|
|
This appendix contains sample configuration files for the following:
Use these sample configurations as models for the customization of your configurations. The portions of these configurations that you are likely to need to change for your network are printed in bold.
!
no service finger
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname sjcms01
!
aaa new-model
aaa authentication login CONSOLE none
aaa authentication login ADMIN radius local
aaa authentication ppp ADMIN if-needed radius local
aaa authorization network radius
aaa accounting network start-stop radius
aaa accounting connection start-stop radius
aaa accounting exec start-stop radius
enable password cisco1
enable secret secret123
!
! for copy rcp config file
username justincase password doublesecret
ip rcmd remote-username APMadmin
ip routing
!
ip subnet-zero
no ip source-route
ip name-server 192.168.10.1
ip radius source-interface Loopback1
clock timezone GMT 0
!
interface Loopback 1
description "MGMT Network and Async129"
ip address 172.16.2.56 255.255.255.255
!
interface Ethernet1/0
description "To Failover switch"
ip address 172.16.2.24 255.255.255.224
no ip directed-broadcast
no shutdown
!
interface Ethernet1/1
description "To Primary switch"
ip address 172.16.1.24 255.255.255.224
no ip directed-broadcast
no shutdown
!
interface Async 129
description "OSS Modem Incoming Call"
ip unnumbered Loopback1
encapsulation ppp
async dynamic address
async mode interactive
peer default ip address 172.16.2.63
no cdp enable
no fair-queue
ppp authentication chap callin ADMIN
!
router ospf 4242
passive-interface Loopback1
network 172.16.2.0 0.0.0.63 area 21
network 172.16.1.0 0.0.0.63 area 21
!
!
ip classless
! ip http server
logging trap debugging
logging facility syslog
! logging source uses logging IP
logging 192.168.10.1
logging source-interface Loopback1
no access-list 10
access-list 10 permit 192.168.10.1
!
snmp-server community public RO
snmp-server community private RW 10
snmp-server trap-source Loopback1
snmp-server location NOC-Center
snmp-server contact Network-Administrator
snmp-server system-shutdown
snmp-server host 192.168.10.1 sjcms01
radius-server host 192.168.10.8 auth-port 1645 acct-port 1646
!
radius-server key bananas
!
line con 0
session-timeout 45
exec-timeout 45 0
login authentication CONSOLE
transport preferred none
line 1 32
session-timeout 60
no exec
login authentication ADMIN
modem InOut
transport input all
flowcontrol hardware
line aux 0
exec-timeout 15 0
autoselect during-login
autoselect ppp
login authentication ADMIN
modem InOut
transport preferred none
transport input none
flowcontrol hardware
speed 115200
line vty 0 4
session-timeout 45
exec-timeout 45
password cisco2
transport preferred none
login authentication ADMIN
!
ntp server 192.168.10.1
end
!
!begin
set prompt sjsw01>
set length 24 default
set logout 20
! Security: Use either enablepass or tacacs+
! set enablepass
! set authentication enable tacacs
! set authentication enable tacacs
! set tacacs server
! set tacacs key
!
#system
set system baud 9600
set system modem disable
set system name sjsw01
set system location NOC-Center
set system contact Network-Administrator
!
#snmp
set snmp community read-only public
set snmp community read-write private
set snmp community read-write-all private
set snmp rmon disable
set snmp trap enable module
set snmp trap enable chassis
set snmp trap disable bridge
set snmp trap disable repeater
set snmp trap enable vtp
set snmp trap enable auth
!
#vtp
set vtp domain us_pri_mlp mode server
set vlan 1 name default type ethernet mtu 1500 said 100001 state active
!
#ip
set interface sc0 1 172.16.1.30 255.255.255.224 172.16.1.31
set interface sl0 0.0.0.0 0.0.0.0
set arp agingtime 1200
set ip redirect enable
set ip unreachable enable
set ip fragmentation enable
set ip route 0.0.0.0 172.16.1.27 1
set ip alias default 0.0.0.0
!
#Command alias
!
#switch port analyzer
set span 1 2/24 both
set span disable
!
#bridge
set bridge ipx snaptoether 8023raw
set bridge ipx 8022toether 8023
set bridge ipx 8023rawtofddi snap
!
#vlan
set vlan 1 1/1-2
set vlan 1 2/1-24
!
#syslog
set logging console enable
set logging server enable
! use logging ip for the logging server address, for example:
! set logging server 192.168.10.1
set logging server 192.168.10.1
set logging level cdp 2 default
set logging level cgmp 2 default
set logging level disl 5 default
set logging level dvlan 2 default
set logging level earl 2 default
set logging level fddi 2 default
set logging level ip 2 default
set logging level pruning 2 default
set logging level snmp 2 default
set logging level spantree 2 default
set logging level sys 5 default
set logging level tac 2 default
set logging level tcp 2 default
set logging level telnet 2 default
set logging level tftp 2 default
set logging level vtp 2 default
set logging level vmps 2 default
!
#ntp
set ntp broadcastclient disable
set ntp broadcastdelay 3000
set ntp client enable
!ntp server 192.168.10.1
set ntp server 172.16.2.56
set timezone GMT 0 0
!set summertime enable
!
#cam
set cam agingtime 1 300
!
#cdp
set cdp enable 1/1-2
set cdp enable 2/1-24
!
#trunks
set trunk 1/1 auto 1-1000
set trunk 1/2 auto 1-1000
!
#spantree
#vlan 1
set spantree enable 1
set spantree fwddelay 15 1
set spantree hello 2 1
set spantree maxage 20 1
set spantree priority 32 1
!
#trunk
set spantree portfast 1/1-2 enable
set spantree portfast 2/1-24 enable
!
#module 1
set module name 1
set port enable 1/1-2
set port level 1/1-2 high
set port duplex 1/1-2 full
set port trap 1/1-2 enable
set port name 1/1 RS01
set port name 1/2 RS02
!
#module 2
set module name 2
set module enable 2
set port enable 2/1-24
set port speed 2/1 10
set port speed 2/2-24 100
set port level 2/1-24 normal
set port duplex 2/1 half
set port duplex 2/2-24 full
set port trap 2/1-24 enable
set port name 2/1 CMS01
set port name 2/2 AS01
set port name 2/3 AS02
set port name 2/4 AS03
set port name 2/5 AS04
set port name 2/6 AS05
set port name 2/7 AS06
set port name 2/8 AS07
set port name 2/9 AS08
set port name 2/10 AS09
set port name 2/11 AS10
set port name 2/12 AS11
set port name 2/13 AS12
set port name 2/14 AS13
set port name 2/15 AS14
set port name 2/16 AS15
set port name 2/17 AS16
set port name 2/18 AS17
set port name 2/19 AS18
set port name 2/20 AS19
set port name 2/21 AS20
set port name 2/22 AS21
!
!end
!
no service finger
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname sjas01
!
aaa new-model
aaa authentication login CONSOLE none
aaa authentication login ADMIN radius local
aaa authentication login USERS radius
aaa authentication ppp USERS&TUNNELS if-needed radius
aaa authorization network radius if-authenticated
aaa accounting network start-stop radius
aaa accounting exec start-stop radius
aaa accounting connection start-stop radius
enable secret secret123
enable password cisco1
!
! for copy rcp config file
ip rcmd remote-username APMadmin
ip routing
username justincase password doublesecret
!
username us_pri_mlp password secret
ip subnet-zero
no ip source-route
ip name-server 192.168.10.1
ip radius source-interface Loopback1
!
no sgbp group us_pri_mlp
!
sgbp group us_pri_mlp
sgbp seed-bid default
sgbp source-ip 172.16.1.33
! sgbp members will be built at run time.
! There is one per peer NAS, fully meshed.
! Example: sgbp member Nas02 4.2.1.2
sgbp member sjas02 172.16.1.34
sgbp member sjas03 172.16.1.35
!async-bootp dns-server
!async-bootp nbns-server
! vpdn enable
! vpdn source-ip 172.16.1.33
isdn switch-type primary-5ess
clock timezone GMT 0
!
controller T1 0
framing esf
fdl ansi
clock source line primary
linecode b8zs
! if T1, no of isdn channel=24, E1=31
pri-group timeslots 1-24
no shutdown
!
controller T1 1
framing esf
fdl ansi
clock source line secondary
linecode b8zs
! if T1, no of isdn channel=24, E1=31
pri-group timeslots 1-24
no shutdown
!
controller T1 2
framing esf
fdl ansi
clock source internal
linecode b8zs
! if T1, no of isdn channel=24, E1=31
pri-group timeslots 1-24
no shutdown
!
controller T1 3
framing esf
fdl ansi
clock source internal
linecode b8zs
! if T1, no of isdn channel=24, E1=31
pri-group timeslots 1-24
no shutdown
!
controller T1 4
framing esf
fdl ansi
clock source internal
linecode b8zs
! if T1, no of isdn channel=24, E1=31
pri-group timeslots 1-24
no shutdown
!
controller T1 5
framing esf
fdl ansi
clock source internal
linecode b8zs
! if T1, no of isdn channel=24, E1=31
pri-group timeslots 1-24
no shutdown
!
controller T1 6
framing esf
fdl ansi
clock source internal
linecode b8zs
! if T1, no of isdn channel=24, E1=31
pri-group timeslots 1-24
no shutdown
!
controller T1 7
framing esf
fdl ansi
clock source internal
linecode b8zs
! if T1, no of isdn channel=24, E1=31
pri-group timeslots 1-24
no shutdown
!
interface Loopback0
description "L2F tunnel NAS pseudo interface"
ip address 172.16.1.33 255.255.255.255
!
interface Loopback1
description "Management (SNMP & AAA) NAS pseudo interface"
ip address 172.16.2.33 255.255.255.255
!
interface Ethernet0
description "To Failover path via Switch port on 7206"
ip address 172.16.2.1 255.255.255.224
no shutdown
no ip directed-broadcast
ip route-cache
no lat enabled
no mop enabled
default keepalive
no fair-queue
!
interface FastEthernet0
description "To Primary Switch path"
ip address 172.16.1.1 255.255.255.224
!
no shutdown
duplex full
speed 100
no ip directed-broadcast
ip route-cache
no lat enabled
no mop enabled
default keepalive
no fair-queue
!
interface Serial0
no ip address
no ip directed-broadcast
shutdown
no fair-queue
!
interface Serial1
no ip address
no ip directed-broadcast
shutdown
no fair-queue
!
interface Serial2
no ip address
no ip directed-broadcast
shutdown
no fair-queue
!
interface Serial3
no ip address
no ip directed-broadcast
shutdown
no fair-queue
!
! if North American isdn d channel=23, European=15
interface Serial0:23
description "PRI D channel"
ip unnumbered Loopback0
encapsulation ppp
isdn switch-type primary-5ess
isdn incoming-voice modem
peer default ip address pool sjas01
dialer rotary-group 1
no fair-queue
no cdp enable
no keepalive
no shutdown
dialer-group 1
!
interface Serial1:23
description "PRI D channel"
ip unnumbered Loopback0
encapsulation ppp
isdn switch-type primary-5ess
isdn incoming-voice modem
peer default ip address pool sjas01
dialer rotary-group 1
no fair-queue
no cdp enable
no keepalive
no shutdown
dialer-group 1
!
interface Serial2:23
description "PRI D channel"
ip unnumbered Loopback0
encapsulation ppp
isdn switch-type primary-5ess
isdn incoming-voice modem
peer default ip address pool sjas01
dialer rotary-group 1
no fair-queue
no cdp enable
no keepalive
no shutdown
dialer-group 1
!
interface Serial3:23
description "PRI D channel"
ip unnumbered Loopback0
encapsulation ppp
isdn switch-type primary-5ess
isdn incoming-voice modem
peer default ip address pool sjas01
dialer rotary-group 1
no fair-queue
no cdp enable
no keepalive
no shutdown
dialer-group 1
!
interface Serial4:23
description "PRI D channel"
ip unnumbered Loopback0
encapsulation ppp
isdn switch-type primary-5ess
isdn incoming-voice modem
peer default ip address pool sjas01
dialer rotary-group 1
no fair-queue
no cdp enable
no keepalive
no shutdown
dialer-group 1
!
interface Serial5:23
description "PRI D channel"
ip unnumbered Loopback0
encapsulation ppp
isdn switch-type primary-5ess
isdn incoming-voice modem
peer default ip address pool sjas01
dialer rotary-group 1
no fair-queue
no cdp enable
no keepalive
no shutdown
dialer-group 1
!
interface Serial6:23
description "PRI D channel"
ip unnumbered Loopback0
encapsulation ppp
isdn switch-type primary-5ess
isdn incoming-voice modem
peer default ip address pool sjas01
dialer rotary-group 1
no fair-queue
no cdp enable
no keepalive
no shutdown
dialer-group 1
!
interface Serial7:23
description "PRI D channel"
ip unnumbered Loopback0
encapsulation ppp
isdn switch-type primary-5ess
isdn incoming-voice modem
peer default ip address pool sjas01
dialer rotary-group 1
no fair-queue
no cdp enable
no keepalive
no shutdown
dialer-group 1
!
! Delete the entire Group-Async1 if no modems are installed in stack
!
interface Group-Async1
description "Async Incoming Call"
ip unnumbered Loopback0
encapsulation ppp
async dynamic address
!if token card, IF_TOKEN_CARD=interactive, otherwise =dedicated
async mode interactive
no snmp trap link-status
peer default ip address pool sjas01
ip tcp header-compression passive
default keepalive
no fair-queue
no cdp enable
ppp authentication chap callin USERS&TUNNELS
ppp chap hostname whatremotesees
! T1 = 192, E1 = 240
group-range 1 92
group-range 1 184
! T1 = 96, E1 = 120
!
interface Dialer1
ip unnumbered Loopback0
encapsulation ppp
peer default ip address pool sjas01
ppp multilink
ppp authentication chap callin USERS&TUNNELS
ppp chap hostname whatremotesees
dialer-group 1
dialer in-band
no keepalive
no cdp enable
!
router ospf 4242
redistribute connected subnets
passive-interface Loopback0
passive-interface Loopback1
passive-interface Serial0:23
passive-interface Serial1:23
passive-interface Serial2:23
passive-interface Serial3:23
passive-interface Serial4:23
passive-interface Serial5:23
passive-interface Serial6:23
passive-interface Serial7:23
network 172.16.2.0 0.0.0.63 area 21
network 172.16.1.0 0.0.0.63 area 21
summary-address 172.16.3.0 255.255.255.128
summary-address 172.16.3.128 255.255.255.192
!
ip local pool sjas01 172.16.3.1 172.16.3.184
!
ip classless
! ip http server
logging trap debugging
logging facility syslog
! logging source uses logging ip
logging 192.168.10.1
logging source-interface Loopback1
no access-list 10
access-list 10 permit 192.168.10.1
!
snmp-server community public RO
snmp-server community private RW 10
snmp-server trap-source Loopback1
snmp-server host 192.168.10.1 sjas01
snmp-server location NOC-Center
snmp-server contact Network-Administrator
snmp-server system-shutdown
snmp-server enable traps envmon
dialer-list 1 protocol ip permit
radius-server host 192.168.10.8 auth-port 1645 acct-port 1646
!
radius-server key bananas
!
line con 0
session-timeout 30
exec-timeout 15 0
logout-warning 60
transport preferred none
login authentication CONSOLE
line aux 0
line vty 0 4
session-timeout 45
exec-timeout 45 0
transport preferred none
login authentication ADMIN
line 1 92
autoselect during-login
autoselect ppp
login authentication USERS
modem InOut
transport preferred none
autohangup
line 1 184
autoselect during-login
autoselect ppp
login authentication USERS
modem InOut
transport preferred none
autohangup
!
ntp server 172.16.2.56
end
!
no service finger
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname sjrs01
!
aaa new-model
aaa authentication login CONSOLE none
aaa authentication login ADMIN radius local
aaa authorization network radius
aaa accounting network start-stop radius
aaa accounting connection start-stop radius
aaa accounting exec start-stop radius
enable password cisco1
enable secret secret123
!
! for copy rcp config file
username justincase password doublesecret
ip rcmd remote-username APMadmin
ip routing
!
ip subnet-zero
no ip source-route
ip name-server 192.168.10.1
ip radius source-interface Loopback1
clock timezone GMT 0
clock calendar-valid
!
interface Loopback1
description "Management (SNMP & AAA) pseudo interface"
ip address 172.16.2.54 255.255.255.255
!
interface FastEthernet0/0
description "To Failover path Switch"
ip address 172.16.2.27 255.255.255.224
full-duplex
media-type 100basex
no shutdown
bandwidth 10000
no ip directed-broadcast
ip route-cache
default keepalive
no fair-queue
no mop enabled
no lat enabled
!
interface FastEthernet1/0
description "To Stack via SW01"
ip address 172.16.1.27 255.255.255.224
no ip directed-broadcast
ip route-cache
default keepalive
full-duplex
no shutdown
no mop enabled
no lat enabled
!
interface FastEthernet 5/0
description "To FastE0/0"
no ip address
bridge-group 2
default keepalive
full-duplex
no mop enabled
no lat enabled
no shutdown
!
interface FastEthernet 5/1
! description "Reserved for link to RS02 Eswitch FastE5/1" ! RS01
! description "To RS01 Eswitch FastE5/1" ! RS02
no ip address
bridge-group 2
default keepalive
full-duplex
no mop enabled
no lat enabled
no shutdown
!
interface Ethernet 5/2
! description "To CMS01 E1/0" ! RS01
! description "To AS12 E0" ! RS02
no ip address
bridge-group 2
default keepalive
half-duplex
no mop enabled
no lat enabled
no shutdown
!
interface Ethernet 5/3
! description "To AS01 E0" ! RS01
! description "To AS13 E0" ! RS02
no ip address
bridge-group 2
default keepalive
half-duplex
no mop enabled
no lat enabled
no shutdown
!
interface Ethernet 5/4
! description "To AS02 E0" ! RS01
! description "To AS14 E0" ! RS02
no ip address
bridge-group 2
default keepalive
half-duplex
no mop enabled
no lat enabled
no shutdown
!
interface Ethernet 5/5
! description "To AS03 E0" ! RS01
! description "To AS15 E0" ! RS02
no ip address
bridge-group 2
default keepalive
half-duplex
no mop enabled
no lat enabled
no shutdown
!
interface Ethernet 5/6
! description "To AS04 E0" ! RS01
! description "To AS16 E0" ! RS02
no ip address
bridge-group 2
default keepalive
half-duplex
no mop enabled
no lat enabled
no shutdown
!
interface Ethernet 5/7
! description "To AS05 E0" ! RS01
! description "To AS17 E0" ! RS02
no ip address
bridge-group 2
default keepalive
half-duplex
no mop enabled
no lat enabled
no shutdown
!
interface Ethernet 5/8
! description "To AS06 E0" ! RS01
! description "To AS18 E0" ! RS02
no ip address
bridge-group 2
default keepalive
half-duplex
no mop enabled
no lat enabled
no shutdown
!
interface Ethernet 5/9
! description "To AS07 E0" ! RS01
! description "To AS19 E0" ! RS02
no ip address
bridge-group 2
default keepalive
half-duplex
no mop enabled
no lat enabled
no shutdown
!
interface Ethernet 5/10
! description "To AS08 E0" ! RS01
! description "To AS20 E0" ! RS02
no ip address
bridge-group 2
default keepalive
half-duplex
no mop enabled
no lat enabled
no shutdown
!
interface Ethernet 5/11
! description "To AS09 E0" ! RS01
! description "To AS21 E0" ! RS02
no ip address
bridge-group 2
default keepalive
half-duplex
no mop enabled
no lat enabled
no shutdown
!
interface Ethernet 5/12
! description "To AS10 E0" ! RS01
no ip address
bridge-group 2
default keepalive
half-duplex
no mop enabled
no lat enabled
no shutdown
!
interface Ethernet 5/13
! description "To AS11 E0" ! RS01
no ip address
bridge-group 2
default keepalive
half-duplex
no mop enabled
no lat enabled
no shutdown
!
router ospf 4242
passive-interface Loopback1
network 172.16.2.0 0.0.0.63 area 21
network 172.16.1.0 0.0.0.63 area 21
!
bridge irb
bridge 2 protocol ieee
! RS01 has priority 1, RS02 has priority 2
bridge 2 priority 1
!
ip classless
! ip http server
logging trap debugging
logging facility syslog
! logging source uses logging IP
logging 192.168.10.1
logging source-interface Loopback1
no access-list 10
access-list 10 permit 192.168.10.1
!
snmp-server community public RO
snmp-server community private RW 10
snmp-server trap-source Loopback1
snmp-server host 192.168.10.1 sjrs01
snmp-server location NOC-Center
snmp-server contact Network-Administrator
snmp-server system-shutdown
radius-server host 192.168.10.8 auth-port 1645 acct-port 1646
!
radius-server key bananas
!
line con 0
session-timeout 30
exec-timeout 15 0
logout-warning 60
login authentication CONSOLE
transport preferred none
line aux 0
line vty 0 4
session-timeout 45
exec-timeout 45 0
login authentication ADMIN
transport preferred none
!
ntp server 172.16.2.56
end
Posted: Tue Jul 16 23:10:05 PDT 2002
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.