The SF-Core-1 Router

 

The SF-Core-1 device on the ZIP network is a Cisco 7505 router. The configuration of this router features the following:

  • A Fast Ethernet LAN interface to the local San Francisco backbone segment.

  • An HDLC serial link to the San Jose router.

  • An HDLC serial link to the ZIP network ISP.

  • An HSRP group between SF-Core-1 and SF-Core-2.

  • EBGP routing between the ZIP network and ISP-B, a local provider. The routes advertised and received by BGP are controlled using distribute lists.

  • Redistribution of static routes used for default routing into the EIGRP routing process.

  • An extended IP access list used for filtering traffic from the public Internet and the ZIP network.

  • An IPX router SAP filter on the FastEthernet segment.

The complete configuration for the SF-Core-1 router follows :

 Version 12.1 Service timestamps debug datetime localtime Service timestamps log datetime localtime Service password-encryption ! hostname SF-Core-1 ! aaa new-model aaa authentication login default group tacacs+ enable aaa authorization exec group tacacs+ if-authenticated aaa authorization network group radius if-authenticated aaa accounting exec stop-only group tacacs+ enable secret 5 toY$IJQPTVD4.aEDLwZ8nPrvX. ! ip tcp intercept mode watch ip tcp intercept list 120 ip tcp intercept watch-timeout 15 ip domain-list zipnet.com ip domain-list zipnet.net ip domain-name zipnet.com ip name-server 131.108.110.34 ip name-server 131.108.110.35 appletalk routing eigrp 25000 appletalk route-redistribution ipx routing 0000.0e0d.1eb0 ! clock timezone PST -8 clock summer-time PDT recurring! interface Loopback1  description SF-Core-1 router loopback  ip address 131.108.254.3 255.255.255.255 ! interface FastEthernet0/0  description San Francisco FastEthernet backbone LAN  ip address 131.108.20.3 255.255.252.0  appletalk cable-range 1-10  appletalk zone SF Zone  ipx network 10  standby ip 131.108.20.5  standby preempt  ipx router-sap-filter 1001 ! interface Serial1/0  description HDLC leased line on circuit 456WS34209 to San-Jose  ip address 131.108.240.1 255.255.255.252  appletalk cable-range 901-901  appletalk zone WAN Zone  appletalk protocol eigrp  no appletalk protocol rtmp  ipx network 901 ! interface Serial1/1  description HDLC leased line on circuit 789WS34256 to ISP-B  ip address 192.7.2.2 255.255.255.252  ip access-group 101 in ! interface Serial1/2  no ip address  shutdown ! interface Serial1/3  no ip address  shutdown ! router eigrp 25000    redistribute static  redistribute bgp 25000  network 131.108.0.0  distribute-list 1300 out  no auto-summary ! router bgp 25000  no synchronization  network 131.108.0.0  neighbor 192.7.2.1 remote-as 1  neighbor 192.7.2.1 description Internet Connection to ISP-B  neighbor 192.7.2.1 distribute-list ISP-routes in  neighbor 192.7.2.1 distribute-list ZIP-routes out  neighbor 131.108.254.6  remote-as 25000  neighbor 131.108.254.6  description IBGP to Seoul-1  neighbor 131.108.254.6  update-source Loopback 0 ! ip classless ip default-network 131.119.0.0 ip default-network 140.222.0.0 ip route 131.108.232.0 255.255.255.0 FastEthernet0/0 ip route 131.108.0.0 255.255.0.0 Null0 logging 131.108.110.33 logging trap debugging logging console emergencies ip access-list standard ZIP-routes  permit 131.108.0.0 ip access-list standard ISP-routes deny  host 0.0.0.0 deny 127.0.0.0 0.255.255.255  deny 10.0.0.0 0.255.255.255 deny 172.16.0.0 0.15.255.255 deny 192.168.0.0 0.0.255.255  deny 192.0.2.0 0.0.0.255  deny 128.0.0.0 0.0.255.255  deny 191.255.0.0 0.0.255. deny 192.0.0.0 0.0.0.255  deny 223.255.255.0 0.0.0.255  deny 224.0.0.0 31.255.255.255  permit any access-list 1 permit 131.108.0.0 0.0.255.255 access-list 2 permit host 131.108.20.45 access-list 101 remark Permits NTP, DNS, WWW, and SMTP access-list 101 deny tcp host 192.7.2.2 host 192.7.2.2 log access-list 101 deny ip 131.108.0.0 0.0.255.255 any log access-list 101 deny ip 10.0.0.0 0.255.255.255 any access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 deny ip 127.0.0.0 0.255.255.255 any access-list 101 permit ip host 192.7.2.1 host 192.7.2.2 access-list 101 deny ip any host 192.7.2.2 access-list 101 permit udp any 131.108.101.99 eq domain access-list 101 permit udp host 15.255.160.64 host 131.108.254.3 eq ntp access-list 101 permit udp host 128.4.1.1 host 131.108.254.3 eq ntp access-list 101 permit udp host 16.1.0.4 host 131.108.254.3 eq ntp access-list 101 permit udp host 204.123.2.5 host 131.108.254.3 eq ntp access-list 101 permit tcp host 192.52.71.4 host 131.108.101.34 eq domain access-list 101 permit tcp host 192.52.71.4 host 131.108.101.35 eq domain access-list 101 permit tcp any host 131.108.101.34 eq smtp access-list 101 permit tcp any host 131.108.101.35 eq smtp access-list 101 permit tcp any host 131.108.101.100 eq www access-list 101 permit tcp any host 131.108.101.100 eq ftp access-list 101 permit tcp any host 131.108.101.100 eq ftp-data access-list 101 permit tcp any gt 1023 host 131.108.101.100 gt 1023 access-list 101 permit icmp any any echo-reply access-list 101 permit icmp any any time-exceeded access-list 101 permit icmp any any port-unreachable access-list 101 permit tcp any any established access-list 101 permit tcp any any eq 22 access-list 101 deny   tcp any any eq ident access-list 101 deny   ip any any log access-list 120 permit ip any 131.108.0.0 0.0.255.255  access-list 1001 permit aa.0005.0112.0474 access-list 1001 deny -1 access-list 1300 permit 131.108.0.0 0.0.255.255 access-list 1300 permit 131.119.0.0 access-list 1300 permit140.222.0.0 ! ipx router eigrp 25000  network 10  network 901 ! tacacs-server host 131.108.110.33 tacacs-server key ZIPSecure radius-server host 131.108.110.33 radius-server key Radius4Me snmp-server community Zipnet RO 2 snmp-server community ZIPprivate RW 2 snmp-server host 131.108.20.45 Zipnet snmp frame-relay config snmp-server location 22 Cable Car Drive, San Francisco, CA, USA snmp-server contact Allan Leinwand, allan@telegis.net ! line con 0  password 7 095B59 line aux 0 line vty 0 4  password 7 095B59  access-class 1 in ! ntp update-calendar ntp server 192.216.191.10 ntp server 129.189.134.11 ! end 


Cisco Router Configuration
Cisco Router Configuration (2nd Edition)
ISBN: 1578702410
EAN: 2147483647
Year: 1999
Pages: 116

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net