Cisco Data Center Infrastructure 2.5 Design Guide
Configuration Reference
Downloads: This chapterpdf (PDF - 775.0KB) The complete bookPDF (PDF - 3.27MB) | Feedback

Configuration Reference

Table Of Contents

Configuration Reference

Integrated Services Design Configurations

Core Switch 1

Aggregation Switch 1

Core Switch 2

Aggregation Switch 2

Access Switch 4948-7

Access Switch 4948-8

Access Switch 6500-1

FWSM 1-Aggregation Switch 1 and 2

Services Switch Design Configurations

Core Switch 1

Core Switch 2

Distribution Switch 1

Distribution Switch 2

Service Switch 1

Service Switch 2

Access Switch 6500

ACE and FWSM

FWSM Baseline

ACE Baseline

FWSM Failover

ACE Failover

Additional References


Configuration Reference


This chapter provides the test bed diagram and configurations used in tests to support this guide. The chapter is broken down into two main sections,Integrated Services Design Configurations and Services Switch Design Configurations.

Integrated Services Design Configurations

The following configurations were used in testing the integrated services design:

Core Switch 1

Aggregation Switch 1

Core Switch 2

Aggregation Switch 2

Access Switch 4948-7

Access Switch 4948-8

Access Switch 6500-1

FWSM 1-Aggregation Switch 1 and 2

Figure 8-1 shows the test bed used without services switches.

Figure 8-1 Integrated Services Configuration Test Bed

Core Switch 1

version 12.2
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
no service password-encryption
service counters max age 10
!
hostname CORE1
!
boot system sup-bootflash:s720_18SXD3.bin
logging snmp-authfail
enable secret 5 $1$3OjN$l/80W4JIQJf7l7fRlS7A2.
!
no aaa new-model
clock timezone PST -8
clock summer-time PDT recurring
vtp domain datacenter
vtp mode transparent
udld enable
ip subnet-zero
no ip source-route
!
!
no ip ftp passive
no ip domain-lookup
ip domain-name cisco.com
!
no ip bootp server
ip multicast-routing 
mls ip cef load-sharing full simple
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
spanning-tree pathcost method long
!
vlan internal allocation policy descending
vlan dot1q tag native 
vlan access-log ratelimit 2000
!
vlan 2 
!
vlan 15
 name testgear
!
vlan 16 
 name testgear2
!
vlan 20
 name DNS-CA
!
vlan 802
 name mgmt_vlan
!
!
interface Loopback0
 ip address 10.10.3.3 255.255.255.0
!
interface Port-channel1
 description to 4948-1 testgear
 no ip address
 logging event link-status
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
!
interface Port-channel2
 description to 4948-4 testgear
 no ip address
 logging event link-status
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
!
interface GigabitEthernet3/33
 no ip address
 logging event link-status
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
 channel-protocol lacp
 channel-group 1 mode active
!
interface GigabitEthernet3/34
 no ip address
 logging event link-status
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
 channel-protocol lacp
 channel-group 1 mode active
!
interface GigabitEthernet3/41
 no ip address
 logging event link-status
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
 channel-protocol lacp
 channel-group 2 mode active
!
interface GigabitEthernet3/42
 no ip address
 logging event link-status
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
 channel-protocol lacp
 channel-group 2 mode active
!
interface TenGigabitEthernet4/1
 description to Agg1
 ip address 10.10.20.2 255.255.255.0
 no ip redirects
 no ip proxy-arp
 ip pim sparse-dense-mode
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 C1sC0!
 ip ospf network point-to-point
 ip ospf hello-interval 2
 ip ospf dead-interval 6
 logging event link-status
!
interface TenGigabitEthernet4/2
 description to Agg2
 ip address 10.10.30.2 255.255.255.0
 no ip redirects
 no ip proxy-arp
 ip pim sparse-dense-mode
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 C1sC0!
 ip ospf network point-to-point
 ip ospf hello-interval 2
 ip ospf dead-interval 6
 logging event link-status
!
interface TenGigabitEthernet4/3
 description to core2
 ip address 10.10.55.1 255.255.255.0
 no ip redirects
 no ip proxy-arp
 ip pim sparse-dense-mode
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 C1sC0!
 ip ospf network point-to-point
 ip ospf hello-interval 2
 ip ospf dead-interval 6
 logging event link-status
!
interface GigabitEthernet6/1
 no ip address
 shutdown
!
interface GigabitEthernet6/2
********************
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan15
 description test_client_subnet
 ip address 10.20.15.1 255.255.255.0
 no ip redirects
 no ip proxy-arp
!
interface Vlan16
 description test_client_ subnet2
 ip address 10.20.16.2 255.255.255.0
no ip redirects
 no ip proxy-arp
!
router ospf 10
 log-adjacency-changes
 auto-cost reference-bandwidth 1000000
 nsf
 area 10 authentication message-digest
 area 10 nssa default-information-originate
timers throttle spf 1000 1000 1000
 passive-interface default
no passive-interface TenGigabitEthernet4/1
 no passive-interface TenGigabitEthernet4/2
 no passive-interface TenGigabitEthernet4/3
 network 10.10.3.0 0.0.0.255 area 10
 network 10.10.20.0 0.0.0.255 area 10
 network 10.10.30.0 0.0.0.255 area 10
 network 10.10.55.0 0.0.0.255 area 10
 network 10.20.15.0 0.0.0.255 area 0
 network 10.20.16.0 0.0.0.255 area 0
!
ip classless
no ip http server
ip pim send-rp-discovery scope 2
!
!
control-plane
!
!
line con 0
 exec-timeout 0 0
line vty 0 4
 exec-timeout 60 0
 password 7 05080F1C2243
 login local
 transport input telnet ssh
!
ntp authentication-key 1 md5 02050D480809 7
ntp trusted-key 1
ntp clock-period 17180053
ntp master 1
ntp update-calendar
end
 
   

Aggregation Switch 1

Current configuration : 22460 bytes
!
! No configuration change since last restart
!
upgrade fpd auto
version 12.2
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
no service password-encryption
service counters max age 10
!
hostname Aggregation-1
!
boot system disk0:s720_18SXD3.bin
logging snmp-authfail
no aaa new-model
clock timezone PST -8
clock summer-time PDT recurring
clock calendar-valid
firewall multiple-vlan-interfaces
firewall module 4 vlan-group 1
firewall vlan-group 1  5-6,20,100,101,105-106
analysis module 9 management-port access-vlan 20
analysis module 9 data-port 1 capture allowed-vlan 5,6,105,106
analysis module 9 data-port 2 capture allowed-vlan 106
ip subnet-zero
no ip source-route
ip icmp rate-limit unreachable 2000
!
!
!
ip multicast-routing 
udld enable
udld message time 7
 
   
vtp domain datacenter
vtp mode transparent
mls ip cef load-sharing full
mls ip multicast flow-stat-timer 9
no mls flow ip
no mls flow ipv6
mls acl tcam default-result permit
no mls acl tcam share-global
mls cef error action freeze
!
redundancy
 mode sso
 main-cpu
  auto-sync running-config
  auto-sync standard
!
spanning-tree mode rapid-pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
spanning-tree pathcost method long
spanning-tree vlan 1-4094 priority 24576
module ContentSwitchingModule 3 
 ft group 1 vlan 102 
  priority 20
  heartbeat-time 1 
  failover 3 
  preempt 
!
 vlan 44 server
  ip address 10.20.44.42 255.255.255.0
  gateway 10.20.44.1
  alias 10.20.44.44 255.255.255.0
!
 probe RHI icmp
  interval 3
  failed 10
!
 serverfarm SERVER200
  nat server
  no nat client
  real 10.20.6.56
   inservice
  probe RHI
!
 serverfarm SERVER201
  nat server
  no nat client
  real 10.20.6.25
   inservice
  probe RHI
!
 vserver SERVER200
  virtual 10.20.6.200 any
  vlan 44
  serverfarm SERVER200
  advertise active
  sticky 10
  replicate csrp sticky
  replicate csrp connection
  persistent rebalance
  inservice
!
 vserver SERVER201
  virtual 10.20.6.201 any
  vlan 44
  serverfarm SERVER201
  advertise active
  sticky 10
  replicate csrp sticky
  replicate csrp connection
  persistent rebalance
  inservice
!
port-channel load-balance src-dst-port
!
vlan internal allocation policy descending
vlan dot1q tag native 
vlan access-log ratelimit 2000
!
vlan 3
 name AGG1_to_AGG2_L3-OSPF
!
vlan 5 
!
vlan 6
 Webapp Inside
!
vlan 7 
!
vlan 10
 name Database Inside
!
vlan 20 
!
vlan 44
 name CSM_Onearm_Server_VLAN
!
vlan 45
 name Service_switch_CSM_Onearm
!
vlan 46
 name SERV-CSM2-onearm
!
vlan 100
 name AGG_FWSM_failover_interface
!
vlan 101
 name AGG_FWSM_failover_state
!
vlan 102
 name AGG_CSM_FT_Vlan
!
vlan 106
 name WebappOutside 
!
vlan 110
 name DatabaseOutside
!
interface Loopback0
 ip address 10.10.1.1 255.255.255.0
!
interface Null0
 no ip unreachables
!
interface Port-channel1
 description ETHERCHANNEL_TO_AGG2
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport trunk allowed vlan 1-19,21-4094
 switchport mode trunk
 no ip address
 logging event link-status
 arp timeout 200
 spanning-tree guard loop
!
interface Port-channel10
 description to SERVICE_SWITCH1
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
 no ip address
 logging event link-status
spanning-tree guard loop
 
   
!
interface Port-channel12
 description to SERVICE_SWITCH2
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
switchport mode trunk
 no ip address
 logging event link-status
spanning-tree guard loop
 
   
!
!
interface GigabitEthernet1/13
 description to Service_1
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
 no ip address
 channel-protocol lacp
 channel-group 10 mode active
!
interface GigabitEthernet1/14
 description to Service_1
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
 no ip address
 channel-protocol lacp
 channel-group 10 mode active
!
interface GigabitEthernet1/19
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport trunk allowed vlan 1-5,7-105,107-300,1010-1110
 switchport mode trunk
 no ip address
 channel-protocol lacp
 channel-group 12 mode active
!
!
interface GigabitEthernet5/1
***************
!
interface GigabitEthernet5/2
****************
!
interface GigabitEthernet6/1
 no ip address
 shutdown
!
interface GigabitEthernet6/2
 no ip address
 shutdown
 media-type rj45
!
interface TenGigabitEthernet7/2
 description to Core2
 ip address 10.10.40.1 255.255.255.0
 no ip redirects
 no ip proxy-arp
 ip pim sparse-dense-mode
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 7 112A481634424A
 ip ospf network point-to-point
 ip ospf hello-interval 2
 ip ospf dead-interval 6
 logging event link-status
!
interface TenGigabitEthernet7/3
 description to Core1 
 ip address 10.10.20.1 255.255.255.0
 no ip redirects
 no ip proxy-arp
 ip pim sparse-dense-mode
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 7 15315A1F277A6A
 ip ospf network point-to-point
 ip ospf hello-interval 2
 ip ospf dead-interval 6
 logging event link-status
!
interface TenGigabitEthernet7/4
 description TO_ACCESS1
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport trunk allowed vlan 105
 switchport mode trunk
 no ip address
 logging event link-status
!
interface TenGigabitEthernet8/1
 description TO_AGG2
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport trunk allowed vlan 1-19,21-4094
 switchport mode trunk
 no ip address
 logging event link-status
 channel-protocol lacp
 channel-group 1 mode active
!
interface TenGigabitEthernet8/2
 description TO_4948-7
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport trunk allowed vlan 106
 switchport mode trunk
 no ip address
 logging event link-status
spanning-tree guard root
!
interface TenGigabitEthernet8/3
 description TO_4948-8
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport trunk allowed vlan 106
 switchport mode trunk
 no ip address
 logging event link-status
 spanning-tree guard root
!
interface TenGigabitEthernet8/4
 description TO_AGG2
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport trunk allowed vlan 1-19,21-4094
 switchport mode trunk
 no ip address
 logging event link-status
 channel-protocol lacp
 channel-group 1 mode active
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan3
 description AGG1_to_AGG2_L3-RP
 bandwidth 10000000
 ip address 10.10.110.1 255.255.255.0
 no ip redirects
 no ip proxy-arp
 ip pim sparse-dense-mode
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 C1sC0!
 ip ospf network point-to-point
 ip ospf hello-interval 2
 ip ospf dead-interval 6
 logging event link-status
!
interface Vlan6
 description Outside_Webapp_Tier
 ip address 10.20.6.2 255.255.255.0
 no ip redirects
 no ip proxy-arp
 ip policy route-map csmpbr
 ntp disable
 standby 1 ip 10.20.6.1
 standby 1 timers 1 3
 standby 1 priority 120
 standby 1 preempt delay minimum 60
!
!
interface Vlan44
 description AGG_CSM_Onearm
 ip address 10.20.44.2 255.255.255.0
 no ip redirects
 no ip proxy-arp
 standby 1 ip 10.20.44.1
 standby 1 timers 1 3
 standby 1 priority 120
 standby 1 preempt delay minimum 60
!
router ospf 10
 log-adjacency-changes
 auto-cost reference-bandwidth 1000000
 nsf
 area 10 authentication message-digest
 area 10 nssa
 timers throttle spf 1000 1000 1000
 redistribute static subnets route-map rhi
 passive-interface default
 no passive-interface Vlan3
 no passive-interface TenGigabitEthernet7/2
 no passive-interface TenGigabitEthernet7/3
 network 10.10.1.0 0.0.0.255 area 10
 network 10.10.20.0 0.0.0.255 area 10
 network 10.10.40.0 0.0.0.255 area 10
 network 10.10.110.0 0.0.0.255 area 10
 distribute-list 1 in TenGigabitEthernet7/2 (for PBR testing purposes)
 distribute-list 1 in TenGigabitEthernet7/3 (for PBR testing purposes)
!
ip classless
ip pim accept-rp auto-rp
!
access-list 1 deny   10.20.16.0
access-list 1 deny   10.20.15.0
access-list 1 permit any
access-list 44 permit 10.20.6.200 log
access-list 44 permit 10.20.6.201 log
!
route-map csmpbr permit 10
 set ip default next-hop 10.20.44.44
!
route-map rhi permit 10
 match ip address 44
 set metric-type type-1
!
privilege exec level 1 show
!
line con 0
 exec-timeout 0 0
 password 7 110D1A16021F060510
 login local
line vty 0 4
 no motd-banner
 exec-timeout 0 0
 password 7 110D1A16021F060510
 login local
 transport input telnet ssh
!
!
no monitor session servicemodule
ntp authentication-key 1 md5 104D000A0618 7
ntp authenticate
ntp trusted-key 1
ntp clock-period 17179928
ntp update-calendar
ntp server *********.42 key 1
end

Core Switch 2

Current configuration : 10867 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
no service password-encryption
service counters max age 10
!
hostname CORE2
!
boot system sup-bootflash:s720_18SXD3.bin
enable secret 5 $1$k2Df$vfhT/CMz0IqFqluRCENw//
!
no aaa new-model
clock timezone PST -8
clock summer-time PDT recurring
vtp domain datacenter
vtp mode transparent
udld enable
!
ip subnet-zero
no ip source-route
!
!
no ip domain-lookup
ip domain-name cisco.com
!
no ip bootp server
ip multicast-routing 
mls ip multicast flow-stat-timer 9
no mls flow ip
no mls flow ipv6
mls cef error action freeze
!
power redundancy-mode combined
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
spanning-tree pathcost method long
!
vlan internal allocation policy descending
vlan dot1q tag native 
vlan access-log ratelimit 2000
!
vlan 2,15-16 
!
!
interface Loopback0
 ip address 10.10.4.4 255.255.255.0
!
interface Port-channel1
 description to 4948-1
 no ip address
 logging event link-status
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
!
interface Port-channel2
 description to 4948-4
 no ip address
 logging event link-status
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
!
interface GigabitEthernet2/9
 no ip address
 logging event link-status
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
 channel-protocol lacp
 channel-group 1 mode active
!
interface GigabitEthernet2/10
 no ip address
 logging event link-status
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
 channel-protocol lacp
 channel-group 1 mode active
!
interface GigabitEthernet2/13
 no ip address
 logging event link-status
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
 channel-protocol lacp
 channel-group 2 mode active
!
interface GigabitEthernet2/14
 no ip address
 logging event link-status
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
 channel-protocol lacp
 channel-group 2 mode active
!
interface TenGigabitEthernet4/1
 description to Agg1
 ip address 10.10.40.2 255.255.255.0
 no ip redirects
 no ip proxy-arp
 ip pim sparse-dense-mode
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 C1sC0!
 ip ospf network point-to-point
 ip ospf hello-interval 2
 ip ospf dead-interval 6
 logging event link-status
!
interface TenGigabitEthernet4/2
 description to Agg2
 ip address 10.10.50.2 255.255.255.0
 no ip redirects
 no ip proxy-arp
 ip pim sparse-dense-mode
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 C1sC0!
 ip ospf network point-to-point
 ip ospf hello-interval 2
 ip ospf dead-interval 6
 logging event link-status
!
interface TenGigabitEthernet4/3
 description to core1
 ip address 10.10.55.2 255.255.255.0
 no ip redirects
 no ip proxy-arp
 ip pim sparse-dense-mode
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 C1sC0!
 ip ospf network point-to-point
 ip ospf hello-interval 2
 ip ospf dead-interval 6
 logging event link-status
!
interface GigabitEthernet6/1
 no ip address
 shutdown
!
interface GigabitEthernet6/2
*****************
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan15
 ip address 10.20.15.2 255.255.255.0
!
interface Vlan16
 description test_client_subnet
 ip address 10.20.16.1 255.255.255.0
 no ip redirects
 no ip proxy-arp
!
router ospf 10
 log-adjacency-changes
 auto-cost reference-bandwidth 1000000
 nsf
 area 10 authentication message-digest
 area 10 nssa default-information-originate
timers throttle spf 1000 1000 1000
 passive-interface default
 no passive-interface TenGigabitEthernet4/1
 no passive-interface TenGigabitEthernet4/2
 no passive-interface TenGigabitEthernet4/3
 no passive-interface TenGigabitEthernet4/4
 network 10.10.4.0 0.0.0.255 area 10
 network 10.10.40.0 0.0.0.255 area 10
 network 10.10.50.0 0.0.0.255 area 10
 network 10.10.55.0 0.0.0.255 area 10
 network 10.20.15.0 0.0.0.255 area 0
 network 10.20.16.0 0.0.0.255 area 0
!
ip classless
no ip http server
ip pim send-rp-discovery scope 2
!
!
line con 0
 exec-timeout 0 0
line vty 0 4
 exec-timeout 60 0
 password cisco
 login local
 transport input telnet ssh
!
ntp authentication-key 1 md5 104D000A0618 7
ntp authenticate
ntp trusted-key 1
ntp clock-period 17179940
ntp update-calendar
ntp server ********* key 1
end
 
   

Aggregation Switch 2

Current configuration : 18200 bytes
version 12.2
service timestamps debug datetime msec localtime
service timestamps log datetime msec
no service password-encryption
service counters max age 10
!
hostname Aggregation-2
!
boot system disk0:s720_18SXD3.bin
no aaa new-model
clock timezone PST -8
clock summer-time PDT recurring
clock calendar-valid
firewall multiple-vlan-interfaces
firewall module 4 vlan-group 1
firewall vlan-group 1  5,6,20,100,101,105,106
vtp domain datacenter
vtp mode transparent
udld enable
!
udld message time 7
!
ip subnet-zero
no ip source-route
ip icmp rate-limit unreachable 2000
!
!
ip multicast-routing 
no ip igmp snooping
mls ip cef load-sharing full
mls ip multicast flow-stat-timer 9
no mls flow ip
no mls flow ipv6
mls acl tcam default-result permit 
mls cef error action freeze
!
!
spanning-tree mode rapid-pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
spanning-tree pathcost method long
spanning-tree vlan 1-4094 priority 28672
port-channel load-balance src-dst-port
module ContentSwitchingModule 3 
 ft group 1 vlan 102 
  priority 10
  heartbeat-time 1 
  failover 3 
  preempt 
!
 vlan 44 server
  ip address 10.20.44.43 255.255.255.0
  gateway 10.20.44.1
  alias 10.20.44.44 255.255.255.0
!
 probe RHI icmp
  interval 3 
  failed 10 
!
 serverfarm SERVER200
  nat server
  no nat client
  real 10.20.6.56
   inservice
  probe RHI
!
 serverfarm SERVER201
  nat server
  no nat client
  real 10.20.6.25
   inservice
  probe RHI
!
 vserver SERVER200
  virtual 10.20.6.200 any
  vlan 44
  serverfarm SERVER200
  advertise active
  sticky 10
  replicate csrp sticky
  replicate csrp connection
  persistent rebalance
  inservice
!
 vserver SERVER201
  virtual 10.20.6.201 any
  vlan 44
  serverfarm SERVER201
  advertise active
  sticky 10
  replicate csrp sticky
  replicate csrp connection
  persistent rebalance
  inservice
!
!
vlan internal allocation policy descending
vlan dot1q tag native 
vlan access-log ratelimit 2000
!
vlan 3
 name AGG1_to_AGG2_L3-RP
!
vlan 5
 name Outside_Webapp
!
vlan 6
 name Outside_Webapp
!
!
vlan 10
 name Outside_Database_Tier
!
vlan 20 
!
vlan 44
 name AGG_CSM_Onearm
!
vlan 45
 name Service_switch_CSM_Onearm
!
vlan 46
 name SERV-CSM2-onearm
!
vlan 100
 name AGG_FWSM_failover_interface
!
vlan 101
 name AGG_FWSM_failover_state
!
vlan 102
 name AGG_CSM_FT_Vlan
!
vlan 105
 name Inside_Webapp_Tier
!
vlan 106
 name Inside_Webapp
!
vlan 110
 name Inside_Database_Tier
!
!
interface Loopback0
 ip address 10.10.2.2 255.255.255.0
!
interface Null0
 no ip unreachables
!
interface Port-channel1
 description ETHERCHANNEL_TO_AGG1
 no ip address
 logging event link-status
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport trunk allowed vlan 1-19,21-299,301-4094
 switchport mode trunk
 arp timeout 200
 spanning-tree guard loop
!
interface Port-channel11
 description to SERVICE_SWITCH1
 no ip address
 logging event link-status
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
!
interface Port-channel13
 description to SERVICE_SWITCH2
 no ip address
 logging event link-status
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
!
interface GigabitEthernet1/13
 description to Service_2
 no ip address
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
 channel-protocol lacp
 channel-group 13 mode active
!
interface GigabitEthernet1/14
 description to Service_2
 no ip address
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
 channel-protocol lacp
 channel-group 13 mode active
!
interface GigabitEthernet1/19
 description to Service_1
 no ip address
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
 channel-protocol lacp
 channel-group 11 mode active
!
interface GigabitEthernet1/20
 description to Service_1
 no ip address
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
 channel-protocol lacp
 channel-group 11 mode active
!
interface GigabitEthernet5/1
!
interface GigabitEthernet5/2
************
!
interface TenGigabitEthernet7/2
 description to Core2 
 ip address 10.10.50.1 255.255.255.0
 no ip redirects
 no ip proxy-arp
 ip pim sparse-dense-mode
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 C1sC0!
 ip ospf network point-to-point
 ip ospf hello-interval 2
 ip ospf dead-interval 6
 logging event link-status
!
interface TenGigabitEthernet7/3
 description to Core1 
 ip address 10.10.30.1 255.255.255.0
 no ip redirects
 no ip proxy-arp
 ip pim sparse-dense-mode
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 C1sC0!
 ip ospf network point-to-point
 ip ospf hello-interval 2
 ip ospf dead-interval 6
 logging event link-status
!
interface TenGigabitEthernet7/4
 description TO_ACCESS1
 no ip address
 logging event link-status
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport trunk allowed vlan 5,6
 switchport mode trunk
 channel-protocol lacp
!
interface TenGigabitEthernet8/1
 description TO_AGG1
 no ip address
 logging event link-status
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport trunk allowed vlan 1-19,21-299,301-4094
 switchport mode trunk
 channel-protocol lacp
 channel-group 1 mode passive
!
!
interface TenGigabitEthernet8/3
 description TO_4948-8
 no ip address
 logging event link-status
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport trunk allowed vlan 106
 switchport mode trunk
 spanning-tree guard root
!
interface TenGigabitEthernet8/4
 description TO_AGG1
 no ip address
 logging event link-status
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport trunk allowed vlan 1-19,21-299,301-4094
 switchport mode trunk
 channel-protocol lacp
 channel-group 1 mode passive
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan3
 description AGG1_to_AGG2_L3-RP
 bandwidth 10000000
 ip address 10.10.110.2 255.255.255.0
 no ip redirects
 no ip proxy-arp
 ip pim sparse-dense-mode
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 C1sC0!
 ip ospf network point-to-point
 ip ospf hello-interval 2
 ip ospf dead-interval 6
 logging event link-status
!
interface Vlan5
 description Outside_Webapp_Tier
 no ip address
 no ip redirects
 ntp disable
 standby 1 ip 10.20.5.1
 standby 1 timers 1 3
 standby 1 priority 115
 standby 1 preempt delay minimum 60
!
interface Vlan6
 ip address 10.20.6.3 255.255.255.0
 no ip redirects
 no ip proxy-arp
 ip policy route-map csmpbr
 ntp disable
 standby 1 ip 10.20.6.1
 standby 1 timers 1 3
 standby 1 priority 115
 standby 1 preempt delay minimum 60
!
interface Vlan44
 description AGG_CSM_Onearm
 ip address 10.20.44.3 255.255.255.0
 no ip redirects
 no ip proxy-arp
 standby 1 ip 10.20.44.1
 standby 1 timers 1 3
 standby 1 priority 115
 standby 1 preempt delay minimum 60
!
!
router ospf 10
 log-adjacency-changes
 auto-cost reference-bandwidth 1000000
 nsf
 area 10 authentication message-digest
 area 10 nssa
 timers throttle spf 1000 1000 1000
 redistribute static subnets route-map rhi
 passive-interface default
 no passive-interface Vlan3
 no passive-interface TenGigabitEthernet7/2
 no passive-interface TenGigabitEthernet7/3
 network 10.10.2.0 0.0.0.255 area 10
 network 10.10.30.0 0.0.0.255 area 10
 network 10.10.50.0 0.0.0.255 area 10
 network 10.10.110.0 0.0.0.255 area 10
 distribute-list 1 in TenGigabitEthernet7/2
 distribute-list 1 in TenGigabitEthernet7/3
!
ip classless
ip pim accept-rp auto-rp
!
access-list 1 deny   10.20.16.0
access-list 1 deny   10.20.15.0
access-list 1 permit any
access-list 44 permit 10.20.6.200 log
access-list 44 permit 10.20.6.201 log
!
route-map csmpbr permit 10
 set ip default next-hop 10.20.44.44
!
route-map rhi permit 10
 match ip address 44
 set metric +40
 set metric-type type-1
!
line con 0
 exec-timeout 0 0
 password dcsummit
 login local
line vty 0 4
 exec-timeout 0 0
 password dcsummit
 login local
 transport input telnet ssh
 transport output pad telnet ssh acercon
!
no monitor session servicemodule
ntp authentication-key 1 md5 08701C1A2D495547335B5A5572 7
ntp authenticate
ntp clock-period 17179998
ntp update-calendar
ntp server ***********key 1
end

Access Switch 4948-7

Current configuration : 4612 bytes
version 12.2
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
no service password-encryption
service compress-config
!
hostname 4948-7
!
boot-start-marker
boot system bootflash:cat4000-i5k91s-mz.122-25.EWA2.bin
boot-end-marker
!
logging snmp-authfail
no aaa new-model
clock timezone PST -8
clock summer-time PDT recurring
clock calendar-valid
vtp domain datacenter
vtp mode transparent
udld enable
 
   
ip subnet-zero
no ip source-route
no ip domain-lookup
ip domain-name cisco.com
!
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree portfast bpduguard default
spanning-tree extend system-id
spanning-tree pathcost method long
port-channel load-balance src-dst-port
power redundancy-mode redundant
!
!
!
vlan internal allocation policy descending
vlan dot1q tag native 
!
vlan 5-6 
!
vlan 105
 name Outside_Webapp
!
vlan 106
name Outside Webapp
!
vlan 110
 name Outside_Database_Tier
!
interface Port-channel1
 description inter_4948
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
 logging event link-status
!
interface GigabitEthernet1/1  (all ports)
 switchport access vlan 106
 switchport mode access
 no cdp enable
 spanning-tree portfast
!
interface GigabitEthernet1/45
 description to 4948-8
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
 channel-protocol lacp
 channel-group 1 mode active
!
interface GigabitEthernet1/46
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
 channel-protocol lacp
 channel-group 1 mode active
!
interface GigabitEthernet1/47
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
 channel-protocol lacp
 channel-group 1 mode active
!
interface GigabitEthernet1/48
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
 channel-protocol lacp
 channel-group 1 mode active
!
interface TenGigabitEthernet1/49
 description to_AGG1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
!
interface TenGigabitEthernet1/50
shutdown
!
interface Vlan1
 no ip address
 shutdown
!
!
line con 0
 exec-timeout 0 0
 stopbits 1
line vty 0 4
 exec-timeout 0 0
 password dcsummit
 login local
!
ntp authenticate
ntp trusted-key 1
ntp update-calendar
ntp server *********** key 1
!
end

Access Switch 4948-8

Current configuration : 4646 bytes
!
version 12.2
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
no service password-encryption
service compress-config
!
hostname 4948-8
!
boot-start-marker
boot system bootflash:cat4000-i5k91s-mz.122-25.EWA2.bin
boot-end-marker
!
no aaa new-model
clock timezone PST -8
clock summer-time PDT recurring
clock calendar-valid
vtp domain datacenter
vtp mode transparent
udld enable
!
ip subnet-zero
no ip source-route
no ip domain-lookup
ip domain-name cisco.com
!
no ip bootp server
!
no file verify auto
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree portfast bpduguard default
spanning-tree extend system-id
spanning-tree pathcost method long
port-channel load-balance src-dst-port
power redundancy-mode redundant
!
!
vlan internal allocation policy descending
vlan dot1q tag native 
!
vlan 2,5-6 
!
vlan 105
 name Outside_Webapp_Tier
!
vlan 106 
 name Outside_Webapp_Tier
!
vlan 110
 name Outside_Database_Tier
!
interface Port-channel1
 description inter_4948
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
 logging event link-status
!
interface GigabitEthernet1/1 (all ports)
 switchport access vlan 106
 switchport trunk encapsulation dot1q
 switchport mode access
 no cdp enable
 spanning-tree portfast
!
interface GigabitEthernet1/45
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
 channel-protocol lacp
 channel-group 1 mode passive
!
interface GigabitEthernet1/46
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
 channel-protocol lacp
 channel-group 1 mode passive
!
interface GigabitEthernet1/47
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
 channel-protocol lacp
 channel-group 1 mode passive
!
interface GigabitEthernet1/48
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
 channel-protocol lacp
 channel-group 1 mode passive
!
interface TenGigabitEthernet1/49
shutdown
!
interface TenGigabitEthernet1/50
 description to_AGG2
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
!
interface Vlan1
 no ip address
 shutdown
!
line con 0
 exec-timeout 0 0
 stopbits 1
line vty 0 4
 exec-timeout 0 0
 password dcsummit
 login local
!
ntp authenticate
ntp trusted-key 1
ntp update-calendar
ntp server ********* key 1
!
end

Access Switch 6500-1

ACCESS1-6500#
Building configuration...
 
   
Current configuration : 11074 bytes
!
! Last configuration change at 13:33:08 PST Thu Feb 9 2006
! NVRAM config last updated at 16:58:39 PST Thu Nov 17 2005
!
upgrade fpd auto
version 12.2
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
service counters max age 10
!
hostname ACCESS1-6500
!
boot system sup-bootflash:s720_18SXD3.bin
no aaa new-model
clock timezone PST -8
clock summer-time PDT recurring
clock calendar-valid
ip subnet-zero
no ip source-route
!
!
!
no ip bootp server
ip domain-list cisco.com
no ip domain-lookup
ip domain-name cisco.com
udld enable
!
udld message time 7
!
vtp domain datacenter
vtp mode transparent
no mls acl tcam share-global
mls cef error action freeze
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree portfast bpduguard default
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
spanning-tree pathcost method long
!
power redundancy-mode combined
no diagnostic cns publish
no diagnostic cns subscribe
fabric buffer-reserve queue
port-channel load-balance src-dst-port
!
vlan internal allocation policy descending
vlan dot1q tag native 
vlan access-log ratelimit 2000
!
vlan 5
 name Outside_Webapp_Tier
!
vlan 105
name Outside_Webapp_Tier
!
vlan 110
 name Outside_Database_Tier
!
interface TenGigabitEthernet1/1
 description to_AGG1
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
 no ip address
 logging event link-status
!
interface TenGigabitEthernet1/2
 description to_AGG2
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
 no ip address
 logging event link-status
 logging event spanning-tree status
!!
interface GigabitEthernet2/1  (all test ports)
 description webapp_penguin_kvm5
 switchport
 switchport access vlan 5
 switchport mode access
 no ip address
 no cdp enable
 spanning-tree portfast
!
!
interface Vlan1
 no ip address
 shutdown
!
no ip http server
!
line con 0
 exec-timeout 0 0
line vty 0 4
 exec-timeout 0 0
 password 7 05080F1C2243
 login local
 transport input telnet ssh
!
no monitor event-trace timestamps
ntp authentication-key 1 md5 110A1016141D 7
ntp authenticate
ntp trusted-key 1
ntp clock-period 17179938
ntp update-calendar
ntp server ***********key 1
no cns aaa enable
end

FWSM 1-Aggregation Switch 1 and 2

FWSM Version 2.3(2) <system>
firewall transparent
resource acl-partition 12
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname FWSM1-AGG1and2
ftp mode passive
pager lines 24
logging buffer-size 4096
logging console debugging
class default
  limit-resource PDM 5
  limit-resource All 0
  limit-resource IPSec 5
  limit-resource Mac-addresses 65535
  limit-resource SSH 5
  limit-resource Telnet 5
!
 
   
failover
failover lan unit primary
failover lan interface failover vlan 100
failover polltime unit msec 500 holdtime 3
failover polltime interface 3
failover interface-policy 100%
failover replication http
failover link state vlan 101
failover interface ip failover 10.20.100.1 255.255.255.0 standby 10.20.100.2
failover interface ip state 10.20.101.1 255.255.255.0 standby 10.20.101.2
arp timeout 14400
 
   
 
   
!
 
   
 
   
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 rpc 0:10:00 h323 0:05:00
 h225 1:00:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
sysopt nodnsalias inbound
sysopt nodnsalias outbound
terminal width 511
 
   
admin-context admin
context admin
  allocate-interface vlan20 outside
  config-url disk:/admin.cfg
!             
 
   
context vlan6-106
  description vlan6-106 context
  allocate-interface vlan6 outside
  allocate-interface vlan106 inside
  config-url disk:/vlan6-106.cfg
!
 
   
Cryptochecksum:a73fe039e4dbeb45a9c6730bc2a55201
: end
[OK]
 
   
FWSM1-AGG1and2# ch co vlan6-106
FWSM1-AGG1and2/vlan6-106# wr t
Building configuration...
: Saved
:
FWSM Version 2.3(2) <context>
firewall transparent
nameif outside vlan6 security0
nameif inside vlan106 security100
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname vlan6-106
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 H225 1720
fixup protocol h323 ras 1718-1719
fixup protocol rsh 514
fixup protocol sip 5060
no fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
access-list deny-flow-max 4096
access-list alert-interval 300
access-list IP extended permit ip any any 
access-list IP extended permit icmp any any 
access-list BPDU ethertype permit bpdu 
pager lines 24
logging on
logging timestamp
logging buffer-size 4096
logging trap informational
logging device-id hostname
mtu vlan6 1500
mtu vlan106 1500
ip address  10.20.6.104 255.255.255.0 standby 10.20.6.105
icmp permit any vlan6
icmp permit any vlan106
no pdm history enable
arp timeout 14400
access-group BPDU in interface vlan6
access-group IP in interface vlan6
access-group BPDU in interface vlan106
access-group IP in interface vlan106
!
interface vlan6
!
!
interface vlan106
!
 
   
 
   
!
 
   
 
   
route vlan6 0.0.0.0 0.0.0.0 10.20.6.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 rpc 0:10:00 h323 0:05:00
 h225 1:00:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+ 
aaa-server TACACS+ max-failed-attempts 3 
aaa-server TACACS+ deadtime 10 
aaa-server RADIUS protocol radius 
aaa-server RADIUS max-failed-attempts 3 
aaa-server RADIUS deadtime 10 
aaa-server LOCAL protocol local 
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp
floodguard enable
fragment size 200 vlan6
fragment chain 24 vlan6
fragment size 200 vlan106
fragment chain 24 vlan106
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 vlan6
ssh timeout 60
terminal width 511
Cryptochecksum:00000000000000000000000000000000
: end
[OK]
 
   
FWSM1-AGG1and2/vlan6-106# ch co admin
FWSM1-AGG1and2/admin# wr t
Building configuration...
: Saved
:
FWSM Version 2.3(2) <context>
firewall transparent
nameif outside vlan20 security0
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname admin
domain-name example.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 H225 1720
fixup protocol h323 ras 1718-1719
fixup protocol rsh 514
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
access-list deny-flow-max 4096
access-list alert-interval 300
access-list IP extended permit ip any any 
access-list IP extended permit icmp any any 
access-list IP extended permit udp any any 
access-list BPDU ethertype permit bpdu 
pager lines 24
logging on
logging timestamp
logging buffer-size 4096
logging trap informational
logging device-id hostname
mtu vlan20 1500
ip address  *********.34 255.255.255.0 standby *********.35
icmp permit any vlan20
no pdm history enable
arp timeout 14400
access-group IP in interface vlan20
!
interface vlan20
!
 
   
 
   
!
 
   
 
   
route vlan20 0.0.0.0 0.0.0.0 *********.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 rpc 0:10:00 h323 0:05:00
 h225 1:00:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
username mshinn password fgXai3fBCmTT1r2e encrypted privilege 15
aaa-server TACACS+ protocol tacacs+ 
aaa-server TACACS+ max-failed-attempts 3 
aaa-server TACACS+ deadtime 10 
aaa-server RADIUS protocol radius 
aaa-server RADIUS max-failed-attempts 3 
aaa-server RADIUS deadtime 10 
aaa-server LOCAL protocol local 
http server enable
http 0.0.0.0 0.0.0.0 vlan20
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp
floodguard enable
fragment size 200 vlan20
fragment chain 24 vlan20
sysopt nodnsalias inbound
sysopt nodnsalias outbound
telnet timeout 5
ssh 0.0.0.
 
   

Services Switch Design Configurations

The following configurations were used in support of the service chassis testing:

Core Switch 1

Core Switch 2

Distribution Switch 1

Distribution Switch 2

Service Switch 1

Service Switch 2

Access Switch 6500

ACE and FWSM

Figure 8-2 shows the test bed used with services switches.

Figure 8-2 Service Switches Configuration Test Bed

Core Switch 1

hostname dcb-core-1
!
boot system flash disk0:s72033-adventerprisek9_wan-vz.122-18.SXF9.bin
!
no aaa new-model
clock timezone EDT -5
clock summer-time EDT recurring
ip subnet-zero
no ip source-route
!
no ip bootp server
ip multicast-routing 
no ip domain-lookup
ip domain-name ese.cisco.com
udld enable
 
   
vtp domain datacenter
vtp mode transparent
mls ip cef load-sharing full simple
mls ip multicast flow-stat-timer 9
no mls flow ip
no mls flow ipv6
no mls acl tcam share-global
mls cef error action freeze
!
redundancy
 mode sso
 main-cpu
  auto-sync running-config
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
spanning-tree pathcost method long
!
fabric buffer-reserve queue
port-channel per-module load-balance
!
vlan internal allocation policy descending
vlan dot1q tag native 
vlan access-log ratelimit 2000
! 
interface Loopback0
 ip address 10.151.1.10 255.255.255.255
!
interface TenGigabitEthernet1/2
 description To DCb-Dist-1 - Ten 1/8
 ip address 10.160.1.1 255.255.255.252
 no ip redirects
 no ip proxy-arp
 ip pim sparse-dense-mode
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 C1sC0!
 ip ospf network point-to-point
 ip ospf hello-interval 2
 ip ospf dead-interval 6
 logging event link-status
!
interface TenGigabitEthernet1/3
 description to DCB-Dist-2 Ten 1/8
 ip address 10.160.1.5 255.255.255.252
 no ip redirects
 no ip proxy-arp
 ip pim sparse-dense-mode
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 C1sC0!
 ip ospf network point-to-point
 ip ospf hello-interval 2
 ip ospf dead-interval 6
 logging event link-status
!
interface TenGigabitEthernet1/4
 description TO DCB-Core-2 - Ten 1/4
 ip address 10.199.0.5 255.255.255.252
 no ip redirects
 no ip proxy-arp
 ip pim sparse-dense-mode
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 C1sC0!
 ip ospf network point-to-point
 ip ospf hello-interval 2
 ip ospf dead-interval 6
 logging event link-status
!
interface GigabitEthernet6/1
 description flashnet
 ip address 10.150.1.3 255.255.255.0
no mop enabled 
 media-type rj45
!
interface GigabitEthernet6/2
 no ip address 
 shutdown
!
interface Vlan1
 no ip address
 shutdown
!
router ospf 2
 log-adjacency-changes
 auto-cost reference-bandwidth 1000000
 nsf
 area 0 authentication message-digest
 area 0 nssa default-information-originate
 area 0 range 10.199.0.0 255.255.0.0
 area 2 authentication message-digest
 area 2 nssa default-information-originate
 area 2 range 10.160.0.0 255.255.255.0
 area 2 range 10.161.0.0 255.255.0.0
 area 2 range 10.151.1.0 255.255.255.0
 timers throttle spf 1000 1000 1000
 passive-interface default
 no passive-interface TenGigabitEthernet1/1
 no passive-interface TenGigabitEthernet1/2
 no passive-interface TenGigabitEthernet1/3
 no passive-interface TenGigabitEthernet1/4
 network 10.160.1.0 0.0.0.3 area 2
 network 10.161.0.0 0.0.0.3 area 2
 network 10.199.0.0 0.0.0.3 area 0
!
ip classless
!
no ip http server
!
snmp-server community public RO
snmp-server community cisco RW
!
control-plane
!
dial-peer cor custom
!
line con 0
line vty 0 4
 exec-timeout 0 0
 password cisco
 login
line vty 5 15
 exec-timeout 0 0
 password cisco
 login
!
no cns aaa enable
end

Core Switch 2

hostname dcb-core-2
!
no aaa new-model
clock timezone EST -5
clock summer-time EDT recurring
ip subnet-zero
no ip source-route
!
boot system flash disk0:s72033-adventerprisek9_wan-vz.122-18.SXF9.bin
!
no ip ftp passive
no ip bootp server
ip multicast-routing 
no ip domain-lookup
ip domain-name cisco.com
udld enable
!
vtp domain datacenter
vtp mode transparent
mls ip cef load-sharing full simple
mls ip multicast flow-stat-timer 9
no mls flow ip
no mls flow ipv6
no mls acl tcam share-global
mls cef error action freeze
!
redundancy
 mode sso
 main-cpu
  auto-sync running-config
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
spanning-tree pathcost method long
!
fabric buffer-reserve queue
port-channel per-module load-balance
!
vlan internal allocation policy descending
vlan dot1q tag native 
vlan access-log ratelimit 2000
! 
interface Loopback0
 ip address 10.151.1.11 255.255.255.255
!
interface TenGigabitEthernet1/2
 description To DCb-Dist-1 - Ten 1/7
 ip address 10.160.1.9 255.255.255.252
 no ip redirects
 no ip proxy-arp
 ip pim sparse-dense-mode
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 C1sC0!
 ip ospf network point-to-point
 ip ospf hello-interval 2
 ip ospf dead-interval 6
 logging event link-status
 load-interval 30
!
interface TenGigabitEthernet1/3
 description To DCb-Dist-2 - Ten 1/7
 ip address 10.160.1.13 255.255.255.252
 no ip redirects
 no ip proxy-arp
 ip pim sparse-dense-mode
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 C1sC0!
 ip ospf network point-to-point
 ip ospf hello-interval 2
 ip ospf dead-interval 6
 logging event link-status
 load-interval 30
!
interface TenGigabitEthernet1/4
 description DCB-Core-1 - Ten 1/4
 ip address 10.199.0.6 255.255.255.252
 no ip redirects
 no ip proxy-arp
 ip pim sparse-dense-mode
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 C1sC0!
 ip ospf network point-to-point
 ip ospf hello-interval 2
 ip ospf dead-interval 6
 logging event link-status
!
interface GigabitEthernet6/1
 description flashnet 
 ip address 10.150.1.4 255.255.255.0
 media-type rj45
!
interface GigabitEthernet6/2
 no ip address 
 shutdown
!
interface Vlan1
 no ip address
 shutdown
!
router ospf 2
 log-adjacency-changes
 auto-cost reference-bandwidth 1000000
 nsf
 area 0 authentication message-digest
 area 0 nssa default-information-originate
 area 0 range 10.199.0.0 255.255.0.0
 area 2 authentication message-digest
 area 2 nssa default-information-originate
 area 2 range 10.160.0.0 255.255.0.0
 area 2 range 10.161.0.0 255.255.0.0
 area 2 range 10.151.1.0 255.255.255.0
 timers throttle spf 1000 1000 1000
 passive-interface default
 no passive-interface TenGigabitEthernet1/1
 no passive-interface TenGigabitEthernet1/2
 no passive-interface TenGigabitEthernet1/4
 no passive-interface TenGigabitEthernet1/3
 network 10.160.1.0 0.0.0.3 area 2
 network 10.161.0.0 0.0.0.3 area 2
 network 10.199.0.0 0.0.0.3 area 0
!
ip classless
!
no ip http server
!
snmp-server community public RO
snmp-server community cisco RW
!
control-plane
!
dial-peer cor custom
!
line con 0
line vty 0 4
 exec-timeout 0 0
 password cisco
 login
line vty 5 15
 exec-timeout 0 0
 password cisco
 login
!
no cns aaa enable
end

Distribution Switch 1

upgrade fpd auto
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service counters max age 5
!
hostname dcb-Dist-1
!
boot system flash disk0:s72033-adventerprisek9_wan-vz.122-18.SXF10.bin
enable secret 5 $1$wVQ/$8nsaKkBneJbHVrph5VnS41
enable password cisco
!
no aaa new-model
clock timezone EDT -5
clock summer-time EDT recurring
vtp domain datacenter
vtp mode transparent
ip subnet-zero
no ip source-route
ip icmp rate-limit unreachable 2000
!
no ip domain-lookup
ip domain-name cisco.com
ip multicast-routing 
no ip igmp snooping
!
udld enable
udld message time 7
 
   
no mls flow ip
mls acl tcam default-result permit
no mls acl tcam share-global
mls ip cef load-sharing full simple
mls ip multicast flow-stat-timer 9
mls cef error action freeze
!
fabric switching-mode force bus-mode
fabric buffer-reserve queue
port-channel per-module load-balance
port-channel load-balance src-dst-port
diagnostic cns publish cisco.cns.device.diag_results
diagnostic cns subscribe cisco.cns.device.diag_commands
!
redundancy
 mode sso
 main-cpu
  auto-sync running-config
!
power redundancy-mode combined
!
spanning-tree mode rapid-pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
spanning-tree pathcost method long
spanning-tree vlan 1-4094 priority 24576
!
vlan internal allocation policy descending
vlan dot1q tag native 
vlan access-log ratelimit 2000
!
vlan 2-7,106,107,206,207
!
no crypto ipsec nat-transparency udp-encaps
!
interface Loopback0
 ip address 10.151.1.12 255.255.255.255
!
interface TenGigabitEthernet1/1
 description to_dcb-Acc-1
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
switchport trunk allowed vlan 2,3,106,107,206,207
 switchport mode trunk
 no ip address
 logging event link-status
spanning-tree guard loop
!
interface TenGigabitEthernet1/2
 description dcb-dist2-6k Te1/2
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport trunk allowed vlan 2,3,7,106,107,206,207
 switchport mode trunk
 no ip address
 logging event link-status
 spanning-tree guard loop
!
interface TenGigabitEthernet1/5
 description dcb-svc1-6k Te9/1
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport trunk allowed vlan 2,3,7,106,107,206,207
 switchport mode trunk
 no ip address
 logging event link-status
 logging event bundle-status
 spanning-tree guard root
!
interface TenGigabitEthernet1/6
 description dcb-svc2-6k Te9/1
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport trunk allowed vlan 2,3,7,106,107,206,207
 switchport mode trunk
no ip address
 logging event link-status
 logging event bundle-status
 spanning-tree guard root
!
interface TenGigabitEthernet1/7
 description dcb-core-2 Te1/2
 ip address 10.160.1.10 255.255.255.252
 no ip redirects
 no ip proxy-arp
 ip pim sparse-mode
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 C1sC0!
 ip ospf hello-interval 2
 ip ospf dead-interval 6
 logging event link-status
 load-interval 30
!
interface TenGigabitEthernet1/8
 description dcb-core-1 Te1/2
 ip address 10.160.1.2 255.255.255.252
 no ip redirects
 no ip proxy-arp
ip pim sparse-mode
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 C1sC0!
 ip ospf hello-interval 2
 ip ospf dead-interval 6
 logging event link-status
 load-interval 30
!
interface Vlan7
 ip address 10.80.1.2 255.255.0.0
 no ip redirects
 no ip proxy-arp
 ip flow ingress
 ip route-cache flow
 logging event link-status
 load-interval 30
 standby 1 ip 10.80.1.1
 standby 1 timers 1 3
 standby 1 priority 51
 standby 1 preempt delay minimum 120
 !
router ospf 2
 log-adjacency-changes
 auto-cost reference-bandwidth 1000000
 nsf
 area 2 authentication message-digest
 area 2 nssa default-information-originate
 area 2 range 10.151.1.0 255.255.255.0
 area 2 range 10.151.0.0 255.255.0.0
 area 2 range 10.160.0.0 255.255.255.0
 area 2 range 10.161.0.0 255.255.0.0
 timers throttle spf 1000 1000 1000
 redistribute static subnets route-map rhi
 passive-interface default
 no passive-interface TenGigabitEthernet1/7
 no passive-interface TenGigabitEthernet1/8
no passive-interface GigabitEthernet3/24
 network 10.74.0.0 0.0.255.255 area 2
 network 10.80.0.0 0.0.255.255 area 2
 network 10.81.0.0 0.0.255.255 area 2
 network 10.151.1.0 0.0.0.0 area 2
 network 10.151.0.0 0.0.255.255 area 2
 network 10.160.1.0 0.0.0.255 area 2
 network 10.161.0.0 0.0.0.0 area 2
!
ip classless
!
no ip http server
!
snmp-server community public RO
snmp-server community cisco RW
!
control-plane
!
dial-peer cor custom
!
line con 0
line vty 0 4
 password cisco
 login
!
exception core-file 
no cns aaa enable
end

Distribution Switch 2

upgrade fpd auto
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service counters max age 5
!
hostname dcb-Dist-2
!
boot system flash disk0:s72033-adventerprisek9_wan-vz.122-18.SXF10.bin
enable secret 5 $1$VUjJ$onovPQGW3pDtcxU2GlqY5.
enable password cisco
!
no aaa new-model
clock timezone EDT -5
clock summer-time EDT recurring
vtp domain datacenter
vtp mode transparent
ip subnet-zero
no ip source-route
ip icmp rate-limit unreachable 2000
!
no ip domain-lookup
ip domain-name cisco.com
ip multicast-routing 
no ip igmp snooping
!
udld enable
udld message time 7
 
   
no mls flow ip
mls acl tcam default-result permit
no mls acl tcam share-global
mls ip cef load-sharing full
mls ip multicast flow-stat-timer 9
mls cef error action freeze
!
fabric switching-mode force bus-mode
fabric buffer-reserve queue
port-channel per-module load-balance
port-channel load-balance src-dst-port
diagnostic cns publish cisco.cns.device.diag_results
diagnostic cns subscribe cisco.cns.device.diag_commands
!
redundancy
 mode sso
 main-cpu
  auto-sync running-config
!
power redundancy-mode combined
!
spanning-tree mode rapid-pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
spanning-tree pathcost method long
spanning-tree vlan 1-4094 priority 28672
!
vlan internal allocation policy descending
vlan dot1q tag native 
vlan access-log ratelimit 2000
!
vlan 2-7,106,107,206,207 
! 
no crypto ipsec nat-transparency udp-encaps
!
interface Loopback0
 ip address 10.151.1.13 255.255.255.255
!
!
interface TenGigabitEthernet1/1
 description to_dcb-Acc-1
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
switchport trunk allowed vlan 2,3,106,107,206,207
 switchport mode trunk
 no ip address
 logging event link-status
spanning-tree guard loop
!
interface TenGigabitEthernet1/2
 description dcb-dist1-6k Te1/2
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
switchport trunk allowed vlan 2,3,7,106,107,206,207
switchport mode trunk
 no ip address
 logging event link-status
 spanning-tree guard loop
!
!
interface TenGigabitEthernet1/4
 no ip address
!
interface TenGigabitEthernet1/5
 description dcb-svc1-6k Te9/1
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport trunk allowed vlan 2,3,7,106,107,206,207
 switchport mode trunk
 no ip address
logging event link-status
 logging event bundle-status
 spanning-tree guard root
!
interface TenGigabitEthernet1/6
 description dcb-svc2-6k Te9/1
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport trunk allowed vlan 2,3,7,106,107,206,207
 switchport mode trunk
 no ip address
 logging event link-status
 logging event bundle-status
 spanning-tree guard root
!
interface TenGigabitEthernet1/7
 description dcb-core-2 Te1/2
 ip address 10.160.1.14 255.255.255.252
 no ip redirects
 no ip proxy-arp
 ip pim sparse-mode
 ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 C1sC0!
 ip ospf hello-interval 2
 ip ospf dead-interval 6
 logging event link-status
 load-interval 30
!
interface TenGigabitEthernet1/8
 description dcb-core-1 Te1/2
 ip address 10.160.1.6 255.255.255.252
 no ip redirects
 no ip proxy-arp
 ip pim sparse-mode
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 C1sC0!
 ip ospf hello-interval 2
 ip ospf dead-interval 6
 logging event link-status
 load-interval 30
!
!
interface Vlan7
ip address 10.80.1.3 255.255.0.0
 no ip redirects
 no ip proxy-arp
 ip flow ingress
 logging event link-status
 load-interval 30
 standby 1 ip 10.80.1.1
 standby 1 timers 1 3
 standby 1 priority 50
 standby 1 preempt
!
router ospf 2
 log-adjacency-changes
 auto-cost reference-bandwidth 1000000
 nsf
 area 2 authentication message-digest
 area 2 nssa default-information-originate
 area 2 range 10.151.0.0 255.255.0.0
 area 2 range 10.160.0.0 255.255.255.0
 area 2 range 10.161.0.0 255.255.0.0
 timers throttle spf 1000 1000 1000
 redistribute static subnets route-map rhi
 passive-interface default
 no passive-interface TenGigabitEthernet1/7
 no passive-interface TenGigabitEthernet1/8
 no passive-interface GigabitEthernet3/24
 network 10.80.0.0 0.0.255.255 area 2
 network 10.81.0.0 0.0.255.255 area 2
network 10.151.0.0 0.0.255.255 area 2
 network 10.160.1.0 0.0.0.0 area 2
 network 10.160.1.0 0.0.0.255 area 2
 network 10.161.0.0 0.0.0.0 area 2
 network 10.161.0.0 0.0.255.255 area 2
!
ip classless
!
no ip http server
!
snmp-server community public RO
snmp-server community cisco RW
!
control-plane
!
dial-peer cor custom
!
line con 0
line vty 0 4
 password cisco
 login
!
exception core-file 
no cns aaa enable
end

Service Switch 1

upgrade fpd auto
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service counters max age 5
!
hostname Svc-1
boot system flash disk0:s72033-adventerprisek9_wan-vz.122-18.SXF10.bin
!
enable secret 5 $1$rPXa$F4EKAVs1cCaD.X5WG68iK0
enable password cisco
!
no aaa new-model
ip subnet-zero
!
ipv6 mfib hardware-switching replication-mode ingress
vtp domain datacenter
vtp mode transparent
mls ip multicast flow-stat-timer 9
no mls flow ip
no mls flow ipv6
no mls acl tcam share-global
mls cef error action freeze
!
redundancy
 mode sso
 main-cpu
  auto-sync running-config
spanning-tree mode pvst
diagnostic cns publish cisco.cns.device.diag_results
diagnostic cns subscribe cisco.cns.device.diag_commands
fabric buffer-reserve queue
port-channel per-module load-balance
!
vlan internal allocation policy ascending
vlan access-log ratelimit 2000
!
vlan 2-7,106,107,206,207
!
svclc autostate
svclc multiple-vlan-interfaces
svclc module 3 vlan-group 1,2
svclc vlan-group 1 6,206,207
svclc vlan-group 2 106,107
svclc vlan-group 3 3,4,5,7,
firewall multiple-vlan-interfaces
firewall module 2 vlan-group 2,3
!
interface Loopback0
 ip address 10.151.1.17 255.255.255.255
!
!
interface TenGigabitEthernet9/1
 description conx to dist1
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
switchport trunk allowed vlan 2,3,7,106,107,206,207 
switchport mode trunk
 no ip address
 logging event link-status
 logging event bundle-status
 spanning-tree guard root
!
interface TenGigabitEthernet9/2
 description conx to dist2
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
switchport trunk allowed vlan 2,3,7,106,107,206,207
switchport mode trunk
no ip address
 logging event link-status
 logging event bundle-status
 spanning-tree guard root
!
interface TenGigabitEthernet9/3
description connx to svc2 switch
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
switchport trunk allowed vlan 4,5,6
 switchport mode trunk
no ip address
 logging event link-status
 logging event bundle-status
!
no ip http server
!
snmp-server community public RO
!
control-plane
!
dial-peer cor custom
!
line con 0
line vty 0 4
 password cisco
 login
!
no cns aaa enable
end
 
   

Service Switch 2

upgrade fpd auto
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service counters max age 5
!
hostname Svc-2
boot system flash disk0:s72033-adventerprisek9_wan-vz.122-18.SXF10.bin
!
enable secret 5 $1$lB0P$HAIQrXSPQjLQtTDklRg2V.
enable password cisco
!
no aaa new-model
ip subnet-zero
!
ipv6 mfib hardware-switching replication-mode ingress
vtp domain datacenter
vtp mode transparent
mls ip multicast flow-stat-timer 9
no mls flow ip
no mls flow ipv6
no mls acl tcam share-global
mls cef error action freeze
!
redundancy
 mode sso
 main-cpu
  auto-sync running-config
spanning-tree mode pvst
diagnostic cns publish cisco.cns.device.diag_results
diagnostic cns subscribe cisco.cns.device.diag_commands
fabric buffer-reserve queue
port-channel per-module load-balance
!
vlan internal allocation policy ascending
vlan access-log ratelimit 2000
!
vlan 2-7,106,107,206,207
!
svclc autostate
svclc multiple-vlan-interfaces
svclc module 3 vlan-group 1,2
svclc vlan-group 1 6,206,207
svclc vlan-group 2 106,107
svclc vlan-group 3 3,4,5,7
firewall multiple-vlan-interfaces
firewall module 2 vlan-group 2,3
!
interface Loopback0
 ip address 10.151.1.18 255.255.255.255
!
!
interface TenGigabitEthernet9/1
 description connection to 6500 dist1
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport trunk allowed vlan 2,3,7,106,107,206,207
 
   
 switchport mode trunk
 no ip address
 logging event link-status
 logging event bundle-status
 spanning-tree guard root
!
interface TenGigabitEthernet9/2
 description connection to 6500 dist 2
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport trunk allowed vlan 2,3,7,106,107,206,207
switchport mode trunk
 no ip address
 logging event link-status
 logging event bundle-status
 spanning-tree guard root
!
interface TenGigabitEthernet9/3
description connx to svc1 switch
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
switchport trunk allowed vlan 4,5,6
switchport mode trunk
no ip address
 logging event link-status
 logging event bundle-status
!
no ip http server
!
snmp-server community public RO
!
control-plane
!
dial-peer cor custom
!
line con 0
line vty 0 4
 password cisco
 login
!
!
no cns aaa enable
end
 
   

Access Switch 6500

upgrade fpd auto
version 12.2
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
service counters max age 10
!
hostname DCB-Access-1
!
boot system flash disk0:s72033-adventerprisek9_wan-vz.122-18.SXF9.bin
no aaa new-model
clock timezone PST -8
clock summer-time PDT recurring
clock calendar-valid
ip subnet-zero
no ip source-route
!
no ip bootp server
ip domain-list cisco.com
no ip domain-lookup
ip domain-name cisco.com
udld enable
!
udld message time 7
!
vtp domain datacenter
vtp mode transparent
no mls acl tcam share-global
mls cef error action freeze
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree portfast bpduguard default
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
spanning-tree pathcost method long
!
power redundancy-mode combined
no diagnostic cns publish
no diagnostic cns subscribe
fabric buffer-reserve queue
port-channel load-balance src-dst-port
!
vlan internal allocation policy descending
vlan dot1q tag native 
vlan access-log ratelimit 2000
!
vlan 207
 name  server Tier
!
interface TenGigabitEthernet1/1
 description to_dcb-Dist-1
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
 no ip address
 logging event link-status
!
interface TenGigabitEthernet1/2
 description to_dcb-Dist-2
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
 no ip address
 logging event link-status
 logging event spanning-tree status
!!
interface GigabitEthernet2/1  (all test ports)
  switchport
 switchport access vlan 207
 switchport mode access
 no ip address
 no cdp enable
 spanning-tree portfast
!
!
interface Vlan1
 no ip address
 shutdown
!
no ip http server
!
line con 0
 exec-timeout 0 0
line vty 0 4
 exec-timeout 0 0
 password 7 05080F1C2243
 login local
 transport input telnet ssh
!
no monitor event-trace timestamps
ntp authentication-key 1 md5 110A1016141D 7
ntp authenticate
ntp trusted-key 1
ntp clock-period 17179938
ntp update-calendar
ntp server ***********key 1
no cns aaa enable
end

ACE and FWSM

FWSM Baseline

firewall transparent
!
interface Vlan107
 nameif inside
 bridge-group 1
 security-level 100
!
interface Vlan7
 nameif outside
 bridge-group 1
 security-level 0
!
interface BVI1
 ip address 10.80.1.12 255.255.255.0 standby 10.80.1.13
!
access-list outside extended permit ip any any log
access-list inside extended permit ip any any log
access-list BPDU ethertype permit bpdu 
!
access-group BPDU in interface inside
access-group inside in interface inside
access-group BPDU in interface outside
access-group outside in interface outside
route outside 0.0.0.0  0.0.0.0 10.80.1.1
 
   

ACE Baseline

access-list BPDU ethertype permit bpdu
access-list anyone line 10 extended permit ip any any
 
   
 class-map type management match-any PING
 description Allowed Admin Traffic
 10 match protocol icmp any
 11 match protocol telnet any
policy-map type management first-match PING-POLICY
 class PING
 permit
 
   
interface vlan 107 
description "Client-side Interface"
 bridge-group 1
 access-group input BPDU
 access-group input anyone
 service-policy input PING-POLICY
 
   
interface vlan 207 
description "Server-side Interface" 
bridge-group 1
 access-group input BPDU 
access-group input anyone
 
   
interface bvi 1
 ip address 10.80.1.14 255.255.255.0
 alias 10.80.1.16 255.255.255.0
 peer ip address 10.80.1.13 255.255.255.0
 no shutdown
ip route 0.0.0.0 0.0.0.0 10.80.1.1

FWSM Failover

Table 8-1 FWSM Failover Configuration

Primary FWSM Failover Configuration
Secondary FWSM Failover Configuration
interface VLAN4
description LAN Failover Interface
!
Interface VLAN5
description STATE Failover Interface
!
failover
failover lan unit primary
failover lan interface failover VLAN4
failover polltime unit msec 500 holdtime 3
failover polltime interface 3
failover replication http
failover link state VLAN5
failover interface ip failover 10.81.4.1 
255.255.255.0 standby 10.81.4.2
failover interface ip state 10.81.5.1 255.255.255.0 
standby 10.81.5.2
failover group 1
preempt
failover group 2
secondary
preempt 5
 
        
context V107
allocate-interface VLAN107
allocate-interface VLAN7
config-url disk:/V107.cfg
join-failover group 1 
 
        
Interface VLAN4 
description LAN Failover Interface
!
Interface VLAN5
 description STATE Failover Interface 
!
Failover
 failover lan unit secondary 
failover lan interface failover VLAN4
 failover polltime unit msec 500 holdtime 3 
failover polltime interface 3 
failover replication http 
failover link state VLAN5 
failover interface ip failover 10.81.4.1 
255.255.255.0 standby 10.81.4.2
failover interface ip state 10.81.5.1 255.255.255.0 
standby
 10.81.5.2
failover group 1
preempt 
failover group 2
secondary
 preempt 5
 
 
        
 context V107
 allocate-interface VLAN107 
allocate-interface VLAN7
 config-url disk:/V107.cfg
 join-failover group 1
 
        

ACE Failover

ft interface vlan 6
  ip address 10.81.6.6.1 255.255.255.0
  peer ip address 10.81.6.2 255.255.255.0
  no shutdown
 
   
ft peer 1
  heartbeat interval 100
  heartbeat count 10
  ft-interface vlan 6
ft group 2
  peer 1
  no preempt
  priority 210
  peer priority 200
  associate-context Admin
  inservice
 
   
context v107
 allocate-interface vlan107
 allocate-interface vlan207
 
   
ft group 3
peer 1
priority 220
peer priority 200
associate-context vlan107
inservice
 
   
 
   
 
   

Most of the configuration is done on the primary (primary on the admin context) ACE module. Only a few items need to be defined on the secondary ACE module: the FT interface is defined with the addresses reversed, the FT peer is configured the same, and the FT group for the admin context is configured with the priorities reversed. With the FT VLAN up, this is enough for the ACE modules to synch up correctly and all of the rest of the configuration is copied over and the priority values are reversed.

Additional References

See the following URL for more information:

Cisco Catalyst 6500—http://www.cisco.com/en/US/products/hw/switches/ps708/index.html