site_a - Cisco Support Community
advertisement
Site A rtr_klcc_test#sh bgp ne rtr_klcc_test#sh bgp neighbors BGP neighbor is 58.139.168.170, remote AS 23736, external link BGP version 4, remote router ID 0.0.0.0 BGP state = Idle Last read 00:00:18, hold time is 180, keepalive interval is 60 seconds Message statistics: InQ depth is 0 OutQ depth is 0 Sent Rcvd Opens: 0 0 Notifications: 0 0 Updates: 0 0 Keepalives: 0 0 Route Refresh: 0 0 Total: 0 0 Default minimum time between advertisement runs is 30 seconds For address family: IPv4 Unicast BGP table version 7, neighbor version 0 Index 1, Offset 0, Mask 0x2 Sent Rcvd Prefix activity: ------Prefixes Current: 0 0 Prefixes Total: 0 0 Implicit Withdraw: 0 0 Explicit Withdraw: 0 0 Used as bestpath: n/a 0 Used as multipath: n/a 0 Outbound Inbound Local Policy Denied Prefixes: -------- ------Total: 0 0 Number of NLRIs in the update sent: max 0, min 0 Connections established 0; dropped 0 Last reset never External BGP neighbor not directly connected. No active TCP connection rtr_klcc_test#sh int rtr_klcc_test#sh interfaces f rtr_klcc_test#sh interfaces fastEthernet 0/1 FastEthernet0/1 is up, line protocol is up Hardware is AmdFE, address is 000f.2360.4dc1 (bia 000f.2360.4dc1) Internet address is 58.139.93.114/30 MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Half-duplex, 100Mb/s, 100BaseTX/FX ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:02:17, output 00:00:02, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 6 packets input, 416 bytes Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog 0 input packets with dribble condition detected 47 packets output, 2837 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 2 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out rtr_klcc_test#sh ip rou rtr_klcc_test#sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set C C C C C C 172.9.0.0/16 is directly connected, FastEthernet0/0.4 172.19.0.0/16 is directly connected, FastEthernet0/0.1 172.29.0.0/16 is directly connected, FastEthernet0/0.2 172.39.0.0/16 is directly connected, FastEthernet0/0.3 172.49.0.0/16 is directly connected, FastEthernet0/0.5 172.59.0.0/16 is directly connected, FastEthernet0/0.6 58.0.0.0/30 is subnetted, 1 subnets C 58.139.93.112 is directly connected, FastEthernet0/1 ! Sh run! interface FastEthernet0/0 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$ no ip address duplex auto speed auto ! interface FastEthernet0/0.1 description VLAN for POS$FW_INSIDE$ encapsulation dot1Q 300 ip address 172.19.100.254 255.255.0.0 ip access-group sdm_fastethernet0/0.1_in in ! interface FastEthernet0/0.2 description VLAN for PC $FW_INSIDE$ encapsulation dot1Q 200 ip address 172.29.100.254 255.255.0.0 ip access-group sdm_fastethernet0/0.2_in in ! interface FastEthernet0/0.3 description VLAN for CCTV$FW_INSIDE$ encapsulation dot1Q 100 ip address 172.39.100.254 255.255.0.0 ip access-group sdm_fastethernet0/0.3_in in ! interface FastEthernet0/0.4 description Router$FW_INSIDE$ encapsulation dot1Q 1 native ip address 172.9.100.254 255.255.0.0 ! interface FastEthernet0/0.5 description VLAN for Naraya encapsulation dot1Q 400 ip address 172.49.100.254 255.255.0.0 ip access-group sdm_fastethernet0/0.5_in in no cdp enable ! interface FastEthernet0/0.6 description VLAN for IPVS encapsulation dot1Q 500 ip address 172.59.100.254 255.255.0.0 ip access-group sdm_fastethernet0/0.6_in in no cdp enable ! interface Serial0/0 no ip address shutdown ! interface BRI0/0 no ip address encapsulation hdlc shutdown ! interface FastEthernet0/1 ip address 58.139.93.114 255.255.255.252 duplex auto speed auto ! ! router bgp 65322 no synchronization bgp log-neighbor-changes network 172.9.0.0 network 172.19.0.0 network 172.29.0.0 network 172.39.0.0 network 172.49.0.0 network 172.59.0.0 neighbor 58.139.168.170 remote-as 23736 no auto-summary ! ip classless no ip forward-protocol nd ! no ip http server ip http authentication local no ip http secure-server ip http timeout-policy idle 5 life 86400 requests 10000 ! ! ip access-list extended sdm_fastethernet0/0.1_in remark SDM_ACL Category=1 remark Deny CCTV deny ip 172.19.0.0 0.0.255.255 172.39.0.0 0.0.255.255 remark Deny POS KLCC to any deny ip 172.19.1.0 0.0.0.255 any remark Deny POS KLCC to any deny ip 172.19.2.0 0.0.0.255 any remark Deny POS KLCC to any deny ip 172.19.3.0 0.0.0.255 any remark Deny POS KLCC to any deny ip 172.19.4.0 0.0.0.255 any remark Deny POS KLCC to any deny ip 172.19.5.0 0.0.0.255 any remark Deny POS KLCC to any deny ip 172.19.6.0 0.0.0.255 any remark Deny POS KLCC to any deny ip 172.19.7.0 0.0.0.255 any remark Deny POS KLCC to any deny ip 172.19.8.0 0.0.0.255 any remark Deny POS KLCC to any deny ip 172.19.9.0 0.0.0.255 any remark Permit any permit ip 172.19.0.0 0.0.255.255 any remark Permit PC to internet permit ip any 172.29.0.0 0.0.255.255 remark permit KLCC TCs and Server to MidValley TCs and Server permit ip 172.19.100.0 0.0.0.255 172.18.100.0 0.0.0.255 ip access-list extended sdm_fastethernet0/0.2_in remark Deny KLCC POS deny ip any 172.19.1.0 0.0.0.255 remark Deny KLCC POS deny ip any 172.19.2.0 0.0.0.255 remark Deny KLCC POS deny ip any 172.19.3.0 0.0.0.255 remark Deny KLCC POS deny ip any 172.19.4.0 0.0.0.255 remark Deny KLCC POS deny ip any 172.19.5.0 0.0.0.255 remark Deny KLCC POS deny ip any 172.19.6.0 0.0.0.255 remark Deny KLCC POS deny ip any 172.19.7.0 0.0.0.255 remark Deny KLCC POS deny ip any 172.19.8.0 0.0.0.255 remark Deny KLCC POS deny ip any 172.19.9.0 0.0.0.255 remark Permit cctv from selected pcs permit ip host 172.29.4.37 172.39.0.0 0.0.255.255 permit ip host 172.29.4.47 172.39.0.0 0.0.255.255 permit ip host 172.29.4.1 172.39.0.0 0.0.255.255 remark Deny CCTV deny ip any 172.39.0.0 0.0.255.255 remark Permit TCs Lot10 permit ip 172.29.0.0 0.0.255.255 172.17.100.0 0.0.0.255 remark Deny to POS Lot10 deny ip any 172.17.0.0 0.0.255.255 remark Permit PC vlan to any permit ip 172.29.0.0 0.0.255.255 any remark Permit KLCC PCs to MidValley Server permit ip 172.29.0.0 0.0.255.255 host 172.18.100.14 remark Permit KLCC PCs to MidValley NEW Server permit ip 172.29.0.0 0.0.255.255 host 172.18.100.17 remark Permit KLCC PCs to Naraya Serve at Lot10 permit ip host 172.29.4.16 host 172.47.1.10 permit ip 172.29.0.0 0.0.255.255 host 172.59.1.10 ip access-list extended sdm_fastethernet0/0.3_in remark SDM_ACL Category=1 remark Permit CCTV Streaming to Selected PCs permit ip 172.39.0.0 0.0.255.255 host 172.29.4.47 permit ip 172.39.0.0 0.0.255.255 host 172.29.4.37 permit ip 172.39.0.0 0.0.255.255 host 172.29.4.1 ip access-list extended sdm_fastethernet0/0.6_in permit ip any any ! no cdp run
