RS
RA
NS
NA
RM
P
PE
C
CE
Data
Control
Management
Service
Host
Router
Monitor
Switch
crypto isakmp policy 10
encryption aes
authentication pre-share
group 2
exit
crypto isakmp key KEVINS_KEY adress
0.0.0.0 0.0.0.0
crypto ipsec transform-set KWTRAIN
esp-aes esp-sha-hmac
crypto ipsec profile KEVINS_PROFILE
set transform-set KWTRAIN
int tunnel 0
bandwidth 10000
no ip next-hop-self eigrp 1
no ip split-horizon eigrp 1
ip address 172.16.1.1 255.255.255.0
ip mtu 1400
ip tcp adjust-mss 1360
ip nhrp authentication cisco
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source g0/2
tunnel mode gre multipoint
tunnel protection ipsec profile
KEVINS_PROFILE
ip access-list extended 100
permit icmp any any
class-map PING
match access-group 100
exit
policy-map PING_POLICY
class PING
police 8000 conform-action transmit
exceed-action drop
exit
control-plane
service-policy input PING_POLICY
R1(config)# `ip sla 1`
R1(config-ip-sla)# `icmp-echo
203.0.113.5 source-ip 192.0.2.1`
R1(config-ip-sla-echo)# `frequency 5`
R1(config-ip-sla-echo)# `threshold
100`
R1(config)# `ip sla schedule 2 starttime now life forever`
R1(config)# `track 1 ip sla 1`
R1(config-track)#`delay 10 down 10
up`
R1(config-track)#`exit`
R1(config)# `ip route 198.51.100.0
255.255.255.0 203.0.113.5 track 1`
R1(config)# `ip route 198.51.100.0
255.255.255.0 203.0.113.1 2`
ip prefix-list TAG_10.1.1.0/24 seq 5
permit 10.1.1.0/24 ! route-map
REDIS_EIGRP_TO_OSPF permit 10
match ip address prefix-list
TAG_10.1.1.0/24 set tag 10 route-map
REDIS_EIGRP_TO_OSPF permit 20
router ospf 1 redistribute
eigrp 100 subnets route-map
REDIS_EIGRP_TO_OSPF
route-map REDIS_OSPF_INTO_EIGRP
deny 10 match tag 10 route-map
REDIS_OSPF_INTO_EIGRP permit 20 !
router eigrp 100 redistribute ospf 1
metric 100000 100 255 1 1500 routemap REDIS_OSPF_INTO_EIGRP
Create ACLs to identify the traffic.
Create class maps to define a traffic
class.
Create policy maps to define a service
policy.
Apply the service policy to the control
plane