Professional Documents
Culture Documents
A Case Study
A Case StudyOfOf
INDIAN
INDIANINSTITUTE
INSTITUTEOF
OFTECHNOLOGY
TECHNOLOGY
KHARAGPUR
KHARAGPUR
Implemented By
Implemented By
HCL COMNET LIMITED
HCL COMNET LIMITED
DOCUMENT DETAILS
Version 1.0
Date 15/12/2002
Sukanta Das, Sr. Engineer WAN Operation
Created by E-mail: SukantaD@hclcomnet.co.in
Mr. Bhaskar Dasgupta, National Project Manager
Project Manager E-Mail: b_dasgupta@hclcomnet.co.in
Reference www.cisco.com
Modified by
Suggestion /
Comments
Revision History:
TABLE OF CONTENTS
1. INTRODUCTION
IIT Kharagpur located about 125 KM south of Calcutta, is Indias Premier Technology
Institution. Established in 1951, the institute boasts of 18 Academic Departments
and 5 Centers of excellence. The vast campus, spanning over 2100 Acres has a self-
contained township of over 15,000 inhabitants. Currently there are about 450
Faculty, 2200 Employees and 4000 Students on the campus.
2. INSTITUTE HISTORY
The history of the IIT system dates back to 1946 when a committee was set up by
Hon'ble Sir Jogendra Singh, Member of the Viceroy's Executive Council, Department
of Education, Health and Agriculture to consider the setting up of Higher Technical
Institutions for post war industrial development in India. The 22 member committee
headed by Sri N.R.Sarkar, in its report, recommended the establishment of four
Higher Technical Institutions in the Eastern, Western, Northern and Southern
regions, possibly on the lines of the Massachusetts Institute of Technology, USA,
with a number of secondary institutions affiliated to it. The report also urged the
speedy establishment of all the four institutions with the ones in the East and the
West to be started immediately. The committee also felt that such institutes would
not only produce undergraduates but they should be engaged in research, producing
research workers and technical teachers as well. The standard of the graduates
should be at par with those from first class institutions abroad. They felt that the
proportion of undergraduates and postgraduate students should be 2:1.
With the above recommendations of the Sarkar committee in view, the first Indian
Institute of Technology was born in May 1950 in Hijli, Kharagpur, in the eastern part
of India.
Initially the IIT started functioning from 5, Esplanade East, Calcutta and very soon
shifted to Hijli in Sept. 1950. The present name 'Indian Institute of Technology' was
adopted before the formal inauguration of the Institute on August 18, 1951, by
Maulana Abul Kalam Azad.
IIT Kharagpur started its journey in the old Hijli Detention Camp where some of our
great freedom fighters toiled and sacrificed their lives for the independence of our
country.
The history of IIT Kharagpur is thus intimately linked with the history of the Hijli
Detention Camp. This is possibly one of the very few Institutions all over the world,
which started life in a prison house.
Pandit Nehru in his first convocation address in 1956 said "Here in the place of that
Hijli Detention Camp stands the fine monument of India, representing India's urges,
Indias future in the making. This picture seems to me symbolical of the changes
that are coming to India."
3. CAMPUS LOCATION
The Indian Institute of Technology, Kharagpur is located 116 kms. west of the
metropolis of Calcutta. Kharagpur is extremely well connected by rail to all the four
metropolis as it lies on the Howrah Bombay, Howrah Madras and Delhi-Puri line.
Regular train services to Hyderabad and Bangalore are also available. Fast and
regular suburban trains connect Kharagpur to Calcutta.
The Institute is situated 4 kms. from the Kharagpur railway station. Autorickshaws
and Taxis provide reliable, fast and the round the clock transport between the
station and the campus. The Institute also provides regular bus services to the
station.
HCL Comnet set up the first ATM network for IIT Kharagpur in 1996. The network
was built with 3 Centralized 100 OC-3 ATM switches on the Core running PNNI
routing. The departments had installed a Centralized 100 ATM switch with UNI
routing to the core, also acting as a LANE server version. IIT decided to move from
ATM to Gigabit Ethernet backbone. This task was handed over to CMC. However,
CMC failed to live upto IITs expectations. IIT got the product but not the integration
expertise.
HCL Comnet swung back to action again with a tie up with Cisco and got a preferred
partner status in the East due to high technical know-how and network design skills.
The Academic Campus network Upgradation & Expansion contract was given to HCL
Comnet for designing state of the art Multiservice Network for Student Campus
Network.
The next phase was to integrate the Student Campus Network with the Academic
Network. A classic ATM & IP integration was developed as a solution, as ATM was
still being extensively used in the existing network, for research and development
activities. IIT also froze its plans for setting up a new state of the art at Computer
Center. HCL Comnet designed a state of the art Networking Infrastructure for the
new building encompassing the entire Data Center & Telecom infrastructure for IIT
campus.
HCL Comnet also installed a Satellite Earth Station for providing 5 Mbps of raw
Internet bandwidth from International Network Access Point (NAP) from Thaicom.
5. CAMPUS MAP
6. THE NEED
Core Layer:
Distribution Layer:
Access Layer:
Server Farm:
Video Services:
Gateway Router:
8. PROJECT OVERVIEW
Phase I - Academic Part: HCL COMNET installed high speed ATM backbone in the
year of 1997. It was done by ATM switches and managed HUBs.
Latter in the year of 1999 backbone link speed was upgraded to Gigabit Ethernet by
CMC. There two no of Cisco 6006 switches was used as Core switch. The Edge
switches were Cisco 2924 MXL to provide the main departmental distribution. The
edge access device was Hub. The Internet was terminated at Cisco 5509 switch. The
existing ATM network was also integrated at the Cisco 5509 switch.
In the year of 2001 the network was upgraded with forcing functionality.
Each year lightning was damaging the lot of active components. It was identified
that Surges are mainly coming from the external copper wire such as UTP and
Thick Ethernet. These kinds of links have been upgraded to Optical fiber to avoid
repeated problem. We have also installed stand alone UPS on input of the switch
where central UPS power is not available.
The voice, video and data application were integrated with a converged Internet
Protocol (IP) solution to provide high-availability network with video server facility
for lectures and self study materials.
High-speed Content Engines were deployed all the hostels for caching multimedia
information. A central Content Distribution Manager provided centralized control,
push-pull facility and content management across the network.
Redundant Firewall (PIX-525) was installed for secure access to Internet as well as
Intranet. Access to the Core network was controlled at the Distribution switches
through access control list. Cisco Secure Policy Manager was used to manage the
security policy across the network. The Trend Micro Enterprise Suite yet to be
installed for centralized Virus Control.
We had set-up one test bed in Mechanical Dept of IIT Kharagpur for implementing
of Hostel Network & connect the same network with Academic network.
VLAN 600
VL
AN
AN
VL
VLA 60
N 3
60
02 4
N6 3/1 (10.200.4.2)
3/1 (10.200.1.1) VLA
Ar
ea
2 a1
A re
Port no 1 12 Port no 13 24
VLAN 700 - 710 VLAN 711 - 720
Ed g e Sw it ch
De pa rt me nt
M a jo r De pa rt me n t s Dist rib ut io n Sw it ch
2 M b ps VS NL Link
C is co 2 9 4 8 - L3
VS N L R o u t e r
C isco 5 5 0 9
A T M S w it c h
C OR E 1
E d g e S w itch
D e p a rtme n t C OR E 2 C OR E 3
5 M b ps
C isco P IX w it h Th a ico m Lin k
F a ilo v e r
Server Farm
C a che E n gin e
To t a l 1 4 H o st e l Dis t rib ut ion Sw it ch C is co 7 5 0 7
Se rve rs
G a t e w ay R o ute r
C o n te n t En gine
Ed ge Sw it ch E d g e S w it ch E d g e S w itch E d g e S w itch
Ho s te l Ho st e l
CS E , L ib ra r y , M e c h a n ic a l,
Che m ic a l, E le c t r ic a l w he r e
Ca t - 294 8 h a s be e n ins t a lle d
V s nl L in k
C is c o - 5 5 09 A T M S w it c h
4/ 16
C- D O T H UB
4/ 15
Fa ilo v e r
Po rt
Po r t - 11 A x 100 Tx
Rx
P IX
18 - 23 Ca t - 192 4
1-6
Po r t- 9
3/ 1
3/ 3
3/ 2
Sa t e llit e M o de m
A c a d e m ic C O R E
650 9
C E - 59 0
DV B Re c e iv e r
F. E 1 / 0 / 0
S 1/ 1/ 0
3/ 15
3/ 13
G 0/ 1 Ne t w o r k La b
3/ 16 Ca t - 352 4
3/ 16
F. E 4/ 0/ 0
T ha ic o m Ga t e w a y
D is t rib ut io n
Ho s t e l C O R E - 1 Ho s t e l C O R E - 2 Ro ut e r - 7 50 7
6 50 6
650 9 650 9
Ot h e r De p a r t me n t s
1 4 Ho s t e l D is t . S w it c he s
L I B R AR Y
6 C o r e S M F fr o m C IC
Ca t 2 9 4 8 L3 S w it c h
1 0 . 1 7 . 1 .2
E L E C T R O N IC L IB R A R Y
M A Z E NI N E FL O O R
Ca t 1 9 2 4 S w it c h
1 0 . 1 7 . 2 .1 C a t 1 9 2 4 S w it c h
1 0 . 1 7 . 3 .1
8 Po rt H UB 8 Port H UB 8 Po r t H UB
Ch a ir m a n R o o m Ne a r G a t e K. K . P a n d a R o o m
ELECTRICAL
12 Core SMF fro m CIC
TDM Lab
TDM Lab
16 Port HUB
6 Core SMF towards TDM Lab
Co mputer Contro l La b
Cat 2948 L3 Switch
10.9.1.2 N 23 7 Energy Lab, Gnd Floor
16 Port HUB 12 Port Hub
CIVIL
6 Core M M F
A UI/ FL
Cat 35 24 X L EN Cat 19 24 S w itch
(10. 19. 1.1) (10. 19. 5.1)
Co mputer Ro o m Structural Lab
Cat 19 24 S w itch
(10. 19. 4.1)
2 n d Floor
Enviro n me nt al Lab
Cat 19 24 S w itch
(10. 19. 3.1)
Con nected fro m Cry oge n ic Co mputer Ro o m
8 Port HUB
Trans portation Lab
Cat 19 24 S w itch
(10. 19. 2.1)
Fou ndat ion Engg .
FMT - 1
FMT - 2 SMT
Mult ime d ia La b 1st Floor
F 0/23 G 0/1
FMT
Co mputer Ro o m
Ground Floor
8 Port HUB
Library Roo m
Ground Floor
A RCHITECTURE
1 12
1 6
ST - ST
ST - SC
Trunk- VLA N 11
ST - SC
F 0/24
1 6 CIC Dist. 4/10
F 0/23 G 0/1
Cat 3524 XL EN
(10.24.1.1)
Access- VLA N 17 from
CIC Distribut ion 4/11 UP- Link Crossover UTP Cable
G 0/1 F 0/24
Fiber Opt ic La b
Ground Floor Cat 1924
(10.24.2.1)
Cat 2924 MX L
(10.42.1.2)
CRF
16 Port HUB
OSTC 1st Floor
M IN IN G , FO U N DR Y , W ATE R W O RK S
6 Co r e S M F fr o m C IC FO U ND R Y
6 Co r e S M F
M I NI N G
To w a r ds Fo u ndr y
S T - SC
To wa rds W a t e r W o rks
MC
FO - UT P
A cce s s V LA N 1 6
MC
fr o m C IC D is t . 4/ 8
UT P - FO
G 1/ 1
MC
UT P - FO 6 Co r e S M F
Ca t 29 24 M X L
(10. 32. 1.2)
MC
8 Po rt HU B 8 Po rt HU B 8 Po rt HU B FO - UT P
HOD R o o m Pro f. J .Bs R oo m R es ea rc h
S cho la r R oom
W A TER W O R KS
12 Core S M F fro m C IC
IEM & VGSOM
6 Core t owar ds V GS O M
V GS OM Gn d Floor
Co mput er La b
Cat 35 24 X L EN
(10. 43. 1.1)
Board Roo m
Dea ns Roo m
IEM G nd Floor 2 nd Floor
1 s t Floor
C om pute r La b
Cat 35 24 X L EN Cat 19 24 S w it ch
Cat 19 24 S w itch
(10. 29. 1.1) (10. 43. 3.1)
(10. 43. 2.1)
Ca t 19 24 S w it ch
(10. 29. 2.1)
8 Port HUB
Prof. D. Chate r jee
8 Port HUB
IEM Gn d Floor 2 nd Floor
Res earch Sc ho la r La b
Wor ks tat ion Lab 1 s t Floor
CRY O GE NIC
1 6 Foundat ion Engg . (CIV IL)
1 6
1 6
A ccess VLA N 24
Cat-2924 MXL E N
F 0/23
(10.36. 1.2)
Cat-1924
(10.19.2.1)
UP- Link Crossover UTP Cable
PED Lab
1st Floor
Cat-1924
(10. 36. 2.1)
Cryogenic : VLA N 23
Foundat ion Engg .(Civ il) : VLA N 24
12 Core S M F fro m C IC
Cat 29 24 MX L
(10. 39. 1.1)
Cat 35 24 X L EN A UI/ FL Mat. Sc. Co mputer Roo m
(10. 25. 1.1) 16 Port Sy nopt ic HUB
A erospace Co mp uter Lab W IND LA B
A UI/ FL
Cat 19 24 S w it ch
(10. 25. 2.1)
A erospace Co mp ute r Lab
Cat 29 24 MX L
Cat 35 24 X L EN (10.28.1.2)
(10.33.1.1) Che mistry Co mputer LA B
Co mputer Ro o m
Cat 35 24 X L EN
(10.23.1.1) 12 Core SMF to wards Te leco m
MA TH - LA B - 1
BCR
BCR HALL
HALL
VLAN 632
6509 CORE 1 VLAN 631 PORT 3 / 16 6509 CORE 2
PORT 3 / 15 IP ADD 10. 200. 32. 0
IP ADD 10. 200. 31. 0
6509 DISTRIBUTION
3/ 1
3/ 2 3 / 10
3/ 3 3/ 4 3/ 9
3/ 5 3/ 6 3/ 7 3/ 8
1.E-BLOCK 1.E-BLOCK 1.S-BLOCK 1.S-BLOCK 1.NE- 1.NE- 1.NW- 1.NW- 1.W-BLOCK 1.W-BLOCK
2.GND FL 2.1ST+2ND FL 2.GND FL 2.1ST+2ND BLOCK BLOCK BLOCK BLOCK 2.GND FL 2.1ST+2ND
3.VLAN NO 3.VLAN NO 3.VLAN NO FL.. 3.VLAN 2.GND FL 2.1ST+2ND 2.GND FL 2.1ST+2ND 3.VLAN NO FL . 3.VLAN
750 . 751 . 752 . NO 3.VLAN NO FL . 3.VLAN 3.VLAN NO FL . 3.VLAN 758 . NO
4.MGT IP- 4.MGT IP- 4.MGT IP- 753 . 754 . NO 756 . NO 4.MGT IP- 759 .
10.200.1.1 10.200.1.3 10.200.1.4 4.MGT IP- 4.MGT IP- 755 . 4.MGT IP- 757 . 10.200.1.10.H 4.MGT IP-
5.HOST 5.HOST 5.HOST 10.200.1.5 10.200.1.6. 4.MGT IP- 10.200.1.8. 4.MGT IP- OST NAM E 10.200.1.11.H
NAM E NAM E NAM E 5.HOST HOST 10.200.1.7. HOST 10.200.1.9. OST NAM E
BCR_E_GN BCR_E_1ST. BCR_S_GND NAM E NAM E HOST NAM E HOST BCR_W_GN BCR_W_1ST
D. . BCR_S_1ST. BCR_NE_G NAM E BCR_NW_G NAM E D. .
ND. BCR_NE_1S ND. BCR_NW_1S
T. T.
AZAD
AZAD HALL
HALL
VLAN 612
6509 CORE 1 VLAN 611 PORT 3 / 16 6509 CORE 2
PORT 3 / 15 IP ADD 10. 200. 12. 0
IP ADD 10. 200. 11. 0
6509 DISTRIBUTION
3/1
3/2 3 / 10
3/3 3/4 3/9
3/5 3/6 3/7 3/8
MBM
MBM &
& SN
SN HALL
HALL
VLAN 634
6509 CORE 1 VLAN 633 PORT 3 / 16 6509 CORE 2
PORT 3 / 15 IP ADD 10. 200. 34. 0
IP ADD 10. 200. 33. 0
6509 DISTRIBUTION
3/1
3/7
3/2
3/3 3/6
3/4 3/5
IG
IG &
& MT
MT HALL
HALL
VLAN 636
6509 CORE 1 VLAN 635 PORT 3 / 16 6509 CORE 2
PORT 3 / 15 IP ADD 10. 200. 36. 0
IP ADD 10. 200. 35. 0
6509 DISTRIBUTION
3/1
3/2 3 / 10
3/3 3/4 3/9
3/5 3/6 3/7 3/8
NEHRU
NEHRU HALL
HALL
VLAN 614
6509 CORE 1 VLAN 613 PORT 3 / 16 6509 CORE 2
PORT 3 / 15 IP ADD 10. 200. 14. 0
IP ADD 10. 200. 13. 0
6509 DISTRIBUTION
3/1
3/2 3 / 10
3/3 3/4 3/9
3/5 3/6 3/7 3/8
PATEL
PATEL HALL
HALL
VLAN 616
6509 CORE 1 VLAN 615 PORT 3 / 16 6509 CORE 2
PORT 3 / 15 IP ADD 10. 200. 16. 0
IP ADD 10. 200. 15. 0
6509 DISTRIBUTION
3/1
3/2 3 / 10
3/3 3/4 3/9
3/5 3/6 3/7 3/8
begin
!
# ***** NON-DEFAULT CONFIGURATION *****
!
!
#time: Thu Dec 19 2002, 03:25:14
!
#version 6.1(3)
!
!
#system web interface version Engine: 5.3 ADP device: Cat6000 ADP Version: 1.5 A
DK: 40
!
set password $2$0GhI$SVVAsoF8Uk5E5KgUsNiVM1
set enablepass $2$bD0w$qTOAn.ueBMmhNvHxpo7B10
!
#errordetection
set errordetection portcounter enable
!
#!
#snmp
set snmp community read-write patel
set snmp rmon enable
set snmp trap enable module
set snmp trap enable chassis
set snmp trap enable bridge
set snmp trap enable repeater
set snmp trap enable vtp
set snmp trap enable auth
set snmp trap enable ippermit
set snmp trap disable vmps
set snmp trap enable entity
set snmp trap enable config
set snmp trap enable stpx
set snmp trap enable syslog
set snmp trap 10.211.1.101 patel
!
#vtp
set vtp domain FOUNDATION_CORE1
set vlan 1 name default type ethernet mtu 1500 said 100001 state active
set vlan 2 name ernet type ethernet mtu 1500 said 100002 state active
set vlan 3 name gsst type ethernet mtu 1500 said 100003 state active
set vlan 8 name CET type ethernet mtu 1500 said 100008 state active
set vlan 13 name chemical type ethernet mtu 1500 said 100013 state active
set vlan 24 name civil type ethernet mtu 1500 said 100024 state active
set vlan 38 name csestaff type ethernet mtu 1500 said 100038 state active
set vlan 39 name csefaculty type ethernet mtu 1500 said 100039 state active
set vlan 100 name cic_server type ethernet mtu 1500 said 100100 state active
set vlan 500 name cicdist type ethernet mtu 1500 said 100500 state active
set vlan 501 name dist_elec type ethernet mtu 1500 said 100501 state active
set vlan 502 name library type ethernet mtu 1500 said 100502 state active
set vlan 503 name core_csc type ethernet mtu 1500 said 100503 state active
set vlan 504 name core_mech type ethernet mtu 1500 said 100504 state active
set vlan 507 name Foundation_core type ethernet mtu 1500 said 100507 state activ
e
set vlan 508 name academic_core type ethernet mtu 1500 said 100508 state active
set vlan 509 name Newcic_dist type ethernet mtu 1500 said 100509 state active
set vlan 605 name serverfarm type ethernet mtu 1500 said 100605 state active
set vlan 640 name hall_server type ethernet mtu 1500 said 100640 state active
set vlan 641 name contentengine type ethernet mtu 1500 said 100641 state active
set vlan 645 name Thaicom type ethernet mtu 1500 said 100645 state active
set vlan 650 name Firewall type ethernet mtu 1500 said 100650 state active
set vlan 721 name d1_2_core type ethernet mtu 1500 said 100721 state active
set vlan 722 name d2_2_core type ethernet mtu 1500 said 100722 state active
set vlan 761 name RP type ethernet mtu 1500 said 100761 state active
set vlan 900 name mech204 type ethernet mtu 1500 said 100900 state active
set vlan 901 name mech205 type ethernet mtu 1500 said 100901 state active
set vlan 910 name 7500 type ethernet mtu 1500 said 100910 state active
set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active
set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state activ
e stp ieee
set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state active st
p ibm
set vlan 800,999
set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state acti
ve mode srb aremaxhop 0 stemaxhop 0 backupcrf off
!
#ip
set interface sc0 1 10.200.1.253/255.255.255.0 10.200.1.255
#qos
set qos enable
!
# default port status is enable
!
!
#module 1 : 2-port 1000BaseX Supervisor
set vlan 650 1/1-2
set port trap 1/1-2 enable
set trunk 1/1 on isl 1-1005,1025-4094
!
#module 2 : 2-port 1000BaseX Supervisor
set port trap 2/1-2 enable
!
#module 3 : 16-port 1000BaseX Ethernet
set vlan 650 3/16
set port trap 3/1-16 enable
set udld enable 3/10-11,3/15-16
clear trunk 3/1 2-507,509-639,642-760,762-1005,1025-4094
set trunk 3/1 on isl 1,508,640-641,761
clear trunk 3/2 2-506,508-639,642-760,762-1005,1025-4094
set trunk 3/2 on isl 1,507,640-641,761
clear trunk 3/3 1025-4094
set trunk 3/3 on isl 1-1005
clear trunk 3/4 1-500,502-1005,1025-4094
set trunk 3/4 on isl 501
clear trunk 3/5 1,3-37,40-497,500-502,504-644,646-1005,1025-4094
set trunk 3/5 on isl 2,38-39,498-499,503,645
clear trunk 3/6 1025-4094
set trunk 3/6 on isl 1-1005
clear trunk 3/7 2-99,101-604,606-639,642-799,801-1005,1025-4094
set trunk 3/7 on isl 1,100,605,640-641,800
clear trunk 3/8 1,3-99,101-503,505-639,641-1005,1025-4094
set trunk 3/8 on isl 2,100,504,640
clear trunk 3/9 1,3-501,503-1005,1025-4094
set trunk 3/9 on isl 2,502
clear trunk 3/10 1025-4094
set trunk 3/10 on isl 1-1005
clear trunk 3/11 1-1005,1025-4094
set trunk 3/11 auto negotiate
clear trunk 3/12 1-1005,1025-4094
set trunk 3/12 auto negotiate
clear trunk 3/13 1025-4094
set trunk 3/13 on isl 1-1005
clear trunk 3/14 1-1005,1025-4094
set trunk 3/14 auto negotiate
clear trunk 3/15 1-1005,1025-4094
set trunk 3/15 auto negotiate
clear trunk 3/16 1-909,911-1005,1025-4094
set trunk 3/16 on isl 910
set port qos 3/1-16 policy-source local
!
NEWCIC_CORE>en
Password:
NEWCIC_CORE#sh run
Building configuration...
!
!
!
interface Vlan13
description chem
ip address 10.20.1.2 255.255.0.0
ip helper-address 10.17.32.156
ip nat inside
!
interface Vlan100
description CICSERVER_VLAN
ip address 10.2.1.2 255.255.0.0
!
interface Vlan498
description interdep1_vlan
ip address 10.3.16.2 255.255.255.0
!
interface Vlan499
description interdep2_vlan
ip address 10.3.17.2 255.255.255.0
!
interface Vlan500
description connectivity to CIC_dist
ip address 10.151.1.2 255.255.0.0
ip helper-address 10.17.32.156
ip directed-broadcast
!
interface Vlan501
description electrical distribution
ip address 10.150.1.2 255.255.0.0
!
interface Vlan502
description library_distribution
ip address 10.152.1.2 255.255.0.0
ip helper-address 10.17.32.156
ip directed-broadcast
!
interface Vlan503
description core_csc_vlan
ip address 10.153.1.2 255.255.0.0
!
interface Vlan504
description core_mech_vlan
ip address 10.154.1.2 255.255.0.0
ip pim dense-mode
!
interface Vlan507
description Newciccore_to_Foundationcore
ip address 10.200.7.1 255.255.255.0
ip pim dense-mode
!
interface Vlan508
set vlan 4 name math type ethernet mtu 1500 said 100004 state active
set vlan 5 name CIC_VLAN type ethernet mtu 1500 said 100005 state active
set vlan 6 name vgsom type ethernet mtu 1500 said 100006 state active
set vlan 7 name physics type ethernet mtu 1500 said 100007 state active
set vlan 8 name CET type ethernet mtu 1500 said 100008 state active
set vlan 9 name chemistry type ethernet mtu 1500 said 100009 state active
set vlan 10 name IEM type ethernet mtu 1500 said 100010 state active
set vlan 11 name naval type ethernet mtu 1500 said 100011 state active
set vlan 12 name aerospace type ethernet mtu 1500 said 100012 state active
set vlan 13 name chemical type ethernet mtu 1500 said 100013 state active
set vlan 14 name matsc type ethernet mtu 1500 said 100014 state active
set vlan 15 name metal type ethernet mtu 1500 said 100015 state active
set vlan 16 name mining type ethernet mtu 1500 said 100016 state active
set vlan 17 name crf type ethernet mtu 1500 said 100017 state active
set vlan 18 name architecture type ethernet mtu 1500 said 100018 state active
set vlan 19 name step type ethernet mtu 1500 said 100019 state active
set vlan 20 name GEOLOGY type ethernet mtu 1500 said 100020 state active
set vlan 21 name RTC type ethernet mtu 1500 said 100021 state active
set vlan 22 name HUMANITY type ethernet mtu 1500 said 100022 state active
set vlan 23 name CRYOGENIC type ethernet mtu 1500 said 100023 state active
set vlan 24 name CIVIL type ethernet mtu 1500 said 100024 state active
set vlan 25 name Agriculture_PHTC type ethernet mtu 1500 said 100025 state activ
e
set vlan 26 name infocell type ethernet mtu 1500 said 100026 state active
set vlan 30 name PCLAB1 type ethernet mtu 1500 said 100030 state active
set vlan 31 name PCLAB2 type ethernet mtu 1500 said 100031 state active
set vlan 32 name WORKSTATION type ethernet mtu 1500 said 100032 state active
set vlan 33 name TERMINAL type ethernet mtu 1500 said 100033 state active
set vlan 34 name STAFF type ethernet mtu 1500 said 100034 state active
set vlan 35 name VLSI type ethernet mtu 1500 said 100035 state active
set vlan 36 name ADVLSI type ethernet mtu 1500 said 100036 state active
set vlan 37 name MEDIALAB type ethernet mtu 1500 said 100037 state active
set vlan 38 name CSESTAFF type ethernet mtu 1500 said 100038 state active
set vlan 39 name CSEFACULTY type ethernet mtu 1500 said 100039 state active
set vlan 40 name smt type ethernet mtu 1500 said 100040 state active
set vlan 50 name abcd type ethernet mtu 1500 said 100050 state active
set vlan 51 name LAB1_SIT type ethernet mtu 1500 said 100051 state active
set vlan 52 name SERVER1s_SIT type ethernet mtu 1500 said 100052 state active
set vlan 53 name SERVER1p_SIT type ethernet mtu 1500 said 100053 state active
set vlan 54 name LAB2_SIT type ethernet mtu 1500 said 100054 state active
set vlan 55 name SERVER2s_SIT type ethernet mtu 1500 said 100055 state active
set vlan 56 name SERVER2p_SIT type ethernet mtu 1500 said 100056 state active
set vlan 57 name INCUBIT_SIT type ethernet mtu 1500 said 100057 state active
set vlan 58 name FACULTY_SIT type ethernet mtu 1500 said 100058 state active
set vlan 59 name STAFF_SIT type ethernet mtu 1500 said 100059 state active
set vlan 60 name PROJECT_SIT type ethernet mtu 1500 said 100060 state active
set vlan 61 name FPGA_SIT type ethernet mtu 1500 said 100061 state active
set vlan 100 name CICSERVER type ethernet mtu 1500 said 100100 state active
set vlan 498 name interdep1 type ethernet mtu 1500 said 100498 state active
set vlan 499 name interdep2 type ethernet mtu 1500 said 100499 state active
set vlan 500 name CIC_to_core type ethernet mtu 1500 said 100500 state active
set vlan 505 name CORE_NEWCICDIST type ethernet mtu 1500 said 100505 state activ
e
set vlan 506 name NEWCIC_SERVER2948 type ethernet mtu 1500 said 100506 state act
ive
set vlan 509 name NEWCICCORE_NEWCICDIST type ethernet mtu 1500 said 100509 state
active
set vlan 645 name THAICOM type ethernet mtu 1500 said 100645 state active
set vlan 650 name firewall type ethernet mtu 1500 said 100650 state active
set vlan 761 name RP type ethernet mtu 1500 said 100761 state active
set vlan 872 name RCC_VLAN type ethernet mtu 1500 said 100872 state active
set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active
set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state activ
e stp ieee
set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state active st
p ibm
set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state acti
ve mode srb aremaxhop 0 stemaxhop 0 backupcrf off
!
#ip
set interface sc0 1 10.200.1.251/255.255.255.0 10.200.1.255
ACADEMIC_DISTRIBUTION>en
Password:
Password:
ACADEMIC_DISTRIBUTION#sh run
Building configuration...
Current configuration:
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname ACADEMIC_DISTRIBUTION
!
boot system flash bootflash:c6msfc2-isv-mz.121-3a.E4
enable password core1
!
ip subnet-zero
ip cef distributed
ip name-server 144.16.192.1
ip name-server 144.16.192.55
!
!
!
!
interface Vlan2
description ernet_vlan
ip address 203.197.98.200 255.255.255.0 secondary
ip address 202.141.127.200 255.255.255.0 secondary
ip address 10.100.1.2 255.255.0.0 secondary
ip address 144.16.197.150 255.255.240.0
ip helper-address 10.17.32.156
no ip redirects
no ip unreachables
ip directed-broadcast
ip nat outside
!
interface Vlan3
description gssst_vlan
ip address 10.44.1.2 255.255.0.0
ip helper-address 10.17.32.156
ip nat inside
!
interface Vlan4
description math_vlan
ip address 10.23.1.2 255.255.0.0
ip helper-address 10.17.32.156
ip nat inside
!
interface Vlan5
description cic_vlan
ip address 10.1.1.10 255.255.0.0
ip helper-address 10.17.32.156
!
interface Vlan6
description vgsom
ip address 10.43.1.2 255.255.0.0
ip helper-address 10.17.32.156
ip nat inside
!
interface Vlan7
description physics
interface Vlan17
description crf
ip address 10.42.1.2 255.255.0.0
ip helper-address 10.17.32.156
ip nat inside
!
interface Vlan18
description architecture
ip address 10.27.1.2 255.255.0.0
ip helper-address 10.17.32.156
ip nat inside
!
interface Vlan19
description step
ip address 10.49.1.2 255.255.0.0
ip helper-address 10.17.32.156
ip nat inside
!
interface Vlan20
description GEOLOGY
ip address 10.21.1.2 255.255.0.0
ip helper-address 10.17.32.156
ip nat inside
!
interface Vlan21
description RTC
ip address 10.38.1.2 255.255.0.0
ip helper-address 10.17.32.156
ip nat inside
!
interface Vlan22
description HUMANITY
ip address 10.30.1.2 255.255.0.0
ip helper-address 10.17.32.156
ip nat inside
!
interface Vlan23
description CRYOGENIC
ip address 10.36.1.2 255.255.0.0
ip helper-address 10.17.32.156
!
interface Vlan24
description CIVIL
ip address 10.19.1.2 255.255.0.0
ip helper-address 10.17.32.156
ip nat inside
!
interface Vlan25
description Agriculture_PHTC
ip address 10.26.1.2 255.255.0.0
ip helper-address 10.17.32.156
ip nat inside
!
interface Vlan26
description infocell
ip address 10.15.1.2 255.255.0.0
ip helper-address 10.17.32.156
ip nat inside
!
interface Vlan30
description PCLAB1
ip address 10.3.18.2 255.255.255.0
!
interface Vlan31
description PCLAB2
ip address 10.3.19.2 255.255.255.0
!
interface Vlan32
description WORKSTATION
ip address 10.3.124.2 255.255.255.0
!
interface Vlan33
description TERMINAL
ip address 10.3.32.2 255.255.255.0
!
interface Vlan34
description STAFF
ip address 10.3.132.2 255.255.255.0
!
interface Vlan35
description VLSI
ip address 10.3.36.2 255.255.255.0
!
interface Vlan36
description advanced vlsi
ip address 10.55.1.2 255.255.0.0
ip nat inside
!
interface Vlan37
description medialab
ip address 10.3.140.2 255.255.255.0
!
interface Vlan40
description SCHOOL OF MEDICAL TECHNOLOGY
ip address 10.54.1.2 255.255.0.0
ip nat inside
!
interface Vlan51
description LAB1_SIT
ip address 10.14.1.2 255.255.255.0
!
interface Vlan52
description SERVER1s_SIT
ip address 10.14.2.2 255.255.255.0
!
interface Vlan53
description SERVER1p_SIT
ip address 10.14.3.2 255.255.255.0
!
interface Vlan54
description LAB2_SIT
ip address 10.14.4.2 255.255.255.0
!
interface Vlan55
description SERVER2s_SIT
ip address 10.14.5.2 255.255.255.0
!
interface Vlan56
description SERVER2p_SIT
ip address 10.14.6.2 255.255.255.0
!
interface Vlan57
description INCUBIT_SIT
ip address 10.14.7.2 255.255.255.0
!
interface Vlan58
description FACULTY_SIT
ip address 10.14.8.2 255.255.255.0
!
interface Vlan59
description STAFF_SIT
ip address 10.14.9.2 255.255.255.0
!
interface Vlan60
description PROJECT_SIT
ip address 10.14.10.2 255.255.255.0
!
interface Vlan61
description FPGA_SIT
ip address 10.14.11.2 255.255.255.0
!
interface Vlan100
no ip address
shutdown
!
interface Vlan500
ip address 10.151.1.1 255.255.0.0
ip helper-address 10.17.32.156
ip directed-broadcast
ip nat inside
!
interface Vlan505
description NEWCICDIST_ACADEMICCORE
ip address 10.155.1.1 255.255.255.0
!
interface Vlan506
description NEWCICDIST_SERVER2948
ip address 10.155.2.1 255.255.255.0
!
interface Vlan509
description newcicdisribution to newciccore
ip address 10.200.9.2 255.255.255.0
ip nat inside
!
interface Vlan872
description NewCICDist_To_RCC
ip address 10.107.10.2 255.255.255.0
!
router ospf 109
log-adjacency-changes
redistribute rip subnets
network 10.0.0.0 0.255.255.255 area 0
!
router rip
redistribute ospf 109
passive-interface Vlan509
network 10.0.0.0
network 144.16.0.0
network 202.141.127.0
network 203.197.98.0
default-metric 10
!
ip nat inside source static 10.43.1.5 144.16.192.146
ip nat inside source static 10.5.19.45 144.16.192.72
ip nat inside source static 10.55.32.81 144.16.192.112
ip nat inside source static 10.5.18.67 61.11.237.104
ip nat inside source static 10.5.18.66 61.11.237.103
ip nat inside source static 10.5.18.64 61.11.237.101
ip nat inside source static 10.5.18.65 61.11.237.102
ip nat inside source static 10.17.40.1 203.197.98.28
ip nat inside source static 10.15.1.4 144.16.192.110
ip nat inside source static 10.26.32.6 144.16.194.6
ip nat inside source static 10.26.1.4 144.16.192.121
ip nat inside source static 10.19.1.4 144.16.192.73
ip nat inside source static 10.49.32.100 144.16.200.149
ip nat inside source static 10.21.1.4 144.16.192.50
ip nat inside source static 10.25.1.5 144.16.196.219
ip nat inside source static 10.27.1.4 144.16.192.41
ip nat inside source static 10.32.1.4 144.16.192.10
ip nat inside source static 10.39.1.4 144.16.192.105
ip nat inside source static 10.25.1.4 144.16.192.113
ip nat inside source static 10.20.251.4 144.16.192.220
ip nat inside source static 10.20.1.4 144.16.192.89
ip nat inside source static 10.44.1.4 144.16.192.241
ip nat inside source static 10.43.1.4 144.16.192.145
ip nat inside source static 10.35.1.4 144.16.192.221
ip nat inside source static 10.33.1.4 144.16.192.135
ip nat inside source static 10.28.1.4 144.16.192.136
!
#errordetection
set errordetection portcounter enable
!
#!
#vtp
set vtp domain IITKGP
set vlan 1 name default type ethernet mtu 1500 said 100001 state active
set vlan 2 name ernet type ethernet mtu 1500 said 100002 state active
set vlan 3 name gsst type ethernet mtu 1500 said 100003 state active
set vlan 8 name CET type ethernet mtu 1500 said 100008 state active
set vlan 24 name civil type ethernet mtu 1500 said 100024 state active
set vlan 100 name CICSERVER type ethernet mtu 1500 said 100100 state active
set vlan 498 name interdep1 type ethernet mtu 1500 said 100498 state active
set vlan 499 name interdep2 type ethernet mtu 1500 said 100499 state active
set vlan 500 name Dist_CIC type ethernet mtu 1500 said 100500 state active
set vlan 501 name dist_elec type ethernet mtu 1500 said 100501 state active
set vlan 502 name dist_lib type ethernet mtu 1500 said 100502 state active
set vlan 503 name core_csc type ethernet mtu 1500 said 100503 state active
set vlan 504 name core_mech type ethernet mtu 1500 said 100504 state active
set vlan 505 name core_newcicdist type ethernet mtu 1500 said 100505 state activ
e
set vlan 508 name newcic_core2 type ethernet mtu 1500 said 100508 state active
set vlan 605 name serverfarm type ethernet mtu 1500 said 100605 state active
set vlan 610 name academic_foundationcore1 type ethernet mtu 1500 said 100610 st
ate active
set vlan 611 name azad_foundationcore1 type ethernet mtu 1500 said 100611 state
active
set vlan 613 name nehru_foundationcore1 type ethernet mtu 1500 said 100613 state
active
set vlan 615 name patel_fundationcore1 type ethernet mtu 1500 said 100615 state
active
set vlan 617 name hb_foundationcore1 type ethernet mtu 1500 said 100617 state ac
tive
set vlan 619 name jcb_foundationcore1 type ethernet mtu 1500 said 100619 state a
ctive
set vlan 621 name llr_foundationcore1 type ethernet mtu 1500 said 100621 state a
ctive
set vlan 623 name vs_foundationcore1 type ethernet mtu 1500 said 100623 state ac
tive
set vlan 627 name rk_foundationcore1 type ethernet mtu 1500 said 100627 state ac
tive
set vlan 629 name rp_foundationcore1 type ethernet mtu 1500 said 100629 state ac
tive
set vlan 631 name bcr_foundationcore1 type ethernet mtu 1500 said 100631 state a
ctive
set vlan 633 name mbm_foundationcore1 type ethernet mtu 1500 said 100633 state a
ctive
set vlan 635 name ig_foundationcore1\ type ethernet mtu 1500 said 100635 state a
ctive
set vlan 640 name hallserver type ethernet mtu 1500 said 100640 state active
set vlan 641 name content_engine type ethernet mtu 1500 said 100641 state active
set vlan 645 name THAICOM type ethernet mtu 1500 said 100645 state active
set vlan 761 name RP type ethernet mtu 1500 said 100761 state active
set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active
set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state activ
e stp ieee
set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state active st
p ibm
set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state acti
ve mode srb aremaxhop 7 stemaxhop 7 backupcrf off
!
#ip
set interface sc0 1 10.200.1.250/255.255.255.0 10.200.1.255
#module 9 empty
!
#module 15 : 1-port Multilayer Switch Feature Card
!
#module 16 : 1-port Multilayer Switch Feature Card
end
Console> (enable)
Console> (enable) session 15
Trying Router-15...
Connected to Router-15.
Escape character is '^]'.
Password:
HOSTEL_CORE1>en
Password:
HOSTEL_CORE1#sh run
Building configuration...
Current configuration:
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname HOSTEL_CORE1
!
boot system flash bootflash:c6msfc2-is-mz.121-3a.E4
enable secret 5 $1$xC32$s16mUY/jmUbObKNDXjXgV.
enable password line test
!
ip subnet-zero
ip cef
!
ip multicast-routing
redundancy
high-availability
config-sync
!
!
!
interface Vlan1
ip address 10.200.2.2 255.255.255.0 secondary alt ip address 10.200.2.210 255.2
55.255.0 secondary
ip address 10.200.1.2 255.255.255.0 alt ip address 10.200.1.210 255.255.255.0
no ip redirects
no ip unreachables
!
interface Vlan505
!
router ospf 109
log-adjacency-changes
network 10.0.0.0 0.255.255.255 area 0
!
ip classless
ip route 10.100.11.225 255.255.255.255 10.200.8.1
no ip http server
!
!
line con 0
transport input none
line vty 0 4
password core1
login
!
end
begin
!
# ***** NON-DEFAULT CONFIGURATION *****
!
!
#time: Thu Dec 19 2002, 03:41:47
!
#version 6.1(3)
!
!
#system web interface version Engine: 5.3 ADP device: Cat6000 ADP Version: 1.5 A
DK: 40
!
set password $2$bJyL$x1Ypmg4x8qkDz5p7o0T6t.
set enablepass $2$xEvD$5AcnVDw3l.c87KWIdgnMn/
!
#errordetection
set errordetection portcounter enable
!
#!
#vtp
set vtp domain FOUNDATION_CORE2
set vlan 1 name default type ethernet mtu 1500 said 100001 state active
set vlan 2 name ernet type ethernet mtu 1500 said 100002 state active
set vlan 3 name gssst type ethernet mtu 1500 said 100003 state active
set vlan 8 name cet type ethernet mtu 1500 said 100008 state active
set vlan 24 name civil type ethernet mtu 1500 said 100024 state active
set vlan 100 name cicserver type ethernet mtu 1500 said 100100 state active
set vlan 498 name interdep1 type ethernet mtu 1500 said 100498 state active
set vlan 499 name interdep2 type ethernet mtu 1500 said 100499 state active
set vlan 500 name dist_cic type ethernet mtu 1500 said 100500 state active
set vlan 501 name dist_elec type ethernet mtu 1500 said 100501 state active
set vlan 502 name library type ethernet mtu 1500 said 100502 state active
set vlan 503 name core_csc type ethernet mtu 1500 said 100503 state active
set vlan 504 name core_mech type ethernet mtu 1500 said 100504 state active
set vlan 507 name newcic_core type ethernet mtu 1500 said 100507 state active
set vlan 605 name serverfarm type ethernet mtu 1500 said 100605 state active
set vlan 610 name ACADEMIC_FOUNDATIONCORE1 type ethernet mtu 1500 said 100610 st
ate active
set vlan 611 name AZAD_FOUNDATIONCORE1 type ethernet mtu 1500 said 100611 state
active
set vlan 612 name AZAD_FOUNDATIONCORE2 type ethernet mtu 1500 said 100612 state
active
set vlan 613 name NEHRU_FOUNDATIONCORE1 type ethernet mtu 1500 said 100613 state
active
set vlan 614 name NEHRU_FOUNDATIONCORE2 type ethernet mtu 1500 said 100614 state
active
set vlan 615 name PATEL_FOUNDATIONCORE1 type ethernet mtu 1500 said 100615 state
active
set vlan 616 name PATEL_FOUNDATIONCORE2 type ethernet mtu 1500 said 100616 state
active
set vlan 617 name HB_FOUNDATIONCORE1 type ethernet mtu 1500 said 100617 state ac
tive
set vlan 619 name JCB_FOUNDATIONCORE1 type ethernet mtu 1500 said 100619 state a
ctive
set vlan 620 name JCB_FOUNDATIONCORE2 type ethernet mtu 1500 said 100620 state a
ctive
set vlan 621 name LLR_FOUNDATIONCORE1 type ethernet mtu 1500 said 100621 state a
ctive
set vlan 622 name LLR_FOUNDATIONCORE2 type ethernet mtu 1500 said 100622 state a
ctive
set vlan 623 name VS_FOUNDATIONCORE1 type ethernet mtu 1500 said 100623 state ac
tive
set vlan 624 name VS_FOUNDATIONCORE2 type ethernet mtu 1500 said 100624 state ac
tive
set vlan 625 name GOKHEL_FOUNDATIONCORE1 type ethernet mtu 1500 said 100625 stat
e active
set vlan 626 name HB_FOUNDATIONCORE2 type ethernet mtu 1500 said 100626 state ac
tive
set vlan 627 name RK_FOUNDATIONCORE1 type ethernet mtu 1500 said 100627 state ac
tive
set vlan 628 name RK_FOUNDATIONCORE2 type ethernet mtu 1500 said 100628 state ac
tive
set vlan 629 name RP_FOUNDATIONCORE1 type ethernet mtu 1500 said 100629 state ac
tive
set vlan 630 name RP_FOUNDATIONCORE2 type ethernet mtu 1500 said 100630 state ac
tive
set vlan 631 name BCR_FOUNDATIONCORE1 type ethernet mtu 1500 said 100631 state a
ctive
set vlan 632 name BCR_FOUNDATIONCORE2 type ethernet mtu 1500 said 100632 state a
ctive
set vlan 633 name CORE1_MBM type ethernet mtu 1500 said 100633 state active
set vlan 634 name MBM_FOUNDATIONCORE2 type ethernet mtu 1500 said 100634 state a
ctive
set vlan 635 name IG_FOUNDATIONCORE1 type ethernet mtu 1500 said 100635 state ac
tive
set vlan 636 name IG_FOUNDATIONCORE2 type ethernet mtu 1500 said 100636 state ac
tive
set vlan 640 name server type ethernet mtu 1500 said 100640 state active
set vlan 641 name content_engine type ethernet mtu 1500 said 100641 state active
set vlan 645 name THAICOM type ethernet mtu 1500 said 100645 state active
set vlan 650 name firewall type ethernet mtu 1500 said 100650 state active
set vlan 900 name TEST type ethernet mtu 1500 said 100900 state active
set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active
set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state activ
e stp ieee
set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state active st
p ibm
set vlan 760-761,776,847,871
set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state acti
ve mode srb aremaxhop 0 stemaxhop 0 backupcrf off
!
#ip
set interface sc0 1 10.200.1.254/255.255.255.0 10.200.1.255
HOSTEL_CORE2>en
HOSTEL_CORE2#sh run
Building configuration...
Current configuration:
!
! No configuration change since last restart
!
version 12.1
service timestamps debug uptime
!
interface Vlan630
description RP TO FOUNDATION CORE2
ip address 10.200.30.1 255.255.255.0 alt ip address 10.200.30.3 255.255.255.0
!
interface Vlan632
description BCR TO FOUNDATION CORE2
ip address 10.200.32.1 255.255.255.0 alt ip address 10.200.32.3 255.255.255.0
!
interface Vlan634
description MBM TO FOUNDATION CORE2
ip address 10.200.34.1 255.255.255.0 alt ip address 10.200.34.3 255.255.255.0
!
interface Vlan636
description IG TO FOUNDATION CORE2
ip address 10.200.36.1 255.255.255.0 alt ip address 10.200.36.3 255.255.255.0
!
interface Vlan900
ip address 10.51.1.2 255.255.255.0 alt ip address 10.51.1.3 255.255.255.0
!
router ospf 109
log-adjacency-changes
network 10.0.0.0 0.255.255.255 area 0
!
ip classless
no ip http server
!
access-list 10 permit 10.51.1.100
access-list 10 permit 10.51.1.101
access-list 160 permit ip 10.107.15.0 0.0.0.255 any
access-list 160 permit ip 10.107.10.0 0.0.0.255 any
access-list 160 permit ip 144.16.0.0 0.0.255.255 any
access-list 160 permit ip 10.0.0.0 0.63.255.255 any
access-list 160 permit ip 10.128.0.0 0.127.255.255 any
access-list 160 permit ip 10.96.0.0 0.31.255.255 any time-range halltime
access-list 160 permit ip 61.11.251.0 0.0.0.255 any
access-list 160 permit ip 203.192.37.0 0.0.0.255 any
!
line con 0
transport input none
line vty 0 4
login
!
time-range halltime
periodic weekdays 17:00 to 23:59
periodic weekdays 0:00 to 8:00
periodic weekend 0:00 to 23:59
!
end
Router#sh run
Building configuration...
sh run
Building configuration...
Current configuration:
!
version 11.2
no service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname vmerry
!
enable secret 5 $1$85RL$Q3n/PXK68HlDyMMA9iFV0/
enable password catalyst
!
ip name-server 203.197.98.5
ip name-server 202.54.9.1
ip name-server 202.54.8.1
ip name-server 202.141.127.2
!
interface Serial0/0
ip address 202.54.55.165 255.255.255.252
ip access-group 117 in
ip access-group 115 out
no ip directed-broadcast
no ip proxy-arp
ip accounting output-packets
no logging event subif-link-status
bandwidth 2000
tx-queue-limit 32767
fair-queue 1000 256 0
transmit-buffers backing-store
hold-queue 1000 in
hold-queue 1000 out
!
interface Serial0/1
ip address 202.54.55.165 255.255.255.252
ip access-group 115 out
ip accounting output-packets
no logging event subif-link-status
bandwidth 2048
shutdown
no fair-queue
!
interface Serial0/2
no ip address
no logging event subif-link-status
shutdown
!
interface Serial0/3
no ip address
vmerry#logout
CE-590#
CSE#show run
Building configuration...
Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname CSE
!
enable secret 5 $1$YqdA$k1bFzARKI.qyeUhh2QOfe.
!
ip subnet-zero
bridge irb
!
!
!
interface FastEthernet1
description THAICOM
no ip address
no ip directed-broadcast
bridge-group 10
!
interface FastEthernet2
description THAICOM
no ip address
no ip directed-broadcast
bridge-group 10
!
interface FastEthernet3
description Valid_IP
no ip address
no ip directed-broadcast
bridge-group 8
!
interface FastEthernet4
description Valid_IP
no ip address
no ip directed-broadcast
bridge-group 8
!
interface FastEthernet5
description Student_net
no ip address
no ip directed-broadcast
bridge-group 1
!
interface FastEthernet6
description Student_net
no ip address
no ip directed-broadcast
bridge-group 1
!
interface FastEthernet7
description Student_net
no ip address
no ip directed-broadcast
bridge-group 1
!
interface FastEthernet8
description Student_net
no ip address
no ip directed-broadcast
bridge-group 1
!
interface FastEthernet9
description Student_net
no ip address
no ip directed-broadcast
bridge-group 1
!
interface FastEthernet10
description Student_net
no ip address
no ip directed-broadcast
bridge-group 1
!
interface FastEthernet11
description Student_net
no ip address
no ip directed-broadcast
bridge-group 1
!
interface FastEthernet12
description Student_net
no ip address
no ip directed-broadcast
bridge-group 1
!
interface FastEthernet13
description Student_net
no ip address
no ip directed-broadcast
bridge-group 1
!
interface FastEthernet14
description Student_net
no ip address
no ip directed-broadcast
bridge-group 1
!
interface FastEthernet15
description staff_net
no ip address
no ip directed-broadcast
bridge-group 2
!
interface FastEthernet16
description staff_net
no ip address
no ip directed-broadcast
bridge-group 2
!
interface FastEthernet17
description staff_net
no ip address
no ip directed-broadcast
bridge-group 2
!
interface FastEthernet18
description staff_net
no ip address
no ip directed-broadcast
bridge-group 2
!
interface FastEthernet19
description staff_net
no ip address
no ip directed-broadcast
bridge-group 2
!
interface FastEthernet20
description staff_net
no ip address
no ip directed-broadcast
bridge-group 2
!
interface FastEthernet21
description staff_net
no ip address
no ip directed-broadcast
bridge-group 2
!
interface FastEthernet22
description staff_net
no ip address
no ip directed-broadcast
bridge-group 2
!
interface FastEthernet23
description staff_net
no ip address
no ip directed-broadcast
bridge-group 2
!
interface FastEthernet24
description staff_net
no ip address
no ip directed-broadcast
bridge-group 2
!
interface FastEthernet25
description server_net
no ip address
no ip directed-broadcast
bridge-group 3
!
interface FastEthernet26
description server_net
no ip address
no ip directed-broadcast
bridge-group 3
!
interface FastEthernet27
description server_net
no ip address
!
interface FastEthernet28
description server_net
no ip address
no ip directed-broadcast
bridge-group 3
!
interface FastEthernet29
description server_net
no ip address
no ip directed-broadcast
bridge-group 3
!
interface FastEthernet30
description server_net
no ip address
no ip directed-broadcast
bridge-group 3
!
interface FastEthernet31
description server_net
no ip address
no ip directed-broadcast
bridge-group 3
!
interface FastEthernet32
description server_net
no ip address
no ip directed-broadcast
bridge-group 3
!
interface FastEthernet33
description server_net
no ip address
no ip directed-broadcast
bridge-group 3
!
interface FastEthernet34
description server_net
no ip address
no ip directed-broadcast
bridge-group 3
!
interface FastEthernet35
description proj1_net
no ip address
no ip directed-broadcast
bridge-group 4
!
interface FastEthernet36
description proj1_net
no ip address
no ip directed-broadcast
bridge-group 4
!
interface FastEthernet37
description proj1_net
no ip address
no ip directed-broadcast
bridge-group 4
!
interface FastEthernet38
description proj1_net
no ip address
no ip directed-broadcast
bridge-group 4
!
interface FastEthernet39
description proj2_net
no ip address
no ip directed-broadcast
bridge-group 5
!
interface FastEthernet40
description proj2_net
no ip address
no ip directed-broadcast
bridge-group 5
!
interface FastEthernet40.1
description project1net connected to 2924_hardwarelab
encapsulation isl 494
no ip redirects
no ip directed-broadcast
bridge-group 4
!
interface FastEthernet40.2
description staffnet connected to 2924_hardwarelab
encapsulation isl 496
no ip redirects
no ip directed-broadcast
bridge-group 2
!
interface FastEthernet41
description proj2_net
no ip address
no ip directed-broadcast
bridge-group 5
!
interface FastEthernet41.1
description staffnet connected to 2924_dtp room
encapsulation isl 496
no ip redirects
no ip directed-broadcast
bridge-group 2
!
interface FastEthernet41.2
description studentnet connected to 2924_dtp room
encapsulation isl 497
no ip redirects
no ip directed-broadcast
bridge-group 1
!
interface FastEthernet41.3
description project1net connected to 2924_dtp room
encapsulation isl 494
no ip redirects
no ip directed-broadcast
bridge-group 4
nterface FastEthernet42
description proj2_net
no ip address
no ip directed-broadcast
bridge-group 5
nterface FastEthernet42.1
description STUDENT_NET CONNECTED TO 2924 SWITCH1
encapsulation isl 497
no ip redirects
no ip directed-broadcast
bridge-group 1
nterface FastEthernet42.2
description STAFF_NET CONNECTED TO 2924 SWITCH1
encapsulation isl 496
no ip redirects
no ip directed-broadcast
bridge-group 2
nterface FastEthernet42.3
description SERVER_NET CONNECTED TO 2924 SWITCH1
encapsulation isl 495
no ip redirects
no ip directed-broadcast
bridge-group 3
nterface FastEthernet42.4
description PROJECT1_NET CONNECTED TO 2924 SWITCH1
encapsulation isl 494
no ip redirects
no ip directed-broadcast
bridge-group 4
nterface FastEthernet43
description interdepartmental_1
no ip address
no ip directed-broadcast
bridge-group 6
nterface FastEthernet44
description interdepartmental_1
no ip address
no ip directed-broadcast
bridge-group 6
nterface FastEthernet45
description interdepartmental_1
no ip address
no ip directed-broadcast
bridge-group 6
nterface FastEthernet46
description interdepartmental_1
no ip address
no ip directed-broadcast
bridge-group 6
nterface FastEthernet46.1
description project1net connected to 2924_ab roo
encapsulation isl 494
no ip redirects
no ip directed-broadcast
bridge-group 4
nterface FastEthernet46.2
description staffnet connected to 2924_ab room
encapsulation isl 496
no ip redirects
no ip directed-broadcast
bridge-group 2
nterface FastEthernet47
description interdepartmental_2
no ip address
no ip directed-broadcast
bridge-group 7
nterface FastEthernet48
description interdepartmental_2
no ip address
no ip directed-broadcast
bridge-group 7
nterface GigabitEthernet49
no ip address
no ip directed-broadcast
nterface GigabitEthernet49.1
description Valid_ip
encapsulation isl 2
no ip redirects
no ip directed-broadcast
bridge-group 8
nterface GigabitEthernet49.2
description CSC_Core_Vlan
encapsulation isl 503
no ip redirects
no ip directed-broadcast
bridge-group 9
nterface GigabitEthernet49.3
description interdepartmental2_vlan
encapsulation isl 499
no ip redirects
no ip directed-broadcast
bridge-group 7
nterface GigabitEthernet49.4
description interdepartmental1_vlan
encapsulation isl 498
no ip redirects
no ip directed-broadcast
bridge-group 6
nterface GigabitEthernet49.5
description THAICOM VLAN
encapsulation isl 645
no ip redirects
no ip directed-broadcast
bridge-group 10
nterface GigabitEthernet49.6
description staffnet
encapsulation isl 38
no ip redirects
no ip directed-broadcast
bridge-group 2
nterface GigabitEthernet49.7
encapsulation isl 39
no ip redirects
no ip directed-broadcast
bridge-group 4
nterface GigabitEthernet50
no ip address
no ip directed-broadcast
shutdown
nterface BVI1
description student_net
ip address 10.5.16.2 255.255.255.0
ip helper-address 10.5.17.255
ip helper-address 10.5.18.255
ip directed-broadcast
nterface BVI2
description staff_net
ip address 10.5.17.2 255.255.255.0
ip helper-address 10.5.18.255
ip directed-broadcast
nterface BVI3
ip address 10.5.18.2 255.255.255.0
ip helper-address 10.5.17.255
ip directed-broadcast
nterface BVI4
ip address 10.5.19.2 255.255.255.0
ip helper-address 10.5.18.255
ip helper-address 10.5.17.255
ip directed-broadcast
nterface BVI5
ip address 10.5.20.2 255.255.255.0
no ip directed-broadcast
nterface BVI6
no ip address
no ip directed-broadcast
!
interface BVI8
description Valid_vlan
no ip address
no ip directed-broadcast
!
interface BVI9
ip address 10.153.1.1 255.255.0.0
no ip directed-broadcast
!
interface BVI10
no ip address
no ip directed-broadcast
!
router ospf 109
redistribute rip subnets
network 10.0.0.0 0.255.255.255 area 0
!
router rip
redistribute ospf 109
passive-interface BVI9
network 10.0.0.0
default-metric 10
!
ip classless
ip forward-protocol udp xdmcp
ip forward-protocol udp ntp
!
snmp-server community public RO
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
bridge 3 protocol ieee
bridge 3 route ip
bridge 4 protocol ieee
bridge 4 route ip
bridge 5 protocol ieee
bridge 5 route ip
bridge 6 protocol ieee
bridge 6 route ip
bridge 7 protocol ieee
bridge 7 route ip
bridge 8 protocol ieee
bridge 8 route ip
bridge 9 protocol ieee
bridge 9 route ip
(A) ARCHITECTURE:
Architecture# sh run
Building configuration...
Current configuration:
!
version 11.2
no service pad
no service udp-small-servers
no service tcp-small-servers
!
hostname Architecture
!
enable secret 5 $1$gb8n$ews.tHRVMYkEhSkk.4YlU.
enable password arch
!
!
!
!
interface VLAN1
no ip address
no ip route-cache
shutdown
!
interface VLAN18
ip address 10.27.1.1 255.255.0.0
no ip route-cache
!
interface FastEthernet0/1
switchport access vlan 18
!
interface FastEthernet0/2
switchport access vlan 18
!
interface FastEthernet0/3
switchport access vlan 18
!
interface FastEthernet0/4
switchport access vlan 18
!
interface FastEthernet0/5
switchport access vlan 18
!
interface FastEthernet0/6
switchport access vlan 18
!
interface FastEthernet0/7
!
interface GigabitEthernet1/1
switchport access vlan 18
!
ip default-gateway 10.27.1.2
snmp-server community private RW
snmp-server community public RO
snmp-server chassis-id 0x10
!
line con 0
stopbits 1
line vty 0 4
password arch27
login
line vty 5 9
login
!
end
_______________________________________________
(B) IE & M:
IEM# sh run
Building configuration...
Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname IEM
!
enable secret 5 $1$qDLu$7L.O.t7hdeZiEMUbAk6bh1
!
!
!
ip subnet-zero
!
!
!
interface FastEthernet0/1
switchport access vlan 10
!
interface FastEthernet0/2
switchport access vlan 10
!
interface FastEthernet0/3
switchport access vlan 10
!
interface FastEthernet0/4
switchport access vlan 10
!
interface FastEthernet0/5
switchport access vlan 10
!
interface FastEthernet0/6
switchport access vlan 10
!
interface FastEthernet0/7
switchport access vlan 10
!
interface FastEthernet0/8
switchport access vlan 10
!
interface FastEthernet0/9
switchport access vlan 10
!
interface FastEthernet0/10
no ip address
no ip directed-broadcast
no ip route-cache
shutdown
!
interface VLAN10
ip address 10.29.1.1 255.255.0.0
no ip directed-broadcast
no ip route-cache
!
ip default-gateway 10.29.1.2
snmp-server engineID local 000000090200000628F1D100
snmp-server community private RW
!
line con 0
transport input none
stopbits 1
line vty 0 4
password iem29
login
line vty 5 15
password iem29
login
!
end
(C) NAVAL:
NAVAL# sh run
Building configuration...
Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname NAVAL
!
enable secret 5 $1$EZdN$2Zwnhv0ktj48jUb8gJ1HJ.
!
!
!
!
!
!
ip subnet-zero
!
!
!
interface FastEthernet0/1
switchport access vlan 11
!
interface FastEthernet0/2
switchport access vlan 11
!
interface FastEthernet0/3
switchport access vlan 11
!
interface FastEthernet0/4
switchport access vlan 11
!
interface FastEthernet0/5
switchport access vlan 11
!
interface FastEthernet0/6
switchport access vlan 11
!
interface FastEthernet0/7
switchport access vlan 11
!
interface FastEthernet0/8
switchport access vlan 11
!
interface FastEthernet0/9
switchport access vlan 11
!
interface FastEthernet0/10
switchport access vlan 11
!
interface FastEthernet0/11
switchport access vlan 11
!
interface FastEthernet0/12
switchport access vlan 11
!
interface FastEthernet0/13
switchport access vlan 11
!
interface FastEthernet0/14
switchport access vlan 11
!
interface FastEthernet0/15
switchport access vlan 11
!
interface FastEthernet0/16
switchport access vlan 11
!
interface FastEthernet0/17
switchport access vlan 11
!
interface FastEthernet0/18
switchport access vlan 11
!
interface FastEthernet0/19
switchport access vlan 11
!
interface FastEthernet0/20
switchport access vlan 11
!
interface FastEthernet0/21
switchport access vlan 11
!
interface FastEthernet0/22
switchport access vlan 11
!
interface FastEthernet0/23
switchport access vlan 11
!
interface FastEthernet0/24
switchport access vlan 11
!
interface GigabitEthernet0/1
switchport access vlan 11
switchport trunk allowed vlan 1,11,1002-1005
switchport mode trunk
!
interface GigabitEthernet0/2
!
interface VLAN1
no ip address
no ip directed-broadcast
no ip route-cache
shutdown
!
interface VLAN11
ip address 10.24.1.1 255.255.0.0
no ip directed-broadcast
no ip route-cache
!
ip default-gateway 10.24.1.2
snmp-server engineID local 0000000902000006530F3940
snmp-server community private RW
snmp-server community public RO
!
line con 0
transport input none
stopbits 1
line vty 0 4
password naval24
login
line vty 5 15
password naval24
login
!
end
(D) CRF:
CRF# sh run
Building configuration...
Current configuration:
!
version 11.2
no service pad
no service udp-small-servers
no service tcp-small-servers
!
hostname CRF
!
enable secret 5 $1$MyCd$gtAw7RYfT5bu1q5hxQ6aA/
!
!
!
!
interface VLAN1
no ip address
no ip route-cache
shutdown
!
interface VLAN17
ip address 10.42.1.1 255.255.0.0
no ip route-cache
!
interface FastEthernet0/1
switchport access vlan 17
!
interface FastEthernet0/2
switchport access vlan 17
!
interface FastEthernet0/3
switchport access vlan 17
!
interface FastEthernet0/4
switchport access vlan 17
!
interface FastEthernet0/5
switchport access vlan 17
!
interface FastEthernet0/6
switchport access vlan 17
!
interface FastEthernet0/7
switchport access vlan 17
!
interface FastEthernet0/8
switchport access vlan 17
!
interface FastEthernet0/9
switchport access vlan 17
!
interface FastEthernet0/10
switchport access vlan 17
!
interface FastEthernet0/11
switchport access vlan 17
!
interface FastEthernet0/12
switchport access vlan 17
!
interface FastEthernet0/13
switchport access vlan 17
!
interface FastEthernet0/14
switchport access vlan 17
!
interface FastEthernet0/15
switchport access vlan 17
!
interface FastEthernet0/16
switchport access vlan 17
!
interface FastEthernet0/17
switchport access vlan 17
!
interface FastEthernet0/18
switchport access vlan 17
!
interface FastEthernet0/19
switchport access vlan 17
!
interface FastEthernet0/20
switchport access vlan 17
!
interface FastEthernet0/21
switchport access vlan 17
!
interface FastEthernet0/22
switchport access vlan 17
!
interface FastEthernet0/23
switchport access vlan 17
!
interface FastEthernet0/24
switchport access vlan 17
!
interface GigabitEthernet1/1
switchport access vlan 17
!
ip default-gateway 10.42.1.2
snmp-server community private RW
snmp-server community public RO
snmp-server chassis-id 0x10
!
line con 0
stopbits 1
line vty 0 4
password crf42
login
line vty 5 9
login
!
end
Enter password:
Console> en
Enter password:
Console> (enable) sh config
This command shows non-default configurations only.
Use 'show config all' to show both default and non-default configurations.
..................
..................
..................
begin
!
# ***** NON-DEFAULT CONFIGURATION *****
!
!
#time: Thu Sep 12 2002, 04:45:58
!
#version 6.1(3)
!
!
#system web interface version Engine: 5.3 ADP device: Cat6000 ADP Version: 1.5 A
DK: 40
!
set password $2$0o8Z$Uzhvc1xPbFk4WnBzZ03zI0
set enablepass $2$CBqb$n64swmlNxNXQ9QOVlxpSO0
!
#errordetection
set errordetection portcounter enable
!
#!
#vtp
set vtp domain NEHRU
set vlan 1 name default type ethernet mtu 1500 said 100001 state active
set vlan 613 name NEHRU_CORE1 type ethernet mtu 1500 said 100613 state active
set vlan 614 name NEHRU_CORE2 type ethernet mtu 1500 said 100614 state active
set vlan 815 name NEHRU_A_GND type ethernet mtu 1500 said 100815 state active
set vlan 816 name NEHRU_B_GND type ethernet mtu 1500 said 100816 state active
set vlan 817 name NEHRU_B_1ST type ethernet mtu 1500 said 100817 state active
set vlan 818 name NEHRU_B_2ND type ethernet mtu 1500 said 100818 state active
set vlan 819 name NEHRU_C_GND type ethernet mtu 1500 said 100819 state active
set vlan 820 name NEHRU_C_1ST type ethernet mtu 1500 said 100820 state active
set vlan 821 name NEHRU_C_2ND type ethernet mtu 1500 said 100821 state active
set vlan 822 name NEHRU_D_GND type ethernet mtu 1500 said 100822 state active
set vlan 823 name NEHRU_D_1ST type ethernet mtu 1500 said 100823 state active
set vlan 824 name NEHRU_D_2ND type ethernet mtu 1500 said 100824 state active
set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active
set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state activ
e stp ieee
set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state active st
p ibm
set vlan 640-641
set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state acti
ve mode srb aremaxhop 0 stemaxhop 0 backupcrf off
!
#ip
set interface sc0 1 10.200.1.108/255.255.255.0 10.200.1.255
Enter password:
Console> session 15
Trying Router-15...
Connected to Router-15.
Escape character is '^]'.
NEHRU>en
Password:
NEHRU#sh run
Building configuration...
!
boot system flash bootflash:c6msfc2-psv-mz.121-7a.E1
enable password core1
!
ip subnet-zero
!
!
no ip finger
ip domain-name nehru.iitkgp.ernet.in
ip name-server 10.129.100.14
ip name-server 10.128.2.2
ip name-server 144.16.192.55
ip dhcp database ftp://dhcplog:dhcplog@10.129.100.14/router-dhcp write-delay 120
ip dhcp excluded-address 10.108.1.1 10.108.1.31
ip dhcp excluded-address 10.108.2.1 10.108.2.31
ip dhcp excluded-address 10.108.3.1 10.108.3.31
ip dhcp excluded-address 10.108.4.1 10.108.4.31
ip dhcp excluded-address 10.108.5.1 10.108.5.31
ip dhcp excluded-address 10.108.6.1 10.108.6.31
ip dhcp excluded-address 10.108.7.1 10.108.7.31
ip dhcp excluded-address 10.108.8.1 10.108.8.31
ip dhcp excluded-address 10.108.9.1 10.108.9.31
ip dhcp excluded-address 10.108.10.1 10.108.10.31
!
ip dhcp pool NEHRU
network 10.108.0.0 255.255.0.0
domain-name nehru.iitkgp.ernet.in
dns-server 10.129.100.14 10.128.2.2 144.16.192.55
netbios-name-server 10.129.100.14 10.128.2.2
netbios-node-type h-node
!
ip dhcp pool NEHRU_A_GND
network 10.108.1.0 255.255.255.0
default-router 10.108.1.2
!
ip dhcp pool NEHRU_B_GND
network 10.108.2.0 255.255.255.0
default-router 10.108.2.2
!
ip dhcp pool NEHRU_B_1ST
network 10.108.3.0 255.255.255.0
default-router 10.108.3.2
!
ip dhcp pool NEHRU_B_2ND
network 10.108.4.0 255.255.255.0
default-router 10.108.4.2
!
ip dhcp pool NEHRU_C_GND
network 10.108.5.0 255.255.255.0
default-router 10.108.5.2
!
ip dhcp pool NEHRU_C_1ST
network 10.108.6.0 255.255.255.0
default-router 10.108.6.2
!
ip dhcp pool NEHRU_C_2ND
network 10.108.7.0 255.255.255.0
default-router 10.108.7.2
!
ip dhcp pool NEHRU_D_GND
network 10.108.8.0 255.255.255.0
default-router 10.108.8.2
!
ip dhcp pool NEHRU_D_1ST
network 10.108.10.0 255.255.255.0
default-router 10.108.10.2
!
ip dhcp pool NEHRU_D_2ND
network 10.108.9.0 255.255.255.0
default-router 10.108.9.2
!
ip multicast-routing
!
!
!
interface Vlan613
description NEHRU TO FOUNDATION CORE1
ip address 10.200.13.2 255.255.255.0
ip pim dense-mode
!
interface Vlan614
description NEHRU TO FOUNDATION CORE2
ip address 10.200.14.2 255.255.255.0
ip pim dense-mode
!
interface Vlan815
description NEHRU TO BLOCK A GROUND FLOOR
ip address 10.108.1.2 255.255.255.0
ip access-group 8 out
ip pim dense-mode
!
interface Vlan816
description NEHRU TO BLOCK B GROUND FLOOR
ip address 10.108.2.2 255.255.255.0
ip access-group 8 out
ip pim dense-mode
!
interface Vlan817
description NEHRU TO BLOCK B 1ST FLOOR
ip address 10.108.3.2 255.255.255.0
ip access-group 8 out
ip pim dense-mode
!
interface Vlan818
description NEHRU TO BLOCK B 2ND FLOOR
ip address 10.108.4.2 255.255.255.0
ip pim dense-mode
!
interface Vlan819
description NEHRU TO BLOCK C GND FLOOR
ip address 10.108.5.2 255.255.255.0
ip access-group 8 out
ip pim dense-mode
!
interface Vlan820
description NEHRU TO BLOCK C 1ST FLOOR
ip address 10.108.6.2 255.255.255.0
ip access-group 8 out
ip pim dense-mode
!
interface Vlan821
description NEHRU TO BLOCK C 2ND FLOOR
ip address 10.108.7.2 255.255.255.0
ip access-group 8 out
ip pim dense-mode
!
interface Vlan822
description NEHRU TO BLOCK D GND FLOOR
ip address 10.108.8.2 255.255.255.0
ip access-group 8 out
ip pim dense-mode
!
interface Vlan823
description NEHRU TO BLOCK D 2ND FLOOR
ip address 10.108.9.2 255.255.255.0
ip access-group 8 out
ip pim dense-mode
!
interface Vlan824
description NEHRU TO BLOCK D 1ST FLOOR
ip address 10.108.10.2 255.255.255.0
ip access-group 8 out
ip pim dense-mode
!
router ospf 109
log-adjacency-changes
network 10.108.0.0 0.0.255.255 area 108
network 10.200.0.0 0.0.255.255 area 0
!
ip classless
Enter password:
Enter password:
patel-core> (enable) sh config
This command shows non-default configurations only.
Use 'show config all' to show both default and non-default configurations.
..................
..................
.................
begin
!
# ***** NON-DEFAULT CONFIGURATION *****
!
!
#time: Wed Sep 9 2002, 20:08:29
!
#version 6.1(3)
!
!
#system web interface version Engine: 5.3 ADP device: Cat6000 ADP Version: 1.5 A
DK: 40
!
set password $2$C6Z6$fZgFmnuHFcchsaWsOQXxH/
set enablepass $2$ge4N$yenql99eAru6gsajnw7el0
!
#errordetection
set errordetection portcounter enable
!
#!
#vtp
set vtp domain PATEL
set vlan 1 name default type ethernet mtu 1500 said 100001 state active
set vlan 615 name PATEL_CORE1 type ethernet mtu 1500 said 100615 state active
set vlan 616 name PATEL_CORE2 type ethernet mtu 1500 said 100616 state active
set vlan 785 name PATEL_A_GND type ethernet mtu 1500 said 100785 state active
set vlan 786 name PATEL_B_GND type ethernet mtu 1500 said 100786 state active
set vlan 787 name PATEL_B_1ST type ethernet mtu 1500 said 100787 state active
set vlan 788 name PATEL_B_2ND type ethernet mtu 1500 said 100788 state active
set vlan 789 name PATEL_C_GND type ethernet mtu 1500 said 100789 state active
set vlan 790 name PATEL_C_1ST type ethernet mtu 1500 said 100790 state active
set vlan 791 name PATEL_C_2ND type ethernet mtu 1500 said 100791 state active
set vlan 792 name PATEL_D_GND type ethernet mtu 1500 said 100792 state active
set vlan 793 name PATEL_D_1ST type ethernet mtu 1500 said 100793 state active
set vlan 794 name PATEL_D_2ND type ethernet mtu 1500 said 100794 state active
set vlan 852 name PATEL_ZH1 type ethernet mtu 1500 said 100852 state active
set vlan 853 name PATEL_ZH2 type ethernet mtu 1500 said 100853 state active
set vlan 854 name PATEL_ZH3 type ethernet mtu 1500 said 100854 state active
set vlan 855 name PATEL_ZH4 type ethernet mtu 1500 said 100855 state active
set vlan 856 name PATEL_ZH5 type ethernet mtu 1500 said 100856 state active
set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active
set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state activ
e stp ieee
set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state active st
p ibm
set vlan 640-641
set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state acti
ve mode srb aremaxhop 0 stemaxhop 0 backupcrf off
!
#ip
set interface sc0 1 10.200.1.109/255.255.255.0 10.200.1.255
default-router 10.109.3.2
!
ip dhcp pool PATEL_B_2ND
network 10.109.4.0 255.255.255.0
default-router 10.109.4.2
!
ip dhcp pool PATEL_C_GND+GND1
network 10.109.5.0 255.255.255.0
default-router 10.109.5.2
!
ip dhcp pool PATEL_C_1ST
network 10.109.6.0 255.255.255.0
default-router 10.109.6.2
!
ip dhcp pool PATEL_C_2ND+2ND1
network 10.109.7.0 255.255.255.0
default-router 10.109.7.2
!
ip dhcp pool PATEL_D_GND
network 10.109.8.0 255.255.255.0
default-router 10.109.8.2
!
ip dhcp pool PATEL_D_1ST
network 10.109.9.0 255.255.255.0
default-router 10.109.9.2
!
ip dhcp pool PATEL_D_2ND
network 10.109.10.0 255.255.255.0
default-router 10.109.10.2
!
ip dhcp pool PATEL
network 10.109.0.0 255.255.0.0
domain-name patel.iitkgp.ernet.in
dns-server 10.129.100.15 10.128.2.2 144.16.192.55
netbios-name-server 10.129.100.15 10.128.2.2
netbios-node-type h-node
!
ip dhcp pool ZH_1_GND
network 10.114.1.0 255.255.255.0
default-router 10.114.1.2
!
ip dhcp pool ZH_2_GND
network 10.114.2.0 255.255.255.0
default-router 10.114.2.2
!
ip dhcp pool ZH_3_GND
network 10.114.3.0 255.255.255.0
default-router 10.114.3.2
!
ip dhcp pool ZH_4_GND
interface Vlan788
description PATEL TO BLOCK B 2ND FLOOR
ip address 10.109.4.2 255.255.255.0
ip access-group 9 out
ip pim dense-mode
!
interface Vlan789
description PATEL TO BLOCK C GROUND FLOOR
ip address 10.109.5.2 255.255.255.0
ip access-group 9 out
ip pim dense-mode
!
interface Vlan790
description PATEL TO BLOCK C 1ST FLOOR
ip address 10.109.6.2 255.255.255.0
ip access-group 9 out
ip pim dense-mode
!
interface Vlan791
description PATEL TO BLOCK C 2ND FLOOR
ip address 10.109.7.2 255.255.255.0
ip access-group 9 out
ip pim dense-mode
!
interface Vlan792
description PATEL TO BLOCK D GND FLOOR
ip address 10.109.8.2 255.255.255.0
ip access-group 9 out
ip pim dense-mode
!
interface Vlan793
description PATEL TO BLOCK D 1ST FLOOR
ip address 10.109.9.2 255.255.255.0
ip access-group 9 out
ip pim dense-mode
!
interface Vlan794
description PATEL TO BLOCK D 2ND FLOOR
ip address 10.109.10.2 255.255.255.0
ip access-group 9 out
ip pim dense-mode
!
interface Vlan852
description PATEL TO ZH BLOCK 1 GROUND FLOOR
ip address 10.114.1.2 255.255.255.0
ip access-group 9 out
ip pim dense-mode
!
interface Vlan853
description PATEL TO ZH BLOCK 2 GROUND FLOOR
# QoS Implementation.
# Cache-Engine Implementation.
10.161.1.2 10.162.1.2
Vlan 712
10. 211.1.1
# QoS Implementation.
G AT E W AY R O UTE R
S 0 - 2 03. 192 . 34 . 22 6 / 3 0
E1
61. 11. 237. 1/ 25 E 0 - 61. 11. 237. 254 / 30
M O DE M
F IR EW ALL
10. 250. 1. 4 / 24
10. 250. 1. 2 / 24 Firew all Vlan
C OR E
D IST 2
HAL L N E TW OR K
10. 0. 0 . 0 / 10
10. 9 6. 0 . 0 / 255 . 22 4. 0 . 0
AC AD E M IC NE TW OR K
L in k U t iliz a t io n R e p o rt w h e n th e re is n o P o lic y
PO L IC Y IM PL EM EN TATIO N
Traffic policy im plem ented f or all traffic com ing to the
1/1 p ort of th e core sw itch w hich is conn ected to f irew all
V LA N
#qos
set qo s e nable
set qo s policer a ggregate qo s_te st rate 2000 burst 2000 drop
set qo s acl ip tcp_co nt d scp 0 aggregate qo s_te st tcp any a ny
co mmit qo s acl all
set port qos 1/1 vla n-ba sed
set qo s acl map tcp_co nt 650
Sha p ing is no t P o s s ib le w it h C a t O S
time-range halltime
periodic weekdays 17:00 to 23:59
periodic weekdays 0:00 to 8:00
periodic weekend 0:00 to 23:59
# Cache-Engine Implementation.
I nternet
C o nte nt E n gine V la n C o n f
Int V la n 6 4 1
Ip : 1 0.1 29. 50. 2 F IREW
IR EW ALL
Ip r o ut e-
e - ca c h e sa m e-
e- F irew a ll V la n
int erfa c e
FIR E W AL L V L AN
CONF
Int V la n 6 5 0
IP : 1 0.2 5 0.1.4
Ip w cc p w eb-
eb -
o ut ca c h e r e d ir ect
SERV
VEE RFA
R FA R M F O UN D AT IO N C ORE
H all D ist
CDM D ifferen t H alls
C a ch e E ng in e C o n fig
H all Ac c es s
W ccp ro uter - lis t 1 1 0.1 2 9.5 0.2
W ccp w e b-
b - ca c h e ro ut er-
er - list
list-- nu m 1 C E - 507
W ccp ve rsio n 2
Through a g rap hical W eb-brow ser-bas ed us er, the netw ork adm inist rator
can enab le content provide rs across the com pa ny to im port and distribute
rich lea rnin g or com m unications using the netw o rk setting s he ld by the
CDM .
The CDM en able s the adm inistrator to m o nitor the health of the e ntire
delivery netw ork, includ ing all th e Cisco Cont ent Eng ine s located at end -
user sites.
CISCO
CIS CO Content E ngine
Engine
Cisco CEs w ork in conjunction with t he ex isting n etw ork infrast ructure
to localize traffic, rather tha n pull rich files over t he W AN . By
stream ing rich m edia locally, enterprises can no w delive r hig her-
bandw idth a nd su bseq uently high er-im pact inform ation to th e le arn er.
Content eng ine s can also b e used to cache static or stream ing W e b
content from sites such as Ya hoo.co m or CN N .com for better n etwork
perform a nce, and eve n to block or filte r nonprod uctive, nonbusines s
W eb sites fo r im proved p roductivity.
Concurrent Connections
D isk Space
CONCURRENT CONNECTIONS
DISK SPACE
In order to allo w a CE to function that is, cache content objects need
to spend some period of time in the CE. The minimum cache storag e
time should be around 24 hours, preferably up to 72 hours, to maximize
maximize
cache savings.
Cache Storag
Storagee required for 24 Hours =
Avg TPS * Avg Object size(bytes) * seconds in 24 hours * (1 -anticip ated
byte hit rate)
---------------------------------------------------------------- --------------------
Bytes in a gigabytes
W orking in the assumption that we are going to see a daily average average of
100 TPS (~10 mbit/sec)an average HTTP object size of 9.5 kbytes and
an anticipated cache hit ratio of 35% , we end up with
Cache Storag
Storagee req for 24 hours = 100*9500*86400*(1-
100*9500*86400*(1-0.35)
---------------------------------
1, 000, 000, 000
= 53. 352 gigabytes
So the min number of CE req for 24 hours caching = 7 (Hard disk
capacity of each CE is 8 G B).
Savings Statistics
Savings Statistics
Performance Statistics
Savings Statistics
Savings Statistics
Savings Statistics
= 14.26 gigabytes
Savings Statistics
Savings Statistics
Savings Statistics
Savings Statistics
Savings Statistics
Savings Statistics
C on tent
ten t Engin e As a Pro xy Server
Proxy
Savings Statistics
Savings Statistics
Savings Statistics
Savings Statistics
Savings Statistics
Savings Statistics
Savings Statistics
Savings Statistics
Savings Statistics
Savings Statistics
Savings Statistics
Savings Statistics
Caching Benefits
21. GLOSSARY
1. Data Sheet
Cisco Catalyst 6500 Series
Overview
The Cisco Catalyst 6500 Series delivers secure, converged services from the wiring closet to the
WAN edge. Providing scalable intelligent multilayer switching performance for both enterprise and
service provider networks, the Cisco Catalyst 6500 Series supports 48 to 576 10/100 Ethernet port
configurations, delivering 210 million packets-per-second throughput across network cores and
multiple gigabit-per-second trunks. Designed to maximize network uptime and investment
protection, the Cisco Catalyst 6500 Series supports an unparalleled range of services, including data
and voice integration and LAN, WAN, and, metropolitan-area network (MAN) convergence.
Operational consistency is achieved by sharing a common set of modules (Cisco Catalyst 6500 Series
modules and Cisco 7600 Series WAN port adapters), the Cisco Catalyst Operating System (CatOS),
and Cisco IOS Software, including the command-line interface (CLI) and network management
tools, across four modular chassis that can be deployed anywhere in the network. By integrating
advanced multigigabit Layer 2-7 services such as security and content into a converged network, the
Cisco Catalyst 6500 Series optimizes IT infrastructure utilization and maximizes return on
investment. Together with the Cisco Catalyst 4500, 3550, and 2950 series switches, Cisco Systems
delivers the widest range of intelligent switching solutions, enabling multimedia, mission-critical data
and voice applications in both corporate intranets and the Internet end to end (refer to Figure 1).
The Cisco Catalyst 6500 Series delivers exceptional scalability, price, and performance, supporting a
wide range of interface densities, performance, and high-availability options, including:
Flexible 3-, 6-, 9-, and 13-slot chassis configurations that allow one platform to be deployed
in wiring closet, core, data center, and WAN edge
Fast 2-3 second stateful failover of redundant supervisors and integrated services
Interface options from 10 Mbps to 10 Gbps Ethernet and DS0 to OC-48 WAN interfaces as
well as integrated services modules
Feature-rich CatOS and Cisco IOS Software choices supported on all supervisor forwarding
engines
Common CLI with Cisco Catalyst 5000/5500 Series for operational consistency and easy
migration
Integrated multigigabit network security (firewall, intrusion detection, Secure Sockets Layer
[SSL], and virtual private network [VPN]) and network analysis modules (NAMs)
User-upgradable IP telephony support for up to 576 ports with high-density public switched
telephone network (PSTN) or private branch exchange (PBX) gateway (8 T1 or E1s per
module) and traditional phone or fax support (24 foreign exchange station [FXS] ports per
module) for maximum investment protection
As a key component of Cisco AVVID (Architecture for Voice, Video and Integrated Data), the Cisco
Catalyst 6500 Series provides unprecedented business agility by enabling the enterprise to rapidly
deploy new Internet business applications in order to boost revenue and reduce operational costs.
Network policy can be applied end to end based on Layer 2, 3, and 4 information such as specific
users, IP addresses, or applications. Coupled with application intelligence, QoS mechanisms, and
security, customers can more effectively use their network for increased client services such as
multicast and workforce optimization, e-commerce, e-learning, as well as more cost-effective
corporate communication and supply-chain management applications without sacrificing network
performance.
The Cisco Catalyst 6500 Series provides a powerful e-commerce solution by combining these
capabilities with the integrated multigigabit SSL services module and the industry's highest-
performance content switching module. Secure Hypertext Transfer Protocol (HTTPS) content
requests are secured by offloading the SSL processing from Web servers to the Cisco Catalyst 6500
Series SSL service module and load balanced across multiple servers via the content switching
module, allowing the servers to handle peak traffic demands without degrading the user experience.
Table 1 lists the features of the Cisco Catalyst 6500 Series.
2. Data Sheet
Catalyst 6000 Family Gigabit Ethernet Modules
Overview
The Catalyst 6500 and 6000 Series meet the demands of today's most demanding and fast-
growing enterprise and service-provider networks with high-performance gigabit ethernet switching
modules. Available in 8- or 16-port versions, the Catalyst 6500 Series and 6000 Series Gigabit
Ethernet switching modules are ideal for deployment in gigabit backbone and server-farm
configurations or for aggregation of high-density 10/100-megabits per second (mbps) wiring closets.
Up to eight gigabit ethernet modules can be added to a single nine-slot catalyst 6000 family, for a
maximum of 130 gigabit ports per platform.
Product Description
Gigabit Ethernet Modules for the Catalyst 6000 Family
The Catalyst 6000 family, consisting of the Catalyst 6000 series and 6500 series, delivers a scalable,
industry-leading Gigabit Ethernet solution for today's growing enterprise and service-provider
networks. The Catalyst 6000 series delivers 32 Gigabits per second (Gbps) of backplane bandwidth,
while the Catalyst 6500 series is scalable to 256 Gbps. The Catalyst 6000 family 8- and 16-port
Gigabit Ethernet modules are IEEE standards compliant and support full-duplex operation. The
Catalyst 6000 family provides industry leading port density of up to 194 Gigabit ports in a 13-slot
chassis,
Designed for a wide range of Gigabit Ethernet applications, the 16-port Gigabit Ethernet modules are
available in a variety of interfaces: small form factor MT-RJ connectors, SX, LX/LH, and ZX GBICs,
and RJ-45 connectors for Category 5 copper cabling.
Designed to meet the growing demand of gigabit switching applications in both the enterprise and
service-provider networks, a wide range of 16-port fabric-enabled Gigabit Ethernet modules are
available for the Catalyst 6500 series 256-Gbps platform. These fabric-enabled gigabit modules come
with either a single or dual interfaces to the switching fabric with centralized or distributed
forwarding capabilities, providing excellent scalability and performance. These fabric-enabled gigabit
modules all support the GBIC interfaces (SX, LX/LH, and ZX), or Category 5 RJ-45 copper interfaces
providing further flexibility in system design.
The Catalyst 6500 series 256-Gbps platform supports hardware-based Cisco Express Forwarding
(CEF), as well as distributed CEF for maximum control-plane and forwarding performance. This is
ideally suited for gigabit switching applications such as e-commerce, Web hosting, and content
delivery in enterprise and service-provider networks. All fabric-enabled Gigabit Ethernet modules can
support distributed forwarding. For those modules utilizing centralized forwarding, the distributed-
forwarding capabilities can be added later via a daughter-card field upgrade, providing maximum
system flexibility and scalability.
3. Data Sheet
Switch Fabric Module
Overview
The Cisco Catalyst 6500 Series switch fabric modules, including the new Switch Fabric Module 2
(WS-X6500-SFM2) and the Switch Fabric Module (WS-C6500-SFM), in combination with the
Supervisor Engine 2, deliver an increase in available system bandwidth from the existing 32Gbps to
256 Gbps. This significant increase in available bandwidth ensures that the Cisco Catalyst 6500
Series continues to deliver not only best-in-class bandwidth, but also the performance and advanced
services required for today's most advanced networks.
Both the Switch Fabric Module 2 and the Switch Fabric Module provide frameworks for delivering
high-bandwidth architecture. These switch fabric modules are key enablers for the optional
distributed forwarding architecture that facilitates convergence of high traffic volumes at different
parts of the network. The Switch Fabric Module 2 and the Switch Fabric Module enable a new
architecture that allows 30 Mpps of Cisco Express Forwarding (CEF)-based central forwarding
performance on Supervisor Engine 2 and up to 210 Mpps of distributed forwarding performance. The
higher bandwidth and performance enabled by the switch fabric modules, coupled with advanced
services such as quality of service (QoS) and security in hardware via access control lists (ACLs),
make the Cisco Catalyst 6500 Series the premier platform for service providers and enterprises (see
Figure 1 and Figure 2.).
As networks continue to provision higher bandwidth applications, the Catalyst 6500 Series maximizes
scalability by enabling enhanced services without compromising performance. The switch fabric
modules utilize a crossbar architecture to deliver 256-Gbps total capacity with a high-speed point-to-
point connection to each line card. This provides a mechanism to forward packets between all point-
to-point connections between the slots simultaneously. Many ports can thus be simultaneously
transmitting and receiving data providing much higher aggregate throughput (see Figure 3).
The new Switch Fabric Module 2 (WS-X6500-SFM2) is supported in all Catalyst 6500 Series products,
while the Switch Fabric Module (WS-C6500-SFM) is supported in the Catalyst 6506 and Catalyst
6509. The new Switch Fabric Module 2 can be used in slots 7 or 8 in the Catalyst 6513. The new
Switch Fabric Module 2 and the Switch Fabric Module can be used in either slot 5 or 6 in the Catalyst
6506 and Catalyst 6509.
High Availability
Two switch fabric modules can be configured in a system for high availability. When installed in a
redundant configuration, failover time between fabrics is a few seconds and the full system
bandwidth of 256 Gbps remains available even following the failure of the active switch fabric
module. This minimizes the impact of outages to preserve high availability of mission-critical
applications in different network environments. In a single switch fabric module configuration with
modules supporting both bus and fabric interfaces, the system can fail over to the 32-Gbps
backplane bus if the switch fabric module fails, providing a highly available platform to host mission-
critical applications.
Scalable Performance
When populated with a switch fabric module, a Supervisor Engine 2 with Multilayer Switch Feature
Card (MSFC) 2, and fabric-enabled line cards, a Catalyst 6500 chassis can perform centralized Layer
2 and Layer 3 switching at 30 Mpps. When equipped with a Distributed Forwarding Card (DFC), each
fabric-enabled card can perform localized switching and increases total system performance up to
210 Mpps. This allows the Catalyst 6500 Series to significantly scale performance while continuing to
enable a host of advanced network services. This industry-leading performance, combined with the
host of advanced network services and wide array of interfaces to support LAN/MAN/WAN
connectivity, enables the Catalyst 6500 Series to deliver premier end-to-end solutions for large-scale
enterprise and service provider applications.(Traffic Flow between Two Fabric-Enabled Cards
Intelligent Services
Growing emphasis and reliance by enterprises upon high-bandwidth applications such as streaming
data, audio and video has led to an increase in multicast traffic. As high-bandwidth access to homes
becomes universal, there will also be an increasing demand for video streaming applications hosted
by service providers. This makes it imperative that networking equipment for both service providers
and enterprises incorporates features to forward multicast traffic at wire rate. The switch fabric
modules incorporate built-in capabilities to handle multicast in an optimal fashion.
The switch fabric modules use highly efficient packet forwarding for unicast, broadcast, and
multicast traffic. The switch fabric modules use a 3X overspeed architecture to handle
multidestination traffic. This architecture, coupled with multicast replication performed in hardware
on the Supervisor Engine and distributed switching line cards, allows service providers and
enterprises to deploy high-bandwidth interactive and broadcast video applications without any
performance penalty.
Investment Protection
The switch fabric modules offer full investment protection to existing customers by providing a
migration path that allows a gradual transition to the new architecture. All existing line cards can be
inserted in the same chassis as the switch fabric module, allowing customers to gain increased
benefits of the new architecture while using existing cards. This compatibility enables customers to
continue to use the diverse interface types offered in the current solution and begin to deploy the
new fabric-enabled cards for performance enhancement through distributed forwarding and
increased bandwidth.
4. Data Sheet
Distributed Forwarding Card for the Catalyst 6500
The distributed forwarding card (DFC) for the Catalyst 6500 series delivers high-speed
distributed services and forwarding for deployment in data-center backbones and
server-farm aggregation. The DFC complements the centralized forwarding of the
Catalyst 6500 Supervisor Engine 2 by distributing the centralized forwarding intelligence
down to each DFC-enabled line-card module. This provides localized forwarding and
service decisions on each line card and accelerates the forwarding performance of the
Catalyst 6500 series to 100+ Mpps. (See Figure 1.)
Key Benefits
Scalable Performance for Service Providers and Enterprises
The DFC works in conjunction with the Switch Fabric Module, Supervisor Engine 2 with Multilayer
Switch Feature Card (MSFC) 2, and fabric-enabled cards (cards with a connection to the Switch
Fabric Module) to provide a framework for distributed Cisco Express Forwarding (CEF)-based
Although CEF is a Layer 3 forwarding mechanism, the Catalyst 6500 series solution also uses a
similar centralized and distributed mechanism for Layer 2 forwarding. This card is available as a
field-upgradable option on most of the new fabric-enabled line cards if one is not already installed.
Please refer to the Data Sheet for Gigabit Ethernet Cards on the Catalyst 6000 page:
http://www.cisco.com/go/6000.
CEF is a scalable, distributed, Layer 3 mechanism that allows the Catalyst 6000 family to meet the
dynamic requirements of service-provider and enterprise networks. This technology first evolved to
accommodate a large number of short-duration flows resulting from Web-based and interactive
applications. Service providers and large enterprises tend to have a large number of flows due to
Web-hosting and e-commerce applications, and they are the biggest beneficiaries of this technology.
In a traditional flow-based system, a cache is created using the routing table when the first packet
of the flow arrives. All subsequent packets in the flow use the cached entry. This is an efficient
mechanism when network conditions are relatively static, and when many different flows are
destined for the same destination. The cached entries are kept current as they are aged out or when
network topology changes occur.
The DFC replicates Layer 2 and 3 forwarding logic in hardware as well as a bus on each line card; it
is capable of a minimum of 15 Mpps of local switching. On a line card with a single serial connection
to the fabric, packets switched between two ports will be directly forwarded via the local forwarding
logic. On a line card with dual channel connections to the fabric, traffic between two ports would
either be locally switched or transmitted across the fabric using local forwarding logic but it will
never have to be centrally switched via the supervisor. Line cards that are DFC enabled are capable
of making forwarding decisions locally. This enables traffic flows to occur in parallel between line
cards, without being limited by centralized forwarding scalability. If there is a mixture of classic and
new fabric-enabled line cards in the system, the frame will be switched centrally by the supervisor if
there is a flow between classic and fabric-enabled cards. But, if the flow is between two fabric-
enabled cards with distributed forwarding, even when there is a classic card in the chassis, the
packet will be directly switched between cards without going through the supervisor. This card is an
essential component in enhancing scalability of the Catalyst 6000 family because, with each
individual card performing local switching, the total forwarding performance of the switch reaches
100 Mpps.
(TCP) intercept. This is especially useful in e-commerce and Web-hosting applications where security
and protection of servers and Web content is a key concern.
An MSFC2 is essential for creating the central FIB and hence must be configured in the chassis to
enable CEF as well as distributed forwarding.Because a replica of the central FIB must be
downloaded onto the line card, it offers the same DRAM options as the MSFC2. The DFC ships with
128 MB of DRAM and offers 256- and 512-MB upgrade options. The DRAM option required on DFC
will be dependent upon the route table size amount of DRAM on the MSFC2 to ensure that the local
line card is able to store the entire FIB located on Supervisor Engine 2. A failure to synchronize all
FIBs would lead to conflicting forwarding information and may lead to problems. The memory
requirements for the FIB are listed in table below:
Product Route Table Size Route Table SizeFLM: Route Table SizeFLM:
FLM1 50K VLSM2: 32 150 KVLSM: 64K 250KVLSM: 150K
K
Even though this distributed FIB mechanism does not require a cache to forward packets, a NetFlow
table is still created and maintained for accounting purposes. Each line card will have a NetFlow
table that can be exported as flows are aged out. Service-provider networks often utilize the NetFlow
Data Export mechanism to keep track of the customer packet flows for billing and accounting
purposes. In addition to providing performance scalability, DFC also helps scale control-plane
performance because, instead of cache maintenance, CPU cycles can now be used for routing and
enhanced services, intelligent services like IOS-Server Load balancing (IOS-SLB) and management.
Investment Protection
The DFC also provides full investment protection by giving customers the option to install this
feature card as a field-replaceable unit in most cases. This also offers modularity in price because
customers do not need to upgrade if the functionality is not required. The Catalyst 6500 series
continues to offer full support for not only the new fabric-enabled line cards, but also the classic line
cards, and line cards equipped with the DFC. These line cards may be intermixed within a single
chassis to provide maximum flexibility and investment protection.
Line-Card Support
Line cards currently supporting distributed forwarding via this card are listed below:
Software Requirements
A DFC is only supported in the Supervisor IOS mode and is not supported in Catalyst OS. To enable
distributed forwarded an MSFC2 and Supervisor IOS are both required. The software version
5. Data Sheet
Catalyst 6000 Intrusion Detection System Module
Internet and E-businesses are forcing organizations into an era of open and trusted communications.
This openness at the same time, brings its share of vulnerabilities and problems, pushing both
enterprises and service providers to take steps to guard their valuable data from intruders, hackers,
and insiders. At the same time, demand for higher network performance is driving the migration of
traditionally shared networks to switched networks. As we start deploying more and more content
aware services in the switched infrastructure, the need for security and intrusion detection is greater
than ever to ensure reliability for Internet commerce and Web applications. With most of the
Intrusion Detection System (IDS) products on the market today, devices must be placed on the
Switched Port Analyzer (SPAN) port to monitor network traffic. Although the SPAN port can provide
access to network traffic, it does have certain limitations (for example, limited number of SPAN
sessions, trunked traffic). The Catalyst 6000 IDS module is designed specifically to address
switched environments by integrating the IDS functionality directly into the switch and taking traffic
right off the switch back- plane, thus bringing both switching and security functionality into the same
chassis.
Organizations continue to deploy firewalls as their central gatekeepers to prevent unauthorized users
from entering their networks. However, network security is in many ways similar to physical security
in that no one technology serves all needsrather, a layered defense provides the best results.
Organizations are increasingly looking to additional security technologies to counter risk and
vulnerability that firewalls alone cannot address. Intrusion detection systems provide around-the-
clock network surveillance. They analyze the packet data streams within the network, searching for
unauthorized activity, such as attacks by hackers, enabling users to respond immediately to security
breaches. Using a physical analogy, IDS systems are equivalent to video cameras and motion
sensors; they detect unauthorized or suspicious activity.
Cisco Systems, the worldwide leader in networking for the Internet, addresses the need for intrusion
detection in switched local-area network (LANs) with an integrated solution with the IDS module, in
addition to the complete family of Cisco Secure IDS appliance sensors, for its award-winning, high-
performance Catalyst 6000 switch series. The IDS module allows security and network
administrators to monitor network traffic right off the switch backplane rather than using external
IDS sensors connected to a switch SPAN port. This allows more granular access to the network
traffic and overcomes some of the limitations that external IDS sensors connected to SPAN ports
have.
Similar to how the Cisco Secure IDS appliance sensors operate, the IDS module detects
unauthorized activity traversing the network, such as attacks by hackers, and will send alarms to a
management console with details of the detected event. The security or network administrator
specifies the network traffic that must be inspected by the IDS module using the Catalyst OS virtual
LAN (VLAN) access control list (ACL) capture feature or SPAN functionality, allowing for very granular
traffic monitoring. In addition, the IDS module can be managed and monitored by the same
management console as the Cisco Secure IDS sensors, allowing customers to deploy both appliance
sensors and the IDS module to monitor critical subnets throughout their enterprise network.
Application
Intrusion Detection has become the fundamental enabling requirement for the successful content
networking and web hosting architecture. The IDS module is designed specifically to provide security
and network administrators the flexibility to monitor traffic flowing through their Catalyst 6000 family
switches throughout the network. The IDS module can help identify the denial of service attacks
including the distributed denial of service attacks (DDos).
With the widest range of attack recognition, IDS module provides best of the breed real time
intrusion detection solution available in the industry today. Because of the type and volume of traffic
at the network core, the IDS module is most effective in the distribution and access layers of the
network.
Integrated solutionThis IDS module is completely integrated within the Catalyst 6000,
occupying a single slot. This is particularly suited for deployments where rack space is at a
premium. The IDS is also fully integrated into the Cisco Secure IDS management
infrastructure for operational consistency and support.
Transparent operationThe IDS module does not impact switch performance. It is a passive
monitoring module that inspects copies of packets and is not in the switch-forwarding path.
Investment protectionWith the addition of the IDS module card to its portfolio, Cisco
continues to demonstrate investment protection in its switched infrastructure. The IDS
module enables customers to perform both security monitoring and switching functions
within the same chassis.
Ability to monitor multiple VLANs simultaneouslyThe IDS module can monitor traffic on
multiple VLANs simul- taneously (both ISL and 802.1q encoded) using either the VLAN ACL
capture feature or SPAN functionality. The capability overcomes some of the traditional
limitations of operating IDSs in switched environments.
Low cost of ownershipThe IDS module is simple to install, configure, and maintain. Because
it is completely interoperable with other Cisco Secure IDS devices and management
consoles, the IDS module is simply an extension of the classic switching environment and
security operations framework.
Performance Summary
Approximately 47,000 packets per second, with a new flow arrival rate of 1000 per second
Requires Catalyst Operating System Version 6.1(1) or higher (not supported in native Cisco
IOS software)
Policy feature card (PFC) required for VLAN ACL "capture" functionality
Compatible with both multilayer switch feature card (MSFC) and MSFC2, but not required
Configuring DHCP
This chapter describes how to configure Dynamic Host Configuration Protocol (DHCP). For a
complete description of the DHCP commands listed in this chapter, refer to the "DHCP Commands"
chapter of the Cisco IOS IP and IP Routing Command Reference publication. To locate
documentation of other commands that appear in this chapter, use the command reference master
index or search online.
As explained in RFC 2131, Dynamic Host Configuration Protocol, DHCP provides configuration
parameters to Internet hosts. DHCP consists of two components: a protocol for delivering host-
specific configuration parameters from a DHCP server to a host and a mechanism for allocating
network addresses to hosts. DHCP is built on a client/server model, where designated DHCP server
hosts allocate network addresses and deliver configuration parameters to dynamically configured
hosts.
DHCP supports three mechanisms for IP address allocation:
Dynamic allocationDHCP assigns an IP address to a client for a limited period of time (or
until the client explicitly relinquishes the address).
The format of DHCP messages is based on the format of Bootstrap Protocol (BOOTP) messages,
which ensures support for BOOTP relay agent functionality and interoperability between BOOTP
clients and DHCP servers. BOOTP relay agents eliminate the need for deploying a DHCP server on
each physical network segment. BOOTP is explained in RFC 951, Bootstrap Protocol (BOOTP), and
RFC 1542, Clarifications and Extensions for the Bootstrap Protocol.
DHCP Server Overview
The Cisco IOS DHCP server feature is a full DHCP server implementation that assigns and manages
IP addresses from specified address pools within the router to DHCP clients. If the Cisco IOS DHCP
server cannot satisfy a DHCP request from its own database, it can forward the request to one or
more secondary DHCP servers defined by the network administrator.
Figure 14 shows the basic steps that occur when a DHCP client requests an IP address from a DHCP
server. The client, Host A, sends a DHCPDISCOVER broadcast message to locate a Cisco IOS DHCP
server. A DHCP server offers configuration parameters (such as an IP address, a MAC address, a
domain name, and a lease for the IP address) to the client in a DHCPOFFER unicast message.
Note A DHCP client may receive offers from multiple DHCP servers and can accept any one of
the offers; however, the client usually accepts the first offer it receives. Additionally, the offer
from the DHCP server is not a guarantee that the IP address will be allocated to the client;
however, the server usually reserves the address until the client has had a chance to formally
request the address.
The client returns a formal request for the offered IP address to the DHCP server in a
DHCPREQUEST broadcast message. The DHCP server confirms that the IP address has been
allocated to the client by returning a DHCPACK unicast message to the client.
Note The formal request for the offered IP address (the DHCPREQUEST message) that is sent
by the client is broadcast so that all other DHCP servers that received the DHCPDISCOVER
broadcast message from the client can reclaim the IP addresses that they offered to the client.
If the configuration parameters sent to the client in the DHCPOFFER unicast message by the
DHCP server are invalid (a misconfiguration error exists), the client returns a DHCPDECLINE
broadcast message to the DHCP server.
The DHCP server will send to the client a DHCPNAK denial broadcast message, which means the
offered configuration parameters have not been assigned, if an error has occurred during the
negotiation of the parameters or the client has been slow in responding to the DHCPOFFER
message (the DHCP server assigned the parameters to another client) of the DHCP server.
The Cisco IOS DHCP server feature offers the following benefits:
Using automatic IP address assignment at each remote site substantially reduces Internet
access costs. Static IP addresses are considerably more expensive to purchase than are
automatically allocated IP addresses.
Because DHCP is easy to configure, it minimizes operational overhead and costs associated
with device configuration tasks and eases deployment by nontechnical users.
Centralized management
Because the DHCP server maintains configurations for several subnets, an administrator only
needs to update a single, central server when configuration parameters change.
Before you configure the Cisco IOS DHCP server feature, complete the following tasks:
Identify an external File Transport Protocol (FTP), Trivial File Transfer Protocol (TFTP), or
remote copy protocol (rcp) server that you will use to store the DHCP bindings database.
Identify the IP addresses that you will enable the DHCP server to assign, and the IP
addresses that you will exclude.
o Default router(s)
Note Inherited parameters can be overridden. For example, if a parameter is defined in both
the natural network and a subnetwork, the definition of the subnetwork is used.
Address leases are not inherited. If a lease is not specified for an IP address, by default, the
DHCP server assigns a one-day lease for the address.
To configure the Cisco IOS DHCP server feature, first configure a database agent or disable conflict
logging, then configure IP addresses that the DHCP server should not assign (excluded addresses)
and should assign (a pool of available IP addresses) to requesting clients. These configuration tasks
are explained in the following sections. Each task in the following list is identified as required or
optional.
Enabling the Cisco IOS DHCP Server and Relay Agent Features (Optional)
A DHCP database agent is any host, for example, an FTP, TFTP, or RCP server that stores the DHCP
bindings database. You can configure multiple DHCP database agents and you can configure the
interval between database updates and transfers for each agent. To configure a database agent and
database agent parameters, use the following command in global configuration mode:
Command Purpose
If you choose not to configure a DHCP database agent, disable the recording of DHCP address
conflicts on the DHCP server. To disable DHCP address conflict logging, use the following command
in global configuration mode:
Command Purpose
conflict logging
Excluding IP Addresses
The DHCP server assumes that all IP addresses in a DHCP address pool subnet are available for
assigning to DHCP clients. You must specify the IP address that the DHCP server should not assign
to clients. To do so, use the following command in global configuration mode:
Command Purpose
Router(config)# ip Specifies the IP addresses that the DHCP server should not assign to
DHCP clients.
dhcp excluded-
address
low-address [high-
address]
Configuring the DHCP Address Pool Name and Entering DHCP Pool Configuration Mode
To configure the DHCP address pool name and enter DHCP pool configuration mode, use the
following command in global configuration mode:
Command Purpose
Router(config)# Creates a name for the DHCP server address pool and places you in DHCP pool
ip configuration mode (identified by the config-dhcp# prompt).
Command Purpose
Router(config- Specifies the subnet network number and mask of the DHCP address pool.
dhcp)# The prefix length specifies the number of bits that comprise the address
prefix. The prefix is an alternative way of specifying the network mask of the
network client. The prefix length must be preceded by a forward slash (/).
network-number
[mask | /prefix-
length]
Note You can not configure manual bindings within the same pool that is configured with the
network command. To configure manual bindings, see the "Configuring Manual Bindings"
section.
Command Purpose
domain-name domain
Command Purpose
Router(config- Specifies the IP address of a DNS server that is available to a DHCP client. One
dhcp)# IP address is required; however, you can specify up to eight IP addresses in
one command line.
dns-server
address
[address2 ...
address8]
Configuring the NetBIOS Windows Internet Naming Service IP Servers for the Client
Windows Internet Naming Service (WINS) is a name resolution service that Microsoft DHCP clients
use to correlate host names to IP addresses within a general grouping of networks. To configure the
NetBIOS WINS servers that are available to a Microsoft DHCP client, use the following command in
DHCP pool configuration mode:
Command Purpose
Router(config- Specifies the NetBIOS WINS server that is available to a Microsoft DHCP
dhcp)# client. One address is required; however, you can specify up to eight
addresses in one command line.
netbios-name-server
address [address2 ...
address8]
Command Purpose
Router(config-dhcp)# Specifies the NetBIOS node type for a Microsoft DHCP client.
netbios-node-type type
Command Purpose
Router(config-dhcp)# Specifies the IP address of the default router for a DHCP client. One IP
address is required, although you can specify up to eight addresses in one
default-router command line.
address [address2 ...
address8]
Command Purpose
Router(config-dhcp)# Specifies the duration of the lease. The default is a one-day lease.
lease {days
[hours][minutes] | infinite}
To configure manual bindings, use the following commands beginning in global configuration mode:
Command Purpose
Step 1 Router(config)# Creates a name for the a DHCP server address pool and places you
ip in DHCP pool configuration modeidentified by the (config-dhcp)#
dhcp pool name prompt.
Step 2 Router(config- Specifies the IP address and subnet mask of the client.
dhcp)# The prefix length specifies the number of bits that comprise the
host address address prefix. The prefix is an alternative way of specifying the
[mask| /prefix- network mask of the client. The prefix length must be preceded by
length] a forward slash (/).
or
Router(config-
dhcp)#
client-identifier
unique-identifier
Step 4 Router(config- (Optional) Specifies the name of the client using any standard
dhcp)# ASCII character. The client name should not include the domain
client-name name. For example, the name mars should not be specified as
name mars.cisco.com.
Command Purpose
Router(config-dhcp)# Specifies the name of the file that is used as a boot image.
bootfile filename
Command Purpose
Router(config)# ip Specifies the number of ping packets the DHCP server sends to a pool
dhcp address before assigning the address to a requesting client. The default is
two packets.
ping packets
number
Command Purpose
Router(config)# ip Specifies the amount of time the DHCP server must wait before timing
dhcp ping out a ping packet. The default 500 milliseconds.
timeout milliseconds
Enabling the Cisco IOS DHCP Server and Relay Agent Features
By default, the Cisco IOS DHCP server and relay agent features are enabled on your router. To
reenable these features if they are disabled, use the following command in global configuration
mode:
Command Purpose
Router(config)# Enables the CiscoIOS DHCP server and relay features on your router.
Use the no form of this command to disable the Cisco IOS DHCP server and
service dhcp relay features.
Command Purpose
Router# clear Deletes an automatic address binding from the DHCP database. Specifying
ip dhcp address clears the automatic binding for a specific (client) IP address, whereas
specifying asterisk (*) clears all automatic bindings.
binding
address | *
Router# clear Clears an address conflict from the DHCP database. Specifying address clears the
ip dhcp conflict for a specific IP address whereas specifying an asterisk (*) clears
conflicts for all addresses.
conflict
address | *
server
statistics
To enable DHCP server debugging, use the following command in privileged EXEC mode:
Command Purpose
Router# debug ip dhcp server {events | Enables debugging on the DHCP server.
packets | linkage}
To display DHCP server information, use the following commands in EXEC mode, as needed:
Command Purpose
Router> show ip Displays a list of all bindings created on a specific DHCP server.
dhcp
binding [address]
Router> show ip Displays a list of all address conflicts recorded by a specific DHCP server.
dhcp
conflict [address]
database [url]
Router> show ip Displays count information about server statistics and messages sent and
dhcp received.
server statistics
Configuration Examples
This section provides the following configuration examples:
ip dhcp pool 0
domain-name cisco.com
netbios-node-type h-node
ip dhcp pool 1
lease 30
ip dhcp pool 2
lease 30
The following example creates a manual binding for a client named Mars.cisco.com. The MAC
address of the client is 02c7.f800.0422 and the IP address of the client is 172.16.2.254.
ip dhcp pool Mars
host 172.16.2.254
hardware-address 02c7.f800.0422 ieee802
client-name Mars
Because attributes are inherited, the previous configuration is equivalent to the following:
ip dhcp pool Mars
host 172.16.2.254 mask 255.255.255.0
hardware-address 02c7.f800.0422 ieee802
client-name Mars
default-router 172.16.2.100 172.16.2.101
domain-name cisco.com
dns-server 172.16.1.102 172.16.2.102
netbios-name-server 172.16.1.103 172.16.2.103
netbios-node-type h-node