enterprise-networks - lab 16-11-2020 filtering and communities

Iscritti: 52
Proprietari
marco.bonola

Iscriviti
Disiscriviti
Info
/strong>
Archivio

Post

RSS
Documenti condivisi

mailing list for "Enterprise Networks"

lab 16-11-2020 filtering and communities

Cronologico Percorso di conversazione
< Cronologico >      < filo conduttore >

From: Marco Bonola < >

To: " " < >

Subject: lab 16-11-2020 filtering and communities

Date: Mon, 16 Nov 2020 17:34:54 +0100

Dear students,

please find attached the configuration files for AS 40 and AS 50. I sent you all the routers in AS 40 and 50 even if we only updated R6 and R7.

A few more things:

1) link to the peer group configuration example: https://cciethebeginning.wordpress.com/2009/01/05/bgp-peer-groups/

2) HOMEWORK 1: use a peer group to simplify the iBGP neighbors configuration on the route reflector

3) HOMEWORK 2: make sure that you have linux VMs (with openVPN) integrated in GNS3

4) I am uploading the extra slides I showed you today in to the Teams file repository

Ciao

Marco

!

!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
  hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback0
ip address 192.168.0.4 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface FastEthernet1/0
ip address 10.2.4.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet1/1
ip address 10.4.6.1 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet2/0
ip address 10.4.5.1 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet2/1
no ip address
shutdown
duplex auto
speed auto
!
router ospf 1
router-id 192.168.0.4
log-adjacency-changes
network 10.4.5.0 0.0.0.3 area 0
network 10.4.6.0 0.0.0.3 area 0
network 192.168.0.4 0.0.0.0 area 0
!
router bgp 40
no synchronization
bgp log-neighbor-changes
network 40.0.0.0
neighbor 10.2.4.1 remote-as 20
neighbor 10.2.4.1 route-map SETLOCPREF in
neighbor 192.168.0.5 remote-as 40
neighbor 192.168.0.5 update-source Loopback0
neighbor 192.168.0.5 route-reflector-client
neighbor 192.168.0.5 next-hop-self
neighbor 192.168.0.6 remote-as 40
neighbor 192.168.0.6 update-source Loopback0
neighbor 192.168.0.6 route-reflector-client
neighbor 192.168.0.6 next-hop-self
no auto-summary
!
ip forward-protocol nd
ip route 40.0.0.0 255.0.0.0 Null0
no ip http server
no ip http secure-server
!
ip as-path access-list 1 permit ^20$
!
!
logging alarm informational
no cdp log mismatch duplex
!
!
!
route-map SETLOCPREF permit 10
match as-path 1
set local-preference 300
!
route-map SETLOCPREF permit 15
!
!
!
!
control-plane
!
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end
!
!
!
!
!
!

!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R5
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
  hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback0
ip address 192.168.0.5 255.255.255.252
!
interface Loopback1
ip address 40.5.0.1 255.255.0.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface FastEthernet1/0
ip address 10.5.6.1 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet1/1
ip address 10.4.5.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet2/0
ip address 10.5.7.1 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet2/1
no ip address
shutdown
duplex auto
speed auto
!
router ospf 1
router-id 192.168.0.5
log-adjacency-changes
network 10.4.5.0 0.0.0.3 area 0
network 10.5.6.0 0.0.0.3 area 0
network 40.5.0.0 0.0.255.255 area 0
network 192.168.0.5 0.0.0.0 area 0
!
router bgp 40
no synchronization
bgp log-neighbor-changes
network 40.0.0.0
neighbor 10.5.7.2 remote-as 50
neighbor 10.5.7.2 route-map SETMED out
neighbor 192.168.0.4 remote-as 40
neighbor 192.168.0.4 update-source Loopback0
neighbor 192.168.0.4 next-hop-self
no auto-summary
!
ip forward-protocol nd
ip route 40.0.0.0 255.0.0.0 Null0
no ip http server
no ip http secure-server
!
!
!
logging alarm informational
no cdp log mismatch duplex
!
!
!
route-map SETMED permit 10
set metric 50
!
!
!
!
control-plane
!
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end
!

!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R6
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
  hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback0
ip address 192.168.0.6 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface FastEthernet1/0
ip address 10.3.6.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet1/1
ip address 10.4.6.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet2/0
ip address 10.5.6.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet2/1
ip address 10.6.7.1 255.255.255.252
duplex auto
speed auto
!
router ospf 1
router-id 192.168.0.6
log-adjacency-changes
network 10.4.6.0 0.0.0.3 area 0
network 10.5.6.0 0.0.0.3 area 0
network 192.168.0.6 0.0.0.0 area 0
!
router bgp 40
no synchronization
bgp default local-preference 200
bgp log-neighbor-changes
network 40.0.0.0
neighbor 10.3.6.1 remote-as 30
neighbor 10.6.7.2 remote-as 50
neighbor 10.6.7.2 prefix-list fromAS50 in
neighbor 192.168.0.4 remote-as 40
neighbor 192.168.0.4 update-source Loopback0
neighbor 192.168.0.4 next-hop-self
neighbor 192.168.0.4 send-community
no auto-summary
!
ip forward-protocol nd
ip route 40.0.0.0 255.0.0.0 Null0
no ip http server
no ip http secure-server
!
!
!
!
ip prefix-list fromAS50 seq 5 permit 50.0.0.0/8
logging alarm informational
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end
!

!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R7
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
  hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback0
ip address 50.0.0.1 255.0.0.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface FastEthernet1/0
ip address 10.6.7.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet1/1
ip address 10.5.7.2 255.255.255.252
shutdown
duplex auto
speed auto
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2/1
no ip address
shutdown
duplex auto
speed auto
!
router bgp 50
no synchronization
bgp log-neighbor-changes
network 50.0.0.0
network 200.0.0.0 mask 255.0.0.0
neighbor 10.5.7.1 remote-as 40
neighbor 10.6.7.1 remote-as 40
neighbor 10.6.7.1 send-community
neighbor 10.6.7.1 route-map SETCOMMUNITY out
no auto-summary
!
ip forward-protocol nd
ip route 200.0.0.0 255.0.0.0 Null0
no ip http server
no ip http secure-server
!
!
!
!
ip prefix-list PREFIX-SETCOMMUNITY seq 5 permit 50.0.0.0/8
logging alarm informational
no cdp log mismatch duplex
!
!
!
route-map SETCOMMUNITY permit 10
match ip address prefix-list PREFIX-SETCOMMUNITY
set community no-export
!
!
!
!
control-plane
!
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end
!
!
!
!
!
!
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R8
!
ip cef
no ip domain-lookup
no ip icmp rate-limit unreachable
ip tcp synwait 5
no cdp log mismatch duplex
!
line con 0
exec-timeout 0 0
logging synchronous
privilege level 15
no login
line aux 0
exec-timeout 0 0
logging synchronous
privilege level 15
no login
!
!
end

Attachment: topology.png
Description: PNG image

lab 16-11-2020 filtering and communities, Marco Bonola

Archivio con motore MhonArc 2.6.16.

§

Powered by Sympa 5.2.3

Servizio Mailing List Tor Vergata

lab 16-11-2020 filtering and communities