ASR configuration

ASR configuration

ASR configuration

Router#show run
Building configuration…

Current configuration : 11642 bytes
!
! Last configuration change at 23:52:36 Tirane Wed Jan 26 2022 by asnet
! NVRAM config last updated at 21:55:29 Tirane Wed Jan 26 2022 by asnet
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable password asnet
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login asnet local
aaa authentication enable default enable
aaa authentication ppp default group radius local
aaa authorization network default group radius
aaa authorization network asnet local
aaa accounting delay-start
aaa accounting update periodic 1
aaa accounting network default start-stop group radius
!
!
aaa nas port extended
!
!
!
aaa server radius dynamic-author
client 192.168.77.2
server-key testing123
auth-type any
ignore session-key
ignore server-key
!
aaa session-id common
aaa policy interface-config allow-subinterface
clock timezone Tirane 1 0
!
ip vrf ISP-1
!
ip vrf ISP-2
!
!
!
!
!
!
!
!
!
!
!

ip name-server 1.1.1.1 8.8.8.8

ip domain name drinia
!
ip dhcp pool expired
network 10.5.0.0 255.255.0.0
default-router 10.5.0.1
lease 0 0 30
!
!
!
!
!
!
!
!
!
!
no subscriber templating
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group 1
! Default L2TP VPDN group
! Default PPTP VPDN group
accept-dialin
protocol any
virtual-template 100
no l2tp tunnel authentication
!
!
!
!
!
!
!
!
!
!
!
spanning-tree extend system-id
!
!
redundancy
mode sso
!
track 3 list boolean and
object 10 not
object 20
!
track 4 list boolean and
object 10
object 20 not
!
track 5 list boolean and
object 10
object 30 not
!
track 10 ip sla 1 reachability
!
track 20 ip sla 2 reachability
!
track 30 ip sla 3 reachability
!
!
policy-map 100M
class class-default
police cir 110000000 conform-action transmit exceed-action drop
policy-map 50M
class class-default
police cir 55000000 conform-action transmit exceed-action drop
policy-map 60M
class class-default
police cir 66000000 conform-action transmit exceed-action drop
policy-map 1000M
class class-default
police cir 1000000000 conform-action transmit exceed-action drop
!
crypto isakmp policy 100
encr 3des
hash md5
authentication pre-share
group 2
lifetime 3600
!
crypto isakmp client configuration group cisco
key asnet
pool VPN-POOL
!
!
crypto ipsec transform-set set1 esp-3des esp-md5-hmac
mode tunnel
!
!
!
crypto dynamic-map map1 10
set transform-set set1
reverse-route
!
!
crypto map map1 client authentication list asnet
crypto map map1 isakmp authorization list asnet
crypto map map1 client configuration address respond
crypto map map1 10 ipsec-isakmp dynamic map1
!
bba-group pppoe IP-POOL-WAN1
virtual-template 1
sessions per-mac limit 1000
sessions per-vlan limit 4000 inner 3500
sessions auto cleanup
!
bba-group pppoe IP-POOL-WAN2
virtual-template 2
sessions per-mac limit 1000
sessions per-vlan limit 10000 inner 3500
sessions auto cleanup
!
bba-group pppoe PPPOE2
virtual-template 1
!
bba-group pppoe IP-POOL-WAN3
virtual-template 3
sessions per-mac limit 1000
sessions per-vlan limit 10000 inner 3500
sessions auto cleanup
!
interface Loopback1
no ip address
!
interface TenGigabitEthernet0/0/0
no ip address
!
interface TenGigabitEthernet0/0/0.71
!
interface TenGigabitEthernet0/0/0.304
description WAN1
encapsulation dot1Q 304
ip address 192.168.1.1 255.255.255.252
ip nat outside
crypto map map1
!
interface TenGigabitEthernet0/0/0.350
description WAN2
encapsulation dot1Q 350
ip address 192.168.2.1 255.255.255.0
ip nat outside
!
interface TenGigabitEthernet0/0/0.521
description WAN3
encapsulation dot1Q 521
ip address 192.168.3.1 255.255.255.252
ip nat outside
!
!
interface TenGigabitEthernet0/1/0
no ip address
!
interface TenGigabitEthernet0/1/0.70
description
encapsulation dot1Q 70
ip nat inside
ip policy route-map PBR-ISP1
pppoe enable group IP-POOL-WAN1
!
interface TenGigabitEthernet0/1/0.71
description
encapsulation dot1Q 71
pppoe enable group IP-POOL-WAN2
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 172.18.255.2 255.255.255.0
negotiation auto
!
interface Virtual-Template1
ip unnumbered Loopback1
no ip redirects
ip mtu 1492
ip nat inside
ip policy route-map PBR-ISP1
peer default ip address pool IP-POOL-WAN1
ppp mtu adaptive
ppp lcp predictive
ppp lcp echo mru verify
ppp authentication chap pap ms-chap ms-chap-v2
ppp ipcp dns 1.1.1.1
ppp ipcp predictive
!
interface Virtual-Template2
ip unnumbered Loopback1
no ip redirects
ip mtu 1492
ip nat inside
ip policy route-map PBR-ISP2
peer default ip address pool IP-POOL-WAN2
ppp mtu adaptive
ppp lcp predictive
ppp lcp echo mru verify
ppp authentication chap pap ms-chap ms-chap-v2
ppp ipcp dns 1.1.1.1
ppp ipcp predictive
!
interface Virtual-Template3
ip unnumbered Loopback1
no ip redirects
ip mtu 1492
ip nat inside
ip policy route-map PBR-2
peer default ip address pool IP-POOL-WAN2
ppp mtu adaptive
ppp lcp predictive
ppp lcp echo mru verify
ppp authentication chap pap ms-chap ms-chap-v2
ppp ipcp dns 1.1.1.1
ppp ipcp predictive
!
interface Virtual-Template100
description PPTP access
ip unnumbered TenGigabitEthernet0/0/0.304
load-interval 30
peer default ip address pool VPN-POOL
no keepalive
ppp encrypt mppe auto
ppp authentication pap chap ms-chap
ppp ipcp dns 8.8.8.8 8.8.4.4
!
ip local pool IP-POOL-WAN1 10.20.0.20 10.20.7.250
ip local pool IP-POOL-WAN2 10.30.0.2 10.30.7.250
ip local pool VPN-POOL 10.1.0.2 10.1.0.100
ip nat settings pap
ip nat translation tcp-timeout 3600
ip nat translation udp-timeout 300
ip nat translation syn-timeout 5
ip nat translation dns-timeout 10
ip nat translation icmp-timeout 30
ip nat pool 2nd 192.168.0.208 192.168.0.215 netmask 255.255.255.248
ip nat pool 1st 192.168.1.168 192.168.1.175 netmask 255.255.255.248
ip nat pool 3rd 192.168.2.73 192.168.2.75 netmask 255.255.255.248
ip nat inside source static 192.168.77.2 192.168.0.50
ip nat inside source static udp 172.40.55.3 161 192.168.0.78 2162 extendable
ip nat inside source static udp 172.40.55.4 161 192.168.0.78 2163 extendable
ip nat inside source static tcp 172.40.55.3 23 192.168.0.78 2334 extendable
ip nat inside source static tcp 172.40.55.4 23 192.168.0.78 2335 extendable
ip nat inside source route-map OUTSIDE1 pool 1st overload
ip nat inside source route-map OUTSIDE2 pool 2nd overload
ip nat inside source route-map OUTSIDE3 pool 3rd overload
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 0.0.0.0 0.0.0.0 192.168.2.1
ip route 192.168.77.0 255.255.255.0 10.3.4.1
!
ip sla 1
icmp-echo 192.168.0.165 source-interface TenGigabitEthernet0/0/0.304
frequency 5
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 192.168.1.53 source-interface TenGigabitEthernet0/0/0.533
frequency 5
ip sla schedule 2 life forever start-time now
ip sla 3
icmp-echo 192.168.2.49 source-interface TenGigabitEthernet0/0/0.521
frequency 5
ip sla schedule 3 life forever start-time now
access-list 20 permit 10.20.0.0 0.0.7.255
access-list 21 permit 10.20.0.0 0.0.7.255
access-list 30 permit 10.30.0.0 0.0.7.255
access-list 31 permit 10.30.0.0 0.0.7.255
!
route-map OUTSIDE-ISP2 permit 10
match ip address 20 30
match interface TenGigabitEthernet0/0/0.304
!
route-map OUTSIDE-ISP1 permit 10
match ip address 30 20
match interface TenGigabitEthernet0/0/0.533
!
route-map PBR-ISP2 permit 10
match ip address any
set ip next-hop 192.168.0.165
set ip next-hop recursive 192.168.0.53
!
route-map PBR-ISP1 permit 10
match ip address any
set ip next-hop 192.168.153
set ip next-hop recursive 192.168.0.165
!
route-map OUTSIDE2 permit 10
match ip address 30 20
match interface TenGigabitEthernet0/0/0.521
!
route-map PBR2 permit 10
match ip address any
set ip next-hop 192.168.2.49
set ip next-hop recursive 192.168.0.165
!
!
!
radius-server attribute 44 include-in-access-req all
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 32 include-in-access-req
radius-server attribute 32 include-in-accounting-req
radius-server attribute 55 access-request include
radius-server attribute 25 access-request include
radius-server attribute 30 original-called-number
radius-server attribute 31 mac format one-byte delimiter colon upper-case
radius-server attribute 31 send nas-port-detail mac-only
!
radius server radius
address ipv4 192.168.77.2 auth-port 1812 acct-port 1813
non-standard
key testing123
!
!
control-plane
!
!
!
!
!
!
!
!
!
alias exec sub sh pppoe summary per subinterface
alias exec c conf t
!
line con 0
password @snet
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password asnet
line vty 5 15
password asnet
!
event manager environment clear-nat ”
event manager session cli username “eem-user”
event manager applet app-clear-nat
event track 3 state down
action 1.0 cli command “enable”
action 1.1 cli command “clear ip nat translation *”
action 1.2 cli command “end”
event manager applet wan-1-reachable
event track 3 state up
action 1.0 cli command “enable”
action 1.1 cli command “clear ip nat translation *”
action 1.2 cli command “end”
event manager applet wan-2-unreachable
event track 4 state down
action 1.0 cli command “enable”
action 1.1 cli command “clear ip nat translation *”
action 1.2 cli command “end”
event manager applet wan-2-reachable
event track 4 state up
action 1.0 cli command “enable”
action 1.1 cli command “clear ip nat translation *”
action 1.2 cli command “end”
event manager applet wan-3-unreachable
event track 5 state down
action 1.0 cli command “enable”
action 1.1 cli command “clear ip nat translation *”
action 1.2 cli command “end”
event manager applet wan-3-reachable
event track 5 state up
action 1.0 cli command “enable”
action 1.1 cli command “clear ip nat translation *”
action 1.2 cli command “end”
!
end