549 lines
15 KiB
Plaintext
549 lines
15 KiB
Plaintext
hostname Leaf-03
|
|
!
|
|
!
|
|
vrf definition Mgmt-vrf
|
|
!
|
|
address-family ipv4
|
|
exit-address-family
|
|
!
|
|
address-family ipv6
|
|
exit-address-family
|
|
!
|
|
vrf definition green
|
|
rd 1:1
|
|
!
|
|
address-family ipv4
|
|
route-target export 1:1
|
|
route-target import 1:1
|
|
route-target export 1:1 stitching
|
|
route-target import 1:1 stitching
|
|
exit-address-family
|
|
!
|
|
address-family ipv6
|
|
route-target export 1:1
|
|
route-target import 1:1
|
|
route-target export 1:1 stitching
|
|
route-target import 1:1 stitching
|
|
exit-address-family
|
|
!
|
|
no aaa new-model
|
|
switch 1 provision c9300l-24t-4g
|
|
switch 2 provision c9300l-24t-4g
|
|
!
|
|
!
|
|
!
|
|
!
|
|
ip routing
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
ip multicast-routing
|
|
!
|
|
!
|
|
!
|
|
login on-success log
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
l2vpn evpn
|
|
replication-type static
|
|
router-id Loopback1
|
|
default-gateway advertise
|
|
!
|
|
l2vpn evpn instance 101 vlan-based
|
|
encapsulation vxlan
|
|
replication-type static
|
|
!
|
|
l2vpn evpn instance 102 vlan-based
|
|
encapsulation vxlan
|
|
replication-type ingress
|
|
!
|
|
!
|
|
crypto pki trustpoint TP-self-signed-1165940199
|
|
enrollment selfsigned
|
|
subject-name cn=IOS-Self-Signed-Certificate-1165940199
|
|
revocation-check none
|
|
rsakeypair TP-self-signed-1165940199
|
|
hash sha512
|
|
!
|
|
crypto pki trustpoint SLA-TrustPoint
|
|
enrollment pkcs12
|
|
revocation-check crl
|
|
hash sha512
|
|
!
|
|
!
|
|
crypto pki certificate chain TP-self-signed-1165940199
|
|
certificate self-signed 01
|
|
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 0D050030
|
|
31312F30 2D060355 04030C26 494F532D 53656C66 2D536967 6E65642D 43657274
|
|
69666963 6174652D 31313635 39343031 3939301E 170D3236 30363130 31323030
|
|
31305A17 0D333630 36303931 32303031 305A3031 312F302D 06035504 030C2649
|
|
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 31363539
|
|
34303139 39308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
|
|
0A028201 0100BFED A9B16BF7 8EB63CA6 7C16F131 53AB77A6 E419BAFB 116A9319
|
|
E03D77D4 C071ABBD F44C6249 93ACAAF0 48976F5B 1B8F03B0 ABDC9ED6 504644BF
|
|
1F5E3603 2868B384 6AAD2757 3AF9C344 55775D9A 4B301D8D A7EB7E2F 4A85D8B5
|
|
8D39A506 60603F96 15EB419D 236B0877 1D1D0094 09C5A306 7702F9BB CA682072
|
|
6428E39D B6F946A6 05597FDA 44CF35FB 8152CCBA CCB9A493 766D5338 69E87038
|
|
E823A301 74B6EE6A 90CC91BC F1D25EAA DACADFFF 4EDE3460 B891401D 085EB209
|
|
BF9220AB DE0C6739 A2906A43 72EBE5D0 85FFA128 53D25903 80D1D63C 3F5FD86D
|
|
48F7C064 D5C7087E 3FFD8D6C 6A522D58 E52F9E9D D4F0F055 B63A3727 F19003F6
|
|
58691FD7 FB670203 010001A3 53305130 1D060355 1D0E0416 0414B542 47476136
|
|
18061EFB 2A22F6AE 3E5FBC5F EB39301F 0603551D 23041830 168014B5 42474761
|
|
3618061E FB2A22F6 AE3E5FBC 5FEB3930 0F060355 1D130101 FF040530 030101FF
|
|
300D0609 2A864886 F70D0101 0D050003 82010100 590CC34F 4F943E79 C73DD7FC
|
|
0B04FFA3 4EAB60EA 2FCFC025 658E7E15 219D4095 80FB1728 511B4DF3 1697F42C
|
|
BA848247 E3C0761B 9C409EF9 8BE32F72 36AC8795 D693DDCB E663DA96 FF973CDE
|
|
1E38E03F EF6A4704 9D08DDAD 261A5793 E78BFABD 8B5D2F8B E1EFFD35 FF231255
|
|
E7497E8B 31FB7725 4A053DB5 918A68DF CEF70F05 B5A90DA5 FC3062E9 B4EF4E6D
|
|
F119F79E 380E26CE E26E197B 26294C23 EA783CC5 1D1AC6EA 801CA1CA CF4C62E1
|
|
30E2EA9C 2B03CB42 814625B4 D38547BB A6D967E4 8BA516A1 32DC84C0 FD4FF63C
|
|
6F668633 DFDEC198 DA27C3AB D3869173 BC7A7134 E934DADE D41AD88B ADADC24F
|
|
A2A0BE37 0B14C122 BC64C74B 83B0E5C7 587E43BE
|
|
quit
|
|
crypto pki certificate chain SLA-TrustPoint
|
|
certificate ca 01
|
|
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
|
|
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
|
|
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
|
|
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
|
|
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
|
|
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
|
|
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
|
|
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
|
|
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
|
|
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
|
|
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
|
|
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
|
|
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
|
|
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
|
|
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
|
|
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
|
|
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
|
|
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
|
|
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
|
|
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
|
|
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
|
|
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
|
|
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
|
|
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
|
|
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
|
|
D697DF7F 28
|
|
quit
|
|
!
|
|
!
|
|
license boot level network-advantage addon dna-advantage
|
|
memory free low-watermark processor 104985
|
|
!
|
|
diagnostic bootup level minimal
|
|
!
|
|
spanning-tree mode rapid-pvst
|
|
spanning-tree extend system-id
|
|
!
|
|
!
|
|
!
|
|
!
|
|
redundancy
|
|
mode sso
|
|
crypto engine compliance shield disable
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
transceiver type all
|
|
monitoring
|
|
!
|
|
vlan configuration 101
|
|
member evpn-instance 101 vni 10101
|
|
vlan configuration 102
|
|
member evpn-instance 102 vni 10102
|
|
vlan configuration 901
|
|
member vni 50901
|
|
!
|
|
!
|
|
class-map match-any system-cpp-police-ewlc-control
|
|
description EWLC Control
|
|
class-map match-any system-cpp-police-topology-control
|
|
description Topology control
|
|
class-map match-any system-cpp-police-sw-forward
|
|
description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
|
|
class-map match-any system-cpp-default
|
|
description EWLC Data, Inter FED Traffic
|
|
class-map match-any system-cpp-police-sys-data
|
|
description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
|
|
class-map match-any system-cpp-police-punt-webauth
|
|
description Punt Webauth
|
|
class-map match-any system-cpp-police-l2lvx-control
|
|
description L2 LVX control packets
|
|
class-map match-any system-cpp-police-forus
|
|
description Forus traffic
|
|
class-map match-any system-cpp-police-multicast-end-station
|
|
description MCAST END STATION
|
|
class-map match-any system-cpp-police-forus-addr-resolution
|
|
description Forus address resolution
|
|
class-map match-any system-cpp-police-high-rate-app
|
|
description High Rate Applications
|
|
class-map match-any system-cpp-police-multicast
|
|
description MCAST Data
|
|
class-map match-any system-cpp-police-meraki-next-tunnel
|
|
description Meraki Next tunnel
|
|
class-map match-any system-cpp-police-l2-control
|
|
description L2 control
|
|
class-map match-any system-cpp-police-dot1x-auth
|
|
description DOT1X Auth
|
|
class-map match-any system-cpp-police-data
|
|
description ICMP redirect, ICMP_GEN and BROADCAST
|
|
class-map match-any system-cpp-police-stackwise-virt-control
|
|
description Stackwise Virtual OOB
|
|
class-map match-any non-client-nrt-class
|
|
class-map match-any system-cpp-police-routing-control
|
|
description Routing control and Low Latency
|
|
class-map match-any system-cpp-police-protocol-snooping
|
|
description Protocol snooping
|
|
class-map match-any system-cpp-police-dhcp-snooping
|
|
description DHCP snooping
|
|
class-map match-any system-cpp-police-ios-routing
|
|
description L2 control, Topology control, Routing control, Low Latency
|
|
class-map match-any system-cpp-police-system-critical
|
|
description System Critical and Gold Pkt
|
|
class-map match-any system-cpp-police-ios-feature
|
|
description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
|
|
!
|
|
policy-map system-cpp-policy
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
interface Loopback0
|
|
ip address 172.16.255.5 255.255.255.255
|
|
ip ospf 1 area 0
|
|
!
|
|
interface Loopback1
|
|
ip address 172.16.254.5 255.255.255.255
|
|
ip pim sparse-mode
|
|
ip ospf 1 area 0
|
|
!
|
|
interface GigabitEthernet0/0
|
|
vrf forwarding Mgmt-vrf
|
|
no ip address
|
|
shutdown
|
|
negotiation auto
|
|
!
|
|
interface GigabitEthernet1/0/1
|
|
no switchport
|
|
ip address 172.16.15.5 255.255.255.0
|
|
ip pim sparse-mode
|
|
ip ospf network point-to-point
|
|
ip ospf 1 area 0
|
|
!
|
|
interface GigabitEthernet1/0/2
|
|
switchport access vlan 101
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet1/0/3
|
|
switchport access vlan 101
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet1/0/4
|
|
switchport access vlan 101
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet1/0/5
|
|
switchport access vlan 101
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet1/0/6
|
|
switchport access vlan 101
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet1/0/7
|
|
switchport access vlan 101
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet1/0/8
|
|
switchport access vlan 101
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet1/0/9
|
|
switchport access vlan 101
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet1/0/10
|
|
switchport access vlan 101
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet1/0/11
|
|
switchport access vlan 101
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet1/0/12
|
|
switchport access vlan 101
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet1/0/13
|
|
switchport access vlan 101
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet1/0/14
|
|
switchport access vlan 101
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet1/0/15
|
|
switchport access vlan 101
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet1/0/16
|
|
switchport access vlan 101
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet1/0/17
|
|
switchport access vlan 101
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet1/0/18
|
|
switchport access vlan 101
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet1/0/19
|
|
switchport access vlan 101
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet1/0/20
|
|
switchport access vlan 101
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet1/0/21
|
|
switchport access vlan 101
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet1/0/22
|
|
switchport access vlan 101
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet1/0/23
|
|
switchport access vlan 101
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet1/0/24
|
|
switchport access vlan 101
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet1/1/1
|
|
!
|
|
interface GigabitEthernet1/1/2
|
|
!
|
|
interface GigabitEthernet1/1/3
|
|
!
|
|
interface GigabitEthernet1/1/4
|
|
!
|
|
interface AppGigabitEthernet1/0/1
|
|
!
|
|
interface GigabitEthernet2/0/1
|
|
no switchport
|
|
ip address 172.16.25.5 255.255.255.0
|
|
ip pim sparse-mode
|
|
ip ospf network point-to-point
|
|
ip ospf 1 area 0
|
|
!
|
|
interface GigabitEthernet2/0/2
|
|
switchport access vlan 102
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet2/0/3
|
|
switchport access vlan 102
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet2/0/4
|
|
switchport access vlan 102
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet2/0/5
|
|
switchport access vlan 102
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet2/0/6
|
|
switchport access vlan 102
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet2/0/7
|
|
switchport access vlan 102
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet2/0/8
|
|
switchport access vlan 102
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet2/0/9
|
|
switchport access vlan 102
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet2/0/10
|
|
switchport access vlan 102
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet2/0/11
|
|
switchport access vlan 102
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet2/0/12
|
|
switchport access vlan 102
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet2/0/13
|
|
switchport access vlan 102
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet2/0/14
|
|
switchport access vlan 102
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet2/0/15
|
|
switchport access vlan 102
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet2/0/16
|
|
switchport access vlan 102
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet2/0/17
|
|
switchport access vlan 102
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet2/0/18
|
|
switchport access vlan 102
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet2/0/19
|
|
switchport access vlan 102
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet2/0/20
|
|
switchport access vlan 102
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet2/0/21
|
|
switchport access vlan 102
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet2/0/22
|
|
switchport access vlan 102
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet2/0/23
|
|
switchport access vlan 102
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet2/0/24
|
|
switchport access vlan 102
|
|
switchport mode access
|
|
!
|
|
interface GigabitEthernet2/1/1
|
|
!
|
|
interface GigabitEthernet2/1/2
|
|
!
|
|
interface GigabitEthernet2/1/3
|
|
!
|
|
interface GigabitEthernet2/1/4
|
|
!
|
|
interface AppGigabitEthernet2/0/1
|
|
!
|
|
interface Vlan1
|
|
no ip address
|
|
!
|
|
interface Vlan101
|
|
vrf forwarding green
|
|
ip address 10.1.101.1 255.255.255.0
|
|
!
|
|
interface Vlan102
|
|
vrf forwarding green
|
|
ip address 10.1.102.1 255.255.255.0
|
|
!
|
|
interface Vlan901
|
|
vrf forwarding green
|
|
ip unnumbered Loopback1
|
|
ipv6 enable
|
|
no autostate
|
|
!
|
|
interface nve1
|
|
no ip address
|
|
source-interface Loopback1
|
|
host-reachability protocol bgp
|
|
member vni 10101 mcast-group 225.0.0.101
|
|
member vni 50901 vrf green
|
|
member vni 10102 ingress-replication
|
|
!
|
|
router ospf 1
|
|
router-id 172.16.255.5
|
|
!
|
|
router bgp 65001
|
|
bgp log-neighbor-changes
|
|
no bgp default ipv4-unicast
|
|
neighbor 172.16.255.1 remote-as 65001
|
|
neighbor 172.16.255.1 update-source Loopback0
|
|
neighbor 172.16.255.2 remote-as 65001
|
|
neighbor 172.16.255.2 update-source Loopback0
|
|
!
|
|
address-family ipv4
|
|
redistribute static
|
|
redistribute connected
|
|
exit-address-family
|
|
!
|
|
address-family l2vpn evpn
|
|
neighbor 172.16.255.1 activate
|
|
neighbor 172.16.255.1 send-community both
|
|
neighbor 172.16.255.2 activate
|
|
neighbor 172.16.255.2 send-community both
|
|
exit-address-family
|
|
!
|
|
address-family ipv4 vrf green
|
|
advertise l2vpn evpn
|
|
redistribute static
|
|
redistribute connected
|
|
exit-address-family
|
|
!
|
|
ip forward-protocol nd
|
|
ip http server
|
|
ip http authentication local
|
|
ip http secure-server
|
|
ip pim rp-address 172.16.255.255
|
|
ip ssh bulk-mode 131072
|
|
!
|
|
!
|
|
!
|
|
!
|
|
control-plane
|
|
service-policy input system-cpp-policy
|
|
!
|
|
!
|
|
!
|
|
line con 0
|
|
stopbits 1
|
|
line vty 0 4
|
|
login
|
|
transport input ssh
|
|
line vty 5 31
|
|
login
|
|
transport input ssh
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
end |