Template Rtr1

hostname (nama bank)-TLK-1
!
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
no aaa new-model
clock timezone WIB 7 0
!
!
!
!
!
!
!
!
!
!
!
no ip domain lookup
ip domain name xnet.corp.bi.go.id
!
!
!
ip wccp 61 redirect-list FROM-BANK
ip wccp 62 redirect-list TO-BANK
!
!
!
!
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
flow record RECORD
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect counter bytes long
collect counter packets long
!
!
flow exporter EXPORTER-1
destination 0.0.0.0
!
!
flow monitor FLOW-MONITOR-1
exporter EXPORTER-1
record RECORD
flow exporter NETFLOW
destination 172.100.100.1
source Loopback0
transport udp 2055
export-protocol netflow-v5
!
!
flow exporter SOLARWINDS
source GigabitEthernet0/0/0
transport udp 2055
export-protocol netflow-v5
!
!
flow exporter Netflow-to-Orion
transport udp 2055
!
!
flow monitor FLOW-MONITOR-1
exporter EXPORTER-1
record RECORD
!
!
flow monitor Netflow-Monitor-In
exporter Netflow-to-Orion
cache timeout inactive 10
cache timeout active 60
record Netflow-In
!
!
flow monitor Netflow-Monitor-Out
exporter Netflow-to-Orion
cache timeout inactive 10
cache timeout active 60
record Netflow-Out
!
!
!
!
key chain KEY-EIGRP
key 1
key-string XN3T-BI-TLKM
!
!
!
spanning-tree extend system-id
!
username cisco privilege 15 secret tlk@admin
enable secret tlk@admin
!
ip ssh time-out 60
ip ssh version 2
!
crypto key generate rsa modulus 2048 general-keys
!
redundancy
mode none
!
!
!
!
!
vlan internal allocation policy ascending
!
!
class-map match-any QOS-RTGS2-CM
match access-group name QOS-RTGS2-ACL
class-map match-any QOS-SKN-CM
match access-group name QOS-SKN-ACL
class-map match-any QOS-ROUTING-CM
match access-group name QOS-ROUTING-ACL
class-map match-any PREC-3
match ip precedence 3
!
!
policy-map QOS-MANAGE-TLK
class PREC-2
shape average 256000
queue-limit 256000 packets
class PREC-3
class PREC-5
class class-default
policy-map QOS-CHECK-TLK
class PREC-5
class PREC-3
class PREC-2
class class-default
policy-map QOS-MARK-PREC
class QOS-SKN-CM
set ip precedence 2
class QOS-RTGS2-CM
set ip precedence 3
class QOS-ROUTING-CM
set ip precedence 5
!
!
!
!
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
lifetime 43200
crypto isakmp key (*xn3t*) address 0.0.0.0
!
!
crypto ipsec transform-set BANK-TRANSFORM esp-aes esp-sha-hmac
mode transport
crypto ipsec df-bit clear
!
crypto ipsec profile VPN-XNET
set transform-set BANK-TRANSFORM
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 172.26.x.119 255.255.255.255
!
interface Loopback1
ip address 172.26.x.120 255.255.255.255
!
interface Loopback2
ip address 172.26.x.121 255.255.255.255
!
interface Loopback3
ip address 172.26.x.122 255.255.255.255
!
interface Tunnel1
bandwidth www
ip address 172.27.0.x 255.255.252.0
no ip redirects
ip mtu 1400
ip wccp 62 redirect in
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 KEY-EIGRP
ip nhrp authentication cisco
ip nhrp map multicast 172.27.255.125
ip nhrp map 172.27.3.254 172.27.255.125
ip nhrp network-id 100001
ip nhrp holdtime 600
ip nhrp nhs 172.27.3.254
ip tcp adjust-mss 1360
load-interval 30
delay 1000
qos pre-classify
tunnel source Loopback0
tunnel mode gre multipoint
tunnel key 100001
tunnel protection ipsec profile VPN-XNET
!
interface Tunnel2
bandwidth www
ip address 172.27.4.x 255.255.252.0
no ip redirects
ip mtu 1400
ip nhrp map 172.27.7.254 172.27.255.126
ip nhrp nhs 172.27.7.254
load-interval 30
delay 3000
qos pre-classify
tunnel key 100002
!
interface Tunnel3
bandwidth www
ip address 172.27.8.x 255.255.252.0
no ip redirects
ip mtu 1400
ip nhrp map 172.27.11.254 172.27.255.253
ip nhrp nhs 172.27.11.254
delay 5000
qos pre-classify
tunnel key 100003
!
interface Tunnel4
bandwidth www
ip address 172.27.12.x 255.255.252.0
no ip redirects
ip mtu 1400
ip nhrp map 172.27.15.254 172.27.255.254
ip nhrp nhs 172.27.15.254
load-interval 30
delay 7000
qos pre-classify
tunnel key 100004

!
!
interface VirtualPortGroup31
ip unnumbered Vlan10
no mop enabled
no mop sysid
!
interface GigabitEthernet0/0/0
description WAN
bandwidth www
ip address 172.16.X.Y 255.255.255.252
ip flow monitor Netflow-Monitor-In input
ip flow monitor Netflow-Monitor-Out output
negotiation auto
service-insertion waas
service-policy input QOS-CHECK-TLK
service-policy output QOS-MANAGE-TLK
!
no ip address
negotiation auto
!
no ip address
negotiation auto
!
description INTERCONNECT
switchport mode trunk
!
description LAN-BANK
switchport access vlan 81
switchport mode access
!
!
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
negotiation auto
!
vlan 10
name WAAS
!
vlan 81
name LAN-BANK
!
interface Vlan1
no ip address
!
interface Vlan10
description WAAS
ip address 172.26.x.10 255.255.255.248
standby 1 ip 172.26.x.9
standby 1 priority 110

standby 1 preempt
!
interface Vlan81
description LAN-BANK
ip address 172.26.x.2 255.255.255.248
ip flow monitor FLOW-MONITOR-1 input
ip flow monitor FLOW-MONITOR-1 output
standby 1 ip 172.26.x.1
standby 1 priority 110
standby 1 preempt
ip policy route-map ClearDFBit
service-policy input QOS-MARK-PREC
!
!
!
router eigrp 1
distribute-list TO-EIGRP out Tunnel1
distribute-list Originated-SelfRoute in Tunnel1
network 172.27.0.0 0.0.3.255
network 172.27.4.0 0.0.3.255
network 172.27.8.0 0.0.3.255
network 172.27.12.0 0.0.3.255
redistribute static route-map STATIC-TO-EIGRP
offset-list LAN-BANK out 1000
distance eigrp 18 19
!
router bgp 65xxx
bgp router-id 172.26.x.119
bgp log-neighbor-changes
network 172.16.x.y mask 255.255.255.252
network 172.25.x.0 mask 255.255.255.192
network 172.25.x.224 mask 255.255.255.248
network 172.25.x.232 mask 255.255.255.248
network 172.25.x.254 mask 255.255.255.255
network 172.26.x.0 mask 255.255.255.248
network 172.26.x.8 mask 255.255.255.248
network 172.26.x.119 mask 255.255.255.255
network 172.26.x.120 mask 255.255.255.255
network 172.26.x.121 mask 255.255.255.255
network 172.26.x.122 mask 255.255.255.255
network 172.26.x.123 mask 255.255.255.255
network 172.26.x.124 mask 255.255.255.255
network 172.26.x.125 mask 255.255.255.255
network 172.26.x.126 mask 255.255.255.255
timers bgp 20 60
neighbor 172.16.x.v remote-as 17974
neighbor 172.16.x.v send-community
neighbor 172.16.x.v soft-reconfiguration inbound
neighbor 172.16.x.v route-map XNET-IN in
neighbor 172.16.x.v route-map XNET-OUT out
neighbor 172.26.x.123 remote-as 65xxx
neighbor 172.26.x.123 update-source Loopback0
neighbor 172.26.x.123 next-hop-self

neighbor 172.26.x.123 soft-reconfiguration inbound
!
!
!
ip forward-protocol nd
no ip http server
no ip http secure-server
ip route 172.25.x.0 255.255.255.192 172.26.x.4 name Pelaporan
ip route 172.25.x.224 255.255.255.248 172.26.x.4 name SKN
ip route 172.25.x.232 255.255.255.248 172.26.x.4 name RTGS2
ip route 172.25.x.254 255.255.255.255 172.26.x.4 name Sismontavar
ip route 172.26.x.12 255.255.255.255 VirtualPortGroup30
ip route 172.26.x.123 255.255.255.255 172.26.x.3
ip ssh time-out 60
ip ssh version 2
!
!
ip access-list standard LAN-BANK
permit 172.25.x.254 0.0.0.0
permit 172.25.x.224 0.0.0.7
permit 172.25.x.232 0.0.0.7
permit 172.25.x.0 0.0.0.63
ip access-list standard Originated-SelfRoute
permit 192.168.32.0 0.0.0.255
permit 192.168.96.0 0.0.0.255
ip access-list standard TO-EIGRP
permit 172.25.x.254
permit 172.25.x.224 0.0.0.7
permit 172.25.x.232 0.0.0.7
permit 172.25.x.0 0.0.0.63
!
ip access-list extended FROM-BANK
permit ip 172.25.x.0 0.0.0.255 192.168.32.0 0.0.0.255
permit ip 172.25.x.0 0.0.0.255 192.168.96.0 0.0.0.255
ip access-list extended QOS-ROUTING-ACL
remark BGP
permit tcp any any eq bgp
permit tcp any eq bgp any
remark EIGRP
permit eigrp any any
permit esp any any
permit gre any any
permit udp any any eq isakmp
remark Remote
permit tcp any any eq 22
permit tcp any any eq telnet
remark Monitoring
permit udp any any eq 2055
permit tcp any any eq 1985
permit udp any any eq 1985
permit icmp any any
permit ahp any any
permit pim any any
permit udp any any eq ntp
ip access-list extended QOS-RTGS2-ACL
permit ip any host 192.168.32.38
permit
permit
permit
permit
permit
permit
permit
permit
permit
permit
permit
permit
permit
permit
permit
permit
permit
permit
permit
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
any
any
any
any
any
any
any
any
any
any
any
any
any
any
any
any
any
any
any
host
host
host
host
host
host
host
host
host
host
host
host
host
host
host
host
host
host
host
192.168.32.39
192.168.32.40
192.168.32.41
192.168.32.42
192.168.32.43
192.168.32.44
192.168.32.45
192.168.32.46
192.168.32.47
192.168.96.38
192.168.96.39
192.168.96.40
192.168.96.41
192.168.96.42
192.168.96.43
192.168.96.44
192.168.96.45
192.168.96.46
192.168.96.47
ip access-list extended QOS-SKN-ACL

permit ip any 192.168.32.48 0.0.0.7
permit ip any 192.168.96.48 0.0.0.7
permit ip 172.25.x.224 0.0.0.7 host
permit ip 172.25.x.224 0.0.0.7 host
permit ip 172.25.x.224 0.0.0.7 host
permit ip 172.25.x.224 0.0.0.7 host
permit ip 172.25.x.224 0.0.0.7 host
permit ip 172.25.x.224 0.0.0.7 host
permit ip 172.25.x.224 0.0.0.7 host
permit ip 172.25.x.224 0.0.0.7 host
permit ip 172.25.x.224 0.0.0.7 host
permit ip 172.25.x.224 0.0.0.7 host
permit ip 172.25.x.224 0.0.0.7 host
permit ip 172.25.x.224 0.0.0.7 host
192.168.32.7
192.168.32.8
192.168.32.9
192.168.96.7
192.168.96.8
192.168.96.9
192.168.32.245
192.168.32.249
192.168.32.250
192.168.96.245
192.168.96.249
192.168.96.250
ip access-list extended FILTER-TELKOM-RTGS-ACL

deny ip 172.25.x.208 0.0.0.7 192.168.32.48 0.0.0.7
deny ip 172.25.x.208 0.0.0.7 192.168.96.48 0.0.0.7
deny ip 172.25.x.216 0.0.0.7 192.168.32.32 0.0.0.15
deny ip 172.25.x.216 0.0.0.7 192.168.96.32 0.0.0.15
deny ip 172.25.x.224 0.0.0.7 192.168.32.48 0.0.0.7
deny ip 172.25.x.224 0.0.0.7 192.168.96.48 0.0.0.7
permit ip any any
ip access-list extended FILTER-TELKOM-RTGS-SKN-ACL
deny ip 172.25.x.208 0.0.0.7 192.168.32.48 0.0.0.7
deny ip 172.25.x.208 0.0.0.7 192.168.96.48 0.0.0.7
deny ip 172.25.x.216 0.0.0.7 192.168.32.32 0.0.0.15
deny ip 172.25.x.216 0.0.0.7 192.168.96.32 0.0.0.15
permit ip any any
ip access-list extended FILTER-TELKOM-PELAPORAN-ACL
deny ip 172.25.x.208 0.0.0.7 192.168.32.48 0.0.0.7
deny ip 172.25.x.208 0.0.0.7 192.168.96.48 0.0.0.7
deny ip 172.25.x.216 0.0.0.7 192.168.32.32 0.0.0.15
deny ip 172.25.x.216 0.0.0.7 192.168.96.32 0.0.0.15
deny ip 172.25.x.224 0.0.0.7 192.168.32.48 0.0.0.7
deny ip 172.25.x.224 0.0.0.7 192.168.96.48 0.0.0.7
deny ip 172.25.x.232 0.0.0.7 192.168.32.32 0.0.0.15
deny ip 172.25.x.232 0.0.0.7 192.168.96.32 0.0.0.15

permit ip any any
ip access-list extended SN_OR_WCM
permit tcp host 172.26.x.12 any
permit tcp any host 172.26.x.12
permit tcp host 172.27.255.4 any
permit tcp any host 172.27.255.4
ip access-list extended TO-BANK
permit ip 192.168.32.0 0.0.0.255 172.25.x.0 0.0.0.255
permit ip 192.168.96.0 0.0.0.255 172.25.x.0 0.0.0.255
!
ip
ip
ip
ip
!
ip
ip
ip
ip
ip
!
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
prefix-list
prefix-list
prefix-list
prefix-list
PREFIX-STATIC
PREFIX-STATIC
PREFIX-STATIC
PREFIX-STATIC
permit
permit
permit
permit
172.25.x.224/29
172.25.x.232/29
172.25.x.0/26
172.25.x.254/32
prefix-list
prefix-list
prefix-list
prefix-list
prefix-list
PREFIX-XNET-IN
PREFIX-XNET-IN
PREFIX-XNET-IN
PREFIX-XNET-IN
PREFIX-XNET-IN
prefix-list
prefix-list
prefix-list
prefix-list
prefix-list
prefix-list
prefix-list
prefix-list
prefix-list
PREFIX-XNET-OUT
PREFIX-XNET-OUT
PREFIX-XNET-OUT
PREFIX-XNET-OUT
PREFIX-XNET-OUT
PREFIX-XNET-OUT
PREFIX-XNET-OUT
PREFIX-XNET-OUT
PREFIX-XNET-OUT
permit
permit
permit
permit
permit
permit
permit
permit
permit
172.16.16.v/30
172.26.x.119/32
172.26.x.120/32
172.26.x.121/32
172.26.x.122/32
172.26.x.123/32
172.26.x.124/32
172.26.x.125/32
172.26.x.126/32
prefix-list
prefix-list
prefix-list
prefix-list
prefix-list
prefix-list
prefix-list
PREFIX-XNET-OUT
PREFIX-XNET-OUT
PREFIX-XNET-OUT
PREFIX-XNET-OUT
PREFIX-XNET-OUT
PREFIX-XNET-OUT
PREFIX-XNET-OUT
permit
permit
permit
permit
permit
permit
permit
172.26.x.0/29
172.26.x.8/29
172.25.x.224/29
172.25.x.232/29
172.25.x.254/32
172.25.x.0/26 le 32
172.26.x.0/24 le 32
permit
permit
permit
permit
permit
172.27.255.0/24 le 32
192.168.32.0/24
192.168.96.0/24
172.16.8.32/30
172.16.6.0/30
!
route-map ClearDFBit permit 10
match ip address LAN-BANK
set ip df 0
!
route-map XNET-IN permit 10
match ip address prefix-list PREFIX-XNET-IN
set local-preference 500
!
route-map STATIC-TO-EIGRP permit 10
match ip address prefix-list PREFIX-STATIC
!
route-map XNET-OUT permit 10
match ip address prefix-list PREFIX-XNET-OUT
set community 65xxx:100
!
snmp-server community %BI-TELKOM% RO
snmp ifmib ifindex persist

snmp-server trap-source Loopback0
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server host 192.168.32.246 %BI-TELKOM%
snmp-server host 192.168.32.247 %BI-TELKOM%
!
!
control-plane
!
banner motd ^C-----------------------------------------------------------------------WARNING: Unauthorized access to this system is forbidden and will be
prosecuted by law. By accessing this system, you agree that your
actions may be monitored if unauthorized usage is suspected.
-------------------------------------------------------------------------^C
!
!
line con 0
logging synchronous
login local
stopbits 1
line aux 0
stopbits 1
line vty 0 4
logging synchronous
login local
transport preferred none
transport input telnet ssh
transport output telnet ssh
line vty 5 15
logging synchronous
login local
transport preferred none
transport input telnet ssh
transport output telnet ssh
!
!
!
ntp source Loopback0
ntp server 172.27.255.125
ntp server 172.27.255.126 prefer
!
end

Template Rtr1

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Template Rtr1

Transféré par

Droits d'auteur :

Formats disponibles

hostname (nama bank)-TLK-1

tunnel key 100004

standby 1 priority 110

neighbor 172.26.x.123 next-hop-self

ip access-list extended QOS-SKN-ACL

ip access-list extended FILTER-TELKOM-RTGS-ACL

deny ip 172.25.x.232 0.0.0.7 192.168.96.32 0.0.0.15

snmp ifmib ifindex persist

Vous aimerez peut-être aussi