Routed and Switched Networks Case Study 2016/17 Examples of typical IOS configuration constructs Basic config hostname WAN2 no ip domain lookup VLANs vlan 123 name ONETWOTHREE Switch Trunks interface GigabitEthernet0/1 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk native vlan 123 LAG (aka PortChannel) interface GigabitEthernet0/1 <L2-PARAMS> channel-group 123 mode active interface GigabitEthernet0/2 <L2-PARAMS> channel-group 123 mode active interface Port-channel123 <L2-PARAMS> STP spanning-tree mode mst | pvst+ | rpvst+ MST: spanning-tree mst configuration name MYREGION revision 1 instance 1 vlan 100-199 instance 2 vlan 200-299 spanning-tree mst 1 priority 8192 interface GigabitEthernet0/1 spanning-tree mst 1 cost 2 PVST: spanning-tree vlan 123 priority 8192 interface GigabitEthernet0/1 switchport trunk allowed vlans [add] 2,3,4 spanning-tree vlan 2 cost 20 All STP types: interface GigabitEthernet0/1 spanning-tree portfast edge spanning-tree bpduguard enable spanning-tree guard root VRF vrf definition MGMT address-family ipv4 exit-address-family address-family ipv6 exit-address-family VLAN interface (switch) interface Vlan22 ip address …. no shutdown L3 interface (router) interface GigabitEthernet0/1 no shutdown L3 subinterface (router) interface GigabitEthernet0/1.22 encapsulation dot1Q 22 Interface addressing & VRF assignment interface GigabitEthernet0/1.22 description Management vrf forwarding MGMT ip address 1.2.3.6 255.255.255.0 ipv6 address 2001:AAAA:2222:FFFB::6/64 HSRP, VRRP, tracking interface GigabitEthernet0/1.100 standby version 2 ! same syntax for IPv4 standby 22 ipv6 2001:AAAA:2222:FFFB::1/64 standby 22 priority 150 standby 22 preempt standby 22 track 22 decrement 60 ! on primary router only, possibly multiple times for multiple interfaces ! same syntax for IPv6 vrrp 22 ip 44.2.251.1 vrrp 22 priority 150 vrrp 22 track 22 decrement 60 ! on primary router only, possibly multiple times for multiple interfaces track 22 interface GigabitEthernet0/3 line-protocol ! the same track object can be reused for multiple HSRP/VRRP groups IPv6 routing ipv6 unicast-routing interface GigabitEthernet0/1 ipv6 address FE80::1 link-local Static routing ip route 1.2.3.4 255.255.240.0 44.2.0.1 ip route vrf MGMT 1.2.3.4 255.255.240.0 44.2.251.1 ipv6 route 2001:BBBB::/32 2001:AAAA:2222::1 ipv6 route vrf 2001:BBBB::/32 2001:AAAA:2222::1 ! use link-local nexthop address alternatively IGP OSPF router ospf 2 [ vrf MGMT ] router-id 1.2.3.4 area 1 range … area 1 stub default-information originate route-map RM interface g0/1.100 ip ospf 1 area 0 ip ospf cost 1000 OSPFv3 router ospfv3 1 router-id 1.2.3.4 area 1 stub ! address-family ipv4 unicast area 1 range 1.0.0.0 255.0.0.0 passive-interface GigabitEthernet0/1.100 ! not needed if OSPF enabled by specific interfaces‘ command default-information originate route-map RM exit-address-family ! address-family ipv6 unicast area 1 range 2001:DB8:100::/48 passive-interface GigabitEthernet0/1.100 ! not needed if OSPF enabled by specific interfaces‘ command default-information originate route-map RM exit-address-family ! address-family ipv4 unicast vrf MGMT … exit-address-family ! address-family ipv6 unicast vrf MGMT … exit-address-family interface GigabitEthernet0/1.100 ospfv3 1 ipv4 area 0 ospfv3 1 ipv6 area 0 ospfv3 1 ipv4 cost 100 ospfv3 1 ipv6 cost 200 ospfv3 1 ipv4 network point-to-point ospfv3 1 ipv6 network point-to-point ISIS router isis 1 net 49.0011.0000.0000.0005.00 metric-style wide address-family ipv4 default-information originate route-map RM_DEFAULT exit-address-family address-family ipv6 default-information originate route-map RM_DEFAULT exit-address-family interface GigabitEthernet0/1 ip router isis 1 isis circuit-type level-1 | level-2-only isis metric 100 EIGRP Ip route 0.0.0.0 0.0.0.0 null0 router eigrp 2 redistribute static metric 1 1 255 1 1500 eigrp stub connected passive-interface … network <local-interface-address> 0.0.0.0 … ipv6 router eigrp 2 redistribute static metric 1 1 255 1 1500 eigrp stub connected … interface GigabitEthernet0/1 delay 10000 ip summary-address eigrp 2 1.0.0.0 255.0.0.0 ipv6 summary-address eigrp 2 2001:a::/32 ipv6 eigrp 2 RIP router rip ! Global routing space config here, anything configured under address-family ipv4 unicast ! will be moved to router rip global scope automatically in current IOS version version 2 no auto-summary passive-interface GigabitEthernet0/1 ! passive-interface command(s) for per-VRF RIP put also here offset-list 1 out 11 GigabitEthernet0/1 redistribute static route-map RM default-information originate route-map RM network 1.0.0.0 ! there is no way how to specify interfaces to run RIP using interface command for IPv4 RIP distribute-list prefix PL out GigabitEthernet0/1 address-family ipv4 vrf MGMT version 2 no auto-summary ! put passive-interface command(s) for per-VRF RIP into global RIP config section offset-list 1 out 11 GigabitEthernet0/1.100 redistribute static route-map RM default-information originate route-map RM network 1.0.0.0 exit-address-family interface g0/1 ip summary-address rip 1.0.0.0 255.0.0.0 RIPNG ipv6 rip vrf-mode enable ipv6 router rip 1 ! Global routing space config here, address-family ipv6 unicast DOES NOT EXIST distribute-list prefix-list PL out g0/1 address-family ipv6 vrf MGMT exit-address-family interface g0/1 ipv6 rip 1 enable ipv6 rip 1 metric-offset 11 ipv6 rip 1 summary-address … ipv6 rip 1 default–information originate metric 2 ! conditional advertisement using route map not available in current IOS version ! Passive-interface command not needed for RIPNG as RIPNG is enabled explicitly on particular interfaces with interface command. Use redistribute connected to propagate nontransit interfaces into RIP ACLs, Prefix lists & route maps access-list 1 permit any access-list 100 permit tcp 1.1.1.1 0.0.0.255 ge 1024 2.2.0.0 0.0.255.255 eq 23 ip prefix-list PL_CLIENTS4 seq 10 permit 44.2.32.0/19 le 32 ip prefix-list PL_CLIENTS4 seq 20 permit 44.1.0.0/16 ipv6 prefix-list PL_CLIENTS6 seq 10 permit 2001:AAAA:2222:80::/57 le 128 route-map RM_DEFAULT permit 10 match ip address prefix-list PL_DEFCONDITION_WAN1 set metric 1000 route-map RM_ISP1OUT4 permit 10 match ip address prefix-list PL_SOMETHING set as-path prepend … set ip next-hop …. set local-preference 150 route-map RM_ISP1OUT4 permit 20 route-map RM_ISP1IN6 permit 10 match ipv6 address prefix-list PL_ISP2NETS_6 … route-map RM_ISP1IN6 permit 20 BGP router bgp 123 bgp router-id 1.2.3.4 ! transport session parameters neighbor 2001:AAAA:2222:FFFC::C remote-as 100 neighbor 44.2.254.4 remote-as 2 neighbor 44.2.254.4 update-source Loopback0 ! address-family ipv4 ! activation of neighbors in IPv4 address family and IPv4-related parameters network 1.0.0.0 redistribute isis 1 level-1-2 route-map RM_PERMIT_CLIENTS_SERVERS4 neighbor 2001:AAAA:2222:FFFC::C activate neighbor 2001:AAAA:2222:FFFC::C route-map RM_ISP1IN4 in neighbor 2001:AAAA:2222:FFFC::C route-map RM_ISP1OUT4 out neighbor 44.2.254.4 activate neighbor 44.2.254.4 next-hop-self exit-address-family ! address-family ipv6 ! activation of neighbors in IPv4 address family and IPv4-related parameters network 2001:9999:1000::/48 redistribute isis 1 level-1-2 route-map RM_PERMIT_CLIENTS_SERVERS6 neighbor 2001:AAAA:2222:FFFC::C activate neighbor 2001:AAAA:2222:FFFC::C route-map RM_ISP1IN6 in neighbor 2001:AAAA:2222:FFFC::C route-map RM_ISP1OUT6 out neighbor 44.2.254.4 activate neighbor 44.2.254.4 route-map RM_SETNH6_WAN2 out exit-address-family AAA (local auth), Telnet, SSH no aaa new-model ! alternative cofiguration with aaa new-models can be used also username grp2 password cisco enable password cisco ip domain name sps.local ! needed for RSA key generation crypto key generate rsa ! in exec mode; needed to start ssh server access-list 1 permit any line vty 0 4 access-class 1 in vrf-also login local transport input telnet ssh Useful troubleshooting commands with „unusual“ syntax sh ospfv3 vrf MGMT neighbor sh ip bgp, sh bgp ipv6 unicast clear ospfv3 1 vrf MGMT proces clear clns neighbor clear bgp * all <AS> resets all neighbors in <AS>, all AFs sh ip ospf database sh ospfv3 [vrf MGMT] database sh ip eigrp topology sh ipv6 eigrp topology sh control-plane host open-ports -> listening ports sh tcp brief – currently open TCP connections to/from a network device telnet x.x.x.x /vrf MGMT telnet 2001:AAAA:2222:FFFF::5 /vrf MGMT /ipv6 ssh -l grp2 -vrf MGMT 44.2.255.5 ! may take approx. 10 secs to show devices’ prompt, no ip domain-lookup does not help ssh -l grp2 -vrf MGMT 2001:AAAA:2222:FFFF::5 ! may take approx. 10 secs to show devices’ prompt, no ip domain-lookup does not help
© Copyright 2026 Paperzz