This page is under construction.
ACME BASIC
Physical interface M0 (Media Port)
Network interface (IP) X.X.X.50 usable gateway X.X.X.49/29
realm-config: PRAN
sip-interface: X.X.X.52
session-agent: X.X.X.54 (Or any IP)
Session-group (Primary NYC and backup CHI IP).
local policy: PRAN/ X.X.X.54 to go next hop JHONE / X.X.X.8
Steering-pool X.X.X.53 (Media port 40000-49999) Steering pools define sets of ports that are used for steering media flows through the SBC
sip-manipulation - header-rule & element-rule to match-value (....$)() (out-manipulationid Egress-DNIS 10/4)
⬆️
ACME BOX
⬇️
Physical interface M3 (Media Port)
Network interface (IP) X.X.X.6 usable gateway X.X.X.5 /29
realm-config: JHONE
sip-interface: X.X.X.7
session-agent: X.X.X.8 (Or any IP)
Session-group (Primary NYC and backup CHI IP).
local policy: JHONE/ X.X.X.8 (Agent) to go next hop PRAN/ X.X.X.54 (Agent)
Steering-pool X.X.X.9 (Media port) Steering pools define sets of ports that are used for steering media flows through the SBC
------------
show run phy-interface M00
show run network-interface M10:91/M00
show run realm-config PRAN
show run sip-interface PRAN X.X.X.82
show sipd agents
show run session-agent X.X.X.77
show run local-policy PRAN
show run steering-pool
show run session-group (Name) – Strategy Hunt or RoundRobin
show run sip-manipulation
show run sip-manipulation (Name)
-------------
Ethernet MPLS
interface eth 0/1
description XXXXXXXX
ip address CircuitIP X.X.X.X
no shutdown
!
!
route-map MPLS-OUT permit 10
set community AS:XXX
!
router bgp 65000
bgp router-id CircuitIP
neighbor Gateway IP
remote-as AS (next hop)
no shutdown
exit
address-family ipv4
neighbor Gateway IP
next-hop-self
route-map MPLS-OUT out
send-community standard
soft-reconfiguration inbound
no shutdown
exit
exit
!
!
ip route 0.0.0.0 0.0.0.0 Gateway IP
ip route Server IP 255.255.255.255 Gateway IP
---------------------
T1 MPLS
interface t1 0/1
description XXXXXXXX
tdm-group 1 timeslots 1-24 speed 64
no shutdown
!
interface ppp 1
ip addressXXXXXXXX255.255.255.252
media-gateway ip primary
no shutdown
cross-connect 1 t1 0/1 1 ppp 1
!
BGP Same as above ------
!
ip route 0.0.0.0 0.0.0.0 ppp 1
--------------------
Frame-relay T1 MPLS
interface t1 0/1
description XXXXXXXX
tdm-group 1 timeslots 1-24 speed 64
no shutdown
!
interface fr 1 point-to-point
frame-relay lmi-type ansi
no shutdown
cross-connect 1 t1 0/1 1 frame-relay 1
!
interface fr 1.18 point-to-point
frame-relay interface-dlci 18
ip addressXXXXXXXX255.255.255.252
media-gateway ip primary
!
BGP Same as above -------
!
!
ip route 0.0.0.0 0.0.0.0 GatewayIP/or fr 1.18
-----------
BGP VPN Primary
interface eth 0/1
description- XXXXXXXXXXXXX
media-gateway ip primary
ip address PUBLIC IP 255.255.255.X
no shutdown
!
!
!
interface tunnel 1 gre ip
description Core GRE Tunnel
ip addressX.X.X.X (Private)255.255.255.254
no ip proxy-arp
ip mtu 1468
media-gateway ip primary
tunnel source X.X.X.X (circuit Public)
tunnel destination X.X.X.X (Core router Public)
tunnel key 5001
snmp trap link-status
no shutdown
!
!
as-path-list LOCAL-ONLY
permit ^$
!
route-map PRIMARY-OUT permit 10
set community AS:XXX --------------------------(Based on location)
route-map PRIMARY-IN permit 10
set local-preference 100
route-map BACKUP-OUT permit 10
set as-path prepend 65000 65000 65000
set community AS:XXX
route-map BACKUP-IN permit 10
set local-preference 50
!
!
!
router bgp 65000
neighbor X.X.X.X (Core router Tunnel IP)
remote-as AS (Neighbor)
no shutdown
exit
address-family ipv4
neighbor X.X.X.X (Core router Tunnel IP)
network X.X.X.X mask 255.255.255.X(Advertise IP for hand off)
as-path-list LOCAL-ONLY out
next-hop-self
route-map PRIMARY-IN in
route-map PRIMARY-OUT out
send-community standard
soft-reconfiguration inbound
no shutdown
exit
exit
!
!
!
ip route ServerIP 255.255.255.255 Gateway IP
ip route Core Router Public mangaement IP 255.255.255.255 Gateway IP
----------------------
BGP VPN Primary and Backup
as-path-list LOCAL-ONLY
permit ^$
!
route-map PRIMARY-OUT permit 10
set community AS:101
route-map PRIMARY-IN permit 10
set local-preference 100
route-map BACKUP-OUT permit 10
set as-path prepend 65000 65000 65000
set community AS:103
route-map BACKUP-IN permit 10
set local-preference 50
!
router bgp 65000
neighbor Primary CoreIP
remote-as XXX (AS)
no shutdown
exit
neighbor backup CoreIP
remote-as XXX (AS)
no shutdown
exit
address-family ipv4
neighbor XXXXXX Primary CoreIP
as-path-list LOCAL-ONLY out
next-hop-self
route-map PRIMARY-IN in
route-map PRIMARY-OUT out
send-community standard
soft-reconfiguration inbound
no shutdown
exit
neighbor XXXXXXX backup CoreIP
as-path-list LOCAL-ONLY out
next-hop-self
route-map BACKUP-IN in
route-map BACKUP-OUT out
send-community standard
soft-reconfiguration inbound
no shutdown
exit
exit
!
!
ip route CorePrimaryIP 255.255.255.255 <Gateway Router IP Public 1 Pri>
ip route CoreBackupIP 255.255.255.255 <Gateway Router IP Public 1 Back>
-----------Core Configuration---------------
interface Tunnel<Tunnel ID Pri>
description <Tunnel Descripton> GRE Tunnel
ip address <Tunnel Core IP Private 1 Pri> 255.255.255.254
no ip proxy-arp
ip mtu 1468
ip tcp adjust-mss 1400
tunnel source XXXXX Corerouter IP
tunnel destination <Source Router IP Public 1 Pri>
tunnel key 5001
!
!
router bgp AS
neighbor <Tunnel Router IP Private 1 Pri> peer-group NAME-----
neighbor <Tunnel Router IP Private 1 Pri> description <Tunnel Descripton> GRE Tunnel
!
address-family ipv4
neighbor <Tunnel Router IP Private 1 Pri> activate
-----------Layer2 Circuit-------------------
interface TenGigabitEthernet0/1/0.Ctag549(S tag 549)
description XXXXXXXX
encapsulation dot1Q 614 second-dot1q 549
ip address XXXXXXX 255.255.255.254
no ip proxy-arp
ip mtu 1500
exit
!
router bgp 16524
neighbor XXXXXXX peer-group Name (From Core)
neighbor XXXXXXX description xxxxxxxx
!
address-family ipv4
neighbor XXXXXXX activate
end
!
--------------------------------
NAT & Port forwarding
clock timezone -5-Eastern-Time
!
ip subnet-zero
ip classless
ip routing
ipv6 unicast-routing
!
!
name-server xxxxxx xxxxxx xxxxxx xxxxxx
!
ip firewall
!
ip dhcp excluded-address x92.x68.1.1 x92.x68.1.5
!
ip dhcp pool "DATA-VOICE"
network 192.168.1.0 255.255.255.0
dns-server X16.X94.X8.33 X16.X94.X8.69
netbios-node-type h-node
default-router 192.168.1.1
lease 30
option 160 ascii http://GroupID (username):Pass@xsp.XXXX.com:80/dms/polycom-mtl
option 43 ascii X16.X94.28.57
!
interface gigabit-eth 0/1
description Wan
ip address X6.X9.x27.218 255.255.255.252
ip access-policy NAT-OUT
no shutdown
!
!
interface gigabit-eth 0/2
description Lan
encapsulation 802.1q
no shutdown
!
interface gigabit-eth 0/2.100
vlan-id 100 native
ip address x92.x68.1.1 255.255.255.0
ip address x72.x6.x42.168 255.255.255.254 secondary
ip access-policy NAT-IN
no shutdown
!
!
ip access-list extended ALL
permit ip anyany
!
!
no ip policy-class NAT-IN rpf-check
ip policy-class NAT-IN
allow list ALL self
nat source list ALL interface gigabit-ethernet 0/1 overload policy NAT-OUT
!
no ip policy-class NAT-OUT rpf-check
ip policy-class NAT-OUT
allow list ALL self
allow list ALL stateless
!
no ip policy-class NO-NAT rpf-check
ip policy-class NO-NAT
allow list ALL self
allow list ALL stateless
!
!
ip route 0.0.0.0 0.0.0.0 X6.X9.x27.217
---------------------------------
ip dhcp excluded-address X.X.X.X (Wan IP)
ip dhcp excluded-address X.X.X.X (Gateway IP)
!
ip dhcp pool "Meraki Firewall"
network X.X.X.X255.255.255.248
dns-server 75.75.75.75 75.75.76.76
netbios-node-type h-node
default-router X.X.X.X (Gateway IP)
!
interface gigabit-eth 0/1
description Wan
bridge-group 1
no ip address
no shutdown
!
interface gigabit-eth 0/2
description Customer's Lan
bridge-group 1
no ip address
no shutdown
!
interface bvi 1
description description Wan
mac-address 00:00:00:FE:34:2F (Auto populated)
ip addressX.X.X.X (Wan IP)255.255.255.248
ip mtu 1500
no shutdown
!
ip route 0.0.0.0 0.0.0.0 X.X.X.X (Gateway IP)
------------------------------
ip dhcp excluded-address X.X.21.160 X.X.21.163
ip dhcp excluded-address X.X.21.164
ip dhcp excluded-address X.X.22.0 X.X.22.20
ip dhcp excluded-address X.X.22.1 X.X.22.40
ip dhcp excluded-address X.X.22.200 X.X.22.210
ip dhcp excluded-address X.X.22.241 X.X.22.255
ip dhcp excluded-address X.X.22.76
ip dhcp excluded-address X.X.21.166
!
ip dhcp pool "Voice"
network XXXXXX 255.255.255.224
dns-server XXXXXX XXXXXX
netbios-node-type h-node
default-router XXXXXX
lease 5
option 162 ascii http://username(groupId00):Password@xsp.XXXXX.com:80/dms/Polycom-X50
option 160 ascii http://username(groupId00):Password@xsp.XXXXX.com:80/dms/polycom-mtl
!
ip dhcp pool "WIFI"
network X.X.22.0 255.255.255.0
dns-server XXXXXX XXXXXX
netbios-node-type h-node
default-router X.X.22.1
lease 3
!
ip dhcp pool "DATA"
network X.X.22.0 255.255.255.0
dns-server X.X.22.15 X.X.251.15
netbios-node-type h-node
default-router X.X.22.1
lease 5
!
!
!
interface loop 1
ip address X16.X94.41.75255.255.255.255
no shutdown
!
interface gigabit-eth 0/2
no shutdown
!
interface gigabit-eth 0/2.100
description WAN
ce-vlan-id untagged
ip address X.X.200.58255.255.255.252
no shutdown
!
interface gigabit-eth 0/3
no shutdown
!
!
interface gigabit-eth 0/3.100
description Voice VLAN
ce-vlan-id 100
ip address X.X.21.161255.255.255.224
no shutdown
!
interface gigabit-eth 0/3.101
ce-vlan-id 101
ip address X.X.22.1255.255.255.0
ip access-policy NAT-IN
no shutdown
!
interface gigabit-eth 0/3.102
ce-vlan-id 102
ip addressX.X.22.1255.255.255.0
ip access-policy NAT-IN
no shutdown
!
interface tunnel 1 gre ip
description name PRIMARY
ip addressXXXXXXXX
no ip proxy-arp
ip mtu 1472
ip access-policy NAT-OUT
!
ip access-list extended port-forward-1
permit tcp anyhost X16.X94.41.75 eq XX777
permit tcp anyhost X16.X94.41.75 eq XX778
permit tcp anyhost X16.X94.41.75 eq XX80
permit udp anyhost X16.X94.41.75 eq XX777
permit udp anyhost X16.X94.41.75 eq XX778
permit udp anyhost X16.X94.41.75 eq XX80
permit tcp anyhost X16.X94.41.75 eq XX81
permit tcp anyhost X16.X94.41.75 eq XX100
permit tcp anyhost X.X.22.22 eq XX100
permit tcp anyhost X.X.22.22 eq XX81
!
!
no ip policy-class NAT-IN rpf-check
ip policy-class NAT-IN
allow list ALL self
nat source list ALL interface loop 1 overload policy NAT-OUT
!
no ip policy-class NAT-OUT rpf-check
ip policy-class NAT-OUT
nat destination list port-forward-1 address X.X.22.22
allow list ALL self
allow list ALL stateless
!
no ip policy-class NO-NAT rpf-check
ip policy-class NO-NAT
allow list ALL self
allow list ALL stateless
!
!
!
ip route X16.X94.28.77 255.255.255.255 X.X.200.57
ip route X16.X94.41.68 255.255.255.255 X.X.200.57
-----------------------
interface loop 1
ip address X16.X94.35.42255.255.255.255
no shutdown
!
interface gigabit-eth 0/1
description Wan
ip address XXXXXXXXXXX
ip access-policy PUBLIC
no shutdown
!
!
interface gigabit-eth 0/2
description LAN
encapsulation 802.1q
no shutdown
!
interface gigabit-eth 0/2.100
vlan-id 100
ip address X.X.42.129255.255.255.240
no shutdown
interface gigabit-eth 0/2.101
vlan-id 101
ip address 192.168.0.1255.255.255.0
ip access-policy NAT-IN
no shutdown
!
!
interface tunnel 1 gre ip
ip access-policy NAT-OUT
!
!
ip access-list extended ALL
permit ip anyany
!
!
ip access-list extended PFWD
permit tcp anyany eq 9100
!
ip access-list extended PFWD2
permit tcp anyany eq 9101
!
!
no ip policy-class NAT-IN rpf-check
ip policy-class NAT-IN
allow list ALL self
nat source list ALL interface loop 1 overload policy NAT-OUT
!
no ip policy-class NAT-OUT rpf-check
ip policy-class NAT-OUT
allow list ALL self
allow list ALL stateless
!
no ip policy-class NO-NAT rpf-check
ip policy-class NO-NAT
allow list ALL self
allow list ALL stateless
!
no ip policy-class PUBLIC rpf-check
ip policy-class PUBLIC
nat destination list PFWD address X92.X68.0.X3
nat destination list PFWD2 address X92.X68.0.12
--------------------------
interface loop 1
ip address X16.X94.56.62255.255.255.255
no shutdown
!
!
interface vlan 4002
description Customers Voice Network
ip address X0.X0.10.1255.255.255.0
ip access-policy NAT-IN
no shutdown
!
interface vlan 4003
description Customers Data Network
ip address X0.X0.11.1255.255.255.0
ip access-policy NAT-IN
no shutdown
!
interface vlan 4004
description Network Tyco
ip address X0.X0.12.1255.255.255.0
ip access-policy NAT-IN
no shutdown
!
!
interface ppp 1
ip address x0.x39.226.234255.255.255.252
ip access-policy NAT-OUT
!
ip access-list extended ALL
permit ip anyany
!
!
ip access-list extended port-forward-1
permit tcp host X05.X45.185.201 host X16.X94.56.62 eq 22609
permit udp host X05.X45.185.201 host X16.X94.56.62 eq 22609
permit tcp host X05.X45.186.201 host X16.X94.56.62 eq 22609
permit udp host X05.X45.186.201 host X16.X94.56.62 eq 22609
!
!
no ip policy-class NAT-IN rpf-check
ip policy-class NAT-IN
allow list ALL self
allow list ALL stateless
nat source list ALL interface loop 1 overload policy NAT-OUT
!
no ip policy-class NAT-OUT rpf-check
ip policy-class NAT-OUT
allow list ALL self
allow list ALL stateless
nat destination list port-forward-1 address X0.X0.12.10
!
no ip policy-class NO-NAT rpf-check
ip policy-class NO-NAT
allow list ALL self
allow list ALL stateless
-------------------
NetFlow
ip flow export destination x16.x17.x2.196 2055 source gigabit-ethernet 0/1
ip flow cache timeout active 1
ip flow export destination x16.x94.28.29 2055 source ppp 1
ip flow cache timeout active 1
monitor session 1 destination interface switchport 0/6
------------------
QOS Configuration:
Router # sho qos map inter ppp 1/Port
!
interface ppp 1/Port
ip address XXXXX218 255.255.255.252
qos-policy out llq
!
ip access-list extended VOIP
permit ip any X2.X1.192.0 0.0.3.255
!
qos map llq 10
match ip list VOIP
match ip rtp 8192 65534 all
match dscp ef
priority percent 75
set dscp ef
!
qos map llq 10
match ip list VOIP
match dscp ef
priority percent 70
set dscp ef
!
qos map llq-10M 10
match any
shape average 9900000
qos-policy llq
-----------
Core: Download speed
policy-map llq-200M
class class-default
shape average 199950000
service-policy llq
!
interface TunnelXXXXX
service-policy output llq-50M
end
--------------
PPPOE Circuit:
Username: XXXXXXXXXX (Provided from Carrier)
Password: XXXXXX
!
interface eth 0/2
description Customer name_Circuit ID
mac-address C0:EA:E4:8F:87:B0 (Auto populate)
ip address dhcp 255
no shutdown
!
interface ppp 2
description DSL Circuit PPPoE
ip address negotiated no-default (no-default because for GRE)
ip mtu 1492
no fair-queue
ppp chap hostname XXXXXXXXXX
ppp chap password XXXXXXX
no shutdown
cross-connect 2 eth 0/2 ppp 2
ip route XX6.XX4.41.67 255.255.255.255 ppp 2 (For GRE)
-------------
MAC Binding Canadian Circuit:
Router# show int vlan X001
Hardware address is 00:24:45:AC:BC:F9
!
interface vlan X001
ip address dhcp hostname "XXXXXX" no-default-route (no-default-route for GRE)
no shutdown
Carrier Modem Page:
# Mac Address Host Name Domain IP Address
1 XXXXX XXXX (Restricted)
2 00:24:45:ac:bc:f9 s XXXXXX XXX.telus.net s XXXXXX (static)
-------------
BVI / Ethernet bridge:
ip dhcp excluded-address X.X.X.73
ip dhcp excluded-address X.X.X.78
!
ip dhcp pool "Customer's Firewall"
network X.X.X.72 255.255.255.248
dns-server 8.8.8.8 8.8.4.4
netbios-node-type h-node
default-router X.X.X.78
!
interface gigabit-eth 0/1
description connection to WAN
bridge-group 1
no ip address
no shutdown
!
interface gigabit-eth 0/2
description Customer hand-Off
bridge-group 1
no ip address
no shutdown
!
interface bvi 1
mac-address 00:00:00:BF:41:29 (Auto Populated)
ip address X.X.X.73 255.255.255.248
ip mtu 1500
no shutdown
!
ip route 0.0.0.0 0.0.0.0 X.X.X.78
On this page:
Introduction
Examples
Resources
Copyrights
Location & Social Media
