Cisco MPLS MVPN

From W9CR
Revision as of 23:38, 17 July 2025 by Bryan (talk | contribs) (Created page with "This is a spin off and simplification of the design attempted of Rosen VPN in the DMVPN Service Provider page. = Goals = [X] - functional [-] - testing, but not worki...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

This is a spin off and simplification of the design attempted of Rosen VPN in the DMVPN Service Provider page.

Goals

[X] - functional
[-] - testing, but not working
[ ] - to be worked on

[-] Gi4 dedicated links the the ORD core, no multipoint GRE for testing
[X] LDP label distribution
[X] mLDP for multicast LDP
[X] iBGP between all nodes
[-] Replication on the core
[X] Multicast free core
[-] CUST-00000 VRF - anycast RP at each PE 
[-] CUST-00000 VRF - BGP signaling in place of RP
[X] L3VPN over via iBGP 
[X] MVPN Profile 12 mLDP in the core using only P2MP trees
     - Replication on core, no need to configure default tree
[ ] DMVPN via the hub, no site to site traffic
     mLDP is supported via it, should work

Diagram

mVPN Network

Note that the Tun 11 and Tun41 & Tun42 are shutdown and not in testing. Need to get this working directly first, then try over GRE and finally multipoint GRE.

Design

The basic design is:

Core/P - ORD - c8000v router running IOS-XE 
   OSPF for IGP
   iBGP used for routing VPN only, from loop backs
   LDP to distribute labels for MPLS
   global table is the underlay only (100.64.0.0/10)
   FRONT-DOOR vrf for tunnels to the internet
   MGMT-VRF for management 
   CUST-00000 - L3 VPN w/multicast (192.168.0.0/16)

Edge CE/PE - LAX & JFK - c8000v routers running IOS-XE
   OSPF for IGP
   iBGP used for routing VPN only, from loop backs
   iBGP sessions to each RR
   Loop 100000 - CUST-00000 - 192.168.255.50/32 for RP 
   Gi1 - MGMT - 100.120.255.128/27 - rouetable from nms jump box
   Gi2 - FRONT-DOOR, shutdown
   Gi4 - Global - Connection to ORD core - 100.23.128
   Gi3 - CUST-00000 - Connection to Linux test VM's LAX-VM & ORD-VM
         - 226.0.0.30 and 226.0.0.20 on this interface for LAX and JFK respectively
   Tun 11 - DMVPN, shutdown
   Tun 41 & 42 - GRE to the core, shutdown
   CUST-00000 - L3 VPN w/multicast (192.168.0.0/16)
   global table is the DMVPN underlay only
   All traffic routes via the core, no edge to edge breakout

problems

Currently when there is no mroute in the VRF and ping sent from JFK to LAX, the first ping drops while BGP routes setup. Second ping is replied to and third and subsequent pings drop. What is strange here is if I don't say the source interface in the ping command it will source the ping from loop0 on the router, whcih is in the global table, not in the VRF, but the labels are correct. This is simalear to the issue I saw while trying to do profile 0/ Rosen. 

JFK#ping vrf CUST-00000 226.0.0.30  source gigabitEthernet 3
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 226.0.0.30, timeout is 2 seconds:
Packet sent with a source address of 192.168.20.1
.

JFK#ping vrf CUST-00000 226.0.0.30  source gigabitEthernet 3
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 226.0.0.30, timeout is 2 seconds:
Packet sent with a source address of 192.168.20.1

Reply to request 0 from 192.168.30.1, 34 ms

JFK#ping vrf CUST-00000 226.0.0.30  source gigabitEthernet 3
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 226.0.0.30, timeout is 2 seconds:
Packet sent with a source address of 192.168.20.1
.

JFK#ping vrf CUST-00000 226.0.0.30  source gigabitEthernet 3
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 226.0.0.30, timeout is 2 seconds:
Packet sent with a source address of 192.168.20.1

Logs during this ping

Jul 18 04:17:47.190: MFIBv4(0x1): Receive (192.168.20.1,238.10.11.24) from GigabitEthernet3 (PS): hlen 5 prot 1 len 100 ttl 254 frag 0x0
Jul 18 04:17:47.190: MFIBv4(0x1): Receive (192.168.20.1,238.10.11.24) from Loopback100000 (PS): hlen 5 prot 1 len 100 ttl 254 frag 0x0
Jul 18 04:17:47.190: MFIBv4(0x1): Receive (192.168.20.1,238.10.11.24) from Lspvif0 (PS): hlen 5 prot 1 len 100 ttl 254 frag 0x0
Jul 18 04:17:47.192: MFIBv4(0x1): DDE flush start
Jul 18 04:17:47.196: MFIBv4(0x1): (192.168.20.1,238.10.11.24) GigabitEthernet3 MRIB sent SP update with DDE
Jul 18 04:17:47.196: MFIBv4(0x1): DDE flush end
Jul 18 04:17:47.197: MFIBv4(0x1): Update: Clear IGNORE_VRF flag maf:IPv4, (192.168.20.1,238.10.11.24)
Jul 18 04:17:47.197: MFIBv4(0x1): (192.168.20.1,238.10.11.24) MRIB update[3]:  K DDE (Modified:  K DDE)
Jul 18 04:17:47.197: MFIBv4(0x1): Found existing ioitem 0x7AF57DC8FFE0 and wire GigabitEthernet3

Jul 18 04:17:47.197: MFIBv4(0x1): (192.168.20.1,238.10.11.24) GigabitEthernet3 MRIB Not setting MA flag delayed  )
Jul 18 04:17:47.197: MFIBv4(0x1): (192.168.20.1,238.10.11.24) GigabitEthernet3 MRIB update:  RA A (Modified:  RA NS RSP) epoch:0
Jul 18 04:17:47.197: MFIBv4(0x1): Added creator for MRIB IOITEM ATTR set
Jul 18 04:17:47.197: MFIBv4(0x1): New IOitem create success
Jul 18 04:17:47.197: MFIBv4(0x1): (192.168.20.1,238.10.11.24) Tunnel1 MRIB update:  (Modified:  RA) epoch:0
Jul 18 04:17:47.197: MFIBv4(0x1): Removed creator for MRIB IOITEM ATTR clear
Jul 18 04:17:47.197: MFIBv4(0x1): New IOitem create success
Jul 18 04:17:47.197: MFIBv4(0x1): (192.168.20.1,238.10.11.24) Tunnel0 MRIB update:  RF F (Modified:  RF) epoch:0
Jul 18 04:17:47.197: MFIBv4(0x1): Added creator for MRIB IOITEM ATTR set
Jul 18 04:17:47.218: MFIBv4(0x1): Update: Clear IGNORE_VRF flag maf:IPv4, (192.168.20.1,238.10.11.24)
Jul 18 04:17:47.218: MFIBv4(0x1): (192.168.20.1,238.10.11.24) MRIB update[1]:  K DDE (Modified: )
Jul 18 04:17:47.218: MFIBv4(0x1): Found existing ioitem 0x7AF57DC8FD70 and wire Tunnel0

Jul 18 04:17:47.218: MFIBv4(0x1): (192.168.20.1,238.10.11.24) Tunnel0 MRIB update:  (Modified:  RF) epoch:0
Jul 18 04:17:47.218: MFIBv4(0x1): Removed creator for MRIB IOITEM ATTR clear
JFK#
JFK#
JFK#
JFK#
JFK#
JFK#
JFK#
JFK#
Jul 18 04:17:53.600: MFIBv4(0x1): Receive (192.168.20.1,238.10.11.24) from Loopback100000 (PS): hlen 5 prot 1 len 100 ttl 254 frag 0x0
Jul 18 04:17:57.988: MFIBv4(0x1): Receive (192.168.20.1,238.10.11.24) from Loopback100000 (PS): hlen 5 prot 1 len 100 ttl 254 frag 0x0
Jul 18 04:18:18.240: MFIBv4(0x1): Receive (192.168.20.1,226.0.0.30) from GigabitEthernet3 (PS): hlen 5 prot 1 len 100 ttl 254 frag 0x0
Jul 18 04:18:18.240: MFIBv4(0x1): Receive (192.168.20.1,226.0.0.30) from Loopback100000 (PS): hlen 5 prot 1 len 100 ttl 254 frag 0x0
Jul 18 04:18:18.241: MFIBv4(0x1): Receive (192.168.20.1,226.0.0.30) from Lspvif0 (PS): hlen 5 prot 1 len 100 ttl 254 frag 0x0
Jul 18 04:18:18.249: MFIBv4(0x1): DDE flush start
Jul 18 04:18:18.251: MFIBv4(0x1): (192.168.20.1,226.0.0.30) GigabitEthernet3 MRIB sent SP update with DDE
Jul 18 04:18:18.251: MFIBv4(0x1): DDE flush end
Jul 18 04:18:18.251: MFIBv4(0x1): Update: Clear IGNORE_VRF flag maf:IPv4, (192.168.20.1,226.0.0.30)
Jul 18 04:18:18.251: MFIBv4(0x1): (192.168.20.1,226.0.0.30) MRIB update[1]:  DDE (Modified:  DDE)
Jul 18 04:18:18.251: MFIBv4(0x1): Found existing ioitem 0x7AF57DC8FD70 and wire GigabitEthernet3

Jul 18 04:18:18.251: MFIBv4(0x1): (192.168.20.1,226.0.0.30) GigabitEthernet3 MRIB update:  RSP (Modified:  RSP) epoch:0
Jul 18 04:18:18.252: MFIBv4(0x1): Added creator for MRIB IOITEM ATTR set
Jul 18 04:18:18.252: MFIBv4(0x1): Update: Clear IGNORE_VRF flag maf:IPv4, (*,226.0.0.30)
Jul 18 04:18:18.252: MFIBv4(0x1): (*,226.0.0.30) MRIB update[1]:  C K (Modified:  C K)
Jul 18 04:18:18.252: MFIBv4(0x1): New IOitem create success
Jul 18 04:18:18.252: MFIBv4(0x1): (*,226.0.0.30) Tunnel1 MRIB update:  RA A MA (Modified:  RA) epoch:0
Jul 18 04:18:18.252: MFIBv4(0x1): Added creator for MRIB IOITEM ATTR set
Jul 18 04:18:18.253: MFIBv4(0x1): Update: Clear IGNORE_VRF flag maf:IPv4, (192.168.20.1,226.0.0.30)
Jul 18 04:18:18.253: MFIBv4(0x1): (192.168.20.1,226.0.0.30) MRIB update[3]:  K DDE (Modified:  K)
Jul 18 04:18:18.253: MFIBv4(0x1): Found existing ioitem 0x7AF57DC8FD70 and wire GigabitEthernet3

Jul 18 04:18:18.253: MFIBv4(0x1): (192.168.20.1,226.0.0.30) GigabitEthernet3 MRIB Not setting MA flag delayed  )
Jul 18 04:18:18.253: MFIBv4(0x1): (192.168.20.1,226.0.0.30) GigabitEthernet3 MRIB update:  RA A (Modified:  RA NS RSP) epoch:0
Jul 18 04:18:18.253: MFIBv4(0x1): Added creator for MRIB IOITEM ATTR set
Jul 18 04:18:18.253: MFIBv4(0x1): New IOitem create success
Jul 18 04:18:18.253: MFIBv4(0x1): (192.168.20.1,226.0.0.30) Tunnel1 MRIB update:  (Modified:  RA) epoch:0
Jul 18 04:18:18.253: MFIBv4(0x1): Removed creator for MRIB IOITEM ATTR clear
Jul 18 04:18:18.253: MFIBv4(0x1): New IOitem create success
Jul 18 04:18:18.253: MFIBv4(0x1): (192.168.20.1,226.0.0.30) Tunnel0 MRIB update:  RF F (Modified:  RF) epoch:0
Jul 18 04:18:18.253: MFIBv4(0x1): Added creator for MRIB IOITEM ATTR set
Jul 18 04:18:18.276: MFIBv4(0x1): Update: Clear IGNORE_VRF flag maf:IPv4, (192.168.20.1,226.0.0.30)
Jul 18 04:18:18.276: MFIBv4(0x1): (192.168.20.1,226.0.0.30) MRIB update[1]:  K DDE (Modified: )
Jul 18 04:18:18.276: MFIBv4(0x1): Found existing ioitem 0x7AF57DC90180 and wire Tunnel0

Jul 18 04:18:18.276: MFIBv4(0x1): (192.168.20.1,226.0.0.30) Tunnel0 MRIB update:  (Modified:  RF) epoch:0
Jul 18 04:18:18.276: MFIBv4(0x1): Removed creator for MRIB IOITEM ATTR clear
Jul 18 04:18:18.282: MFIBv4(0x1): Update: Clear IGNORE_VRF flag maf:IPv4, (192.168.20.1,226.0.0.30)
Jul 18 04:18:18.282: MFIBv4(0x1): (192.168.20.1,226.0.0.30) MRIB update[1]:  K DDE (Modified: )
Jul 18 04:18:18.282: MFIBv4(0x1): New IOitem create success
Jul 18 04:18:18.282: MFIBv4(0x1): (192.168.20.1,226.0.0.30) Lspvif0, LSM/1 MRIB update:  RF F (Modified:  RF) epoch:0
Jul 18 04:18:18.282: MFIBv4(0x1): Added creator for MRIB IOITEM ATTR set
JFK#
JFK#
JFK#
JFK#
JFK#
JFK#
JFK#
Jul 18 04:18:24.115: MFIBv4(0x1): Receive (192.168.20.1,226.0.0.30) from Loopback100000 (PS): hlen 5 prot 1 len 100 ttl 254 frag 0x0
JFK#
JFK#
JFK#
JFK#
JFK#
JFK#
JFK#
Jul 18 04:18:30.782: MFIBv4(0x1): Receive (192.168.20.1,226.0.0.30) from Loopback100000 (PS): hlen 5 prot 1 len 100 ttl 254 frag 0x0
Jul 18 04:18:33.845: MFIBv4(0x1): Receive (192.168.20.1,226.0.0.30) from Loopback100000 (PS): hlen 5 prot 1 len 100 ttl 254 frag 0x0


configs

ORD P

Current configuration : 9393 bytes
!
! Last configuration change at 20:47:40 UTC Thu Jul 17 2025 by bryan
!
version 17.12
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform sslvpn use-pd
platform console serial
!
hostname ORD
!
boot-start-marker
boot system bootflash:c8000v-universalk9.17.12.04a.SPA.bin
boot-end-marker
!
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login vpnclient local
aaa authorization console
aaa authorization config-commands
aaa authorization exec default local
aaa authorization network localgroups local
!
!
aaa session-id common
no process cpu autoprofile hog
!
!
!
!
!
!
ip vrf FRONT-DOOR
 description Front-Door VRF only for public
 rd 62000:1
!
ip vrf MGMT
 description MGMT only
 rd 62000:10
!
ip multicast-routing distributed
!
!
!
!
!
!
no ip domain lookup
ip domain name keekles.org
!
!
!
login on-failure log
login on-success log
!
!
subscriber templating
vtp version 1
!
!
!
!
!
!
no mpls ip propagate-ttl
mpls ip default-route
mpls ldp advertise-labels interface Tunnel11
mpls ldp advertise-labels interface GigabitEthernet4
mpls ldp advertise-labels interface GigabitEthernet5
mpls mldp logging notifications
multilink bundle-name authenticated
!
!
!
!
!
!
pae
!
!
crypto pki trustpoint SLA-TrustPoint
 enrollment pkcs12
 revocation-check crl
 hash sha256
!
!
crypto pki certificate chain SLA-TrustPoint
 certificate ca 01
  30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
  32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
  6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
  3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
  43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
  526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
  82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
  CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
  1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
  4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
  7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
  68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
  C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
  C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
  DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
  06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
  4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
  03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
  604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
  D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
  467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
  7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
  5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
  80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
  418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
  D697DF7F 28
  	quit
!
!
!
!
!
!
!
!
!
license udi pid CSR1000V sn 9DA7UOW2L7W
license boot level ax
archive
 log config
  record rc
  logging enable
  logging size 400
 path bootflash:archive/
 maximum 14
 time-period 5
memory free low-watermark processor 71477
diagnostic bootup level minimal
!
!
spanning-tree extend system-id
!
!
!
username bryan privilege 15 secret 9 $14$e.nq$vYwHNMTuCPO2EE$hwV5ScaF5wM5rF.4Vg4bfySR6JokA/1Uk4bGcmtQ4Lk
!
redundancy
!
!
!
!
!
cdp run
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 description Loopback
 ip address 100.120.0.10 255.255.255.255
 mpls ldp discovery transport-address interface
!
interface Tunnel11
 description DMVPN TUNNEL
 ip address 100.122.0.10 255.255.192.0
 no ip redirects
 ip mtu 1400
 ip nhrp authentication NOI-KEY
 ip nhrp network-id 11
 ip tcp adjust-mss 1360
 ip ospf network point-to-multipoint
 shutdown
 cdp enable
 mpls ip
 mpls nhrp
 mpls bgp forwarding
 llp nhrp map multicast dynamic
 tunnel source GigabitEthernet2
 tunnel mode gre multipoint
 tunnel key 11
 tunnel vrf FRONT-DOOR
!
interface Tunnel41
 ip address 100.123.128.253 255.255.255.252
 no ip redirects
 ip mtu 1400
 ip ospf network point-to-point
 shutdown
 cdp enable
 mpls ip
 tunnel source GigabitEthernet2
 tunnel destination 199.47.174.158
 tunnel key 41
 tunnel vrf FRONT-DOOR
!
interface Tunnel42
 ip address 100.123.128.249 255.255.255.252
 no ip redirects
 ip mtu 1400
 ip ospf network point-to-point
 shutdown
 cdp enable
 mpls ip
 tunnel source GigabitEthernet2
 tunnel destination 44.98.254.141
 tunnel key 42
 tunnel vrf FRONT-DOOR
!
interface GigabitEthernet1
 ip vrf forwarding MGMT
 ip address 100.120.255.144 255.255.255.224
 negotiation auto
 vrrp 12 description VRRP-FOR-NMS
 no mop enabled
 no mop sysid
!
interface GigabitEthernet2
 ip vrf forwarding FRONT-DOOR
 ip address 23.149.104.27 255.255.255.224
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet3
 no ip address
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet4
 ip address 100.123.128.245 255.255.255.252
 no ip redirects
 ip mtu 1400
 ip ospf network point-to-point
 negotiation auto
 cdp enable
 mpls ip
 no mop enabled
 no mop sysid
!
interface GigabitEthernet5
 ip address 100.123.128.241 255.255.255.252
 no ip redirects
 ip mtu 1400
 ip ospf network point-to-point
 negotiation auto
 cdp enable
 mpls ip
 no mop enabled
 no mop sysid
!
router ospf 1
 network 100.120.0.0 0.3.255.255 area 0
!
router bgp 64512
 bgp router-id interface Loopback0
 bgp log-neighbor-changes
 bgp listen range 100.120.255.0/30 peer-group HUB
 bgp listen range 100.120.0.0/14 peer-group SPOKES
 neighbor SPOKES peer-group
 neighbor SPOKES remote-as 64512
 neighbor SPOKES ebgp-multihop 255
 neighbor SPOKES transport connection-mode passive
 neighbor SPOKES update-source Loopback0
 neighbor HUB peer-group
 neighbor HUB remote-as 64512
 !
 address-family ipv4
  network 0.0.0.0
  redistribute connected
  redistribute static
  neighbor SPOKES activate
  neighbor SPOKES send-community both
  neighbor SPOKES route-reflector-client
  neighbor SPOKES next-hop-self all
  neighbor SPOKES soft-reconfiguration inbound
  neighbor HUB activate
  neighbor HUB send-community both
  neighbor HUB next-hop-self
  neighbor HUB soft-reconfiguration inbound
 exit-address-family
 !
 address-family ipv4 mvpn
  neighbor SPOKES activate
  neighbor SPOKES send-community both
  neighbor SPOKES route-reflector-client
 exit-address-family
 !
 address-family vpnv4
  neighbor SPOKES activate
  neighbor SPOKES send-community both
  neighbor SPOKES route-reflector-client
  neighbor SPOKES next-hop-self all
  neighbor HUB activate
  neighbor HUB send-community both
 exit-address-family
!
!
virtual-service csr_mgmt
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip http client source-interface GigabitEthernet1
ip route vrf FRONT-DOOR 0.0.0.0 0.0.0.0 23.149.104.1
ip route vrf MGMT 0.0.0.0 0.0.0.0 100.120.255.132
ip ssh bulk-mode 131072
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh pubkey-chain
  username bryan
   key-hash ssh-rsa FD61A6D6FFD817666D6E420C5E7029CB
   key-hash ssh-ed25519 286A947512A7C2CB9B1E0FAF2D61998B bryan@bryanfields.net
!
!
ip access-list standard VTY
 10 permit 192.168.0.0 0.0.255.255
 20 permit 100.64.0.0 0.63.255.255
 30 permit 44.98.0.0 0.0.255.255
 40 permit 199.47.174.0 0.0.0.255
 50 permit 23.149.104.0 0.0.0.255
 60 permit 100.120.255.128 0.0.0.7
ip access-list standard snmp-acl
 10 permit 100.120.255.128 0.0.0.7
!
ip access-list standard 10
 10 permit 224.0.0.0 15.255.255.255
!
mpls ldp router-id Loopback0
snmp-server group radio v3 priv access snmp-acl
snmp-server trap-source Loopback0
snmp-server source-interface informs Loopback0
snmp ifmib ifindex persist
!
!
!
!
!
control-plane
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
line con 0
 stopbits 1
line aux 0
line vty 0
 access-class VTY in vrf-also
 exec-timeout 180 0
 transport input ssh
line vty 1
 access-class VTY in vrf-also
 exec-timeout 180 0
 length 0
 transport input ssh
line vty 2 4
 access-class VTY in vrf-also
 exec-timeout 180 0
 transport input ssh
line vty 5 15
 access-class VTY in vrf-also
 exec-timeout 180 0
 transport input ssh
line vty 16 97
 access-class VTY in vrf-also
 transport input ssh
!
call-home
 ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
 ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
 contact-email-addr sch-smart-licensing@cisco.com
 profile "CiscoTAC-1"
  active
  destination transport-method http
ntp logging
ntp source GigabitEthernet1
ntp server vrf FRONT-DOOR 45.79.214.107
ntp server vrf FRONT-DOOR 138.236.128.36
ntp server vrf FRONT-DOOR 50.205.57.38
ntp server vrf FRONT-DOOR 144.202.41.38
!
!
!
!
!
!
end

LAX CE/PE

LAX#sh run
Building configuration...

Current configuration : 9406 bytes
!
! Last configuration change at 02:47:18 UTC Fri Jul 18 2025 by bryan
! NVRAM config last updated at 02:24:10 UTC Fri Jul 18 2025 by bryan
!
version 17.12
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform sslvpn use-pd
platform console serial
!
hostname LAX
!
boot-start-marker
boot system bootflash:c8000v-universalk9.17.12.05a.SPA.bin
boot-end-marker
!
!
vrf definition CUST-00000
 description Customer 00000 - Mvpn for DAMM radios
 rd 64512:100000
 vpn id 64512:100000
 route-target export 64512:100000
 route-target import 64512:100000
 !
 address-family ipv4
  mdt auto-discovery mldp
  mdt default mpls mldp p2mp
  mdt overlay use-bgp spt-only
 exit-address-family
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login vpnclient local
aaa authorization console
aaa authorization config-commands
aaa authorization exec default local
aaa authorization network localgroups local
!
!
aaa session-id common
no process cpu autoprofile hog
!
!
!
!
!
!
ip vrf FRONT-DOOR
 description Front-Door VRF only for public
 rd 62000:1
!
ip vrf MGMT
 description MGMT only
 rd 62000:10
!
ip multicast-routing distributed
ip multicast-routing vrf CUST-00000 distributed
ip multicast mpls mldp
!
!
!
!
!
!
no ip domain lookup
ip domain name keekles.org
!
!
!
login on-failure log
login on-success log
!
!
subscriber templating
!
!
!
!
!
!
no mpls ip propagate-ttl
mpls ldp advertise-labels interface Tunnel11
mpls ldp advertise-labels interface GigabitEthernet4
mpls mldp logging notifications
multilink bundle-name authenticated
!
!
!
!
!
!
pae
!
!
crypto pki trustpoint SLA-TrustPoint
 enrollment pkcs12
 revocation-check crl
 hash sha256
!
!
crypto pki certificate chain SLA-TrustPoint
 certificate ca 01
  30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
  32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
  6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
  3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
  43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
  526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
  82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
  CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
  1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
  4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
  7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
  68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
  C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
  C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
  DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
  06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
  4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
  03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
  604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
  D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
  467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
  7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
  5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
  80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
  418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
  D697DF7F 28
        quit
!
!
!
!
!
!
!
!
!
license udi pid CSR1000V sn 93L3EIQZ76R
license boot level ax
archive
 log config
  record rc
  logging enable
  logging size 400
 path bootflash:archive/
 maximum 14
 time-period 5
memory free low-watermark processor 71477
diagnostic bootup level minimal
!
!
spanning-tree extend system-id
!
!
!
username bryan privilege 15 secret 9 $14$e.nq$vYwHNMTuCPO2EE$hwV5ScaF5wM5rF.4Vg4bfySR6JokA/1Uk4bGcmtQ4Lk
!
redundancy
!
!
!
!
!
cdp run
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 description Loopback
 ip address 100.120.0.30 255.255.255.255
 no ip mfib forwarding input
 no ip mfib forwarding output
!
interface Loopback100000
 vrf forwarding CUST-00000
 ip address 192.168.255.50 255.255.255.255
 ip pim sparse-mode
!
interface Tunnel11
 ip address 100.122.0.30 255.255.192.0
 no ip redirects
 ip mtu 1400
 ip nhrp authentication NOI-KEY
 ip nhrp map 100.122.0.10 23.149.104.27
 ip nhrp map multicast 23.149.104.27
 ip nhrp network-id 11
 ip nhrp nhs 100.122.0.10
 ip tcp adjust-mss 1360
 ip ospf network point-to-multipoint
 shutdown
 cdp enable
 mpls ip
 mpls nhrp
 mpls bgp forwarding
 llp nhrp map multicast 23.149.104.27
 tunnel source GigabitEthernet2
 tunnel destination 23.149.104.27
 tunnel key 11
 tunnel vrf FRONT-DOOR
!
interface Tunnel41
 ip address 100.123.128.254 255.255.255.252
 no ip redirects
 ip mtu 1400
 ip ospf network point-to-point
 shutdown
 cdp enable
 mpls ip
 tunnel source GigabitEthernet2
 tunnel destination 23.149.104.27
 tunnel key 41
 tunnel vrf FRONT-DOOR
!
interface GigabitEthernet1
 description MGMT
 ip vrf forwarding MGMT
 ip address 100.120.255.145 255.255.255.224
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet2
 description FRONT-DOOR
 ip vrf forwarding FRONT-DOOR
 ip address 199.47.174.158 255.255.255.224
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet3
 description C-LAN
 vrf forwarding CUST-00000
 ip address 192.168.30.1 255.255.255.0
 ip pim sparse-mode
 ip igmp join-group 226.0.0.30
 ip igmp proxy-service
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet4
 ip address 100.123.128.242 255.255.255.252
 no ip redirects
 ip mtu 1400
 ip ospf network point-to-point
 negotiation auto
 cdp enable
 mpls ip
 no mop enabled
 no mop sysid
!
router ospf 1
 network 100.120.0.0 0.3.255.255 area 0
!
router bgp 64512
 bgp router-id interface Loopback0
 bgp log-neighbor-changes
 neighbor 100.120.0.10 remote-as 64512
 neighbor 100.120.0.10 log-neighbor-changes
 neighbor 100.120.0.10 ebgp-multihop 255
 neighbor 100.120.0.10 update-source Loopback0
 !
 address-family ipv4
  no neighbor 100.120.0.10 activate
 exit-address-family
 !
 address-family ipv4 mvpn
  neighbor 100.120.0.10 activate
  neighbor 100.120.0.10 send-community both
 exit-address-family
 !
 address-family vpnv4
  neighbor 100.120.0.10 activate
  neighbor 100.120.0.10 send-community both
 exit-address-family
 !
 address-family ipv4 vrf CUST-00000
  redistribute connected route-map CUST-00000-ROUTES
 exit-address-family
!
!
virtual-service csr_mgmt
!
ip forward-protocol nd
!
ip pim vrf CUST-00000 bsr-candidate Loopback100000 0
ip pim vrf CUST-00000 rp-candidate Loopback100000
no ip http server
no ip http secure-server
ip http client source-interface GigabitEthernet1
ip route vrf FRONT-DOOR 0.0.0.0 0.0.0.0 199.47.174.129
ip route vrf MGMT 0.0.0.0 0.0.0.0 100.120.255.132
ip ssh bulk-mode 131072
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh source-interface GigabitEthernet1
ip ssh pubkey-chain
  username bryan
   key-hash ssh-rsa FD61A6D6FFD817666D6E420C5E7029CB
   key-hash ssh-ed25519 286A947512A7C2CB9B1E0FAF2D61998B bryan@bryanfields.net
!
!
ip access-list standard CUST-00000-ROUTE-ACL
 10 permit 192.168.0.0 0.0.255.255
ip access-list standard VTY
 10 permit 192.168.0.0 0.0.255.255
 20 permit 100.64.0.0 0.63.255.255
 30 permit 44.98.0.0 0.0.255.255
 40 permit 199.47.174.0 0.0.0.255
 50 permit 23.149.104.0 0.0.0.255
 60 permit 100.120.255.128 0.0.0.7
ip access-list standard snmp-acl
 10 permit 100.120.255.128 0.0.0.7
!
ip access-list standard 10
 10 permit 224.0.0.0 15.255.255.255
!
route-map CUST-00000-ROUTES permit 10
 match ip address CUST-00000-ROUTE-ACL
!
mpls ldp router-id Loopback0
snmp-server group radio v3 priv access snmp-acl
snmp-server trap-source Loopback0
snmp-server source-interface informs Loopback0
snmp ifmib ifindex persist
!
!
!
!
!
control-plane
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
line con 0
 stopbits 1
line aux 0
line vty 0
 access-class VTY in vrf-also
 exec-timeout 180 0
 transport input ssh
line vty 1
 access-class VTY in vrf-also
 exec-timeout 180 0
 length 0
 transport input ssh
line vty 2 4
 access-class VTY in vrf-also
 exec-timeout 180 0
 transport input ssh
line vty 5 15
 access-class VTY in vrf-also
 exec-timeout 180 0
 transport input ssh
line vty 16 97
 access-class VTY in vrf-also
 transport input ssh
!
call-home
 ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
 ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
 contact-email-addr sch-smart-licensing@cisco.com
 profile "CiscoTAC-1"
  active
  destination transport-method http
ntp logging
ntp source GigabitEthernet1
ntp server vrf FRONT-DOOR 45.79.214.107
ntp server vrf FRONT-DOOR 138.236.128.36
ntp server vrf FRONT-DOOR 50.205.57.38
ntp server vrf FRONT-DOOR 144.202.41.38
!
!
!
!
!
!
end

== JFK CE/PE ==
JFK#sh run
Building configuration...

Current configuration : 9432 bytes
!
! Last configuration change at 02:47:14 UTC Fri Jul 18 2025 by bryan
! NVRAM config last updated at 02:24:13 UTC Fri Jul 18 2025 by bryan
!
version 17.12
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform sslvpn use-pd
platform console serial
!
hostname JFK
!
boot-start-marker
boot system bootflash:c8000v-universalk9.17.12.05a.SPA.bin
boot-end-marker
!
!
vrf definition CUST-00000
 description Customer 00000 - Mvpn for DAMM radios
 rd 64512:100000
 vpn id 64512:100000
 route-target export 64512:100000
 route-target import 64512:100000
 !
 address-family ipv4
  mdt auto-discovery mldp
  mdt default mpls mldp p2mp
  mdt overlay use-bgp spt-only
 exit-address-family
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login vpnclient local
aaa authorization console
aaa authorization config-commands
aaa authorization exec default local
aaa authorization network localgroups local
!
!
aaa session-id common
no process cpu autoprofile hog
!
!
!
!
!
!
ip vrf FRONT-DOOR
 description Front-Door VRF only for public
 rd 62000:1
!
ip vrf MGMT
 description MGMT only
 rd 62000:10
!
ip multicast-routing distributed
ip multicast-routing vrf CUST-00000 distributed
ip multicast mpls mldp
!
!
!
!
!
!
no ip domain lookup
ip domain name keekles.org
!
!
!
login on-failure log
login on-success log
!
!
subscriber templating
!
!
!
!
!
!
no mpls ip propagate-ttl
mpls ldp advertise-labels interface Tunnel11
mpls ldp advertise-labels interface GigabitEthernet4
mpls mldp logging internal
mpls mldp logging notifications
multilink bundle-name authenticated
!
!
!
!
!
!
pae
!
!
crypto pki trustpoint SLA-TrustPoint
 enrollment pkcs12
 revocation-check crl
 hash sha256
!
!
crypto pki certificate chain SLA-TrustPoint
 certificate ca 01
  30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
  32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
  6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
  3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
  43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
  526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
  82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
  CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
  1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
  4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
  7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
  68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
  C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
  C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
  DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
  06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
  4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
  03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
  604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
  D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
  467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
  7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
  5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
  80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
  418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
  D697DF7F 28
  	quit
!
!
!
!
!
!
!
!
!
license udi pid CSR1000V sn 9XUGGMB40KM
license boot level ax
archive
 log config
  record rc
  logging enable
  logging size 400
 path bootflash:archive/
 maximum 14
 time-period 5
memory free low-watermark processor 71477
diagnostic bootup level minimal
!
!
spanning-tree extend system-id
!
!
!
username bryan privilege 15 secret 9 $14$e.nq$vYwHNMTuCPO2EE$hwV5ScaF5wM5rF.4Vg4bfySR6JokA/1Uk4bGcmtQ4Lk
!
redundancy
!
!
!
!
!
cdp run
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 description Loopback
 ip address 100.120.0.20 255.255.255.255
!
interface Loopback100000
 vrf forwarding CUST-00000
 ip address 192.168.255.50 255.255.255.255
 ip pim sparse-mode
!
interface Tunnel11
 ip address 100.122.0.20 255.255.192.0
 no ip redirects
 ip mtu 1400
 ip nhrp authentication NOI-KEY
 ip nhrp map 100.122.0.10 23.149.104.27
 ip nhrp map multicast 23.149.104.27
 ip nhrp network-id 11
 ip nhrp nhs 100.122.0.10
 ip tcp adjust-mss 1360
 ip ospf network point-to-multipoint
 cdp enable
 mpls ip
 mpls nhrp
 mpls bgp forwarding
 llp nhrp map multicast 23.149.104.27
 tunnel source GigabitEthernet2
 tunnel destination 23.149.104.27
 tunnel key 11
 tunnel vrf FRONT-DOOR
!
interface Tunnel42
 ip address 100.123.128.250 255.255.255.252
 no ip redirects
 ip mtu 1400
 ip ospf network point-to-point
 shutdown
 cdp enable
 mpls ip
 tunnel source GigabitEthernet2
 tunnel destination 23.149.104.27
 tunnel key 42
 tunnel vrf FRONT-DOOR
!
interface GigabitEthernet1
 description MGMT
 ip vrf forwarding MGMT
 ip address 100.120.255.146 255.255.255.224
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet2
 description FRONT-DOOR
 ip vrf forwarding FRONT-DOOR
 ip address 44.98.254.141 255.255.255.224
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet3
 description C-LAN
 vrf forwarding CUST-00000
 ip address 192.168.20.1 255.255.255.0
 ip pim sparse-mode
 ip igmp join-group 226.0.0.20
 ip igmp proxy-service
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet4
 ip address 100.123.128.246 255.255.255.252
 no ip redirects
 ip mtu 1400
 ip ospf network point-to-point
 negotiation auto
 cdp enable
 mpls ip
 no mop enabled
 no mop sysid
!
router ospf 1
 network 100.120.0.0 0.3.255.255 area 0
 mpls ldp sync
!
router bgp 64512
 bgp router-id interface Loopback0
 bgp log-neighbor-changes
 neighbor 100.120.0.10 remote-as 64512
 neighbor 100.120.0.10 log-neighbor-changes
 neighbor 100.120.0.10 ebgp-multihop 255
 neighbor 100.120.0.10 update-source Loopback0
 !
 address-family ipv4
  no neighbor 100.120.0.10 activate
 exit-address-family
 !
 address-family ipv4 mvpn
  neighbor 100.120.0.10 activate
  neighbor 100.120.0.10 send-community both
 exit-address-family
 !
 address-family vpnv4
  neighbor 100.120.0.10 activate
  neighbor 100.120.0.10 send-community both
 exit-address-family
 !
 address-family ipv4 vrf CUST-00000
  redistribute connected route-map CUST-00000-ROUTES
 exit-address-family
!
!
virtual-service csr_mgmt
!
ip forward-protocol nd
!
ip pim vrf CUST-00000 bsr-candidate Loopback100000 0
ip pim vrf CUST-00000 rp-candidate Loopback100000
ip pim vrf CUST-00000 register-source GigabitEthernet3
no ip http server
no ip http secure-server
ip http client source-interface GigabitEthernet1
ip route vrf FRONT-DOOR 0.0.0.0 0.0.0.0 44.98.254.129
ip route vrf MGMT 0.0.0.0 0.0.0.0 100.120.255.132
ip ssh bulk-mode 131072
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh source-interface GigabitEthernet1
ip ssh pubkey-chain
  username bryan
   key-hash ssh-rsa FD61A6D6FFD817666D6E420C5E7029CB
   key-hash ssh-ed25519 286A947512A7C2CB9B1E0FAF2D61998B bryan@bryanfields.net
!
!
ip access-list standard CUST-00000-ROUTE-ACL
 10 permit 192.168.0.0 0.0.255.255
ip access-list standard VTY
 10 permit 192.168.0.0 0.0.255.255
 20 permit 100.64.0.0 0.63.255.255
 30 permit 44.98.0.0 0.0.255.255
 40 permit 199.47.174.0 0.0.0.255
 50 permit 23.149.104.0 0.0.0.255
 60 permit 100.120.255.128 0.0.0.7
ip access-list standard snmp-acl
 10 permit 100.120.255.128 0.0.0.7
!
ip access-list standard 10
 10 permit 224.0.0.0 15.255.255.255
!
route-map CUST-00000-ROUTES permit 10
 match ip address CUST-00000-ROUTE-ACL
!
mpls ldp router-id Loopback0
snmp-server group radio v3 priv access snmp-acl
snmp-server trap-source Loopback0
snmp-server source-interface informs Loopback0
snmp ifmib ifindex persist
!
!
!
!
!
control-plane
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
line con 0
 stopbits 1
line aux 0
line vty 0
 access-class VTY in vrf-also
 exec-timeout 180 0
 transport input ssh
line vty 1
 access-class VTY in vrf-also
 exec-timeout 180 0
 length 0
 transport input ssh
line vty 2 4
 access-class VTY in vrf-also
 exec-timeout 180 0
 transport input ssh
line vty 5 15
 access-class VTY in vrf-also
 exec-timeout 180 0
 transport input ssh
line vty 16 97
 access-class VTY in vrf-also
 transport input ssh
!
call-home
 ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
 ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
 contact-email-addr sch-smart-licensing@cisco.com
 profile "CiscoTAC-1"
  active
  destination transport-method http
ntp logging
ntp source GigabitEthernet1
ntp server vrf FRONT-DOOR 45.79.214.107
ntp server vrf FRONT-DOOR 138.236.128.36
ntp server vrf FRONT-DOOR 50.205.57.38
ntp server vrf FRONT-DOOR 144.202.41.38
!
!
!
!
!
!
end
Retrieved from "https://wiki.w9cr.net/index.php?title=Cisco_MPLS_MVPN&oldid=8369"