JMDP 0147

3301
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition RJIL-IP-MGMT
description *** For Out-of-Band management ***
rd 172.26.131.192:29
!
address-family ipv4
route-target export 64820:133
route-target import 64820:13301
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition RJIL-OAM-ENB
description *** FOR O&M LTE SERVICES ***
rd 172.26.131.192:3
!
address-family ipv6
exit-address-family
!
vrf definition RJIL-SIGNALING-ENB
description *** FOR SIGNALLING LTE SERVICES ***
rd 172.26.131.192:1
!
address-family ipv6
exit-address-family
!
vrf definition RJIL-WIFI-CISCO
description *** FOR CISCO WIFI SERVICES ***
rd 172.26.131.192:4
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
logging buffered 65536 informational
no logging console
no logging monitor
enable secret 9 $14$vm.r$fHcApbtVXiM5nk$4en0Vab.J041rXNOES6OtnNpc6Qj/Ya6jgpkyKlHM8s
!
aaa new-model
!
!
aaa group server tacacs+ ACSSERVER
server name TACACS1
server name TACACS2
ip vrf forwarding RJIL-IP-MGMT
ip tacacs source-interface Loopback999
!
aaa authentication banner ^CUnauthorized acces is prohibited^C
aaa authentication login AAA-CONSOLE-LOCAL group ACSSERVER local
aaa authentication login AAA-VTY-ACS group ACSSERVER local
aaa authentication login AAA-LOCAL local
aaa authentication enable default group ACSSERVER enable
aaa authorization console
aaa authorization config-commands
aaa authorization exec AAA-VTY-ACS group ACSSERVER local
aaa authorization commands 1 AAA-VTY-ACS group ACSSERVER local
aaa authorization commands 10 default none
aaa authorization commands 15 AAA-VTY-ACS group ACSSERVER local
aaa accounting update newinfo
aaa accounting exec default start-stop group ACSSERVER
aaa accounting commands 1 default start-stop group ACSSERVER
aaa accounting commands 15 default start-stop group ACSSERVER
aaa accounting connection default start-stop group ACSSERVER
aaa accounting system default start-stop group ACSSERVER
!
!
!
!
!
!
aaa session-id common
aaa password restriction
process cpu threshold type total rising 80 interval 30
process cpu statistics limit entry-percentage 80 size 86400
clock timezone IST 5 30
!
!
!
!
!
!
!
!
!
no ip domain lookup
ip domain name INFRA.JIO.COM
ip multicast route-limit 8000
ip dhcp bootp ignore
!
!
!
login block-for 30 attempts 5 within 30
login delay 2
login quiet-mode access-class MGMT-VTY-IPv6
login on-failure log
login on-success log
ipv6 icmp error-interval 50 20
no ipv6 source-route
ipv6 nd cache interface-limit 50 log 1
ipv6 unicast-routing
ipv6 multicast-routing
!
!
!
!
!
!
!
mpls label protocol ldp
mpls ldp password option 10 for MPLS-LDP-IPv4 7
04695F21300D487E3629564400455E2B7B7F
mpls ldp graceful-restart
mpls ldp session protection
mpls ldp igp sync holddown 2000
mpls ldp discovery targeted-hello accept
multilink bundle-name authenticated
!
key chain ISIS-KEY
key 1
key-string 7 053952281E655D200A3A2741581E4A7804757C
accept-lifetime 01:00:00 Jan 1 2014 infinite
send-lifetime 01:00:00 Jan 1 2014 infinite
!
crypto pki trustpoint TP-self-signed-217520772
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-217520772
revocation-check none
rsakeypair TP-self-signed-217520772
!
crypto pki trustpoint SLA-TrustPoint
enrollment terminal
revocation-check none
!
!
crypto pki certificate chain TP-self-signed-217520772
certificate self-signed 03
30820229 30820192 A0030201 02020103 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32313735 32303737 32301E17 0D313630 32323230 36313635
345A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3231 37353230
37373230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
ACAF8451 F4E05B88 5EF9A1FF 05EB43F1 F738D520 542B1117 E8398302 696B241F
C16441ED B6792C8A 83C1E3BF F93E6071 2DD6B090 1A44FC3C 31945A9A 5508DA07
0062B7F9 9EC1D595 6C07599C B5805DC8 B08EA45D 0A183ADF 0545B341 C0330F28
BBEFEA53 F0D6A64C 1DFFFEA6 8A5D3344 D512042B FB62C511 6FB047BE A14433DB
02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
23041830 16801424 AC55A9AD 7BB5B7BE D7745156 652FF3C9 DC151F30 1D060355
1D0E0416 041424AC 55A9AD7B B5B7BED7 74515665 2FF3C9DC 151F300D 06092A86
4886F70D 01010505 00038181 0046164C 1E1B6FD6 1406A8AA DB289B40 005681C2
DC1FB6CD 0C89A95A 2A8FA771 6C0F893E A46B25B0 2DEEAEFD 7A328A8E D9A05B6F
537023DA DF41ABD0 289B571E 9B8F82CA F8533A3B F834DB88 7800721C 1F3E015A
591C1FE4 0207EA76 832B976C B8B4B021 0BB6C8AF FB427453 0AE14661 8DFF0AF9
ED2FA5EA E0CD4A90 8B8567E1 49
quit
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
D697DF7F 28
quit
!
license feature ptp
license udi pid ASR-920-10SZ-PD sn CAT1850U1TT
license accept end user agreement
license boot level advancedmetroipaccess
license smart enable
license smart transport callhome
archive
log config
logging enable
logging size 200
notify syslog contenttype plaintext
path bootflash:l2parentdelta
maximum 1
time-period 55
memory reserve critical 2000
memory free low-watermark processor 5000
file privilege 10
!
!
spanning-tree extend system-id
sdm prefer scaledipv6
mac-address-table limit bdomain 101 maximum 20
diagnostic bootup level minimal
!
username RjilUserDgD9BSf8 privilege 15 secret 9
$14$KjnP$pfIOCLW/HE2yzU$cjuLzaTo7Di7znpVjoEsaAXVPTKnPKW4fA5btVPLOzs
username LocalAuthRdOnly privilege 10 secret 9
$14$aqeE$OQ575vAiyPUPoU$VTmLiwXOa2wfyUdEhIusns8sAabU11BVxUxmKPqHuZ6
username RjilUserGdwxfMyY privilege 15 secret 9
$9$LQxJQhx3bFC5d.$T7QHBQl1wk/6ndFKbqwWe6PAqxz2/RoSbL.nGIudu6Q
username rjil privilege 15 secret Rjil123
!
redundancy
!
bfd-template single-hop FIBRE
interval microseconds min-tx 50000 min-rx 50000 multiplier 3
!
!
!
transceiver type all
monitoring
!
!
!
class-map match-any QOS-SIGNALING-QGRP
match qos-group 7
class-map match-any QOS-OAM-DSCP
match dscp cs2
class-map match-any QOS-CONTROL-DSCP
match dscp cs6
class-map match-any QOS-VOICE-QGRP
match qos-group 5
class-map match-any QOS-SIGNALING-DSCP
match dscp cs5
class-map match-any QOS-HOSTED-AV-SMARTSCHEDULER-EXP
match mpls experimental topmost 3
match dscp af32
class-map match-any QOS-OAM-QGRP
match qos-group 2
class-map match-any QOS-IPTV-EXP
class-map match-any QOS-CONTROL-QGRP
match qos-group 6
class-map match-any QOS-VOICE-DSCP
match dscp ef cs7
class-map match-any QOS-INT-PREMIUM-EXP
class-map match-any QOS-HOSTED-AV-SMARTSCHEDULER-QGRP
match qos-group 3
class-map match-any QOS-IPTV-QGRP
match qos-group 4
class-map match-any QOS-OAM-EXP
class-map match-any QOS-CONTROL-EXP
match ip precedence 6
class-map match-any QOS-HOSTED-AV-SMARTSCHEDULER-DSCP
match dscp af32
class-map match-any QOS-IPTV-DSCP
match dscp af31 af41
class-map match-all QOS-VOICE-EXP
class-map match-any QOS-SIGNALING-EXP
class-map match-any QOS-WIRELINE-QGRP
match qos-group 6
class-map match-any QOS-INT-PREMIUM-DSCP
match dscp af22
class-map match-any QOS-INT-PREMIUM-QGRP
match qos-group 1
class-map match-any QOS-VOICE-SIGNALING-QGRP
match qos-group 5
match qos-group 7
!
policy-map RJIL-QOS-NTWK-NNI-OUT-MW-500-CHILD
class QOS-VOICE-QGRP
priority level 1
police cir percent 25
set mpls experimental topmost 5
queue-limit 250000 bytes
class QOS-SIGNALING-QGRP
priority level 2
class QOS-CONTROL-QGRP
bandwidth percent 1
class QOS-IPTV-QGRP
bandwidth percent 20
class QOS-HOSTED-AV-SMARTSCHEDULER-QGRP
class QOS-OAM-QGRP
bandwidth percent 5
class QOS-INT-PREMIUM-QGRP
class class-default
policy-map RJIL-QOS-NTWK-NNI-OUT-MW-500
class class-default
shape average 450000000
service-policy RJIL-QOS-NTWK-NNI-OUT-MW-500-CHILD
policy-map RJIL-QOS-NTWK-NNI-OUT-MW-250-CHILD
priority level 1
priority level 2
bandwidth percent 1
class QOS-IPTV-QGRP
class QOS-OAM-QGRP
bandwidth percent 5
class class-default
policy-map RJIL-QOS-SC-UNI-IN-CHILD
class QOS-VOICE-DSCP
set qos-group 5
set mpls experimental imposition 5
class QOS-CONTROL-DSCP
set qos-group 6
class QOS-IPTV-DSCP
set qos-group 4
class QOS-HOSTED-AV-SMARTSCHEDULER-DSCP
set qos-group 3
class QOS-OAM-DSCP
set qos-group 2
class QOS-INT-PREMIUM-DSCP
set qos-group 1
class QOS-SIGNALING-DSCP
set qos-group 7
class class-default
policy-map RJIL-QOS-SC-UNI-IN-PARENT
class class-default
police 1000000000
service-policy RJIL-QOS-SC-UNI-IN-CHILD
policy-map RJIL-QOS-WAP-UNI-OUT-PARENT
priority level 1
priority level 2
bandwidth percent 1
class QOS-IPTV-QGRP
class QOS-OAM-QGRP
bandwidth percent 5
class class-default
policy-map RJIL-QOS-NTWK-NNI-OUT-MW-250
class class-default
shape average 230000000
service-policy RJIL-QOS-NTWK-NNI-OUT-MW-250-CHILD
policy-map RJIL-QOS-NTWK-NNI-OUT-PARENT
class QOS-VOICE-SIGNALING-QGRP
priority level 1
class QOS-WIRELINE-QGRP
priority level 2
class QOS-IPTV-QGRP
bandwidth remaining percent 28
class QOS-OAM-QGRP
class class-default
policy-map RJIL-QOS-IME-UNI-IN-PARENT
class class-default
set qos-group 2
police 1000000
policy-map RJIL-QOS-ENB-UNI-OUT-PARENT
class QOS-VOICE-SIGNALING-QGRP
priority level 1
class QOS-WIRELINE-QGRP
priority level 2
class QOS-IPTV-QGRP
class QOS-OAM-QGRP
class class-default
policy-map RJIL-QOS-WAP-UNI-IN-CHILD
set qos-group 5
set qos-group 6
class QOS-IPTV-DSCP
set qos-group 4
set qos-group 3
class QOS-OAM-DSCP
set qos-group 2
set qos-group 1
set qos-group 7
class class-default
policy-map RJIL-QOS-SC-UNI-OUT-PARENT
priority level 1
priority level 2
bandwidth percent 1
class QOS-IPTV-QGRP
class QOS-OAM-QGRP
bandwidth percent 5
class class-default
policy-map RJIL-QOS-ENB-UNI-IN-CHILD
set qos-group 5
set qos-group 6
class QOS-IPTV-DSCP
set qos-group 4
set qos-group 3
class QOS-OAM-DSCP
set qos-group 2
set qos-group 1
set qos-group 7
class class-default
policy-map RJIL-QOS-ENB-UNI-IN-PARENT
class class-default
police 100000000
service-policy RJIL-QOS-ENB-UNI-IN-CHILD
policy-map RJIL-QOS-WAP-UNI-IN-PARENT
class class-default
police 100000000
service-policy RJIL-QOS-WAP-UNI-IN-CHILD
policy-map RJIL-QOS-NTWK-NNI-IN-PARENT
class QOS-VOICE-EXP
set qos-group 5
class QOS-SIGNALING-EXP
set qos-group 7
class QOS-CONTROL-EXP
set qos-group 6
class QOS-IPTV-EXP
set qos-group 4
class QOS-HOSTED-AV-SMARTSCHEDULER-EXP
set qos-group 3
class QOS-OAM-EXP
set qos-group 2
class QOS-INT-PREMIUM-EXP
set qos-group 1
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description ## JMDPKHGTESR001-CORE-MGMT-LPBK ##
ip address 172.26.131.192 255.255.255.255
no ip redirects
no ip unreachables
no ip proxy-arp
ipv6 address 2405:200:201:3901:172:26:131:192/128
no ipv6 redirects
no ipv6 unreachables
isis tag 10
!
interface Loopback999
description *** Loopback interface for management ***
vrf forwarding RJIL-IP-MGMT
ip address 172.26.131.192 255.255.255.255
no ip redirects
no ip unreachables
no ip proxy-arp
ipv6 address 2405:200:204:139:172:26:131:192/128
no ipv6 redirects
!
interface GigabitEthernet0/0/0
description # SMPS #
dampening
mtu 9216
no ip address
load-interval 30
media-type rj45
negotiation auto
service instance 951 ethernet
description # IME-Utilities #
encapsulation untagged
bridge-domain 951
!
!
description # SMPS #
dampening
mtu 9216
no ip address
load-interval 30
media-type rj45
negotiation auto
bridge-domain 951
!
!
description # ACCESS CONTROL #
dampening
mtu 9216
no ip address
load-interval 30
media-type sfp
negotiation auto
bridge-domain 951
!
!
no ip address
shutdown
negotiation auto
!
no ip address
shutdown
negotiation auto
!
description # To eNode-B #
dampening
mtu 9216
no ip address
load-interval 30
media-type sfp
negotiation auto
service-policy input RJIL-QOS-ENB-UNI-IN-PARENT
service-policy output RJIL-QOS-ENB-UNI-OUT-PARENT
description # To eNode-B - R4G_Bearer #
encapsulation dot1q 101
rewrite ingress tag pop 1 symmetric
bridge-domain 101
!
description # To eNode-B - R4G_Signalling #
bridge-domain 102
!
description # To eNode-B - R4G_R4G_o&m #
bridge-domain 103
!
description # Multicast #
bridge-domain 104
!
!
description # TO-JMDPBURDESR001-GigabitEthernet0/0/6-MW #
dampening
mtu 9216
bandwidth 450000
no ip address
load-interval 30
carrier-delay up 2
carrier-delay down msec 0
media-type sfp
negotiation auto
cdp enable
synchronous mode
service-policy input RJIL-QOS-NTWK-NNI-IN-PARENT
service-policy output RJIL-QOS-NTWK-NNI-OUT-MW-500
description # Data Traffic #
l2protocol peer cdp
bridge-domain 352
!
description # Microwave Management #
bridge-domain 552
!
!
no ip address
shutdown
negotiation auto
!
interface TenGigabitEthernet0/0/8
no ip address
shutdown
!
description # To 5G Ericsson GNB #
mtu 9216
no ip address
load-interval 30
service-policy input RJIL-QOS-ENB-UNI-IN-CHILD
service-policy output RJIL-QOS-ENB-UNI-OUT-PARENT
description # To 5G-GNB_Bearer #
bridge-domain 141
!
description # To 5G-GNB_Signalling #
bridge-domain 142
!
description # To 5G-GNB_o&m #
bridge-domain 143
!
!
description # TO-JMDPGNTLESR001-TenGigabitEthernet0/0/11-Fiber #
dampening
mtu 9216
no ip address
load-interval 30
carrier-delay up 2
cdp enable
synchronous mode
service-policy output RJIL-QOS-NTWK-NNI-OUT-PARENT
l2protocol peer cdp
bridge-domain 354
!
!
description # TO-JMDPBLGMESR002-TenGigabitEthernet0/0/10-Fiber ##5303246 ##
dampening
mtu 9216
no ip address
load-interval 30
carrier-delay up 2
cdp enable
synchronous mode
service-policy output RJIL-QOS-NTWK-NNI-OUT-PARENT
l2protocol peer cdp
bridge-domain 355
!
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
interface BDI101
description # To eNode-B - R4G_Bearer #
vrf forwarding RJIL-BEARER-ENB
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 9216
load-interval 30
ipv6 address 2405:200:139:2300:3:2:101:7D/126
ipv6 enable
ipv6 mtu 9216
no ipv6 redirects
ipv6 traffic-filter INFRA-iACL-IPv6-LTE in
!
interface BDI102
description # To eNode-B - R4G_Signalling #
vrf forwarding RJIL-SIGNALING-ENB
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 9216
load-interval 30
ipv6 address 2405:200:139:2300:3:2:102:7D/126
ipv6 enable
ipv6 mtu 9216
no ipv6 redirects
!
interface BDI103
description # To eNode-B - R4G_R4G_o&m #
vrf forwarding RJIL-OAM-ENB
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 9216
load-interval 30
ipv6 address 2405:200:139:2300:3:2:103:7D/126
ipv6 enable
ipv6 mtu 9216
ipv6 nd managed-config-flag
no ipv6 redirects
ipv6 dhcp relay destination 2405:200:80E:732::10
!
interface BDI104
description # Multicast #
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 9216
load-interval 30
ipv6 enable
ipv6 mtu 9216
no ipv6 redirects
ipv6 mld query-timeout 180
ipv6 mld query-interval 60
ipv6 mld access-group MCAST-BDR-IPv6
ipv6 pim hello-interval 10
!
interface BDI141
description # To 5G-GNB_Bearer #
vrf forwarding RJIL-BEARER-ENB
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 9216
load-interval 30
ipv6 address 2405:200:5113:141::1:13A5/126
ipv6 enable
ipv6 mtu 9216
no ipv6 redirects
!
interface BDI142
description # To 5G-GNB_Signalling #
vrf forwarding RJIL-GNB-SIGNALING
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 9216
load-interval 30
ipv6 address 2405:200:5113:142::1:13A5/126
ipv6 enable
ipv6 mtu 9216
no ipv6 redirects
!
interface BDI143
description # To 5G-GNB_o&m #
vrf forwarding RJIL-GNB-OAM
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 9216
load-interval 30
ipv6 address 2405:200:5113:143::1:13A5/126
ipv6 enable
ipv6 mtu 9216
ipv6 nd managed-config-flag
ipv6 nd ra interval 30
no ipv6 redirects
ipv6 dhcp relay destination 2405:200:80E:3931:61::4
ipv6 dhcp relay source-interface BDI143
!
interface BDI352
description # TO-JMDPBURDESR001-GigabitEthernet0/0/6-MW #
ip address 172.31.123.194 255.255.255.254
ip helper-address 10.70.74.21
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 9216
ip router isis RAN
load-interval 30
ipv6 address 2405:200:139:0:172:31:123:194/127
ipv6 enable
ipv6 mtu 9216
no ipv6 redirects
ipv6 router isis RAN
mpls ip
mpls mtu 9216
mpls ldp igp sync delay 25
isis circuit-type level-2-only
isis network point-to-point
isis tag 20
!
interface BDI353
no ip address
!
interface BDI354
description # TO-JMDPGNTLESR001-TenGig0/0/11-Fiber #
ip address 172.21.219.131 255.255.255.254
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 9216
ip router isis RAN
load-interval 30
ipv6 address 2405:200:139:0:172:21:219:131/127
ipv6 enable
ipv6 mtu 9216
no ipv6 redirects
mpls ip
mpls mtu 9216
bfd template FIBRE
isis tag 20
isis bfd
!
interface BDI355
description # TO-JMDPBLGMESR002-TenGigabitEthernet0/0/10-Fiber #
ip address 10.80.55.74 255.255.255.254
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 9216
ip router isis RAN
load-interval 30
ipv6 address 2405:200:139:0:10:80:55:74/127
ipv6 enable
ipv6 mtu 9216
no ipv6 redirects
mpls ip
mpls mtu 9216
bfd template FIBRE
isis tag 20
isis bfd
!
interface BDI552
description # Microwave Management #
vrf forwarding RJIL-IME
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 9216
load-interval 30
ipv6 address 2405:200:139:2300:3:2:552:9/125
ipv6 enable
ipv6 mtu 9216
no ipv6 redirects
!
interface BDI553
no ip address
!
interface BDI951
vrf forwarding RJIL-IME
ip address 10.214.192.113 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 9216
load-interval 30
ipv6 mtu 9216
no ipv6 redirects
!
router isis RAN
net 49.0003.1720.2613.1192.00
is-type level-2-only
authentication mode md5 level-2
authentication key-chain ISIS-KEY level-2
metric-style wide
fast-flood 10
ip route priority high tag 5000
set-overload-bit on-startup 360
max-lsp-lifetime 65535
lsp-refresh-interval 65000
spf-interval 5 50 200
prc-interval 5 50 200
lsp-gen-interval 5 50 200
no hello padding point-to-point
log-adjacency-changes
fast-reroute per-prefix level-2 all
fast-reroute remote-lfa level-2 mpls-ldp
microloop avoidance disable
passive-interface Loopback0
mpls ldp sync
!
router bgp 55836
bgp router-id 172.26.131.192
bgp log-neighbor-changes
bgp graceful-restart
no bgp default ipv4-unicast
neighbor RJIL-AG1-IBGP-GRP peer-group
neighbor RJIL-AG1-IBGP-GRP remote-as 55836
neighbor RJIL-AG1-IBGP-GRP password 7 03360F2C392D267C473629564400455E2B7B7F
neighbor RJIL-AG1-IBGP-GRP update-source Loopback0
neighbor RJIL-AG1-IBGP-GRP-IPv6 peer-group
neighbor RJIL-AG1-IBGP-GRP-IPv6 remote-as 55836
neighbor RJIL-AG1-IBGP-GRP-IPv6 password 7 06345B06736C0E290C2822585F1664790B7967
neighbor RJIL-AG1-IBGP-GRP-IPv6 update-source Loopback0
neighbor 2405:200:201:3901:172:23:235:208 peer-group RJIL-AG1-IBGP-GRP-IPv6
neighbor 2405:200:201:3901:172:23:235:209 peer-group RJIL-AG1-IBGP-GRP-IPv6
neighbor 172.23.235.208 peer-group RJIL-AG1-IBGP-GRP
neighbor 172.23.235.209 peer-group RJIL-AG1-IBGP-GRP
!
address-family ipv4
bgp nexthop trigger delay 0
network 172.26.131.192 mask 255.255.255.255 route-map CSR-COMM
neighbor RJIL-AG1-IBGP-GRP send-community
neighbor RJIL-AG1-IBGP-GRP send-label
neighbor 172.23.235.208 activate
exit-address-family
!
address-family vpnv4
bgp additional-paths select backup
bgp additional-paths install
neighbor RJIL-AG1-IBGP-GRP send-community extended
exit-address-family
!
address-family ipv6
network 2405:200:201:3901:172:26:131:192/128 route-map CSR-COMM
neighbor RJIL-AG1-IBGP-GRP send-community
neighbor RJIL-AG1-IBGP-GRP send-label
exit-address-family
!
address-family ipv6 multicast
neighbor RJIL-AG1-IBGP-GRP-IPv6 route-map RJIL-DROP-ALL out
neighbor 2405:200:201:3901:172:23:235:208 activate
neighbor 2405:200:201:3901:172:23:235:209 activate
exit-address-family
!
address-family vpnv6
bgp recursion host
neighbor RJIL-AG1-IBGP-GRP send-community extended
exit-address-family
!
address-family ipv6 vrf RJIL-BEARER-ENB
redistribute connected
import path selection all
import path limit 4
exit-address-family
!
address-family ipv6 vrf RJIL-GNB-OAM
import path limit 4
exit-address-family
!
address-family ipv6 vrf RJIL-GNB-SIGNALING
import path limit 4
exit-address-family
!
address-family ipv4 vrf RJIL-IME
import path limit 4
exit-address-family
!
address-family ipv6 vrf RJIL-IME
import path limit 4
exit-address-family
!
address-family ipv4 vrf RJIL-IP-MGMT
exit-address-family
!
address-family ipv6 vrf RJIL-IP-MGMT
exit-address-family
!
address-family ipv6 vrf RJIL-OAM-ENB
import path limit 4
exit-address-family
!
address-family ipv6 vrf RJIL-SIGNALING-ENB
import path limit 4
exit-address-family
!
address-family ipv4 vrf RJIL-WIFI-CISCO
import path limit 4
exit-address-family
!
address-family ipv6 vrf RJIL-WIFI-CISCO
import path limit 4
exit-address-family
!
ip forward-protocol nd
no ip http server
ip http authentication local
ip http secure-server
ip http secure-active-session-modules mylist
ip http timeout-policy idle 600 life 14400 requests 25
ip http session-module-list mylist IOX_Server,DISTRIB
ip http client source-interface Loopback999
!
ip bgp-community new-format
ip ftp source-interface Loopback999
ip tftp source-interface Loopback999
crypto key generate rsa general-keys modulus 1024
ip tacacs source-interface Loopback999
ip ssh time-out 60
ip ssh port 2222 rotary 35
ip ssh source-interface Loopback999
ip ssh version 2
ip ssh dscp 18
ip scp server enable
!
ip access-list standard MGMT-SNMP-IPv4
10 deny any
ip access-list standard MGMT-VTY-IPv4
10 deny any
ip access-list standard MPLS-LDP-IPv4
10 permit 172.16.32.0 0.0.31.255
20 permit 172.16.64.0 0.0.15.255
30 permit 172.22.0.0 0.1.255.255
40 permit 172.16.96.0 0.0.15.255
50 permit 172.26.128.0 0.0.63.255
60 permit 172.25.128.0 0.0.127.255
70 permit 172.30.0.0 0.0.255.255
80 permit 172.16.0.0 0.15.255.255
ip access-list standard NTP-ACL
10 permit 172.16.61.153
20 permit 172.16.61.152
30 permit 172.23.235.208
40 permit 172.23.235.209
!
ip access-list extended INFRA-iACL-IPv4-WiFi
10 remark Phase 1 a Anti-spoofing,Fragmentation,Attack Denies
10 remark Deny Fragments
10 deny tcp any 49.44.0.0 0.0.7.255 fragments
20 deny udp any 49.44.0.0 0.0.7.255 fragments
30 deny icmp any 49.44.0.0 0.0.7.255 fragments
40 deny tcp any any eq 5900
50 remark Deny access to RJIL Infrastructure devices
50 deny ip any 49.44.0.0 0.0.7.255
60 remark Deny special-use address sources.
60 remark See RFC 3330 for additional special-use addresses.
60 deny ip host 0.0.0.0 any
70 deny ip any 0.0.0.0 0.255.255.255
80 deny ip 0.0.0.0 0.255.255.255 any
90 deny ip host 255.255.255.255 any
100 deny ip 127.0.0.0 0.255.255.255 any
110 deny ip any 127.0.0.0 0.255.255.255
120 deny ip 169.254.0.0 0.0.255.255 any
130 deny ip 192.0.2.0 0.0.0.255 any
140 deny ip any 192.0.2.0 0.0.0.255
150 deny ip 192.18.0.0 0.1.255.255 any
160 deny ip any 192.18.0.0 0.1.255.255
170 deny ip 192.0.0.0 0.0.0.255 any
180 deny ip any 192.0.0.0 0.0.0.255
190 deny ip 224.0.0.0 31.255.255.255 any
200 remark Deny RFC1918 space from entering AS
200 permit ip any 10.73.1.0 0.0.0.63
210 permit ip any 10.70.120.64 0.0.0.15
220 permit ip any host 172.16.92.209
230 permit ip any host 172.16.92.213
240 permit ip any 10.70.120.80 0.0.0.15
250 permit ip any 10.70.120.0 0.0.0.15
260 deny ip 192.168.0.0 0.0.255.255 any
270 deny ip any 10.0.0.0 0.255.255.255
280 deny ip any 172.16.0.0 0.15.255.255
290 deny ip any 192.168.0.0 0.0.255.255
300 remark See RFC5737
300 deny ip 198.51.100.0 0.0.0.255 any
310 deny ip any 198.51.100.0 0.0.0.255
320 deny ip 203.0.113.0 0.0.0.255 any
330 deny ip any 203.0.113.0 0.0.0.255
340 remark Deny RIL infrastructure space as a source of external packets
340 deny ip 49.44.0.0 0.0.7.255 any
350 remark Phase 2 a Explicit Permit
350 permit ip any any
!
ip sla responder
ip sla responder twamp
timeout 2000
ip sla server twamp
timer inactivity 1200
logging alarm informational
logging source-interface Loopback999 vrf RJIL-IP-MGMT
logging host 10.137.39.182
logging host 10.137.39.27
logging host ipv6 2405:200:A80:FD19:5DC:98E5:692C:2012 vrf RJIL-IP-MGMT
logging host ipv6 2405:200:816:651::30 vrf RJIL-IP-MGMT
ipv6 mld state-limit 25000
!
route-map RJIL-DROP-ALL deny 10
!
route-map CSR-COMM permit 10
set community 64600:133
!
snmp-server community OnM4G@Ge0 RO ipv6 MGMT-SNMP-IPv6 MGMT-SNMP-IPv4
snmp-server trap-source Loopback999
snmp-server source-interface informs Loopback999
snmp-server queue-length 1000
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps isis
snmp-server enable traps ipsla
snmp-server enable traps memory bufferpeak
snmp-server enable traps fru-ctrl
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-
change inconsistency
snmp-server enable traps netsync
snmp-server enable traps aaa_server
snmp-server enable traps mpls rfc ldp
snmp-server enable traps mpls ldp
snmp-server enable traps alarms informational
snmp-server enable traps bulkstat collection transfer
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
snmp-server enable traps transceiver all
snmp-server enable traps mpls vpn
snmp-server enable traps mpls rfc vpn
snmp-server host 2405:200:806:2904:10:70:224:76 vrf RJIL-IP-MGMT version 2c
OnM4G@Ge0
snmp-server host 2405:200:806:2904:10:70:224:97 vrf RJIL-IP-MGMT version 2c
OnM4G@Ge0
snmp ifmib ifalias long
snmp ifmib ifindex persist
mpls ldp router-id Loopback0
!
tacacs server TACACS1
address ipv4 10.70.57.84
key 7 03365102092F7419165A4F
tacacs server TACACS2
address ipv4 10.70.64.116
key 7 0469010F0001191B514A53
!
!
!
ipv6 access-list INFRA-iACL-IPv6-LTE
sequence 10 remark Phase 1 a anti-spoofing and Fragmentation Denies
sequence 20 remark Deny Fragments
sequence 30 deny ipv6 any 2405:200::/40 fragments
sequence 40 remark Permit RJIL ILL Customer
sequence 50 permit ipv6 2405:200::/40 any
sequence 60 permit ipv6 any 2405:200::/40
sequence 70 remark Deny access to RJIL Infrastructure devices
sequence 80 deny ipv6 any 2405:200:200::/40
sequence 90 remark Deny RIL infrastructure space as a source of external packets
sequence 100 deny ipv6 2405:200:200::/40 any
sequence 110 remark Deny special-use address sources Refer RFC6890
sequence 120 deny ipv6 ::/8 any
sequence 130 deny ipv6 FEC0::/10 any
sequence 140 deny ipv6 FC00::/7 any
sequence 150 deny ipv6 FF00::/8 any
sequence 160 deny ipv6 any 2001:10::/28
sequence 170 deny ipv6 2001:10::/28 any
sequence 180 deny ipv6 any 2001:DB8::/32
sequence 190 deny ipv6 2001:DB8::/32 any
sequence 200 permit ipv6 any 2001:2::/48
sequence 210 permit ipv6 any 2001::/32
sequence 220 deny ipv6 any 2001::/23
sequence 230 deny ipv6 2001::/23 any
sequence 240 remark deny false 6to4 packets
sequence 250 deny ipv6 2002:E000::/20 any
sequence 260 deny ipv6 2002:7F00::/24 any
sequence 270 deny ipv6 2002::/24 any
sequence 280 deny ipv6 2002:FF00::/24 any
sequence 290 deny ipv6 2002:A00::/24 any
sequence 300 deny ipv6 2002:AC10::/28 any
sequence 310 deny ipv6 2002:C0A8::/32 any
sequence 320 deny ipv6 host :: any
sequence 330 remark deny loopback address
sequence 340 deny ipv6 host ::1 any
sequence 350 deny ipv6 host 1:: any
sequence 360 remark deny ipv4-compatible addresses
sequence 380 remark ipv4 mapped adresses - obsoleted
sequence 390 deny ipv6 ::FFFF:0.0.0.0/96 any
sequence 400 remark deny other compatible addresses
sequence 410 deny ipv6 ::224.0.0.0/100 any
sequence 450 remark deny 6bone addresses - depreciated
sequence 460 deny ipv6 3FFE::/16 any
sequence 470 remark Phase 2 a explicit Permit
sequence 480 permit ipv6 any any
!
ipv6 access-list MCAST-BDR-IPv6
sequence 10 permit ipv6 any FF30::/12
!
ipv6 access-list MGMT-SNMP-IPv6
sequence 10 permit ipv6 host 2405:200:A10:FC00:10:137:8:54 any
sequence 50 permit ipv6 host 2405:200:A10:FF0C:20C:29FF:FEB1:CCE8 any
sequence 80 permit ipv6 host 2405:200:A10:FCBA:10:137:128:94 any
sequence 90 permit ipv6 host 2405:200:A10:FCB1:10:137:40:247 any
sequence 150 permit ipv6 host 2405:200:A10:FCC7:10:137:78:130 any
sequence 270 permit ipv6 2405:200:A10:FCB0::/64 any
sequence 290 permit ipv6 2405:200:A60:FDC0::/64 any
sequence 300 permit ipv6 2405:200:A10:FC00::/64 any
sequence 330 permit ipv6 2405:200:A10:FCBA::/64 any
sequence 340 permit ipv6 2405:200:A10:FCC7::/64 any
sequence 350 permit ipv6 2405:200:80A:2904::/64 any
sequence 360 permit ipv6 2405:200:806:2904::/64 any
sequence 390 permit ipv6 2405:200:800::/44 any
sequence 410 permit ipv6 2405:200:A80:FD19:5DC:98E5:692C:0/112 any
sequence 420 permit ipv6 2405:200:A70:F018:10:147:136:0/112 any
!
ipv6 access-list MGMT-VTY-IPv6
sequence 30 permit ipv6 2405:200:A60:FDC0::/64 any
sequence 50 permit ipv6 2405:200:A60:F0F0::/60 any
sequence 140 permit ipv6 2405:200:80A:2904::/64 any
sequence 180 permit ipv6 2405:200:A80:FD19:5DC:98E5:692C:0/112 any
sequence 190 permit ipv6 2405:200:A70:F018:10:147:136:0/112 any
!
control-plane
!
privilege exec level 10 show running-config view full
privilege exec level 10 show running-config view
privilege exec level 10 show running-config
privilege exec all level 10 show
banner login ^C
-------------------------------------------------------------------------
UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
You must have explicit, authorized permission to access or configure this
device.
Unauthorized attempts and actions to access or use this system may result
in civil and/or criminal penalties.
All activities performed on this device are logged and monitored.
GCTv20.7
NE-ID INBRJMDPKHGTTW0001ENBESR001
SAP-ID I-BR-JMDP-ENB-0147
FAC-ID INBRJMDPKHGTTW0001
HostName JMDPKHGTESR001
-------------------------------------------------------------------------
^C
banner motd ^C
-------------------------------------------------------------------------
UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
You must have explicit, authorized permission to access or configure this
device.
Unauthorized attempts and actions to access or use this system may result
in civil and/or criminal penalties.
All activities performed on this device are logged and monitored.
GCTv20.7
NE-ID INBRJMDPKHGTTW0001ENBESR001
SAP-ID I-BR-JMDP-ENB-0147
FAC-ID INBRJMDPKHGTTW0001
HostName JMDPKHGTESR001
-------------------------------------------------------------------------
^C
alias exec show-running-config show running-config view full
!
line con 0
exec-timeout 5 0
privilege level 15
authorization commands 15 AAA-VTY-ACS
logging synchronous
login authentication AAA-CONSOLE-LOCAL
transport output none
stopbits 1
line vty 0 4
access-class MGMT-VTY-IPv4 in
access-class MGMT-VTY-IPv4 in vrfname RJIL-IP-MGMT
exec-timeout 5 0
privilege level 15
ipv6 access-class MGMT-VTY-IPv6 in
ipv6 access-class MGMT-VTY-IPv6 in vrfname RJIL-IP-MGMT
logging synchronous
login authentication AAA-VTY-ACS
transport preferred none
transport input ssh
transport output ssh
line vty 5 9
exec-timeout 5 0
privilege level 15
logging synchronous
login authentication AAA-VTY-ACS
transport input ssh
line vty 10 20
no exec
transport input ssh
line vty 21 25
exec-timeout 5 0
privilege level 10
logging synchronous
login authentication AAA-LOCAL
rotary 35
transport input ssh
!
exception crashinfo file bootflash:crashinfo1
exception crashinfo buffersize 256
ztp disable
esmc process
call-home
! If contact email address in call-home is configured as sch-smart-
licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as
contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
vrf RJIL-IP-MGMT
no http secure server-identity-check
profile "CiscoTAC-1"
active
destination transport-method http
destination address http
https://[2405:200:a80:fdf5::b]/Transportgateway/services/DeviceRequestHandler
no destination address http
https://tools.cisco.com/its/service/oddce/services/DDCEService
ntp authentication-key 1 md5 142518020324043F34 7
ntp authenticate
ntp trusted-key 1
ntp source Loopback999
ntp access-group peer NTP-ACL
ntp master 5
ntp server vrf RJIL-IP-MGMT 172.16.61.152 key 1 prefer
ntp server vrf RJIL-IP-MGMT 172.16.61.153 key 1
!
!
event manager policy Mandatory.dualrate_eem_policy.tcl type system authorization
bypass
!
line vty 0 4
no access-class MGMT-VTY-IPv4 in vrf-also
exec-timeout 5 0
privilege level 15
no ipv6 access-class MGMT-VTY-IPv6 in
!
end

JMDP 0147

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

JMDP 0147

Uploaded by

Copyright:

Available Formats

3301

You might also like