!

! Last configuration change at 02:22:32 IST Wed Mar 15 2023 by RJ55047825

! NVRAM config last updated at 02:22:17 IST Wed Mar 15 2023 by RJ55047825
!
version 16.9
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
service unsupported-transceiver
no platform punt-keepalive disable-kernel-core
platform bfd-debug-trace 1
platform xconnect load-balance-hash-algo mac-ip-instanceid
no platform tcam-parity-error enable
platform tcam-threshold enable ucastv6 70
platform tcam-threshold alarm-frequency 1
!
hostname ICHKICHKESR001
!
boot-start-marker
boot system bootflash:asr920-universalk9_npe.V169_4_SR688058565_4.SPA.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition RJIL-BEARER-ENB
description *** FOR BEARER LTE SERVICES ***
rd 172.23.88.149:2
route-target export 64730:133
route-target export 64740:51097
route-target export 64740:55258
route-target import 64730:13301
route-target import 64740:51097
route-target import 64740:55258
!
address-family ipv6
exit-address-family
!
vrf definition RJIL-IME
description *** FOR IME SERVICES ***
rd 172.23.88.149:6
route-target export 64760:133
route-target import 64760:13301
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition RJIL-IP-MGMT
description *** For Out-of-Band management ***
rd 172.23.88.149:29
!
address-family ipv4
route-target export 64820:133
route-target export 64820:99
route-target import 64820:13301
route-target import 64820:99
exit-address-family
!
address-family ipv6
route-target export 64820:133
route-target import 64820:13301
exit-address-family
!
vrf definition RJIL-OAM-ENB
description *** FOR O&M LTE SERVICES ***
rd 172.23.88.149:3
route-target export 64720:133
route-target import 64720:13301
!
address-family ipv6
exit-address-family
!
vrf definition RJIL-SIGNALING-ENB
description *** FOR SIGNALLING LTE SERVICES ***
rd 172.23.88.149:1
route-target export 64710:133
route-target import 64710:13301
!
address-family ipv6
exit-address-family
!
vrf definition RJIL-WIFI-CISCO
description *** FOR CISCO WIFI SERVICES ***
rd 172.23.88.149:4
route-target export 64750:133
route-target import 64750:13301
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition SC-sw-mgmt
description *** FOR SC l2 switch mgmt ***
rd 172.23.88.149:9
route-target export 64761:100
route-target export 64820:312
route-target import 64761:10001
route-target import 64820:31201
!
address-family ipv4
exit-address-family
!
address-family ipv6
 exit-address-family
!
logging buffered 65536 informational
no logging console
no logging monitor
enable secret 5 $1$Z4UK$hmQxtzL54Iuuzv/1fseJI.
!
aaa new-model
!
!
aaa group server tacacs+ ACSSERVER
server name TACACS1
server name TACACS2
ip vrf forwarding RJIL-IP-MGMT
ip tacacs source-interface Loopback999
!
aaa authentication banner ^CUnauthorized acces is prohibited^C
aaa authentication login AAA-CONSOLE-LOCAL group ACSSERVER local
aaa authentication login AAA-VTY-ACS group ACSSERVER local
aaa authentication login AAA-LOCAL local
aaa authentication enable default group ACSSERVER enable
aaa authorization console
aaa authorization config-commands
aaa authorization exec AAA-VTY-ACS group ACSSERVER local
aaa authorization commands 1 AAA-VTY-ACS group ACSSERVER local
aaa authorization commands 10 default none
aaa authorization commands 15 AAA-VTY-ACS group ACSSERVER local
aaa accounting update newinfo
aaa accounting exec default start-stop group ACSSERVER
aaa accounting commands 1 default start-stop group ACSSERVER
aaa accounting commands 15 default start-stop group ACSSERVER
aaa accounting connection default start-stop group ACSSERVER
aaa accounting system default start-stop group ACSSERVER
!
!
!
!
!
aaa session-id common
aaa password restriction
process cpu threshold type total rising 80 interval 30
process cpu statistics limit entry-percentage 80 size 86400
clock timezone IST 5 30
port-channel load-balance-hash-algo src-dst-ip
no ip source-route
!
!
!
!
!
!
!
no ip bootp server
no ip domain lookup
ip domain name INFRA.JIO.COM
ip multicast route-limit 8000
ip dhcp bootp ignore
ip dhcp excluded-address 10.1.2.1
!
ip dhcp pool ZTD
network 10.1.2.0 255.255.255.252
default-router 10.1.2.1
option 150 ip 10.1.2.1
lease infinite
!
!
!
login block-for 30 attempts 5 within 30
login delay 2
login quiet-mode access-class MGMT-VTY-IPv6
login on-failure log
login on-success log
ipv6 icmp error-interval 50 20
no ipv6 source-route
ipv6 unicast-routing
ipv6 multicast-routing
!
!
!
!
!
!
!
mpls label protocol ldp
mpls ldp password option 10 for MPLS-LDP-IPv4 7
097E1A2E26291322343C5779396A7A1C6476
mpls ldp explicit-null
mpls ldp graceful-restart
mpls ldp session protection
mpls ldp igp sync holddown 2000
mpls ldp discovery targeted-hello accept
multilink bundle-name authenticated
!
key chain ISIS-KEY
key 1
key-string 7 113B4D22283B182517151B777B217B703C5642
accept-lifetime 01:00:00 Jan 1 2014 infinite
send-lifetime 01:00:00 Jan 1 2014 infinite
!
crypto pki trustpoint TP-self-signed-1485710991
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1485710991
revocation-check none
rsakeypair TP-self-signed-1485710991
!
!
crypto pki certificate chain TP-self-signed-1485710991
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31343835 37313039 3931301E 170D3135 30323134 30343332
35355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 34383537
31303939 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B8AA B58763C1 9F3E2E4F 84CB3325 019B7354 1B080925 6D597021 24612B8B
BC3ECF01 E0516C98 1D7FD30D 4AD9CB76 E95F41AB 3CE76074 007E4521 3D996EAE
3FB69170 7EB18DB1 F7D00327 99321338 82CD6E8C 7867AD49 0373FC4A E4CDFF1E
B7AD0D23 A2C087FE 47D67BCF A669CFD8 CF8A8F8D B5AF1B6B 4B722604 5BD6BE1B
 BBC70203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 146CACCE A6BBAC33 3EDAC9DD 3EE77BCD 4B8D9B86 88301D06
03551D0E 04160414 6CACCEA6 BBAC333E DAC9DD3E E77BCD4B 8D9B8688 300D0609
2A864886 F70D0101 05050003 81810079 D0857160 185C4738 A69E3D40 B7C77A47
3728848C 0EAA059D 1863962F ACF34652 B056BD63 30590F0E 647C866F 387834C3
784B0297 7746F648 BA5A8B38 52F6A525 24AB0531 40AEB12E 49A60E37 F129FD37
5B3B4D33 895557D2 3AC5C4B6 530DDEFC 7FD676FC 0D6B5A7B 6D88CA8A EBFD1BE4
F4F3B8D2 E3FDC821 7BA544E7 C6262E
quit
!
license feature ptp
license udi pid ASR-920-12CZ-D sn CAT1840U2SU
license accept end user agreement
license boot level advancedmetroipaccess
no license smart enable
archive
log config
logging enable
logging size 200
notify syslog contenttype plaintext
hidekeys
path bootflash:l2parentdelta
maximum 1
time-period 55
memory reserve critical 2000
memory free low-watermark processor 5000
file privilege 10
!
!
spanning-tree extend system-id
sdm prefer default
diagnostic bootup level minimal
!
!
username RjilUserDgD9BSf8 privilege 15 secret 5 $1$SGPI$FK1cl39JxCE0NXbYhLJeV.
username LocalAuthRdOnly privilege 10 secret 5 $1$X4VF$tsiKyuLaF3uindj8AudlB1
username RjilUserGdwxfMyY privilege 15 secret 5 $1$hPiQ$LYdA0mLJhuSAIkTCJugyE0
username rjil privilege 15 secret Rjil123
!
redundancy
bfd-template single-hop FIBRE
interval microseconds min-tx 50000 min-rx 50000 multiplier 3
!
bridge-domain 101
mac limit maximum addresses 20
bridge-domain 102
mac limit maximum addresses 20
bridge-domain 103
mac limit maximum addresses 20
bridge-domain 104
mac limit maximum addresses 20
bridge-domain 351
mac limit maximum addresses 20
bridge-domain 352
mac limit maximum addresses 20
bridge-domain 353
mac limit maximum addresses 20
bridge-domain 354
mac limit maximum addresses 20
bridge-domain 355
mac limit maximum addresses 20
bridge-domain 356
mac limit maximum addresses 20
bridge-domain 357
mac limit maximum addresses 20
bridge-domain 361
mac limit maximum addresses 20
bridge-domain 362
mac limit maximum addresses 20
bridge-domain 363
mac limit maximum addresses 20
bridge-domain 364
mac limit maximum addresses 20
bridge-domain 365
mac limit maximum addresses 20
bridge-domain 366
mac limit maximum addresses 20
bridge-domain 367
mac limit maximum addresses 20
bridge-domain 370
mac limit maximum addresses 20
bridge-domain 371
mac limit maximum addresses 20
bridge-domain 581
mac limit maximum addresses 30
bridge-domain 585
mac limit maximum addresses 30
bridge-domain 601
mac limit maximum addresses 160
bridge-domain 602
mac limit maximum addresses 160
bridge-domain 603
mac limit maximum addresses 160
bridge-domain 605
mac limit maximum addresses 160
bridge-domain 615
mac limit maximum addresses 160
bridge-domain 888
mac limit maximum addresses 40
bridge-domain 901
mac limit maximum addresses 20
bridge-domain 951
mac limit maximum addresses 20
!
!
!
!
!
transceiver type all
monitoring
!
lldp run
!
!
class-map match-any RJIL-QOS-SC-VOICE-QGRP
match qos-group 5
class-map match-any RJIL-QOS-SC-CONTROL-DSCP
match dscp cs6
class-map match-any QOS-SIGNALING-QGRP
match qos-group 7
class-map match-any RJIL-QOS-SC-OAM-DSCP
match dscp cs2
class-map match-any QOS-OAM-DSCP
match dscp cs2
class-map match-any RJIL-QOS-SC-SIGNALING-QGRP
match qos-group 7
class-map match-any QOS-CONTROL-DSCP
match dscp cs6
class-map match-any QOS-VOICE-QGRP
match qos-group 5
class-map match-any RJIL-QOS-SC-VOICE-DSCP
match dscp ef cs7
class-map match-any RJIL-QOS-SC-CONTROL-QGRP
match qos-group 6
class-map match-any QOS-SIGNALING-DSCP
match dscp cs5
class-map match-any RJIL-QOS-SC-OAM-QGRP
match qos-group 2
class-map match-any QOS-HOSTED-AV-SMARTSCHEDULER-EXP
match mpls experimental topmost 3
match dscp af32
class-map match-any QOS-OAM-QGRP
match qos-group 2
class-map match-any RJIL-QOS-SC-SIGNALING-DSCP
match dscp cs5
class-map match-any QOS-IPTV-EXP
match mpls experimental topmost 4
class-map match-any QOS-CONTROL-QGRP
match qos-group 6
class-map match-any QOS-VOICE-DSCP
match dscp ef cs7
class-map match-any QOS-INT-PREMIUM-EXP
match mpls experimental topmost 1
class-map match-any RJIL-ENT-VPN-9070352910-2251-PARENT
match vlan 2251
class-map match-any QOS-HOSTED-AV-SMARTSCHEDULER-QGRP
match qos-group 3
class-map match-any QOS-IPTV-QGRP
match qos-group 4
class-map match-any QOS-OAM-EXP
match mpls experimental topmost 2
class-map match-any QOS-CONTROL-EXP
match mpls experimental topmost 6
match ip precedence 6
class-map match-any QOS-BRONZE-DSCP
match dscp af12 af13
class-map match-any QOS-GOLD-DSCP
match dscp af31 af41
class-map match-any RJIL-QOS-SC-HOSTED-AV-SMARTSCHEDULER-QGRP
match qos-group 3
class-map match-any QOS-SILVER-QGRP
match qos-group 3
class-map match-any RJIL-QOS-SC-IPTV-QGRP
match qos-group 4
class-map match-any QOS-PLATINUM-QGRP
match qos-group 6
class-map match-any QOS-HOSTED-AV-SMARTSCHEDULER-DSCP
 match dscp af32
class-map match-any QOS-IPTV-DSCP
match dscp af31 af41
class-map match-all QOS-VOICE-EXP
match mpls experimental topmost 5
class-map match-any QOS-BRONZE-QGRP
match qos-group 1
class-map match-any QOS-GOLD-QGRP
match qos-group 4
class-map match-any RJIL-QOS-SC-HOSTED-AV-SMARTSCHEDULER-DSCP
match dscp af32
class-map match-any QOS-SIGNALING-EXP
match mpls experimental topmost 7
class-map match-any QOS-SILVER-DSCP
match dscp af32 af33
class-map match-any RJIL-QOS-SC-IPTV-DSCP
match dscp af31 af41
class-map match-any QOS-PLATINUM-DSCP
match dscp af43 cs6
class-map match-any RJIL-QOS-SC-INT-PREMIUM-DSCP
match dscp af22
class-map match-any QOS-INT-PREMIUM-DSCP
match dscp af22
class-map match-any RJIL-QOS-SC-INT-PREMIUM-QGRP
match qos-group 1
class-map match-any QOS-INT-PREMIUM-QGRP
match qos-group 1
!
policy-map RJIL-QOS-NTWK-NNI-OUT-MW-500-CHILD
class QOS-VOICE-QGRP
priority level 1
police cir percent 25
set mpls experimental topmost 5
queue-limit 250000 bytes
class QOS-SIGNALING-QGRP
priority level 2
police cir percent 5
set mpls experimental topmost 7
queue-limit 250000 bytes
class QOS-CONTROL-QGRP
bandwidth percent 1
set mpls experimental topmost 6
queue-limit 500000 bytes
class QOS-IPTV-QGRP
bandwidth percent 20
set mpls experimental topmost 4
queue-limit 250000 bytes
class QOS-HOSTED-AV-SMARTSCHEDULER-QGRP
bandwidth percent 10
set mpls experimental topmost 3
queue-limit 500000 bytes
class QOS-OAM-QGRP
bandwidth percent 5
set mpls experimental topmost 2
queue-limit 500000 bytes
class QOS-INT-PREMIUM-QGRP
bandwidth percent 16
set mpls experimental topmost 1
queue-limit 500000 bytes
 class class-default
bandwidth percent 18
set mpls experimental topmost 0
queue-limit 500000 bytes
policy-map RJIL-QOS-NTWK-NNI-OUT-MW-500
class class-default
shape average 450000000
service-policy RJIL-QOS-NTWK-NNI-OUT-MW-500-CHILD
policy-map RJIL-QOS-SC-UNI-OUT-UBR-100-CHILD
class QOS-VOICE-QGRP
priority level 1
police cir percent 25
queue-limit 50000 bytes
class QOS-SIGNALING-QGRP
priority level 2
police cir percent 5
queue-limit 50000 bytes
class QOS-CONTROL-QGRP
bandwidth percent 1
queue-limit 100000 bytes
class QOS-IPTV-QGRP
bandwidth percent 20
queue-limit 50000 bytes
class QOS-HOSTED-AV-SMARTSCHEDULER-QGRP
bandwidth percent 10
queue-limit 100000 bytes
class QOS-OAM-QGRP
bandwidth percent 5
queue-limit 100000 bytes
class QOS-INT-PREMIUM-QGRP
bandwidth percent 16
queue-limit 100000 bytes
class class-default
bandwidth percent 18
queue-limit 500000 bytes
policy-map RJIL-QOS-SC-UNI-OUT-UBR-100-PARENT
class class-default
shape average 100000000
service-policy RJIL-QOS-SC-UNI-OUT-UBR-100-CHILD
policy-map RJIL-QOS-NTWK-NNI-OUT-MW-250-CHILD
class QOS-VOICE-QGRP
priority level 1
police cir percent 25
set mpls experimental topmost 5
queue-limit 125000 bytes
class QOS-SIGNALING-QGRP
priority level 2
police cir percent 5
set mpls experimental topmost 7
queue-limit 125000 bytes
class QOS-CONTROL-QGRP
bandwidth percent 1
set mpls experimental topmost 6
queue-limit 250000 bytes
class QOS-IPTV-QGRP
bandwidth percent 20
set mpls experimental topmost 4
queue-limit 125000 bytes
class QOS-HOSTED-AV-SMARTSCHEDULER-QGRP
 bandwidth percent 10
set mpls experimental topmost 3
queue-limit 250000 bytes
class QOS-OAM-QGRP
bandwidth percent 5
set mpls experimental topmost 2
queue-limit 250000 bytes
class QOS-INT-PREMIUM-QGRP
bandwidth percent 16
set mpls experimental topmost 1
queue-limit 500000 bytes
class class-default
bandwidth percent 18
set mpls experimental topmost 0
queue-limit 500000 bytes
policy-map RJIL-QOS-SC-UNI-IN-PARENT
class RJIL-QOS-SC-VOICE-DSCP
set qos-group 5
class RJIL-QOS-SC-CONTROL-DSCP
set qos-group 6
class RJIL-QOS-SC-IPTV-DSCP
set qos-group 4
class RJIL-QOS-SC-HOSTED-AV-SMARTSCHEDULER-DSCP
set qos-group 3
class RJIL-QOS-SC-OAM-DSCP
set qos-group 2
class RJIL-QOS-SC-INT-PREMIUM-DSCP
set qos-group 1
class RJIL-QOS-SC-SIGNALING-DSCP
set qos-group 7
class class-default
policy-map RJIL-QOS-WAP-UNI-OUT-PARENT
class QOS-VOICE-QGRP
priority level 1
police cir percent 25
class QOS-SIGNALING-QGRP
priority level 2
police cir percent 5
class QOS-CONTROL-QGRP
bandwidth percent 1
class QOS-IPTV-QGRP
bandwidth percent 20
class QOS-HOSTED-AV-SMARTSCHEDULER-QGRP
bandwidth percent 10
class QOS-OAM-QGRP
bandwidth percent 5
class QOS-INT-PREMIUM-QGRP
bandwidth percent 16
class class-default
bandwidth percent 18
policy-map RJIL-QOS-NTWK-NNI-OUT-MW-250
class class-default
shape average 230000000
service-policy RJIL-QOS-NTWK-NNI-OUT-MW-250-CHILD
policy-map RJIL-QOS-NTWK-NNI-OUT-PARENT
class QOS-VOICE-QGRP
priority level 1
police cir percent 25
set mpls experimental topmost 5
 class QOS-SIGNALING-QGRP
priority level 2
police cir percent 5
set mpls experimental topmost 7
class QOS-CONTROL-QGRP
bandwidth percent 1
set mpls experimental topmost 6
class QOS-IPTV-QGRP
bandwidth percent 20
set mpls experimental topmost 4
class QOS-HOSTED-AV-SMARTSCHEDULER-QGRP
bandwidth percent 10
set mpls experimental topmost 3
class QOS-OAM-QGRP
bandwidth percent 5
set mpls experimental topmost 2
class QOS-INT-PREMIUM-QGRP
bandwidth percent 16
set mpls experimental topmost 1
class class-default
bandwidth percent 18
set mpls experimental topmost 0
policy-map RJIL-QOS-IME-UNI-IN-PARENT
class class-default
set qos-group 2
police 1000000
policy-map RJIL-QOS-ENB-UNI-OUT-PARENT
class QOS-VOICE-QGRP
priority level 1
police cir percent 25
class QOS-SIGNALING-QGRP
priority level 2
police cir percent 5
class QOS-CONTROL-QGRP
bandwidth percent 1
class QOS-IPTV-QGRP
bandwidth percent 20
class QOS-HOSTED-AV-SMARTSCHEDULER-QGRP
bandwidth percent 10
class QOS-OAM-QGRP
bandwidth percent 5
class QOS-INT-PREMIUM-QGRP
bandwidth percent 16
class class-default
bandwidth percent 18
policy-map RJIL-QOS-WAP-UNI-IN-CHILD
class QOS-VOICE-DSCP
set qos-group 5
class QOS-CONTROL-DSCP
set qos-group 6
class QOS-IPTV-DSCP
set qos-group 4
class QOS-HOSTED-AV-SMARTSCHEDULER-DSCP
set qos-group 3
class QOS-OAM-DSCP
set qos-group 2
class QOS-INT-PREMIUM-DSCP
set qos-group 1
class QOS-SIGNALING-DSCP
 set qos-group 7
class class-default
policy-map RJIL-ENT-VPN-9070352910-2251-CHILD-IN
class QOS-PLATINUM-DSCP
police cir 524000 bc 98304
conform-action set-qos-transmit 6
conform-action set-mpls-exp-imposition-transmit 6
exceed-action drop
class QOS-GOLD-DSCP
police cir 1048500
conform-action set-qos-transmit 4
conform-action set-mpls-exp-imposition-transmit 4
exceed-action set-mpls-exp-imposition-transmit 3
exceed-action set-qos-transmit 3
class QOS-SILVER-DSCP
police cir 524000
conform-action set-qos-transmit 3
conform-action set-mpls-exp-imposition-transmit 3
exceed-action set-mpls-exp-imposition-transmit 1
exceed-action set-qos-transmit 1
policy-map RJIL-ENT-VPN-9070352910-2251-CHILD-OUT
class QOS-PLATINUM-QGRP
priority level 1
police cir 524000
class QOS-GOLD-QGRP
bandwidth 1024
class QOS-SILVER-QGRP
bandwidth 512
policy-map RJIL-ENT-UNI-OUT
class class-default
shape average 2097152
service-policy RJIL-ENT-VPN-9070352910-2251-CHILD-OUT
policy-map RJIL-QOS-SC-UNI-OUT-PARENT
class RJIL-QOS-SC-VOICE-QGRP
priority level 1 percent 25
class RJIL-QOS-SC-SIGNALING-QGRP
priority level 2 percent 5
class RJIL-QOS-SC-CONTROL-QGRP
bandwidth percent 1
class RJIL-QOS-SC-IPTV-QGRP
bandwidth percent 20
class RJIL-QOS-SC-HOSTED-AV-SMARTSCHEDULER-QGRP
bandwidth percent 10
class RJIL-QOS-SC-OAM-QGRP
bandwidth percent 5
class RJIL-QOS-SC-INT-PREMIUM-QGRP
bandwidth percent 16
class class-default
bandwidth percent 18
policy-map RJIL-QOS-ENB-UNI-IN-CHILD
class QOS-VOICE-DSCP
set qos-group 5
class QOS-CONTROL-DSCP
set qos-group 6
class QOS-IPTV-DSCP
set qos-group 4
class QOS-HOSTED-AV-SMARTSCHEDULER-DSCP
set qos-group 3
class QOS-OAM-DSCP
 set qos-group 2
class QOS-INT-PREMIUM-DSCP
set qos-group 1
class QOS-SIGNALING-DSCP
set qos-group 7
class class-default
policy-map RJIL-QOS-ENB-UNI-IN-PARENT
class class-default
police 100000000
service-policy RJIL-QOS-ENB-UNI-IN-CHILD
policy-map RJIL-ENT-UNI-IN
class class-default
police 2097000
service-policy RJIL-ENT-VPN-9070352910-2251-CHILD-IN
policy-map RJIL-QOS-WAP-UNI-IN-PARENT
class class-default
police 100000000
service-policy RJIL-QOS-WAP-UNI-IN-CHILD
policy-map RJIL-QOS-NTWK-NNI-IN-PARENT
class QOS-VOICE-EXP
set qos-group 5
class QOS-SIGNALING-EXP
set qos-group 7
class QOS-CONTROL-EXP
set qos-group 6
class QOS-IPTV-EXP
set qos-group 4
class QOS-HOSTED-AV-SMARTSCHEDULER-EXP
set qos-group 3
class QOS-OAM-EXP
set qos-group 2
class QOS-INT-PREMIUM-EXP
set qos-group 1
class class-default
!
l2 vfi 9070352910-101181 manual
vpn id 101181
bridge-domain 2251
mtu 8500
neighbor 172.16.105.208 encapsulation mpls
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description ## ICHKICHKESR001-CORE-MGMT-LPBK ##
ip address 172.23.88.149 255.255.255.255
no ip redirects
no ip unreachables
no ip proxy-arp
ipv6 address 2405:200:201:3901:172:23:88:149/128
 no ipv6 redirects
no ipv6 unreachables
isis tag 10
!
interface Loopback200
description ## PTP Boundary Clock interface - Slave of AG1 ##
ip address 172.21.193.1 255.255.255.255
no ip redirects
no ip unreachables
no ip proxy-arp
no ipv6 redirects
no ipv6 unreachables
!
interface Loopback201
description ## PTP Boundary Clock interface - Master to eNB ##
ip address 172.21.193.128 255.255.255.255
no ip redirects
no ip unreachables
no ip proxy-arp
no ipv6 redirects
no ipv6 unreachables
!
interface Loopback999
description *** Loopback interface for management ***
vrf forwarding RJIL-IP-MGMT
ip address 172.23.88.149 255.255.255.255
no ip redirects
no ip unreachables
no ip proxy-arp
ipv6 address 2405:200:204:139:172:23:88:149/128
no ipv6 redirects
no ipv6 unreachables
!
interface GigabitEthernet0/0/0
description # SMPS #
dampening
mtu 9216
no ip address
no ip redirects
no ip unreachables
load-interval 30
media-type rj45
negotiation auto
service-policy input RJIL-QOS-IME-UNI-IN-PARENT
service instance 951 ethernet
description # IME-Utilities #
encapsulation untagged
bridge-domain 951
!
!
interface GigabitEthernet0/0/1
description # SMPS #
dampening
mtu 9216
no ip address
no ip redirects
no ip unreachables
load-interval 30
media-type rj45
 negotiation auto
service-policy input RJIL-QOS-IME-UNI-IN-PARENT
service instance 951 ethernet
description # IME-Utilities #
encapsulation untagged
bridge-domain 951
!
!
interface GigabitEthernet0/0/2
description # ACCESS CONTROL #
dampening
mtu 9216
no ip address
no ip redirects
no ip unreachables
load-interval 30
media-type sfp
negotiation auto
service-policy input RJIL-QOS-IME-UNI-IN-PARENT
service instance 951 ethernet
description # IME-Utilities #
encapsulation untagged
bridge-domain 951
!
interface GigabitEthernet0/0/3
description #TO-ICHKICHKESS004-GigabitEthernet1/5-FIBER#
dampening
mtu 9216
no ip address
load-interval 30
carrier-delay msec 0
negotiation auto
storm-control broadcast level 5.00
storm-control action trap
service-policy input RJIL-QOS-SC-UNI-IN-PARENT
service-policy output RJIL-QOS-SC-UNI-OUT-PARENT
service instance trunk 945 ethernet
description # TO--TENGIGABITETHERNET0/0-FIBER #
encapsulation dot1q 890,945,951-953
rewrite ingress tag pop 1 symmetric
bridge-domain from-encapsulation
!
!
interface GigabitEthernet0/0/4
description # TO-ICHKICHKESR005-GigabitEthernet0/0/7-MW #
dampening
mtu 9216
bandwidth 450000
no ip address
load-interval 30
carrier-delay up 2
carrier-delay down msec 0
media-type auto-select
negotiation auto
cdp enable
synchronous mode
service-policy input RJIL-QOS-NTWK-NNI-IN-PARENT
service-policy output RJIL-QOS-NTWK-NNI-OUT-MW-500
service instance 351 ethernet
 description # Data Traffic #
encapsulation untagged
l2protocol peer cdp
bridge-domain 351
!
service instance 551 ethernet
description # Microwave Management #
encapsulation dot1q 551
rewrite ingress tag pop 1 symmetric
bridge-domain 551
!
!
interface GigabitEthernet0/0/5
description # To eNode-B #
dampening
mtu 9216
no ip address
no ip redirects
no ip unreachables
load-interval 30
media-type sfp
negotiation auto
service-policy input RJIL-QOS-ENB-UNI-IN-PARENT
service-policy output RJIL-QOS-ENB-UNI-OUT-PARENT
service instance 101 ethernet
description # To eNode-B - R4G_Bearer #
encapsulation dot1q 101
rewrite ingress tag pop 1 symmetric
bridge-domain 101
!
service instance 102 ethernet
description # To eNode-B - R4G_Signalling #
encapsulation dot1q 102
rewrite ingress tag pop 1 symmetric
bridge-domain 102
!
service instance 103 ethernet
description # To eNode-B - R4G_R4G_o&m #
encapsulation dot1q 103
rewrite ingress tag pop 1 symmetric
bridge-domain 103
!
service instance 104 ethernet
description # Multicast #
encapsulation dot1q 104
rewrite ingress tag pop 1 symmetric
bridge-domain 104
!
!
interface GigabitEthernet0/0/6
description # TO RIL Customer On UBR #
dampening
mtu 9216
no ip address
load-interval 30
carrier-delay msec 0
media-type rj45
negotiation auto
synchronous mode
 service-policy input RJIL-ENT-UNI-IN
service-policy output RJIL-ENT-UNI-OUT
service instance trunk 30 ethernet
encapsulation dot1q 585
rewrite ingress tag pop 1 symmetric
l2protocol peer lldp
bridge-domain from-encapsulation
!
service instance 2251 ethernet
encapsulation untagged
bridge-domain 2251
!
!
interface GigabitEthernet0/0/7
description # TO-ICHKICHKESS001-ETHERNET-1-UBR #
dampening
mtu 9216
no ip address
load-interval 30
carrier-delay msec 0
media-type rj45
negotiation auto
storm-control broadcast level 5.00
storm-control action trap
service-policy input RJIL-QOS-SC-UNI-IN-PARENT
service-policy output RJIL-QOS-SC-UNI-OUT-UBR-100-PARENT
service instance trunk 20 ethernet
description # TO RAD I-BR-ICHK-OSC-0010 FOR Small Cell - Ethernet 2 #
encapsulation dot1q 585,601-605,615,888,890,951-953
rewrite ingress tag pop 1 symmetric
bridge-domain from-encapsulation
!
interface GigabitEthernet0/0/8
no ip address
shutdown
media-type auto-select
negotiation auto
!
!
interface GigabitEthernet0/0/9
no ip address
shutdown
media-type auto-select
negotiation auto
!
!
interface GigabitEthernet0/0/11
description # TO-ICHKICHKESS001-ETHERNET-1-UBR #
dampening
mtu 9216
no ip address
load-interval 30
carrier-delay msec 0
media-type rj45
negotiation auto
storm-control broadcast level 5.00
storm-control action trap
service-policy input RJIL-QOS-SC-UNI-IN-PARENT
service-policy output RJIL-QOS-SC-UNI-OUT-UBR-100-PARENT
 service instance trunk 20 ethernet
description # TO RAD I-BR-ICHK-OSC-0010 FOR Small Cell - Ethernet 2 #
encapsulation dot1q 585,601-605,615,888,890,951-953
rewrite ingress tag pop 1 symmetric
bridge-domain from-encapsulation
!
!
interface TenGigabitEthernet0/0/10
description # TO-ICHKICHKESR018-TenGigabitEthernet0/0/11-Fiber ##11129172 ##
dampening
mtu 9216
no ip address
load-interval 30
carrier-delay up 2
carrier-delay down msec 0
synchronous mode
service-policy input RJIL-QOS-NTWK-NNI-IN-PARENT
service-policy output RJIL-QOS-NTWK-NNI-OUT-PARENT
service instance 354 ethernet
description # Data Traffic #
encapsulation untagged
bridge-domain 354
!
!
interface TenGigabitEthernet0/0/11
description # TO-ICHKICHKESR002-TenGigabitEthernet0/0/10-Fiber ##11129175 ##
dampening
mtu 9216
no ip address
load-interval 30
carrier-delay up 2
carrier-delay down msec 0
synchronous mode
service-policy input RJIL-QOS-NTWK-NNI-IN-PARENT
service-policy output RJIL-QOS-NTWK-NNI-OUT-PARENT
service instance 355 ethernet
description # Data Traffic #
encapsulation untagged
bridge-domain 355
!
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
no ip redirects
no ip unreachables
shutdown
negotiation auto
no ipv6 redirects
no ipv6 unreachables
!
interface BDI101
description # To eNode-B - R4G_Bearer #
vrf forwarding RJIL-BEARER-ENB
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 9216
 load-interval 30
ipv6 address 2405:200:139:700:3:2:101:445/126
ipv6 enable
ipv6 mtu 9216
no ipv6 redirects
no ipv6 unreachables
ipv6 traffic-filter INFRA-iACL-IPv6-LTE in
!
interface BDI102
description # To eNode-B - R4G_Signalling #
vrf forwarding RJIL-SIGNALING-ENB
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 9216
load-interval 30
ipv6 address 2405:200:139:700:3:2:102:445/126
ipv6 enable
ipv6 mtu 9216
no ipv6 redirects
no ipv6 unreachables
ipv6 traffic-filter INFRA-iACL-IPv6-LTE in
!
interface BDI103
description # To eNode-B - R4G_R4G_o&m #
vrf forwarding RJIL-OAM-ENB
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 9216
load-interval 30
ipv6 address 2405:200:139:700:3:2:103:445/126
ipv6 enable
ipv6 mtu 9216
ipv6 nd managed-config-flag
no ipv6 redirects
no ipv6 unreachables
ipv6 dhcp relay destination 2405:200:80E:732::10
ipv6 verify unicast source reachable-via any
ipv6 traffic-filter INFRA-iACL-IPv6-LTE in
!
interface BDI104
description # Multicast #
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 9216
load-interval 30
ipv6 enable
ipv6 mtu 9216
no ipv6 redirects
no ipv6 unreachables
ipv6 mld query-timeout 180
ipv6 mld query-interval 60
ipv6 mld access-group MCAST-BDR-IPv6
ipv6 pim hello-interval 10
!
interface BDI351
description # TO-ICHKICHKESR005-GigabitEthernet0/0/7-MW #
ip address 172.31.236.138 255.255.255.254
ip helper-address 10.70.74.21
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 9216
ip router isis RAN
load-interval 30
ipv6 address 2405:200:139:0:172:31:236:138/127
ipv6 address 2405:200:139:0:173:31:236:138/127
ipv6 enable
ipv6 mtu 9216
no ipv6 redirects
no ipv6 unreachables
ipv6 router isis RAN
mpls ip
mpls mtu 9216
mpls ldp igp sync delay 25
isis circuit-type level-2-only
isis network point-to-point
isis tag 20
!
interface BDI354
description # TO-ICHKICHKESR018-TenGig0/0/11-Fiber #
ip address 10.84.156.67 255.255.255.254
ip helper-address 10.70.74.21
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 9216
ip router isis RAN
load-interval 30
ipv6 address 2405:200:139:0:10:84:156:67/127
ipv6 address 2405:200:139:0:173:84:156:67/127
ipv6 enable
ipv6 mtu 9216
no ipv6 redirects
no ipv6 unreachables
ipv6 router isis RAN
mpls ip
mpls mtu 9216
mpls ldp igp sync delay 25
bfd template FIBRE
isis circuit-type level-2-only
isis network point-to-point
isis tag 20
isis bfd
!
interface BDI355
description # TO-ICHKICHKESR002-TenGig0/0/10-Fiber #
ip address 172.19.251.33 255.255.255.254
ip helper-address 10.70.74.21
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 9216
 ip router isis RAN
load-interval 30
ipv6 address 2405:200:139:0:172:19:251:33/127
ipv6 enable
ipv6 mtu 9216
no ipv6 redirects
no ipv6 unreachables
ipv6 router isis RAN
mpls ip
mpls mtu 9216
mpls ldp igp sync delay 25
bfd template FIBRE
isis circuit-type level-2-only
isis network point-to-point
isis tag 20
isis bfd
!
interface BDI551
description # Microwave Management #
vrf forwarding RJIL-IME
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 9216
load-interval 30
ipv6 address 2405:200:139:700:3:2:551:139/125
ipv6 enable
ipv6 mtu 9216
no ipv6 redirects
no ipv6 unreachables
!
interface BDI553
description # Microwave Management #
vrf forwarding RJIL-IME
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 9216
load-interval 30
ipv6 address 2405:200:139:700:3:2:553:D9/125
ipv6 enable
ipv6 mtu 9216
no ipv6 redirects
no ipv6 unreachables
!
interface BDI585
description # TO -SAP ID - UBR mgmt #
vrf forwarding RJIL-IME
no ip address
load-interval 30
ipv6 address 2405:200:139:700:7:2:585:4A83/122
ipv6 enable
ipv6 mtu 9216
no ipv6 redirects
no ipv6 unreachables
ipv6 traffic-filter RJIL-SC-INFRA-iACL-IPv6 in
!
interface BDI601
description # To SC - R4G_Bearer #
vrf forwarding RJIL-BEARER-ENB
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 9216
load-interval 30
ipv6 address 2405:200:139:B00:7:2:601:1203/120
ipv6 mtu 9216
ipv6 nd cache interface-limit 512
no ipv6 redirects
no ipv6 unreachables
ipv6 verify unicast source reachable-via rx
ipv6 traffic-filter RJIL-SC-INFRA-iACL-IPv6 in
!
interface BDI602
description # To SC - R4G_Signalling #
vrf forwarding RJIL-SIGNALING-ENB
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 9216
load-interval 30
ipv6 address 2405:200:139:B00:7:2:602:1203/120
ipv6 mtu 9216
ipv6 nd cache interface-limit 512
no ipv6 redirects
no ipv6 unreachables
ipv6 verify unicast source reachable-via rx
ipv6 traffic-filter RJIL-SC-INFRA-iACL-IPv6 in
!
interface BDI603
description # To SC - R4G_o&m #
vrf forwarding RJIL-OAM-ENB
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 9216
load-interval 30
ipv6 address 2405:200:139:B00:7:2:603:1203/120
ipv6 mtu 9216
ipv6 nd cache interface-limit 512
ipv6 nd managed-config-flag
no ipv6 redirects
no ipv6 unreachables
ipv6 dhcp relay destination 2405:200:80E:732::10
ipv6 dhcp relay source-interface BDI603
ipv6 verify unicast source reachable-via rx
ipv6 traffic-filter RJIL-SC-INFRA-iACL-IPv6 in
!
interface BDI604
description # To SC-Multicast #
no ip address
no ip redirects
no ip unreachables
 no ip proxy-arp
ip mtu 9216
load-interval 30
ipv6 enable
ipv6 mtu 9216
no ipv6 redirects
no ipv6 unreachables
ipv6 mld query-timeout 180
ipv6 mld query-interval 60
ipv6 mld access-group MCAST-BDR-IPv6
ipv6 pim hello-interval 10
ipv6 pim dr-priority 100
ipv6 traffic-filter RJIL-SC-INFRA-iACL-IPv6 in
!
interface BDI605
description # SC-WiFi Access Point #
vrf forwarding RJIL-WIFI-CISCO
no ip address
load-interval 30
ipv6 address 2405:200:139:B00:7:2:605:1203/120
ipv6 mtu 9216
ipv6 nd cache interface-limit 1500
ipv6 nd managed-config-flag
no ipv6 redirects
no ipv6 unreachables
ipv6 dhcp relay destination 2405:200:80E:732::10
ipv6 dhcp relay source-interface BDI605
ipv6 verify unicast source reachable-via rx
!
interface BDI615
description # TO SC - PTP_SC #
ip address 172.21.200.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 9216
ip verify unicast source reachable-via rx
ip access-group RJIL-PTP-SC-INFRA-iACL-IPv4 in
load-interval 30
ipv6 mtu 9216
no ipv6 redirects
no ipv6 unreachables
ipv6 traffic-filter RJIL-PTP-SC-INFRA-iACL-IPv6 in
!
interface BDI888
description # SC-L2 switch mgmt #
vrf forwarding RJIL-IP-MGMT
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 9216
ip verify unicast source reachable-via rx
load-interval 30
ipv6 address 2405:200:139:B00:7:2:888:1203/120
ipv6 mtu 9216
ipv6 nd cache interface-limit 512
ipv6 nd managed-config-flag
no ipv6 redirects
 no ipv6 unreachables
ipv6 verify unicast source reachable-via rx
ipv6 traffic-filter RJIL-SC-INFRA-iACL-IPv6 in
!
interface BDI890
description # ASR901 ESS Mgmt #
vrf forwarding RJIL-IP-MGMT
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 9216
load-interval 30
ipv6 address 2405:200:1839:890::7:CD03/120
ipv6 enable
ipv6 mtu 9216
ipv6 nd cache interface-limit 512
no ipv6 redirects
no ipv6 unreachables
!
interface BDI901
description # Cisco WiFi Access Point #
vrf forwarding RJIL-WIFI-CISCO
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 9216
ip verify unicast source reachable-via any
ip access-group INFRA-iACL-IPv4-WiFi in
load-interval 30
ipv6 enable
ipv6 mtu 9216
no ipv6 redirects
no ipv6 unreachables
!
interface BDI945
description # Cisco WiFi Access Point #
vrf forwarding RJIL-WIFI-CISCO
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 9216
load-interval 30
ipv6 address 2405:200:80E:945:8000:0:25:8001/116
ipv6 nd cache interface-limit 1500
ipv6 nd managed-config-flag
ipv6 nd other-config-flag
no ipv6 redirects
no ipv6 unreachables
ipv6 dhcp relay destination 2405:200:806:1901::10
ipv6 dhcp relay destination 2405:200:853:1901::10
ipv6 dhcp relay source-interface BDI945
!
interface BDI951
description # IME-Utilities #
vrf forwarding RJIL-IME
ip address 10.214.75.17 255.255.255.248
 no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 9216
load-interval 30
ipv6 enable
ipv6 mtu 9216
no ipv6 redirects
no ipv6 unreachables
!
interface BDI952
description # IME-Utilities #
vrf forwarding RJIL-IME
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 9216
load-interval 30
ipv6 address 2405:200:1839:952::34:B403/120
ipv6 mtu 9216
ipv6 nd managed-config-flag
no ipv6 redirects
no ipv6 unreachables
ipv6 dhcp relay destination 2405:200:806:2886:78::10
ipv6 dhcp relay destination 2405:200:853:2886:78::10
ipv6 dhcp relay source-interface BDI952
mpls mtu 9216
!
router isis RAN
net 49.0003.1720.2308.8149.00
is-type level-2-only
authentication mode md5 level-2
authentication key-chain ISIS-KEY level-2
metric-style wide
fast-flood 10
ip route priority high tag 5000
set-overload-bit on-startup 360
max-lsp-lifetime 65535
lsp-refresh-interval 65000
spf-interval 5 50 200
prc-interval 5 50 200
lsp-gen-interval 5 50 200
no hello padding
log-adjacency-changes
fast-reroute per-prefix level-2 all
fast-reroute remote-lfa level-2 mpls-ldp
microloop avoidance disable
passive-interface Loopback0
passive-interface Loopback200
!
address-family ipv6
spf-interval 5 50 200
prc-interval 5 50 200
exit-address-family
mpls ldp sync
!
router bgp 55836
bgp router-id 172.23.88.149
bgp log-neighbor-changes
bgp graceful-restart
no bgp default ipv4-unicast
neighbor RJIL-AG1-IBGP-GRP peer-group
neighbor RJIL-AG1-IBGP-GRP remote-as 55836
neighbor RJIL-AG1-IBGP-GRP password 7 053952281E6E4939103A2741581E4A7804757C
neighbor RJIL-AG1-IBGP-GRP update-source Loopback0
neighbor RJIL-AG1-IBGP-GRP-IPv6 peer-group
neighbor RJIL-AG1-IBGP-GRP-IPv6 remote-as 55836
neighbor RJIL-AG1-IBGP-GRP-IPv6 password 7 003647213B790C36061E7C1D5A0B4B453D5A58
neighbor RJIL-AG1-IBGP-GRP-IPv6 update-source Loopback0
neighbor 2405:200:201:3901:172:18:252:163 peer-group RJIL-AG1-IBGP-GRP-IPv6
neighbor 2405:200:201:3901:172:18:252:164 peer-group RJIL-AG1-IBGP-GRP-IPv6
neighbor 2405:200:201:3901:172:23:81:210 peer-group RJIL-AG1-IBGP-GRP-IPv6
neighbor 2405:200:201:3901:172:25:243:78 peer-group RJIL-AG1-IBGP-GRP-IPv6
neighbor 172.18.252.163 peer-group RJIL-AG1-IBGP-GRP
neighbor 172.18.252.164 peer-group RJIL-AG1-IBGP-GRP
neighbor 172.23.81.210 peer-group RJIL-AG1-IBGP-GRP
neighbor 172.25.243.78 peer-group RJIL-AG1-IBGP-GRP
!
address-family ipv4
bgp nexthop trigger delay 0
network 172.23.88.149 mask 255.255.255.255 route-map CSR-COMM
neighbor RJIL-AG1-IBGP-GRP send-community
neighbor RJIL-AG1-IBGP-GRP send-label
neighbor 172.18.252.163 activate
neighbor 172.18.252.164 activate
neighbor 172.23.81.210 activate
neighbor 172.25.243.78 activate
exit-address-family
!
address-family vpnv4
bgp additional-paths select backup
bgp additional-paths install
bgp nexthop trigger delay 1
neighbor RJIL-AG1-IBGP-GRP send-community extended
neighbor 172.18.252.163 activate
neighbor 172.18.252.164 activate
neighbor 172.23.81.210 activate
neighbor 172.25.243.78 activate
exit-address-family
!
address-family ipv6
bgp nexthop trigger delay 1
network 2405:200:201:3901:172:23:88:149/128 route-map CSR-COMM
neighbor RJIL-AG1-IBGP-GRP send-community
neighbor RJIL-AG1-IBGP-GRP send-label
neighbor 172.18.252.163 activate
neighbor 172.18.252.164 activate
neighbor 172.23.81.210 activate
neighbor 172.25.243.78 activate
exit-address-family
!
address-family ipv6 multicast
neighbor RJIL-AG1-IBGP-GRP-IPv6 route-map RJIL-DROP-ALL out
neighbor 2405:200:201:3901:172:18:252:163 activate
neighbor 2405:200:201:3901:172:18:252:164 activate
neighbor 2405:200:201:3901:172:23:81:210 activate
neighbor 2405:200:201:3901:172:25:243:78 activate
exit-address-family
!
address-family vpnv6
bgp recursion host
bgp nexthop trigger delay 1
neighbor RJIL-AG1-IBGP-GRP send-community extended
neighbor 172.18.252.163 activate
neighbor 172.18.252.164 activate
neighbor 172.23.81.210 activate
neighbor 172.25.243.78 activate
exit-address-family
!
address-family ipv6 vrf RJIL-BEARER-ENB
redistribute connected
import path selection all
import path limit 4
exit-address-family
!
address-family ipv4 vrf RJIL-IME
import path selection all
import path limit 4
redistribute connected
exit-address-family
!
address-family ipv6 vrf RJIL-IME
redistribute connected
import path selection all
import path limit 4
exit-address-family
!
address-family ipv4 vrf RJIL-IP-MGMT
redistribute connected
exit-address-family
!
address-family ipv6 vrf RJIL-IP-MGMT
redistribute connected
exit-address-family
!
address-family ipv6 vrf RJIL-OAM-ENB
redistribute connected
import path selection all
import path limit 4
exit-address-family
!
address-family ipv6 vrf RJIL-SIGNALING-ENB
redistribute connected
import path selection all
import path limit 4
exit-address-family
!
address-family ipv4 vrf RJIL-WIFI-CISCO
import path selection all
import path limit 4
redistribute connected
exit-address-family
!
address-family ipv6 vrf RJIL-WIFI-CISCO
redistribute connected
import path selection all
 import path limit 4
exit-address-family
!
address-family ipv6 vrf SC-sw-mgmt
redistribute connected
import path selection all
import path limit 4
exit-address-family
!
ip forward-protocol nd
ip forward-protocol udp 5246
ip forward-protocol udp 5247
!
ip bgp-community new-format
ip ftp source-interface Loopback999
no ip http server
ip http authentication local
ip http secure-server
ip http secure-active-session-modules mylist
ip http timeout-policy idle 600 life 14400 requests 25
ip http session-module-list mylist IOX_Server,DISTRIB
ip tftp source-interface Loopback999
ip tacacs source-interface Loopback999
ip ssh time-out 60
ip ssh port 2222 rotary 35
ip ssh source-interface Loopback999
ip ssh version 2
ip ssh dscp 18
ip scp server enable
!
ip access-list standard MGMT-SNMP-IPv4
deny any
ip access-list standard MGMT-VTY-IPv4
deny any
ip access-list standard MPLS-LDP-IPv4
permit 172.16.32.0 0.0.31.255
permit 172.16.64.0 0.0.15.255
permit 172.22.0.0 0.1.255.255
permit 172.16.96.0 0.0.15.255
permit 172.26.128.0 0.0.63.255
permit 172.31.0.0 0.0.127.255
permit 172.25.128.0 0.0.127.255
permit 172.30.0.0 0.0.255.255
permit 172.16.0.0 0.15.255.255
ip access-list standard NTP-ACL
permit 172.16.105.208
permit 172.23.81.210
permit 172.23.81.209
permit 172.26.218.20
permit 172.26.218.21
permit 172.16.60.81
permit 172.16.60.82
!
ip access-list extended INFRA-iACL-IPv4-WiFi
remark Phase 1 a Anti-spoofing,Fragmentation,Attack Denies
remark Deny Fragments
deny tcp any 49.44.0.0 0.0.7.255 fragments
deny udp any 49.44.0.0 0.0.7.255 fragments
deny icmp any 49.44.0.0 0.0.7.255 fragments
 deny tcp any any eq 5900
remark Deny access to RJIL Infrastructure devices
deny ip any 49.44.0.0 0.0.7.255
remark Deny special-use address sources.
remark See RFC 3330 for additional special-use addresses.
deny ip host 0.0.0.0 any
deny ip any 0.0.0.0 0.255.255.255
deny ip 0.0.0.0 0.255.255.255 any
deny ip host 255.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip any 127.0.0.0 0.255.255.255
deny ip 169.254.0.0 0.0.255.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip any 192.0.2.0 0.0.0.255
deny ip 192.18.0.0 0.1.255.255 any
deny ip any 192.18.0.0 0.1.255.255
deny ip 192.0.0.0 0.0.0.255 any
deny ip any 192.0.0.0 0.0.0.255
deny ip 224.0.0.0 31.255.255.255 any
remark Deny RFC1918 space from entering AS
permit ip any 10.73.1.0 0.0.0.63
permit ip any 10.70.120.64 0.0.0.15
permit ip any 10.70.120.80 0.0.0.15
permit ip any 10.70.120.0 0.0.0.15
permit ip any host 172.16.92.209
permit ip any host 172.16.92.213
deny ip 192.168.0.0 0.0.255.255 any
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.16.0.0 0.15.255.255
deny ip any 192.168.0.0 0.0.255.255
remark See RFC5737
deny ip 198.51.100.0 0.0.0.255 any
deny ip any 198.51.100.0 0.0.0.255
deny ip 203.0.113.0 0.0.0.255 any
deny ip any 203.0.113.0 0.0.0.255
remark Deny RIL infrastructure space as a source of external packets
deny ip 49.44.0.0 0.0.7.255 any
remark Phase 2 a Explicit Permit
permit ip any any
ip access-list extended RJIL-PTP-SC-INFRA-iACL-IPv4
remark Phase 1 a Anti-spoofing,Fragmentation,Attack Denies
remark Deny Fragments
deny tcp any 49.44.0.0 0.0.15.255 fragments
deny udp any 49.44.0.0 0.0.15.255 fragments
deny icmp any 49.44.0.0 0.0.15.255 fragments
deny tcp any any eq 5900
remark Deny access to RJIL Infrastructure devices
deny ip any 49.44.0.0 0.0.15.255
remark Deny special-use address sources.
remark See RFC 3330 for additional special-use addresses.
deny ip host 0.0.0.0 any
deny ip 0.0.0.0 0.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip 192.18.0.0 0.1.255.255 any
deny ip 224.0.0.0 31.255.255.255 any
remark Deny RFC1918 space from entering AS
deny tcp any any eq telnet
 deny tcp any any eq 22
deny tcp any eq telnet any
deny tcp any eq 22 any
permit ip 172.21.200.0 0.0.0.255 any
permit ip any 172.21.200.0 0.0.0.255
permit ip 172.21.208.0 0.0.7.255 any
permit ip any 172.21.208.0 0.0.7.255
permit ip 172.29.0.0 0.0.127.255 any
permit ip any 172.29.0.0 0.0.127.255
permit ip 172.29.208.0 0.0.15.255 any
permit ip any 172.29.208.0 0.0.15.255
permit ip 172.29.224.0 0.0.31.255 any
permit ip any 172.29.224.0 0.0.31.255
deny ip 10.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.16.0.0 0.15.255.255
deny ip any 192.168.0.0 0.0.255.255
remark Deny RIL infrastructure space as a source of external packets
deny ip 49.44.0.0 0.0.15.255 any
!
ip sla responder twamp
timeout 2000
ip sla responder
ip sla server twamp
timer inactivity 1200
logging alarm informational
logging source-interface Loopback999 vrf RJIL-IP-MGMT
logging host 10.137.39.182
logging host 10.137.39.27
logging host 10.137.39.188
logging host ipv6 2405:200:A80:FD19:5DC:98E5:692C:2012 vrf RJIL-IP-MGMT
logging host ipv6 2405:200:816:651::30 vrf RJIL-IP-MGMT
ipv6 mld state-limit 25000
!
route-map RJIL-DROP-ALL deny 10
!
route-map CSR-COMM permit 10
set community 64600:133
!
route-map High-LP-RJIL-WIFI-CISCO permit 10
description # Priority for RJIL-WIFI-CISCO #
match ipv6 address High-LP-RJIL-WIFI-CISCO
set local-preference 200
!
route-map High-LP-RJIL-WIFI-CISCO permit 20
!
snmp-server community OnM4G@Ge0 RO ipv6 MGMT-SNMP-IPv6 MGMT-SNMP-IPv4
snmp-server community reliance RW ipv6 MGMT-SNMP-NCCM-IPv6 MGMT-SNMP-NCCM-IPv4
snmp-server trap-source Loopback999
snmp-server source-interface informs Loopback999
snmp-server queue-length 1000
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps isis
snmp-server enable traps ipsla
snmp-server enable traps memory bufferpeak
snmp-server enable traps fru-ctrl
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-
change inconsistency
snmp-server enable traps netsync
snmp-server enable traps aaa_server
snmp-server enable traps mpls rfc ldp
snmp-server enable traps mpls ldp
snmp-server enable traps alarms informational
snmp-server enable traps bulkstat collection transfer
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
snmp-server enable traps transceiver all
snmp-server enable traps mpls vpn
snmp-server enable traps mpls rfc vpn
snmp-server host 2405:200:806:2904:10:70:224:76 vrf RJIL-IP-MGMT version 2c
OnM4G@Ge0
snmp-server host 2405:200:806:2904:10:70:224:97 vrf RJIL-IP-MGMT version 2c
OnM4G@Ge0
snmp ifmib ifalias long
snmp ifmib ifindex persist
mpls ldp router-id Loopback0 force
!
tftp-server flash:network-confg
tftp-server flash:nip_ICHKICHKESR005.txt
tacacs server TACACS1
address ipv4 10.70.57.84
key 7 01210C0D542B535A791F18
tacacs server TACACS2
address ipv4 10.70.64.116
key 7 0036190F0B7B5E5357721A
!
!
!
ipv6 access-list High-LP-RJIL-WIFI-CISCO
permit ipv6 2405:200:139:B00:7:2:605:1200/120 any
permit ipv6 2405:200:80E:945:8000:0:25:8000/116 any
!
ipv6 access-list INFRA-iACL-IPv6-LTE
remark Phase 1 a anti-spoofing and Fragmentation Denies
remark Deny Fragments
deny ipv6 any 2405:200::/40 fragments
remark Permit RJIL ILL Customer
permit ipv6 2405:200::/40 any
permit ipv6 any 2405:200::/40
remark Deny access to RJIL Infrastructure devices
deny ipv6 any 2405:200:200::/40
remark Deny RIL infrastructure space as a source of external packets
deny ipv6 2405:200:200::/40 any
remark Deny special-use address sources Refer RFC6890
deny ipv6 ::/8 any
deny ipv6 FEC0::/10 any
deny ipv6 FC00::/7 any
deny ipv6 FF00::/8 any
deny ipv6 any 2001:10::/28
 deny ipv6 2001:10::/28 any
deny ipv6 any 2001:DB8::/32
deny ipv6 2001:DB8::/32 any
permit ipv6 any 2001:2::/48
permit ipv6 any 2001::/32
deny ipv6 any 2001::/23
deny ipv6 2001::/23 any
remark deny false 6to4 packets
deny ipv6 2002:E000::/20 any
deny ipv6 2002:7F00::/24 any
deny ipv6 2002::/24 any
deny ipv6 2002:FF00::/24 any
deny ipv6 2002:A00::/24 any
deny ipv6 2002:AC10::/28 any
deny ipv6 2002:C0A8::/32 any
deny ipv6 host :: any
remark deny loopback address
deny ipv6 host ::1 any
deny ipv6 host 1:: any
remark deny ipv4-compatible addresses
deny ipv6 ::/96 any
remark ipv4 mapped adresses - obsoleted
deny ipv6 ::FFFF:0.0.0.0/96 any
remark deny auto tunneled packets with/compatible
remark deny other compatible addresses
deny ipv6 ::224.0.0.0/100 any
deny ipv6 ::127.0.0.0/104 any
deny ipv6 ::/104 any
deny ipv6 ::255.0.0.0/104 any
remark deny 6bone addresses - depreciated
deny ipv6 3FFE::/16 any
remark Phase 2 a explicit Permit
permit ipv6 any any
remark Deny special-use address sources.
remark Deny RJIL Infrastructure device as a source of external packets
deny ipv6 any 2405:200::/32 fragments
deny ipv6 any 2405:200::/32
deny ipv6 2405:200::/32 any
!
ipv6 access-list MCAST-BDR-IPv6
permit ipv6 any FF30::/12
!
ipv6 access-list MGMT-SNMP-IPv6
permit ipv6 host 2405:200:A10:FC00:10:137:8:54 any
permit ipv6 host 2405:200:A10:FC00:10:137:8:248 any
permit ipv6 host 2405:200:A10:FC00:10:137:8:52 any
permit ipv6 host 2405:200:A10:FC00:10:137:8:251 any
permit ipv6 host 2405:200:A10:FF0C:20C:29FF:FEB1:CCE8 any
permit ipv6 host 2405:200:A10:FC09:10:137:1:201 any
permit ipv6 host 2405:200:A10:FC09:10:137:1:203 any
permit ipv6 host 2405:200:A10:FCBA:10:137:128:94 any
permit ipv6 host 2405:200:A10:FCB1:10:137:40:247 any
permit ipv6 host 2405:200:A10:FC04:10:137:52:80 any
permit ipv6 host 2405:200:A10:FC04:10:137:52:97 any
permit ipv6 host 2405:200:A10:FC04:10:137:52:98 any
permit ipv6 host 2405:200:A10:FCC7:10:137:78:110 any
permit ipv6 host 2405:200:A10:FCC7:10:137:78:130 any
permit ipv6 host 2405:200:A10:FC04:10:137:78:132 any
permit ipv6 host 2405:200:A10:FC04:10:137:78:131 any
 permit ipv6 host 2405:200:A10:FCC7:10:137:78:133 any
permit ipv6 host 2405:200:A10:FCC7:10:137:78:134 any
permit ipv6 host 2405:200:A10:FC04:10:137:52:99 any
permit ipv6 host 2405:200:A10:FC04:10:137:52:100 any
permit ipv6 host 2405:200:A10:FCC7:10:137:78:116 any
permit ipv6 host 2405:200:A10:FCC7:10:137:78:115 any
permit ipv6 host 2405:200:A10:FCC7:10:137:78:117 any
permit ipv6 host 2405:200:A10:FC04:10:137:78:118 any
permit ipv6 host 2405:200:A10:FCC7:10:137:78:119 any
permit ipv6 host 2405:200:A10:FCC7:10:137:78:120 any
permit ipv6 2405:200:A10:FCB0::/64 any
permit ipv6 2405:200:A10:FCB1::/64 any
permit ipv6 2405:200:A60:FDC0::/64 any
permit ipv6 2405:200:A10:FC00::/64 any
permit ipv6 2405:200:A10:FC04::/64 any
permit ipv6 2405:200:A10:FC09::/64 any
permit ipv6 2405:200:A10:FCBA::/64 any
permit ipv6 2405:200:A10:FCC7::/64 any
permit ipv6 2405:200:80A:2904::/64 any
permit ipv6 2405:200:806:2904::/64 any
permit ipv6 2405:200:A10:FCC0::/64 any
permit ipv6 2405:200:A10:FCC4::/64 any
permit ipv6 2405:200:800::/44 any
permit ipv6 2405:200:855:2575::/64 any
permit ipv6 2405:200:A80:FD19:5DC:98E5:692C:0/112 any
permit ipv6 2405:200:A70:F018:10:147:136:0/112 any
!
ipv6 access-list MGMT-VTY-IPv6
permit ipv6 2405:200:A10:FCB0::/64 any
permit ipv6 2405:200:A10:FCB1::/64 any
permit ipv6 2405:200:A60:FDC0::/64 any
permit ipv6 2405:200:A10:FC80::/64 any
permit ipv6 2405:200:A60:F0F0::/60 any
permit ipv6 2405:200:A10:FCC4::/64 any
permit ipv6 2405:200:A10:FCC0::/64 any
permit ipv6 2405:200:802:679::/64 any
permit ipv6 2405:200:804:651::/64 any
permit ipv6 2405:200:806:651::/64 any
permit ipv6 2405:200:808:651::/64 any
permit ipv6 2405:200:100::/40 any
permit ipv6 2405:200:A10:FCC7::/64 any
permit ipv6 2405:200:80A:2904::/64 any
permit ipv6 2405:200:806:2904::/64 any
permit ipv6 2405:200:800::/44 any
permit ipv6 2405:200:855:2575::/64 any
permit ipv6 2405:200:A80:FD19:5DC:98E5:692C:0/112 any
permit ipv6 2405:200:A70:F018:10:147:136:0/112 any
!
ipv6 access-list NTP-ACL-IPv6
permit ipv6 2405:200:139:B00:7:2:888:1200/120 any
permit ipv6 2405:200:1839:890::7:CD00/120 any
!
ipv6 access-list RJIL-PTP-SC-INFRA-iACL-IPv6
remark Deny IPv6 Access
deny ipv6 any any
!
ipv6 access-list RJIL-SC-INFRA-iACL-IPv6
remark Phase 1 a anti-spoofing and Fragmentation Denies
remark Deny Fragments
 deny ipv6 any 2405:200::/40 fragments
remark Permit RJIL Small Cell
permit ipv6 2405:200:100::/40 any
permit ipv6 any 2405:200:100::/40
remark Deny access to RJIL Infrastructure devices
deny ipv6 any 2405:200:200::/40
remark Deny RIL infrastructure space as a source of external packets
deny ipv6 2405:200:200::/40 any
remark Deny special-use address sources Refer RFC6890
deny ipv6 ::/8 any
deny ipv6 FEC0::/10 any
deny ipv6 FC00::/7 any
deny ipv6 FF00::/8 any
deny ipv6 any 2001:10::/28
deny ipv6 2001:10::/28 any
deny ipv6 any 2001:DB8::/32
deny ipv6 2001:DB8::/32 any
permit ipv6 any 2001:2::/48
permit ipv6 any 2001::/32
deny ipv6 any 2001::/23
deny ipv6 2001::/23 any
remark deny false 6to4 packets
deny ipv6 2002:E000::/20 any
deny ipv6 2002:7F00::/24 any
deny ipv6 2002::/24 any
deny ipv6 2002:FF00::/24 any
deny ipv6 2002:A00::/24 any
deny ipv6 2002:AC10::/28 any
deny ipv6 2002:C0A8::/32 any
deny ipv6 host :: any
remark deny loopback address
deny ipv6 host ::1 any
deny ipv6 host 1:: any
remark deny ipv4-compatible addresses
deny ipv6 ::/96 any
remark ipv4 mapped adresses - obsoleted
deny ipv6 ::FFFF:0.0.0.0/96 any
remark deny other compatible addresses
deny ipv6 ::224.0.0.0/100 any
deny ipv6 ::127.0.0.0/104 any
deny ipv6 ::/104 any
deny ipv6 ::255.0.0.0/104 any
remark deny 6bone addresses - depreciated
deny ipv6 3FFE::/16 any
remark Phase 2 a explicit Permit
permit ipv6 any any
!
control-plane
!
privilege exec level 10 show running-config view full
privilege exec level 10 show running-config view
privilege exec level 10 show running-config
privilege exec all level 10 show
banner login ^C
-------------------------------------------------------------------------
UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
You must have explicit, authorized permission to access or configure this
device.
Unauthorized attempts and actions to access or use this system may result
in civil and/or criminal penalties.
All activities performed on this device are logged and monitored.
GCTv20.6
NE-ID INBRICHKICHKTW6001ENBESR001
SAP-ID I-BR-ICHK-ENB-6002
FAC-ID INBRICHKICHKTW6001
HostName ICHKICHKESR001
-------------------------------------------------------------------------
^C
banner motd ^C
-------------------------------------------------------------------------
UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
You must have explicit, authorized permission to access or configure this
device.
Unauthorized attempts and actions to access or use this system may result
in civil and/or criminal penalties.
All activities performed on this device are logged and monitored.
GCTv20.7
NE-ID INBRICHKICHKTW6001ENBESR001
SAP-ID I-BR-ICHK-ENB-6002
FAC-ID INBRICHKICHKTW6001
HostName ICHKICHKESR001
-------------------------------------------------------------------------
^C
alias exec show-running-config show running-config view full
!
line con 0
exec-timeout 5 0
privilege level 15
authorization commands 15 AAA-VTY-ACS
logging synchronous
login authentication AAA-CONSOLE-LOCAL
transport output none
stopbits 1
line aux 0
exec-timeout 0 1
no exec
transport preferred none
transport output none
stopbits 1
line vty 0 4
access-class MGMT-VTY-IPv4 in
access-class MGMT-VTY-IPv4 in vrfname RJIL-IP-MGMT
exec-timeout 5 0
privilege level 15
ipv6 access-class MGMT-VTY-IPv6 in
ipv6 access-class MGMT-VTY-IPv6 in vrfname RJIL-IP-MGMT
authorization commands 15 AAA-VTY-ACS
accounting commands 15 AAA-VTY-ACS
logging synchronous
login authentication AAA-VTY-ACS
transport preferred none
transport input ssh
transport output all
line vty 5 9
access-class MGMT-VTY-IPv4 in
access-class MGMT-VTY-IPv4 in vrfname RJIL-IP-MGMT
exec-timeout 5 0
privilege level 15
 ipv6 access-class MGMT-VTY-IPv6 in
ipv6 access-class MGMT-VTY-IPv6 in vrfname RJIL-IP-MGMT
authorization commands 15 AAA-VTY-ACS
logging synchronous
login authentication AAA-VTY-ACS
transport preferred none
transport input ssh
transport output ssh
line vty 10 20
no exec
line vty 21 25
access-class MGMT-VTY-IPv4 in
access-class MGMT-VTY-IPv4 in vrfname RJIL-IP-MGMT
exec-timeout 5 0
privilege level 10
ipv6 access-class MGMT-VTY-IPv6 in
ipv6 access-class MGMT-VTY-IPv6 in vrfname RJIL-IP-MGMT
logging synchronous
login authentication AAA-LOCAL
rotary 35
transport preferred none
transport input ssh
transport output ssh
!
exception crashinfo file bootflash:crashinfo1
exception crashinfo buffersize 256
ztp disable
network-clock synchronization automatic
network-clock synchronization mode QL-enabled
network-clock input-source 1 interface GigabitEthernet0/0/6
esmc process
ntp authentication-key 1 md5 0036190F0B7B25121F 7
ntp authenticate
ntp trusted-key 1
ntp source Loopback999
ntp access-group peer NTP-ACL
ntp access-group ipv6 peer NTP-ACL-IPv6
ntp master 5
ntp server vrf RJIL-IP-MGMT 172.16.105.208 key 1
ntp server vrf RJIL-IP-MGMT 172.16.60.81 key 1 prefer
ntp server vrf RJIL-IP-MGMT 172.16.60.82 key 1
ntp server vrf RJIL-IP-MGMT 172.26.218.20 key 1 prefer
ntp server vrf RJIL-IP-MGMT 172.26.218.21 key 1
!
ptp clock boundary domain 0 hybrid
output 1pps R0
clock-port CSR_slave slave
transport ipv4 unicast interface Lo200 negotiation
clock source 172.23.81.209
clock-port CSR_master master
transport ipv4 unicast interface Lo201 negotiation
!
line vty 0 4
no access-class MGMT-VTY-IPv4 in vrf-also
exec-timeout 5 0
privilege level 15
no ipv6 access-class MGMT-VTY-IPv6 in
!
event manager policy Mandatory.dualrate_eem_policy.tcl type system authorization
bypass
!
end