!
! Cisco IOS Sample Configuration
! Covers: Interfaces, VRF, BGP, OSPF, Route-maps, Prefix-lists
!
version 15.7
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1-IOS
!
!
vrf definition CUSTOMER_A
 rd 65000:100
 route-target export 65000:100
 route-target import 65000:100
 !
 address-family ipv4
  route-map IMPORT_FILTER import
  route-map EXPORT_FILTER export
 exit-address-family
!
vrf definition CUSTOMER_B
 rd 65000:200
 route-target export 65000:200
 route-target import 65000:200
 !
 address-family ipv4
 exit-address-family
!
!
interface Loopback0
 description Management Loopback
 ip address 10.0.0.1 255.255.255.255
 ip ospf 1 area 0
!
interface Loopback100
 description BGP Update Source
 ip address 192.168.1.1 255.255.255.255
 ip ospf 1 area 0
!
interface GigabitEthernet0/0
 description Link to R2
 ip address 10.1.1.1 255.255.255.252
 ip ospf 1 area 0
 ip ospf cost 100
 ip ospf priority 255
 ip ospf network point-to-point
 no shutdown
!
interface GigabitEthernet0/1
 description Link to R3 in Area 1
 ip address 10.1.2.1 255.255.255.252
 ip ospf 1 area 1
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 MySecret123
 no shutdown
!
interface GigabitEthernet0/3
 description Trunk to Switch
 switchport mode trunk
 switchport trunk allowed vlan 10,20,30,40
 switchport trunk native vlan 99
 no shutdown
!
interface Port-channel1
 description Link Aggregation to Core
 ip address 10.2.1.1 255.255.255.252
 ip ospf 1 area 0
 no shutdown
!
interface GigabitEthernet0/4
 description Member of Port-channel1
 channel-group 1 mode active
 no shutdown
!
interface GigabitEthernet0/5
 description Member of Port-channel1
 channel-group 1 mode active
 no shutdown
!
interface Tunnel0
 description GRE Tunnel to Remote Site
 ip address 172.31.0.1 255.255.255.252
 tunnel source Loopback0
 tunnel destination 10.0.0.2
 tunnel mode gre ip
 ip ospf 1 area 0
!
interface Vlan10
 description Management VLAN
 ip address 192.168.10.1 255.255.255.0
 ip helper-address 192.168.100.10
 standby 10 ip 192.168.10.254
 standby 10 priority 110
 standby 10 preempt
 no shutdown
!
!
router ospf 1
 router-id 10.0.0.1
 log-adjacency-changes detail
 auto-cost reference-bandwidth 10000
 passive-interface default
 no passive-interface GigabitEthernet0/0
 no passive-interface GigabitEthernet0/1
 no passive-interface Port-channel1
 area 1 nssa no-summary
 area 1 authentication message-digest
 redistribute bgp 65000 subnets route-map BGP_TO_OSPF
 default-information originate metric 10 metric-type 1
!
!
router bgp 65000
 bgp router-id 192.168.1.1
 bgp log-neighbor-changes
 bgp bestpath as-path multipath-relax
 bgp bestpath compare-routerid
 neighbor IBGP_PEERS peer-group
 neighbor IBGP_PEERS remote-as 65000
 neighbor IBGP_PEERS update-source Loopback100
 neighbor IBGP_PEERS send-community both
 neighbor IBGP_PEERS route-reflector-client
 neighbor 192.168.1.2 peer-group IBGP_PEERS
 neighbor 192.168.1.2 description R2-IBGP-Client
 neighbor 192.168.1.3 peer-group IBGP_PEERS
 neighbor 192.168.1.3 description R3-IBGP-Client
 neighbor 10.100.1.1 remote-as 65001
 neighbor 10.100.1.1 description ISP1-EBGP
 neighbor 10.100.1.1 ebgp-multihop 2
 neighbor 10.100.1.1 update-source GigabitEthernet0/0
 neighbor 10.100.1.1 password MyBGPPassword
 neighbor 10.100.1.1 route-map ISP1_IN in
 neighbor 10.100.1.1 route-map ISP1_OUT out
 neighbor 10.100.1.1 prefix-list ISP1_PREFIX_IN in
 neighbor 10.100.1.1 prefix-list ISP1_PREFIX_OUT out
 neighbor 10.100.1.1 maximum-prefix 100000 80
 !
 address-family ipv4
  network 10.0.0.0 mask 255.255.0.0
  network 192.168.1.0
  redistribute ospf 1 route-map OSPF_TO_BGP
  redistribute connected route-map CONNECTED_TO_BGP
  neighbor IBGP_PEERS activate
  neighbor IBGP_PEERS next-hop-self
  neighbor 192.168.1.2 activate
  neighbor 192.168.1.3 activate
  neighbor 10.100.1.1 activate
  neighbor 10.100.1.1 send-community
  maximum-paths 4
  maximum-paths ibgp 4
 exit-address-family
 !
 address-family ipv4 vrf CUSTOMER_A
  neighbor 172.16.1.10 remote-as 65100
  neighbor 172.16.1.10 description Customer-A-CE
  neighbor 172.16.1.10 activate
  neighbor 172.16.1.10 route-map CUSTOMER_A_IN in
  neighbor 172.16.1.10 route-map CUSTOMER_A_OUT out
  redistribute ospf 2 vrf CUSTOMER_A
 exit-address-family
!
!
ip prefix-list ISP1_PREFIX_IN seq 10 permit 0.0.0.0/0
ip prefix-list ISP1_PREFIX_IN seq 20 permit 10.0.0.0/8 le 24
ip prefix-list ISP1_PREFIX_IN seq 30 deny 0.0.0.0/0 le 32
!
ip prefix-list ISP1_PREFIX_OUT seq 10 permit 192.168.0.0/16 le 24
ip prefix-list ISP1_PREFIX_OUT seq 20 deny 0.0.0.0/0 le 32
!
ip prefix-list CONNECTED_NETWORKS seq 10 permit 10.0.0.0/24 le 32
ip prefix-list CONNECTED_NETWORKS seq 20 permit 172.16.0.0/12 le 32
!
!
route-map ISP1_IN permit 10
 description Accept default route from ISP
 match ip address prefix-list ISP1_PREFIX_IN
 set local-preference 200
 set metric 100
 set community 65000:100
!
route-map ISP1_IN deny 20
!
route-map ISP1_OUT permit 10
 description Advertise only our networks to ISP
 match ip address prefix-list ISP1_PREFIX_OUT
 set as-path prepend 65000 65000
 set metric 50
 set community 65000:200
!
route-map ISP1_OUT deny 20
!
route-map OSPF_TO_BGP permit 10
 description Redistribute OSPF into BGP selectively
 match ip address prefix-list CONNECTED_NETWORKS
 set metric 1000
 set origin igp
 set community no-export
!
route-map OSPF_TO_BGP deny 20
!
route-map BGP_TO_OSPF permit 10
 description Redistribute BGP into OSPF selectively
 set metric 2000
 set metric-type type-1
 set tag 65000
!
route-map BGP_TO_OSPF deny 20
!
route-map CONNECTED_TO_BGP permit 10
 match ip address prefix-list CONNECTED_NETWORKS
 set origin igp
!
route-map CONNECTED_TO_BGP deny 20
!
route-map IMPORT_FILTER permit 10
 description VRF import filter
 match community ALLOWED_COMMUNITIES
!
route-map IMPORT_FILTER deny 20
!
route-map EXPORT_FILTER permit 10
 description VRF export filter
 set community 65000:100 additive
!
route-map EXPORT_FILTER deny 20
!
route-map CUSTOMER_A_IN permit 10
 description Customer A inbound policy
 set local-preference 150
!
route-map CUSTOMER_A_OUT permit 10
 description Customer A outbound policy
 match ip address prefix-list CUSTOMER_A_ALLOWED
!
!
ip prefix-list CUSTOMER_A_ALLOWED seq 10 permit 172.16.0.0/16 le 24
!
!
! Static routes
ip route 0.0.0.0 0.0.0.0 10.100.1.1 name DEFAULT_ROUTE_TO_ISP
ip route 192.168.0.0 255.255.0.0 Null0 250 name AGGREGATE_ROUTE
ip route 10.200.1.0 255.255.255.0 10.1.1.2 100 tag 100
ip route vrf CUSTOMER_A 192.168.100.0 255.255.255.0 172.16.1.254
!
! ACLs
ip access-list standard MGMT_HOSTS
 remark Allow management hosts
 permit 192.168.10.0 0.0.0.255
 permit host 10.0.0.100
 deny any
!
ip access-list extended WEB_TRAFFIC
 remark Allow HTTP and HTTPS
 permit tcp any any eq 80
 permit tcp any any eq 443
 deny ip any any log
!
! Community lists
ip community-list standard ALLOWED_COMMUNITIES permit 65000:100
ip community-list standard ALLOWED_COMMUNITIES permit 65000:200
ip community-list expanded CUSTOMER_COMMUNITIES permit _65[0-9]{3}:[0-9]+_
!
! AS-path lists
ip as-path access-list 10 permit ^65000_
ip as-path access-list 10 deny .*
!
line con 0
 exec-timeout 0 0
 logging synchronous
line vty 0 4
 exec-timeout 30 0
 logging synchronous
 transport input ssh
!
end