- From: Marco Bonola <
>
- To: "
" <
>
- Subject: lab 16-11-2020 filtering and communities
- Date: Mon, 16 Nov 2020 17:34:54 +0100
Dear students,
please find attached the configuration files for AS 40 and AS 50. I sent
you all the routers in AS 40 and 50 even if we only updated R6 and R7.
A few more things:
1) link to the peer group configuration example:
https://cciethebeginning.wordpress.com/2009/01/05/bgp-peer-groups/
2) HOMEWORK 1: use a peer group to simplify the iBGP neighbors
configuration on the route reflector
3) HOMEWORK 2: make sure that you have linux VMs (with openVPN)
integrated in GNS3
4) I am uploading the extra slides I showed you today in to the Teams
file repository
Ciao
Marco
!
!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback0
ip address 192.168.0.4 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface FastEthernet1/0
ip address 10.2.4.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet1/1
ip address 10.4.6.1 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet2/0
ip address 10.4.5.1 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet2/1
no ip address
shutdown
duplex auto
speed auto
!
router ospf 1
router-id 192.168.0.4
log-adjacency-changes
network 10.4.5.0 0.0.0.3 area 0
network 10.4.6.0 0.0.0.3 area 0
network 192.168.0.4 0.0.0.0 area 0
!
router bgp 40
no synchronization
bgp log-neighbor-changes
network 40.0.0.0
neighbor 10.2.4.1 remote-as 20
neighbor 10.2.4.1 route-map SETLOCPREF in
neighbor 192.168.0.5 remote-as 40
neighbor 192.168.0.5 update-source Loopback0
neighbor 192.168.0.5 route-reflector-client
neighbor 192.168.0.5 next-hop-self
neighbor 192.168.0.6 remote-as 40
neighbor 192.168.0.6 update-source Loopback0
neighbor 192.168.0.6 route-reflector-client
neighbor 192.168.0.6 next-hop-self
no auto-summary
!
ip forward-protocol nd
ip route 40.0.0.0 255.0.0.0 Null0
no ip http server
no ip http secure-server
!
ip as-path access-list 1 permit ^20$
!
!
logging alarm informational
no cdp log mismatch duplex
!
!
!
route-map SETLOCPREF permit 10
match as-path 1
set local-preference 300
!
route-map SETLOCPREF permit 15
!
!
!
!
control-plane
!
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end
!
!
!
!
!
!
!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R5
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback0
ip address 192.168.0.5 255.255.255.252
!
interface Loopback1
ip address 40.5.0.1 255.255.0.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface FastEthernet1/0
ip address 10.5.6.1 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet1/1
ip address 10.4.5.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet2/0
ip address 10.5.7.1 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet2/1
no ip address
shutdown
duplex auto
speed auto
!
router ospf 1
router-id 192.168.0.5
log-adjacency-changes
network 10.4.5.0 0.0.0.3 area 0
network 10.5.6.0 0.0.0.3 area 0
network 40.5.0.0 0.0.255.255 area 0
network 192.168.0.5 0.0.0.0 area 0
!
router bgp 40
no synchronization
bgp log-neighbor-changes
network 40.0.0.0
neighbor 10.5.7.2 remote-as 50
neighbor 10.5.7.2 route-map SETMED out
neighbor 192.168.0.4 remote-as 40
neighbor 192.168.0.4 update-source Loopback0
neighbor 192.168.0.4 next-hop-self
no auto-summary
!
ip forward-protocol nd
ip route 40.0.0.0 255.0.0.0 Null0
no ip http server
no ip http secure-server
!
!
!
logging alarm informational
no cdp log mismatch duplex
!
!
!
route-map SETMED permit 10
set metric 50
!
!
!
!
control-plane
!
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end
!
!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R6
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback0
ip address 192.168.0.6 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface FastEthernet1/0
ip address 10.3.6.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet1/1
ip address 10.4.6.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet2/0
ip address 10.5.6.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet2/1
ip address 10.6.7.1 255.255.255.252
duplex auto
speed auto
!
router ospf 1
router-id 192.168.0.6
log-adjacency-changes
network 10.4.6.0 0.0.0.3 area 0
network 10.5.6.0 0.0.0.3 area 0
network 192.168.0.6 0.0.0.0 area 0
!
router bgp 40
no synchronization
bgp default local-preference 200
bgp log-neighbor-changes
network 40.0.0.0
neighbor 10.3.6.1 remote-as 30
neighbor 10.6.7.2 remote-as 50
neighbor 10.6.7.2 prefix-list fromAS50 in
neighbor 192.168.0.4 remote-as 40
neighbor 192.168.0.4 update-source Loopback0
neighbor 192.168.0.4 next-hop-self
neighbor 192.168.0.4 send-community
no auto-summary
!
ip forward-protocol nd
ip route 40.0.0.0 255.0.0.0 Null0
no ip http server
no ip http secure-server
!
!
!
!
ip prefix-list fromAS50 seq 5 permit 50.0.0.0/8
logging alarm informational
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end
!
!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R7
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback0
ip address 50.0.0.1 255.0.0.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface FastEthernet1/0
ip address 10.6.7.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet1/1
ip address 10.5.7.2 255.255.255.252
shutdown
duplex auto
speed auto
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2/1
no ip address
shutdown
duplex auto
speed auto
!
router bgp 50
no synchronization
bgp log-neighbor-changes
network 50.0.0.0
network 200.0.0.0 mask 255.0.0.0
neighbor 10.5.7.1 remote-as 40
neighbor 10.6.7.1 remote-as 40
neighbor 10.6.7.1 send-community
neighbor 10.6.7.1 route-map SETCOMMUNITY out
no auto-summary
!
ip forward-protocol nd
ip route 200.0.0.0 255.0.0.0 Null0
no ip http server
no ip http secure-server
!
!
!
!
ip prefix-list PREFIX-SETCOMMUNITY seq 5 permit 50.0.0.0/8
logging alarm informational
no cdp log mismatch duplex
!
!
!
route-map SETCOMMUNITY permit 10
match ip address prefix-list PREFIX-SETCOMMUNITY
set community no-export
!
!
!
!
control-plane
!
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end
!
!
!
!
!
!
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R8
!
ip cef
no ip domain-lookup
no ip icmp rate-limit unreachable
ip tcp synwait 5
no cdp log mismatch duplex
!
line con 0
exec-timeout 0 0
logging synchronous
privilege level 15
no login
line aux 0
exec-timeout 0 0
logging synchronous
privilege level 15
no login
!
!
end
Attachment:
topology.png
Description: PNG image
- lab 16-11-2020 filtering and communities, Marco Bonola
Archivio con motore MhonArc 2.6.16.