feature telnet
feature nxapi
feature ospf
feature bgp
feature pim
feature udld
feature interface-vlan
feature vn-segment-vlan-based
feature hsrp
feature lacp
feature vpc
feature lldp
feature nv overlay
feature pbr
feature sla sender
feature sla responder
feature vrrpv3
feature bfd

router ospf 10

router ospf 10

interface ethernet 1/5
   ip ospf router 10 area 0.0.0.0

interface ethernet 1/5
   ip ospf router 10 area 0.0.0.0

router ospf 10
   area 0

router ospf 10
   router-id 10.218.20.15

router ospf 10
   router-id 10.218.20.15

router ospf 10
!
   auto-cost reference-bandwidth 800000

interface ethernet1/5
   ip ospf network point-to-point

interface vlan10
   ip ospf network point-to-point

router ospf 10
   area 0
     interface GigabitEthernet0/0/1/3
       network point-to-point

interface Ethernet1/5
   ip ospf authentication message-digest

interface Ethernet1/5
   ip ospf message-digest-key 1 md5 0 xxx

router ospf 10
   area 0
     interface <Fabric Interface>
       authentication message-digest
       message-digest-key 1 md5 encrypted 202cb962ac59075b964b07152d234b70

interface loopback3
   ip router ospf 100 area 0.0.0.0

router ospf 10
   area 0
     interface Loopback10
       passive enable

router ospf 10
   timers lsa arrival 15 
   timers throttle lsa 0 20 5000 
   timers throttle spf 50 100 5000

router ospf 10
   timers throttle lsa all 0 20 5000
   timers throttle spf 50 100 5000
   timers lsa min-arrival 15

feature bfd
router ospf 10
   bfd

interface Ethernet1/5
   no ip redirects

router ospf 10
   bfd minimum-interval 150
   bfd multiplier 3
   area 0
     interface TenGigE0/0/2/1
     bfd fast-detect

interface vlan 10
   no bfd echo

feature pim

interface loopback1
   ip address 10.10.10.10/24
   ip router ospf 10 area 0.0.0.0
   ip pim sparse-mode

ip pim rp-address 10.218.20.250 group-list 239.255.0.0/16 override

ip pim anycast-rp 10.218.20.250 10.218.20.249
ip pim anycast-rp 10.218.20.250 10.218.20.248

feature pim

ip pim rp-address 10.218.20.250 group-list 239.255.0.0/16 override

interface Vlan10
  ip pim sparse-mode

interface loopback0
  ip pim sparse-mode

interface Ethernet2/1
  ip pim sparse-mode

interface Ethernet2/2
  ip pim sparse-mode

interface Ethernet 1/10
  switchport mode trunk

interface Ethernet 1/10
  switchport trunk allowed vlan none

interface Ethernet 1/10
  spanning-tree port type edge trunk

interface Ethernet 1/10
  spanning-tree bpduguard enable

interface Ethernet 1/10
  spanning-tree bpdufilter enable

interface Ethernet 1/10
  storm-control broadcast level 20.0

interface Ethernet 1/10
  storm-control multicast level 30.0

interface Ethernet 1/10
  storm-control unicast level 50.0

interface Ethernet 1/10
  storm-control action shutdown

vpc domain 1
  role priority 100

vpc domain 1
  role priority 200

vrf context management

interface mgmt 0
   vrf member management

interface mgmt 0 
   ip address 10.10.10.10/24
   no shutdown

vpc domain 1 
   peer-keepalive destination 172.20.118.20

interface Ethernet 1/1 
   spanning-tree port type network
   channel-group 1 mode active no shutdown

interface Ethernet 1/2
   spanning-tree port type network
   channel-group 1 mode active no shutdown

interface port-channel1
   switchport
   switchport mode trunk
   spanning-tree port type network
   vpc peer-link

interface Ethernet 2/9
  channel-group mode active id 51

interface port-channel 51
  switchport

interface port-channel 51
  switchport
  vpc 51

vpc domain 1
  peer-switch

vpc domain 1
  ip arp synchronize

vpc domain 10 
   peer-switch 
   system-priority 100 ( could not find this option)

   peer-keepalive destination 172.20.118.120 
   delay restore 200
   peer-gateway 
   ip arp synchronize

interface port-channel1 
description vPC peer-link

interface port-channel1 
   description vPC switchport mode trunk

interface port-channel 1
  description vPC switchport mode trunk

interface port-channel 1
  description vPC spanning-tree port type network

interface port-channel 1
  vpc peer-link

interface port-channel 10
  switchport trunk allowed vlan

interface port-channel 10
  spanning-tree port type edge trunk

interface port-channel 10
  spanning-tree bpdufilter enable

interface port-channel 10
  spanning-tree bpduguard enable

interface port-channel 10
  vpc 10

interface Ethernet 1/10
  switchport trunk allowed vlan none

interface Ethernet 1/10
  spanning-tree port type edge trunk

interface Ethernet 1/10
  spanning-tree bpduguard enable

interface Ethernet 1/10
  spanning-tree bpdufilter enable

interface Ethernet 1/10
  channel-group 10 mode active

interface loopback 0
  ip address 10.10.10.10/24

interface loopback 0
  ip address 10.10.10.10/24 secondary

interface loopback 0
  ip router ospf 100 area 0.0.0.0

interface loopback 0
  ip pim sparse-mode

interface Vlan 10
  ip address 10.10.10.10/24

interface Vlan 10
  description Underlay vPC Backup link 
   no shutdown
   no bfd echo

interface Vlan 10 
  ip ospf network point-to-point

interface Vlan 10
  ip router ospf 100 area 0.0.0.0

interface Vlan10
  ip pim sparse-mode

interface Ethernet 1/10
 
  switchport mode trunk

interface Ethernet 1/10
  switchport mode trunk allowed vlan 10

interface Ethernet 1/10
  spanning-tree port type edge trunk

interface Ethernet 1/10
  spanning-tree bpduguard enable

nx:interface Ethernet 1/10
  spanning-tree bpdufilter enable

interface Ethernet 1/10
  no shutdown

interface port-channel 10
  switchport mode trunk

interface port-channel 10
  switchport mode trunk trunk allowed vlan ids 1

interface port-channel 10
  spanning-tree port type edge

interface port-channel 10
  spanning-tree bpduguard enable

interface port-channel 10
  spanning-tree bpdufilter enable

interface port-channel 10
  no shutdown

interface port-channel 10
  vpc port-channel-number 10

interface Ethernet 1/10
  switchport mode trunk

interface Ethernet 1/10
  switchport mode trunk allowed vlan 10

interface Ethernet 1/10
  spanning-tree port type edge trunk

interface Ethernet 1/10
  spanning-tre guard root

interface Ethernet 1/10
  no shutdown

interface ethernet <xxxx>
  description <leaf/Spine Fabric> ip address

interface Ethernet 1/10
  description leaf mtu 9216

interface Vlan 1
  description <attachment/border facing intf>

interface Vlan 1
  description ip address <addr>

interface Vlan 1
  description ip address mtu 1500

interface <To Spine> 
   mtu 9214

interface <To Border Leaf> 
   mtu 1518

interface GigabitEthernet0/0/1/5
  mtu 9214

system qos
   service-policy type queuing output default-out-policy

policy-map type network-qos Jumbo-nq-policy
   class type network-qos c-nq3

policy-map type network-qos Jumbo-nq-policy
class type network-qos c-nq3
   match qos-group 3

policy-map type network-qos Jumbo-nq-policy
class type network-qos c-nq3
   mtu 9216

class type network-qos c-nq3
   match qos-group 3
   mtu 9216
class type network-qos c-nq2
   match qos-group 2
   mtu 9216
class type network-qos c-nq1
   match qos-group 1
   mtu 9216
class type network-qos c-nq-default
   match qos-group 0
   mtu 9216

system qos
service-policy type network-qos Jumbo-nq-policy

"hardware access-list tcam region racl 0
hardware access-list tcam region e-racl 0
hardware access-list tcam region span 0
hardware access-list tcam region vqos 256
hardware access-list tcam region e-qos 256
hardware access-list tcam region arp-ether 256"

system qos
service-policy type queuing output default-out-policy

system qos
service-policy type network-qos Jumbo-nq-policy

policy-map type queuing default-out-policy
class type queuing c-out-q3
   priority level 1
class type queuing c-out-q2
   bandwidth remaining percent 0
class type queuing c-out-q1
   bandwidth remaining percent 0
class type queuing c-out-q-default
bandwidth remaining percent 100

System qos
   Service-policy type queuing out default-out-policy

policy-map type queuing default-out-policy
class type queuing c-out-q3
   priority level 1
class type queuing c-out-q2
   bandwidth remaining percent 0
class type queuing c-out-q1
   bandwidth remaining percent 0
class type queuing c-out-q-default
   bandwidth remaining percent 100

System qos
   Service-policy type queuing out default-out-policy

interface mgmt0
   ip address 10.10.10.10/24

vrf context management
ip route 0.0.0.0/0 10.218.23.254

hostname nw_lf_cnx9_001.41gebz_o01_s01

clock timezone EET 2 0
clock summer-time EEST 4 Sunday March 02:00 4 Sunday October 03:00 60

ip domain-name <cust_name>
no ip domain-lookup

snmp-server contact <contact_name>
snmp-server location <location_name>

snmp-server host 85.29.26.36 traps version 2c <SNMP_Community_1>
snmp-server host 85.29.56.136 traps version 2c <SNMP_Community_1>
snmp-server host 85.29.60.191 traps version 2c <SNMP_Community_1>
snmp-server host 85.29.60.235 traps version 2c <SNMP_Community_1>
snmp-server host 213.74.189.232 traps version 2c <SNMP_Community_1>
snmp-server host 213.74.189.233 traps version 2c <SNMP_Community_1>

snmp-server host 85.29.26.36 use-vrf management
snmp-server host 85.29.56.136 use-vrf management
snmp-server host 85.29.60.191 use-vrf management
snmp-server host 85.29.60.235 use-vrf management
snmp-server host 213.74.189.232 use-vrf management
snmp-server host 213.74.189.233 use-vrf management

snmp-server source-interface trap mgmt0

snmp-server community <community> group network-admin

15 permit ip host 213.74.197.43 any
...
390 permit ip host 176.43.250.25 any

feature lldp

interface Ethernet slot#/port#
   no ip redirects 
   no ipv6 redirects

NX-OS(config)#no ssh server enable
NX-OS(config)#ssh key {dsa [force] | rsa [bits [force]]}
NX-OS(config)#ssh server enable
NX-OS#show ssh key
**************************************
rsa Keys generated:Fri Apr 10 20:13:21 2010
<clipped> !

NX-OS(config)#feature tacacs+
NX-OS(config)#tacacs-server host {ipv4-address | ipv6-address | host-name}
NX-OS(config)#tacacs-server key [0 | 7] key-value
NX-OS(config)#aaa group server tacacs+ group-name
               server {ipv4-address | ipv6-address | host-name}
deadtime minutes
               use-vrf <demo_name>
NX-OS(config)#tacacs-server timeout seconds
NX-OS(config)#tacacs-server host {ipv4-address | ipv6-address | host-name} port
tcp-port
NX-OS(config)#tacacs-server deadtime minutes

feature tacacs+
aaa group server tacacs+ TacacsGroup
   use-vrf management
   server 10.35.175.1
aaa authentication login console group TacacsGroup
aaa authentication login default group TacacsGroup
aaa authentication login error-enable
!
tacacs-server host 10.35.175.1 key <shared-key> port 49
tacacs-server directed-request
ip tacacs source-interface mgmt 0
!
! Device Login Authorisation with AAA
!

aaa authorization config-commands default group TacacsGroup local
aaa authorization commands default group TacacsGroup local
!
! Device Login Accounting with AAA
!
aaa accounting default group TacacsGroup
!
! Local User Configuration
!
username admin Pword <Pword> role network-admin

policy-map type control-plane copp-system-p-policy-strict
  class copp-system-p-class-l3uc-data
     set cos 1
     police cir 250 pps bc 32 packets conform transmit violate drop

class copp-system-p-class-critical
   set cos 7
   police cir 19000 pps bc 128 packets conform transmit violate drop	

class copp-system-p-class-important
  set cos 6
   police cir 3000 pps bc 128 packets conform transmit violate drop

class copp-system-p-class-multicast-router
  set cos 6
   police cir 3000 pps bc 128 packets conform transmit violate drop

class copp-system-p-class-management
   set cos 2
   police cir 3000 pps bc 32 packets conform transmit violate drop

class copp-system-p-class-multicast-host
   set cos 1
   police cir 2000 pps bc 128 packets conform transmit violate drop

class copp-system-p-class-l3mc-data
   set cos 1
   police cir 3000 pps bc 32 packets conform transmit violate drop

class copp-system-p-class-normal
   set cos 1
   police cir 1500 pps bc 32 packets conform transmit violate drop

class copp-system-p-class-ndp
   set cos 6
   police cir 1500 pps bc 32 packets conform transmit violate drop

class copp-system-p-class-normal-dhcp
   set cos 1
   police cir 300 pps bc 32 packets conform transmit violate drop

class copp-system-p-class-normal-dhcp-relay-response
   set cos 1
   police cir 400 pps bc 64 packets conform transmit violate drop

class copp-system-p-class-normal-igmp
  set cos 3
  police cir 6000 pps bc 64 packets conform transmit violate drop

class copp-system-p-class-redirect
  set cos 1
   police cir 1500 pps bc 32 packets conform transmit violate drop

class copp-system-p-class-exception
  set cos 1
   police cir 50 pps bc 32 packets conform transmit violate drop

class copp-system-p-class-exception-diag
  set cos 1
  police cir 50 pps bc 32 packets conform transmit violate drop

class copp-system-p-class-monitoring
  set cos 1
   police cir 300 pps bc 128 packets conform transmit violate drop

class copp-system-p-class-l2-unpoliced
  set cos 7
  police cir 20000 pps bc 8192 packets conform transmit violate drop

class copp-system-p-class-undesirable 
  set cos 0
   police cir 15 pps bc 32 packets conform transmit violate drop

class copp-system-p-class-fcoe
   set cos 6
   police cir 1500 pps bc 128 packets conform transmit violate drop

class copp-system-p-class-nat-flow
   set cos 7
   police cir 100 pps bc 64 packets conform transmit violate drop

class copp-system-p-class-l2-default
   set cos 0
   police cir 50 pps bc 32 packets conform transmit violate drop

class class-default
   set cos 0
   police cir 50 pps bc 32 packets conform transmit violate drop

N9k-ST-Leaf-01# sh copp status
Last Config Operation: None
Last Config Operation Timestamp: None
Last Config Operation Status: None
Policy-map attached to the control-plane: copp-system-p-policy-strict

N9k-ST-Leaf-01# sh copp profile ?
dense     Display dense profile
lenient   Display lenient profile
moderate Display moderate profile
strict   Display strict profile

feature bfd
bfd interval 50 min_rx 50 multiplier 3

router ospf UNDERLAY
   bfd

router bgp 65539
vrf <demo_name>
     address-family ipv4 unicast

router bgp 65539
   vrf <demo_name>
       local-as 65539

router bgp 65539
vrf <demo_name>
       neighbor 10.23.65.0 remote-as 65541
           bfd	

feature ospf
!
router ospf UNDERLAY
   log-adjacency-changes detail 
   bfd

router ospf UNDERLAY 
   log-adjacency-changes detail
   bfd
   router-id <loopback17-ip-address>

router ospf UNDERLAY 
   passive-interface default

continue from the above...
interface Ethernet1/5
   ip router ospf UNDERLAY area 0.0.0.1
   ip ospf bfd
   ip ospf network point-to-point
   no ip ospf passive-interface

interface loopback<id>
   ip router ospf UNDERLAY area 0.0.0.1

interface eth <slot>/<port>
   ip ospf authentication message-digest
   ip ospf message-digest-key <key-id> md5 0 <clear-text-key>

router ospf UNDERLAY
   auto-cost reference bandwidth 100Gbps

interface loopback17
   ip router ospf UNDERLAY area 0.0.0.1

interface eth<slot>/<port>
   ip router ospf UNDERLAY area 0.0.0.1 
   ip ospf network point-to-point
   no ip ospf passive-interface
   ip ospf bfd
   ip ospf authentication message-digest
   ip ospf message-digest-key <key-id> md5 0 <clear-text-key>

feature pim

ip pim long-neighbor-changes

interface ethernet 1/10
  ip pim sparse-mode

interface ethernet 1/10
  ip pim bfd-instance

interface loopback<id>
  ip pim sparse-mode

interface nve<id>
  member vni <L2-VNID>
    mcast-group 239.239.0.1
  member vni <L2-VNID>
    mcast-group 239.239.0.2

interface loopback18 
   ip pim sparse-mode

interface loopback17
   ip pim sparse-mode

ip pim rp-address <loopback18> group-list 239.239.0.0/16

ip pim rp-address <anycast-loopback> group-list 239.239.0.0/16

feature pim
  ip pim log-neighbor-changes

interface loopback17
  ip pim sparse-mode

interface ethernet<slot>/<port>
  ip pim sparse-mode
  ip pim bfd-instance

interface nve1
member vni <L2-VNID>
   mcast-group 239.64.64.1 
member vni <L2-VNID>
   mcast-group 239.64.64.2

ip pim rp-address <anycast-loopback> group-list 239.239.0.0/16

feature pim
  ip pim log-neighbor-changes

interface ethernet 1/10
  ip pim sparse-mode

interface ethernet 1/10
  ip pim bfd-instance

interface loopback17
  ip pim sparse-mode

interface loopback18
  ip pim sparse-mode

ip pim rp-address <loopback18> group-list 239.239.0.0/16

ip pim anycast-rp <loopback18> <loopback17>

vlan 17
vn-segment 10019

interface Vlan17

mtu 9216
vrf member <demo_name>

ip ospf cost 10
ip ospf passive-interface
ip router ospf 1 area 0.0.0.0

vrf context <demo_name>

ip route 0.0.0.0/0 Vlan1605 11.0.23.30

router bgp 65542
vrf <demo_name>
   address-family ipv4 unicast
     network 0.0.0.0/0

route-map RM-IN-S2 permit 10 
   match tag 1000 
route-map RM-IN-S3 permit 10   
   match tag 1000

route-map RM-S-to-O permit 10 
   match tag 131 132 133 139 134 135   
   set metric-type type-1

vrf context <demo_name>
   ip route 9.59.207.0/24 Vlan1603 11.0.34.30 name <test_name> tag 1000 50

vrf context <demo_name>
     ip route 9.59.207.0/24 Ethernet1/46.2 11.0.40.142 name <test_name> tag 1000 10

vrf context <demo_name>
     ip route 10.0.0.0/12 Vlan1603 11.0.34.30 tag 1000 50

vrf context <demo_name>
     ip route 10.0.0.0/12 Ethernet1/46.2 11.0.40.142 tag 1000 10

vrf context <demo_name>
     ip route 10.2.52.0/24 Vlan6 10.2.42.3 tag 1000

vrf context <demo_name>
   ip route 192.168.0.0/16 Vlan1603 11.0.34.30 name <test_name> tag 1000
rd auto
address-family ipv4 unicast
   route-target both auto
   route-target both auto evpn

vrf context <demo_name>
   ip route 10.2.0.0/19 Vlan1607 11.0.34.14 tag 131 50

vrf context <demo_name>
     ip route 10.2.0.0/19 Ethernet1/45.1 11.0.40.145 tag 131 10

vrf context <demo_name>
   ip route 10.2.96.0/19 Vlan3203 11.0.39.14 tag 134

interface Vlan1601
no shutdown
vrf member <demo_name>
no ip redirects
  ip address 10.10.10.10/24
no ipv6 redirects
hsrp version 2
hsrp 1601 
    preempt 
   priority 110
   ip 11.0.34.33

interface Vlan1602
no shutdown
vrf member <demo_name>
no ip redirects
no ipv6 redirects
ip ospf cost 10
ip ospf passive-interface
ip router ospf 100 area 0.0.0.0

(IPv4 and IPv6)

interface ex/y
  mac aaaa.bbbb.cccc	
  vrf member <demo_name>
  ip address x.x.x.x/31
  ipv6 address x:x:x::x
  ip policy route-map TO_VPER_OR_FW
  ipv6 policy route-map TO_VPER_OR_FW_v6
  no shut

interface Ethernet1/36.1
mtu 1500

interface Ethernet1/36.1
encapsulation dot1q 1602
mac-address 0000.0000.2222
vrf member <demo_name>
no ip redirects
ip address 10.10.10.10/24

interface Ethernet1/37.1
mtu 1500
encapsulation dot1q 1608
vrf member <demo_name>
no ip redirects
ip address 10.10.10.10/24
ip ospf dead-interval 20
ip ospf hello-interval 5
ip ospf network point-to-point
ip router ospf 100 area 0.0.0.0

router ospf 1
vrf <demo_name>
   router-id 55.2.32.5
vrf <demo_name>
   router-id 55.2.32.5
vrf <demo_name>
   router-id 55.2.32.5
   redistribute static route-map RM-S-to-O

router bgp 65543
vrf <demo_name>
   address-family ipv4 unicast
     advertise l2vpn evpn
     redistribute direct route-map vts-subnet-policy
     redistribute static route-map RM-IN-S2

nv overlay evpn

clock protocol ntp vdc 1

role name nsdcheck
rule 4 permit command show *
rule 3 permit command terminal length *
rule 2 permit command ping *
rule 1 permit read 

role name devcheck
rule 8 permit command tac-pac *
rule 7 permit command dir *
rule 6 permit command ssh *
rule 5 permit command traceroute *
rule 4 permit command ping *

role name devopera
rule 1 permit read-write 

ip name-server 55.6.8.73 55.22.8.3

username user password 5 $1$lDuqR.60$eNzZ5I22WxJT58gdEm88N0 role network-operator

username vtsadmin password 5 $5$MmpswImI$vbZhP/52dNjHY5KWj4yBvmiDvuOZZ9gd2vo2oZc61b4 role network-admin

username nsdcheck password 5 $5$dpIXMjZs$jDIZVf6grMu1yq79vTts2mcgPlt0QWp5z3tDnw3N5W8 role nsdcheck

snmp-server source-interface trap loopback1

snmp-server user user network-operator auth md5 0x3eaa4221f6bbf8722cbdea7ea6bf2f11 priv 0x3eaa4221f6bbf8722cbdea7ea6bf2f11 localizedkey

snmp-server host 55.6.8.1 traps version 2c COMMUNITY1
snmp-server host 55.6.8.1 use-vrf default

snmp-server enable traps bgp
snmp-server enable traps ospf
snmp-server enable traps callhome event-notify
snmp-server enable traps callhome smtp-send-fail
snmp-server enable traps cfs state-change-notif
snmp-server enable traps lldp lldpRemTablesChange
snmp-server enable traps aaa server-state-change
snmp-server enable traps hsrp state-change
snmp-server enable traps feature-control FeatureOpStatusChange
snmp-server enable traps sysmgr cseFailSwCoreNotifyExtended
snmp-server enable traps config ccmCLIRunningConfigChanged
snmp-server enable traps snmp authentication
snmp-server enable traps link cisco-xcvr-mon-status-chg
snmp-server enable traps vtp notifs
snmp-server enable traps vtp vlancreate
snmp-server enable traps vtp vlandelete
snmp-server enable traps bridge newroot
snmp-server enable traps bridge topologychange
snmp-server enable traps stpx inconsistency
snmp-server enable traps stpx root-inconsistency
snmp-server enable traps system Clock-change-notification
snmp-server enable traps feature-control ciscoFeatOpStatusChange

snmp-server community COMMUNITY1 group network-operator

ntp source-interface loopback0
ntp logging

ip pim ssm range 232.0.0.0/8

spanning-tree pathcost method long
spanning-tree mst 1 priority 4096
spanning-tree mst configuration
name CFG01
revision 1
instance 1 vlan 1-4094

hardware access-list tcam region qos 0

vpc domain 151
   peer-keepalive destination 55.2.34.2 source 55.2.34.1 vrf default

vpc domain 151
   auto-recovery

interface Vlan1602
no shutdown
vrf member <demo_name>
no ip redirects
fabric forwarding mode anycast-gateway

interface port-channel101
no switchport
mtu 9216
no ip redirects
ip address 10.10.10.10/24
ip ospf cost 10
ip ospf dead-interval 20
ip ospf hello-interval 5
ip ospf network point-to-point
ip router ospf 1 area 0.0.0.0
ip pim sparse-mode

interface Ethernet1/45
no switchport
mtu 9216
mac-address 0000.0000.1111

interface Ethernet1/47
no switchport
mtu 9216
udld enable

interface Ethernet2/5
switchport mode trunk
switchport trunk allowed vlan 2-4094
channel-group 21 mode active

interface mgmt0
no lldp transmit
no lldp receive

clock timezone PRC 8 0

ip route 0.0.0.0/0 Ethernet1/46.452 55.6.34.198 tag 1000 10
ip route 0.0.0.0/0 Vlan3903 55.6.40.14 tag 1000 50

router ospf 1
redistribute static route-map RM-S-to-O

router bgp 65543
router-id 55.2.32.5
address-family ipv4 unicast
address-family l2vpn evpn
neighbor 55.2.32.1
   remote-as 65543
   update-source loopback1
   address-family ipv4 unicast
   address-family l2vpn evpn
     send-community extended

(IPv4 only)

router bgp 65539                       
  router-id 192.168.0.25
  log-neighbor-changes
  address-family ipv4 unicast
    maximum-paths 32
    maximum-paths ibgp 32
  address-family ipv6 unicast
    maximum-paths 32
    maximum-paths ibgp 32
  address-family l2vpn evpn
  neighbor 192.168.0.3
    remote-as 65539
    password 3 2b7cf4643b66b222
    update-source loopback17
    address-family l2vpn evpn
      send-community
      send-community extended

(IPv4 and IPv6)

event manager applet TRACK-PING-FOR-BGP-DOWN
  event track 1 state down
  action 1.0 syslog msg CANNOT PING FW. GOING TO SHUTDOWN BGP PEER
  action 2.0 cli config term
  action 3.0 cli router bgp 65539
  action 4.0 cli vrf <demo_name>
  action 5.0 cli neighbor 175.175.175.175
  action 6.0 cli shutdown
event manager applet TRACK-PING-FOR-BGP-UP
  event track 1 state up
  action 1.0 syslog msg CAN PING FW. GOING TO NO SHUTDOWN BGP PEER
  action 2.0 cli config term
  action 3.0 cli router bgp 65539
  action 4.0 cli vrf <demo_name>
  action 5.0 cli neighbor 175.175.175.175
  action 6.0 cli no shutdown

(IPv4 only for N9K)

(IPv4 and IPv6 for N7K)

!On BL-1 Track the local VPER-1
ip sla 1
  icmp-echo 69.83.32.36 source-interface vlan 2400
    vrf <demo_name>      forward reference to VRF
    threshold 500
    timeout 500
    frequency 1
! Start the SLAs
ip sla schedule 1 life forever start-time now      


! Setup a track object for sla 1    
track 1 ip sla 1 reachability
 delay up 180 down 3

! Set up a track open that returns a DOWN only if both objects 1 and 2 are down. 
track 111 list boolean or
  object 1

(IPv4 and IPv6)

track 10 ip route 0.0.0.0/0 reachability
  vrf member <demo_name>

(IPv4 and IPv6)

interface port-channel 110.2511
  encapsulation dot1q 2511
  vrf member <demo_name>        
  ip address 10.10.10.10/24
  no shut
interface port-channel 110.2575
  encapsulation dot1q 2575
  vrf member <demo_name>
  ipv6 address 10:10:10:10:10:10:10:10/64

interface port-channel 110.2577
  ip policy route-map FROM_VPER

interface port-channel 110.2577
  ipv6 policy route-map FROM_VPERv6

! EEM to track both VPERs, when one is up restore traffic
event manager applet VPER_TRACK_UP
  event track 111 state up
  action 1.0 syslog msg "BOTH VPERS ARE UP. REMOVING BYPASS!"
  action 2.0 cli command "config t" 
  action 3.0 cli command "route-map TO_VPER_OR_FW permit 20" 
  action 4.0 cli command "no continue 30" 
  action 5.0 cli command "exit" 
  action 6.0 cli command "route-map TO_VPER_OR_FWv6 permit 20" 
  action 7.0 cli command "no continue 30" 
  action 8.0 cli command "exit" 
  action 9.0 cli command "route-map FROM_FW_TO_VPER_OR_MOBILE permit 10" 
  action 10.0 cli command "no continue 20" 
  action 11.0 cli command "end"   
  action 12.0 cli command "route-map FROM_FW_TO_VPER_OR_MOBILEv6 permit 10" 
  action 13.0 cli command "no continue 20" 
  action 14.0 cli command "end"   
  action 15.0 syslog msg "TRAFFIC HAS BEEN RESTORED TO VPER"

! EEM to track both VPERs, when one is up restore traffic
event manager applet VPER_TRACK_UP
  event track 111 state up
  action 1.0 syslog msg BOTH VPERS ARE UP. REMOVING BYPASS
  action 2.0 cli command "config t" 
  action 3.0 cli command "route-map TO_VPER_OR_FW permit 20" 
  action 4.0 cli command "no continue 30" 
  action 5.0 cli command "exit" 
  action 6.0 cli command "route-map TO_VPER_OR_FWv6 permit 20" 
  action 7.0 cli command "no continue 30" 
  action 8.0 cli command "exit" 
  action 9.0 cli command "route-map FROM_FW_TO_VPER_OR_MOBILE permit 10" 
  action 10.0 cli command "no continue 20" 
  action 11.0 cli command "end"   
  action 12.0 cli command "route-map FROM_FW_TO_VPER_OR_MOBILEv6 permit 10" 
  action 13.0 cli command "no continue 20" 
  action 14.0 cli command "end"   
  action 15.0 syslog msg TRAFFIC HAS BEEN RESTORED TO VPER

(IPv4 and IPv6)

ip access-list ALL_POOLS
  10 permit ip  1.0.0.0/8 any 
  20 permit ip  any 1.0.0.0/8 
  30 permit ip  2.0.0.0/8 any 
  40 permit ip  any 2.0.0.0/8 


! Need to configure a ACL for all All POOLS
ipv6 access-list ALL_POOLSv6
  10 permit ipv6  2001:1::/32 any 
  20 permit ipv6  any 2001:1::/32
  30 permit ipv6  2001:2::/32 any 
  40 permit ipv6  any 2001:2::/32

(IPv4 and IPv6)

set ip next-hop verify-availability 69.83.32.35 track 2
route-map TO_VPER_OR_FW permit 30
  match ip address ALL_POOLS
  ! Set the ip next-hop to the FW VIP
  set ip next-hop 69.83.136.129


route-map TO_VPER_OR_FW_v6 permit 10
! Leave room here for the pilot packets 
route-map TO_VPER_OR_FW_v6 permit 20
  match ipv6 address VPER_POOLSv6
  set ipv6 next-hop verify-availability 2001:4888:16:2078:1e1:210:: track 1
  set ipv6 next-hop verify-availability 2001:4888:16:207a:1e1:210:: track 2
route-map TO_VPER_OR_FW_v6 permit 30
  match ipv6 address ALL_POOLSv6
  ! Set the ipv6 next-hop to the FW VIP
  set ipv6 next-hop 2001:4888:39:3080:308:25::

route-map FROM_FW_TO_VPER_OR_MOBILE permit 10
  match ip address VPER_POOLS
  set vrf <demo_name>_VPER 

monitor session 1 type erspan-source
  erspan-id 5         
  vrf <demo_name>
  ip ttl 25
  ip dscp 42

monitor erspan origin ip-address 10.0.0.1 global

class-map type qos match-any TEST1
   match packet length 5

class-map type control-plane match-any cust1-copp-system-p-class-exception
  match exception ip option
  match exception ip icmp unreachable
  match exception ipv6 option
  match exception ipv6 icmp unreachable
class-map type control-plane match-any cust1-copp-system-p-class-fcoe
  match access-group name cust1-copp-system-p-acl-mac-fcoe


policy-map type control-plane cust1-copp-system-p-policy-strict
     class cust1-copp-system-p-class-exception
        set cos 1 
        police cir 360 kbps bc 250 ms conform transmit violate drop
    class cust1-copp-system-p-class-fcoe
       set cos 6 
       police cir 1060 kbps bc 1000 ms conform transmit violate drop

interface Tunnel1
vrf member <demo_name>
ip address 10.10.10.10/24
tunnel source 1.1.1.201
tunnel destination 1.1.1.200
no shutdown