||
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
|
|
||||||
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
|
|
||||||
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
|
|
||||||
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
|
|
||||||
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
|
|
||||||
D697DF7F 28
|
|
||||||
quit
|
|
||||||
!
|
|
||||||
!
|
|
||||||
license boot level network-advantage addon dna-advantage
|
|
||||||
memory free low-watermark processor 104985
|
|
||||||
!
|
|
||||||
diagnostic bootup level minimal
|
|
||||||
!
|
|
||||||
spanning-tree mode rapid-pvst
|
|
||||||
spanning-tree extend system-id
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
redundancy
|
|
||||||
mode sso
|
|
||||||
crypto engine compliance shield disable
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
transceiver type all
|
|
||||||
monitoring
|
|
||||||
!
|
|
||||||
!
|
|
||||||
class-map match-any system-cpp-police-ewlc-control
|
|
||||||
description EWLC Control
|
|
||||||
class-map match-any system-cpp-police-topology-control
|
|
||||||
description Topology control
|
|
||||||
class-map match-any system-cpp-police-sw-forward
|
|
||||||
description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
|
|
||||||
class-map match-any system-cpp-default
|
|
||||||
description EWLC Data, Inter FED Traffic
|
|
||||||
class-map match-any system-cpp-police-sys-data
|
|
||||||
description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
|
|
||||||
class-map match-any system-cpp-police-punt-webauth
|
|
||||||
description Punt Webauth
|
|
||||||
class-map match-any system-cpp-police-l2lvx-control
|
|
||||||
description L2 LVX control packets
|
|
||||||
class-map match-any system-cpp-police-forus
|
|
||||||
description Forus traffic
|
|
||||||
class-map match-any system-cpp-police-multicast-end-station
|
|
||||||
description MCAST END STATION
|
|
||||||
class-map match-any system-cpp-police-forus-addr-resolution
|
|
||||||
description Forus address resolution
|
|
||||||
class-map match-any system-cpp-police-high-rate-app
|
|
||||||
description High Rate Applications
|
|
||||||
class-map match-any system-cpp-police-multicast
|
|
||||||
description MCAST Data
|
|
||||||
class-map match-any system-cpp-police-meraki-next-tunnel
|
|
||||||
description Meraki Next tunnel
|
|
||||||
class-map match-any system-cpp-police-l2-control
|
|
||||||
description L2 control
|
|
||||||
class-map match-any system-cpp-police-dot1x-auth
|
|
||||||
description DOT1X Auth
|
|
||||||
class-map match-any system-cpp-police-data
|
|
||||||
description ICMP redirect, ICMP_GEN and BROADCAST
|
|
||||||
class-map match-any system-cpp-police-stackwise-virt-control
|
|
||||||
description Stackwise Virtual OOB
|
|
||||||
class-map match-any non-client-nrt-class
|
|
||||||
class-map match-any system-cpp-police-routing-control
|
|
||||||
description Routing control and Low Latency
|
|
||||||
class-map match-any system-cpp-police-protocol-snooping
|
|
||||||
description Protocol snooping
|
|
||||||
class-map match-any system-cpp-police-dhcp-snooping
|
|
||||||
description DHCP snooping
|
|
||||||
class-map match-any system-cpp-police-ios-routing
|
|
||||||
description L2 control, Topology control, Routing control, Low Latency
|
|
||||||
class-map match-any system-cpp-police-system-critical
|
|
||||||
description System Critical and Gold Pkt
|
|
||||||
class-map match-any system-cpp-police-ios-feature
|
|
||||||
description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
|
|
||||||
!
|
|
||||||
policy-map system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
interface Port-channel24
|
|
||||||
switchport trunk allowed vlan 101,102
|
|
||||||
switchport mode trunk
|
|
||||||
!
|
|
||||||
interface GigabitEthernet0/0
|
|
||||||
vrf forwarding Mgmt-vrf
|
|
||||||
no ip address
|
|
||||||
shutdown
|
|
||||||
negotiation auto
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/2
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/4
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/5
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/6
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/7
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/8
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/9
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/10
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/11
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/12
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/13
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/14
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/15
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/16
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/17
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/18
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/19
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/20
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/21
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/22
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/23
|
|
||||||
switchport trunk allowed vlan 101,102
|
|
||||||
switchport mode trunk
|
|
||||||
channel-group 24 mode active
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/24
|
|
||||||
switchport trunk allowed vlan 101,102
|
|
||||||
switchport mode trunk
|
|
||||||
channel-group 24 mode active
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/2
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/4
|
|
||||||
!
|
|
||||||
interface AppGigabitEthernet1/0/1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/2
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/4
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/5
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/6
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/7
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/8
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/9
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/10
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/11
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/12
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/13
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/14
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/15
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/16
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/17
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/18
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/19
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/20
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/21
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/22
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/23
|
|
||||||
switchport trunk allowed vlan 101,102
|
|
||||||
switchport mode trunk
|
|
||||||
channel-group 24 mode active
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/24
|
|
||||||
switchport trunk allowed vlan 101,102
|
|
||||||
switchport mode trunk
|
|
||||||
channel-group 24 mode active
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/1/1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/1/2
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/1/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/1/4
|
|
||||||
!
|
|
||||||
interface AppGigabitEthernet2/0/1
|
|
||||||
!
|
|
||||||
interface Vlan1
|
|
||||||
no ip address
|
|
||||||
!
|
|
||||||
ip forward-protocol nd
|
|
||||||
ip http server
|
|
||||||
ip http authentication local
|
|
||||||
ip http secure-server
|
|
||||||
ip ssh bulk-mode 131072
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
control-plane
|
|
||||||
service-policy input system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
line con 0
|
|
||||||
stopbits 1
|
|
||||||
line vty 0 4
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
line vty 5 31
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
end
|
|
||||||
@@ -1,430 +0,0 @@
|
|||||||
hostname Leaf-01
|
|
||||||
!
|
|
||||||
!
|
|
||||||
vrf definition Mgmt-vrf
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv6
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
vrf definition green
|
|
||||||
rd 1:1
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
route-target export 1:1
|
|
||||||
route-target import 1:1
|
|
||||||
route-target export 1:1 stitching
|
|
||||||
route-target import 1:1 stitching
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv6
|
|
||||||
route-target export 1:1
|
|
||||||
route-target import 1:1
|
|
||||||
route-target export 1:1 stitching
|
|
||||||
route-target import 1:1 stitching
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
no aaa new-model
|
|
||||||
switch 1 provision c9300l-24p-4g
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip multicast-routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
login on-success log
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
l2vpn evpn
|
|
||||||
replication-type static
|
|
||||||
router-id Loopback1
|
|
||||||
default-gateway advertise
|
|
||||||
!
|
|
||||||
l2vpn evpn ethernet-segment 1
|
|
||||||
identifier type 0 00.00.00.00.00.00.00.00.01
|
|
||||||
redundancy all-active
|
|
||||||
df-election wait-time 1
|
|
||||||
!
|
|
||||||
l2vpn evpn ethernet-segment 2
|
|
||||||
identifier type 0 00.00.00.00.00.00.00.00.02
|
|
||||||
redundancy all-active
|
|
||||||
df-election wait-time 1
|
|
||||||
!
|
|
||||||
l2vpn evpn instance 101 vlan-based
|
|
||||||
encapsulation vxlan
|
|
||||||
replication-type static
|
|
||||||
!
|
|
||||||
l2vpn evpn instance 102 vlan-based
|
|
||||||
encapsulation vxlan
|
|
||||||
replication-type ingress
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki trustpoint TP-self-signed-2748515057
|
|
||||||
enrollment selfsigned
|
|
||||||
subject-name cn=IOS-Self-Signed-Certificate-2748515057
|
|
||||||
revocation-check none
|
|
||||||
rsakeypair TP-self-signed-2748515057
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
crypto pki trustpoint SLA-TrustPoint
|
|
||||||
enrollment pkcs12
|
|
||||||
revocation-check crl
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki certificate chain TP-self-signed-2748515057
|
|
||||||
certificate self-signed 01
|
|
||||||
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 0D050030
|
|
||||||
31312F30 2D060355 04030C26 494F532D 53656C66 2D536967 6E65642D 43657274
|
|
||||||
69666963 6174652D 32373438 35313530 3537301E 170D3236 30363130 30393433
|
|
||||||
30385A17 0D333630 36303930 39343330 385A3031 312F302D 06035504 030C2649
|
|
||||||
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37343835
|
|
||||||
31353035 37308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
|
|
||||||
0A028201 0100A4CA 45163B01 9C334AAA 046F7B18 E9F8D151 8996B5B5 CA96FC78
|
|
||||||
870C057E 929F7011 CAE9A00E E5DDD799 2C2581D3 413DFC7C 49B38DF0 48A0216E
|
|
||||||
4EF4C65C F1D1F4EF 545370F3 3FA69C4B 22948881 F7B28644 2A4F2865 026EF500
|
|
||||||
F57BBC11 4C13CEC6 841421DB 34EDCB47 510668FF 5FBF525E CF9020ED 51414B3D
|
|
||||||
07601E2A 4A30A706 2DDD6EEE B7B2AE7A C37820D3 C08BAA78 C1D030E7 B3F1C8EA
|
|
||||||
FECCFF10 363296DB 9E0C3A97 C1E7C416 75425A88 AEBB0AA0 6D0BC326 9043BC8C
|
|
||||||
CB75A544 AA9FFDB0 67E22FD9 5CE66812 B58FADDA 5B7993CA 4F7D7F37 B179642C
|
|
||||||
873C129B 2DAC8D5E 4BF6CF5D 03D41302 EA4A481E 53DF7648 00D7668A E6B1672F
|
|
||||||
1397D45A 21350203 010001A3 53305130 1D060355 1D0E0416 041447B1 391FE1B2
|
|
||||||
9088CF66 FCA5F571 4DDE8252 2C85301F 0603551D 23041830 16801447 B1391FE1
|
|
||||||
B29088CF 66FCA5F5 714DDE82 522C8530 0F060355 1D130101 FF040530 030101FF
|
|
||||||
300D0609 2A864886 F70D0101 0D050003 82010100 74081052 95A744B6 9812BACC
|
|
||||||
0743C4D2 0957BE9A D49CCB1B 36F41237 0F9C8512 F82BD6CF 7BC20495 C544C441
|
|
||||||
B37CC3B6 D3F2A35B 8B47EF95 E6545B01 763887D5 97D4A247 019D3387 D29DC699
|
|
||||||
25C45B3F 674662BB DFF0B1CC 6E50C91B 3C843D3E AEEC6BE1 6577D36F E99946F3
|
|
||||||
52E02B0E 162902B9 F6477EF8 C59D0955 D7351E18 671F96B8 B8569431 4A90FD04
|
|
||||||
C543996B 633FB9CB 48BA7FB6 EC39E137 11FA78DE 6E4FD609 FACC9D0C D1ED2A2C
|
|
||||||
3B7A7B1C 29D4F096 1CB08698 9E83B983 B4B7045C 7166B0A4 1C3E8E20 75F9FC2D
|
|
||||||
202298E3 F6328325 8790A997 C757940F 2B0543EC 3D01B7BC F48D979D 392C21D8
|
|
||||||
3017E967 7743A155 D97B6463 28E467DD 3E8D9D3F
|
|
||||||
quit
|
|
||||||
crypto pki certificate chain SLA-TrustPoint
|
|
||||||
certificate ca 01
|
|
||||||
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
|
|
||||||
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
|
|
||||||
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
|
|
||||||
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
|
|
||||||
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
|
|
||||||
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
|
|
||||||
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
|
|
||||||
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
|
|
||||||
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
|
|
||||||
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
|
|
||||||
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
|
|
||||||
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
|
|
||||||
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
|
|
||||||
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
|
|
||||||
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
|
|
||||||
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
|
|
||||||
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
|
|
||||||
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
|
|
||||||
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
|
|
||||||
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
|
|
||||||
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
|
|
||||||
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
|
|
||||||
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
|
|
||||||
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
|
|
||||||
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
|
|
||||||
D697DF7F 28
|
|
||||||
quit
|
|
||||||
!
|
|
||||||
!
|
|
||||||
license boot level network-advantage addon dna-advantage
|
|
||||||
memory free low-watermark processor 104985
|
|
||||||
!
|
|
||||||
diagnostic bootup level minimal
|
|
||||||
!
|
|
||||||
spanning-tree mode rapid-pvst
|
|
||||||
spanning-tree extend system-id
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
redundancy
|
|
||||||
mode sso
|
|
||||||
crypto engine compliance shield disable
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
transceiver type all
|
|
||||||
monitoring
|
|
||||||
!
|
|
||||||
vlan configuration 101
|
|
||||||
member evpn-instance 101 vni 10101
|
|
||||||
vlan configuration 102
|
|
||||||
member evpn-instance 102 vni 10102
|
|
||||||
vlan configuration 901
|
|
||||||
member vni 50901
|
|
||||||
!
|
|
||||||
!
|
|
||||||
class-map match-any system-cpp-police-ewlc-control
|
|
||||||
description EWLC Control
|
|
||||||
class-map match-any system-cpp-police-topology-control
|
|
||||||
description Topology control
|
|
||||||
class-map match-any system-cpp-police-sw-forward
|
|
||||||
description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
|
|
||||||
class-map match-any system-cpp-default
|
|
||||||
description EWLC Data, Inter FED Traffic
|
|
||||||
class-map match-any system-cpp-police-sys-data
|
|
||||||
description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
|
|
||||||
class-map match-any system-cpp-police-punt-webauth
|
|
||||||
description Punt Webauth
|
|
||||||
class-map match-any system-cpp-police-l2lvx-control
|
|
||||||
description L2 LVX control packets
|
|
||||||
class-map match-any system-cpp-police-forus
|
|
||||||
description Forus traffic
|
|
||||||
class-map match-any system-cpp-police-multicast-end-station
|
|
||||||
description MCAST END STATION
|
|
||||||
class-map match-any system-cpp-police-forus-addr-resolution
|
|
||||||
description Forus address resolution
|
|
||||||
class-map match-any system-cpp-police-high-rate-app
|
|
||||||
description High Rate Applications
|
|
||||||
class-map match-any system-cpp-police-multicast
|
|
||||||
description MCAST Data
|
|
||||||
class-map match-any system-cpp-police-meraki-next-tunnel
|
|
||||||
description Meraki Next tunnel
|
|
||||||
class-map match-any system-cpp-police-l2-control
|
|
||||||
description L2 control
|
|
||||||
class-map match-any system-cpp-police-dot1x-auth
|
|
||||||
description DOT1X Auth
|
|
||||||
class-map match-any system-cpp-police-data
|
|
||||||
description ICMP redirect, ICMP_GEN and BROADCAST
|
|
||||||
class-map match-any system-cpp-police-stackwise-virt-control
|
|
||||||
description Stackwise Virtual OOB
|
|
||||||
class-map match-any non-client-nrt-class
|
|
||||||
class-map match-any system-cpp-police-routing-control
|
|
||||||
description Routing control and Low Latency
|
|
||||||
class-map match-any system-cpp-police-protocol-snooping
|
|
||||||
description Protocol snooping
|
|
||||||
class-map match-any system-cpp-police-dhcp-snooping
|
|
||||||
description DHCP snooping
|
|
||||||
class-map match-any system-cpp-police-ios-routing
|
|
||||||
description L2 control, Topology control, Routing control, Low Latency
|
|
||||||
class-map match-any system-cpp-police-system-critical
|
|
||||||
description System Critical and Gold Pkt
|
|
||||||
class-map match-any system-cpp-police-ios-feature
|
|
||||||
description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
|
|
||||||
!
|
|
||||||
policy-map system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
interface Loopback0
|
|
||||||
ip address 172.16.255.3 255.255.255.255
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface Loopback1
|
|
||||||
ip address 172.16.254.3 255.255.255.255
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface Port-channel12
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
evpn ethernet-segment 1
|
|
||||||
!
|
|
||||||
interface Port-channel14
|
|
||||||
switchport trunk allowed vlan 101,102
|
|
||||||
switchport mode trunk
|
|
||||||
evpn ethernet-segment 2
|
|
||||||
!
|
|
||||||
interface GigabitEthernet0/0
|
|
||||||
vrf forwarding Mgmt-vrf
|
|
||||||
no ip address
|
|
||||||
shutdown
|
|
||||||
negotiation auto
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/1
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.13.3 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/2
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.23.3 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/4
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/5
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/6
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/7
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/8
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/9
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/10
|
|
||||||
switchport mode trunk
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/11
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/12
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
channel-group 12 mode active
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/13
|
|
||||||
switchport trunk allowed vlan 101,102
|
|
||||||
switchport mode trunk
|
|
||||||
channel-group 14 mode active
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/14
|
|
||||||
switchport trunk allowed vlan 101,102
|
|
||||||
switchport mode trunk
|
|
||||||
channel-group 14 mode active
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/15
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/16
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/17
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/18
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/19
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/20
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/21
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/22
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/23
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/24
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/2
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/4
|
|
||||||
!
|
|
||||||
interface AppGigabitEthernet1/0/1
|
|
||||||
!
|
|
||||||
interface Vlan1
|
|
||||||
no ip address
|
|
||||||
!
|
|
||||||
interface Vlan101
|
|
||||||
vrf forwarding green
|
|
||||||
ip address 10.1.101.1 255.255.255.0
|
|
||||||
!
|
|
||||||
interface Vlan102
|
|
||||||
vrf forwarding green
|
|
||||||
ip address 10.1.102.1 255.255.255.0
|
|
||||||
!
|
|
||||||
interface Vlan901
|
|
||||||
vrf forwarding green
|
|
||||||
ip unnumbered Loopback1
|
|
||||||
ipv6 enable
|
|
||||||
no autostate
|
|
||||||
!
|
|
||||||
interface nve1
|
|
||||||
no ip address
|
|
||||||
source-interface Loopback1
|
|
||||||
host-reachability protocol bgp
|
|
||||||
member vni 10101 mcast-group 225.0.0.101
|
|
||||||
member vni 10102 ingress-replication
|
|
||||||
member vni 50901 vrf green
|
|
||||||
!
|
|
||||||
router ospf 1
|
|
||||||
router-id 172.16.255.3
|
|
||||||
!
|
|
||||||
router bgp 65001
|
|
||||||
bgp log-neighbor-changes
|
|
||||||
no bgp default ipv4-unicast
|
|
||||||
neighbor 172.16.255.1 remote-as 65001
|
|
||||||
neighbor 172.16.255.1 update-source Loopback0
|
|
||||||
neighbor 172.16.255.2 remote-as 65001
|
|
||||||
neighbor 172.16.255.2 update-source Loopback0
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
redistribute static
|
|
||||||
redistribute connected
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family l2vpn evpn
|
|
||||||
neighbor 172.16.255.1 activate
|
|
||||||
neighbor 172.16.255.1 send-community both
|
|
||||||
neighbor 172.16.255.2 activate
|
|
||||||
neighbor 172.16.255.2 send-community both
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv4 vrf green
|
|
||||||
advertise l2vpn evpn
|
|
||||||
redistribute static
|
|
||||||
redistribute connected
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
ip forward-protocol nd
|
|
||||||
ip http server
|
|
||||||
ip http authentication local
|
|
||||||
ip http secure-server
|
|
||||||
ip pim rp-address 172.16.255.255
|
|
||||||
ip ssh bulk-mode 131072
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
control-plane
|
|
||||||
service-policy input system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
line con 0
|
|
||||||
stopbits 1
|
|
||||||
line vty 0 4
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
line vty 5 31
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
end
|
|
||||||
@@ -1,427 +0,0 @@
|
|||||||
hostname Leaf-02
|
|
||||||
!
|
|
||||||
!
|
|
||||||
vrf definition Mgmt-vrf
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv6
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
vrf definition green
|
|
||||||
rd 1:1
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
route-target export 1:1
|
|
||||||
route-target import 1:1
|
|
||||||
route-target export 1:1 stitching
|
|
||||||
route-target import 1:1 stitching
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv6
|
|
||||||
route-target export 1:1
|
|
||||||
route-target import 1:1
|
|
||||||
route-target export 1:1 stitching
|
|
||||||
route-target import 1:1 stitching
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
no aaa new-model
|
|
||||||
switch 1 provision c9300l-24p-4g
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip multicast-routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
login on-success log
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
l2vpn evpn
|
|
||||||
replication-type static
|
|
||||||
router-id Loopback1
|
|
||||||
default-gateway advertise
|
|
||||||
!
|
|
||||||
l2vpn evpn ethernet-segment 1
|
|
||||||
identifier type 0 00.00.00.00.00.00.00.00.01
|
|
||||||
redundancy all-active
|
|
||||||
df-election wait-time 1
|
|
||||||
!
|
|
||||||
l2vpn evpn ethernet-segment 2
|
|
||||||
identifier type 0 00.00.00.00.00.00.00.00.02
|
|
||||||
redundancy all-active
|
|
||||||
df-election wait-time 1
|
|
||||||
!
|
|
||||||
l2vpn evpn instance 101 vlan-based
|
|
||||||
encapsulation vxlan
|
|
||||||
!
|
|
||||||
l2vpn evpn instance 102 vlan-based
|
|
||||||
encapsulation vxlan
|
|
||||||
replication-type ingress
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki trustpoint TP-self-signed-4106980722
|
|
||||||
enrollment selfsigned
|
|
||||||
subject-name cn=IOS-Self-Signed-Certificate-4106980722
|
|
||||||
revocation-check none
|
|
||||||
rsakeypair TP-self-signed-4106980722
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
crypto pki trustpoint SLA-TrustPoint
|
|
||||||
enrollment pkcs12
|
|
||||||
revocation-check crl
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki certificate chain TP-self-signed-4106980722
|
|
||||||
certificate self-signed 01
|
|
||||||
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 0D050030
|
|
||||||
31312F30 2D060355 04030C26 494F532D 53656C66 2D536967 6E65642D 43657274
|
|
||||||
69666963 6174652D 34313036 39383037 3232301E 170D3236 30363130 30393433
|
|
||||||
32345A17 0D333630 36303930 39343332 345A3031 312F302D 06035504 030C2649
|
|
||||||
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 31303639
|
|
||||||
38303732 32308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
|
|
||||||
0A028201 01009849 F78BD093 74C4F07A A3855635 0B226D1D DB524A61 14AB07A6
|
|
||||||
6CC41BC9 29B861FA 10F734FE A0115CFF 44B53345 C2C5CCDB E6508E36 734F83D1
|
|
||||||
2586BBFA 55FBCA7D 731EEA2D 7F9C13F9 B6D04514 DE51D43E DD9BE04C 9841316B
|
|
||||||
9CD765D7 2A999541 D078E1F7 4BD9597A 5BA09FBA CBFD2EF7 92BBAD66 C4FA8535
|
|
||||||
2057BC14 1E11B218 7A021057 C7EBCDC9 FCED0B91 FD84E5A2 CAD4F661 FE66AA2B
|
|
||||||
ABF56705 125F5B97 521EE401 AF66FBAD 42ACAF73 4B7F3A2F 3FA2AE03 69DC2A88
|
|
||||||
F7616397 B13E3B37 A762AFA4 D51576B7 3F0A039B 40C64DDB 39F2F686 2EF72BED
|
|
||||||
2729B749 FBE8DF8D 8A6FFB1B 569E2220 C1A81171 5481BB56 E470941D 3311E8BD
|
|
||||||
C9C59E75 06FF0203 010001A3 53305130 1D060355 1D0E0416 04141AB2 BB3AB3AE
|
|
||||||
642F201E BA75F878 589FFAEA D5D0301F 0603551D 23041830 1680141A B2BB3AB3
|
|
||||||
AE642F20 1EBA75F8 78589FFA EAD5D030 0F060355 1D130101 FF040530 030101FF
|
|
||||||
300D0609 2A864886 F70D0101 0D050003 82010100 81BBF69B F9F2A5B6 7F3CF96D
|
|
||||||
506E8D43 964DAF2A D9221CF1 D84E4841 CE94D992 2F383B63 A782E3AE 730C0D05
|
|
||||||
9D60B3ED 9A899D23 F4F741F5 B3CCAD4B CBABEDE8 F9151F0A 3917E943 DF117766
|
|
||||||
3EF0FB53 0D5402EC ED33225C C267C600 5E22DD5A 4D62D87B 84D58914 37FA19E6
|
|
||||||
F25C4B0E E6A9A72D D82F58C3 3D9BA708 96F92047 443276F4 848F07CB 0275B5D7
|
|
||||||
A3A9EA89 76E1C857 9C5C1FD6 C8AD6829 63A45513 4122EE6B 2DC85CDF 6DC4D8F4
|
|
||||||
9A649698 6E60811F 9935D7BD BFC23EAB 6B669C74 FE480A50 DEC87777 6EDF0E59
|
|
||||||
D198B7DC 29ADEE47 F562740E 870D9503 36816813 48CACEA0 AB336A54 A25BA97F
|
|
||||||
A4631BDF 907B0213 DA1B804E 72F4FA8B AFA4F633
|
|
||||||
quit
|
|
||||||
crypto pki certificate chain SLA-TrustPoint
|
|
||||||
certificate ca 01
|
|
||||||
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
|
|
||||||
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
|
|
||||||
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
|
|
||||||
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
|
|
||||||
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
|
|
||||||
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
|
|
||||||
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
|
|
||||||
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
|
|
||||||
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
|
|
||||||
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
|
|
||||||
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
|
|
||||||
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
|
|
||||||
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
|
|
||||||
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
|
|
||||||
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
|
|
||||||
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
|
|
||||||
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
|
|
||||||
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
|
|
||||||
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
|
|
||||||
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
|
|
||||||
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
|
|
||||||
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
|
|
||||||
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
|
|
||||||
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
|
|
||||||
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
|
|
||||||
D697DF7F 28
|
|
||||||
quit
|
|
||||||
!
|
|
||||||
!
|
|
||||||
license boot level network-advantage addon dna-advantage
|
|
||||||
memory free low-watermark processor 104985
|
|
||||||
!
|
|
||||||
diagnostic bootup level minimal
|
|
||||||
!
|
|
||||||
spanning-tree mode rapid-pvst
|
|
||||||
spanning-tree extend system-id
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
redundancy
|
|
||||||
mode sso
|
|
||||||
crypto engine compliance shield disable
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
transceiver type all
|
|
||||||
monitoring
|
|
||||||
!
|
|
||||||
vlan configuration 101
|
|
||||||
member evpn-instance 101 vni 10101
|
|
||||||
vlan configuration 102
|
|
||||||
member evpn-instance 102 vni 10102
|
|
||||||
vlan configuration 901
|
|
||||||
member vni 50901
|
|
||||||
!
|
|
||||||
!
|
|
||||||
class-map match-any system-cpp-police-ewlc-control
|
|
||||||
description EWLC Control
|
|
||||||
class-map match-any system-cpp-police-topology-control
|
|
||||||
description Topology control
|
|
||||||
class-map match-any system-cpp-police-sw-forward
|
|
||||||
description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
|
|
||||||
class-map match-any system-cpp-default
|
|
||||||
description EWLC Data, Inter FED Traffic
|
|
||||||
class-map match-any system-cpp-police-sys-data
|
|
||||||
description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
|
|
||||||
class-map match-any system-cpp-police-punt-webauth
|
|
||||||
description Punt Webauth
|
|
||||||
class-map match-any system-cpp-police-l2lvx-control
|
|
||||||
description L2 LVX control packets
|
|
||||||
class-map match-any system-cpp-police-forus
|
|
||||||
description Forus traffic
|
|
||||||
class-map match-any system-cpp-police-multicast-end-station
|
|
||||||
description MCAST END STATION
|
|
||||||
class-map match-any system-cpp-police-forus-addr-resolution
|
|
||||||
description Forus address resolution
|
|
||||||
class-map match-any system-cpp-police-high-rate-app
|
|
||||||
description High Rate Applications
|
|
||||||
class-map match-any system-cpp-police-multicast
|
|
||||||
description MCAST Data
|
|
||||||
class-map match-any system-cpp-police-meraki-next-tunnel
|
|
||||||
description Meraki Next tunnel
|
|
||||||
class-map match-any system-cpp-police-l2-control
|
|
||||||
description L2 control
|
|
||||||
class-map match-any system-cpp-police-dot1x-auth
|
|
||||||
description DOT1X Auth
|
|
||||||
class-map match-any system-cpp-police-data
|
|
||||||
description ICMP redirect, ICMP_GEN and BROADCAST
|
|
||||||
class-map match-any system-cpp-police-stackwise-virt-control
|
|
||||||
description Stackwise Virtual OOB
|
|
||||||
class-map match-any non-client-nrt-class
|
|
||||||
class-map match-any system-cpp-police-routing-control
|
|
||||||
description Routing control and Low Latency
|
|
||||||
class-map match-any system-cpp-police-protocol-snooping
|
|
||||||
description Protocol snooping
|
|
||||||
class-map match-any system-cpp-police-dhcp-snooping
|
|
||||||
description DHCP snooping
|
|
||||||
class-map match-any system-cpp-police-ios-routing
|
|
||||||
description L2 control, Topology control, Routing control, Low Latency
|
|
||||||
class-map match-any system-cpp-police-system-critical
|
|
||||||
description System Critical and Gold Pkt
|
|
||||||
class-map match-any system-cpp-police-ios-feature
|
|
||||||
description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
|
|
||||||
!
|
|
||||||
policy-map system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
interface Loopback0
|
|
||||||
ip address 172.16.255.4 255.255.255.255
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface Loopback1
|
|
||||||
ip address 172.16.254.4 255.255.255.255
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface Port-channel12
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
evpn ethernet-segment 1
|
|
||||||
!
|
|
||||||
interface Port-channel14
|
|
||||||
switchport trunk allowed vlan 101,102
|
|
||||||
switchport mode trunk
|
|
||||||
evpn ethernet-segment 2
|
|
||||||
!
|
|
||||||
interface GigabitEthernet0/0
|
|
||||||
vrf forwarding Mgmt-vrf
|
|
||||||
no ip address
|
|
||||||
shutdown
|
|
||||||
negotiation auto
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/1
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.14.4 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/2
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.24.4 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/4
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/5
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/6
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/7
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/8
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/9
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/10
|
|
||||||
switchport mode trunk
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/11
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/12
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
channel-group 12 mode active
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/13
|
|
||||||
switchport trunk allowed vlan 101,102
|
|
||||||
switchport mode trunk
|
|
||||||
channel-group 14 mode active
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/14
|
|
||||||
switchport trunk allowed vlan 101,102
|
|
||||||
switchport mode trunk
|
|
||||||
channel-group 14 mode active
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/15
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/16
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/17
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/18
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/19
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/20
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/21
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/22
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/23
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/24
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/2
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/4
|
|
||||||
!
|
|
||||||
interface AppGigabitEthernet1/0/1
|
|
||||||
!
|
|
||||||
interface Vlan1
|
|
||||||
no ip address
|
|
||||||
!
|
|
||||||
interface Vlan101
|
|
||||||
vrf forwarding green
|
|
||||||
ip address 10.1.101.1 255.255.255.0
|
|
||||||
!
|
|
||||||
interface Vlan102
|
|
||||||
vrf forwarding green
|
|
||||||
ip address 10.1.102.1 255.255.255.0
|
|
||||||
!
|
|
||||||
interface Vlan901
|
|
||||||
vrf forwarding green
|
|
||||||
ip unnumbered Loopback1
|
|
||||||
ipv6 enable
|
|
||||||
no autostate
|
|
||||||
!
|
|
||||||
interface nve1
|
|
||||||
no ip address
|
|
||||||
source-interface Loopback1
|
|
||||||
host-reachability protocol bgp
|
|
||||||
member vni 10101 mcast-group 225.0.0.101
|
|
||||||
member vni 50901 vrf green
|
|
||||||
member vni 10102 ingress-replication
|
|
||||||
!
|
|
||||||
router ospf 1
|
|
||||||
router-id 172.16.255.4
|
|
||||||
!
|
|
||||||
router bgp 65001
|
|
||||||
bgp log-neighbor-changes
|
|
||||||
no bgp default ipv4-unicast
|
|
||||||
neighbor 172.16.255.1 remote-as 65001
|
|
||||||
neighbor 172.16.255.1 update-source Loopback0
|
|
||||||
neighbor 172.16.255.2 remote-as 65001
|
|
||||||
neighbor 172.16.255.2 update-source Loopback0
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family l2vpn evpn
|
|
||||||
neighbor 172.16.255.1 activate
|
|
||||||
neighbor 172.16.255.1 send-community both
|
|
||||||
neighbor 172.16.255.2 activate
|
|
||||||
neighbor 172.16.255.2 send-community both
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv4 vrf green
|
|
||||||
advertise l2vpn evpn
|
|
||||||
redistribute static
|
|
||||||
redistribute connected
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
ip forward-protocol nd
|
|
||||||
ip http server
|
|
||||||
ip http authentication local
|
|
||||||
ip http secure-server
|
|
||||||
ip pim rp-address 172.16.255.255
|
|
||||||
ip ssh bulk-mode 131072
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
control-plane
|
|
||||||
service-policy input system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
line con 0
|
|
||||||
stopbits 1
|
|
||||||
line vty 0 4
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
line vty 5 31
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
end
|
|
||||||
@@ -1,549 +0,0 @@
|
|||||||
hostname Leaf-03
|
|
||||||
!
|
|
||||||
!
|
|
||||||
vrf definition Mgmt-vrf
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv6
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
vrf definition green
|
|
||||||
rd 1:1
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
route-target export 1:1
|
|
||||||
route-target import 1:1
|
|
||||||
route-target export 1:1 stitching
|
|
||||||
route-target import 1:1 stitching
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv6
|
|
||||||
route-target export 1:1
|
|
||||||
route-target import 1:1
|
|
||||||
route-target export 1:1 stitching
|
|
||||||
route-target import 1:1 stitching
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
no aaa new-model
|
|
||||||
switch 1 provision c9300l-24t-4g
|
|
||||||
switch 2 provision c9300l-24t-4g
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip multicast-routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
login on-success log
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
l2vpn evpn
|
|
||||||
replication-type static
|
|
||||||
router-id Loopback1
|
|
||||||
default-gateway advertise
|
|
||||||
!
|
|
||||||
l2vpn evpn instance 101 vlan-based
|
|
||||||
encapsulation vxlan
|
|
||||||
replication-type static
|
|
||||||
!
|
|
||||||
l2vpn evpn instance 102 vlan-based
|
|
||||||
encapsulation vxlan
|
|
||||||
replication-type ingress
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki trustpoint TP-self-signed-1165940199
|
|
||||||
enrollment selfsigned
|
|
||||||
subject-name cn=IOS-Self-Signed-Certificate-1165940199
|
|
||||||
revocation-check none
|
|
||||||
rsakeypair TP-self-signed-1165940199
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
crypto pki trustpoint SLA-TrustPoint
|
|
||||||
enrollment pkcs12
|
|
||||||
revocation-check crl
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki certificate chain TP-self-signed-1165940199
|
|
||||||
certificate self-signed 01
|
|
||||||
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 0D050030
|
|
||||||
31312F30 2D060355 04030C26 494F532D 53656C66 2D536967 6E65642D 43657274
|
|
||||||
69666963 6174652D 31313635 39343031 3939301E 170D3236 30363130 31323030
|
|
||||||
31305A17 0D333630 36303931 32303031 305A3031 312F302D 06035504 030C2649
|
|
||||||
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 31363539
|
|
||||||
34303139 39308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
|
|
||||||
0A028201 0100BFED A9B16BF7 8EB63CA6 7C16F131 53AB77A6 E419BAFB 116A9319
|
|
||||||
E03D77D4 C071ABBD F44C6249 93ACAAF0 48976F5B 1B8F03B0 ABDC9ED6 504644BF
|
|
||||||
1F5E3603 2868B384 6AAD2757 3AF9C344 55775D9A 4B301D8D A7EB7E2F 4A85D8B5
|
|
||||||
8D39A506 60603F96 15EB419D 236B0877 1D1D0094 09C5A306 7702F9BB CA682072
|
|
||||||
6428E39D B6F946A6 05597FDA 44CF35FB 8152CCBA CCB9A493 766D5338 69E87038
|
|
||||||
E823A301 74B6EE6A 90CC91BC F1D25EAA DACADFFF 4EDE3460 B891401D 085EB209
|
|
||||||
BF9220AB DE0C6739 A2906A43 72EBE5D0 85FFA128 53D25903 80D1D63C 3F5FD86D
|
|
||||||
48F7C064 D5C7087E 3FFD8D6C 6A522D58 E52F9E9D D4F0F055 B63A3727 F19003F6
|
|
||||||
58691FD7 FB670203 010001A3 53305130 1D060355 1D0E0416 0414B542 47476136
|
|
||||||
18061EFB 2A22F6AE 3E5FBC5F EB39301F 0603551D 23041830 168014B5 42474761
|
|
||||||
3618061E FB2A22F6 AE3E5FBC 5FEB3930 0F060355 1D130101 FF040530 030101FF
|
|
||||||
300D0609 2A864886 F70D0101 0D050003 82010100 590CC34F 4F943E79 C73DD7FC
|
|
||||||
0B04FFA3 4EAB60EA 2FCFC025 658E7E15 219D4095 80FB1728 511B4DF3 1697F42C
|
|
||||||
BA848247 E3C0761B 9C409EF9 8BE32F72 36AC8795 D693DDCB E663DA96 FF973CDE
|
|
||||||
1E38E03F EF6A4704 9D08DDAD 261A5793 E78BFABD 8B5D2F8B E1EFFD35 FF231255
|
|
||||||
E7497E8B 31FB7725 4A053DB5 918A68DF CEF70F05 B5A90DA5 FC3062E9 B4EF4E6D
|
|
||||||
F119F79E 380E26CE E26E197B 26294C23 EA783CC5 1D1AC6EA 801CA1CA CF4C62E1
|
|
||||||
30E2EA9C 2B03CB42 814625B4 D38547BB A6D967E4 8BA516A1 32DC84C0 FD4FF63C
|
|
||||||
6F668633 DFDEC198 DA27C3AB D3869173 BC7A7134 E934DADE D41AD88B ADADC24F
|
|
||||||
A2A0BE37 0B14C122 BC64C74B 83B0E5C7 587E43BE
|
|
||||||
quit
|
|
||||||
crypto pki certificate chain SLA-TrustPoint
|
|
||||||
certificate ca 01
|
|
||||||
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
|
|
||||||
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
|
|
||||||
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
|
|
||||||
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
|
|
||||||
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
|
|
||||||
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
|
|
||||||
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
|
|
||||||
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
|
|
||||||
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
|
|
||||||
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
|
|
||||||
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
|
|
||||||
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
|
|
||||||
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
|
|
||||||
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
|
|
||||||
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
|
|
||||||
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
|
|
||||||
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
|
|
||||||
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
|
|
||||||
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
|
|
||||||
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
|
|
||||||
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
|
|
||||||
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
|
|
||||||
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
|
|
||||||
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
|
|
||||||
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
|
|
||||||
D697DF7F 28
|
|
||||||
quit
|
|
||||||
!
|
|
||||||
!
|
|
||||||
license boot level network-advantage addon dna-advantage
|
|
||||||
memory free low-watermark processor 104985
|
|
||||||
!
|
|
||||||
diagnostic bootup level minimal
|
|
||||||
!
|
|
||||||
spanning-tree mode rapid-pvst
|
|
||||||
spanning-tree extend system-id
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
redundancy
|
|
||||||
mode sso
|
|
||||||
crypto engine compliance shield disable
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
transceiver type all
|
|
||||||
monitoring
|
|
||||||
!
|
|
||||||
vlan configuration 101
|
|
||||||
member evpn-instance 101 vni 10101
|
|
||||||
vlan configuration 102
|
|
||||||
member evpn-instance 102 vni 10102
|
|
||||||
vlan configuration 901
|
|
||||||
member vni 50901
|
|
||||||
!
|
|
||||||
!
|
|
||||||
class-map match-any system-cpp-police-ewlc-control
|
|
||||||
description EWLC Control
|
|
||||||
class-map match-any system-cpp-police-topology-control
|
|
||||||
description Topology control
|
|
||||||
class-map match-any system-cpp-police-sw-forward
|
|
||||||
description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
|
|
||||||
class-map match-any system-cpp-default
|
|
||||||
description EWLC Data, Inter FED Traffic
|
|
||||||
class-map match-any system-cpp-police-sys-data
|
|
||||||
description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
|
|
||||||
class-map match-any system-cpp-police-punt-webauth
|
|
||||||
description Punt Webauth
|
|
||||||
class-map match-any system-cpp-police-l2lvx-control
|
|
||||||
description L2 LVX control packets
|
|
||||||
class-map match-any system-cpp-police-forus
|
|
||||||
description Forus traffic
|
|
||||||
class-map match-any system-cpp-police-multicast-end-station
|
|
||||||
description MCAST END STATION
|
|
||||||
class-map match-any system-cpp-police-forus-addr-resolution
|
|
||||||
description Forus address resolution
|
|
||||||
class-map match-any system-cpp-police-high-rate-app
|
|
||||||
description High Rate Applications
|
|
||||||
class-map match-any system-cpp-police-multicast
|
|
||||||
description MCAST Data
|
|
||||||
class-map match-any system-cpp-police-meraki-next-tunnel
|
|
||||||
description Meraki Next tunnel
|
|
||||||
class-map match-any system-cpp-police-l2-control
|
|
||||||
description L2 control
|
|
||||||
class-map match-any system-cpp-police-dot1x-auth
|
|
||||||
description DOT1X Auth
|
|
||||||
class-map match-any system-cpp-police-data
|
|
||||||
description ICMP redirect, ICMP_GEN and BROADCAST
|
|
||||||
class-map match-any system-cpp-police-stackwise-virt-control
|
|
||||||
description Stackwise Virtual OOB
|
|
||||||
class-map match-any non-client-nrt-class
|
|
||||||
class-map match-any system-cpp-police-routing-control
|
|
||||||
description Routing control and Low Latency
|
|
||||||
class-map match-any system-cpp-police-protocol-snooping
|
|
||||||
description Protocol snooping
|
|
||||||
class-map match-any system-cpp-police-dhcp-snooping
|
|
||||||
description DHCP snooping
|
|
||||||
class-map match-any system-cpp-police-ios-routing
|
|
||||||
description L2 control, Topology control, Routing control, Low Latency
|
|
||||||
class-map match-any system-cpp-police-system-critical
|
|
||||||
description System Critical and Gold Pkt
|
|
||||||
class-map match-any system-cpp-police-ios-feature
|
|
||||||
description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
|
|
||||||
!
|
|
||||||
policy-map system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
interface Loopback0
|
|
||||||
ip address 172.16.255.5 255.255.255.255
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface Loopback1
|
|
||||||
ip address 172.16.254.5 255.255.255.255
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet0/0
|
|
||||||
vrf forwarding Mgmt-vrf
|
|
||||||
no ip address
|
|
||||||
shutdown
|
|
||||||
negotiation auto
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/1
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.15.5 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/2
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/3
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/4
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/5
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/6
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/7
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/8
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/9
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/10
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/11
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/12
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/13
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/14
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/15
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/16
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/17
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/18
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/19
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/20
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/21
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/22
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/23
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/24
|
|
||||||
switchport access vlan 101
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/2
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/4
|
|
||||||
!
|
|
||||||
interface AppGigabitEthernet1/0/1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/1
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.25.5 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/2
|
|
||||||
switchport access vlan 102
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/3
|
|
||||||
switchport access vlan 102
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/4
|
|
||||||
switchport access vlan 102
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/5
|
|
||||||
switchport access vlan 102
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/6
|
|
||||||
switchport access vlan 102
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/7
|
|
||||||
switchport access vlan 102
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/8
|
|
||||||
switchport access vlan 102
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/9
|
|
||||||
switchport access vlan 102
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/10
|
|
||||||
switchport access vlan 102
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/11
|
|
||||||
switchport access vlan 102
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/12
|
|
||||||
switchport access vlan 102
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/13
|
|
||||||
switchport access vlan 102
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/14
|
|
||||||
switchport access vlan 102
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/15
|
|
||||||
switchport access vlan 102
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/16
|
|
||||||
switchport access vlan 102
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/17
|
|
||||||
switchport access vlan 102
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/18
|
|
||||||
switchport access vlan 102
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/19
|
|
||||||
switchport access vlan 102
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/20
|
|
||||||
switchport access vlan 102
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/21
|
|
||||||
switchport access vlan 102
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/22
|
|
||||||
switchport access vlan 102
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/23
|
|
||||||
switchport access vlan 102
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/24
|
|
||||||
switchport access vlan 102
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/1/1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/1/2
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/1/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/1/4
|
|
||||||
!
|
|
||||||
interface AppGigabitEthernet2/0/1
|
|
||||||
!
|
|
||||||
interface Vlan1
|
|
||||||
no ip address
|
|
||||||
!
|
|
||||||
interface Vlan101
|
|
||||||
vrf forwarding green
|
|
||||||
ip address 10.1.101.1 255.255.255.0
|
|
||||||
!
|
|
||||||
interface Vlan102
|
|
||||||
vrf forwarding green
|
|
||||||
ip address 10.1.102.1 255.255.255.0
|
|
||||||
!
|
|
||||||
interface Vlan901
|
|
||||||
vrf forwarding green
|
|
||||||
ip unnumbered Loopback1
|
|
||||||
ipv6 enable
|
|
||||||
no autostate
|
|
||||||
!
|
|
||||||
interface nve1
|
|
||||||
no ip address
|
|
||||||
source-interface Loopback1
|
|
||||||
host-reachability protocol bgp
|
|
||||||
member vni 10101 mcast-group 225.0.0.101
|
|
||||||
member vni 50901 vrf green
|
|
||||||
member vni 10102 ingress-replication
|
|
||||||
!
|
|
||||||
router ospf 1
|
|
||||||
router-id 172.16.255.5
|
|
||||||
!
|
|
||||||
router bgp 65001
|
|
||||||
bgp log-neighbor-changes
|
|
||||||
no bgp default ipv4-unicast
|
|
||||||
neighbor 172.16.255.1 remote-as 65001
|
|
||||||
neighbor 172.16.255.1 update-source Loopback0
|
|
||||||
neighbor 172.16.255.2 remote-as 65001
|
|
||||||
neighbor 172.16.255.2 update-source Loopback0
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
redistribute static
|
|
||||||
redistribute connected
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family l2vpn evpn
|
|
||||||
neighbor 172.16.255.1 activate
|
|
||||||
neighbor 172.16.255.1 send-community both
|
|
||||||
neighbor 172.16.255.2 activate
|
|
||||||
neighbor 172.16.255.2 send-community both
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv4 vrf green
|
|
||||||
advertise l2vpn evpn
|
|
||||||
redistribute static
|
|
||||||
redistribute connected
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
ip forward-protocol nd
|
|
||||||
ip http server
|
|
||||||
ip http authentication local
|
|
||||||
ip http secure-server
|
|
||||||
ip pim rp-address 172.16.255.255
|
|
||||||
ip ssh bulk-mode 131072
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
control-plane
|
|
||||||
service-policy input system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
line con 0
|
|
||||||
stopbits 1
|
|
||||||
line vty 0 4
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
line vty 5 31
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
end
|
|
||||||
@@ -1,300 +0,0 @@
|
|||||||
hostname Server-01
|
|
||||||
!
|
|
||||||
!
|
|
||||||
vrf definition Mgmt-vrf
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv6
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
no aaa new-model
|
|
||||||
switch 1 provision c9300l-24p-4g
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
login on-success log
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki trustpoint TP-self-signed-2947407253
|
|
||||||
enrollment selfsigned
|
|
||||||
subject-name cn=IOS-Self-Signed-Certificate-2947407253
|
|
||||||
revocation-check none
|
|
||||||
rsakeypair TP-self-signed-2947407253
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
crypto pki trustpoint SLA-TrustPoint
|
|
||||||
enrollment pkcs12
|
|
||||||
revocation-check crl
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki certificate chain TP-self-signed-2947407253
|
|
||||||
certificate self-signed 01
|
|
||||||
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 0D050030
|
|
||||||
31312F30 2D060355 04030C26 494F532D 53656C66 2D536967 6E65642D 43657274
|
|
||||||
69666963 6174652D 32393437 34303732 3533301E 170D3236 30363130 30373537
|
|
||||||
34305A17 0D333630 36303930 37353734 305A3031 312F302D 06035504 030C2649
|
|
||||||
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 39343734
|
|
||||||
30373235 33308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
|
|
||||||
0A028201 0100D73C 961D9195 D3943475 3D1021D5 5256D366 283AF7EA 7E29EDF7
|
|
||||||
D436F20C 2540FD80 151BC2FF D73151B0 5BFEB37A 1BE4D77B 064DEE09 5755F88F
|
|
||||||
CEECF4B4 650429B9 584658ED 94B60905 3F149C23 BEF50154 40285A5C D299E976
|
|
||||||
260FDCC8 23A6E59F 15663A5A 5CFB84E2 9314243E 339BCF63 3D33F429 4F104A71
|
|
||||||
DA40BFDD 5FDA6AFE 4A6795F5 C1044EBA 4A103859 619C5B42 8259B4C2 E14AD3DA
|
|
||||||
11DD2F8B CC9FAF07 B034AC36 7B54FD31 098FB3B7 1EBFB9C1 D3F3A97D 3C2B9661
|
|
||||||
3E6D7523 0C0903D4 2D66ACD7 C1E59304 36E45B5D 0D4D1DD3 FA0A8FC5 9AE00618
|
|
||||||
6523D157 CD262001 0D180482 E4125F40 58741CDA 0C0BD373 4735365E 4E859EC2
|
|
||||||
18841214 7C7D0203 010001A3 53305130 1D060355 1D0E0416 041426FB E5DBB36E
|
|
||||||
EB590719 E507692E B3563C0F 0C60301F 0603551D 23041830 16801426 FBE5DBB3
|
|
||||||
6EEB5907 19E50769 2EB3563C 0F0C6030 0F060355 1D130101 FF040530 030101FF
|
|
||||||
300D0609 2A864886 F70D0101 0D050003 82010100 34AF340D 9C10640F F7CD722C
|
|
||||||
4F149DFF 30C38F3B B30ADF41 70248500 6E8024C0 0A9D1ACA B5F3CCE6 EA3C982D
|
|
||||||
DE4F1BEC 8E933EFA B15143B9 1E5502BE BE7B10B5 BDB57038 4AB184DD 0A55BA43
|
|
||||||
37FBB9C4 E1BFE983 960383BB 40F3906D 5C47E3EF BF9BDE3A 6B33C42B F290CF49
|
|
||||||
8E96CC07 A4AA1BD5 1EFD2579 3A195166 287E14B8 4979A3AF DC1718E6 1A820E75
|
|
||||||
1D1ECCC6 B53FBF9C E6589902 BB9021BD 2B387816 28202A9E F7784F8E 7E8E92BA
|
|
||||||
C0A9AB2C AAA8668C C6AEF3B8 41CBB3C0 A4165D11 B5C1A846 2EA25215 85306E99
|
|
||||||
BAAC1EF5 54517D54 BB9EF942 9226C5CE 816801FD E5FCE9DE 5A4B795D 107E6521
|
|
||||||
D87398DE EDCDDBD2 045AB631 3D37C325 0149EA49
|
|
||||||
quit
|
|
||||||
crypto pki certificate chain SLA-TrustPoint
|
|
||||||
certificate ca 01
|
|
||||||
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
|
|
||||||
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
|
|
||||||
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
|
|
||||||
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
|
|
||||||
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
|
|
||||||
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
|
|
||||||
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
|
|
||||||
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
|
|
||||||
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
|
|
||||||
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
|
|
||||||
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
|
|
||||||
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
|
|
||||||
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
|
|
||||||
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
|
|
||||||
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
|
|
||||||
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
|
|
||||||
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
|
|
||||||
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
|
|
||||||
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
|
|
||||||
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
|
|
||||||
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
|
|
||||||
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
|
|
||||||
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
|
|
||||||
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
|
|
||||||
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
|
|
||||||
D697DF7F 28
|
|
||||||
quit
|
|
||||||
!
|
|
||||||
!
|
|
||||||
license boot level network-advantage addon dna-advantage
|
|
||||||
memory free low-watermark processor 104985
|
|
||||||
!
|
|
||||||
diagnostic bootup level minimal
|
|
||||||
!
|
|
||||||
spanning-tree mode rapid-pvst
|
|
||||||
spanning-tree extend system-id
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
redundancy
|
|
||||||
mode sso
|
|
||||||
crypto engine compliance shield disable
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
transceiver type all
|
|
||||||
monitoring
|
|
||||||
!
|
|
||||||
!
|
|
||||||
class-map match-any system-cpp-police-ewlc-control
|
|
||||||
description EWLC Control
|
|
||||||
class-map match-any system-cpp-police-topology-control
|
|
||||||
description Topology control
|
|
||||||
class-map match-any system-cpp-police-sw-forward
|
|
||||||
description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
|
|
||||||
class-map match-any system-cpp-default
|
|
||||||
description EWLC Data, Inter FED Traffic
|
|
||||||
class-map match-any system-cpp-police-sys-data
|
|
||||||
description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
|
|
||||||
class-map match-any system-cpp-police-punt-webauth
|
|
||||||
description Punt Webauth
|
|
||||||
class-map match-any system-cpp-police-l2lvx-control
|
|
||||||
description L2 LVX control packets
|
|
||||||
class-map match-any system-cpp-police-forus
|
|
||||||
description Forus traffic
|
|
||||||
class-map match-any system-cpp-police-multicast-end-station
|
|
||||||
description MCAST END STATION
|
|
||||||
class-map match-any system-cpp-police-forus-addr-resolution
|
|
||||||
description Forus address resolution
|
|
||||||
class-map match-any system-cpp-police-high-rate-app
|
|
||||||
description High Rate Applications
|
|
||||||
class-map match-any system-cpp-police-multicast
|
|
||||||
description MCAST Data
|
|
||||||
class-map match-any system-cpp-police-meraki-next-tunnel
|
|
||||||
description Meraki Next tunnel
|
|
||||||
class-map match-any system-cpp-police-l2-control
|
|
||||||
description L2 control
|
|
||||||
class-map match-any system-cpp-police-dot1x-auth
|
|
||||||
description DOT1X Auth
|
|
||||||
class-map match-any system-cpp-police-data
|
|
||||||
description ICMP redirect, ICMP_GEN and BROADCAST
|
|
||||||
class-map match-any system-cpp-police-stackwise-virt-control
|
|
||||||
description Stackwise Virtual OOB
|
|
||||||
class-map match-any non-client-nrt-class
|
|
||||||
class-map match-any system-cpp-police-routing-control
|
|
||||||
description Routing control and Low Latency
|
|
||||||
class-map match-any system-cpp-police-protocol-snooping
|
|
||||||
description Protocol snooping
|
|
||||||
class-map match-any system-cpp-police-dhcp-snooping
|
|
||||||
description DHCP snooping
|
|
||||||
class-map match-any system-cpp-police-ios-routing
|
|
||||||
description L2 control, Topology control, Routing control, Low Latency
|
|
||||||
class-map match-any system-cpp-police-system-critical
|
|
||||||
description System Critical and Gold Pkt
|
|
||||||
class-map match-any system-cpp-police-ios-feature
|
|
||||||
description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
|
|
||||||
!
|
|
||||||
policy-map system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
interface Port-channel10
|
|
||||||
no switchport
|
|
||||||
ip address 10.1.101.100 255.255.255.0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet0/0
|
|
||||||
vrf forwarding Mgmt-vrf
|
|
||||||
no ip address
|
|
||||||
shutdown
|
|
||||||
negotiation auto
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/1
|
|
||||||
description vers Leaf-01
|
|
||||||
no switchport
|
|
||||||
no ip address
|
|
||||||
channel-group 10 mode active
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/2
|
|
||||||
description vers Leaf-02
|
|
||||||
no switchport
|
|
||||||
no ip address
|
|
||||||
channel-group 10 mode active
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/4
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/5
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/6
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/7
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/8
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/9
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/10
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/11
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/12
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/13
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/14
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/15
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/16
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/17
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/18
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/19
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/20
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/21
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/22
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/23
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/24
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/2
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/4
|
|
||||||
!
|
|
||||||
interface AppGigabitEthernet1/0/1
|
|
||||||
!
|
|
||||||
interface Vlan1
|
|
||||||
no ip address
|
|
||||||
!
|
|
||||||
ip forward-protocol nd
|
|
||||||
ip http server
|
|
||||||
ip http authentication local
|
|
||||||
ip http secure-server
|
|
||||||
ip ssh bulk-mode 131072
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
control-plane
|
|
||||||
service-policy input system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
line con 0
|
|
||||||
stopbits 1
|
|
||||||
line vty 0 4
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
line vty 5 31
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
end
|
|
||||||
@@ -1,360 +0,0 @@
|
|||||||
hostname Spine-01
|
|
||||||
!
|
|
||||||
!
|
|
||||||
vrf definition Mgmt-vrf
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv6
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
no aaa new-model
|
|
||||||
switch 2 provision c9300l-24p-4g
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip multicast-routing
|
|
||||||
!
|
|
||||||
ip dhcp pool webuidhcp
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
login on-success log
|
|
||||||
ipv6 nd cache expire refresh
|
|
||||||
ipv6 unicast-routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki trustpoint SLA-TrustPoint
|
|
||||||
enrollment pkcs12
|
|
||||||
revocation-check crl
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
crypto pki trustpoint TP-self-signed-251052295
|
|
||||||
enrollment selfsigned
|
|
||||||
subject-name cn=IOS-Self-Signed-Certificate-251052295
|
|
||||||
revocation-check none
|
|
||||||
rsakeypair TP-self-signed-251052295
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki certificate chain SLA-TrustPoint
|
|
||||||
certificate ca 01
|
|
||||||
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
|
|
||||||
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
|
|
||||||
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
|
|
||||||
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
|
|
||||||
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
|
|
||||||
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
|
|
||||||
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
|
|
||||||
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
|
|
||||||
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
|
|
||||||
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
|
|
||||||
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
|
|
||||||
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
|
|
||||||
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
|
|
||||||
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
|
|
||||||
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
|
|
||||||
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
|
|
||||||
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
|
|
||||||
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
|
|
||||||
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
|
|
||||||
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
|
|
||||||
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
|
|
||||||
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
|
|
||||||
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
|
|
||||||
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
|
|
||||||
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
|
|
||||||
D697DF7F 28
|
|
||||||
quit
|
|
||||||
crypto pki certificate chain TP-self-signed-251052295
|
|
||||||
certificate self-signed 01
|
|
||||||
3082032E 30820216 A0030201 02020101 300D0609 2A864886 F70D0101 0D050030
|
|
||||||
30312E30 2C060355 04030C25 494F532D 53656C66 2D536967 6E65642D 43657274
|
|
||||||
69666963 6174652D 32353130 35323239 35301E17 0D323630 36313030 37353733
|
|
||||||
315A170D 33363036 30393037 35373331 5A303031 2E302C06 03550403 0C25494F
|
|
||||||
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3235 31303532
|
|
||||||
32393530 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 82010A02
|
|
||||||
82010100 D89BCFBD 5397ED82 DFCE3396 1664243E F8B16D1A EF4EA9FC 89661810
|
|
||||||
B86A1333 F49417A6 D2321D74 E43423FC 99CB1A86 704E5FC1 1F26C7E7 DCDBD99F
|
|
||||||
D85630C3 59237E9C 9A988DE5 15500356 0FB10E0F 3E8B1401 7C8E06A8 E3493E22
|
|
||||||
93AC7E5D 52433498 490F20EE C966121A 0FFDC547 E9C664D1 766EDF3D 13081CEC
|
|
||||||
AB2B202C 5FF1BB61 B98593BE 3700930E AF220152 F6BF1D1A 38B9CDC0 CB31C119
|
|
||||||
2E09E5F3 4CA6F02A 1FF916FC 4627CCB9 C32D8573 B69AF79B 699E91F3 0C79FECA
|
|
||||||
0DF90FF0 F8B005FA 63DF5302 64C3A1AE 6FD8C78E FE976E0C D03E9139 6B933048
|
|
||||||
13049514 105B1995 1267D0DC 3DA4CCBD 31703F2F 6914C8F3 7B1DB726 A2B07631
|
|
||||||
2180D6F7 02030100 01A35330 51301D06 03551D0E 04160414 147899D8 5CAC32ED
|
|
||||||
34315AED 87E8EFCA 2FEC840F 301F0603 551D2304 18301680 14147899 D85CAC32
|
|
||||||
ED34315A ED87E8EF CA2FEC84 0F300F06 03551D13 0101FF04 05300301 01FF300D
|
|
||||||
06092A86 4886F70D 01010D05 00038201 0100AAA6 FE2EC09B F9769A5C C0DAAE85
|
|
||||||
8D02A258 AB7E4510 807F9FEF 10FE774B 7B0F3EFE 117F850F 833B49B6 C20781B0
|
|
||||||
D89F5F9E FDEB06B1 74889F5E 5D2E9EEB 2ECDE82E 58EDA905 AD6D7313 66519DC7
|
|
||||||
6702F569 DDEAE0E6 24C302AF F784DFA3 F3FA0512 DD416C13 8AFC7D09 6EAE05E3
|
|
||||||
5E067BD9 3CC56564 3B92D3C1 1E4BC00C FD3C03A1 0E37A034 1C378323 4080AE0D
|
|
||||||
AAEB2A55 632CF3C0 35ACBDB4 F118B9FE 53C9D86A 2713FD54 C1ADA68B 043EC657
|
|
||||||
3CE61F31 61FEC1B9 75DCD39B 75E97238 A1CF89E0 47B037C1 8A886AD3 0F3D35DF
|
|
||||||
1822F3A2 1AD01417 77D4D683 274034B9 9721C84B A9203A29 06F916BF BEBEB112
|
|
||||||
F43BAFEB EC57AECF 57C0AED5 88A8DE69 F5A4
|
|
||||||
quit
|
|
||||||
!
|
|
||||||
!
|
|
||||||
license boot level network-advantage addon dna-advantage
|
|
||||||
memory free low-watermark processor 104985
|
|
||||||
!
|
|
||||||
diagnostic bootup level minimal
|
|
||||||
!
|
|
||||||
spanning-tree mode rapid-pvst
|
|
||||||
spanning-tree extend system-id
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
redundancy
|
|
||||||
mode sso
|
|
||||||
crypto engine compliance shield disable
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
transceiver type all
|
|
||||||
monitoring
|
|
||||||
!
|
|
||||||
!
|
|
||||||
class-map match-any system-cpp-police-ewlc-control
|
|
||||||
description EWLC Control
|
|
||||||
class-map match-any system-cpp-police-topology-control
|
|
||||||
description Topology control
|
|
||||||
class-map match-any system-cpp-police-sw-forward
|
|
||||||
description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
|
|
||||||
class-map match-any system-cpp-default
|
|
||||||
description EWLC Data, Inter FED Traffic
|
|
||||||
class-map match-any system-cpp-police-sys-data
|
|
||||||
description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
|
|
||||||
class-map match-any system-cpp-police-punt-webauth
|
|
||||||
description Punt Webauth
|
|
||||||
class-map match-any system-cpp-police-l2lvx-control
|
|
||||||
description L2 LVX control packets
|
|
||||||
class-map match-any system-cpp-police-forus
|
|
||||||
description Forus traffic
|
|
||||||
class-map match-any system-cpp-police-multicast-end-station
|
|
||||||
description MCAST END STATION
|
|
||||||
class-map match-any system-cpp-police-forus-addr-resolution
|
|
||||||
description Forus address resolution
|
|
||||||
class-map match-any system-cpp-police-high-rate-app
|
|
||||||
description High Rate Applications
|
|
||||||
class-map match-any system-cpp-police-multicast
|
|
||||||
description MCAST Data
|
|
||||||
class-map match-any system-cpp-police-meraki-next-tunnel
|
|
||||||
description Meraki Next tunnel
|
|
||||||
class-map match-any system-cpp-police-l2-control
|
|
||||||
description L2 control
|
|
||||||
class-map match-any system-cpp-police-dot1x-auth
|
|
||||||
description DOT1X Auth
|
|
||||||
class-map match-any system-cpp-police-data
|
|
||||||
description ICMP redirect, ICMP_GEN and BROADCAST
|
|
||||||
class-map match-any system-cpp-police-stackwise-virt-control
|
|
||||||
description Stackwise Virtual OOB
|
|
||||||
class-map match-any non-client-nrt-class
|
|
||||||
class-map match-any system-cpp-police-routing-control
|
|
||||||
description Routing control and Low Latency
|
|
||||||
class-map match-any system-cpp-police-protocol-snooping
|
|
||||||
description Protocol snooping
|
|
||||||
class-map match-any system-cpp-police-dhcp-snooping
|
|
||||||
description DHCP snooping
|
|
||||||
class-map match-any system-cpp-police-ios-routing
|
|
||||||
description L2 control, Topology control, Routing control, Low Latency
|
|
||||||
class-map match-any system-cpp-police-system-critical
|
|
||||||
description System Critical and Gold Pkt
|
|
||||||
class-map match-any system-cpp-police-ios-feature
|
|
||||||
description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
|
|
||||||
!
|
|
||||||
policy-map system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
interface Loopback0
|
|
||||||
ip address 172.16.255.1 255.255.255.255
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface Loopback1
|
|
||||||
ip address 172.16.254.1 255.255.255.255
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface Loopback2
|
|
||||||
ip address 172.16.255.255 255.255.255.255
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet0/0
|
|
||||||
vrf forwarding Mgmt-vrf
|
|
||||||
no ip address
|
|
||||||
shutdown
|
|
||||||
negotiation auto
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/1
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.13.1 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/2
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.14.1 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/3
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.15.1 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/4
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/5
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/6
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/7
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/8
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/9
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/10
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/11
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/12
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/13
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/14
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/15
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/16
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/17
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/18
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/19
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/20
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/21
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/22
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/23
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/0/24
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/1/1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/1/2
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/1/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet2/1/4
|
|
||||||
!
|
|
||||||
interface AppGigabitEthernet2/0/1
|
|
||||||
!
|
|
||||||
interface Vlan1
|
|
||||||
no ip address
|
|
||||||
shutdown
|
|
||||||
!
|
|
||||||
router ospf 1
|
|
||||||
router-id 172.16.255.1
|
|
||||||
!
|
|
||||||
router bgp 65001
|
|
||||||
template peer-policy RR-PP
|
|
||||||
route-reflector-client
|
|
||||||
send-community both
|
|
||||||
exit-peer-policy
|
|
||||||
!
|
|
||||||
template peer-session RR-PS
|
|
||||||
remote-as 65001
|
|
||||||
update-source Loopback0
|
|
||||||
exit-peer-session
|
|
||||||
!
|
|
||||||
bgp router-id 172.16.255.1
|
|
||||||
bgp log-neighbor-changes
|
|
||||||
no bgp default ipv4-unicast
|
|
||||||
neighbor 172.16.255.3 inherit peer-session RR-PS
|
|
||||||
neighbor 172.16.255.4 inherit peer-session RR-PS
|
|
||||||
neighbor 172.16.255.5 inherit peer-session RR-PS
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family l2vpn evpn
|
|
||||||
neighbor 172.16.255.3 activate
|
|
||||||
neighbor 172.16.255.3 send-community both
|
|
||||||
neighbor 172.16.255.3 inherit peer-policy RR-PP
|
|
||||||
neighbor 172.16.255.4 activate
|
|
||||||
neighbor 172.16.255.4 send-community both
|
|
||||||
neighbor 172.16.255.4 inherit peer-policy RR-PP
|
|
||||||
neighbor 172.16.255.5 activate
|
|
||||||
neighbor 172.16.255.5 send-community both
|
|
||||||
neighbor 172.16.255.5 inherit peer-policy RR-PP
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
ip forward-protocol nd
|
|
||||||
ip http server
|
|
||||||
ip http secure-server
|
|
||||||
ip pim rp-address 172.16.255.255
|
|
||||||
ip msdp peer 172.16.254.2 connect-source Loopback1 remote-as 65001
|
|
||||||
ip ssh bulk-mode 131072
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
control-plane
|
|
||||||
service-policy input system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
line con 0
|
|
||||||
stopbits 1
|
|
||||||
line vty 0 4
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
line vty 5 31
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
end
|
|
||||||
@@ -1,356 +0,0 @@
|
|||||||
hostname Spine-02
|
|
||||||
!
|
|
||||||
!
|
|
||||||
vrf definition Mgmt-vrf
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv6
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
no aaa new-model
|
|
||||||
switch 1 provision c9300l-24p-4g
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip multicast-routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
login on-success log
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki trustpoint TP-self-signed-430895953
|
|
||||||
enrollment selfsigned
|
|
||||||
subject-name cn=IOS-Self-Signed-Certificate-430895953
|
|
||||||
revocation-check none
|
|
||||||
rsakeypair TP-self-signed-430895953
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
crypto pki trustpoint SLA-TrustPoint
|
|
||||||
enrollment pkcs12
|
|
||||||
revocation-check crl
|
|
||||||
hash sha512
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki certificate chain TP-self-signed-430895953
|
|
||||||
certificate self-signed 01
|
|
||||||
3082032E 30820216 A0030201 02020101 300D0609 2A864886 F70D0101 0D050030
|
|
||||||
30312E30 2C060355 04030C25 494F532D 53656C66 2D536967 6E65642D 43657274
|
|
||||||
69666963 6174652D 34333038 39353935 33301E17 0D323630 36313030 37353931
|
|
||||||
315A170D 33363036 30393037 35393131 5A303031 2E302C06 03550403 0C25494F
|
|
||||||
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3433 30383935
|
|
||||||
39353330 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 82010A02
|
|
||||||
82010100 A71865B6 6C5F0B06 665FCD05 19C66FF3 4D4B9157 EF422949 A4ACD2F2
|
|
||||||
ACF5AA84 6B593191 FF34BB5C 2A1F3064 DCF41C32 A8EA567D C7B1400B A9CD2CC6
|
|
||||||
55F61D16 792E6552 31D4B438 137EC154 47503D71 FDB8A4A7 71B3FE2A B36FF58C
|
|
||||||
F5356063 942A2DBC 99F20FC0 ABE7C186 940AF2A2 E94A30CF 7D6AA5D7 4A9C93BB
|
|
||||||
99A5779B A179C130 8839473E 04679619 897E139A 3B883DF0 484060CD 703D25A2
|
|
||||||
01153890 F65AE584 6C403826 7DDD0C8C B76D6690 D7FACB49 89B2CB22 619B1F18
|
|
||||||
3C090DAF 47443412 63FC7B3B DEDED46B 4B19BB16 6C2EA229 1946B513 813645F8
|
|
||||||
D029F8B4 878F3581 30A3D42A 37BE3C82 835EDC01 A4D028BC 76F777EC CE9440F2
|
|
||||||
26037F3F 02030100 01A35330 51301D06 03551D0E 04160414 77E8D640 80AF8B64
|
|
||||||
B2AFF1D6 AED32E71 F70417EA 301F0603 551D2304 18301680 1477E8D6 4080AF8B
|
|
||||||
64B2AFF1 D6AED32E 71F70417 EA300F06 03551D13 0101FF04 05300301 01FF300D
|
|
||||||
06092A86 4886F70D 01010D05 00038201 0100177A 72BD66A9 0BFFDBC2 B79A5E60
|
|
||||||
0D47EBD5 A52A2A4F 6CB07B34 55D37A8F 9DE892FB 8AEAD5BF 5D0766DD BC51BD4A
|
|
||||||
5D64DCDA 493D2D2E BB01BAC4 6D4AE47E FE0F0DDD 0628328B 9FAB4001 721E4F9A
|
|
||||||
CF4396D2 AA70CBCA E071F9AF C8248307 D75DABFA A9302E78 7D2AC3FF 2A62FAA7
|
|
||||||
E7AE7A15 EAFE2A27 36BE73BF C9B25B68 FE9A3837 715BD0F2 55B3FEBF 02EEAECC
|
|
||||||
469280FE B46A8105 C3D36F72 E18F6AC2 B3A62DA1 DE7A80B9 0E382EE0 6DD0315D
|
|
||||||
1E4D6120 386CB1E9 48301645 7A8F14F9 3CA2B26F 98C9E634 AB9E0E8A 863B8D1E
|
|
||||||
B64A5817 C92BEEDA 4086C3F7 81EA3F30 DA66BADA 8A16810F EAC7B4C4 6DF5420A
|
|
||||||
4733CCA2 A71746B9 E7762CF6 51C90F36 3E58
|
|
||||||
quit
|
|
||||||
crypto pki certificate chain SLA-TrustPoint
|
|
||||||
certificate ca 01
|
|
||||||
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
|
|
||||||
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
|
|
||||||
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
|
|
||||||
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
|
|
||||||
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
|
|
||||||
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
|
|
||||||
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
|
|
||||||
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
|
|
||||||
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
|
|
||||||
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
|
|
||||||
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
|
|
||||||
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
|
|
||||||
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
|
|
||||||
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
|
|
||||||
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
|
|
||||||
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
|
|
||||||
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
|
|
||||||
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
|
|
||||||
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
|
|
||||||
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
|
|
||||||
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
|
|
||||||
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
|
|
||||||
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
|
|
||||||
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
|
|
||||||
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
|
|
||||||
D697DF7F 28
|
|
||||||
quit
|
|
||||||
!
|
|
||||||
!
|
|
||||||
license boot level network-advantage addon dna-advantage
|
|
||||||
memory free low-watermark processor 104985
|
|
||||||
!
|
|
||||||
diagnostic bootup level minimal
|
|
||||||
!
|
|
||||||
spanning-tree mode rapid-pvst
|
|
||||||
spanning-tree extend system-id
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
redundancy
|
|
||||||
mode sso
|
|
||||||
crypto engine compliance shield disable
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
transceiver type all
|
|
||||||
monitoring
|
|
||||||
!
|
|
||||||
!
|
|
||||||
class-map match-any system-cpp-police-ewlc-control
|
|
||||||
description EWLC Control
|
|
||||||
class-map match-any system-cpp-police-topology-control
|
|
||||||
description Topology control
|
|
||||||
class-map match-any system-cpp-police-sw-forward
|
|
||||||
description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
|
|
||||||
class-map match-any system-cpp-default
|
|
||||||
description EWLC Data, Inter FED Traffic
|
|
||||||
class-map match-any system-cpp-police-sys-data
|
|
||||||
description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
|
|
||||||
class-map match-any system-cpp-police-punt-webauth
|
|
||||||
description Punt Webauth
|
|
||||||
class-map match-any system-cpp-police-l2lvx-control
|
|
||||||
description L2 LVX control packets
|
|
||||||
class-map match-any system-cpp-police-forus
|
|
||||||
description Forus traffic
|
|
||||||
class-map match-any system-cpp-police-multicast-end-station
|
|
||||||
description MCAST END STATION
|
|
||||||
class-map match-any system-cpp-police-forus-addr-resolution
|
|
||||||
description Forus address resolution
|
|
||||||
class-map match-any system-cpp-police-high-rate-app
|
|
||||||
description High Rate Applications
|
|
||||||
class-map match-any system-cpp-police-multicast
|
|
||||||
description MCAST Data
|
|
||||||
class-map match-any system-cpp-police-meraki-next-tunnel
|
|
||||||
description Meraki Next tunnel
|
|
||||||
class-map match-any system-cpp-police-l2-control
|
|
||||||
description L2 control
|
|
||||||
class-map match-any system-cpp-police-dot1x-auth
|
|
||||||
description DOT1X Auth
|
|
||||||
class-map match-any system-cpp-police-data
|
|
||||||
description ICMP redirect, ICMP_GEN and BROADCAST
|
|
||||||
class-map match-any system-cpp-police-stackwise-virt-control
|
|
||||||
description Stackwise Virtual OOB
|
|
||||||
class-map match-any non-client-nrt-class
|
|
||||||
class-map match-any system-cpp-police-routing-control
|
|
||||||
description Routing control and Low Latency
|
|
||||||
class-map match-any system-cpp-police-protocol-snooping
|
|
||||||
description Protocol snooping
|
|
||||||
class-map match-any system-cpp-police-dhcp-snooping
|
|
||||||
description DHCP snooping
|
|
||||||
class-map match-any system-cpp-police-ios-routing
|
|
||||||
description L2 control, Topology control, Routing control, Low Latency
|
|
||||||
class-map match-any system-cpp-police-system-critical
|
|
||||||
description System Critical and Gold Pkt
|
|
||||||
class-map match-any system-cpp-police-ios-feature
|
|
||||||
description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
|
|
||||||
!
|
|
||||||
policy-map system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
interface Loopback0
|
|
||||||
ip address 172.16.255.2 255.255.255.255
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface Loopback1
|
|
||||||
ip address 172.16.254.2 255.255.255.255
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface Loopback2
|
|
||||||
ip address 172.16.255.255 255.255.255.255
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet0/0
|
|
||||||
vrf forwarding Mgmt-vrf
|
|
||||||
no ip address
|
|
||||||
shutdown
|
|
||||||
negotiation auto
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/1
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.23.2 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/2
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.24.2 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/3
|
|
||||||
no switchport
|
|
||||||
ip address 172.16.25.2 255.255.255.0
|
|
||||||
ip pim sparse-mode
|
|
||||||
ip ospf network point-to-point
|
|
||||||
ip ospf 1 area 0
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/4
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/5
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/6
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/7
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/8
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/9
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/10
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/11
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/12
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/13
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/14
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/15
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/16
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/17
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/18
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/19
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/20
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/21
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/22
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/23
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/0/24
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/2
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/3
|
|
||||||
!
|
|
||||||
interface GigabitEthernet1/1/4
|
|
||||||
!
|
|
||||||
interface AppGigabitEthernet1/0/1
|
|
||||||
!
|
|
||||||
interface Vlan1
|
|
||||||
no ip address
|
|
||||||
!
|
|
||||||
router ospf 1
|
|
||||||
router-id 172.16.255.2
|
|
||||||
!
|
|
||||||
router bgp 65001
|
|
||||||
template peer-policy RR-PP
|
|
||||||
route-reflector-client
|
|
||||||
send-community both
|
|
||||||
exit-peer-policy
|
|
||||||
!
|
|
||||||
template peer-session RR-PS
|
|
||||||
remote-as 65001
|
|
||||||
update-source Loopback0
|
|
||||||
exit-peer-session
|
|
||||||
!
|
|
||||||
bgp router-id 172.16.255.2
|
|
||||||
bgp log-neighbor-changes
|
|
||||||
no bgp default ipv4-unicast
|
|
||||||
neighbor 172.16.255.3 inherit peer-session RR-PS
|
|
||||||
neighbor 172.16.255.4 inherit peer-session RR-PS
|
|
||||||
neighbor 172.16.255.5 inherit peer-session RR-PS
|
|
||||||
!
|
|
||||||
address-family ipv4
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family l2vpn evpn
|
|
||||||
neighbor 172.16.255.3 activate
|
|
||||||
neighbor 172.16.255.3 send-community both
|
|
||||||
neighbor 172.16.255.3 inherit peer-policy RR-PP
|
|
||||||
neighbor 172.16.255.4 activate
|
|
||||||
neighbor 172.16.255.4 send-community both
|
|
||||||
neighbor 172.16.255.4 inherit peer-policy RR-PP
|
|
||||||
neighbor 172.16.255.5 activate
|
|
||||||
neighbor 172.16.255.5 send-community both
|
|
||||||
neighbor 172.16.255.5 inherit peer-policy RR-PP
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
ip forward-protocol nd
|
|
||||||
ip http server
|
|
||||||
ip http authentication local
|
|
||||||
ip http secure-server
|
|
||||||
ip pim rp-address 172.16.255.255
|
|
||||||
ip msdp peer 172.16.254.1 connect-source Loopback1 remote-as 65001
|
|
||||||
ip ssh bulk-mode 131072
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
control-plane
|
|
||||||
service-policy input system-cpp-policy
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
line con 0
|
|
||||||
stopbits 1
|
|
||||||
line vty 0 4
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
line vty 5 31
|
|
||||||
login
|
|
||||||
transport input ssh
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
end
|
|
||||||
Reference in New Issue
Block a user