Cisco Data Center Infrastructure 2.5 Design Guide - Configuration Reference [Data Center Designs: Data Center Networking]

This chapter provides the test bed diagram and configurations used in tests to support this guide. The chapter is broken down into two main sections,Integrated Services Design Configurations and Services Switch Design Configurations.

Integrated Services Design Configurations

The following configurations were used in testing the integrated services design:

•Core Switch 1

•Aggregation Switch 1

•Core Switch 2

•Aggregation Switch 2

•Access Switch 4948-7

•Access Switch 4948-8

•Access Switch 6500-1

•FWSM 1-Aggregation Switch 1 and 2

Figure 8-1 shows the test bed used without services switches.

Figure 8-1 Integrated Services Configuration Test Bed

Core Switch 1

version 12.2

no service pad

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

no service password-encryption

service counters max age 10

hostname CORE1

boot system sup-bootflash:s720_18SXD3.bin

logging snmp-authfail

enable secret 5 $1$3OjN$l/80W4JIQJf7l7fRlS7A2.

no aaa new-model

clock timezone PST -8

clock summer-time PDT recurring

vtp domain datacenter

vtp mode transparent

udld enable

ip subnet-zero

no ip source-route

no ip ftp passive

no ip domain-lookup

ip domain-name cisco.com

no ip bootp server

ip multicast-routing

mls ip cef load-sharing full simple

spanning-tree mode rapid-pvst

spanning-tree loopguard default

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

spanning-tree pathcost method long

vlan internal allocation policy descending

vlan dot1q tag native

vlan access-log ratelimit 2000

vlan 2

vlan 15

 name testgear

vlan 16

 name testgear2

vlan 20

 name DNS-CA

vlan 802

 name mgmt_vlan

interface Loopback0

 ip address 10.10.3.3 255.255.255.0

interface Port-channel1

 description to 4948-1 testgear

 no ip address

 logging event link-status

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

interface Port-channel2

 description to 4948-4 testgear

 no ip address

 logging event link-status

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

interface GigabitEthernet3/33

 no ip address

 logging event link-status

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

 channel-protocol lacp

 channel-group 1 mode active

interface GigabitEthernet3/34

 no ip address

 logging event link-status

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

 channel-protocol lacp

 channel-group 1 mode active

interface GigabitEthernet3/41

 no ip address

 logging event link-status

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

 channel-protocol lacp

 channel-group 2 mode active

interface GigabitEthernet3/42

 no ip address

 logging event link-status

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

 channel-protocol lacp

 channel-group 2 mode active

interface TenGigabitEthernet4/1

 description to Agg1

 ip address 10.10.20.2 255.255.255.0

 no ip redirects

 no ip proxy-arp

 ip pim sparse-dense-mode

 ip ospf authentication message-digest

 ip ospf message-digest-key 1 md5 C1sC0!

 ip ospf network point-to-point

 ip ospf hello-interval 2

 ip ospf dead-interval 6

 logging event link-status

interface TenGigabitEthernet4/2

 description to Agg2

 ip address 10.10.30.2 255.255.255.0

 no ip redirects

 no ip proxy-arp

 ip pim sparse-dense-mode

 ip ospf authentication message-digest

 ip ospf message-digest-key 1 md5 C1sC0!

 ip ospf network point-to-point

 ip ospf hello-interval 2

 ip ospf dead-interval 6

 logging event link-status

interface TenGigabitEthernet4/3

 description to core2

 ip address 10.10.55.1 255.255.255.0

 no ip redirects

 no ip proxy-arp

 ip pim sparse-dense-mode

 ip ospf authentication message-digest

 ip ospf message-digest-key 1 md5 C1sC0!

 ip ospf network point-to-point

 ip ospf hello-interval 2

 ip ospf dead-interval 6

 logging event link-status

interface GigabitEthernet6/1

 no ip address

 shutdown

interface GigabitEthernet6/2

********************

interface Vlan1

 no ip address

 shutdown

interface Vlan15

 description test_client_subnet

 ip address 10.20.15.1 255.255.255.0

 no ip redirects

 no ip proxy-arp

interface Vlan16

 description test_client_ subnet2

 ip address 10.20.16.2 255.255.255.0

no ip redirects

 no ip proxy-arp

router ospf 10

 log-adjacency-changes

 auto-cost reference-bandwidth 1000000

nsf

 area 10 authentication message-digest

 area 10 nssa default-information-originate

timers throttle spf 1000 1000 1000

 passive-interface default

no passive-interface TenGigabitEthernet4/1

 no passive-interface TenGigabitEthernet4/2

 no passive-interface TenGigabitEthernet4/3

 network 10.10.3.0 0.0.0.255 area 10

 network 10.10.20.0 0.0.0.255 area 10

 network 10.10.30.0 0.0.0.255 area 10

 network 10.10.55.0 0.0.0.255 area 10

 network 10.20.15.0 0.0.0.255 area 0

 network 10.20.16.0 0.0.0.255 area 0

ip classless

no ip http server

ip pim send-rp-discovery scope 2

control-plane

line con 0

 exec-timeout 0 0

line vty 0 4

 exec-timeout 60 0

 password 7 05080F1C2243

 login local

 transport input telnet ssh

ntp authentication-key 1 md5 02050D480809 7

ntp trusted-key 1

ntp clock-period 17180053

ntp master 1

ntp update-calendar

end

Aggregation Switch 1

Current configuration : 22460 bytes

! No configuration change since last restart

upgrade fpd auto

version 12.2

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

no service password-encryption

service counters max age 10

hostname Aggregation-1

boot system disk0:s720_18SXD3.bin

logging snmp-authfail

no aaa new-model

clock timezone PST -8

clock summer-time PDT recurring

clock calendar-valid

firewall multiple-vlan-interfaces

firewall module 4 vlan-group 1

firewall vlan-group 1  5-6,20,100,101,105-106

analysis module 9 management-port access-vlan 20

analysis module 9 data-port 1 capture allowed-vlan 5,6,105,106

analysis module 9 data-port 2 capture allowed-vlan 106

ip subnet-zero

no ip source-route

ip icmp rate-limit unreachable 2000

ip multicast-routing

udld enable

udld message time 7

vtp domain datacenter

vtp mode transparent

mls ip cef load-sharing full

mls ip multicast flow-stat-timer 9

no mls flow ip

no mls flow ipv6

mls acl tcam default-result permit

no mls acl tcam share-global

mls cef error action freeze

redundancy

 mode sso

 main-cpu

  auto-sync running-config

  auto-sync standard

spanning-tree mode rapid-pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

spanning-tree pathcost method long

spanning-tree vlan 1-4094 priority 24576

module ContentSwitchingModule 3

 ft group 1 vlan 102

  priority 20

  heartbeat-time 1

  failover 3

  preempt

 vlan 44 server

  ip address 10.20.44.42 255.255.255.0

  gateway 10.20.44.1

  alias 10.20.44.44 255.255.255.0

 probe RHI icmp

  interval 3

  failed 10

 serverfarm SERVER200

  nat server

  no nat client

  real 10.20.6.56

   inservice

  probe RHI

 serverfarm SERVER201

  nat server

  no nat client

  real 10.20.6.25

   inservice

  probe RHI

 vserver SERVER200

  virtual 10.20.6.200 any

  vlan 44

  serverfarm SERVER200

  advertise active

  sticky 10

  replicate csrp sticky

  replicate csrp connection

  persistent rebalance

  inservice

 vserver SERVER201

  virtual 10.20.6.201 any

  vlan 44

  serverfarm SERVER201

  advertise active

  sticky 10

  replicate csrp sticky

  replicate csrp connection

  persistent rebalance

  inservice

port-channel load-balance src-dst-port

vlan internal allocation policy descending

vlan dot1q tag native

vlan access-log ratelimit 2000

vlan 3

 name AGG1_to_AGG2_L3-OSPF

vlan 5

vlan 6

 Webapp Inside

vlan 7

vlan 10

 name Database Inside

vlan 20

vlan 44

 name CSM_Onearm_Server_VLAN

vlan 45

 name Service_switch_CSM_Onearm

vlan 46

 name SERV-CSM2-onearm

vlan 100

 name AGG_FWSM_failover_interface

vlan 101

 name AGG_FWSM_failover_state

vlan 102

 name AGG_CSM_FT_Vlan

vlan 106

 name WebappOutside

vlan 110

 name DatabaseOutside

interface Loopback0

 ip address 10.10.1.1 255.255.255.0

interface Null0

 no ip unreachables

interface Port-channel1

 description ETHERCHANNEL_TO_AGG2

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport trunk allowed vlan 1-19,21-4094

 switchport mode trunk

 no ip address

 logging event link-status

 arp timeout 200

 spanning-tree guard loop

interface Port-channel10

 description to SERVICE_SWITCH1

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

 no ip address

 logging event link-status

spanning-tree guard loop

interface Port-channel12

 description to SERVICE_SWITCH2

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

switchport mode trunk

 no ip address

 logging event link-status

spanning-tree guard loop

interface GigabitEthernet1/13

 description to Service_1

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

 no ip address

 channel-protocol lacp

 channel-group 10 mode active

interface GigabitEthernet1/14

 description to Service_1

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

 no ip address

 channel-protocol lacp

 channel-group 10 mode active

interface GigabitEthernet1/19

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport trunk allowed vlan 1-5,7-105,107-300,1010-1110

 switchport mode trunk

 no ip address

 channel-protocol lacp

 channel-group 12 mode active

interface GigabitEthernet5/1

***************

interface GigabitEthernet5/2

****************

interface GigabitEthernet6/1

 no ip address

 shutdown

interface GigabitEthernet6/2

 no ip address

 shutdown

 media-type rj45

interface TenGigabitEthernet7/2

 description to Core2

 ip address 10.10.40.1 255.255.255.0

 no ip redirects

 no ip proxy-arp

 ip pim sparse-dense-mode

 ip ospf authentication message-digest

 ip ospf message-digest-key 1 md5 7 112A481634424A

 ip ospf network point-to-point

 ip ospf hello-interval 2

 ip ospf dead-interval 6

 logging event link-status

interface TenGigabitEthernet7/3

 description to Core1

 ip address 10.10.20.1 255.255.255.0

 no ip redirects

 no ip proxy-arp

 ip pim sparse-dense-mode

 ip ospf authentication message-digest

 ip ospf message-digest-key 1 md5 7 15315A1F277A6A

 ip ospf network point-to-point

 ip ospf hello-interval 2

 ip ospf dead-interval 6

 logging event link-status

interface TenGigabitEthernet7/4

 description TO_ACCESS1

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport trunk allowed vlan 105

 switchport mode trunk

 no ip address

 logging event link-status

interface TenGigabitEthernet8/1

 description TO_AGG2

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport trunk allowed vlan 1-19,21-4094

 switchport mode trunk

 no ip address

 logging event link-status

 channel-protocol lacp

 channel-group 1 mode active

interface TenGigabitEthernet8/2

 description TO_4948-7

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport trunk allowed vlan 106

 switchport mode trunk

 no ip address

 logging event link-status

spanning-tree guard root

interface TenGigabitEthernet8/3

 description TO_4948-8

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport trunk allowed vlan 106

 switchport mode trunk

 no ip address

 logging event link-status

 spanning-tree guard root

interface TenGigabitEthernet8/4

 description TO_AGG2

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport trunk allowed vlan 1-19,21-4094

 switchport mode trunk

 no ip address

 logging event link-status

 channel-protocol lacp

 channel-group 1 mode active

interface Vlan1

 no ip address

 shutdown

interface Vlan3

 description AGG1_to_AGG2_L3-RP

 bandwidth 10000000

 ip address 10.10.110.1 255.255.255.0

 no ip redirects

 no ip proxy-arp

 ip pim sparse-dense-mode

 ip ospf authentication message-digest

 ip ospf message-digest-key 1 md5 C1sC0!

 ip ospf network point-to-point

 ip ospf hello-interval 2

 ip ospf dead-interval 6

 logging event link-status

interface Vlan6

 description Outside_Webapp_Tier

 ip address 10.20.6.2 255.255.255.0

 no ip redirects

 no ip proxy-arp

 ip policy route-map csmpbr

 ntp disable

 standby 1 ip 10.20.6.1

 standby 1 timers 1 3

 standby 1 priority 120

 standby 1 preempt delay minimum 60

interface Vlan44

 description AGG_CSM_Onearm

 ip address 10.20.44.2 255.255.255.0

 no ip redirects

 no ip proxy-arp

 standby 1 ip 10.20.44.1

 standby 1 timers 1 3

 standby 1 priority 120

 standby 1 preempt delay minimum 60

router ospf 10

 log-adjacency-changes

 auto-cost reference-bandwidth 1000000

nsf

 area 10 authentication message-digest

 area 10 nssa

 timers throttle spf 1000 1000 1000

 redistribute static subnets route-map rhi

 passive-interface default

 no passive-interface Vlan3

 no passive-interface TenGigabitEthernet7/2

 no passive-interface TenGigabitEthernet7/3

 network 10.10.1.0 0.0.0.255 area 10

 network 10.10.20.0 0.0.0.255 area 10

 network 10.10.40.0 0.0.0.255 area 10

 network 10.10.110.0 0.0.0.255 area 10

 distribute-list 1 in TenGigabitEthernet7/2 (for PBR testing purposes)

 distribute-list 1 in TenGigabitEthernet7/3 (for PBR testing purposes)

ip classless

ip pim accept-rp auto-rp

access-list 1 deny   10.20.16.0

access-list 1 deny   10.20.15.0

access-list 1 permit any

access-list 44 permit 10.20.6.200 log

access-list 44 permit 10.20.6.201 log

route-map csmpbr permit 10

 set ip default next-hop 10.20.44.44

route-map rhi permit 10

 match ip address 44

 set metric-type type-1

privilege exec level 1 show

line con 0

 exec-timeout 0 0

 password 7 110D1A16021F060510

 login local

line vty 0 4

 no motd-banner

 exec-timeout 0 0

 password 7 110D1A16021F060510

 login local

 transport input telnet ssh

no monitor session servicemodule

ntp authentication-key 1 md5 104D000A0618 7

ntp authenticate

ntp trusted-key 1

ntp clock-period 17179928

ntp update-calendar

ntp server *********.42 key 1

end

Core Switch 2

Current configuration : 10867 bytes

version 12.2

no service pad

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

no service password-encryption

service counters max age 10

hostname CORE2

boot system sup-bootflash:s720_18SXD3.bin

enable secret 5 $1$k2Df$vfhT/CMz0IqFqluRCENw//

no aaa new-model

clock timezone PST -8

clock summer-time PDT recurring

vtp domain datacenter

vtp mode transparent

udld enable

ip subnet-zero

no ip source-route

no ip domain-lookup

ip domain-name cisco.com

no ip bootp server

ip multicast-routing

mls ip multicast flow-stat-timer 9

no mls flow ip

no mls flow ipv6

mls cef error action freeze

power redundancy-mode combined

spanning-tree mode rapid-pvst

spanning-tree loopguard default

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

spanning-tree pathcost method long

vlan internal allocation policy descending

vlan dot1q tag native

vlan access-log ratelimit 2000

vlan 2,15-16

interface Loopback0

 ip address 10.10.4.4 255.255.255.0

interface Port-channel1

 description to 4948-1

 no ip address

 logging event link-status

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

interface Port-channel2

 description to 4948-4

 no ip address

 logging event link-status

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

interface GigabitEthernet2/9

 no ip address

 logging event link-status

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

 channel-protocol lacp

 channel-group 1 mode active

interface GigabitEthernet2/10

 no ip address

 logging event link-status

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

 channel-protocol lacp

 channel-group 1 mode active

interface GigabitEthernet2/13

 no ip address

 logging event link-status

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

 channel-protocol lacp

 channel-group 2 mode active

interface GigabitEthernet2/14

 no ip address

 logging event link-status

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

 channel-protocol lacp

 channel-group 2 mode active

interface TenGigabitEthernet4/1

 description to Agg1

 ip address 10.10.40.2 255.255.255.0

 no ip redirects

 no ip proxy-arp

 ip pim sparse-dense-mode

 ip ospf authentication message-digest

 ip ospf message-digest-key 1 md5 C1sC0!

 ip ospf network point-to-point

 ip ospf hello-interval 2

 ip ospf dead-interval 6

 logging event link-status

interface TenGigabitEthernet4/2

 description to Agg2

 ip address 10.10.50.2 255.255.255.0

 no ip redirects

 no ip proxy-arp

 ip pim sparse-dense-mode

 ip ospf authentication message-digest

 ip ospf message-digest-key 1 md5 C1sC0!

 ip ospf network point-to-point

 ip ospf hello-interval 2

 ip ospf dead-interval 6

 logging event link-status

interface TenGigabitEthernet4/3

 description to core1

 ip address 10.10.55.2 255.255.255.0

 no ip redirects

 no ip proxy-arp

 ip pim sparse-dense-mode

 ip ospf authentication message-digest

 ip ospf message-digest-key 1 md5 C1sC0!

 ip ospf network point-to-point

 ip ospf hello-interval 2

 ip ospf dead-interval 6

 logging event link-status

interface GigabitEthernet6/1

 no ip address

 shutdown

interface GigabitEthernet6/2

*****************

interface Vlan1

 no ip address

 shutdown

interface Vlan15

 ip address 10.20.15.2 255.255.255.0

interface Vlan16

 description test_client_subnet

 ip address 10.20.16.1 255.255.255.0

 no ip redirects

 no ip proxy-arp

router ospf 10

 log-adjacency-changes

 auto-cost reference-bandwidth 1000000

nsf

 area 10 authentication message-digest

 area 10 nssa default-information-originate

timers throttle spf 1000 1000 1000

 passive-interface default

 no passive-interface TenGigabitEthernet4/1

 no passive-interface TenGigabitEthernet4/2

 no passive-interface TenGigabitEthernet4/3

 no passive-interface TenGigabitEthernet4/4

 network 10.10.4.0 0.0.0.255 area 10

 network 10.10.40.0 0.0.0.255 area 10

 network 10.10.50.0 0.0.0.255 area 10

 network 10.10.55.0 0.0.0.255 area 10

 network 10.20.15.0 0.0.0.255 area 0

 network 10.20.16.0 0.0.0.255 area 0

ip classless

no ip http server

ip pim send-rp-discovery scope 2

line con 0

 exec-timeout 0 0

line vty 0 4

 exec-timeout 60 0

 password cisco

 login local

 transport input telnet ssh

ntp authentication-key 1 md5 104D000A0618 7

ntp authenticate

ntp trusted-key 1

ntp clock-period 17179940

ntp update-calendar

ntp server ********* key 1

end

Aggregation Switch 2

Current configuration : 18200 bytes

version 12.2

service timestamps debug datetime msec localtime

service timestamps log datetime msec

no service password-encryption

service counters max age 10

hostname Aggregation-2

boot system disk0:s720_18SXD3.bin

no aaa new-model

clock timezone PST -8

clock summer-time PDT recurring

clock calendar-valid

firewall multiple-vlan-interfaces

firewall module 4 vlan-group 1

firewall vlan-group 1  5,6,20,100,101,105,106

vtp domain datacenter

vtp mode transparent

udld enable

udld message time 7

ip subnet-zero

no ip source-route

ip icmp rate-limit unreachable 2000

ip multicast-routing

no ip igmp snooping

mls ip cef load-sharing full

mls ip multicast flow-stat-timer 9

no mls flow ip

no mls flow ipv6

mls acl tcam default-result permit

mls cef error action freeze

spanning-tree mode rapid-pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

spanning-tree pathcost method long

spanning-tree vlan 1-4094 priority 28672

port-channel load-balance src-dst-port

module ContentSwitchingModule 3

 ft group 1 vlan 102

  priority 10

  heartbeat-time 1

  failover 3

  preempt

 vlan 44 server

  ip address 10.20.44.43 255.255.255.0

  gateway 10.20.44.1

  alias 10.20.44.44 255.255.255.0

 probe RHI icmp

  interval 3

  failed 10

 serverfarm SERVER200

  nat server

  no nat client

  real 10.20.6.56

   inservice

  probe RHI

 serverfarm SERVER201

  nat server

  no nat client

  real 10.20.6.25

   inservice

  probe RHI

 vserver SERVER200

  virtual 10.20.6.200 any

  vlan 44

  serverfarm SERVER200

  advertise active

  sticky 10

  replicate csrp sticky

  replicate csrp connection

  persistent rebalance

  inservice

 vserver SERVER201

  virtual 10.20.6.201 any

  vlan 44

  serverfarm SERVER201

  advertise active

  sticky 10

  replicate csrp sticky

  replicate csrp connection

  persistent rebalance

  inservice

vlan internal allocation policy descending

vlan dot1q tag native

vlan access-log ratelimit 2000

vlan 3

 name AGG1_to_AGG2_L3-RP

vlan 5

 name Outside_Webapp

vlan 6

 name Outside_Webapp

vlan 10

 name Outside_Database_Tier

vlan 20

vlan 44

 name AGG_CSM_Onearm

vlan 45

 name Service_switch_CSM_Onearm

vlan 46

 name SERV-CSM2-onearm

vlan 100

 name AGG_FWSM_failover_interface

vlan 101

 name AGG_FWSM_failover_state

vlan 102

 name AGG_CSM_FT_Vlan

vlan 105

 name Inside_Webapp_Tier

vlan 106

 name Inside_Webapp

vlan 110

 name Inside_Database_Tier

interface Loopback0

 ip address 10.10.2.2 255.255.255.0

interface Null0

 no ip unreachables

interface Port-channel1

 description ETHERCHANNEL_TO_AGG1

 no ip address

 logging event link-status

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport trunk allowed vlan 1-19,21-299,301-4094

 switchport mode trunk

 arp timeout 200

 spanning-tree guard loop

interface Port-channel11

 description to SERVICE_SWITCH1

 no ip address

 logging event link-status

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

interface Port-channel13

 description to SERVICE_SWITCH2

 no ip address

 logging event link-status

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

interface GigabitEthernet1/13

 description to Service_2

 no ip address

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

 channel-protocol lacp

 channel-group 13 mode active

interface GigabitEthernet1/14

 description to Service_2

 no ip address

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

 channel-protocol lacp

 channel-group 13 mode active

interface GigabitEthernet1/19

 description to Service_1

 no ip address

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

 channel-protocol lacp

 channel-group 11 mode active

interface GigabitEthernet1/20

 description to Service_1

 no ip address

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

 channel-protocol lacp

 channel-group 11 mode active

interface GigabitEthernet5/1

interface GigabitEthernet5/2

************

interface TenGigabitEthernet7/2

 description to Core2

 ip address 10.10.50.1 255.255.255.0

 no ip redirects

 no ip proxy-arp

 ip pim sparse-dense-mode

 ip ospf authentication message-digest

 ip ospf message-digest-key 1 md5 C1sC0!

 ip ospf network point-to-point

 ip ospf hello-interval 2

 ip ospf dead-interval 6

 logging event link-status

interface TenGigabitEthernet7/3

 description to Core1

 ip address 10.10.30.1 255.255.255.0

 no ip redirects

 no ip proxy-arp

 ip pim sparse-dense-mode

 ip ospf authentication message-digest

 ip ospf message-digest-key 1 md5 C1sC0!

 ip ospf network point-to-point

 ip ospf hello-interval 2

 ip ospf dead-interval 6

 logging event link-status

interface TenGigabitEthernet7/4

 description TO_ACCESS1

 no ip address

 logging event link-status

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport trunk allowed vlan 5,6

 switchport mode trunk

 channel-protocol lacp

interface TenGigabitEthernet8/1

 description TO_AGG1

 no ip address

 logging event link-status

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport trunk allowed vlan 1-19,21-299,301-4094

 switchport mode trunk

 channel-protocol lacp

 channel-group 1 mode passive

interface TenGigabitEthernet8/3

 description TO_4948-8

 no ip address

 logging event link-status

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport trunk allowed vlan 106

 switchport mode trunk

 spanning-tree guard root

interface TenGigabitEthernet8/4

 description TO_AGG1

 no ip address

 logging event link-status

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport trunk allowed vlan 1-19,21-299,301-4094

 switchport mode trunk

 channel-protocol lacp

 channel-group 1 mode passive

interface Vlan1

 no ip address

 shutdown

interface Vlan3

 description AGG1_to_AGG2_L3-RP

 bandwidth 10000000

 ip address 10.10.110.2 255.255.255.0

 no ip redirects

 no ip proxy-arp

 ip pim sparse-dense-mode

 ip ospf authentication message-digest

 ip ospf message-digest-key 1 md5 C1sC0!

 ip ospf network point-to-point

 ip ospf hello-interval 2

 ip ospf dead-interval 6

 logging event link-status

interface Vlan5

 description Outside_Webapp_Tier

 no ip address

 no ip redirects

 ntp disable

 standby 1 ip 10.20.5.1

 standby 1 timers 1 3

 standby 1 priority 115

 standby 1 preempt delay minimum 60

interface Vlan6

 ip address 10.20.6.3 255.255.255.0

 no ip redirects

 no ip proxy-arp

 ip policy route-map csmpbr

 ntp disable

 standby 1 ip 10.20.6.1

 standby 1 timers 1 3

 standby 1 priority 115

 standby 1 preempt delay minimum 60

interface Vlan44

 description AGG_CSM_Onearm

 ip address 10.20.44.3 255.255.255.0

 no ip redirects

 no ip proxy-arp

 standby 1 ip 10.20.44.1

 standby 1 timers 1 3

 standby 1 priority 115

 standby 1 preempt delay minimum 60

router ospf 10

 log-adjacency-changes

 auto-cost reference-bandwidth 1000000

nsf

 area 10 authentication message-digest

 area 10 nssa

 timers throttle spf 1000 1000 1000

 redistribute static subnets route-map rhi

 passive-interface default

 no passive-interface Vlan3

 no passive-interface TenGigabitEthernet7/2

 no passive-interface TenGigabitEthernet7/3

 network 10.10.2.0 0.0.0.255 area 10

 network 10.10.30.0 0.0.0.255 area 10

 network 10.10.50.0 0.0.0.255 area 10

 network 10.10.110.0 0.0.0.255 area 10

 distribute-list 1 in TenGigabitEthernet7/2

 distribute-list 1 in TenGigabitEthernet7/3

ip classless

ip pim accept-rp auto-rp

access-list 1 deny   10.20.16.0

access-list 1 deny   10.20.15.0

access-list 1 permit any

access-list 44 permit 10.20.6.200 log

access-list 44 permit 10.20.6.201 log

route-map csmpbr permit 10

 set ip default next-hop 10.20.44.44

route-map rhi permit 10

 match ip address 44

 set metric +40

 set metric-type type-1

line con 0

 exec-timeout 0 0

 password dcsummit

 login local

line vty 0 4

 exec-timeout 0 0

 password dcsummit

 login local

 transport input telnet ssh

 transport output pad telnet ssh acercon

no monitor session servicemodule

ntp authentication-key 1 md5 08701C1A2D495547335B5A5572 7

ntp authenticate

ntp clock-period 17179998

ntp update-calendar

ntp server ***********key 1

end

Access Switch 4948-7

Current configuration : 4612 bytes

version 12.2

no service pad

service timestamps debug datetime localtime

service timestamps log datetime localtime

no service password-encryption

service compress-config

hostname 4948-7

boot-start-marker

boot system bootflash:cat4000-i5k91s-mz.122-25.EWA2.bin

boot-end-marker

logging snmp-authfail

no aaa new-model

clock timezone PST -8

clock summer-time PDT recurring

clock calendar-valid

vtp domain datacenter

vtp mode transparent

udld enable

ip subnet-zero

no ip source-route

no ip domain-lookup

ip domain-name cisco.com

spanning-tree mode rapid-pvst

spanning-tree loopguard default

spanning-tree portfast bpduguard default

spanning-tree extend system-id

spanning-tree pathcost method long

port-channel load-balance src-dst-port

power redundancy-mode redundant

vlan internal allocation policy descending

vlan dot1q tag native

vlan 5-6

vlan 105

 name Outside_Webapp

vlan 106

name Outside Webapp

vlan 110

 name Outside_Database_Tier

interface Port-channel1

 description inter_4948

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

 logging event link-status

interface GigabitEthernet1/1  (all ports)

 switchport access vlan 106

 switchport mode access

 no cdp enable

 spanning-tree portfast

interface GigabitEthernet1/45

 description to 4948-8

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

 channel-protocol lacp

 channel-group 1 mode active

interface GigabitEthernet1/46

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

 channel-protocol lacp

 channel-group 1 mode active

interface GigabitEthernet1/47

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

 channel-protocol lacp

 channel-group 1 mode active

interface GigabitEthernet1/48

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

 channel-protocol lacp

 channel-group 1 mode active

interface TenGigabitEthernet1/49

 description to_AGG1

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

interface TenGigabitEthernet1/50

shutdown

interface Vlan1

 no ip address

 shutdown

line con 0

 exec-timeout 0 0

 stopbits 1

line vty 0 4

 exec-timeout 0 0

 password dcsummit

 login local

ntp authenticate

ntp trusted-key 1

ntp update-calendar

ntp server *********** key 1

end

Access Switch 4948-8

Current configuration : 4646 bytes

version 12.2

no service pad

service timestamps debug datetime localtime

service timestamps log datetime localtime

no service password-encryption

service compress-config

hostname 4948-8

boot-start-marker

boot system bootflash:cat4000-i5k91s-mz.122-25.EWA2.bin

boot-end-marker

no aaa new-model

clock timezone PST -8

clock summer-time PDT recurring

clock calendar-valid

vtp domain datacenter

vtp mode transparent

udld enable

ip subnet-zero

no ip source-route

no ip domain-lookup

ip domain-name cisco.com

no ip bootp server

no file verify auto

spanning-tree mode rapid-pvst

spanning-tree loopguard default

spanning-tree portfast bpduguard default

spanning-tree extend system-id

spanning-tree pathcost method long

port-channel load-balance src-dst-port

power redundancy-mode redundant

vlan internal allocation policy descending

vlan dot1q tag native

vlan 2,5-6

vlan 105

 name Outside_Webapp_Tier

vlan 106

 name Outside_Webapp_Tier

vlan 110

 name Outside_Database_Tier

interface Port-channel1

 description inter_4948

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

 logging event link-status

interface GigabitEthernet1/1 (all ports)

 switchport access vlan 106

 switchport trunk encapsulation dot1q

 switchport mode access

 no cdp enable

 spanning-tree portfast

interface GigabitEthernet1/45

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

 channel-protocol lacp

 channel-group 1 mode passive

interface GigabitEthernet1/46

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

 channel-protocol lacp

 channel-group 1 mode passive

interface GigabitEthernet1/47

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

 channel-protocol lacp

 channel-group 1 mode passive

interface GigabitEthernet1/48

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

 channel-protocol lacp

 channel-group 1 mode passive

interface TenGigabitEthernet1/49

shutdown

interface TenGigabitEthernet1/50

 description to_AGG2

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

interface Vlan1

 no ip address

 shutdown

line con 0

 exec-timeout 0 0

 stopbits 1

line vty 0 4

 exec-timeout 0 0

 password dcsummit

 login local

ntp authenticate

ntp trusted-key 1

ntp update-calendar

ntp server ********* key 1

end

Access Switch 6500-1

ACCESS1-6500#

Building configuration...

Current configuration : 11074 bytes

! Last configuration change at 13:33:08 PST Thu Feb 9 2006

! NVRAM config last updated at 16:58:39 PST Thu Nov 17 2005

upgrade fpd auto

version 12.2

no service pad

service timestamps debug datetime localtime

service timestamps log datetime localtime

service password-encryption

service counters max age 10

hostname ACCESS1-6500

boot system sup-bootflash:s720_18SXD3.bin

no aaa new-model

clock timezone PST -8

clock summer-time PDT recurring

clock calendar-valid

ip subnet-zero

no ip source-route

no ip bootp server

ip domain-list cisco.com

no ip domain-lookup

ip domain-name cisco.com

udld enable

udld message time 7

vtp domain datacenter

vtp mode transparent

no mls acl tcam share-global

mls cef error action freeze

spanning-tree mode rapid-pvst

spanning-tree loopguard default

spanning-tree portfast bpduguard default

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

spanning-tree pathcost method long

power redundancy-mode combined

no diagnostic cns publish

no diagnostic cns subscribe

fabric buffer-reserve queue

port-channel load-balance src-dst-port

vlan internal allocation policy descending

vlan dot1q tag native

vlan access-log ratelimit 2000

vlan 5

 name Outside_Webapp_Tier

vlan 105

name Outside_Webapp_Tier

vlan 110

 name Outside_Database_Tier

interface TenGigabitEthernet1/1

 description to_AGG1

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

 no ip address

 logging event link-status

interface TenGigabitEthernet1/2

 description to_AGG2

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

 no ip address

 logging event link-status

 logging event spanning-tree status

!!

interface GigabitEthernet2/1  (all test ports)

 description webapp_penguin_kvm5

 switchport

 switchport access vlan 5

 switchport mode access

 no ip address

 no cdp enable

 spanning-tree portfast

interface Vlan1

 no ip address

 shutdown

no ip http server

line con 0

 exec-timeout 0 0

line vty 0 4

 exec-timeout 0 0

 password 7 05080F1C2243

 login local

 transport input telnet ssh

no monitor event-trace timestamps

ntp authentication-key 1 md5 110A1016141D 7

ntp authenticate

ntp trusted-key 1

ntp clock-period 17179938

ntp update-calendar

ntp server ***********key 1

no cns aaa enable

end

FWSM 1-Aggregation Switch 1 and 2

FWSM Version 2.3(2) <system>

firewall transparent

resource acl-partition 12

enable password 2KFQnbNIdI.2KYOU encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

hostname FWSM1-AGG1and2

ftp mode passive

pager lines 24

logging buffer-size 4096

logging console debugging

class default

  limit-resource PDM 5

  limit-resource All 0

  limit-resource IPSec 5

  limit-resource Mac-addresses 65535

  limit-resource SSH 5

  limit-resource Telnet 5

failover

failover lan unit primary

failover lan interface failover vlan 100

failover polltime unit msec 500 holdtime 3

failover polltime interface 3

failover interface-policy 100%

failover replication http

failover link state vlan 101

failover interface ip failover 10.20.100.1 255.255.255.0 standby 10.20.100.2

failover interface ip state 10.20.101.1 255.255.255.0 standby 10.20.101.2

arp timeout 14400

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 rpc 0:10:00 h323 0:05:00

 h225 1:00:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

sysopt nodnsalias inbound

sysopt nodnsalias outbound

terminal width 511

admin-context admin

context admin

  allocate-interface vlan20 outside

  config-url disk:/admin.cfg

context vlan6-106

  description vlan6-106 context

  allocate-interface vlan6 outside

  allocate-interface vlan106 inside

  config-url disk:/vlan6-106.cfg

Cryptochecksum:a73fe039e4dbeb45a9c6730bc2a55201

: end

[OK]

FWSM1-AGG1and2# ch co vlan6-106

FWSM1-AGG1and2/vlan6-106# wr t

Building configuration...

: Saved

FWSM Version 2.3(2) <context>

firewall transparent

nameif outside vlan6 security0

nameif inside vlan106 security100

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

hostname vlan6-106

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 H225 1720

fixup protocol h323 ras 1718-1719

fixup protocol rsh 514

fixup protocol sip 5060

no fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

names

access-list deny-flow-max 4096

access-list alert-interval 300

access-list IP extended permit ip any any

access-list IP extended permit icmp any any

access-list BPDU ethertype permit bpdu

pager lines 24

logging on

logging timestamp

logging buffer-size 4096

logging trap informational

logging device-id hostname

mtu vlan6 1500

mtu vlan106 1500

ip address  10.20.6.104 255.255.255.0 standby 10.20.6.105

icmp permit any vlan6

icmp permit any vlan106

no pdm history enable

arp timeout 14400

access-group BPDU in interface vlan6

access-group IP in interface vlan6

access-group BPDU in interface vlan106

access-group IP in interface vlan106

interface vlan6

interface vlan106

route vlan6 0.0.0.0 0.0.0.0 10.20.6.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 rpc 0:10:00 h323 0:05:00

 h225 1:00:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

no snmp-server location

no snmp-server contact

snmp-server community public

snmp-server enable traps snmp

floodguard enable

fragment size 200 vlan6

fragment chain 24 vlan6

fragment size 200 vlan106

fragment chain 24 vlan106

telnet timeout 5

ssh 0.0.0.0 0.0.0.0 vlan6

ssh timeout 60

terminal width 511

Cryptochecksum:00000000000000000000000000000000

: end

[OK]

FWSM1-AGG1and2/vlan6-106# ch co admin

FWSM1-AGG1and2/admin# wr t

Building configuration...

: Saved

FWSM Version 2.3(2) <context>

firewall transparent

nameif outside vlan20 security0

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

hostname admin

domain-name example.com

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 H225 1720

fixup protocol h323 ras 1718-1719

fixup protocol rsh 514

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

names

access-list deny-flow-max 4096

access-list alert-interval 300

access-list IP extended permit ip any any

access-list IP extended permit icmp any any

access-list IP extended permit udp any any

access-list BPDU ethertype permit bpdu

pager lines 24

logging on

logging timestamp

logging buffer-size 4096

logging trap informational

logging device-id hostname

mtu vlan20 1500

ip address  *********.34 255.255.255.0 standby *********.35

icmp permit any vlan20

no pdm history enable

arp timeout 14400

access-group IP in interface vlan20

interface vlan20

route vlan20 0.0.0.0 0.0.0.0 *********.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 rpc 0:10:00 h323 0:05:00

 h225 1:00:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

username mshinn password fgXai3fBCmTT1r2e encrypted privilege 15

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

http 0.0.0.0 0.0.0.0 vlan20

no snmp-server location

no snmp-server contact

snmp-server community public

snmp-server enable traps snmp

floodguard enable

fragment size 200 vlan20

fragment chain 24 vlan20

sysopt nodnsalias inbound

sysopt nodnsalias outbound

telnet timeout 5

ssh 0.0.0.

Services Switch Design Configurations

The following configurations were used in support of the service chassis testing:

•Core Switch 1

•Core Switch 2

•Distribution Switch 1

•Distribution Switch 2

Figure 8-2 shows the test bed used with services switches.

Figure 8-2 Service Switches Configuration Test Bed

Core Switch 1

hostname dcb-core-1

boot system flash disk0:s72033-adventerprisek9_wan-vz.122-18.SXF9.bin

no aaa new-model

clock timezone EDT -5

clock summer-time EDT recurring

ip subnet-zero

no ip source-route

no ip bootp server

ip multicast-routing

no ip domain-lookup

ip domain-name ese.cisco.com

udld enable

vtp domain datacenter

vtp mode transparent

mls ip cef load-sharing full simple

mls ip multicast flow-stat-timer 9

no mls flow ip

no mls flow ipv6

no mls acl tcam share-global

mls cef error action freeze

redundancy

 mode sso

 main-cpu

  auto-sync running-config

spanning-tree mode rapid-pvst

spanning-tree loopguard default

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

spanning-tree pathcost method long

fabric buffer-reserve queue

port-channel per-module load-balance

vlan internal allocation policy descending

vlan dot1q tag native

vlan access-log ratelimit 2000

interface Loopback0

 ip address 10.151.1.10 255.255.255.255

interface TenGigabitEthernet1/2

 description To DCb-Dist-1 - Ten 1/8

 ip address 10.160.1.1 255.255.255.252

 no ip redirects

 no ip proxy-arp

 ip pim sparse-dense-mode

 ip ospf authentication message-digest

 ip ospf message-digest-key 1 md5 C1sC0!

 ip ospf network point-to-point

 ip ospf hello-interval 2

 ip ospf dead-interval 6

 logging event link-status

interface TenGigabitEthernet1/3

 description to DCB-Dist-2 Ten 1/8

 ip address 10.160.1.5 255.255.255.252

 no ip redirects

 no ip proxy-arp

 ip pim sparse-dense-mode

 ip ospf authentication message-digest

 ip ospf message-digest-key 1 md5 C1sC0!

 ip ospf network point-to-point

 ip ospf hello-interval 2

 ip ospf dead-interval 6

 logging event link-status

interface TenGigabitEthernet1/4

 description TO DCB-Core-2 - Ten 1/4

 ip address 10.199.0.5 255.255.255.252

 no ip redirects

 no ip proxy-arp

 ip pim sparse-dense-mode

 ip ospf authentication message-digest

 ip ospf message-digest-key 1 md5 C1sC0!

 ip ospf network point-to-point

 ip ospf hello-interval 2

 ip ospf dead-interval 6

 logging event link-status

interface GigabitEthernet6/1

 description flashnet

 ip address 10.150.1.3 255.255.255.0

no mop enabled

 media-type rj45

interface GigabitEthernet6/2

 no ip address

 shutdown

interface Vlan1

 no ip address

 shutdown

router ospf 2

 log-adjacency-changes

 auto-cost reference-bandwidth 1000000

nsf

 area 0 authentication message-digest

 area 0 nssa default-information-originate

 area 0 range 10.199.0.0 255.255.0.0

 area 2 authentication message-digest

 area 2 nssa default-information-originate

 area 2 range 10.160.0.0 255.255.255.0

 area 2 range 10.161.0.0 255.255.0.0

 area 2 range 10.151.1.0 255.255.255.0

 timers throttle spf 1000 1000 1000

 passive-interface default

 no passive-interface TenGigabitEthernet1/1

 no passive-interface TenGigabitEthernet1/2

 no passive-interface TenGigabitEthernet1/3

 no passive-interface TenGigabitEthernet1/4

 network 10.160.1.0 0.0.0.3 area 2

 network 10.161.0.0 0.0.0.3 area 2

 network 10.199.0.0 0.0.0.3 area 0

ip classless

no ip http server

snmp-server community public RO

snmp-server community cisco RW

control-plane

dial-peer cor custom

line con 0

line vty 0 4

 exec-timeout 0 0

 password cisco

 login

line vty 5 15

 exec-timeout 0 0

 password cisco

 login

no cns aaa enable

end

Core Switch 2

hostname dcb-core-2

no aaa new-model

clock timezone EST -5

clock summer-time EDT recurring

ip subnet-zero

no ip source-route

boot system flash disk0:s72033-adventerprisek9_wan-vz.122-18.SXF9.bin

no ip ftp passive

no ip bootp server

ip multicast-routing

no ip domain-lookup

ip domain-name cisco.com

udld enable

vtp domain datacenter

vtp mode transparent

mls ip cef load-sharing full simple

mls ip multicast flow-stat-timer 9

no mls flow ip

no mls flow ipv6

no mls acl tcam share-global

mls cef error action freeze

redundancy

 mode sso

 main-cpu

  auto-sync running-config

spanning-tree mode rapid-pvst

spanning-tree loopguard default

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

spanning-tree pathcost method long

fabric buffer-reserve queue

port-channel per-module load-balance

vlan internal allocation policy descending

vlan dot1q tag native

vlan access-log ratelimit 2000

interface Loopback0

 ip address 10.151.1.11 255.255.255.255

interface TenGigabitEthernet1/2

 description To DCb-Dist-1 - Ten 1/7

 ip address 10.160.1.9 255.255.255.252

 no ip redirects

 no ip proxy-arp

 ip pim sparse-dense-mode

 ip ospf authentication message-digest

 ip ospf message-digest-key 1 md5 C1sC0!

 ip ospf network point-to-point

 ip ospf hello-interval 2

 ip ospf dead-interval 6

 logging event link-status

 load-interval 30

interface TenGigabitEthernet1/3

 description To DCb-Dist-2 - Ten 1/7

 ip address 10.160.1.13 255.255.255.252

 no ip redirects

 no ip proxy-arp

 ip pim sparse-dense-mode

 ip ospf authentication message-digest

 ip ospf message-digest-key 1 md5 C1sC0!

 ip ospf network point-to-point

 ip ospf hello-interval 2

 ip ospf dead-interval 6

 logging event link-status

 load-interval 30

interface TenGigabitEthernet1/4

 description DCB-Core-1 - Ten 1/4

 ip address 10.199.0.6 255.255.255.252

 no ip redirects

 no ip proxy-arp

 ip pim sparse-dense-mode

 ip ospf authentication message-digest

 ip ospf message-digest-key 1 md5 C1sC0!

 ip ospf network point-to-point

 ip ospf hello-interval 2

 ip ospf dead-interval 6

 logging event link-status

interface GigabitEthernet6/1

 description flashnet

 ip address 10.150.1.4 255.255.255.0

 media-type rj45

interface GigabitEthernet6/2

 no ip address

 shutdown

interface Vlan1

 no ip address

 shutdown

router ospf 2

 log-adjacency-changes

 auto-cost reference-bandwidth 1000000

nsf

 area 0 authentication message-digest

 area 0 nssa default-information-originate

 area 0 range 10.199.0.0 255.255.0.0

 area 2 authentication message-digest

 area 2 nssa default-information-originate

 area 2 range 10.160.0.0 255.255.0.0

 area 2 range 10.161.0.0 255.255.0.0

 area 2 range 10.151.1.0 255.255.255.0

 timers throttle spf 1000 1000 1000

 passive-interface default

 no passive-interface TenGigabitEthernet1/1

 no passive-interface TenGigabitEthernet1/2

 no passive-interface TenGigabitEthernet1/4

 no passive-interface TenGigabitEthernet1/3

 network 10.160.1.0 0.0.0.3 area 2

 network 10.161.0.0 0.0.0.3 area 2

 network 10.199.0.0 0.0.0.3 area 0

ip classless

no ip http server

snmp-server community public RO

snmp-server community cisco RW

control-plane

dial-peer cor custom

line con 0

line vty 0 4

 exec-timeout 0 0

 password cisco

 login

line vty 5 15

 exec-timeout 0 0

 password cisco

 login

no cns aaa enable

end

Distribution Switch 1

upgrade fpd auto

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

service counters max age 5

hostname dcb-Dist-1

boot system flash disk0:s72033-adventerprisek9_wan-vz.122-18.SXF10.bin

enable secret 5 $1$wVQ/$8nsaKkBneJbHVrph5VnS41

enable password cisco

no aaa new-model

clock timezone EDT -5

clock summer-time EDT recurring

vtp domain datacenter

vtp mode transparent

ip subnet-zero

no ip source-route

ip icmp rate-limit unreachable 2000

no ip domain-lookup

ip domain-name cisco.com

ip multicast-routing

no ip igmp snooping

udld enable

udld message time 7

no mls flow ip

mls acl tcam default-result permit

no mls acl tcam share-global

mls ip cef load-sharing full simple

mls ip multicast flow-stat-timer 9

mls cef error action freeze

fabric switching-mode force bus-mode

fabric buffer-reserve queue

port-channel per-module load-balance

port-channel load-balance src-dst-port

diagnostic cns publish cisco.cns.device.diag_results

diagnostic cns subscribe cisco.cns.device.diag_commands

redundancy

 mode sso

 main-cpu

  auto-sync running-config

power redundancy-mode combined

spanning-tree mode rapid-pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

spanning-tree pathcost method long

spanning-tree vlan 1-4094 priority 24576

vlan internal allocation policy descending

vlan dot1q tag native

vlan access-log ratelimit 2000

vlan 2-7,106,107,206,207

no crypto ipsec nat-transparency udp-encaps

interface Loopback0

 ip address 10.151.1.12 255.255.255.255

interface TenGigabitEthernet1/1

 description to_dcb-Acc-1

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

switchport trunk allowed vlan 2,3,106,107,206,207

 switchport mode trunk

 no ip address

 logging event link-status

spanning-tree guard loop

interface TenGigabitEthernet1/2

 description dcb-dist2-6k Te1/2

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport trunk allowed vlan 2,3,7,106,107,206,207

 switchport mode trunk

 no ip address

 logging event link-status

 spanning-tree guard loop

interface TenGigabitEthernet1/5

 description dcb-svc1-6k Te9/1

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport trunk allowed vlan 2,3,7,106,107,206,207

 switchport mode trunk

 no ip address

 logging event link-status

 logging event bundle-status

 spanning-tree guard root

interface TenGigabitEthernet1/6

 description dcb-svc2-6k Te9/1

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport trunk allowed vlan 2,3,7,106,107,206,207

 switchport mode trunk

no ip address

 logging event link-status

 logging event bundle-status

 spanning-tree guard root

interface TenGigabitEthernet1/7

 description dcb-core-2 Te1/2

 ip address 10.160.1.10 255.255.255.252

 no ip redirects

 no ip proxy-arp

 ip pim sparse-mode

 ip ospf authentication message-digest

 ip ospf message-digest-key 1 md5 C1sC0!

 ip ospf hello-interval 2

 ip ospf dead-interval 6

 logging event link-status

 load-interval 30

interface TenGigabitEthernet1/8

 description dcb-core-1 Te1/2

 ip address 10.160.1.2 255.255.255.252

 no ip redirects

 no ip proxy-arp

ip pim sparse-mode

 ip ospf authentication message-digest

 ip ospf message-digest-key 1 md5 C1sC0!

 ip ospf hello-interval 2

 ip ospf dead-interval 6

 logging event link-status

 load-interval 30

interface Vlan7

 ip address 10.80.1.2 255.255.0.0

 no ip redirects

 no ip proxy-arp

 ip flow ingress

 ip route-cache flow

 logging event link-status

 load-interval 30

 standby 1 ip 10.80.1.1

 standby 1 timers 1 3

 standby 1 priority 51

 standby 1 preempt delay minimum 120

router ospf 2

 log-adjacency-changes

 auto-cost reference-bandwidth 1000000

nsf

 area 2 authentication message-digest

 area 2 nssa default-information-originate

 area 2 range 10.151.1.0 255.255.255.0

 area 2 range 10.151.0.0 255.255.0.0

 area 2 range 10.160.0.0 255.255.255.0

 area 2 range 10.161.0.0 255.255.0.0

 timers throttle spf 1000 1000 1000

 redistribute static subnets route-map rhi

 passive-interface default

 no passive-interface TenGigabitEthernet1/7

 no passive-interface TenGigabitEthernet1/8

no passive-interface GigabitEthernet3/24

 network 10.74.0.0 0.0.255.255 area 2

 network 10.80.0.0 0.0.255.255 area 2

 network 10.81.0.0 0.0.255.255 area 2

 network 10.151.1.0 0.0.0.0 area 2

 network 10.151.0.0 0.0.255.255 area 2

 network 10.160.1.0 0.0.0.255 area 2

 network 10.161.0.0 0.0.0.0 area 2

ip classless

no ip http server

snmp-server community public RO

snmp-server community cisco RW

control-plane

dial-peer cor custom

line con 0

line vty 0 4

 password cisco

 login

exception core-file

no cns aaa enable

end

Distribution Switch 2

upgrade fpd auto

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

service counters max age 5

hostname dcb-Dist-2

boot system flash disk0:s72033-adventerprisek9_wan-vz.122-18.SXF10.bin

enable secret 5 $1$VUjJ$onovPQGW3pDtcxU2GlqY5.

enable password cisco

no aaa new-model

clock timezone EDT -5

clock summer-time EDT recurring

vtp domain datacenter

vtp mode transparent

ip subnet-zero

no ip source-route

ip icmp rate-limit unreachable 2000

no ip domain-lookup

ip domain-name cisco.com

ip multicast-routing

no ip igmp snooping

udld enable

udld message time 7

no mls flow ip

mls acl tcam default-result permit

no mls acl tcam share-global

mls ip cef load-sharing full

mls ip multicast flow-stat-timer 9

mls cef error action freeze

fabric switching-mode force bus-mode

fabric buffer-reserve queue

port-channel per-module load-balance

port-channel load-balance src-dst-port

diagnostic cns publish cisco.cns.device.diag_results

diagnostic cns subscribe cisco.cns.device.diag_commands

redundancy

 mode sso

 main-cpu

  auto-sync running-config

power redundancy-mode combined

spanning-tree mode rapid-pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

spanning-tree pathcost method long

spanning-tree vlan 1-4094 priority 28672

vlan internal allocation policy descending

vlan dot1q tag native

vlan access-log ratelimit 2000

vlan 2-7,106,107,206,207

no crypto ipsec nat-transparency udp-encaps

interface Loopback0

 ip address 10.151.1.13 255.255.255.255

interface TenGigabitEthernet1/1

 description to_dcb-Acc-1

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

switchport trunk allowed vlan 2,3,106,107,206,207

 switchport mode trunk

 no ip address

 logging event link-status

spanning-tree guard loop

interface TenGigabitEthernet1/2

 description dcb-dist1-6k Te1/2

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

switchport trunk allowed vlan 2,3,7,106,107,206,207

switchport mode trunk

 no ip address

 logging event link-status

 spanning-tree guard loop

interface TenGigabitEthernet1/4

 no ip address

interface TenGigabitEthernet1/5

 description dcb-svc1-6k Te9/1

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport trunk allowed vlan 2,3,7,106,107,206,207

 switchport mode trunk

 no ip address

logging event link-status

 logging event bundle-status

 spanning-tree guard root

interface TenGigabitEthernet1/6

 description dcb-svc2-6k Te9/1

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport trunk allowed vlan 2,3,7,106,107,206,207

 switchport mode trunk

 no ip address

 logging event link-status

 logging event bundle-status

 spanning-tree guard root

interface TenGigabitEthernet1/7

 description dcb-core-2 Te1/2

 ip address 10.160.1.14 255.255.255.252

 no ip redirects

 no ip proxy-arp

 ip pim sparse-mode

 ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 C1sC0!

 ip ospf hello-interval 2

 ip ospf dead-interval 6

 logging event link-status

 load-interval 30

interface TenGigabitEthernet1/8

 description dcb-core-1 Te1/2

 ip address 10.160.1.6 255.255.255.252

 no ip redirects

 no ip proxy-arp

 ip pim sparse-mode

 ip ospf authentication message-digest

 ip ospf message-digest-key 1 md5 C1sC0!

 ip ospf hello-interval 2

 ip ospf dead-interval 6

 logging event link-status

 load-interval 30

interface Vlan7

ip address 10.80.1.3 255.255.0.0

 no ip redirects

 no ip proxy-arp

 ip flow ingress

 logging event link-status

 load-interval 30

 standby 1 ip 10.80.1.1

 standby 1 timers 1 3

 standby 1 priority 50

 standby 1 preempt

router ospf 2

 log-adjacency-changes

 auto-cost reference-bandwidth 1000000

nsf

 area 2 authentication message-digest

 area 2 nssa default-information-originate

 area 2 range 10.151.0.0 255.255.0.0

 area 2 range 10.160.0.0 255.255.255.0

 area 2 range 10.161.0.0 255.255.0.0

 timers throttle spf 1000 1000 1000

 redistribute static subnets route-map rhi

 passive-interface default

 no passive-interface TenGigabitEthernet1/7

 no passive-interface TenGigabitEthernet1/8

 no passive-interface GigabitEthernet3/24

 network 10.80.0.0 0.0.255.255 area 2

 network 10.81.0.0 0.0.255.255 area 2

network 10.151.0.0 0.0.255.255 area 2

 network 10.160.1.0 0.0.0.0 area 2

 network 10.160.1.0 0.0.0.255 area 2

 network 10.161.0.0 0.0.0.0 area 2

 network 10.161.0.0 0.0.255.255 area 2

ip classless

no ip http server

snmp-server community public RO

snmp-server community cisco RW

control-plane

dial-peer cor custom

line con 0

line vty 0 4

 password cisco

 login

exception core-file

no cns aaa enable

end

Service Switch 1

upgrade fpd auto

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

service counters max age 5

hostname Svc-1

boot system flash disk0:s72033-adventerprisek9_wan-vz.122-18.SXF10.bin

enable secret 5 $1$rPXa$F4EKAVs1cCaD.X5WG68iK0

enable password cisco

no aaa new-model

ip subnet-zero

ipv6 mfib hardware-switching replication-mode ingress

vtp domain datacenter

vtp mode transparent

mls ip multicast flow-stat-timer 9

no mls flow ip

no mls flow ipv6

no mls acl tcam share-global

mls cef error action freeze

redundancy

 mode sso

 main-cpu

  auto-sync running-config

spanning-tree mode pvst

diagnostic cns publish cisco.cns.device.diag_results

diagnostic cns subscribe cisco.cns.device.diag_commands

fabric buffer-reserve queue

port-channel per-module load-balance

vlan internal allocation policy ascending

vlan access-log ratelimit 2000

vlan 2-7,106,107,206,207

svclc autostate

svclc multiple-vlan-interfaces

svclc module 3 vlan-group 1,2

svclc vlan-group 1 6,206,207

svclc vlan-group 2 106,107

svclc vlan-group 3 3,4,5,7,

firewall multiple-vlan-interfaces

firewall module 2 vlan-group 2,3

interface Loopback0

 ip address 10.151.1.17 255.255.255.255

interface TenGigabitEthernet9/1

 description conx to dist1

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

switchport trunk allowed vlan 2,3,7,106,107,206,207

switchport mode trunk

 no ip address

 logging event link-status

 logging event bundle-status

 spanning-tree guard root

interface TenGigabitEthernet9/2

 description conx to dist2

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

switchport trunk allowed vlan 2,3,7,106,107,206,207

switchport mode trunk

no ip address

 logging event link-status

 logging event bundle-status

 spanning-tree guard root

interface TenGigabitEthernet9/3

description connx to svc2 switch

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

switchport trunk allowed vlan 4,5,6

 switchport mode trunk

no ip address

 logging event link-status

 logging event bundle-status

no ip http server

snmp-server community public RO

control-plane

dial-peer cor custom

line con 0

line vty 0 4

 password cisco

 login

no cns aaa enable

end

Service Switch 2

upgrade fpd auto

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

service counters max age 5

hostname Svc-2

boot system flash disk0:s72033-adventerprisek9_wan-vz.122-18.SXF10.bin

enable secret 5 $1$lB0P$HAIQrXSPQjLQtTDklRg2V.

enable password cisco

no aaa new-model

ip subnet-zero

ipv6 mfib hardware-switching replication-mode ingress

vtp domain datacenter

vtp mode transparent

mls ip multicast flow-stat-timer 9

no mls flow ip

no mls flow ipv6

no mls acl tcam share-global

mls cef error action freeze

redundancy

 mode sso

 main-cpu

  auto-sync running-config

spanning-tree mode pvst

diagnostic cns publish cisco.cns.device.diag_results

diagnostic cns subscribe cisco.cns.device.diag_commands

fabric buffer-reserve queue

port-channel per-module load-balance

vlan internal allocation policy ascending

vlan access-log ratelimit 2000

vlan 2-7,106,107,206,207

svclc autostate

svclc multiple-vlan-interfaces

svclc module 3 vlan-group 1,2

svclc vlan-group 1 6,206,207

svclc vlan-group 2 106,107

svclc vlan-group 3 3,4,5,7

firewall multiple-vlan-interfaces

firewall module 2 vlan-group 2,3

interface Loopback0

 ip address 10.151.1.18 255.255.255.255

interface TenGigabitEthernet9/1

 description connection to 6500 dist1

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport trunk allowed vlan 2,3,7,106,107,206,207

 switchport mode trunk

 no ip address

 logging event link-status

 logging event bundle-status

 spanning-tree guard root

interface TenGigabitEthernet9/2

 description connection to 6500 dist 2

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport trunk allowed vlan 2,3,7,106,107,206,207

switchport mode trunk

 no ip address

 logging event link-status

 logging event bundle-status

 spanning-tree guard root

interface TenGigabitEthernet9/3

description connx to svc1 switch

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

switchport trunk allowed vlan 4,5,6

switchport mode trunk

no ip address

 logging event link-status

 logging event bundle-status

no ip http server

snmp-server community public RO

control-plane

dial-peer cor custom

line con 0

line vty 0 4

 password cisco

 login

no cns aaa enable

end

Access Switch 6500

upgrade fpd auto

version 12.2

no service pad

service timestamps debug datetime localtime

service timestamps log datetime localtime

service password-encryption

service counters max age 10

hostname DCB-Access-1

boot system flash disk0:s72033-adventerprisek9_wan-vz.122-18.SXF9.bin

no aaa new-model

clock timezone PST -8

clock summer-time PDT recurring

clock calendar-valid

ip subnet-zero

no ip source-route

no ip bootp server

ip domain-list cisco.com

no ip domain-lookup

ip domain-name cisco.com

udld enable

udld message time 7

vtp domain datacenter

vtp mode transparent

no mls acl tcam share-global

mls cef error action freeze

spanning-tree mode rapid-pvst

spanning-tree loopguard default

spanning-tree portfast bpduguard default

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

spanning-tree pathcost method long

power redundancy-mode combined

no diagnostic cns publish

no diagnostic cns subscribe

fabric buffer-reserve queue

port-channel load-balance src-dst-port

vlan internal allocation policy descending

vlan dot1q tag native

vlan access-log ratelimit 2000

vlan 207

 name  server Tier

interface TenGigabitEthernet1/1

 description to_dcb-Dist-1

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

 no ip address

 logging event link-status

interface TenGigabitEthernet1/2

 description to_dcb-Dist-2

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

 no ip address

 logging event link-status

 logging event spanning-tree status

!!

interface GigabitEthernet2/1  (all test ports)

  switchport

 switchport access vlan 207

 switchport mode access

 no ip address

 no cdp enable

 spanning-tree portfast

interface Vlan1

 no ip address

 shutdown

no ip http server

line con 0

 exec-timeout 0 0

line vty 0 4

 exec-timeout 0 0

 password 7 05080F1C2243

 login local

 transport input telnet ssh

no monitor event-trace timestamps

ntp authentication-key 1 md5 110A1016141D 7

ntp authenticate

ntp trusted-key 1

ntp clock-period 17179938

ntp update-calendar

ntp server ***********key 1

no cns aaa enable

end

ACE and FWSM

FWSM Baseline

firewall transparent

interface Vlan107

 nameif inside

 bridge-group 1

 security-level 100

interface Vlan7

 nameif outside

 bridge-group 1

 security-level 0

interface BVI1

 ip address 10.80.1.12 255.255.255.0 standby 10.80.1.13

access-list outside extended permit ip any any log

access-list inside extended permit ip any any log

access-list BPDU ethertype permit bpdu

access-group BPDU in interface inside

access-group inside in interface inside

access-group BPDU in interface outside

access-group outside in interface outside

route outside 0.0.0.0  0.0.0.0 10.80.1.1

ACE Baseline

access-list BPDU ethertype permit bpdu

access-list anyone line 10 extended permit ip any any

 class-map type management match-any PING

 description Allowed Admin Traffic

 10 match protocol icmp any

 11 match protocol telnet any

policy-map type management first-match PING-POLICY

 class PING

 permit

interface vlan 107

description "Client-side Interface"

 bridge-group 1

 access-group input BPDU

 access-group input anyone

 service-policy input PING-POLICY

interface vlan 207

description "Server-side Interface"

bridge-group 1

 access-group input BPDU

access-group input anyone

interface bvi 1

 ip address 10.80.1.14 255.255.255.0

 alias 10.80.1.16 255.255.255.0

 peer ip address 10.80.1.13 255.255.255.0

 no shutdown

ip route 0.0.0.0 0.0.0.0 10.80.1.1

FWSM Failover

Table 8-1 FWSM Failover Configuration

Primary FWSM Failover Configuration

Secondary FWSM Failover Configuration

interface VLAN4

description LAN Failover Interface

Interface VLAN5

description STATE Failover Interface

failover

failover lan unit primary

failover lan interface failover VLAN4

failover polltime unit msec 500 holdtime 3

failover polltime interface 3

failover replication http

failover link state VLAN5

failover interface ip failover 10.81.4.1 
255.255.255.0 standby 10.81.4.2

failover interface ip state 10.81.5.1 255.255.255.0 
standby 10.81.5.2

failover group 1

preempt

failover group 2

secondary

preempt 5

context V107

allocate-interface VLAN107

allocate-interface VLAN7

config-url disk:/V107.cfg

join-failover group 1

Interface VLAN4

description LAN Failover Interface

Interface VLAN5

 description STATE Failover Interface

Failover

 failover lan unit secondary

failover lan interface failover VLAN4

 failover polltime unit msec 500 holdtime 3

failover polltime interface 3

failover replication http

failover link state VLAN5

failover interface ip failover 10.81.4.1 
255.255.255.0 standby 10.81.4.2

failover interface ip state 10.81.5.1 255.255.255.0 
standby

 10.81.5.2

failover group 1

preempt

failover group 2

secondary

 preempt 5

 context V107

 allocate-interface VLAN107

allocate-interface VLAN7

 config-url disk:/V107.cfg

 join-failover group 1

ACE Failover

ft interface vlan 6

  ip address 10.81.6.6.1 255.255.255.0

  peer ip address 10.81.6.2 255.255.255.0

  no shutdown

ft peer 1

  heartbeat interval 100

  heartbeat count 10

  ft-interface vlan 6

ft group 2

  peer 1

  no preempt

  priority 210

  peer priority 200

  associate-context Admin

  inservice

context v107

 allocate-interface vlan107

 allocate-interface vlan207

ft group 3

peer 1

priority 220

peer priority 200

associate-context vlan107

inservice

Most of the configuration is done on the primary (primary on the admin context) ACE module. Only a few items need to be defined on the secondary ACE module: the FT interface is defined with the addresses reversed, the FT peer is configured the same, and the FT group for the admin context is configured with the priorities reversed. With the FT VLAN up, this is enough for the ACE modules to synch up correctly and all of the rest of the configuration is copied over and the priority values are reversed.

Additional References

See the following URL for more information:

•Cisco Catalyst 6500—http://www.cisco.com/en/US/products/hw/switches/ps708/index.html

Table Of Contents

Configuration Reference

Integrated Services Design Configurations

Core Switch 1

Aggregation Switch 1

Core Switch 2

Aggregation Switch 2

Access Switch 4948-7

Access Switch 4948-8

Access Switch 6500-1

FWSM 1-Aggregation Switch 1 and 2

Services Switch Design Configurations

Core Switch 1

Core Switch 2

Distribution Switch 1

Distribution Switch 2

Service Switch 1

Service Switch 2

Access Switch 6500

ACE and FWSM

FWSM Baseline

ACE Baseline

FWSM Failover

ACE Failover

Additional References