Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Supertubes5

advertisement 
Project Supertubes
Network Implementation Plan
Change History & Revisions
Version
Date
Status
1.0
07/06/04
Initial Draft
HIGHLY CONFIDENTIAL
CHANGE HISTORY & REVISIONS
Section
Author
Summary of Changes
Changes
TB
n/a
“Project Supertubes”
n/a
Page 1 of 28
Table of Contents
CHANGE HISTORY & REVISIONS .................................................................................................................................. 1
TABLE OF CONTENTS ............................................................................................................................................. 2
1.
PROJECT DESCRIPTION ................................................................................................................................. 3
2.
CONTACT LIST .................................................................................................................................................. 3
3.
ASSUMPTIONS / DEPENDENCIES ................................................................................................................. 3
4.
INTERNETWORK DESIGN .............................................................................................................................. 4
4.1.
4.2
4.3
DESIGN CONCEPT .............................................................................................................................................. 4
CAPACITY ......................................................................................................................................................... 5
INTERNETWORK DIAGRAMS .............................................................................................................................. 6
5.
MANAGEMENT .................................................................................................................................................. 7
6.
SECURITY............................................................................................................................................................ 7
7.
HARDWARE LIST .............................................................................................................................................. 9
8.
INSTALLATION .................................................................................................................................................. 9
9.
TEST AND INSTALL. ......................................................................................................................................... 9
10.
MIGRATION PROCESS. ........................................................................................................................... 10
11.
FALLBACK.................................................................................................................................................. 11
APPENDIX A – ROUTER/SWITCH/COMPONENT CONFIGURATIONS ...................................................... 11
APPENDIX B – INTERFACE AND ROUTING TABLE ....................................................................................... 26
APPENDIX C – CATALYST SWITCH PORT ALLOCATION ........................................................................... 28
HIGHLY CONFIDENTIAL
“Project Supertubes”
Page 2 of 28
1. Project Description
The goal of this project is deploy BT’s Edgeless L2TP product at Centrica’s
datacentre at Harbour Exchange and to migrate all existing users deployed on BT
Central 155 pipes onto the new service.
This document describes the network configuration that will deliver the product
and the migration process to populate the new service.
2. Contact List
Function
Sign Off
Review
Review
Review
Name
Phil Whelan
Tony Beltram
Nancy Lee
Darren Turnbull
Email
phil@blatero.com
tonybeltram@onetel.net.uk
nancy@onetel.net
Darren.Turnbull@onetel.co.u
k
Phone
07766710158
07901 855202
3. Assumptions / Dependencies









BT Central L2TP ‘Edgeless’ 622 will be installed at the Harbour Exchange datacentre.
The BT Central product will conform to the standards in BT SIN document 412.
2 x 8-port Gigabit modules (WS-X6408A-GBIC) in storage will be deployed to create
Gigabit port-density in the core.
3 x Cisco 7206-NPE-G1 routers will be sufficient to terminate the maximum number
of DSL users permitted on the 622MB pipe (25,600)
If the Cisco routers do not perform as advised, further routers will be sourced and
deployed as LNS’s.
A new RADIUS platform will be deployed to provide customer AAA service on the
new pipe.
The current RADIUS platform will continue to be used for existing DLS pipes in the
short term.
Customers currently receive static IP addresses for their WAN interface. Customers on
the new pipe will receive a WAN interface address from a dynamic pool unless they
specifically request a static IP.
Some customers (‘No-NAT’ users) have static subnet attributes in RADIUS in
addition to WAN IP addresses. These subnets will be renumbered from a section of the
new range reserved for the purpose.
HIGHLY CONFIDENTIAL
“Project Supertubes”
Page 3 of 28
4. Internetwork Design
4.1. Design Concept
L2TP
 BT will deliver calls to the Onetel LTS farm according to user domain.
 LTS’s will query Onetel RADIUS to determine the tunnel endpoint.
 We will deploy 3 LNS’s
 Each LNS will have two vpdn groups configured with a different virtual template. This
will provide two tunnel endpoints per LNS.
 Additional LNS’s can be deployed if load is too high.
RADIUS
 Customer AAA operations will be via RADIUS
 RADIUS will be configured with primary and backup tunnel endpoints such that 4
endpoints will always be available should a single LNS fail.
 The username and password for tunnel authentication will be returned to the LTS by
RADIUS.
 Customers will receive an IP address for their WAN interface from a dynamic pool.
The pools will be configured on the LNS from a new RIPE allocation.
 No-NAT customers will have their static subnets returned as attributes by RADIUS.
Connectivity
 Two delivery routers, SGRS-SP1 and SGRS-SP2 will connect the ISP network to two
BT catalyst 3550 switches, SGRS-BT-NTE1 and SGRS-BT-NTE2.
 LNS’s will have 2 interfaces connected to separate VLANs (50 and 51) routed by the
core switches.
 SGRS-SP1 and SGRS-SP2 will have links to the Onetel core switches, SGRS-CORE1
and SGRS-CORE2. These links will be in VLAN 50.
 SGRS-SP1 and SGRS-SP2 will be directly connected by a crossover cable.
Routing
 eBGP will be used to route traffic between BT and Onetel networks.
 SGRS-SP1 and SGRS-SP2 will run iBGP across the dedicated link.
 Private AS numbers will be used as follows:
BT
65500
Onetel
64555
 Route exchange between AS 65500 and 64555 will be filtered using filter lists.
 EIGRP process 10 will provide internal routing for SGRS-SP1, SGRS-SP2 and LNS’s.
 Routes known in BGP AS 64555 will be redistributed into EIGRP 10 by the SP
routers. A distribute list will filter the routes accepted into EIGRP 10.
 Users’ WAN interfaces will appear as ‘directly connected’ host routes on the LNS’s
while they have an active connection. When they disconnect the host route will
disappear.
 The LNS will redistribute the host routes by default into EIGRP. LNS’s will be
configured to summarise the user pools on Ethernet interfaces to ensure the host routes
do not cause instability in the EIGRP routing domain.
 IP route attributes returned by RADIUS for ‘No-NAT’ customers will appear to the
LNS as static routes. The customer could connect to any LNS.
HIGHLY CONFIDENTIAL
“Project Supertubes”
Page 4 of 28

Private AS 64556 will be created on the LNSs with a full iBGP mesh so that they can
share information about No-NAT static routes. LNSs will be configured to redistribute
static routes into BGP 64556. Summary routes on the LNS Ethernet interfaces will
include the No-NAT ranges.
 Default routes to border routers in AS12708 are redistributed into EIGRP. SP routers
and LNS’s will learn their default gateways in this way.
Resilience
 Hardware will be deployed in two cabinets with separate power supply.
 Redundant chassis are deployed in the core. At present there are no redundant routing
modules.
 HSRP will be configured for fast failover on the local LAN.
 RADIUS servers have dual NICs with redundant links to the core. A secondary
RADIUS server is deployed as a backup.
 LNS’s will have two Gigabit Ethernet interfaces patched into separate core switches
for resilience. Port allocation on the core switch will be split across Gigabit modules.
This will provide resilient uplinks for LNS’s if a chassis or module should fail in the
core.
 BT SIN 412 recommends deploying ‘at least 4 tunnel end-points so as not to cause
congestion on equipment at the IPStream PoP site’. We will meet this requirement by
deploying 3 LNS’s each with 2 tunnels. This is will ensure that should an LNS fail we
can still supply four tunnel endpoints. RADIUS will be configured to round-robin
through 4 LNS addresses with each endpoint having a backup on a second router.
 Two sets of eBGP peers will provide resilient routing between Onetel and BT
networks.
 Two SP routers with uplinks to different core switches provide a resilient path to the
core. A dedicated iBGP link between SP routers supplies a redundant path in case of
failure of an SP, NTE or its interface/link.
 Further 622 L2TP installations will be deployed at the ISP’s second datacentre to
provide cross site resilience. New pipes will be commissioned as the customer base
expands.
4.2
Capacity
 BT employs a strict policy to limit bandwidth to 622MB. Therefore deploying Gigabit
Ethernet throughout will provide sufficient throughput.
 The maximum number of concurrent users sessions accepted by BT is 25,600. The
number of users provisioned on the service will depend on the customer usage profile
and the products offered.
 Each LNS can support a maximum 16,000 simultaneous user sessions. Three LNS’s
will give us sufficient capacity for 25,600 users with resilience for loss of a single
LNS.
 Should three LNS’s prove insufficient then further routers can be added as required.
 Expansion of the service in the long term will be achieved by deploying further L2TP
622 services on identical sets of equipment. Pipes will be divided evenly between two
datacentres.
HIGHLY CONFIDENTIAL
“Project Supertubes”
Page 5 of 28
4.3
Internetwork Diagrams
WWW
SGRS-BDR1
SGRS-BDR2
212.67.120.80/30
.82
212.67.120.84/30
.86
RADIUS
.121
VLAN 42 10.240.232.0
.85
.2
.83
.3
HSRP .1
SGRS-CORE1
SGRS-CORE2
.92
.76
.93
HSRP.94
.77
VLAN51 212.67.121.80/28
SGRS
LNS1
.81
SGRS
LNS2
.65
SGRS
LNS3
.82
.66
.83
.67
VLAN 50 212.67.121.64/28
.74
HSRP.78
.75
SGRS-SP1
SGRS-SP2
212.67.121.60/30
212.67.121.16/29
.18
.62
212.67.121.24/29
.61
.17
.25
.26
BT NTE 3550-2
BT NTE 3550-1
BT
212.67.121.32/28
.32
.34
.33
.36
.35
.38
.37
.40
.39
.42
.41
.43
BT LTS Loopback 0
Interfaces
Network Infrastructure
HIGHLY CONFIDENTIAL
“Project Supertubes”
Page 6 of 28
MFN
AS 6461
BandX
AS12885
eBGP
eBGP
iBGP
SGRS-BDR1
SGRS-BDR2
Onetel
AS 12708
EIGRP 10
SGRS-CORE1
SGRS-CORE2
REDISTRIBUTE STATIC
Onetel
AS 64556
SGRS
LNS1
SGRS
LNS2
iBGP
SGRS
LNS3
iBGP
iBGP
Onetel
AS 64555
iBGP
SGRS-SP1
SGRS-SP2
eBGP
eBGP
BT
AS 65500
BT NTE 3550-2
BT NTE 3550-1
Routing Processes
5. Management
Three methods of remote management will be used:
 SSH via dedicated ISP management circuit.
 SSH via VPN connection to c3005 concentrator.
 OOB access via a terminal server
6. Security
AAA process will be as follows:
HIGHLY CONFIDENTIAL
“Project Supertubes”
Page 7 of 28








Customers’ PPP sessions will use CHAP/PAP.
The BT LAC will determine from the user domain name that the session should be
directed at the Onetel LTS cluster.
The LTS will do an initial RADIUS query for the address of the L2TP tunnel
endpoint (LNS).
The LTS will obtain tunnel authentication data from RADIUS. The LNS will have
per-vpdn group hostname and passwords configured for tunnel authentication.
Once the tunnel is up the LNS will obtain AAA services for user connections via
RADIUS.
A secondary RADIUS server will be specified for failover.
AAA services for vty connections will be via tacacs and command line activity will
be logged.
The local db will be used for aux and console connections.
Industry standard policies will be used to lock down routers, i.e.:
 The following services will be disabled:
Finger
PAD
MOP
Small Servers
BOOTP
CDP
IP Source Route
Gratuitous ARP
IP Redirect
IP Directed Broadcast
IP Unreachables
HTTP server
 Vty access will be via SSH and vty line will have access class set.
 Password encryption service will be enabled.
 Enable secret will be set.
 Standard Onetel ISP login banner will be configured.
 Syslog will be time stamped and stored on a syslog server.
 SNMP will have access-class applied in addition to filtering in ACLs. RO string
will be non-default. RW string will be disabled.
 Unicast RPF and anti-spoofing ACLs will be enabled on SP routers.
ACLs will be deployed:
inbound on SGRS-SP1 and SGRS-SP2 links to NTE’s
outbound on LNS links to the core.
On vty lines
MD5 password protection will be used on BGP and HSRP sessions.
Filter or distribute lists will be used to control which routes are accepted by neighbour
routers.
HIGHLY CONFIDENTIAL
“Project Supertubes”
Page 8 of 28
7. Hardware List
Quantity
5
Manufacturer
Cisco
Model
7206
5
Cisco
-
5
Cisco
-
12
Cisco
1000-SX GBIC
Part Number
7206VXR &
NPE-G1
MEM-NPE-G1512MB
MEM-NPE-G1FLD64
WS-G5484
Comment
2 x SP, 3 x LNS
2 x 512 MB memory
option for 7204
64MB flash option for
7204
Gigabit interface
converters.
8. Installation
 Location
The hardware will be installed in Centrica’s datacentre at:
6/7, Harbour Exchange, London, E14 9GE.
The installation will occupy 50% of racks H6 and H7.
This space will be allocated as follows:
Router
SGRS-CORE1
SGRS-CORE2
SGRS-SP1
SGRS-SP2
LNS1
LNS2
LNS3
SGRS-NTE-1
SGRS-NTE-2
SHDS1
SHDS2
Rack Number
H11
H9
H6
H7
H6
H7
H6
H7
H7
H7
H7
Rack Size
Already Installed
Already Installed
4U
4U
4U
4U
4U
1U
1U
1U
1U
 Patching
Connectivity will be by Gigabit Ethernet 1000-BaseSX, SC termination.
Patching at the datacentre employs a central fibre patch cabinet from which other cabinets
can be interconnected.
There is sufficient patching available in cabs H11, H9 and H6. A further 12 1000-BaseSX
ports will be provided in cab H5.
9. Test and Install.
1. Proof of concept testing.
Network design and build under lab conditions. Testing will verify:
 BGP routing between Onetel and BT AS’s.
HIGHLY CONFIDENTIAL
“Project Supertubes”
Page 9 of 28







Injection of routes from BGP into EIGRP
Connectivity to RADIUS.
Tunnel establishment between LNS and LTS.
Customer AAA operations.
Sharing of directly connected and static routes between LNS’s.
Routing to customer WAN addresses and static subnets.
Successful failover following the loss of a single element (LTS, LNS, NTE, SP,
CORE, RADIUS server)
2. Network Install
The Network as described above will be built into the datacentre at Harbour Exchange.
 The new infrastructure will be built onto 2 test switches initially.
 Routing and connectivity will be verified.
 The new networks will then be connected to the live core during maintenance
window.
 Routing and connectivity will be verified.
3. Service Trial
 Test accounst will be created with the user domain @centel.com.
 BT will configure their platform RADIUS to accept centel.com users and direct
them the Onetel LTS farm.
 The following tests will be conducted:
Connectivity to BT LTS routers.
Tunnel establishment.
User authentication.
RADIUS accounting.
User connectivity test.
End to end test of all services offered to customer.
Failover from loss of a single device: LNS, SP, NTE, LTS, RADIUS server.
Security posture assement.
Verify Whoosh test tool.
Verify amendments to user accounts are updated to correct RADIUS platform.
4. Service Live
Once the service has been tested and approved we will begin commissioning new
customers on the 622 pipe.
 New customers will be provisioned with username in the centel.com domain.
 BT platform RADIUS will direct centel.com customers to the Onetel LTS farm.
LTS’s will query the new RADIUS platform for AAA.
 Existing users will continue to be authenticated by the current RADIUS.
 LDAP will be configured to update the correct RADIUS platform when user
records are created or amended.
10.
Migration Process.
The object of the migration is to redeploy existing customers using BT Central 155MB
services onto the new 622 pipe.
HIGHLY CONFIDENTIAL
“Project Supertubes”
Page 10 of 28
Procedure
A single 155 pipe will be migrated at a time and the process to move one pipe is as
follows:






Test accounts will be created on the pipe to be migrated.
BT will update their platform RADIUS to direct the user domains on the chosen
pipe to the Onetel LTS farm. This work takes 15mins to action and requires 5 days
notice.
LNS’s will be monitored to ensure that users from the migrated pipe are connecting
successfully.
Test accounts will be used to verify the service.
Users connected at the time when the BT platform RADIUS is updated will remain
on the 155 pipe. When they disconnect and make a new connection they will be
reconnected to the new service.
We can request that BT force disconnections if rates of churn are too low.
Impact
The migration steps will take approx 1 hour to put in place.
Back out will be to reverse the changes and will also take 1 hour to complete.
Service disruption will occur while the migration is carried out.
Dynamic Pool Sizing
The 622 L2TP product has a strictly policed limit of 25,600 simultaneous connections.
12,800 IPs per LNS will guarantee sufficient addresses should an LNS fail.
11.
Fallback
1. Network Install
Shutdown uplinks to core.
2. Service Live
Cease provisioning customers with centel.com address.
Redirect centel.com users to an existing 155MB IPStream service.
3. Migration
BT to re-route customer domain to IPStream service.
Appendix A – Router/Switch/Component Configurations
SGRS-LNS1#sh
run
Building configuration...
Current configuration : 5300 bytes
!
! Last configuration change at 11:03:50 GMT Tue Sep 14 2004 by cake
! NVRAM config last updated at 11:05:30 GMT Tue Sep 14 2004 by cake
!
version 12.3
HIGHLY CONFIDENTIAL
“Project Supertubes”
Page 11 of 28
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname SGRS-LNS1
!
boot-start-marker
boot-end-marker
!
logging buffered 16284 debugging
enable secret 5 $1$sSaP$phP429LUuYCMx4Xo0jHah/
!
username isp3ng password 7 0870195E5917000317074D
clock timezone GMT 0
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authentication login console local
aaa authentication enable default enable
aaa authentication ppp VPDN group radius
aaa authorization exec default group tacacs+ local
aaa authorization exec console none
aaa authorization commands 1 default group tacacs+ if-authenticated none
aaa authorization commands 1 console none
aaa authorization commands 15 default group tacacs+ local
aaa authorization commands 15 console none
aaa authorization network default group tacacs+ if-authenticated
aaa authorization network VPDN group radius
aaa accounting exec default start-stop group tacacs+
aaa accounting exec console none
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 1 console none
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting commands 15 console none
aaa accounting network default start-stop group tacacs+
aaa accounting network VPDN start-stop group radius
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
aaa session-id common
ip subnet-zero
!
!
ip cef
no ip domain lookup
ip host lns3 212.67.121.46
ip host lns2 212.67.121.45
ip host core 212.67.121.92
!
!
ip address-pool local
vpdn enable
!
vpdn-group 1
accept-dialin
protocol any
virtual-template 1
terminate-from hostname tunnel44
source-ip 212.67.121.44
l2tp tunnel password 7 09585B0717001B465F
!
vpdn-group 2
accept-dialin
protocol any
virtual-template 2
terminate-from hostname tunnel47
source-ip 212.67.121.47
l2tp tunnel password 7 15061E020A2F27707F
!
!
!
!
!
!
!
!
!
!
!
!
HIGHLY CONFIDENTIAL
“Project Supertubes”
Page 12 of 28
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 212.67.121.44 255.255.255.255
!
interface Loopback1
ip address 212.67.121.47 255.255.255.255
!
interface GigabitEthernet0/1
description SGRS-CORE-01 VLAN 50 g 4/3
ip address 212.67.121.65 255.255.255.240
duplex full
speed 1000
media-type gbic
negotiation auto
!
interface GigabitEthernet0/2
description SGRS-CORE-02 VLAN 51 g 4/3
ip address 212.67.121.81 255.255.255.240
duplex full
speed 1000
media-type gbic
negotiation auto
!
interface GigabitEthernet0/3
no ip address
shutdown
duplex auto
speed auto
media-type rj45
no negotiation auto
!
interface Virtual-Template1
ip unnumbered Loopback0
no logging event link-status
peer default ip address pool default
ppp authentication chap VPDN
ppp ipcp mask 255.255.255.255
!
interface Virtual-Template2
ip unnumbered Loopback1
no logging event link-status
peer default ip address pool default
ppp authentication chap VPDN
!
router eigrp 10
network 212.67.121.0
no auto-summary
!
router bgp 64556
no synchronization
bgp log-neighbor-changes
redistribute connected
redistribute static
neighbor LNS-iBGP peer-group
neighbor LNS-iBGP remote-as 64556
neighbor LNS-iBGP update-source Loopback0
neighbor LNS-iBGP version 4
neighbor LNS-iBGP next-hop-self
neighbor 212.67.121.45 peer-group LNS-iBGP
neighbor 212.67.121.46 peer-group LNS-iBGP
no auto-summary
!
ip local pool default 212.67.122.0 212.67.122.7
ip classless
no ip http server
no ip http secure-server
!
!
!
ip radius source-interface Loopback0
snmp-server community b0ll0cks RO 60
snmp-server location SGRS, London, UK
HIGHLY CONFIDENTIAL
“Project Supertubes”
Page 13 of 28
snmp-server contact isp@onetel.net.uk
snmp-server enable traps tty
!
tacacs-server host 10.240.240.100
tacacs-server host 10.240.232.120
tacacs-server directed-request
tacacs-server key 7 0822445C000A17021E0E1F
!
radius-server host 212.67.118.251 auth-port 1645 acct-port 1646
radius-server key 7 097F5B394D3147420916
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
banner motd ^CC
___________________________________________________________________
|
ONE.TEL ISP - NETWORK
|
|
Mailto: isp@onetel.net.uk
|
|___________________________________________________________________|
|
This service is for authorised One.Tel staff only
|
|
WARNING:
It is a criminal offence to:
|
|
I. Obtain access to data without authority
|
|
II. Damage, delete, alter or insert data without authority
|
|___________________________________________________________________|
^C
!
line con 0
authorization commands 1 console
authorization commands 15 console
authorization exec console
accounting commands 1 console
accounting commands 15 console
accounting exec console
login authentication console
transport preferred all
transport output all
stopbits 1
line aux 0
transport preferred all
transport output all
stopbits 1
line vty 0 4
exec-timeout 100 0
password 7 0822455D0A16
transport preferred all
transport input all
transport output all
!
ntp clock-period 17180008
ntp server 212.67.96.135
!
end
SGRS-LNS1#
SGRS-LNS2#sh
run
Building configuration...
Current configuration : 5236 bytes
!
! Last configuration change at 11:05:53 GMT Tue Sep 14 2004 by cake
! NVRAM config last updated at 11:06:00 GMT Tue Sep 14 2004 by cake
!
version 12.3
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname SGRS-LNS2
!
boot-start-marker
boot-end-marker
HIGHLY CONFIDENTIAL
“Project Supertubes”
Page 14 of 28
!
enable secret 5 $1$YctC$sZ9vacnbl8d3pdJ92aASu.
!
username isp3ng password 7 03550E1B560124584B0558
clock timezone GMT 0
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authentication login console local
aaa authentication enable default enable
aaa authentication ppp VPDN group radius
aaa authorization exec default group tacacs+ local
aaa authorization exec console none
aaa authorization commands 1 default group tacacs+ if-authenticated none
aaa authorization commands 1 console none
aaa authorization commands 15 default group tacacs+ local
aaa authorization commands 15 console none
aaa authorization network default group tacacs+ if-authenticated
aaa authorization network VPDN group radius
aaa accounting exec default start-stop group tacacs+
aaa accounting exec console none
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 1 console none
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting commands 15 console none
aaa accounting network default start-stop group tacacs+
aaa accounting network VPDN start-stop group radius
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
aaa session-id common
ip subnet-zero
!
!
ip cef
no ip domain lookup
ip host lns3 212.67.121.46
ip host lns1 212.67.121.44
ip host core 212.67.121.92
!
!
vpdn enable
!
vpdn-group 1
accept-dialin
protocol any
virtual-template 1
terminate-from hostname tunnel45
source-ip 212.67.121.45
l2tp tunnel password 7 15061E020A2F27707D
!
vpdn-group 2
accept-dialin
protocol any
virtual-template 2
terminate-from hostname tunnel48
source-ip 212.67.121.48
l2tp tunnel password 7 08355940071C09434A
!
!
!
interface Loopback0
ip address 212.67.121.45 255.255.255.255
!
interface Loopback1
ip address 212.67.121.48 255.255.255.255
!
interface GigabitEthernet0/1
description SGRS-CORE-01 VLAN 50 g 4/2
ip address 212.67.121.66 255.255.255.240
duplex full
speed 1000
media-type gbic
negotiation auto
!
interface GigabitEthernet0/2
description SGRS-CORE-02 VLAN 51 g 4/2
ip address 212.67.121.82 255.255.255.240
duplex full
speed 1000
HIGHLY CONFIDENTIAL
“Project Supertubes”
Page 15 of 28
media-type gbic
negotiation auto
!
interface GigabitEthernet0/3
no ip address
shutdown
duplex auto
speed auto
media-type rj45
no negotiation auto
!
interface Virtual-Template1
ip unnumbered Loopback0
no logging event link-status
peer default ip address pool default
ppp authentication chap VPDN
!
interface Virtual-Template2
ip unnumbered Loopback1
no logging event link-status
peer default ip address pool default
ppp authentication chap VPDN
!
router eigrp 10
network 212.67.121.0
no auto-summary
!
router bgp 64556
no synchronization
bgp log-neighbor-changes
redistribute connected
redistribute static
neighbor LNS-iBGP peer-group
neighbor LNS-iBGP remote-as 64556
neighbor LNS-iBGP update-source Loopback0
neighbor LNS-iBGP version 4
neighbor LNS-iBGP next-hop-self
neighbor 212.67.121.44 peer-group LNS-iBGP
neighbor 212.67.121.46 peer-group LNS-iBGP
no auto-summary
!
ip local pool default 212.67.122.8 212.67.122.15
ip classless
no ip http server
no ip http secure-server
!
!
!
ip radius source-interface Loopback0
snmp-server community b0ll0cks RO 60
snmp-server location SGRS, London, UK
snmp-server contact isp@onetel.net.uk
snmp-server enable traps tty
!
tacacs-server host 10.240.240.100
tacacs-server host 10.240.232.120
tacacs-server directed-request
tacacs-server key 7 0822445C000A17021E0E1F
!
radius-server host 212.67.118.251 auth-port 1645 acct-port 1646 key 7 120B04131B1E1F
radius-server key 7 0538133F75781E591B1F
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
banner motd ^CC
___________________________________________________________________
|
ONE.TEL ISP - NETWORK
|
|
Mailto: isp@onetel.net.uk
|
|___________________________________________________________________|
|
This service is for authorised One.Tel staff only
|
|
WARNING:
It is a criminal offence to:
|
|
I. Obtain access to data without authority
|
HIGHLY CONFIDENTIAL
“Project Supertubes”
Page 16 of 28
|
II. Damage, delete, alter or insert data without authority
|
|___________________________________________________________________|
^C
!
line con 0
authorization commands 1 console
authorization commands 15 console
authorization exec console
accounting commands 1 console
accounting commands 15 console
accounting exec console
login authentication console
transport preferred all
transport output all
stopbits 1
line aux 0
transport preferred all
transport output all
stopbits 1
line vty 0 4
exec-timeout 100 0
password 7 110A1016141D
transport preferred all
transport input all
transport output all
!
ntp clock-period 17179971
ntp server 212.67.96.135
!
end
SGRS-LNS3#sh
run
Building configuration...
Current configuration : 5235 bytes
!
! Last configuration change at 11:06:21 GMT Tue Sep 14 2004 by cake
! NVRAM config last updated at 11:06:47 GMT Tue Sep 14 2004 by cake
!
version 12.3
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname SGRS-LNS3
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$92EL$KVljhPdDst0grdhu6pF5v/
enable password 7 0305
!
username isp3ng password 7 075E745C1E071C11121E4A
clock timezone GMT 0
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authentication login console local
aaa authentication enable default enable
aaa authentication ppp VPDN group radius
aaa authorization exec default group tacacs+ local
aaa authorization exec console none
aaa authorization commands 1 default group tacacs+ if-authenticated none
aaa authorization commands 1 console none
aaa authorization commands 15 default group tacacs+ local
aaa authorization commands 15 console none
aaa authorization network default group tacacs+ if-authenticated
aaa authorization network VPDN group radius
aaa accounting exec default start-stop group tacacs+
aaa accounting exec console none
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 1 console none
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting commands 15 console none
aaa accounting network default start-stop group tacacs+
aaa accounting network VPDN start-stop group radius
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
HIGHLY CONFIDENTIAL
“Project Supertubes”
Page 17 of 28
aaa session-id common
ip subnet-zero
!
!
ip cef
no ip domain lookup
ip host lns1 212.67.121.44
ip host lns2 212.67.121.45
ip host core 212.67.121.92
!
!
vpdn enable
!
vpdn-group 1
accept-dialin
protocol any
virtual-template 1
terminate-from hostname tunnel46
source-ip 212.67.121.46
l2tp tunnel password 7 1311021C0509087E7D
!
vpdn-group 2
accept-dialin
protocol any
virtual-template 2
terminate-from hostname tunnel49
source-ip 212.67.121.49
l2tp tunnel password 7 071B3442400C15514E
!
!
!
!
!
!
interface Loopback0
ip address 212.67.121.46 255.255.255.255
!
interface Loopback1
ip address 212.67.121.49 255.255.255.255
!
interface GigabitEthernet0/1
description SGRS-CORE-01 VLAN 50 g 4/4
ip address 212.67.121.67 255.255.255.240
duplex full
speed 1000
media-type gbic
negotiation auto
!
interface GigabitEthernet0/2
description SGRS-CORE-02 VLAN 51 g 4/4
ip address 212.67.121.83 255.255.255.240
duplex full
speed 1000
media-type gbic
negotiation auto
!
interface GigabitEthernet0/3
no ip address
shutdown
duplex auto
speed auto
media-type rj45
no negotiation auto
!
interface Virtual-Template1
ip unnumbered Loopback0
no logging event link-status
peer default ip address pool default
ppp authentication chap VPDN
!
interface Virtual-Template2
ip unnumbered Loopback1
no logging event link-status
peer default ip address pool default
ppp authentication chap VPDN
!
router eigrp 10
network 212.67.121.0
no auto-summary
!
HIGHLY CONFIDENTIAL
“Project Supertubes”
Page 18 of 28
router bgp 64556
no synchronization
bgp log-neighbor-changes
redistribute connected
redistribute static
neighbor LNS-iBGP peer-group
neighbor LNS-iBGP remote-as 64556
neighbor LNS-iBGP update-source Loopback0
neighbor LNS-iBGP version 4
neighbor LNS-iBGP next-hop-self
neighbor 212.67.121.44 peer-group LNS-iBGP
neighbor 212.67.121.45 peer-group LNS-iBGP
no auto-summary
!
ip local pool default 212.67.122.16 212.67.122.23
ip classless
no ip http server
no ip http secure-server
!
!
!
ip radius source-interface Loopback0
snmp-server community b0ll0cks RO 60
snmp-server location SGRS, London, UK
snmp-server contact isp@onetel.net.uk
snmp-server enable traps tty
!
tacacs-server host 10.240.240.100
tacacs-server host 10.240.232.120
tacacs-server directed-request
tacacs-server key 7 01100E165218141A2D495D
!
radius-server host 212.67.118.251 auth-port 1645 acct-port 1646 key 7 06140E25455B1A
radius-server key 7 0235116B5F325F714E54
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
banner motd ^CC
___________________________________________________________________
|
ONE.TEL ISP - NETWORK
|
|
Mailto: isp@onetel.net.uk
|
|___________________________________________________________________|
|
This service is for authorised One.Tel staff only
|
|
WARNING:
It is a criminal offence to:
|
|
I. Obtain access to data without authority
|
|
II. Damage, delete, alter or insert data without authority
|
|___________________________________________________________________|
^C
!
line con 0
authorization commands 1 console
authorization commands 15 console
authorization exec console
accounting commands 1 console
accounting commands 15 console
accounting exec console
login authentication console
transport preferred all
transport output all
stopbits 1
line aux 0
transport preferred all
transport output all
stopbits 1
line vty 0 4
exec-timeout 100 0
transport preferred all
transport input all
transport output all
!
ntp clock-period 17180068
ntp server 212.67.96.135
HIGHLY CONFIDENTIAL
“Project Supertubes”
Page 19 of 28
!
end
SGRS-LNS3#
SGRS-SP1#sh
run
Building configuration...
Current configuration : 4776 bytes
!
! Last configuration change at 11:37:41 UTC Tue Sep 14 2004 by cake
! NVRAM config last updated at 11:37:52 UTC Tue Sep 14 2004 by cake
!
version 12.3
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname SGRS-SP1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$9xf9$kD25BKsTy5eyjaeuDpKt/0
enable password 7 050A
!
username isp3ng password 7 075E745C1E071C11121E4A
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authentication login console local
aaa authentication enable default enable
aaa authorization exec default group tacacs+ local
aaa authorization exec console none
aaa authorization commands 1 default group tacacs+ if-authenticated none
aaa authorization commands 1 console none
aaa authorization commands 15 default group tacacs+ local
aaa authorization commands 15 console none
aaa authorization network default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting exec console none
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 1 console none
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting commands 15 console none
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
aaa session-id common
ip subnet-zero
!
!
ip cef
no ip domain lookup
ip host core 212.67.121.92
ip host lns1 212.67.121.44
ip host lns2 212.67.121.45
ip host lns3 212.67.121.46
ip host sp2 212.67.121.62
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
HIGHLY CONFIDENTIAL
“Project Supertubes”
Page 20 of 28
!
!
!
interface Loopback0
ip address 212.67.121.50 255.255.255.255
!
interface GigabitEthernet0/1
description link to BT-NTE1
ip address 212.67.121.17 255.255.255.248
no ip redirects
no ip proxy-arp
duplex full
speed 1000
media-type gbic
negotiation auto
no cdp enable
!
interface GigabitEthernet0/2
description iBGP link to SGRS-SP2
ip address 212.67.121.61 255.255.255.252
duplex full
speed 1000
media-type rj45
no negotiation auto
!
interface GigabitEthernet0/3
description SGRS-CORE-01 g 4/1
ip address 212.67.121.74 255.255.255.240
duplex full
speed 1000
media-type gbic
negotiation auto
!
router eigrp 10
redistribute bgp 64555
passive-interface GigabitEthernet0/1
network 212.67.121.0
default-metric 10000 100 255 1 1500
no auto-summary
no eigrp log-neighbor-changes
!
router bgp 64555
no synchronization
bgp log-neighbor-changes
neighbor SP-iBGP peer-group
neighbor SP-iBGP remote-as 64555
neighbor SP-iBGP version 4
neighbor SP-iBGP next-hop-self
neighbor BT-NTE1 peer-group
neighbor BT-NTE1 remote-as 65500
neighbor BT-NTE1 password 7 05525F0C2E5E5C00180B1317195454737A71
neighbor BT-NTE1 ebgp-multihop 255
neighbor BT-NTE1 version 4
neighbor BT-NTE1 distribute-list 2 in
neighbor 212.67.121.62 peer-group SP-iBGP
neighbor 217.32.95.97 peer-group BT-NTE1
no auto-summary
!
ip classless
ip route 217.32.95.97 255.255.255.255 212.67.121.18
no ip http server
no ip http secure-server
!
!
!
access-list 2 permit 212.67.121.32 0.0.0.7
access-list 2 permit 212.67.121.40 0.0.0.3
access-list 2 deny
any
snmp-server community b0ll0cks RO 60
snmp-server location SGRS, London, UK
snmp-server contact isp@onetel.net.uk
snmp-server enable traps tty
!
tacacs-server host 10.240.240.100
tacacs-server host 10.240.232.120
tacacs-server directed-request
tacacs-server key 7 104D010B0C04001E000139
!
!
control-plane
HIGHLY CONFIDENTIAL
“Project Supertubes”
Page 21 of 28
!
!
!
!
!
!
gatekeeper
shutdown
!
banner motd ^CC
___________________________________________________________________
|
ONE.TEL ISP - NETWORK
|
|
Mailto: isp@onetel.net.uk
|
|___________________________________________________________________|
|
This service is for authorised One.Tel staff only
|
|
WARNING:
It is a criminal offence to:
|
|
I. Obtain access to data without authority
|
|
II. Damage, delete, alter or insert data without authority
|
|___________________________________________________________________|
^C
!
line con 0
exec-timeout 100 0
password 7 030752180500
authorization commands 1 console
authorization commands 15 console
authorization exec console
accounting commands 1 console
accounting commands 15 console
accounting exec console
login authentication console
transport preferred all
transport output all
stopbits 1
line aux 0
transport preferred all
transport output all
stopbits 1
line vty 0 4
exec-timeout 100 0
password 7 00071A150754
transport preferred all
transport input all
transport output all
!
ntp clock-period 17179879
ntp server 212.67.96.135
!
end
SGRS-SP1#
SGRS-SP2#copy
run start
Destination filename [startup-config]?
Building configuration...
[OK]
SGRS-SP2#sh run
Building configuration...
Current configuration : 4688 bytes
!
! Last configuration change at 11:40:12 UTC Tue Sep 14 2004 by cake
! NVRAM config last updated at 11:40:16 UTC Tue Sep 14 2004 by cake
!
version 12.3
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname SGRS-SP2
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$kzHx$OkulQHoTtLnhJv867bVAT0
enable password 7 1304
!
username isp3ng password 7 06575A311C400C0D001B53
HIGHLY CONFIDENTIAL
“Project Supertubes”
Page 22 of 28
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authentication login console local
aaa authentication enable default enable
aaa authorization exec default group tacacs+ local
aaa authorization exec console none
aaa authorization commands 1 default group tacacs+ if-authenticated none
aaa authorization commands 1 console none
aaa authorization commands 15 default group tacacs+ local
aaa authorization commands 15 console none
aaa authorization network default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting exec console none
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 1 console none
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting commands 15 console none
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
aaa session-id common
ip subnet-zero
!
!
ip cef
no ip domain lookup
ip host lns1 212.67.121.44
ip host lns2 212.67.121.45
ip host lns3 212.67.121.46
ip host core 212.67.121.92
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 212.67.121.51 255.255.255.255
!
interface GigabitEthernet0/1
description link to BT-NTE1
ip address 212.67.121.25 255.255.255.248
no ip redirects
no ip proxy-arp
duplex full
speed 1000
media-type gbic
negotiation auto
no cdp enable
!
interface GigabitEthernet0/2
description iBGP link to SGRS-SP2
ip address 212.67.121.62 255.255.255.252
duplex full
speed 1000
media-type rj45
no negotiation auto
!
interface GigabitEthernet0/3
description SGRS-CORE-02 VLAN 50 g 4/1
ip address 212.67.121.75 255.255.255.240
duplex full
HIGHLY CONFIDENTIAL
“Project Supertubes”
Page 23 of 28
speed 1000
media-type gbic
negotiation auto
!
router eigrp 10
redistribute bgp 64555
passive-interface GigabitEthernet0/1
network 212.67.121.0
default-metric 10000 100 255 1 1500
no auto-summary
no eigrp log-neighbor-changes
!
router bgp 64555
no synchronization
bgp log-neighbor-changes
neighbor SP-iBGP peer-group
neighbor SP-iBGP remote-as 64555
neighbor SP-iBGP version 4
neighbor SP-iBGP next-hop-self
neighbor BT-NTE1 peer-group
neighbor BT-NTE1 remote-as 65500
neighbor BT-NTE1 password 7 035D0208091D33454F071D00054A5B55557F
neighbor BT-NTE1 ebgp-multihop 255
neighbor BT-NTE1 version 4
neighbor BT-NTE1 distribute-list 2 in
neighbor 212.67.121.61 peer-group SP-iBGP
neighbor 217.32.95.101 peer-group BT-NTE1
no auto-summary
!
ip classless
ip route 217.32.95.101 255.255.255.255 212.67.121.26
no ip http server
no ip http secure-server
!
!
!
access-list 2 permit 212.67.121.32 0.0.0.7
access-list 2 permit 212.67.121.40 0.0.0.3
access-list 2 deny
any
snmp-server community b0ll0cks RO 60
snmp-server location SGRS, London, UK
snmp-server contact isp@onetel.net.uk
snmp-server enable traps tty
!
tacacs-server host 10.240.240.100
tacacs-server host 10.240.232.120
tacacs-server directed-request
tacacs-server key 7 030753190F1C3359420C0A
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
banner motd ^CC
___________________________________________________________________
|
ONE.TEL ISP - NETWORK
|
|
Mailto: isp@onetel.net.uk
|
|___________________________________________________________________|
|
This service is for authorised One.Tel staff only
|
|
WARNING:
It is a criminal offence to:
|
|
I. Obtain access to data without authority
|
|
II. Damage, delete, alter or insert data without authority
|
|___________________________________________________________________|
^C
!
line con 0
authorization commands 1 console
authorization commands 15 console
authorization exec console
accounting commands 1 console
accounting commands 15 console
accounting exec console
login authentication console
HIGHLY CONFIDENTIAL
“Project Supertubes”
Page 24 of 28
transport preferred all
transport output all
stopbits 1
line aux 0
transport preferred all
transport output all
stopbits 1
line vty 0 4
password 7 0820
transport preferred all
transport input all
transport output all
!
ntp clock-period 17179932
ntp server 212.67.96.135
!
end
SGRS-SP2#
HIGHLY CONFIDENTIAL
“Project Supertubes”
Page 25 of 28
Appendix B – Interface and Routing Table
Router
Interface
IP Address
Gig 0/1
SGRS-SP1
212.67.121.17
Gig 0/1
SGRS-NTE-1
212.67.121.18
Gig 0/1
SGRS-SP2
212.67.121.25
Gig 0/1
SGRS-NTE-2
212.67.121.26
Lo 0
BT-LTS-1
212.67.121.32
Lo 0
BT-LTS-2
212.67.121.33
Lo 0
BT-LTS-3
212.67.121.34
Lo 0
BT-LTS-4
212.67.121.35
Lo 0
BT-LTS-5
212.67.121.36
Lo 0
BT-LTS-6
212.67.121.37
Lo 0
BT-LTS-7
212.67.121.38
Lo 0
BT-LTS-8
212.67.121.39
Lo 0
BT-LTS-9
212.67.121.40
Lo 0
BT-LTS-10
212.67.121.41
Lo 0
BT-LTS-11
212.67.121.42
Lo 0
BT-LTS-12
212.67.121.43
Lo 0
SGRS-LNS1
212.67.121.44
Lo 0
SGRS-LNS2
212.67.121.45
Lo 0
SGRS-LNS3
212.67.121.46
Lo 1
SGRS-LNS1
212.67.121.47
Lo 1
SGRS-LNS2
212.67.121.48
Lo 1
SGRS-LNS3
Lo 0
212.67.121.49
212.67.121.50
Lo 0
212.67.121.51
Gig 0/2
212.67.121.61
SGRS-SP1
SGRS-SP2
SGRS-SP1
HIGHLY CONFIDENTIAL
Mask
255.255.255.24
8
255.255.255.24
8
255.255.255.24
8
255.255.255.24
8
255.255.255.25
5
255.255.255.25
5
255.255.255.25
5
255.255.255.25
5
255.255.255.25
5
255.255.255.25
5
255.255.255.25
5
255.255.255.25
5
255.255.255.25
5
255.255.255.25
5
255.255.255.25
5
255.255.255.25
5
255.255.255.25
5
255.255.255.25
5
255.255.255.25
5
255.255.255.25
5
255.255.255.25
5
255.255.255.25
5
255.255.255.25
5
255.255.255.25
5
255.255.255.24
“Project Supertubes”
Routing Protocol
eBGP
eBGP
eBGP
eBGP
(BT)
(BT)
(BT)
(BT)
(BT)
(BT)
(BT)
(BT)
(BT)
(BT)
(BT)
(BT)
EIGRP
EIGRP
EIGRP
EIGRP
EIGRP
EIGRP
EIGRP
EIGRP
iBGP
Page 26 of 28
Gig 0/2
SGRS-SP2
212.67.121.62
Gig 0/0
SGRS-LNS1
212.67.121.65
Gig 0/0
SGRS-LNS2
212.67.121.66
Gig 0/0
SGRS-LNS3
212.67.121.67
Gig 0/3
SGRS-SP1
212.67.121.74
Gig 0/3
SGRS-SP2
212.67.121.75
VLAN 50
SGRS-CORE1
212.67.121.76
VLAN 50
SGRS-CORE2
212.67.121.77
VLAN 50
HSRP
212.67.121.78
Gig 0/1
SGRS-LNS1
212.67.121.81
Gig 0/1
SGRS-LNS2
212.67.121.82
Gig 0/1
SGRS-LNS3
212.67.121.83
VLAN 51
SGRS-CORE1
212.67.121.92
VLAN 51
SGRS-CORE2
212.67.121.93
VLAN 51
HSRP
HIGHLY CONFIDENTIAL
212.67.121.94
8
255.255.255.24
8
255.255.255.24
8
255.255.255.24
8
255.255.255.24
8
255.255.255.24
8
255.255.255.24
8
255.255.255.24
8
255.255.255.24
8
255.255.255.24
8
255.255.255.24
8
255.255.255.24
8
255.255.255.24
8
255.255.255.24
8
255.255.255.24
8
255.255.255.24
8
“Project Supertubes”
iBGP
EIGRP
EIGRP
EIGRP
EIGRP
EIGRP
EIGRP
EIGRP
EIGRP
EIGRP
EIGRP
EIGRP
EIGRP
EIGRP
EIGRP
Page 27 of 28
Appendix C – Catalyst Switch Port Allocation
Router
SGRS-SP1
LNS1
LNS2
LNS3
SGRS-SP2
LNS1
LNS2
LNS3
Interface
Gig 0/3
Gig 0/1
Gig 0/1
Gig 0/1
Gig 0/3
Gig 0/2
Gig 0/2
Gig 0/2
HIGHLY CONFIDENTIAL
VLAN
50
50
50
50
50
51
51
51
Switch Port
CORE1 Gig 4/1
CORE1 Gig 4/2
CORE1 Gig 4/3
CORE1 Gig 4/4
CORE2 Gig 4/1
CORE2 Gig 4/2
CORE2 Gig 4/3
CORE2 Gig 4/4
“Project Supertubes”
Page 28 of 28
Related documents
File
File
Sub: Letter of recommendation for Mr
Sub: Letter of recommendation for Mr
CCNA Security – Chapter 3 Case Study © 2009 Cisco Learning
CCNA Security – Chapter 3 Case Study © 2009 Cisco Learning
INSTRUCTIONAL DESIGN SEQUENCE / PROJECT OVERVIEW A
INSTRUCTIONAL DESIGN SEQUENCE / PROJECT OVERVIEW A
08.12.12AAA welcomes infrastructure boost.doc
08.12.12AAA welcomes infrastructure boost.doc
MARY ODELL BUTLER (PhD, Temple University, 1978) Positions
MARY ODELL BUTLER (PhD, Temple University, 1978) Positions
Classic Membership $61 Plus Membership:$94
Classic Membership $61 Plus Membership:$94
NJASBO ASSOCIATE BUSINESS MEMBERS MEETING
NJASBO ASSOCIATE BUSINESS MEMBERS MEETING
99.12.20AAA staff restructure-appts announced
99.12.20AAA staff restructure-appts announced
Download
advertisement