CMX Sample Configurations

CMX Sample Configurations
RADIUS Load Balancer Sample Configuration
Service Selection Gateway Sample Configuration
Firewall Load Balancer Sample Configuration

CMX Sample Configurations

This chapter provides sample configurations for the Cisco Mobile Exchange (CMX).

Note Samples show configurations for the RADIUS Load Balancer (RLB), Service Selection Gateway (SSG), and Firewall Load Balancer (FWLB). Configurations for the Content Service Gateway (CSG) are embedded in the samples for RLB and FWLB. The AAA-RLB configures is contained in the FWLB sample. The samples listed in this section do not reflect the complete topology for the CMX framework and its redundant configuration.

For a complete description of the CMX commands in this chapter, refer to the Cisco IOS Mobile Wireless Command Reference. To locate documentation of other commands that appear in this chapter, use the command reference master index or search online.

This chapter includes the following sections:

RADIUS Load Balancer Sample Configuration

 
rlb-7600-1#sh run

 
Building configuration...

 
Current configuration : 15127 bytes

!

 
! Last configuration change at 08:02:50 EDT Thu Aug 8 2002

!

 
version 12.1

!

 
service timestamps debug datetime localtime show-timezone     ! Configures time stamps 
service timestamps log datetime localtime show-timezone       ! for debug and log messages

 
no service password-encryption

!

 
hostname rlb-7600-1

!

 
boot system flash sup-bootflash:c6sup22-psv-mz.sticky

 
enable password lab

!

 
username cisco password 0 lab

 
clock timezone EST -5

 
clock summer-time EDT recurring

 
clock calendar-valid

 
vtp domain CMX

 
vtp mode transparent

 
ip subnet-zero

!

 
! CSG configuration begins here...

 
ip csg user-group MN-ID

!

 
ip csg accounting GGSN-BMA

 
 user-group MN-ID

 
 agent 10.18.56.40 4444 1

 
 agent 10.18.56.40 3333 2

 
 inservice

!

 
ip slb route 192.168.0.0 255.0.0.0 framed-ip   ! Enables IOS SLB to inspect packets for 
                                               ! RADIUS framed IP sticky routing

!

 
ip slb probe PROBE1 ping     ! Configures probe to verify connectivity and detect failures

 
 faildetect 150

!

 
ip slb serverfarm GPRS-SSGs  ! Configures server farms for the SSG cluster

 
 nat server

 
 failaction radius reassign

 
 probe PROBE1

!

 
 real 10.113.0.16                     !Configures real server in SSG server farm

 
  weight 1

 
  reassign 2

 
  faildetect numconns 8 numclients 1

 
  maxclients 10000

 
  inservice

!

 
 real 10.113.0.24                     !Configures real server in SSG server farm

 
  weight 1

 
  reassign 2

 
  faildetect numconns 8 numclients 1

 
  maxclients 10000

 
  inservice

!

 
 real 10.113.0.25                    ! Configures real server in SSG server farm

 
  weight 1

 
  reassign 2

 
  faildetect numconns 8 numclients 1

 
  maxclients 10000

 
  inservice

!

 
 real 10.113.0.26                    ! Configures real server in SSG server farm

 
  weight 1

 
  reassign 2

 
  faildetect numconns 8 numclients 1

 
  maxclients 10000

 
  inservice

!

 
ip slb vserver GPRS-RLB-ACCT          ! Configures virtual server for the SSG server farm

 
 virtual 10.7.7.15 udp 1646 service radius

 
 serverfarm GPRS-SSGs

 
 sticky radius framed-ip group 1

 
 idle radius framed-ip 3600

 
 purge radius framed-ip acct on-off   ! Prevents RLB from deleting information about 
                                      ! sticky connections caused by messages from GGSN

 
 access Vlan16 route framed-ip

 
 replicate casa 10.16.16.22 10.16.16.23 33333

 
 inservice standby rlb-csg

!

 
ip slb vserver GPRS-RLB-AR

 
 virtual 10.7.7.15 udp 1645 service radius

 
 serverfarm GPRS-SSGs

 
 sticky radius framed-ip group 1        ! Group 1 places the virtual server in the 
                                        ! specified sticky group for coupling of 
                                        ! services. In essence, the `group' keyword and 

 
                                        ! group-id argument tie multiple virtual servers 
                                        ! together. Valid values range from 0 to 255.

 
 idle radius framed-ip 3600       ! Specifies the number of seconds the RLB keeps an entry

 
 purge radius framed-ip acct on-off

 
 access Vlan16 route framed-ip

 
 replicate casa 10.16.16.22 10.16.16.23 22222

 
 inservice standby rlb-csg

!

 
no spanning-tree vlan 16-17

 
spanning-tree vlan 113,256 priority 8192

 
spanning-tree vlan 2,14,113,256 forward-time 5

 
module ContentSwitchingModule 3 

 
 csg accounting GGSN-BMA

 
 vlan 17 client

 
  ip address 10.17.17.29 255.255.255.0

 
  route 192.168.0.0 255.0.0.0 gateway 10.17.17.15

!

 
 vlan 16 server

 
  ip address 10.16.16.29 255.255.255.0

 
  route 0.0.0.0 0.0.0.0 gateway 10.16.16.15

!

 
 serverfarm RLB

 
  no nat server 

 
  no nat client

 
  predictor forward

!

 
 policy IP

 
  serverfarm RLB

 
  csg filter GGSN-BMA string CSG1-IP

!

 
 vserver FORWARD-CLIENT

 
  virtual 0.0.0.0 0.0.0.0 any

 
  vlan 16

 
  serverfarm RLB

 
  replicate csrp connection

 
  persistent rebalance

 
  slb-policy IP

 
  inservice

!

 
 vserver FORWARD-SERVER

 
  virtual 0.0.0.0 0.0.0.0 any

 
  vlan 17

 
  serverfarm RLB

 
  replicate csrp connection

 
  persistent rebalance

 
  slb-policy IP

 
  inservice

!

 
 ft group 1 vlan 256 

 
  priority 20 

!

 
redundancy

 
 mode rpr-plus

 
 main-cpu

 
  auto-sync running-config

 
  auto-sync standard

 
error-detection swbus-timeout-duration 10

 
error-detection swbus-stall-duration 3

!

!

 
vlan 2,14,15,16,17,113,256 

!

!

 
interface Port-channel1

 
 description trunk from RLB1 to RLB2

 
 no ip address

 
 switchport

 
 switchport trunk encapsulation dot1q

 
 switchport trunk allowed vlan 2,14,15,16,17,113,256

 
switchport mode trunk

!

 
interface Port-channel2

 
 description trunk from RLB1 to FWLB1

 
 no ip address

 
 switchport

 
 switchport trunk encapsulation dot1q

 
 switchport trunk allowed vlan 15

 
 switchport mode trunk

!

 
interface Port-channel3

 
 description trunk from RLB1 to FWLB2

 
 no ip address

 
 switchport

 
 switchport trunk encapsulation dot1q

 
 switchport trunk allowed vlan 15

 
 switchport mode trunk

!

 
interface GigabitEthernet1/2

 
 description trunk port to FWLB1 Gig1/2

 
 no ip address

 
 shutdown

!

 
interface FastEthernet4/1

 
 description trunk port to GGSN

 
 no ip address

 
 duplex full       ! On all Ethernet interfaces, set speed and duplex upfront to avoid any 

 
                   ! auto negotiation when interface is brought up

 
 speed 100

 
 switchport

 
 switchport trunk encapsulation dot1q

 
 switchport trunk allowed vlan 2,14

 
 switchport mode trunk

!

 
interface FastEthernet4/2

 
 description port-channel 1 trunk to RLB2 Fast4/2 

 
 no ip address

 
 duplex full

 
 speed 100

 
 switchport

 
 switchport trunk encapsulation dot1q

 
 switchport trunk allowed vlan 2,14,15,16,17,113,256

 
switchport mode trunk

 
 channel-group 1 mode on

!

 
interface FastEthernet4/3

 
 description port-channel 1 trunk to RLB2 Fast4/3

 
 no ip address

 
 duplex full

 
 speed 100

 
 switchport

 
 switchport trunk encapsulation dot1q

 
 switchport trunk allowed vlan 2,14,15,16,17,113,256

 
switchport mode trunk

 
 channel-group 1 mode on

!

 
interface FastEthernet4/5

 
 description port-channel 2 to FWLB1

 
 no ip address

 
 duplex full

 
 speed 100

 
 switchport

 
 switchport trunk encapsulation dot1q

 
 switchport trunk allowed vlan 15

 
 switchport mode trunk

 
 channel-group 2 mode on

!

 
interface FastEthernet4/6

 
 description port-channel 2 to FWLB1

 
 no ip address

 
 duplex full

 
 speed 100

 
 switchport

 
 switchport trunk encapsulation dot1q

 
 switchport trunk allowed vlan 15

 
 switchport mode trunk

 
 channel-group 2 mode on

!

 
interface FastEthernet4/9

 
 description port-channel 3 to FWLB2

 
 no ip address

 
 duplex full

 
 speed 100

 
 switchport

 
 switchport trunk encapsulation dot1q

 
 switchport trunk allowed vlan 15

 
 switchport mode trunk

 
 channel-group 3 mode on

!

 
interface FastEthernet4/10

 
 description port-channel 3 to FWLB2

 
 no ip address

 
 duplex full

 
 speed 100

 
 switchport

 
 switchport trunk encapsulation dot1q

 
 switchport trunk allowed vlan 15

 
 switchport mode trunk

 
 channel-group 3 mode on

!

 
interface FastEthernet4/13

 
 description SSG4 0/0 Host Side

 
 no ip address

 
 duplex full

 
 speed 100

 
 switchport

 
 switchport access vlan 113

!

 
interface FastEthernet4/14

 
 description SSG3 0/0 Host Side

 
 no ip address

 
 duplex full

 
 speed 100

 
 switchport

 
 switchport access vlan 113

!

 
interface FastEthernet4/16

 
 description SSG6 0/0 Host Side

 
 no ip address

 
 duplex full

 
 speed 100

 
 switchport

 
 switchport access vlan 113

!

 
interface FastEthernet4/17

 
 description SSG5 0/0 Host Side

 
 no ip address

 
 duplex full

 
 speed 100

 
 switchport

 
 switchport access vlan 113

!

 
interface Vlan2

 
 description VLAN 2 from RLBs to GGSNs

 
 ip address 10.2.2.22 255.255.255.0

 
 no ip redirects

 
 ip ospf hello-interval 2

 
 ip policy route-map ggsn-to-csg

!

 
interface Vlan14

 
 description VLAN 14 from RLBs to GGSNs

 
 ip address 10.14.14.22 255.255.255.0

 
 no ip redirects

 
 ip ospf hello-interval 2

 
 ip policy route-map ggsn-to-csg

!

 
interface Vlan15

 
 description Management VLAN 15

 
 ip address 10.15.15.10 255.255.255.0   ! Configure 10.15.15.11 on RLB2 router

 
 ip access-group 103 out                ! denies user data traffic over management VLAN 15

 
 no ip redirects

 
 standby delay minimum 0 reload 0

 
 standby 15 ip 10.15.15.15        ! HSRP IP address, group 15 must be same on RLB2 VLAN 15

 
 standby 15 priority 110 !  Sets priority for choosing active router; highest number 
                         !  represents highest priority; set lower priority on RLB2.

 
 standby 15 preempt      !  Set so that when local router has higher priority than active 
                         !  router, it assumes control as active router. 

!

 
interface Vlan16

 
 description RLB1 VLAN 16

 
 ip address 10.16.16.22 255.255.255.0

 
 no ip redirects

 
 standby delay minimum 0 reload 0

 
 standby 16 ip 10.16.16.15            ! HSRP IP address, group 16 must be the same on RLB2 

 
 standby 16 priority 110              ! Configure priority 100 on RLB2 router

 
 standby 16 preempt delay sync 5      ! Used to allow enough time for the RLB to exchange 

 
                                      ! sticky DB information.

 
 standby 16 authentication rlb-csg    ! Configure same group and authentication on RLB2

 
 standby 16 name rlb-csg

!

 
interface Vlan17

 
 ip address 10.17.17.22 255.255.255.0

 
 no ip redirects

 
 standby delay minimum 0 reload 0

 
 standby 17 ip 10.17.17.15        ! HSRP IP address, group 17 must be same on RLB2 VLAN 17

 
 standby 17 priority 110          ! Configure lower priority on RLB2 router

 
 standby 17 preempt

 
 standby 17 authentication msfc-csg       ! Configure same on RLB2 router

!

 
interface Vlan113

 
 description VLAN 113 to SSGs BVI2

 
 ip address 10.113.0.22 255.255.255.0

 
 no ip redirects

 
 ip policy route-map ssg-to-csg

 
 standby delay minimum 0 reload 0

 
 standby 113 ip 10.113.0.15

 
 standby 113 priority 110

 
 standby 113 preempt

 
 standby 113 authentication RLB-bvi

 
 standby 113 name rlb-ssg

!

 
interface Vlan256

 
 description VLAN 256 from CSG1 to CSG2 

 
 no ip address

!

 
router ospf 100

 
 router-id 10.2.2.22

 
 log-adjacency-changes

 
 redistribute connected metric 20 subnets    ! Specifies metric for OSPF to force traffic 
                                             ! to go to RLB1; if RLB1 fails, traffic is 
                                             ! routed to RLB2.

 
 redistribute static metric 20 subnets

 
 network 10.2.2.0 0.0.0.255 area 0

 
 network 10.14.14.0 0.0.0.255 area 0

!

 
ip classless

 
ip route 0.0.0.0 0.0.0.0 10.15.15.15    ! non-user traffic to HSRP address on VLAN 15 FWLB

 
no ip http server

!

 
access-list 103 permit icmp any host 10.17.17.30

 
route-map ssg-to-csg permit 20

 
 match ip address 102

 
 set ip next-hop 10.16.16.30            ! CSG server 16 alias address 

!

 
route-map ggsn-to-csg permit 20

 
 match ip address 101

 
 set ip next-hop 10.17.17.30            ! CSG client 17 alias address 

!

 
snmp-server community public RO

 
snmp-server community private RW

 
snmp-server enable traps

 
snmp-server host 13.0.0.1 public        ! 13.0.0.1 address of network management server

!

 
line con 0

 
 exec-timeout 0 0

 
line vty 0

 
 exec-timeout 0 0

 
 login

 
line vty 1 4

 
 exec-timeout 0 0

 
 password lab

 
 login

!

!

 
monitor session 1 source interface Po1

 
monitor session 1 destination interface Fa4/48

end

Service Selection Gateway Sample Configuration

 
ssg5-7400#

 
ssg5-7400#sh run

 
Building configuration...

 
Current configuration : 4099 bytes

!

 
version 12.2

 
no parser cache

 
no service pad

 
service timestamps debug datetime localtime show-timezone

 
service timestamps log datetime localtime show-timezone

 
no service password-encryption

!

 
hostname ssg5-7400

!

 
logging buffered 1234567 debugging

 
aaa new-model        ! enables authentication, authorization, and accounting (AAA)

!

 
aaa authentication ppp default group radius        ! specifies AAA for PPP interfaces

 
! aaa authorization commands restrict user access to a network:

 
aaa authorization config-commands

 
aaa authorization network default group radius 

 
aaa authorization network ssg_aaa_author_internal_list none 

 
aaa authorization configuration default group radius 

 
! aaa accounting commands enable AAA accounting for billing or security when using RADIUS:

 
aaa accounting network default start-stop group radius

 
aaa accounting system default start-stop broadcast group radius

 
aaa session-id common

 
enable password lab

!

 
username cisco password 0 cisco

 
clock timezone EST -5

 
clock summer-time EDT recurring

 
ip subnet-zero

!

!

 
ip ftp source-interface BVI1

 
ip ftp username pdsn-test

 
ip ftp password pdsnteam

!

 
ip cef

 
vpdn enable

 
vpdn authen-before-forward

!

 
! Baseline SSG Configuration:

 
ssg enable

 
ssg profile-cache

 
ssg pass-through

 
ssg pass-through filter 1 uplink

 
ssg pass-through filter 2 downlink

 
ssg default-network 10.13.0.0 255.255.255.0

 
ssg service-password cisco

 
ssg radius-helper auth-port 1645 acct-port 1646

 
ssg radius-helper key gociscogo

 
ssg port-map enable

 
ssg port-map destination range 8080 to 8100 ip 10.13.0.13

 
ssg port-map source ip 10.111.0.25

 
ssg bind service opengarden1 10.111.0.15

 
ssg bind service ssg-gprs-passthru-service1 10.111.0.15

 
ssg bind service ssg-cisco-passthrough-service1 10.111.0.15

 
ssg bind service ssg-gprs-walled-service1 10.111.0.15

 
ssg bind direction uplink BVI1

 
ssg bind direction downlink BVI2

 
ssg open-garden opengarden1 

!

 
ssg radius-proxy

 
 server-port auth 1645 acct 1646

 
 client-address 5.5.5.33

 
  key gociscogo

!

 
 client-address 10.5.5.19

 
  key gociscogo

!

 
 forward accounting-start-stop

!

 
ssg tcp-redirect        ! TCP redirect configuration

 
 server-group RedirectServer

 
  server 10.13.0.13 8090

!

 
 redirect unauthenticated-user to RedirectServer

!

 
local-profile opengarden1        ! local profile configuration

 
  attribute 26 9 251 "R10.115.0.0;255.0.0.0"

!

 
bridge irb        ! routes a protocol between routed interfaces and bridge groups

!

 
! Layer 2/Layer 3 interface configuration:

 
interface GigabitEthernet0/0

 
 no ip address

 
 keepalive 5

 
 duplex full

 
 speed 100

 
 media-type rj45

 
 bridge-group 2

!

 
interface GigabitEthernet0/1

 
 no ip address

 
 keepalive 5

 
 duplex full

 
 speed 100

 
 media-type rj45

 
 bridge-group 2

!

 
interface FastEthernet1/0

 
 no ip address

 
 keepalive 5

 
 duplex full

 
 speed 100

 
 bridge-group 1

!

 
interface FastEthernet1/1

 
 no ip address

 
 keepalive 5

 
 duplex full

 
 speed 100

 
 bridge-group 1

!

 
! To create a bridged virtual interface to other routed interfaces:

 
interface BVI1

 
 mac-address 0009.1153.1111

 
 ip address 10.111.0.25 255.255.255.0

!

 
interface BVI2

 
 mac-address 0009.1153.1113

 
 ip address 10.113.0.25 255.255.255.0

 
 ip nat inside

 
ip default-gateway 10.18.56.1        ! defines default gateway when IP routing is disabled

 
ip classless

 
ip route 0.0.0.0 0.0.0.0 10.111.0.15

 
ip route 10.2.2.0 255.255.255.0 10.113.0.15

 
ip route 10.5.5.19 255.255.255.255 10.113.0.15

 
ip route 5.5.5.33 255.255.255.255 10.113.0.15

 
ip route 10.7.7.15 255.255.255.255 10.113.0.15

 
ip route 10.77.208.0 255.255.255.0 10.111.0.15

 
ip route 10.89.240.0 255.255.254.0 10.111.0.15

 
ip route 10.11.11.0 255.255.255.0 10.111.0.15

 
ip route 10.14.14.0 255.255.255.0 10.113.0.15

 
ip route 10.101.0.0 255.0.0.0 10.111.0.15

 
ip route 172.19.0.0 255.0.0.0 10.111.0.15

 
ip route 192.168.0.0 255.0.0.0 10.113.0.15

 
no ip http server

 
ip pim bidir-enable

!

!

 
access-list 1 permit 10.113.0.23

 
access-list 1 permit 10.113.0.22

 
access-list 1 permit 10.115.0.12

!

 
snmp-server community public RO

 
snmp-server community private RW

!

 
! SSG RADIUS server configuration:

 
radius-server host 172.20.51.11 auth-port 1645 acct-port 1646

 
radius-server retransmit 3

 
radius-server timeout 1

 
radius-server key gociscogo

 
! Layer 2/3 bridge interface configuration:

 
bridge 1 protocol ieee

 
bridge 1 route ip

 
bridge 2 protocol ieee

 
bridge 2 route ip

 
call rsvp-sync

!

!

 
mgcp profile default

!

 
dial-peer cor custom

!

!

!

!

 
gatekeeper

 
 shutdown

!

Firewall Load Balancer Sample Configuration

 
fwlb-7600-1#

 
fwlb-7600-1#sh run

 
Building configuration...

 
Current configuration : 13839 bytes

!

 
version 12.1

 
service timestamps debug uptime

 
service timestamps log uptime

 
no service password-encryption

!

 
hostname fwlb-7600-1

!

 
diagnostic level complete

 
ip subnet-zero

!

 
ip csg user-group MN-ID

!

 
ip csg accounting EVENT-BMA

 
 user-group MN-ID

 
 agent 10.18.56.40 3333 1

 
 agent 10.18.56.40 4444 2

 
 inservice

!

 
ip slb probe PING-PROBE1 ping

 
 address 10.111.0.16           ! Configures probe for SSG 3

 
 interval 600

!

 
ip slb probe PING-PROBE2 ping

 
 address 10.111.0.24           ! Configures probe for SSG 4

 
 interval 600

!

 
ip slb probe PING-PROBE3 ping

 
 address 10.111.0.25           ! Configures probe for SSG 5

 
 interval 600

!

 
ip slb probe PING-PROBE4 ping

 
 address 10.111.0.26           ! Configures probe for SSG 6

 
 interval 600

!

 
ip slb probe PROBE-AAA ping

 
 interval 15

!

 
ip slb serverfarm AAA       ! Configures the AAA server farm

 
 nat server

 
 probe PROBE-AAA

!

 
 real 10.18.41.70           ! Configures the real AAA server address

 
  weight 1

 
  faildetect numconns 8 numclients 1

 
  inservice

!

 
 real 10.18.61.17           ! Configures the redundant real AAA server address

 
  weight 1

 
  faildetect numconns 8 numclients 1

 
  inservice

!

 
ip slb firewallfarm FIRE         ! Configures the firewall server farm

 
 inservice standby fwlb-ssg      ! See the standby 111 name fwlb-ssg on interface VLAN 111

!

 
 real 10.111.0.16                ! IP address of SSG 3

 
  probe PING-PROBE1

 
  inservice

!

 
 real 10.111.0.24                ! IP ddress of SSG 4

 
  probe PING-PROBE2

 
  inservice

!

 
 real 10.111.0.25                ! IP ddress of SSG 5

 
  probe PING-PROBE3

 
  inservice

!

 
 real 10.111.0.26                ! IP ddress of SSG 6

 
  probe PING-PROBE4

 
  inservice

 
 protocol tcp                    ! Configures TCP protocol and sticky connections

 
  sticky 500 destination

 
 protocol datagram               ! Configures datagram protocol and sticky connections

 
  sticky 500 destination

 
 replicate casa 10.111.0.17 10.111.0.18 22222

!

 
ip slb vserver AAA-RLB         ! Configures virtual server for load-balancing AAA messages

 
 virtual 10.120.0.15 udp 0 service radius    ! SSGs point to this address and port

 
 serverfarm AAA

 
 inservice standby fwlb-ssg

!

 
! Configures Spanning Tree Protocol for FWLB1 VLANs

 
spanning-tree vlan 7,111,121,257 priority 8192     Configure priority on FWLB2 to 16384

 
spanning-tree vlan 111 forward-time 7

 
spanning-tree vlan 121 forward-time 7

!

 
module ContentSwitchingModule 3 

 
 csg accounting EVENT-BMA

 
vlan 7 client

 
  ip address 107.0.0.32 255.0.0.0

 
  route 192.168.0.0 255.0.0.0 gateway 10.107.0.15

 
  route 10.111.0.0 255.0.0.0 gateway 10.107.0.15

 
  route 10.113.0.0 255.0.0.0 gateway 10.107.0.15

 
  route 10.0.0.0 255.0.0.0 gateway 10.107.0.15

 
  route 10.122.0.0 255.0.0.0 gateway 10.107.0.15

 
  route 10.120.0.15 255.255.255.255 gateway 10.107.0.15

!

 
 vlan 121 server

 
  ip address 10.121.0.32 255.0.0.0

 
  route 0.0.0.0 0.0.0.0 gateway 10.121.0.11

!

 
 map WALLED-GARDEN url

 
  match protocol http url *cisco*

 
  match protocol http url *billing*

!

 
 serverfarm RLB

 
  no nat server 

 
  no nat client

 
  predictor forward

!

 
 policy HTTP

 
  url-map WALLED-GARDEN

 
  serverfarm RLB

 
  csg filter EVENT-BMA type http string CSG3-HTTP

!

 
 policy IP

 
  serverfarm RLB

 
  csg filter EVENT-BMA string CSG3-IP

!

 
 vserver 115OPENGARDEN

 
  virtual 10.115.0.0 255.0.0.0 any

 
  serverfarm RLB

 
  replicate csrp connection

 
  persistent rebalance

 
  inservice

!

 
 vserver 117WALLEDGARDEN

 
  virtual 10.117.0.0 255.0.0.0 any

 
  serverfarm RLB

 
  replicate csrp connection

 
  persistent rebalance

 
  inservice

!

 
 ft group 2 vlan 257 

 
  priority 20 

!

!

 
redundancy

 
 mode rpr-plus

 
 main-cpu

 
  auto-sync running-config

 
  auto-sync standard

 
error-detection swbus-timeout-duration 10

 
error-detection swbus-stall-duration 3

!

!

 
! Configuration of physical interfaces follows...

 
interface Port-channel1

 
 description trunk from FWLB1 to FWLB2

 
 no ip address

 
 switchport

 
 switchport trunk encapsulation dot1q

 
 switchport trunk allowed vlan 7,111,257

 
 switchport mode trunk

!

 
interface Port-channel2

 
 description trunk from FWLB1 to RLB1

 
 no ip address

 
 switchport

 
 switchport trunk encapsulation dot1q

 
 switchport trunk allowed vlan 15

 
 switchport mode trunk

!

 
interface Port-channel3

 
 description trunk from FWLB1 to RLB2

 
 no ip address

 
 switchport

 
 switchport trunk encapsulation dot1q

 
 switchport trunk allowed vlan 15

 
 switchport mode trunk

!

 
interface FastEthernet4/1

 
 description port-channel 1 trunk to FWLB2 Fast4/1 

 
 no ip address

 
 duplex full

 
 speed 100

 
 switchport

 
 switchport trunk encapsulation dot1q

 
 switchport trunk allowed vlan 7,111,257

 
 switchport mode trunk

 
 channel-group 1 mode on

!

 
interface FastEthernet4/2

 
 description port-channel 1 trunk to FWLB2 Fast4/2 

 
 no ip address

 
 duplex full

 
 speed 100

 
 switchport

 
 switchport trunk encapsulation dot1q

 
 switchport trunk allowed vlan 7,111,257

 
 switchport mode trunk

 
 channel-group 1 mode on

!

 
interface FastEthernet4/5

 
 description port-channel 2 trunk to RLB1 Fast4/5 

 
 no ip address

 
 duplex full

 
 speed 100

 
 switchport

 
 switchport trunk encapsulation dot1q

 
 switchport trunk allowed vlan 15

 
 switchport mode trunk

 
 channel-group 2 mode on

!

 
interface FastEthernet4/6

 
 description port-channel 2 trunk to RLB1 Fast4/6 

 
 no ip address

 
 duplex full

 
 speed 100

 
 switchport

 
 switchport trunk encapsulation dot1q

 
 switchport trunk allowed vlan 15

 
 switchport mode trunk

 
 channel-group 2 mode on

!

 
interface FastEthernet4/9

 
 description port-channel 3 trunk to RLB2 Fast4/9 

 
 no ip address

 
 duplex full

 
 speed 100

 
 switchport

 
 switchport trunk encapsulation dot1q

 
 switchport trunk allowed vlan 15

 
 switchport mode trunk

 
 channel-group 3 mode on

!

 
interface FastEthernet4/10

 
 description port-channel 3 trunk to RLB2 Fast4/10 

 
 no ip address

 
 duplex full

 
 speed 100

 
 switchport

 
 switchport trunk encapsulation dot1q

 
 switchport trunk allowed vlan 15

 
 switchport mode trunk

 
 channel-group 3 mode on

!

 
interface FastEthernet4/14

 
 description SSG3 Service Side

 
 no ip address

 
 duplex full

 
 speed 100

 
 switchport

 
 switchport access vlan 111

!

 
interface FastEthernet4/16

 
 description SSG6 1/0 Service Side

 
 no ip address

 
 duplex full

 
 speed 100

 
 switchport

 
 switchport access vlan 111

!

 
interface FastEthernet4/17

 
 description SSG5 1/0 Service Side

 
 no ip address

 
 duplex full

 
 speed 100

 
 switchport

 
 switchport access vlan 111

!

 
interface FastEthernet4/48

 
 description trunk port to core router (services)

 
 no ip address

 
 duplex full

 
 speed 100

 
 switchport

 
 switchport trunk encapsulation dot1q

 
 switchport trunk allowed vlan 121

 
 switchport mode trunk

!

 
interface Vlan7

 
 ip address 10.107.0.17 255.255.255.0

 
 no ip redirects

 
 arp timeout 15

 
 standby 7 ip 10.107.0.15

 
 standby 7 priority 110

 
 standby 7 preempt delay minimum 25

 
 standby 7 authentication FwLB-WCC

 
 standby 7 track Vlan111

!

 
interface Vlan15

 
 description Management VLAN 15

 
 ip address 10.15.15.20 255.255.255.0   ! Configure 10.15.15.21 on FWLB2 router

 
 no ip redirects

 
 standby delay minimum 0 reload 0

 
 standby 5 ip 10.15.15.25       ! HSRP IP address, group 5 must be same on FWLB2 VLAN 15

 
 standby 5 priority 110  !  Sets priority for choosing active router; highest number 
                         !  represents highest priority; set lower priority on FWLB2.

 
 standby 5 preempt       !  Set so that when local router has higher priority than active 
                         !  router, it assumes control as active router. 

!

 
interface Vlan111

 
 description VLAN 111 to SSGs BVI1

 
 ip address 10.111.0.17 255.255.255.0

 
 no ip redirects

 
 standby 111 ip 10.111.0.15

 
 standby 111 priority 110

 
 standby 111 preempt delay sync 20

 
 standby 111 authentication Fwlb-bvi

 
 standby 111 name fwlb-ssg

!

 
interface Vlan121

 
 no ip address

!

 
ip default-gateway 10.18.56.1

 
ip classless

 
ip route 10.13.0.0 255.0.0.0 10.107.0.30         ! Directs user traffic to CSG for billing

 
ip route 10.113.0.0 255.0.0.0 10.111.0.25

 
ip route 10.122.0.16 255.255.255.255 10.111.0.16

 
ip route 10.122.0.25 255.255.255.255 10.111.0.25

 
ip route 10.122.0.26 255.255.255.255 10.111.0.26

 
ip route 192.168.0.0 255.0.0.0 10.111.0.24

 
no ip http server

!

 
access-list 1 permit 192.168.0.2

 
snmp-server community public RO

 
snmp-server community private RW

 
snmp-server enable traps snmp-server host 172.18.56.40 public 

!

 
line con 0

 
 exec-timeout 0 0

 
line vty 0 4

 
 login

!

end

Table of Contents