Vous êtes sur la page 1sur 24

##Please issue below interim license configuration, if required

license feature port onegig 1


no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
service unsupported-transceiver
no platform punt-keepalive disable-kernel-core
ztp disable
no service config
platform tcam-threshold enable ucastv6 70
!
!
hostname AMBDNKOLESR023
!
boot-start-marker
boot system bootflash:asr920-universalk9_npe.V156_2_SP_SR682897525_5.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition RJIL-BEARER-ENB
description *** FOR BEARER LTE SERVICES ***
rd 172.19.228.193:2
route-target export 64730:105
route-target export 64740:5001
route-target import 64730:10501
route-target import 64740:5001
!
address-family ipv6
exit-address-family
!
vrf definition RJIL-IME
description *** FOR IME SERVICES ***
rd 172.19.228.193:6
route-target export 64760:105
route-target import 64760:10501
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition RJIL-IP-MGMT
description *** For Out-of-Band management ***
rd 172.19.228.193:29
!
address-family ipv4
route-target export 64820:105
route-target import 64820:10501
route-target export 64820:99
route-target import 64820:99
exit-address-family
!
address-family ipv6
route-target export 64820:105
route-target import 64820:10501
exit-address-family
!
vrf definition RJIL-OAM-ENB
description *** FOR O&M LTE SERVICES ***
rd 172.19.228.193:3
route-target export 64720:105
route-target import 64720:10501
!
address-family ipv6
exit-address-family
!
vrf definition RJIL-SIGNALING-ENB
description *** FOR SIGNALLING LTE SERVICES ***
rd 172.19.228.193:1
route-target export 64710:105
route-target import 64710:10501
!
address-family ipv6
exit-address-family
!
vrf definition RJIL-WIFI-CISCO
description *** FOR CISCO WIFI SERVICES ***
rd 172.19.228.193:4
route-target export 64750:105
route-target import 64750:10501
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
logging buffered 65536 informational
logging trap informational
no logging console
no logging monitor
enable secret rjil123
!
aaa new-model
!
!
aaa group server tacacs+ ACSSERVER
ip vrf forwarding RJIL-IP-MGMT
ip tacacs source-interface Loopback999
server name TACACS1
server name TACACS2
!
aaa authentication login AAA-CONSOLE-LOCAL group ACSSERVER local
aaa authentication login AAA-VTY-ACS group ACSSERVER local
aaa authentication enable default group ACSSERVER enable
aaa authorization console
aaa authorization config-commands
aaa authorization exec AAA-VTY-ACS group ACSSERVER local
aaa authorization commands 1 AAA-VTY-ACS group ACSSERVER local
aaa authorization commands 15 AAA-VTY-ACS group ACSSERVER local
aaa authorization commands 10 default none
aaa accounting update newinfo
aaa accounting exec default start-stop group ACSSERVER
aaa accounting commands 1 default start-stop group ACSSERVER
aaa accounting commands 15 default start-stop group ACSSERVER
aaa accounting connection default start-stop group ACSSERVER
aaa accounting system default start-stop group ACSSERVER
!
!
!
!
!
aaa session-id common
aaa password restriction
process cpu threshold type total rising 80 interval 30
process cpu statistics limit entry-percentage 80 size 86400
clock timezone IST 5 30
facility-alarm critical exceed-action shutdown
!
!
!
!
!
!
!
!
!
!
no ip source-route
!
no ip bootp server
no ip domain lookup
ip domain name INFRA.JIO.COM
!
!
ip multicast route-limit 8000
ip dhcp bootp ignore
!
!
login block-for 30 attempts 5 within 30
login delay 2
login quiet-mode access-class MGMT-VTY-IPv6
!
login on-failure log
login on-success log
no ipv6 source-route
ipv6 nd cache interface-limit 50 log 1
ipv6 unicast-routing
ipv6 multicast-routing
!
!
!
ipv6 icmp error-interval 50 20
!
!
memory reserve critical 2000
memory free low-watermark processor 5000
!
mpls label protocol ldp
mpls ldp password option 10 for MPLS-LDP-IPv4 R4G_LdP_P33r.2O14
mpls ldp graceful-restart
mpls ldp session protection
mpls ldp igp sync holddown 2000
mpls ldp discovery targeted-hello accept
!
!
multilink bundle-name authenticated
!
key chain ISIS-KEY
key 1
key-string R4G_IsIs_P33r.2O14
accept-lifetime 01:00:00 Jan 1 2014 infinite
send-lifetime 01:00:00 Jan 1 2014 infinite
!
license feature port bulk
license feature ptp
license feature port onegig 1
license accept end user agreement
license boot level advancedmetroipaccess
archive
log config
logging enable
logging size 200
notify syslog contenttype plaintext
hidekeys
!
!
sdm prefer default
!
mac-address-table limit bdomain 101 maximum 20
mac-address-table limit bdomain 102 maximum 20
mac-address-table limit bdomain 103 maximum 20
mac-address-table limit bdomain 104 maximum 20
mac-address-table limit bdomain 350 maximum 20
mac-address-table limit bdomain 351 maximum 20
mac-address-table limit bdomain 352 maximum 20
mac-address-table limit bdomain 353 maximum 20
mac-address-table limit bdomain 354 maximum 20
mac-address-table limit bdomain 355 maximum 20
mac-address-table limit bdomain 550 maximum 20
mac-address-table limit bdomain 551 maximum 20
mac-address-table limit bdomain 552 maximum 20
mac-address-table limit bdomain 553 maximum 20
mac-address-table limit bdomain 901 maximum 20
mac-address-table limit bdomain 951 maximum 20
!
username rjil privilege 15 secret Rjil123
!
!
!
bfd-template single-hop FIBRE
interval microseconds min-tx 50000 min-rx 50000 multiplier 3
!
!
ip ftp source-interface Loopback999
ip tftp source-interface Loopback999
ip ssh source-interface Loopback999
!
!
ip ssh time-out 60
ip ssh version 2
ip ssh dscp 18
ip ssh authentication-retries 3
!
no ip finger
no service tcp-small-server
no service udp-small-server
no lldp run
cdp run
!
class-map match-any QOS-SIGNALING-QGRP
match qos-group 7
class-map match-any QOS-OAM-DSCP
match dscp cs2
class-map match-any QOS-CONTROL-DSCP
match dscp cs6
class-map match-any QOS-VOICE-QGRP
match qos-group 5
class-map match-any QOS-SIGNALING-DSCP
match dscp cs5
class-map match-any QOS-OAM-QGRP
match qos-group 2
class-map match-any QOS-IPTV-EXP
match mpls experimental topmost 4
class-map match-any QOS-CONTROL-QGRP
match qos-group 6
class-map match-any QOS-VOICE-DSCP
match dscp ef cs7
class-map match-any QOS-INT-PREMIUM-EXP
match mpls experimental topmost 1
class-map match-any QOS-HOSTED-AV-SMARTSCHEDULER-EXP
match mpls experimental topmost 3
class-map match-any QOS-IPTV-QGRP
match qos-group 4
class-map match-any QOS-OAM-EXP
match mpls experimental topmost 2
class-map match-any QOS-CONTROL-EXP
match mpls experimental topmost 6
match ip precedence 6
class-map match-any QOS-IPTV-DSCP
match dscp af31 af41
class-map match-all QOS-VOICE-EXP
match mpls experimental topmost 5
class-map match-any QOS-SIGNALING-EXP
match mpls experimental topmost 7
class-map match-any QOS-HOSTED-AV-SMARTSCHEDULER-QGRP
match qos-group 3
class-map match-any QOS-INT-PREMIUM-DSCP
match dscp af22
class-map match-any QOS-HOSTED-AV-SMARTSCHEDULER-DSCP
match dscp af32
class-map match-any QOS-INT-PREMIUM-QGRP
match qos-group 1
!
policy-map RJIL-QOS-NTWK-NNI-OUT-MW-500-CHILD
class QOS-VOICE-QGRP
priority level 1
police cir percent 25
set mpls experimental topmost 5
queue-limit 250000 bytes
class QOS-SIGNALING-QGRP
priority level 2
police cir percent 5
set mpls experimental topmost 7
queue-limit 250000 bytes
class QOS-CONTROL-QGRP
bandwidth percent 1
set mpls experimental topmost 6
queue-limit 500000 bytes
class QOS-IPTV-QGRP
bandwidth percent 20
set mpls experimental topmost 4
queue-limit 250000 bytes
class QOS-HOSTED-AV-SMARTSCHEDULER-QGRP
bandwidth percent 10
set mpls experimental topmost 3
queue-limit 500000 bytes
class QOS-OAM-QGRP
bandwidth percent 5
set mpls experimental topmost 2
queue-limit 500000 bytes
class QOS-INT-PREMIUM-QGRP
bandwidth percent 16
set mpls experimental topmost 1
queue-limit 500000 bytes
class class-default
bandwidth percent 18
set mpls experimental topmost 0
queue-limit 500000 bytes
policy-map RJIL-QOS-NTWK-NNI-OUT-MW-500
class class-default
shape average 450000000
service-policy RJIL-QOS-NTWK-NNI-OUT-MW-500-CHILD
policy-map RJIL-QOS-NTWK-NNI-OUT-MW-250-CHILD
class QOS-VOICE-QGRP
priority level 1
police cir percent 25
set mpls experimental topmost 5
queue-limit 125000 bytes
class QOS-SIGNALING-QGRP
priority level 2
police cir percent 5
set mpls experimental topmost 7
queue-limit 125000 bytes
class QOS-CONTROL-QGRP
bandwidth percent 1
set mpls experimental topmost 6
queue-limit 250000 bytes
class QOS-IPTV-QGRP
bandwidth percent 20
set mpls experimental topmost 4
queue-limit 125000 bytes
class QOS-HOSTED-AV-SMARTSCHEDULER-QGRP
bandwidth percent 10
set mpls experimental topmost 3
queue-limit 250000 bytes
class QOS-OAM-QGRP
bandwidth percent 5
set mpls experimental topmost 2
queue-limit 250000 bytes
class QOS-INT-PREMIUM-QGRP
bandwidth percent 16
set mpls experimental topmost 1
queue-limit 500000 bytes
class class-default
bandwidth percent 18
set mpls experimental topmost 0
queue-limit 500000 bytes
policy-map RJIL-QOS-WAP-UNI-OUT-PARENT
class QOS-VOICE-QGRP
priority level 1
police cir percent 25
class QOS-SIGNALING-QGRP
priority level 2
police cir percent 5
class QOS-CONTROL-QGRP
bandwidth percent 1
class QOS-IPTV-QGRP
bandwidth percent 20
class QOS-HOSTED-AV-SMARTSCHEDULER-QGRP
bandwidth percent 10
class QOS-OAM-QGRP
bandwidth percent 5
class QOS-INT-PREMIUM-QGRP
bandwidth percent 16
class class-default
bandwidth percent 18
policy-map RJIL-QOS-NTWK-NNI-OUT-MW-250
class class-default
shape average 230000000
service-policy RJIL-QOS-NTWK-NNI-OUT-MW-250-CHILD
policy-map RJIL-QOS-NTWK-NNI-OUT-PARENT
class QOS-VOICE-QGRP
priority level 1
police cir percent 25
set mpls experimental topmost 5
class QOS-SIGNALING-QGRP
priority level 2
police cir percent 5
set mpls experimental topmost 7
class QOS-CONTROL-QGRP
bandwidth percent 1
set mpls experimental topmost 6
class QOS-IPTV-QGRP
bandwidth percent 20
set mpls experimental topmost 4
class QOS-HOSTED-AV-SMARTSCHEDULER-QGRP
bandwidth percent 10
set mpls experimental topmost 3
class QOS-OAM-QGRP
bandwidth percent 5
set mpls experimental topmost 2
class QOS-INT-PREMIUM-QGRP
bandwidth percent 16
set mpls experimental topmost 1
class class-default
bandwidth percent 18
set mpls experimental topmost 0
policy-map RJIL-QOS-IME-UNI-IN-PARENT
class class-default
set qos-group 2
police 1000000
policy-map RJIL-QOS-ENB-UNI-OUT-PARENT
class QOS-VOICE-QGRP
priority level 1
police cir percent 25
class QOS-SIGNALING-QGRP
priority level 2
police cir percent 5
class QOS-CONTROL-QGRP
bandwidth percent 1
class QOS-IPTV-QGRP
bandwidth percent 20
class QOS-HOSTED-AV-SMARTSCHEDULER-QGRP
bandwidth percent 10
class QOS-OAM-QGRP
bandwidth percent 5
class QOS-INT-PREMIUM-QGRP
bandwidth percent 16
class class-default
bandwidth percent 18
policy-map RJIL-QOS-WAP-UNI-IN-CHILD
class QOS-VOICE-DSCP
set qos-group 5
class QOS-CONTROL-DSCP
set qos-group 6
class QOS-IPTV-DSCP
set qos-group 4
class QOS-HOSTED-AV-SMARTSCHEDULER-DSCP
set qos-group 3
class QOS-OAM-DSCP
set qos-group 2
class QOS-INT-PREMIUM-DSCP
set qos-group 1
class QOS-SIGNALING-DSCP
set qos-group 7
class class-default
policy-map RJIL-QOS-ENB-UNI-IN-CHILD
class QOS-VOICE-DSCP
set qos-group 5
class QOS-CONTROL-DSCP
set qos-group 6
class QOS-IPTV-DSCP
set qos-group 4
class QOS-HOSTED-AV-SMARTSCHEDULER-DSCP
set qos-group 3
class QOS-OAM-DSCP
set qos-group 2
class QOS-INT-PREMIUM-DSCP
set qos-group 1
class QOS-SIGNALING-DSCP
set qos-group 7
class class-default
policy-map RJIL-QOS-ENB-UNI-IN-PARENT
class class-default
police 100000000
service-policy RJIL-QOS-ENB-UNI-IN-CHILD
policy-map RJIL-QOS-WAP-UNI-IN-PARENT
class class-default
police 100000000
service-policy RJIL-QOS-WAP-UNI-IN-CHILD
policy-map RJIL-QOS-NTWK-NNI-IN-PARENT
class QOS-VOICE-EXP
set qos-group 5
class QOS-SIGNALING-EXP
set qos-group 7
class QOS-CONTROL-EXP
set qos-group 6
class QOS-IPTV-EXP
set qos-group 4
class QOS-HOSTED-AV-SMARTSCHEDULER-EXP
set qos-group 3
class QOS-OAM-EXP
set qos-group 2
class QOS-INT-PREMIUM-EXP
set qos-group 1
class class-default
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description ## AMBDNKOLESR023-CORE-MGMT-LPBK ##
ip address 172.19.228.193 255.255.255.255
no ip redirects
no ip unreachables
no ip proxy-arp
no ip mask-reply
ipv6 address 2405:200:201:701:172:19:228:193/128
isis tag 10
!
interface Loopback999
description *** Loopback interface for management ***
vrf forwarding RJIL-IP-MGMT
ip address 172.19.228.193 255.255.255.255
no ip redirects
no ip unreachables
no ip proxy-arp
ipv6 address 2405:200:204:0107:172:19:228:193/128
no ipv6 redirects
no ipv6 unreachables
!
interface GigabitEthernet0/0/0
description # SMPS #
dampening
mtu 9216
no ip address
load-interval 30
no shutdown
no cdp enable
negotiation auto
service-policy input RJIL-QOS-IME-UNI-IN-PARENT
service instance 951 ethernet
description # IME-Utilities #
encapsulation untagged
bridge-domain 951
!
!
interface GigabitEthernet0/0/1
description # SMPS #
dampening
mtu 9216
no ip address
load-interval 30
no shutdown
no cdp enable
negotiation auto
service-policy input RJIL-QOS-IME-UNI-IN-PARENT
service instance 951 ethernet
description # IME-Utilities #
encapsulation untagged
bridge-domain 951
!
!
interface GigabitEthernet0/0/2
description # ACCESS CONTROL #
dampening
mtu 9216
no ip address
load-interval 30
no shutdown
no cdp enable
negotiation auto
service-policy input RJIL-QOS-IME-UNI-IN-PARENT
service instance 951 ethernet
description # IME-Utilities #
encapsulation untagged
bridge-domain 951
!
!
interface GigabitEthernet0/0/3
no ip address
shutdown
negotiation auto
!
!
interface GigabitEthernet0/0/4
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/5
description # To eNode-B #
dampening
mtu 9216
no ip address
load-interval 30
no shutdown
no cdp enable
negotiation auto
service-policy input RJIL-QOS-ENB-UNI-IN-PARENT
service-policy output RJIL-QOS-ENB-UNI-OUT-PARENT
service instance 101 ethernet
description # To eNode-B - R4G_Bearer #
encapsulation dot1q 101
rewrite ingress tag pop 1 symmetric
bridge-domain 101
!
service instance 102 ethernet
description # To eNode-B - R4G_Signalling #
encapsulation dot1q 102
rewrite ingress tag pop 1 symmetric
bridge-domain 102
!
service instance 103 ethernet
description # To eNode-B - R4G_R4G_o&m #
encapsulation dot1q 103
rewrite ingress tag pop 1 symmetric
bridge-domain 103
!
service instance 104 ethernet
description # Multicast #
encapsulation dot1q 104
rewrite ingress tag pop 1 symmetric
bridge-domain 104
!
!
interface GigabitEthernet0/0/6
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/7
description # TO-AMBDTHXLESR002-GigabitEthernet0/0/7-MW # #5138690 ##
dampening
mtu 9216
bandwidth 230000
no ip address
load-interval 30
no shutdown
cdp enable
carrier-delay up 2
carrier-delay down msec 0
negotiation auto
synchronous mode
service-policy input RJIL-QOS-NTWK-NNI-IN-PARENT
service-policy output RJIL-QOS-NTWK-NNI-OUT-MW-250
service instance 353 ethernet
description # Data Traffic #
encapsulation untagged
l2protocol peer cdp
bridge-domain 353
!
service instance 553 ethernet
description # Microwave Management #
encapsulation dot1q 553
rewrite ingress tag pop 1 symmetric
bridge-domain 553
!
!
interface GigabitEthernet0/0/8
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/9
no ip address
shutdown
negotiation auto
!
interface TenGigabitEthernet0/0/10
description # TO-AMBDVNGPESR002-TenGigabitEthernet0/0/11-Fiber ##5006466 ##
dampening
mtu 9216
mpls mtu 9216
no ip address
load-interval 30
no shutdown
cdp enable
negotiation auto
carrier-delay up 2
carrier-delay down msec 0
synchronous mode
service-policy input RJIL-QOS-NTWK-NNI-IN-PARENT
service-policy output RJIL-QOS-NTWK-NNI-OUT-PARENT
service instance 354 ethernet
description # Data Traffic #
encapsulation untagged
l2protocol peer cdp
bridge-domain 354
!
!
interface TenGigabitEthernet0/0/11
description # TO-AMBDNKOLPAR001-GigabitEthernet0/4/7-Fiber ##4873150 ##
dampening
mtu 9216
mpls mtu 9216
no ip address
load-interval 30
no shutdown
cdp enable
negotiation auto
carrier-delay up 2
carrier-delay down msec 0
synchronous mode
service-policy input RJIL-QOS-NTWK-NNI-IN-PARENT
service-policy output RJIL-QOS-NTWK-NNI-OUT-PARENT
service instance 355 ethernet
description # Data Traffic #
encapsulation untagged
l2protocol peer cdp
bridge-domain 355
!
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
interface BDI101
description # To eNode-B - R4G_Bearer #
vrf forwarding RJIL-BEARER-ENB
no ip address
no ip redirects
no ip mask-reply
no ip unreachables
no ip proxy-arp
ip mtu 9216
load-interval 30
no shutdown
ipv6 address 2405:200:107:100:3:2:101:9/126
ipv6 enable
ipv6 mtu 9216
no ipv6 redirects
no ipv6 unreachables
ipv6 traffic-filter INFRA-iACL-IPv6-LTE in
!
interface BDI102
description # To eNode-B - R4G_Signalling #
vrf forwarding RJIL-SIGNALING-ENB
no ip address
no ip redirects
no ip mask-reply
no ip unreachables
no ip proxy-arp
ip mtu 9216
load-interval 30
no shutdown
ipv6 address 2405:200:107:100:3:2:102:9/126
ipv6 enable
ipv6 mtu 9216
no ipv6 redirects
no ipv6 unreachables
ipv6 traffic-filter INFRA-iACL-IPv6-LTE in
!
interface BDI103
description # To eNode-B - R4G_R4G_o&m #
vrf forwarding RJIL-OAM-ENB
no ip address
no ip redirects
no ip mask-reply
no ip unreachables
no ip proxy-arp
ip mtu 9216
load-interval 30
no shutdown
ipv6 address 2405:200:107:100:3:2:103:9/126
ipv6 enable
ipv6 mtu 9216
ipv6 nd managed-config-flag
no ipv6 redirects
no ipv6 unreachables
ipv6 dhcp relay destination 2405:200:809:732::4
ipv6 traffic-filter INFRA-iACL-IPv6-LTE in
!
interface BDI104
description # Multicast #
no ip address
no ip redirects
no ip unreachables
no ip mask-reply
no ip proxy-arp
ip mtu 9216
load-interval 30
ipv6 enable
ipv6 mtu 9216
no ipv6 redirects
no ipv6 unreachables
ipv6 mld query-timeout 180
ipv6 mld query-interval 60
ipv6 mld access-group MCAST-BDR-IPv6
ipv6 pim hello-interval 10
no shut
!
interface BDI353
description # TO-AMBDTHXLESR002-GigabitEthernet0/0/7-MW #
ip address 10.69.242.184 255.255.255.254
ip helper-address 10.70.16.85
no ip redirects
no ip unreachables
no ip directed-broadcast
no ip mask-reply
no ip proxy-arp
ip mtu 9216
mpls mtu 9216
ip router isis RAN
load-interval 30
no shutdown
ipv6 address 2405:200:107:0:10:69:242:184/127
ipv6 address 2405:200:107:0:173:69:242:184/127
ipv6 enable
ipv6 mtu 9216
no ipv6 redirects
no ipv6 unreachables
ipv6 router isis RAN
mpls ip
mpls ldp igp sync delay 25
isis circuit-type level-2-only
isis network point-to-point
isis tag 20
!
interface BDI354
description # TO-AMBDVNGPESR002-TenGig0/0/11-Fiber #
ip address 10.69.85.201 255.255.255.254
ip helper-address 10.70.16.85
no ip redirects
no ip unreachables
no ip directed-broadcast
no ip mask-reply
no ip proxy-arp
ip mtu 9216
mpls mtu 9216
ip router isis RAN
load-interval 30
no shutdown
ipv6 address 2405:200:107:0:10:69:85:201/127
ipv6 enable
ipv6 mtu 9216
no ipv6 redirects
no ipv6 unreachables
ipv6 router isis RAN
mpls ip
mpls ldp igp sync delay 25
bfd template FIBRE
isis circuit-type level-2-only
isis network point-to-point
isis tag 20
isis bfd
!
interface BDI355
description # TO-AMBDNKOLPAR001-GigabitEthernet0/4/7-Fiber #
ip address 10.69.85.202 255.255.255.254
ip helper-address 10.70.16.85
no ip redirects
no ip unreachables
no ip directed-broadcast
no ip mask-reply
no ip proxy-arp
ip mtu 9216
mpls mtu 9216
ip router isis RAN
load-interval 30
no shutdown
ipv6 address 2405:200:107:0:10:69:85:202/127
ipv6 enable
ipv6 mtu 9216
no ipv6 redirects
no ipv6 unreachables
ipv6 router isis RAN
mpls ip
mpls ldp igp sync delay 25
bfd template FIBRE
isis circuit-type level-2-only
isis network point-to-point
isis tag 20
isis bfd
!
interface BDI553
description # Microwave Management #
vrf forwarding RJIL-IME
no ip redirects
no ip unreachables
no ip directed-broadcast
no ip mask-reply
no ip proxy-arp
ip mtu 9216
load-interval 30
no shutdown
ipv6 address 2405:200:107:100:3:2:553:239/125
ipv6 enable
ipv6 mtu 9216
no ipv6 redirects
no ipv6 unreachables
!
interface BDI951
description # IME-Utilities #
vrf forwarding RJIL-IME
ip address 10.210.201.145 255.255.255.248
no ip redirects
no ip unreachables
no ip directed-broadcast
no ip mask-reply
no ip proxy-arp
ip mtu 9216
load-interval 30
no shutdown
ipv6 mtu 9216
no ipv6 redirects
no ipv6 unreachables
!
router isis RAN
net 49.0003.1720.1922.8193.00
router-id Loopback0
is-type level-2-only
authentication mode md5 level-2
authentication key-chain ISIS-KEY level-2
metric-style wide
fast-flood 10
ip route priority high tag 5000
set-overload-bit on-startup 360
max-lsp-lifetime 65535
lsp-refresh-interval 65000
spf-interval 5 50 200
prc-interval 5 50 200
lsp-gen-interval 5 50 200
no hello padding
log-adjacency-changes
fast-reroute per-prefix level-2 all
fast-reroute remote-lfa level-2 mpls-ldp
microloop avoidance disable
passive-interface Loopback0
!
address-family ipv6
spf-interval 5 50 200
prc-interval 5 50 200
exit-address-family
mpls ldp sync
!
router bgp 55836
bgp router-id 172.19.228.193
bgp log-neighbor-changes
bgp graceful-restart restart-time 120
bgp graceful-restart stalepath-time 360
bgp graceful-restart
no bgp default ipv4-unicast
neighbor RJIL-AG1-IBGP-GRP peer-group
neighbor RJIL-AG1-IBGP-GRP remote-as 55836
neighbor RJIL-AG1-IBGP-GRP password R4G_BgPi_P33r.2O14
neighbor RJIL-AG1-IBGP-GRP update-source Loopback0
neighbor RJIL-AG1-IBGP-GRP-IPv6 peer-group
neighbor RJIL-AG1-IBGP-GRP-IPv6 remote-as 55836
neighbor RJIL-AG1-IBGP-GRP-IPv6 password R4G_BgPi_P33r.2O14
neighbor RJIL-AG1-IBGP-GRP-IPv6 update-source Loopback0
neighbor 172.22.224.76 peer-group RJIL-AG1-IBGP-GRP
neighbor 172.22.224.77 peer-group RJIL-AG1-IBGP-GRP
neighbor 2405:200:201:701:172:22:224:76 peer-group RJIL-AG1-IBGP-GRP-IPv6
neighbor 2405:200:201:701:172:22:224:77 peer-group RJIL-AG1-IBGP-GRP-IPv6
!
address-family ipv4
bgp nexthop trigger delay 0
neighbor RJIL-AG1-IBGP-GRP send-community
neighbor RJIL-AG1-IBGP-GRP send-label
network 172.19.228.193 mask 255.255.255.255 route-map CSR-COMM
neighbor 172.22.224.76 activate
neighbor 172.22.224.77 activate
exit-address-family
!
address-family vpnv4
bgp additional-paths select backup
bgp additional-paths install
bgp nexthop trigger delay 1
neighbor RJIL-AG1-IBGP-GRP send-community extended
neighbor 172.22.224.76 activate
neighbor 172.22.224.77 activate
exit-address-family
!
address-family ipv6
bgp nexthop trigger delay 1
network 2405:200:201:701:172:19:228:193/128 route-map CSR-COMM
neighbor RJIL-AG1-IBGP-GRP send-community
neighbor RJIL-AG1-IBGP-GRP send-label
neighbor 172.22.224.76 activate
neighbor 172.22.224.77 activate
exit-address-family
!
address-family vpnv6
bgp recursion host
bgp nexthop trigger delay 1
neighbor RJIL-AG1-IBGP-GRP send-community extended
neighbor 172.22.224.76 activate
neighbor 172.22.224.77 activate
exit-address-family
!
address-family ipv6 multicast
neighbor RJIL-AG1-IBGP-GRP-IPv6 route-map RJIL-DROP-ALL out
neighbor 2405:200:201:701:172:22:224:76 activate
neighbor 2405:200:201:701:172:22:224:77 activate
exit-address-family
!
address-family ipv6 vrf RJIL-BEARER-ENB
redistribute connected
import path selection all
import path limit 4
exit-address-family
!
address-family ipv4 vrf RJIL-IP-MGMT
redistribute connected
exit-address-family
!
address-family ipv6 vrf RJIL-IP-MGMT
redistribute connected
exit-address-family
!
address-family ipv4 vrf RJIL-IME
import path selection all
import path limit 4
redistribute connected
exit-address-family
!
address-family ipv6 vrf RJIL-IME
import path selection all
import path limit 4
redistribute connected
exit-address-family
!
address-family ipv6 vrf RJIL-OAM-ENB
redistribute connected
import path selection all
import path limit 4
exit-address-family
!
address-family ipv6 vrf RJIL-SIGNALING-ENB
redistribute connected
import path selection all
import path limit 4
exit-address-family
!
address-family ipv4 vrf RJIL-WIFI-CISCO
import path selection all
import path limit 4
redistribute connected
exit-address-family
!
address-family ipv6 vrf RJIL-WIFI-CISCO
redistribute connected
import path selection all
import path limit 4
exit-address-family
!
ip forward-protocol nd
!
ip bgp-community new-format
!
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 14400 requests 25
ip http session-module-list mylist IOX_Server,DISTRIB
ip http secure-active-session-modules mylist
!
!
!
ip access-list standard MGMT-SNMP-IPv4
deny any
!
!
ip access-list standard MGMT-VTY-IPv4
deny any
!
ip access-list standard NTP-ACL
permit 172.16.34.76
permit 172.16.34.77
!
!
ip access-list standard MPLS-LDP-IPv4
permit 172.16.0.0 0.15.255.255
!
ip access-list extended INFRA-iACL-IPv4-WiFi
remark Phase 1 a Anti-spoofing,Fragmentation,Attack Denies
remark Deny Fragments
deny tcp any 49.44.0.0 0.0.7.255 fragments
deny udp any 49.44.0.0 0.0.7.255 fragments
deny icmp any 49.44.0.0 0.0.7.255 fragments
deny tcp any any eq 5900
remark Deny access to RJIL Infrastructure devices
deny ip any 49.44.0.0 0.0.7.255
remark Deny special-use address sources.
remark See RFC 3330 for additional special-use addresses.
deny ip host 0.0.0.0 any
deny ip any 0.0.0.0 0.255.255.255
deny ip 0.0.0.0 0.255.255.255 any
deny ip host 255.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip any 127.0.0.0 0.255.255.255
deny ip 169.254.0.0 0.0.255.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip any 192.0.2.0 0.0.0.255
deny ip 192.18.0.0 0.1.255.255 any
deny ip any 192.18.0.0 0.1.255.255
deny ip 192.0.2.0 0.0.0.255 any
deny ip any 192.0.2.0 0.0.0.255
deny ip 192.0.0.0 0.0.0.255 any
deny ip any 192.0.0.0 0.0.0.255
deny ip 224.0.0.0 31.255.255.255 any
remark Deny RFC1918 space from entering AS
permit ip any 10.73.1.0 0.0.0.63
permit ip any 10.70.120.64 0.0.0.15
permit ip any host 172.16.92.209
permit ip any host 172.16.92.213
permit ip any 10.70.120.80 0.0.0.15
permit ip any 10.70.120.0 0.0.0.15
deny ip 192.168.0.0 0.0.255.255 any
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.16.0.0 0.15.255.255
deny ip any 192.168.0.0 0.0.255.255
remark See RFC5737
deny ip 198.51.100.0 0.0.0.255 any
deny ip any 198.51.100.0 0.0.0.255
deny ip 203.0.113.0 0.0.0.255 any
deny ip any 203.0.113.0 0.0.0.255
remark Deny RIL infrastructure space as a source of external packets
deny ip 49.44.0.0 0.0.7.255 any
remark Phase 2 a Explicit Permit
permit ip any any
!
ip sla responder
!
logging source-interface Loopback999 vrf RJIL-IP-MGMT
logging host ipv6 2405:0200:0809:651::30 vrf RJIL-IP-MGMT
logging host ipv6 2405:200:a10:fcd8:10:136:104:26 vrf RJIL-IP-MGMT
logging host ipv6 2405:200:A80:FD19:5DC:98E5:692C:2014 vrf RJIL-IP-MGMT
!
ipv6 mld state-limit 25000
!
route-map RJIL-DROP-ALL deny 10
!
route-map CSR-COMM permit 10
set community 64600:105
!
privilege exec all level 10 show
!
snmp-server community OnM4G@Ge0 RO ipv6 MGMT-SNMP-IPv6 MGMT-SNMP-IPv4
snmp-server trap-source Loopback999
snmp-server source-interface informs Loopback999
snmp-server queue-length 1000
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps isis
snmp-server enable traps ipsla
snmp-server enable traps memory bufferpeak
snmp-server enable traps fru-ctrl
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-
change inconsistency
snmp-server enable traps aaa_server
snmp-server enable traps mpls rfc ldp
snmp-server enable traps mpls ldp
snmp-server enable traps bulkstat collection transfer
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
snmp-server enable traps alarms informational
snmp-server enable traps netsync
snmp-server enable traps transceiver all
snmp-server enable traps mpls vpn
snmp-server enable traps mpls rfc vpn
snmp-server host 2405:200:809:2904:10:70:248:225 vrf RJIL-IP-MGMT version 2c
OnM4G@Ge0
snmp-server enable traps snmp authentication
snmp ifmib ifalias long
snmp ifmib ifindex persist
mpls ldp router-id Loopback0
!
tacacs server TACACS1
address ipv4 10.70.16.148
key Rjio@55836
tacacs server TACACS2
address ipv4 10.70.11.197
key Rjio@55836
!
ipv6 access-list INFRA-iACL-IPv6-LTE
deny ipv6 any 2405:200::/40 fragments
permit ipv6 2405:200::/40 any
permit ipv6 any 2405:200::/40
deny ipv6 2002:E000::/20 any
deny ipv6 2002:7F00::/24 any
deny ipv6 2002::/24 any
deny ipv6 2002:FF00::/24 any
deny ipv6 2002:A00::/24 any
deny ipv6 2002:AC10::/28 any
deny ipv6 2002:C0A8::/32 any
deny ipv6 host :: any
deny ipv6 host ::1 any
deny ipv6 ::/96 any
deny ipv6 ::FFFF:0.0.0.0/96 any
deny ipv6 ::/104 any
deny ipv6 3FFE::/16 any
remark Phase 1 a anti-spoofing and Fragmentation Denies
remark Deny Fragments
remark Permit RJIL ILL Customer
remark Deny access to RJIL Infrastructure devices
deny ipv6 any 2405:200:200::/40
remark Deny RIL infrastructure space as a source of external packets
deny ipv6 2405:200:200::/40 any
remark Deny special-use address sources Refer RFC6890
deny ipv6 ::/8 any
deny ipv6 FEC0::/10 any
deny ipv6 FC00::/7 any
deny ipv6 FF00::/8 any
deny ipv6 any 2001:10::/28
deny ipv6 2001:10::/28 any
deny ipv6 any 2001:DB8::/32
deny ipv6 2001:DB8::/32 any
permit ipv6 any 2001:2::/48
permit ipv6 any 2001::/32
deny ipv6 any 2001::/23
deny ipv6 2001::/23 any
remark deny false 6to4 packets
remark deny loopback address
deny ipv6 host 1:: any
remark deny ipv4-compatible addresses
remark ipv4 mapped adresses - obsoleted
remark deny other compatible addresses
deny ipv6 ::224.0.0.0/100 any
deny ipv6 ::127.0.0.0/104 any
deny ipv6 ::255.0.0.0/104 any
remark deny 6bone addresses - depreciated
remark Phase 2 a explicit Permit
permit ipv6 any any
!
!
ipv6 access-list MGMT-SNMP-IPv6
permit ipv6 2405:200:a10:fc00::/64 any
permit ipv6 2405:200:a10:fc04::/64 any
permit ipv6 2405:200:a10:fc09::/64 any
permit ipv6 2405:200:a10:fcb0::/64 any
permit ipv6 2405:200:a10:fcb1::/64 any
permit ipv6 2405:200:a10:fcba::/64 any
permit ipv6 2405:200:a10:fcc7::/64 any
permit ipv6 2405:200:a60:fdc0::/64 any
permit ipv6 2405:200:a10:fcc0::/64 any
permit ipv6 2405:200:a10:fcc4::/64 any
permit ipv6 2405:200:800::/44 any
permit ipv6 2405:200:855:2575::/64 any
permit ipv6 2405:200:A80:FD19:5DC:98E5:692C:0/112 any
!
!
!
ipv6 access-list MGMT-VTY-IPv6
permit ipv6 2405:200:100::/40 any
permit ipv6 2405:200:802:679::/64 any
permit ipv6 2405:200:804:651::/64 any
permit ipv6 2405:200:806:651::/64 any
permit ipv6 2405:200:808:651::/64 any
permit ipv6 2405:200:a10:fc80::/64 any
permit ipv6 2405:200:a10:fcb0::/64 any
permit ipv6 2405:200:a10:fcb1::/64 any
permit ipv6 2405:200:a10:fcc0::/64 any
permit ipv6 2405:200:a10:fcc4::/64 any
permit ipv6 2405:200:a60:fdc0::/64 any
permit ipv6 2405:200:a60:f0f0::/60 any
permit ipv6 2405:200:800::/44 any
permit ipv6 2405:200:855:2575::/64 any
permit ipv6 2405:200:a10:fcc7::/64 any
permit ipv6 2405:200:A80:FD19:5DC:98E5:692C:0/112 any
!
ipv6 access-list MCAST-BDR-IPv6
permit ipv6 any ff30::/12
!
control-plane
!
banner login ^
-------------------------------------------------------------------------
UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
You must have explicit, authorized permission to access or configure this
device.
Unauthorized attempts and actions to access or use this system may result
in civil and/or criminal penalties.
All activities performed on this device are logged and monitored.
GCTv20.8
NE-ID INGJAMBDNKOLTW0003ENBESR001
SAP-ID I-GJ-AMBD-ENB-0517
FAC-ID INGJAMBDNKOLTW0003
HostName AMBDNKOLESR023
-------------------------------------------------------------------------
^
!
banner motd ^
-------------------------------------------------------------------------
UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
You must have explicit, authorized permission to access or configure this
device.
Unauthorized attempts and actions to access or use this system may result
in civil and/or criminal penalties.
All activities performed on this device are logged and monitored.
GCTv20.8
NE-ID INGJAMBDNKOLTW0003ENBESR001
SAP-ID I-GJ-AMBD-ENB-0517
FAC-ID INGJAMBDNKOLTW0003
HostName AMBDNKOLESR023
-------------------------------------------------------------------------
^
!
aaa authentication banner #Unauthorized acces is prohibited#
ip sla server twamp
port 862
timer inactivity 1200
ip sla responder twamp
resp
timeout 2000
!
line con 0
privilege level 15
logging synchronous
exec-timeout 5 0
login authentication AAA-CONSOLE-LOCAL
authorization commands 15 AAA-VTY-ACS
stopbits 1
transport output none
!
line vty 0 4
access-class MGMT-VTY-IPv4 in vrf-also
exec-timeout 5 0
privilege level 15
ipv6 access-class MGMT-VTY-IPv6 in
login authentication AAA-VTY-ACS
logging synchronous
authorization commands 15 AAA-VTY-ACS
transport preferred none
transport input ssh
transport output ssh
!
line vty 5 9
access-class MGMT-VTY-IPv4 in vrf-also
exec-timeout 5 0
privilege level 15
ipv6 access-class MGMT-VTY-IPv6 in
login authentication AAA-VTY-ACS
logging synchronous
authorization commands 15 AAA-VTY-ACS
transport preferred none
transport input ssh
transport output ssh
!
line vty 10 20
no exec
!
line aux 0
no exec
transport input none
transport output none
no password
exec-timeout 0 1
privilege level 1
!
exception crashinfo file bootflash:crashinfo1
exception crashinfo buffersize 256
!
esmc process
ntp authentication-key 1 md5 Rjio@Ntp
ntp authenticate
ntp trusted-key 1
ntp source Loopback999
ntp master 5
ntp server vrf RJIL-IP-MGMT 172.16.34.76 key 1 prefer
ntp server vrf RJIL-IP-MGMT 172.16.34.77 key 1
ntp access-group peer NTP-ACL
!
!
!
!