-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathF241.03.23-9400-Leaf02
289 lines (289 loc) · 5.45 KB
/
F241.03.23-9400-Leaf02
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
hostname F241.03.23-9400-Leaf02
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition green
rd 1:1
!
address-family ipv4
mdt auto-discovery vxlan
mdt default vxlan 239.1.1.1
mdt overlay use-bgp spt-only
route-target export 1:1
route-target import 1:1
route-target export 1:1 stitching
route-target import 1:1 stitching
exit-address-family
!
no aaa new-model
boot system bootflash:cat9k_iosxe.17.12.01.SPA.bin
power redundancy-mode combined
power supply autoLC shutdown
power supply autoLC priority 1 2 5 6 7
!
!
!
!
!
!
!
!
!
ip multicast-routing
ip multicast-routing vrf green
!
!
!
login on-success log
vtp version 1
!
!
!
!
!
!
!
l2vpn evpn
replication-type static
flooding-suppression address-resolution disable
router-id Loopback1
!
l2vpn evpn instance 101 vlan-based
encapsulation vxlan
!
l2vpn evpn instance 102 vlan-based
encapsulation vxlan
!
l2vpn evpn instance 201 vlan-based
encapsulation vxlan
replication-type ingress
multicast advertise enable
!
l2vpn evpn instance 202 vlan-based
encapsulation vxlan
replication-type ingress
multicast advertise enable
!
!
!
license boot level network-advantage addon dna-advantage
archive
path bootflash:/ambtaylo-EVPN/
write-memory
time-period 30
memory free low-watermark processor 183517
!
system mtu 9198
diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
!
username admin privilege 15 password 0 cisco!123
!
redundancy
mode sso
!
!
!
!
!
transceiver type all
monitoring
!
vlan configuration 101
member evpn-instance 101 vni 10101
vlan configuration 102
member evpn-instance 102 vni 10102
vlan configuration 201
member evpn-instance 201 vni 20101 protected
vlan configuration 202
member evpn-instance 202 vni 20201 protected
vlan configuration 901
member vni 50901
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 172.16.255.4 255.255.255.255
ip pim sparse-mode
ip ospf 1 area 0
!
interface Loopback1
ip address 172.16.254.4 255.255.255.255
ip pim sparse-mode
ip ospf 1 area 0
!
interface Loopback255
vrf forwarding green
ip address 10.2.255.255 255.255.255.255
ip pim sparse-mode
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
ip address 10.122.186.5 255.255.255.240
negotiation auto
!
interface TenGigabitEthernet1/0/1
!
interface TenGigabitEthernet1/0/2
!
interface TenGigabitEthernet1/0/3
switchport trunk allowed vlan 101,102,201,202
switchport mode trunk
spanning-tree portfast trunk
!
!
interface TenGigabitEthernet1/0/22
no switchport
ip address 172.16.1.10 255.255.255.252
ip pim sparse-mode
ip ospf 1 area 0
!
interface TenGigabitEthernet1/0/23
no switchport
ip address 172.16.1.14 255.255.255.252
ip pim sparse-mode
ip ospf 1 area 0
!
!
interface Vlan1
no ip address
!
interface Vlan101
vrf forwarding green
ip address 10.1.101.1 255.255.255.0
ip pim sparse-mode
!
interface Vlan102
vrf forwarding green
ip address 10.1.102.1 255.255.255.0
ip pim sparse-mode
!
interface Vlan901
vrf forwarding green
ip unnumbered Loopback1
ip pim sparse-mode
no autostate
!
interface nve1
no ip address
source-interface Loopback1
host-reachability protocol bgp
member vni 10101 mcast-group 225.0.0.101
member vni 50901 vrf green
member vni 10102 mcast-group 225.0.0.102
member vni 20201 ingress-replication
member vni 20101 ingress-replication
!
router ospf 1
router-id 172.16.255.4
!
router bgp 65001
bgp router-id 172.16.255.4
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 172.16.255.1 remote-as 65001
neighbor 172.16.255.1 update-source Loopback0
neighbor 172.16.255.2 remote-as 65001
neighbor 172.16.255.2 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family ipv4 mvpn
neighbor 172.16.255.1 activate
neighbor 172.16.255.1 send-community both
neighbor 172.16.255.2 activate
neighbor 172.16.255.2 send-community both
exit-address-family
!
address-family l2vpn evpn
neighbor 172.16.255.1 activate
neighbor 172.16.255.1 send-community both
neighbor 172.16.255.1 route-map POLICY-IN in
neighbor 172.16.255.1 route-map POLICY-OUT out
neighbor 172.16.255.2 activate
neighbor 172.16.255.2 send-community both
neighbor 172.16.255.2 route-map POLICY-IN in
neighbor 172.16.255.2 route-map POLICY-OUT out
exit-address-family
!
address-family ipv4 vrf green
advertise l2vpn evpn
redistribute static
redistribute connected
exit-address-family
!
ip forward-protocol nd
ip http server
ip http secure-server
ip pim rp-address 172.16.255.255
ip pim vrf green rp-address 10.2.255.255
ip ftp source-interface GigabitEthernet0/0
ip ftp username calo
ip ftp password calo
ip tftp source-interface GigabitEthernet0/0
ip route vrf Mgmt-vrf 0.0.0.0 0.0.0.0 10.122.186.1
ip route vrf Mgmt-vrf 10.122.157.250 255.255.255.255 10.122.186.1
ip ssh bulk-mode 131072
!
ip extcommunity-list expanded ALLOW-RT2 permit 65001:20[0-9]
ip bgp-community new-format
ip community-list standard BLOCK-RT3 permit 999:999
!
!
!
route-map POLICY-IN deny 5
match community BLOCK-RT3 exact-match
!
route-map POLICY-IN permit 10
!
route-map POLICY-OUT permit 5
match extcommunity ALLOW-RT2
match evpn route-type 3
set community 999:999
!
route-map POLICY-OUT permit 10
!
!
!
control-plane
service-policy input system-cpp-policy
!
!
!
line con 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
line vty 0 4
privilege level 15
login local
transport input ssh
line vty 5 15
privilege level 15
login local
transport input ssh
!