Serial0mdaemon

AmericasHeadquartersCiscoSystems,Inc.
170WestTasmanDriveSanJose,CA95134-1706USAhttp://www.
cisco.
comTel:408526-4000800553-NETS(6387)Fax:408527-0883CiscoSolutionsforFinancialandBranchBanking—DesignandDeploymentGuideTHESPECIFICATIONSANDINFORMATIONREGARDINGTHEPRODUCTSINTHISMANUALARESUBJECTTOCHANGEWITHOUTNOTICE.
ALLSTATEMENTS,INFORMATION,ANDRECOMMENDATIONSINTHISMANUALAREBELIEVEDTOBEACCURATEBUTAREPRESENTEDWITHOUTWARRANTYOFANYKIND,EXPRESSORIMPLIED.
USERSMUSTTAKEFULLRESPONSIBILITYFORTHEIRAPPLICATIONOFANYPRODUCTS.
THESOFTWARELICENSEANDLIMITEDWARRANTYFORTHEACCOMPANYINGPRODUCTARESETFORTHINTHEINFORMATIONPACKETTHATSHIPPEDWITHTHEPRODUCTANDAREINCORPORATEDHEREINBYTHISREFERENCE.
IFYOUAREUNABLETOLOCATETHESOFTWARELICENSEORLIMITEDWARRANTY,CONTACTYOURCISCOREPRESENTATIVEFORACOPY.
TheCiscoimplementationofTCPheadercompressionisanadaptationofaprogramdevelopedbytheUniversityofCalifornia,Berkeley(UCB)aspartofUCB'spublicdomainversionoftheUNIXoperatingsystem.
Allrightsreserved.
Copyright1981,RegentsoftheUniversityofCalifornia.
NOTWITHSTANDINGANYOTHERWARRANTYHEREIN,ALLDOCUMENTFILESANDSOFTWAREOFTHESESUPPLIERSAREPROVIDED"ASIS"WITHALLFAULTS.
CISCOANDTHEABOVE-NAMEDSUPPLIERSDISCLAIMALLWARRANTIES,EXPRESSEDORIMPLIED,INCLUDING,WITHOUTLIMITATION,THOSEOFMERCHANTABILITY,FITNESSFORAPARTICULARPURPOSEANDNONINFRINGEMENTORARISINGFROMACOURSEOFDEALING,USAGE,ORTRADEPRACTICE.
INNOEVENTSHALLCISCOORITSSUPPLIERSBELIABLEFORANYINDIRECT,SPECIAL,CONSEQUENTIAL,ORINCIDENTALDAMAGES,INCLUDING,WITHOUTLIMITATION,LOSTPROFITSORLOSSORDAMAGETODATAARISINGOUTOFTHEUSEORINABILITYTOUSETHISMANUAL,EVENIFCISCOORITSSUPPLIERSHAVEBEENADVISEDOFTHEPOSSIBILITYOFSUCHDAMAGES.
CCVP,theCiscologo,andWelcometotheHumanNetworkaretrademarksofCiscoSystems,Inc.
;ChangingtheWayWeWork,Live,Play,andLearnisaservicemarkofCiscoSystems,Inc.
;andAccessRegistrar,Aironet,Catalyst,CCDA,CCDP,CCIE,CCIP,CCNA,CCNP,CCSP,Cisco,theCiscoCertifiedInternetworkExpertlogo,CiscoIOS,CiscoPress,CiscoSystems,CiscoSystemsCapital,theCiscoSystemslogo,CiscoUnity,Enterprise/Solver,EtherChannel,EtherFast,EtherSwitch,FastStep,FollowMeBrowsing,FormShare,GigaDrive,HomeLink,InternetQuotient,IOS,iPhone,IP/TV,iQExpertise,theiQlogo,iQNetReadinessScorecard,iQuickStudy,LightStream,Linksys,MeetingPlace,MGX,Networkers,NetworkingAcademy,NetworkRegistrar,PIX,ProConnect,ScriptShare,SMARTnet,StackWise,TheFastestWaytoIncreaseYourInternetQuotient,andTransPathareregisteredtrademarksofCiscoSystems,Inc.
and/oritsaffiliatesintheUnitedStatesandcertainothercountries.
AllothertrademarksmentionedinthisdocumentorWebsitearethepropertyoftheirrespectiveowners.
TheuseofthewordpartnerdoesnotimplyapartnershiprelationshipbetweenCiscoandanyothercompany.
(0711R)AnyInternetProtocol(IP)addressesusedinthisdocumentarenotintendedtobeactualaddresses.
Anyexamples,commanddisplayoutput,andfiguresincludedinthedocumentareshownforillustrativepurposesonly.
AnyuseofactualIPaddressesinillustrativecontentisunintentionalandcoincidental.
CiscoSolutionsforFinancialandBranchBanking2009-2010CiscoSystems,Inc.
Allrightsreserved.
iiiCisco2900Seriesand3900SeriesHardwareInstallationGuideCONTENTSSolutionOverview1-1CiscoSolutionStrengths1-2CiscoIntegratedServicesRoutersGeneration21-2ManagementCapabilitiesandApplications1-3CiscoBorderlessNetworkArchitecture1-3CiscoEnergyWise1-5MoreInformation1-6DeployingtheSolution2-1ATM/KioskBranch2-1SurvivableVoiceEnabledBranch2-4Examples2-5SurvivableVoiceEnabledBranch—VoiceandData2-5SurvivableVoiceEnabledBranch—Data2-14HeadquartersExternalTranscoder2-24IntegratedSwitch2-27HighAvailabilityBranchwithSurvivableVoice2-32Examples2-34BranchRouter12-34BranchRouter22-41NME-WAE-502-K92-48NME-CUE2-63KeyServer12-66KeyServer22-70HeadquartersAggregationRouter2-72CiscoUnifiedMessagingGateway2-78NME-UMG2-80ListofFeatures2-81VerifyingFunctionality2-83VerifyCommonServices2-83VerifyMemoryandCPU2-85VerifyFeatures2-85CiscoUnifiedSRSV-CUE2-86EnergyWise2-87Fax2-87ContentsivCisco2900Seriesand3900SeriesHardwareInstallationGuideFrameRelay2-87HSRP2-88Multicast2-88NetFlow2-89PRI2-89QoS2-89Routing2-90Security2-90SSHv22-92Voice2-92WideAreaApplicationServices(WAAS)2-95ManagementInformationDatabases3-1CHAPTER1-1CiscoSolutionsforFinancialBranchBanking1SolutionOverviewRevised:August6th,2010CiscoValidatedDesigns(CVDs)arenetworkarchitecturesolutionsthatarecreatedsocustomerscandeploytheirnetworkswithconfidence.
ThisCVDisbasedonfinancialindustryrequirementswithaspecificfocusonbranchbanking.
Ittestsmultipletechnologiesovermultipletopologies,aswellasCiscoBorderlessNetworksandEnergyWise.
Thesevalidateddesignsgivethefinancialandbranchbankingindustrytheabilitytotacklekeyconcerns,suchascompetitiveconsolidations,diversebranchsizesandneeds,loweroperatingcosts,rapiddeploymentofmicro-branchesandATMs,highavailability,codestability,andnewservicedeployment.
Alloftheseareasweresimultaneouslytestedandincludedirectfeedbackfrombankingcustomers.
Thefinancialandbranchbanksfacemanychallenges,someofwhichare:BuyoutsandconsolidationsDiverseofficesizesandneedsHighoperatingcostsRapiddeploymentofmicro-branchesandATMsHighavailabilityandcodestabilityServerconsolidationNewServiceDeploymentComplianceissuesThesechallengesrequireaspecificfeaturesetassembledinavalue-addedwaytohelpreducethebusinessimpacts.
ThisvalidateddesignassuresthatmultipleIOSfeaturescanoperatesimultaneouslyinthemannerpromisedbyCisco.
BeforereleasingthisCVD,financialbranch-basedtestswereperformedoveravarietyoftopologieswithawiderangeoffeaturesrangingfrom:DiversesetsofWANinterfaces:nXT1,T3,3G,Ethernet,nX56kFrameRelayDeviceintegration–Routing–Switching–Security–CiscoWideAreaApplicationsServices(WAAS)acceleration–UnifiedCommunications-CiscoUnifiedSurvivableRemoteSiteTelephonyBorderlessNetworking–Sameservicesinthebranchasinheadquarters1-2CiscoSolutionsforFinancialBranchBankingChapter1SolutionOverviewCiscoSolutionStrengths–ServicesOnDemand,decouplingsoftwarefromsoftwareHigh-speedbranchWANperformanceCiscoEnergyWiseHighavailabilityNetworkManageabilityCiscoSolutionStrengthsCiscoIntegratedServicesRoutersGeneration2,page1-2–ManagementCapabilitiesandApplications,page1-3CiscoBorderlessNetworkArchitecture,page1-3CiscoEnergyWise,page1-5CiscoIntegratedServicesRoutersGeneration2TheCiscoIntegratedServicesRouterGeneration2(ISRG2)productsarethelatestadditiontothetremendouslysuccessfulintegratedservicesrouter(ISR)portfolio.
TheCiscoISRG2sarepartoftheCiscoBorderlessNetworkArchitecturethatenablesbusinessinnovationandgrowthacrossallremotesites.
Thenext-generationarchitecturedeliversanewworkshopsexperiencebymeetingtheperformancerequirementsforthenextgenerationofWANandnetworkservices,enablingthecost-effectivedeliveryofhigh-definitioncollaborationatthebranchofficeandprovidingthesecuretransitiontothenextgenerationofcloudandvirtualizednetworkservices.
Designedforoptimalservicedeliveryonasingleplatform,theCiscoISRG2sgivebusinessesgreaterpowertodeliverasuperiorcustomerexperienceanddeployservices'ondemand'asbusinessneedsdictate,meanwhileyoucanreduceoveralloperatingcosts.
WhatProblemsDoestheCiscoISRG2sProductsHelpSolveWiththenumberofemployeesgrowingatthebranchoffice,financialteamsarechallengedtosecurelyandefficientlyconnectremotelocationsatminimalcost.
TheCiscoISRG2productsnotonlyaddresscriticalbranch-officechallenges,likethefirstgenerationofISRs,buttheyalsointroducerevolutionarywaystomaketheremoteofficemoreproductive,morecollaborative,andmoreoperationallyefficient.
Thesenewinnovationsenablefinancialbranchofficestodothefollowing:Delivernext-generationWANandnetworkservicerequirements.
Delivernext-generationLANwiththesameservicesinthebranchasinheadquartersusingCiscoEtherSwitchServicemodules.
–Samefeature/roadmap/softwaretrainasCatalystswitches,onesoftwareversiontotest/validateforboththebranchandheadquarters.
Lowertotalcostofownership,routingplusswitchingsolution.
Becomemoreproductivethroughincreasedvideo-basedcollaborationandrich-mediaservices.
Securelytransitiontocloudandvirtualizednetworkservices.
Minimizeenergyconsumptionandcoststosupportcorporatesustainability.
Enablefinancialteamstoscaleservicesworldwide.
RapidlydeploymicrobranchessuchasAutomatedTellerMachines(ATM)andKiosklocations.
1-3CiscoSolutionsforFinancialBranchBankingChapter1SolutionOverviewCiscoSolutionStrengthsTransitiontowardEthernethandofftechnologiesfromlegacytechnologies.
WhyShouldyouUpgradetoaCiscoISRG2ProductTheCiscoISRG2portfoliobuildsuponthemarketsuccessofthefirstgenerationofISRs,plusitoffersnewenhancementsthatdelivergreatervaluetoyourbusiness,suchas(followedbybulletedlist):Video-readybranchofficeforasuperiorcustomerexperiencewithnewservicesthattransformthebranch-officeworkspace.
Servicevirtualizationtodeliverhighlyeffectivebusinessinnovationthatachievesunparalleledservice.
Operationalexcellenceprovidingthelowesttotalcostofownership(TCO)withscalability,operationalflexibility,andsimplicitybasedonbest-in-classserviceintegration,innovativepay-as-you-growmodel,andoptimizedenergyefficiency.
Increasedbranch-officeuptimewithenhancedavailabilityfeatures.
Greaterenergyefficiencywithslot-basedcontrolstodecreasecostsandsupportsustainability.
SimplifieddeploymentwithasingleCiscoIOSSoftwareimage.
Investmentprotectionwithsupportformostofthepriorgenerationofintegratedservicesrouter.
ManagementCapabilitiesandApplicationsCiscoIntegratedServicesRouterG2sprovideextensivesupportforstandardSNMPMIBsandsyslogmessages,andallowsforcomprehensivenetworkmanagementusingCiscoorthird-partynetworkmanagementsystems(NMSs).
Cisco-embeddedmanagementcapabilitiesprovidecomprehensivenetworkmanagementfunctions,fromproactivediagnosticstoWeb2.
0openinterfacetopolicy-basedautomation.
CiscoISRG2sprovidethenetworkplatformforborderlessservices.
Asyourunmoreservicesonyournetwork,youcanuseIPSLAstomonitorcriticalnetworktrafficperformanceindicators,includingdelay,jitter,andlinkavailability.
IPSLAsmimicreal-worldtraffictoproactivelyidentifyservice-levelproblemsbeforeyourusersdo.
IntegratingwithabroadsetofCiscoandthird-partyNMSapplications,IPSLAssetthestandardforleadershipinproactiveperformancemonitoring.
FlexibleNetFlow(FNF)isthenextgenerationinNetFlowtechnology.
Asmoreservicesandapplications,suchasbusinessvideoruninthenetwork,FNFprovidesthevisibilityofthenetworkinfrastructureneededforoptimizingresourceusageandplanningcapacity,reducingoperationcosts,anddetectingsecurityincidents.
FNFprovidesmoreflexibilityandscalabilitybeyondtraditionalNetFlowbyenablingcustomizationoftrafficidentification,suchassource,destination,timing,andapplicationinformation.
Furthermore,FNFprovidesenhancednetworkanomalyandsecuritydetectiontohelpquicklyidentifyandremediatesecurityrisks.
Formoreaboutsupported3rd-partyapplications,Ciscomanagementapplications,orembeddedmanagementcapabilitiesonCiscoISRG2s,see:http://www.
cisco.
com/en/US/prod/routers/isrg2_management_capabilities_app.
html#~third-partyCiscoBorderlessNetworkArchitectureCiscoBorderlessNetworkArchitectureisdesignedtohelpITbalancedemandingbusinesschallengesandchangingbusinessmodelspromotedbytheinfluxofconsumerdevicesintothebusinessworld.
BorderlessnetworkshelpITevolveitsinfrastructuretodeliverseamlessandsecureaccessinaworldwithmanynewandshiftingborders.
1-4CiscoSolutionsforFinancialBranchBankingChapter1SolutionOverviewCiscoSolutionStrengthsAspeopleembracenewtechnologiesaspartoftheirdailylives,asecondshiftisoccurring.
Anewgenerationofcustomersandemployeesisenteringtheworkforce.
Thisnewgenerationismultimediasavvyandsociallyconnected.
Theybringhighlymobile,highlyportablevideodevicesintotheworkplaceorbusiness,andtheycomewiththeexpectationthatvideowillbepartoftheirinteractionwithemployees,customers,andpartners.
Thus,ITmustdealnotonlywithnewdevicesandusagemodels,butalsowithchangingbusinesspracticesthatplacehugenewdemandsonthecoreinfrastructure.
Intoday'smodernworkplace,itisincreasinglycommonthatprimarybusinessresources,includingdatacenters,applications,employees,andcustomers,arealloutsidethetraditionalbusinessperimeter.
ExtendingbusinessbordersaroundallthesepeopleandresourcestaxesyourITdepartment.
ITsimplycannotscalewheneveryprojectisanexceptiontotraditionalITdesignandmanagementpractices.
ITneedsabetterwaytoscaleandmanageusersandcustomersinanylocation,becauseusersmaybeusingvirtuallyanydevicetoaccessalmostanyapplicationlocatedanywhereintheworld.
Cisco'sBorderlessNetworkArchitectureempowersITtoefficientlymanageaccessfrommultiplelocations,frommultipledevices,andtoapplicationsthatcanbelocatedanywhere.
TheresearchfirmIn-Statestimatesthatby2012morethan1.
3billionWi-Fideviceswillhavereachedthemarket.
Thereisadramaticshiftoccurringtowardubiquitouswiredandwirelessaccess,butmanyorganizationsstilltreatwiredandwirelessnetworksasseparateentities.
CiscoBorderlessNetworkArchitectureprovidestheframeworktounifywiredandwirelessaccess,includingsecurity,accesscontrol,andperformancemanagementacrossmanydifferentdevicetypes.
EnablingSecureAccess,Anywhere,withAnyDeviceAnotherprimaryshiftishowandwhereusersaccessinformation.
Inthepast,dataandapplicationswerehousedonthepremises,anduserswerealsogenerallyonthepremises.
Today,manyorganizationstapintotalentpoolsallaroundtheworld.
Workersmightbefull-timeremoteemployeesorcontractors.
Applicationsmightbehostedoff-siteoreveninthecloud,buttraditionalITstilltreatsthesecrucialresourcesasinternalentities.
WithCisco'sBorderlessNetworkArchitecture,ITcanunifyitsapproachtosecurelydeliveringapplicationstousersinahighlydistributedenvironment.
Thecrucialelementtoscalingsecureaccessisapolicy-basedarchitecturethatallowsITtoimplementcentralizedaccesscontrolswithenforcementthroughoutthenetwork,fromserver,toinfrastructure,toclient.
Attheheartofborderlessnetworksisanewtechnicalarchitecturebasedonthreeimportantprinciples:Decouplinghardwarefromsoftware.
Unifyingthecomputing,storage,andnetworking.
Standardizingpolicythroughouttheunifiedsystem.
CiscoBorderlessNetworkArchitectureFive-PhasePlanThesedesignprinciplesareexposedthroughinnovationsacrossCisco'srouting,switching,wireless,security,applicationoptimization,andnetworkmanagementproducts.
Withtheseprinciplesinmind,Ciscoisimplementingafive-phaseplantodeliveranext-generationarchitecturethatdeliversseamless,secure,reliablecommunicationstoanydevice,inanylocation,accessinganyresource.
Cisco'sBorderlessNetworkArchitectureisimplementedasafive-phaseplanthatmovesfrombaselineservicestoadvancedpolicymanagementandintegrationthatultimatelydeliverstheborderlessexperience.
1.
Thefirstphaseoftheborderlessnetworkevolutionestablishescriticalborderlessnetworkservicesthatserveasthefoundationforadvancedcollaborationandrich-mediaapplications.
TheseservicesincludemedianetandCiscoEnergyWise,connectionmanagement,andresilienceandcontrolservices.
1-5CiscoSolutionsforFinancialBranchBankingChapter1SolutionOverviewCiscoSolutionStrengths2.
Thesecondphasefocusesonborderlessuserservices,includingmobilityservices,securityservices,andapplicationperformanceservices.
Theseservicessimplifytheuserexperience,creatingaseamlessuserexperiencewhileenhancingIT'scontroloverhighlydistributedandmobileclientdevices.
3.
Thethirdphaseimplementsborderlesspolicy,enablingITtoimplementunifiedpoliciesthatgovernhowusersaccessthenetworkfromdifferentdevicesandlocations.
4.
Thefourthphaseprovidesaborderlessintegrationframework,extendingborderlessnetworkservicestothird-partydevicesandsystemsthroughopenAPIsandpartnerships.
5.
Thefinalphasedeliverstheborderlessexperience,combininguserandnetworkservices,policy,andintegrationtogethertorealizetheanytime,anywhereexperiencethatisborderlessnetworks.
CiscoEnergyWiseManyfinancialbranchlocationsareclosedatspecificandpredictabletimesoftheday.
Duringthattime,manydevicescontinuetorun,whichusuallyraisesutilitybillsandcausesdamagetotheenvironment.
ThisproblemcanbesuccessfullyresolvedbyusingCiscoEnergyWiseservices.
EnergyWiseisimplementedacrossCisco'srouting,switching,andwirelessportfolios;providingmeasurement,monitoring,andthecontrolofenergyusagefromnetworkdevicesandnetwork-attachedITdevices.
CiscoEnergyWisegivestheuseranetwork-basedframeworkprocesstodiscover,monitor,optimize,advise,andregulateenergyneedsforthebusiness.
Itencompassesahighlyintelligentnetwork-basedapproachtocommunicatemessagesthatcontrolenergybetweennetworkdevicesandendpoints.
WhencombinedwithCiscoNetworkBuildingMediator,organizationscantakeawhole-facilityapproachtoenergymanagementthatcanquicklyadduptosubstantialoperationalsavingsandreducedenvironmentalimpact.
CiscoEnergyWiseisanewenergymanagementarchitecturethatallowsIToperationsandfacilitiestomeasureandfine-tunepowerusagetorealizesignificantcostsavings.
CiscoEnergyWisefocusesonreducingpowerutilizationonalldevicesconnectedtoaCisconetwork,rangingfromPoweroverEthernet(PoE)devicessuchasIPphonesandwirelessaccesspoints,toIP-enabledbuildingandlightingcontrollers.
Itusesanintelligentnetwork-basedapproach,allowingITandbuildingfacilitiesoperationstounderstand,optimize,andcontrolpoweracrossanentirecorporateinfrastructure,potentiallyaffectinganypowereddevice.
CiscoEnergyWiseprovidesITprofessionalswithanewmethodtounderstandpowerusageandjustifyenergycosts.
CiscoEnergyWiseisanenergymanagementarchitecturedesignedtomeasurepowerconsumptionandoptimizepowerusage,resultingineffectivedeliveryofpoweracrosstheenterprise.
ITprofessionalscanquicklyoptimizethepowerconsumedinabuilding,andtheresultisimmediatecostsavingswithaclearreturnoninvestment.
CiscoEnergyWisemeasurescurrentpowerconsumption,automatesandtakesactionstooptimizepowerlevels,andadviseshowmuchpowerisbeingconsumedtodemonstratecostsaving.
Afterpowerconsumptionisunderstood,regulationusingCiscoEnergyWisenetworkprotocolsprovidescommandandcontrolofpowerusage.
Energyconsumedperlocationcaneasilybefoundwitharealisticviewofpowerconsumedperwiringcloset,buildingfloor,orcampusbuilding.
1-6CiscoSolutionsforFinancialBranchBankingChapter1SolutionOverviewMoreInformationMoreInformationForadditionaldetailsaboutthemanywaysCiscorouting,securityandapplicationplatformshelpfinancialinstitutionsaddressbusinessandnetworkingissues,pleasevisitDesignZoneforFinancialServices,http://www.
cisco.
com/en/US/netsol/ns825/networking_solutions_program_home.
html.
CHAPTER2-1CiscoSolutionsforFinancialBranchBanking2DeployingtheSolutionThischapterprovidesadescriptionofthethreebranchbankingsolutions,theirtopologies,andaquickdeploymentmethodusingworkingexampleconfigurations.
Selecttheappropriatenetworktopologyforyourbusinessenvironment.
ATM/KioskBranch,page2-1SurvivableVoiceEnabledBranch,page2-4HighAvailabilityBranchwithSurvivableVoice,page2-32ATM/KioskBranchATM/KioskBranchrequirementsincludeasecurityelementandahighavailabilityelement.
TheCiscoIntegratedServicesRoutersGeneration2(ISRG2)allowthesetypesofservicestoresidewithinthesamerouterandprovidemaximumperformanceandfeaturecoverage,whichresultsinthelowesttotalcostofownership(TCO).
ATM/KioskBranchusesaCisco1941ISRG2andrunsCiscoInternetOperatingSystem(IOS)version15.
0(1)M3,whichisrepresentativeofbranches,ATMs,andotherfinancialkiosksconnectedtoacorporatehead-end.
WANconnectionsaregenerallylowspeedanduseadialbackuporotherlowcostbroadbandconnectionasabackup.
InacommonATMexample,thenetworkwillbedeployedwithaWANlinkconnectedtoaFrameRelaycloudanditcanutilizea3GcardforbackupintheeventofaWANfailure.
The3Gcardisusedasanexcellentalternativetoaterrestrialbackupsolutionprovidedcellularserviceisavailable.
EIGRPandBGParedeployedonthebranchroutertoallowthecustomertheflexibilityofselectingtheroutingprotocoldeploymentwithinthenetwork.
BGPisusedasthepreferredroutingprotocoltoallowdeploymentofsitesacrossaserviceprovider.
EIGRPisusedfor3GbackupandwillconnectdirectlybacktothecompanyinaneventofWANlinkfailure.
SecurityfeaturescoveredinthistopologyincludeAAA,TACACS,DMVPN,NHRP,andGREtunnelingforencrypteddatatransporttoensuresecuredeliveryofcustomerdataacrosstheWAN.
SSHisenabledtoprovidesecureaccesstotherouter.
SNMP,NTP,andloggingallowforexternalmanagementoftheroutersandcanaidintheproactivesupportofthenetworkaswellasinthehistoricalperformanceandtroubleshooting.
HighavailabilityfeaturesintheATM/KioskBranchissupportedwitha3GdialsolutionthatallowsconnectivityintheeventofaWANfailure.
2-2CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionATM/KioskBranchThissolutionusesthefollowinginterfaceforfeaturesupport.
HWIC-3GWIC-1DSU-56K4WIC-4A/SFigure1ATM/KioskBranchTopologyExample!
!
!
!
!
Frame-Relaysubinterface(PVC)configuration!
!
!
interfaceSerial0/1/0.
1point-to-pointipaddress10.
10.
50.
1255.
255.
255.
0frame-relayinterface-dlci100!
!
!
!
3GCellularinterfaceConfigurations!
!
!
interfaceCellular0/0/0noipaddressipvirtual-reassemblyencapsulationpppdialerin-banddialerpool-member1asyncmodeinteractivepppipcpdnsrequest!
!
!
!
DialerinterfaceConfigurations!
!
!
interfaceDialer1ipaddressnegotiatedipvirtual-reassemblyencapsulationpppdialerpool1dialeridle-timeout0dialerstringcdmadialerpersistentpppipcpdnsrequest!
!
!
!
EIGRPRoutingconfiguration!
!
!
!
!
!
Addtunnel1/tunnel2andLANnetworksintoEIGRPconfiguration!
!
!
routereigrp100network10.
10.
10.
00.
0.
0.
255network10.
10.
11.
00.
0.
0.
255ATM/KioskBranchDataCenter249506Frame-Relay2960/3560/37502900SeriesISRG21900SeriesISRG256KbpsPrimaryLinkBackupLink3GT1/56KbpsCiscoSecureAccessControlServerNetworkMangementServerCiscoNetflowCollector3GCellularNetworkATM$2-3CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionATM/KioskBranchnetwork10.
10.
40.
00.
0.
0.
255!
!
!
!
BGPRoutingconfiguration!
!
!
!
!
!
AddFrame-relayandloopbacknetworksintoBGPconfiguration!
!
!
routerbgp1841nosynchronizationbgplog-neighbor-changesnetwork10.
10.
30.
5mask255.
255.
255.
255network10.
10.
50.
0mask255.
255.
255.
0neighbor10.
10.
50.
5remote-as2851noauto-summary!
iplocalpolicyroute-maptrack-primary-ifipforward-protocolnd!
noiphttpservernoiphttpsecure-server!
!
!
!
Serial0/1/0.
1FRPVCisusedasprimaryinterfaceand!
!
!
3G/Dialerinterfaceisusedasbackupinterfaceconfiguration!
!
!
iproute10.
20.
20.
5255.
255.
255.
255Serial0/1/0.
1track1iproute10.
20.
20.
5255.
255.
255.
255Dialer1253!
!
!
!
DefineanIPSLAforreachabilitytracking!
!
!
ipsla1icmp-echo10.
10.
60.
5source-interfaceSerial0/1/0.
1frequency5ipslaschedule1lifeforeverstart-timenow!
access-list102permitipanyhost10.
10.
60.
5!
!
!
!
Defineroute-mapfortheIPSLA1forreachabilitytracking!
!
!
route-maptrack-primary-ifpermit10matchipaddress102setinterfaceSerial0/1/0.
1Null0!
!
control-plane!
!
linecon0exec-timeout00lineaux0line0/0/0exec-timeout00passwordC!
sc0221scriptdialercdmamodemInOutnoexectransportinputalltransportoutputalllinevty0exec-timeout10transportinputalllinevty14exec-timeout00transportinputallexceptiondata-corruptionbuffertruncateschedulerallocate200001000!
!
!
!
ConfigureNTPserveraddressforNTPtimesync!
!
!
ntpupdate-calendarntpserver10.
10.
60.
5end2-4CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionSurvivableVoiceEnabledBranchSurvivableVoiceEnabledBranchSurvivableVoiceEnabledBranchrequirementsincludeawidevarietyoffeaturesrangingfromsecuritytoVoice.
TheCiscoIntegratedServicesRoutersGeneration2(ISRG2)allowthesetypesofservices,andothers,toresidewithinthesamerouterandprovidemaximumperformanceandfeaturecoveragewhichresultsinthelowesttotalcostofownership(TCO).
SurvivableVoiceEnabledBranchhasaCisco2900ISRG2runningCiscoInternetOperatingSystem(IOS),version15.
0(1)M3,whichisconnectedtothecorporatehead-endviaa6T1bundlerunningMLPPP.
Anydataatthebranchismarkedandclassifiedforprioritybeforeitissentoveranencryptedtunneltothehead-end.
T1circuitsinabundleallowforsignificantcostsavingscomparedtoprovisioningahigherspeedT3circuit.
OSPFandEIGRPhavebeendeployedonthebranchroutertoallowthecustomertheflexibilityofmakingachoiceofroutingprotocoldeploymentwithinthenetwork.
EIGRPisbeingusedoverGREtunnelstothecorporatesiteandOSPFisbeingusedtotheserviceprovider.
SecurityfeaturescoveredinthistopologyincludeAAA,ZoneBasedFirewall,IPSe,andGREtunnelingforencrypteddatatransporttoensuresecuredeliveryofcustomerdataacrosstheWAN.
ZoneBasedFirewallfurtherallowsthecustomertopreventtheinjectionofundesirabletrafficintothenetwork.
IPSLAandQoSgivestheSurvivableVoiceEnabledBranchtheabilitytodeliverspecificcustomerservicelevelsandallowforabetterexperience.
IPSLAandQOSallowstheusertotuneperformanceandprioritizecustomercriticalapplicationssuchasVoiceapplications,wherehighlatencycanreducevoicequalityandtheuserexperience.
VoiceissupportedthroughtheCallManageratthecorporatesiteandcanuseQOStogiveprioritytovoicecallstoensurecallsarealwaysofthehighestquality.
SurvivableRemoteSiteTelephony(SRST)andMGCPCallControlBackupgiveaddedflexibilitytovoicedeployments.
SNMP,NTP,andloggingallowforexternalmanagementoftheroutersandcanaideintheproactivesupportofthenetworkaswellasinthehistoricalperformanceandtroubleshooting.
SSHv2providessecureremoteaccesstothebranchrouters.
HighavailabilityfeaturesintheSurvivableVoiceEnabledBrancharesupportedwithMLPPPforlinkredundancy,SRSTandMGCPCallControlBackupfortheremotebranchtocontinuefunctioningevenifthemainWANlinkisdown.
Forvoice,CiscoUnityConnectionwasusedforvoicemail.
MGCPwastheprimarycall-controlprotocol.
CiscoEnergyWiseisenabledontheroutertoreducepowerconsumption.
Thissolutionusesthefollowingmodulesandinterfaceforfeaturesupport:VWIC2-2MFT-T1/E1VWIC2-1MFT-T1/E1HWIC-4T1/E1PVDM2-64NME-16ES-1G-PVIC2-2FXSVIC2-2FXOVIC3-4FXS/DID2-5CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionSurvivableVoiceEnabledBranchFigure2SurvivableVoiceEnabledBranchTopologyExamplesTheCisco2911ISRG2isalowrackunit(LRU)platform,assuchnotalloftheSurvivableVoiceEnabledBranchvoicemodulesanddual-multilinkinterfacecanbesimultaneouslyinstalledintothechassis.
Thefollowingconfigurationsprovidemoduleandinterfacecombinationsbasedoncommonuse-casescenarios:SurvivableVoiceEnabledBranch—VoiceandData,page2-5SurvivableVoiceEnabledBranch—Data,page2-14HeadquartersExternalTranscoder,page2-24SurvivableVoiceEnabledBranch—VoiceandDataThisconfigurationscenarioincludesone6T1multilinkbundleandoneGRE-over-IPSECtunnelforbothVoiceanddatatraffic.
2911-Med-BR1#shrunBuildingconfiguration.
.
.
Currentconfiguration:11215bytes!
!
Lastconfigurationchangeat20:15:28UTCFriMay282010byadmin!
version15.
0servicetimestampsdebugdatetimemseclocaltimeservicetimestampslogdatetimemseclocaltimeservicepassword-encryptionIPIP249505AnalogendpointsSCCPendpointsDataendpointsMPLSWANGREoverIPsecServiceProviderPEGigabitEthernet2960/3560/3750CiscoAggregationServicesRouterTranscoder/PSTNGatewayDataCenterVoiceEnabledBranchCiscoSecureAccessControlServerNetworkManagementStationCiscoNetflowCollectorPEOPFFXOPRIFXSDual6T1MLPPPbundlesIPIPMMMMMCiscoUnityConnectionPSTNCiscoUnifiedCommunicationsManager2900SeriesISRG22-6CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionSurvivableVoiceEnabledBranch!
hostname2911-Med-BR1!
boot-start-markerbootsystemflash:c2900-universalk9-mz.
SPA.
150-1.
M2.
7boot-end-marker!
cardtypet100cardtypet101cardtypet102loggingbuffered64000enablepassword702150C5E0E120E2D!
!
!
!
!
network-clock-participatewic1nonetwork-clock-participatewic2!
noipv6cefipsource-routeipcef!
!
ipmulticast-routing!
!
dhcppoolisconfiguredforthecustomer-sitephonesipdhcppoolCUCM7.
1.
3network10.
1.
146.
0255.
255.
255.
0option150ip192.
168.
200.
100192.
168.
200.
101default-router10.
1.
146.
1!
!
noipdomainlookupipinspectlogdrop-pkt!
multilinkbundle-nameauthenticated!
!
!
!
isdnswitch-typeprimary-4ess!
cryptopkitokendefaultremovaltimeout0!
!
voice-card0dspservicesdspfarm!
!
!
voiceservicevoip!
!
!
Energywiseconfigurationisenabledonthebranchrouter.
energywisedomainciscosecurityshared-secret0ciscoenergywiseimportance100energywisekeywordsciscoenergywiseneighbor10.
1.
147.
15243441!
!
!
MGCPgatewayfall-backtransitiontodefaulth323configuration.
2-7CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionSurvivableVoiceEnabledBranchapplicationglobalservicealternatedefault!
!
licenseudipidCISCO2911/K9snFTX1405A1Z1hw-modulepvdm0/0!
hw-modulesm1!
!
!
usernameuser1password7094F471A1A0A!
redundancy!
!
controllerT10/0/0clocksourcelineindependentcablelengthlong0dbchannel-group0timeslots1-24!
controllerT10/0/1clocksourcelineindependentcablelengthlong0dbchannel-group0timeslots1-24!
controllerT10/1/0cablelengthlong0dbpri-grouptimeslots1-24servicemgcp!
controllerT10/2/0clocksourcelineindependentcablelengthlong0dbchannel-group0timeslots1-24!
controllerT10/2/1clocksourcelineindependentcablelengthlong0dbchannel-group0timeslots1-24!
controllerT10/2/2clocksourcelineindependentcablelengthlong0dbchannel-group0timeslots1-24!
controllerT10/2/3clocksourcelineindependentcablelengthlong0dbchannel-group0timeslots1-24!
!
!
A6-classLLQQOSModelisdefined.
Classmapsareconfiguredtomatchandclassifypacketsbasedondscpvalues.
ThisisappliedontheoutboundWANside.
class-mapmatch-allQOS-CALLCONTROLmatchipdscpcs3class-mapmatch-allQOS-TRANSACTIONALmatchaccess-group132class-mapmatch-allQOS-NETMGMTmatchipdscpcs2class-mapmatch-allQOS-VOICE2-8CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionSurvivableVoiceEnabledBranchmatchipdscpefclass-mapmatch-allQOS-BULKDATAmatchipdscpcs6!
!
!
Policy-mapsaredefinedinLLQpatternwhereVoiceisgivenpriorityovertherestclasses.
Bandwidthallocationisdoneforvarioustrafficpatterns.
policy-mapLLQ-OUTclassQOS-VOICEprioritypercent40classQOS-CALLCONTROLbandwidthremainingpercent20classQOS-TRANSACTIONALbandwidthremainingpercent8classQOS-BULKDATAbandwidthremainingpercent5classQOS-NETMGMTbandwidthremainingpercent3classclass-defaultqueue-limit1024packets!
zone-basedfirewallisconfiguredtoinspectftptraffic.
class-map,policy-map,andzonesaredefined.
class-maptypeinspectmatch-anyftp-trafficmatchprotocolftppolicy-maptypeinspectftppolicyclasstypeinspectftp-trafficinspectclassclass-defaultpass!
zonesecurityfinancialsdescriptionHQfinancialdocumentszonesecurityusersdescriptionbankinternalemployeeszone-pairsecurityzp1sourceusersdestinationfinancialsservice-policytypeinspectftppolicyzone-pairsecurityzp2sourcefinancialsdestinationusersservice-policytypeinspectftppolicy!
translation-rule10Rule15000710995000!
!
!
!
stepstoconfigureEncryptionforGREtunnel.
!
createaccess-listtodefinethetrafficforencryptionaccess-list120permitgrehost172.
16.
87.
54host172.
16.
85.
58!
Internetsecurityassociationandkeymanagementprotocol(ISAKMP),ISAKMPkeyandIPSECtransformsetaredefined.
EncryptionisAESandpre-shared(PSK)authenticationisusedwheresharedsecretsarepre-defined.
cryptoisakmppolicy10authenticationpre-sharecryptoisakmpkeycisc0123address172.
16.
85.
582-9CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionSurvivableVoiceEnabledBranchcryptoisakmpkeepalive10!
!
cryptoipsectransform-setstrongesp-aesesp-md5-hmacmodetransport!
!
cryptomapisdefinedcryptomapvpn10ipsec-isakmpsetpeer172.
16.
85.
58setsecurity-associationreplaywindow-size1024settransform-setstrongmatchaddress120!
!
!
interfaceLoopback0ipaddress10.
10.
11.
184255.
255.
255.
255!
!
!
GREtunnelconfigurationisdefined.
Thisisoneendofthegretunnel.
interfaceTunnel0ipaddress192.
168.
16.
1255.
255.
255.
0ippimsparse-dense-modezone-membersecurityfinancialsload-interval30keepalive53!
descriptionTunnelwiththephysicalinterface6xT1MLPPPtunnelsourceMultilink1tunneldestination172.
16.
85.
58!
!
interfaceMultilink1ipaddress172.
16.
87.
54255.
255.
255.
252noipredirectsnoipunreachablesnoipproxy-arpipvirtual-reassemblymax-reassemblies1024load-interval30pppmultilinkpppmultilinkgroup1pppmultilinkfragmentdisable!
descriptioncryptomapisappliedonthisWANinterfacecryptomapvpn!
descriptionqosisappliedonthisWANinterfaceforalloutboundtrafficservice-policyoutputLLQ-OUT!
interfaceMultilink2noipaddresspppmultilinkpppmultilinkgroup2!
!
interfaceGigabitEthernet0/0noipaddressduplexautospeedauto!
!
interfaceGigabitEthernet0/1noipaddress2-10CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionSurvivableVoiceEnabledBranchload-interval30duplexautospeedauto!
!
interfaceGigabitEthernet0/2noipaddressshutdownduplexautospeedauto!
!
interfaceSerial0/0/0:0bandwidth1536noipaddressencapsulationpppload-interval30pppmultilinkpppmultilinkgroup1pppmultilinkendpointstringbundle1nofair-queue!
!
interfaceSerial0/0/1:0bandwidth1536noipaddressencapsulationpppload-interval30pppmultilinkpppmultilinkgroup1pppmultilinkendpointstringbundle1nofair-queue!
!
interfaceSerial0/1/0:23noipaddressencapsulationhdlcisdnswitch-typeprimary-niisdnincoming-voicevoiceisdnbind-l3ccm-managernocdpenable!
!
interfaceSerial0/2/0:0bandwidth1536noipaddressencapsulationpppload-interval30pppmultilinkpppmultilinkgroup1pppmultilinkendpointstringbundle1nofair-queue!
!
interfaceSerial0/2/1:0bandwidth1536noipaddressencapsulationpppload-interval30pppmultilinkpppmultilinkgroup1pppmultilinkendpointstringbundle1nofair-queue!
2-11CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionSurvivableVoiceEnabledBranch!
interfaceSerial0/2/2:0bandwidth1536noipaddressencapsulationpppload-interval30pppmultilinkpppmultilinkgroup1pppmultilinkendpointstringbundle1nofair-queue!
!
interfaceSerial0/2/3:0bandwidth1536noipaddressencapsulationpppload-interval30pppmultilinkpppmultilinkgroup1pppmultilinkendpointstringbundle1nofair-queue!
!
!
ThisistheinterfaceconnectingtheIntegratedswitchservicemodule(Etherswitchmodule).
interfaceGigabitEthernet1/0ipaddress192.
168.
20.
1255.
255.
255.
0load-interval30!
!
interfaceGigabitEthernet1/0.
1!
descriptionThisinterfaceactsasadefaultgatewayforVLAN146.
encapsulationdot1Q146.
ipaddress10.
1.
146.
1255.
255.
255.
0zone-membersecurityusersntpbroadcast!
interfaceGigabitEthernet1/0.
2!
descriptionThisinterfaceactsasadefaultgatewayforVLAN147.
encapsulationdot1Q147ipaddress10.
1.
147.
1255.
255.
255.
0ippimsparse-dense-modezone-membersecurityusers!
!
!
!
EIGRPRoutingforGREtunnelisdefined.
routereigrp10network10.
1.
146.
00.
0.
0.
255network10.
1.
147.
00.
0.
0.
255network192.
168.
16.
10.
0.
0.
0neighbor192.
168.
16.
2Tunnel0!
!
OSPFroutingforthePE-CEroutingisdefined.
routerospf109router-id172.
16.
85.
54log-adjacency-changesredistributeconnectednetwork10.
10.
11.
1840.
0.
0.
0area109network172.
16.
87.
520.
0.
0.
3area109!
!
!
2-12CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionSurvivableVoiceEnabledBranchipforward-protocolndnoiphttpservernoiphttpsecure-server!
control-plane!
!
voice-port0/1/0:23echo-cancelcoverage64!
voice-port0/3/0echo-cancelcoverage64timinghookflash-out50station-idnamefxsstation-idnumber8000!
voice-port0/3/1echo-cancelcoverage64timinghookflash-out50station-idnamefaxstation-idnumber8000!
!
call-managerfallbackmgcpconfigurationisdefined.
ccm-managerfallback-mgcpccm-managerredundant-host192.
168.
200.
101ccm-managermgcpccm-managermusic-on-holdccm-managerconfigserver192.
168.
200.
100ccm-managerconfig!
!
mgcpconfigurationwithcall-agentasCALL-MANAGERisdefinedbelow.
mgcpmgcpcall-agent192.
168.
200.
1002427service-typemgcpversion0.
1mgcpdtmf-relayvoipcodecallmodeout-of-bandmgcprtpunreachabletimeout1000actionnotifymgcpmodempassthroughvoipmodensemgcppackage-capabilityrtp-packagemgcppackage-capabilitysst-packagemgcppackage-capabilitypre-packagemgcpdefault-packagefxr-packagenomgcppackage-capabilityres-packagenomgcptimerreceive-rtcpmgcptimernse-responset38250mgcpsdpsimplemgcpfaxrate9600mgcpfaxt38gatewayforcemgcprtppayload-typeg726r16staticmgcpbindcontrolsource-interfaceTunnel0mgcpbindmediasource-interfaceTunnel0!
mgcpprofiledefault!
!
dial-peervoice100potsservicemgcpappdestination-pattern50002-13CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionSurvivableVoiceEnabledBranchtranslate-outgoingcalled10port0/1/0:23!
dial-peervoice200potsservicemgcpappport0/1/0:23!
dial-peervoice300potsservicemgcpappdestination-pattern2.
.
.
incomingcalled-number.
Tdirect-inward-dialport0/1/0:23!
dial-peervoice400voipdestination-pattern5.
.
.
!
dial-peervoice999030potsservicemgcpappport0/3/0!
dial-peervoice999031potsservicemgcpappport0/3/1!
dial-peervoice500voipdestination-pattern971099.
.
.
.
sessiontargetipv4:192.
168.
200.
100faxprotocolt38ls-redundancy0hs-redundancy0fallbackcisco!
dial-peervoice70000voipdestination-pattern7.
.
.
.
sessiontargetipv4:192.
168.
200.
100!
dial-peervoice70001potsport0/3/1!
!
!
!
gatekeepershutdown!
!
!
SRSTconfigurationisdefined.
call-manager-fallbackmax-conferences8gain-6transfer-systemfull-consultipsource-address10.
1.
146.
1port2000max-ephones25max-dn25voicemail5000call-forwardnoan5000timeout30mwirelay!
!
ntpconfigurationisdefinedbelow.
Branchrouter(andallotherdevicesinthenetwork)issync'dtoacentralNTPserverwhichprovidesreliabletime.
ntpsourceGigabitEthernet1/0.
1ntpupdate-calendarntpserver192.
168.
201.
102prefersourceGigabitEthernet1/0.
12-14CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionSurvivableVoiceEnabledBranchlinecon0lineaux0linevty04schedulerallocate200001000end2911-Med-BR1#$SurvivableVoiceEnabledBranch—DataThisconfigurationscenarioincludesadualmultilinkbundleanddualGRE-over-IPSECtunnelscenarioforonlydatatraffic.
2911-Med-BR1#shrunBuildingconfiguration.
.
.
Currentconfiguration:13484bytes!
!
Lastconfigurationchangeat00:54:11UTCFriJul22010byadmin!
version15.
0servicetimestampsdebugdatetimemseclocaltimeservicetimestampslogdatetimemseclocaltimeservicepassword-encryption!
hostname2911-Med-BR1!
boot-start-markerbootsystemflash:c2900-universalk9-mz.
SPA.
150-1.
M2.
12boot-end-marker!
cardtypet100cardtypet101cardtypet102cardtypet103loggingbuffered64000enablepassword702150C5E0E120E2D!
!
!
network-clock-participatewic1nonetwork-clock-participatewic2nonetwork-clock-participatewic3!
noipv6cef!
ipsource-routeipcef!
!
ipmulticast-routing!
!
dhcppoolisconfiguredforcustomer-sitephonesipdhcppoolCUCM7.
1.
3network10.
1.
146.
0255.
255.
255.
02-15CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionSurvivableVoiceEnabledBranchoption150ip192.
168.
200.
100192.
168.
200.
101default-router10.
1.
146.
1!
!
noipdomainlookupipinspectlogdrop-pktipaccounting-threshold2000!
multilinkbundle-nameauthenticated!
!
!
!
isdnswitch-typeprimary-4ess!
!
Energywiseconfigurationisenabledonthebranchrouterenergywisedomainciscosecurityshared-secret0ciscoenergywiseimportance100energywisekeywordsciscoenergywiseneighbor10.
1.
147.
15243441!
cryptopkitokendefaultremovaltimeout0!
!
voice-card0dspservicesdspfarm!
!
!
voiceservicevoip!
!
!
!
!
applicationglobalservicealternatedefault!
!
licenseudipidCISCO2911/K9snFTX1405A1Z1hw-modulepvdm0/0!
hw-modulesm1!
!
!
usernameuser1password7094F471A1A0A!
redundancy!
!
controllerT10/0/0clocksourcelineindependentcablelengthlong0dbchannel-group0timeslots1-24!
controllerT10/0/1clocksourcelineindependentcablelengthlong0dbchannel-group0timeslots1-24!
controllerT10/1/02-16CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionSurvivableVoiceEnabledBranchcablelengthlong0dbpri-grouptimeslots1-24servicemgcp!
controllerT10/2/0clocksourcelineindependentcablelengthlong0dbchannel-group0timeslots1-24!
controllerT10/2/1clocksourcelineindependentcablelengthlong0dbchannel-group0timeslots1-24!
controllerT10/2/2clocksourcelineindependentcablelengthlong0dbchannel-group0timeslots1-24!
controllerT10/2/3clocksourcelineindependentcablelengthlong0dbchannel-group0timeslots1-24!
controllerT10/3/0clocksourcelineindependentcablelengthlong0dbchannel-group0timeslots1-24!
controllerT10/3/1clocksourcelineindependentcablelengthlong0dbchannel-group0timeslots1-24!
controllerT10/3/2clocksourcelineindependentcablelengthlong0dbchannel-group0timeslots1-24!
controllerT10/3/3clocksourcelineindependentcablelengthlong0dbchannel-group0timeslots1-24!
!
!
A6-classLLQQOSModelisdefined.
Classmapsareconfiguredtomatchandclassifypacketsbasedondscpvalues.
ThisisappliedontheoutboundWANside.
class-mapmatch-allQOS-CALLCONTROLmatchipdscpcs3class-mapmatch-allQOS-TRANSACTIONALmatchaccess-group132class-mapmatch-allQOS-NETMGMTmatchipdscpcs2class-mapmatch-allQOS-VOICEmatchipdscpefclass-mapmatch-allQOS-BULKDATAmatchipdscpcs6!
!
Policy-mapsaredefinedinLLQpatternwhereVoiceisgivenpriorityovertherestclasses.
Bandwidthallocationisdoneforvarioustrafficpatterns.
2-17CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionSurvivableVoiceEnabledBranchpolicy-mapWREDclassclass-defaultfair-queuerandom-detectqueue-limit1024packets!
Policy-mapWREDwascreatedforinterfacecongestionscenariosinthenetwork,itgetsappliedontheoutboundwaninterfacetoavoidinterfacecongestion.
policy-mapLLQ-OUTclassQOS-VOICEprioritypercent40classQOS-CALLCONTROLbandwidthremainingpercent20classQOS-TRANSACTIONALbandwidthremainingpercent8classQOS-BULKDATAbandwidthremainingpercent5classQOS-NETMGMTbandwidthremainingpercent3classclass-defaultqueue-limit1024packets!
zone-basedfirewallisconfiguredtoinspectftptraffic.
class-map,policy-map,andzonesaredefined.
class-maptypeinspectmatch-anyftp-trafficmatchprotocolftppolicy-maptypeinspectftppolicyclasstypeinspectftp-trafficinspectclassclass-defaultpass!
zonesecurityfinancialsdescriptionHQfinancialdocumentszonesecurityusersdescriptionbankinternalemployeeszone-pairsecurityzp1sourceusersdestinationfinancialsservice-policytypeinspectftppolicyzone-pairsecurityzp2sourcefinancialsdestinationusersservice-policytypeinspectftppolicy!
translation-rule10Rule15000710995000!
!
translation-rule20Rule1700007109970000!
!
!
stepstoconfigureEncryptionforGREtunnel.
!
createaccess-listtodefinethetrafficforencryption.
access-list120permitgrehost172.
16.
87.
54host172.
16.
85.
58access-list140permitgrehost172.
16.
88.
10host172.
16.
86.
18!
internetsecurityassociationandkeymanagementprotocol(ISAKMP),ISAKMPkeyandIPSECtransformsetaredefined.
EncryptionisAESandpre-shared(PSK)authenticationisusedwheresharedsecretsarepre-defined.
cryptoisakmppolicy10authenticationpre-share2-18CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionSurvivableVoiceEnabledBranchcryptoisakmpkeycisc0123address172.
16.
85.
58cryptoisakmpkeyciscoaddress172.
16.
86.
18cryptoisakmpkeepalive10!
!
cryptoipsectransform-setstrongesp-aesesp-md5-hmacmodetransportcryptoipsecdf-bitclear!
!
cryptomapisdefined.
cryptomapvpn10ipsec-isakmpsetpeer172.
16.
85.
58setsecurity-associationreplaywindow-size1024settransform-setstrongmatchaddress120!
cryptomapvpn210ipsec-isakmpsetpeer172.
16.
86.
18setsecurity-associationreplaywindow-size1024settransform-setstrongmatchaddress140!
!
!
!
!
interfaceLoopback0ipaddress10.
10.
11.
184255.
255.
255.
255!
!
!
GREtunnelconfigurationisdefined.
ThisisoneendofthegreTunnelfor1stmlpppbundle.
interfaceTunnel0ipaddress192.
168.
16.
1255.
255.
255.
0ippimsparse-dense-modezone-membersecurityfinancialsipigmpjoin-group239.
0.
10.
10load-interval30keepalive53descriptionassociateTunnelwiththephysicalinterface6xT1MLPPPtunnelsourceMultilink1tunneldestination172.
16.
85.
58!
!
GREtunnel2configurationisdefined.
ThisisoneendofthegreTunnelfor2ndMLPPPbundle.
interfaceTunnel10ipaddress192.
168.
15.
1255.
255.
255.
0zone-membersecurityfinancialsdescriptionassociateTunnelwiththephysicalinterface6xT1MLPPPtunnelsourceMultilink2tunneldestination172.
16.
86.
18!
!
interfaceMultilink1ipaddress172.
16.
85.
54255.
255.
255.
252noipredirectsnoipunreachablesnoipproxy-arpipvirtual-reassemblymax-reassemblies1024load-interval30pppmultilink2-19CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionSurvivableVoiceEnabledBranchpppmultilinkgroup1descriptioncryptomapisappliedonthisWANinterfacecryptomapvpn!
descriptionqosisappliedonthisWANinterfaceforalloutboundtrafficservice-policyoutputLLQ-OUTcryptoipsecdf-bitcopy!
!
interfaceMultilink2ipaddress172.
16.
88.
10255.
255.
255.
248noipredirectsnoipunreachablesnoipproxy-arpipospfcost10pppmultilinkpppmultilinkgroup2descriptioncryptomapisappliedonthisWANinterfacecryptomapvpn2descriptionqosisappliedonthisWANinterfaceforalloutboundtrafficservice-policyoutputLLQ-OUT!
interfaceGigabitEthernet0/0noipaddressduplexautospeedauto!
!
interfaceGigabitEthernet0/1noipaddressload-interval30duplexautospeedauto!
!
interfaceGigabitEthernet0/2noipaddressshutdownduplexautospeedauto!
!
interfaceSerial0/0/0:0bandwidth1536noipaddressencapsulationpppload-interval30pppmultilinkpppmultilinkgroup1pppmultilinkendpointstringbundle1nofair-queue!
!
interfaceSerial0/0/1:0bandwidth1536noipaddressencapsulationpppload-interval30pppmultilinkpppmultilinkgroup1pppmultilinkendpointstringbundle1nofair-queue!
2-20CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionSurvivableVoiceEnabledBranch!
interfaceSerial0/1/0:23noipaddressencapsulationhdlcisdnswitch-typeprimary-niisdnincoming-voicevoicenocdpenable!
!
interfaceSerial0/2/0:0bandwidth1536noipaddressencapsulationpppload-interval30pppmultilinkpppmultilinkgroup1pppmultilinkendpointstringbundle1nofair-queue!
!
interfaceSerial0/2/1:0bandwidth1536noipaddressencapsulationpppload-interval30pppmultilinkpppmultilinkgroup1pppmultilinkendpointstringbundle1nofair-queue!
!
interfaceSerial0/2/2:0bandwidth1536noipaddressencapsulationpppload-interval30pppmultilinkpppmultilinkgroup1pppmultilinkendpointstringbundle1nofair-queue!
!
interfaceSerial0/2/3:0bandwidth1536noipaddressencapsulationpppload-interval30pppmultilinkpppmultilinkgroup1pppmultilinkendpointstringbundle1nofair-queue!
!
interfaceSerial0/3/0:0noipaddressencapsulationppppppmultilinkpppmultilinkgroup2pppmultilinkendpointstringbundle2!
!
interfaceSerial0/3/1:0noipaddressencapsulationppp2-21CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionSurvivableVoiceEnabledBranchpppmultilinkpppmultilinkgroup2pppmultilinkendpointstringbundle2!
!
interfaceSerial0/3/2:0noipaddressencapsulationppppppmultilinkpppmultilinkgroup2pppmultilinkendpointstringbundle2!
!
interfaceSerial0/3/3:0noipaddressencapsulationppppppmultilinkpppmultilinkgroup2pppmultilinkendpointstringbundle2!
!
interfaceGigabitEthernet1/0descriptioninterfacetoconnecttointegratedswitchmoduleipaddress192.
168.
20.
1255.
255.
255.
0load-interval30!
!
interfaceGigabitEthernet1/0.
1descriptionThisinterfaceactsasadefaultgatewayforVLAN146encapsulationdot1Q146ipaddress10.
1.
146.
1255.
255.
255.
0zone-membersecurityusersntpbroadcast!
interfaceGigabitEthernet1/0.
2descriptionThisinterfaceactsasadefaultgatewayforVLAN147encapsulationdot1Q147ipaddress10.
1.
147.
1255.
255.
255.
0ippimsparse-dense-modezone-membersecurityusers!
!
!
EIGRPRoutingforGREtunnelisdefined.
routereigrp10network10.
1.
146.
00.
0.
0.
255network10.
1.
147.
00.
0.
0.
255network192.
168.
15.
0network192.
168.
16.
0neighbor192.
168.
16.
2Tunnel0neighbor192.
168.
15.
2Tunnel10!
!
OSPFroutingforthePE-CEroutingisdefined.
routerospf109router-id172.
16.
85.
54log-adjacency-changesnetwork10.
10.
11.
1840.
0.
0.
0area109network172.
16.
87.
520.
0.
0.
3area109network172.
16.
88.
80.
0.
0.
7area109!
!
ipforward-protocolnd2-22CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionSurvivableVoiceEnabledBranch!
ippimrp-address192.
168.
200.
1noiphttpservernoiphttpsecure-server!
access-list100permitip192.
168.
0.
00.
0.
255.
255anyaccess-list150permitudpanyanyeqsnmp!
!
cdpconfigurationcdptimer5cdpholdtime20!
!
!
!
control-plane!
!
!
voice-port0/1/0:23echo-cancelcoverage64!
!
call-managerfallbackmgcpconfigurationisdefinedccm-managerfallback-mgcpccm-managerredundant-host192.
168.
200.
101ccm-managermgcpccm-managermusic-on-holdccm-managerconfigserver192.
168.
200.
100ccm-managerconfig!
!
mgcpconfigurationwithcall-agentasCALL-MANAGERisdefinedbelowmgcpmgcpcall-agent192.
168.
200.
1002427service-typemgcpversion0.
1mgcpdtmf-relayvoipcodecallmodente-gwmgcprtpunreachabletimeout1000actionnotifymgcpmodempassthroughvoipmodensemgcppackage-capabilityrtp-packagemgcppackage-capabilitysst-packagemgcppackage-capabilitypre-packagemgcpdefault-packagefxr-packagenomgcppackage-capabilityres-packagenomgcptimerreceive-rtcpmgcpsdpsimplemgcprtppayload-typeg726r16staticmgcpbindcontrolsource-interfaceTunnel0mgcpbindmediasource-interfaceTunnel0!
mgcpprofiledefault!
2-23CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionSurvivableVoiceEnabledBranch!
dial-peervoice100potsservicemgcpappdestination-pattern5000translate-outgoingcalled10port0/1/0:23!
dial-peervoice200potsservicemgcpappport0/1/0:23!
dial-peervoice300potsservicemgcpappdestination-pattern2.
.
.
incomingcalled-number.
Tdirect-inward-dialport0/1/0:23!
dial-peervoice400voipdestination-pattern5.
.
.
!
dial-peervoice999031potsservicemgcpapp!
dial-peervoice500voipdestination-pattern971099.
.
.
.
sessiontargetipv4:192.
168.
200.
100faxprotocolt38ls-redundancy0hs-redundancy0fallbackcisco!
dial-peervoice70000voipdestination-pattern7.
.
.
.
sessiontargetipv4:192.
168.
200.
100!
dial-peervoice70001pots!
dial-peervoice999030potsservicemgcpapp!
!
!
!
gatekeepershutdown!
!
SRSTconfigurationcall-manager-fallbackmax-conferences8gain-6transfer-systemfull-consultipsource-address192.
168.
146.
1port2000max-ephones25max-dn25voicemail5000call-forwardnoan5000timeout30mwirelay!
!
ntpconfigurationisdefinedbelow.
Branchrouter(andallotherdevicesinthenetwork)issync'dtoacentralNTPserver,whichprovidesreliabletime.
ntpsourceGigabitEthernet1/0.
1ntpupdate-calendarntpserver192.
168.
201.
102prefersourceGigabitEthernet1/0.
12-24CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionSurvivableVoiceEnabledBranchlinecon0lineaux0linevty04transportinputall!
exceptiondata-corruptionbuffertruncateschedulerallocate2000010002911-Med-BR1#HeadquartersExternalTranscoderHQ-Transcoder#shrunBuildingconfiguration.
.
.
Currentconfiguration:3109bytes!
!
Lastconfigurationchangeat19:55:30UTCFriMay282010!
version15.
0servicetimestampsdebugdatetimemsecservicetimestampslogdatetimemsecnoservicepassword-encryption!
hostnameHQ-Transcoder!
boot-start-markerbootsystemflash:c2801-adventerprisek9-mz.
150-1.
M2.
7boot-end-marker!
cardtypet101loggingbuffered50000000!
noaaanew-model!
!
!
network-clock-participatewic1dot11syslogipsource-route!
!
!
!
ipcefnoipv6cef!
multilinkbundle-nameauthenticated!
!
!
!
isdnswitch-typeprimary-ni!
!
!
voiceservicevoip2-25CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionSurvivableVoiceEnabledBranchfaxprotocolt38ls-redundancy0hs-redundancy0fallbackcisco!
!
!
!
voice-card0dspservicesdspfarm!
!
!
!
!
licenseudipidCISCO2801snFHK084510HCarchivelogconfighidekeys!
redundancy!
!
controllerT10/1/0clocksourceinternalcablelengthlong0dbpri-grouptimeslots1-24!
controllerT10/1/1cablelengthlong0db!
!
translation-rule10Rule17109950005000!
!
!
!
!
!
!
!
!
interfaceFastEthernet0/0ipaddress192.
168.
200.
110255.
255.
255.
0load-interval30duplexautospeedauto!
!
interfaceFastEthernet0/1noipaddressshutdownduplexautospeedauto!
!
interfaceSerial0/1/0:23noipaddressencapsulationhdlcisdnswitch-typeprimary-niisdnincoming-voicevoicenocdpenable!
!
!
routereigrp102-26CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionSurvivableVoiceEnabledBranchnetwork40.
0.
0.
0!
ipforward-protocolndnoiphttpservernoiphttpsecure-server!
!
iproute0.
0.
0.
00.
0.
0.
0FastEthernet0/0!
!
!
!
!
!
!
control-plane!
!
disable-eadi!
voice-port0/0/0station-idnumber70000!
voice-port0/0/1!
voice-port0/1/0:23!
dspfarmexternalconference/transcode/mtpconfiguration*******!
sccplocalFastEthernet0/0sccpccm192.
168.
200.
100identifier1priority1version7.
0sccp!
sccpccmgroup1bindinterfaceFastEthernet0/0associateccm1priority1associateprofile3registertrans-2911associateprofile2registermtp-2911associateprofile1registerconfer-2911switchovermethodimmediate!
dspfarmprofile3transcodeuniversalcodecg711ulawcodecg711alawcodecg729ar8codecg729abr8codecg729r8codecg729br8codecg722-64codecg723r53codecg723r63maximumsessions4associateapplicationSCCP!
dspfarmprofile1conferencecodecg711ulawcodecg711alawcodecg729ar8codecg729abr8codecg729r8codecg729br8codecg722-64maximumsessions1associateapplicationSCCP2-27CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionSurvivableVoiceEnabledBranch!
dspfarmprofile2mtpcodecg711ulawmaximumsessionssoftware3associateapplicationSCCP!
dial-peervoice100voipdestination-pattern5.
.
.
sessiontargetipv4:192.
168.
200.
100dtmf-relayh245-alphanumeric!
dial-peervoice200voipdestination-pattern4.
.
.
sessiontargetipv4:192.
168.
200.
100!
dial-peervoice300potsdestination-pattern71099Tport0/1/0:23!
dial-peervoice400voipdestination-pattern970319.
.
.
.
.
dtmf-relayh245-signalfax-relayecmdisablefaxprotocolt38ls-redundancy0hs-redundancy0fallbackcisco!
dial-peervoice500potsdestination-pattern970319.
.
.
.
.
port0/0/0!
!
!
!
linecon0lineaux0linevty04login!
exceptiondata-corruptionbuffertruncateschedulerallocate200001000endHQ-Transcoder#IntegratedSwitchswitch-es#shrunBuildingconfiguration.
.
.
Currentconfiguration:8576bytes!
!
Lastconfigurationchangeat19:21:24UTCThuApr201905!
NVRAMconfiglastupdatedat18:40:55UTCThuApr201905!
version12.
2noservicepadservicetimestampsdebuguptimeservicetimestampsloguptimenoservicepassword-encryption!
hostnameSWITCH-ES!
2-28CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionSurvivableVoiceEnabledBranchboot-start-markerboot-end-marker!
!
!
!
noaaanew-modelsystemmturouting1500authenticationmac-movepermitipsubnet-zeronoipdomain-lookup!
!
!
mlsqosmappoliced-dscp242646to0mlsqosmapcos-dscp08162432464856mlsqossrr-queueinputbandwidth9010mlsqossrr-queueinputthreshold1816mlsqossrr-queueinputthreshold23466mlsqossrr-queueinputbuffers6733mlsqossrr-queueinputcos-mapqueue1threshold21mlsqossrr-queueinputcos-mapqueue1threshold30mlsqossrr-queueinputcos-mapqueue2threshold12mlsqossrr-queueinputcos-mapqueue2threshold2467mlsqossrr-queueinputcos-mapqueue2threshold335mlsqossrr-queueinputdscp-mapqueue1threshold29101112131415mlsqossrr-queueinputdscp-mapqueue1threshold301234567mlsqossrr-queueinputdscp-mapqueue1threshold332mlsqossrr-queueinputdscp-mapqueue2threshold11617181920212223mlsqossrr-queueinputdscp-mapqueue2threshold23334353637383948mlsqossrr-queueinputdscp-mapqueue2threshold24950515253545556mlsqossrr-queueinputdscp-mapqueue2threshold257585960616263mlsqossrr-queueinputdscp-mapqueue2threshold32425262728293031mlsqossrr-queueinputdscp-mapqueue2threshold34041424344454647mlsqossrr-queueoutputcos-mapqueue1threshold35mlsqossrr-queueoutputcos-mapqueue2threshold3367mlsqossrr-queueoutputcos-mapqueue3threshold324mlsqossrr-queueoutputcos-mapqueue4threshold21mlsqossrr-queueoutputcos-mapqueue4threshold30mlsqossrr-queueoutputdscp-mapqueue1threshold34041424344454647mlsqossrr-queueoutputdscp-mapqueue2threshold32425262728293031mlsqossrr-queueoutputdscp-mapqueue2threshold34849505152535455mlsqossrr-queueoutputdscp-mapqueue2threshold35657585960616263mlsqossrr-queueoutputdscp-mapqueue3threshold31617181920212223mlsqossrr-queueoutputdscp-mapqueue3threshold33233343536373839mlsqossrr-queueoutputdscp-mapqueue4threshold18mlsqossrr-queueoutputdscp-mapqueue4threshold29101112131415mlsqossrr-queueoutputdscp-mapqueue4threshold301234567mlsqosqueue-setoutput1threshold113813892138mlsqosqueue-setoutput1threshold213813892400mlsqosqueue-setoutput1threshold33677100318mlsqosqueue-setoutput1threshold4205067400mlsqosqueue-setoutput2threshold1149149100149mlsqosqueue-setoutput2threshold2118118100235mlsqosqueue-setoutput2threshold34168100272mlsqosqueue-setoutput2threshold44272100242mlsqosqueue-setoutput1buffers10102654mlsqosqueue-setoutput2buffers1661761mlsqos!
energywiseconfigurationenergywisedomainciscosecurityshared-secret0ciscoenergywiseimportance1002-29CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionSurvivableVoiceEnabledBranchenergywisenamem-lineenergywisekeywordscisco!
cryptopkitrustpointTP-self-signed-1770627072enrollmentselfsignedsubject-namecn=IOS-Self-Signed-Certificate-1770627072revocation-checknonersakeypairTP-self-signed-1770627072!
!
cryptopkicertificatechainTP-self-signed-1770627072certificateself-signed0130820242308201ABA003020102020101300D06092A864886F70D01010405003031312F302D06035504031326494F532D53656C662D5369676E65642D43657274696669636174652D31373730363237303732301E170D3933303330313030303131325A170D3230303130313030303030305A3031312F302D06035504031326494F532D53656C662D5369676E65642D43657274696669636174652D3137373036323730373230819F300D06092A864886F70D010101050003818D0030818902818100C9596B84601DE6ED39BFF87B97ADEDE42D911C5DD98A0B08BD084D42FB45BDC3BFBAECE416484EAD10D43B267E8810FBA1054AF7AEF922ED5E4FE829284EF0D94C230A444C2A7D4C6DC0D56B9BAE489C592E984FF891423D92C7FD32639410855FB7AA2B05B1EB5996C79A233FFA6519E5DE2EDB9AF2F617BDB14F085F150B3D0203010001A36A3068300F0603551D130101FF040530030101FF30150603551D11040E300C820A5357495443482D45532E301F0603551D23041830168014725574E795CA4388030A055C6BBE8021EA6DC827301D0603551D0E04160414725574E795CA4388030A055C6BBE8021EA6DC827300D06092A864886F70D0101040500038181009EE163566A1D5743C193606793B331BA09531D6C6E48F9BCCD962DF43E29112C7458C4A832FEF4537D39731E99D898E84238F8DEA00A741A5F5E945C9A18677AC87A656755792AA89533AC51BA42CBAB8E7594F78D282CFDFBCF2D5AFAA332E92B767B4F006485FAF82998D54EA273D44A77E3476B223AB82B73A448F11F69CBquit!
!
!
spanning-treemodepvstspanning-treeetherchannelguardmisconfigspanning-treeextendsystem-id!
vlaninternalallocationpolicyascending!
!
class-mapmatch-allAutoQoS-VoIP-RTP-Trustmatchipdscpefclass-mapmatch-allAutoQoS-VoIP-Control-Trustmatchipdscpcs3af31!
!
policy-mapAutoQoS-Police-CiscoPhoneclassAutoQoS-VoIP-RTP-Trustsetdscpefpolice3200008000exceed-actionpoliced-dscp-transmitclassAutoQoS-VoIP-Control-Trustsetdscpcs3police320008000exceed-actionpoliced-dscp-transmit!
!
!
interfaceFastEthernet1/0/1switchportaccessvlan147switchportmodeaccessswitchportvoicevlan146srr-queuebandwidthshare10106020priority-queueout2-30CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionSurvivableVoiceEnabledBranchmlsqostrustdevicecisco-phonemlsqostrustcosenergywiselevel10recurrenceimportance95at06***energywiselevel0recurrenceimportance95at04***energywiseimportance100energywisekeywordsciscoenergywisenamem-line-phone3autoqosvoipcisco-phonespanning-treeportfastservice-policyinputAutoQoS-Police-CiscoPhone!
interfaceFastEthernet1/0/2switchportaccessvlan147switchportmodeaccessswitchportvoicevlan146spanning-treeportfast!
interfaceFastEthernet1/0/3description***pagentbr****switchportaccessvlan147spanning-treeportfast!
interfaceFastEthernet1/0/4switchportaccessvlan147switchportvoicevlan146spanning-treeportfast!
interfaceFastEthernet1/0/5switchportaccessvlan147switchportvoicevlan146srr-queuebandwidthshare10106020priority-queueoutmlsqostrustdevicecisco-phonemlsqostrustcosenergywiselevel10recurrenceimportance95at06***energywiselevel0recurrenceimportance95at04***energywiseimportance100energywisekeywordsciscoenergywisenamem-line-phoneautoqosvoipcisco-phonespanning-treeportfastservice-policyinputAutoQoS-Police-CiscoPhone!
interfaceFastEthernet1/0/6switchportaccessvlan147switchportvoicevlan146srr-queuebandwidthshare10106020priority-queueoutmlsqostrustdevicecisco-phonemlsqostrustcosenergywiselevel10recurrenceimportance95at06***energywiselevel0recurrenceimportance95at04***energywiseimportance100energywisekeywordsciscoenergywisenamem-line-phone2autoqosvoipcisco-phonespanning-treeportfastservice-policyinputAutoQoS-Police-CiscoPhone!
interfaceFastEthernet1/0/7switchportaccessvlan147!
interfaceFastEthernet1/0/8switchportaccessvlan1472-31CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionSurvivableVoiceEnabledBranch!
interfaceFastEthernet1/0/9switchportaccessvlan147!
interfaceFastEthernet1/0/10switchportaccessvlan147!
interfaceFastEthernet1/0/11switchportaccessvlan147!
interfaceFastEthernet1/0/12switchportaccessvlan147!
interfaceFastEthernet1/0/13switchportaccessvlan147!
interfaceFastEthernet1/0/14switchportaccessvlan147!
interfaceFastEthernet1/0/15switchportaccessvlan147!
interfaceFastEthernet1/0/16!
interfaceGigabitEthernet1/0/1switchportaccessvlan147switchporttrunkencapsulationdot1qswitchportmodetrunkshutdown!
interfaceGigabitEthernet1/0/2switchporttrunkencapsulationdot1qswitchportmodetrunkspanning-treeportfast!
interfaceVlan1noipaddress!
interfaceVlan147ipaddress192.
168.
147.
151255.
255.
255.
0!
ipclasslessiphttpserveriphttpsecure-server!
ipslaenablereaction-alerts!
aliasexecsishowipinterfacebriefaliasexecsrshowrun|begin^routeraliasexeccconftaliasexecsshowrunaliasexecsibshowipbgpaliasexeccibclearipbgpaliasexecsirshowiproutealiasexeccircleariproute!
linecon0linevty04nologinlength0linevty515nologin!
end2-32CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoiceHighAvailabilityBranchwithSurvivableVoiceHighAvailabilityBranchwithSurvivableVoicerequirementsincludehighavailability,security,efficientuseofbandwidth,andenergyefficiency.
TheCiscoIntegratedServicesRoutersGeneration2(ISRG2)allowthesetypesofservices,andothers,toresidewithinthesamerouterandprovidemaximumperformanceandfeaturecoverage,whichresultsinthelowesttotalcostofownership(TCO).
ThefinancialbranchhastwoCisco3900ISRG2srunningCiscoInternetOperatingSystem(IOS)version15.
0(1)M3,andtheyareconnectedtoeachotherviamulti-groupHSRP.
TheseCisco3900ISRG2sareconnectedovertheWANusinghigh-speedlinkstoeitherasinglehead-end,oriffurtherredundancyisneeded,dualhead-endrouters.
AnydataatthebranchismarkedandclassifiedandsentthroughtheWAASmoduleforWANOptimizationbeforeitisencryptedusingGETVPNandsenttothehead-end.
WANOptimizationallowsforbetterusageoftheWANlinks,aswellascustomerperceivedperformanceincreases.
BGPisusedastheroutingprotocolbetweenPE-CEallowingforlargeprefixsupportandawidechoiceofproviders.
SecurityfeaturescoveredinthistopologyincludeAAAandTACACSforauthenticationandlogging,GETVPNforany-to-anyconnectivityofotherremotebranchesallowingsimplerandeasiersecuredeploymentsandconnections.
GETVPN'sfeaturesalsoallowhigherscalabilitybyavoidingafulllogicalmeshaswellassimplerconfigurationandoverallsupport.
WAAS,IPSLA,andQoSgivetheHighAvailabilityBranchwithSurvivableVoiceadditionalabilitytodeliverspecificcustomerservicelevelsandallowforabetterexperience.
WAASallowsthemostefficientuseoftheWANpipesandinmanyscenarioswillgivetheperceptionthattheWANconnectionisfarsuperiorthantheactuallinkspeeds.
IPSLAandQoSallowstheusertotunetheperformanceandprioritizecustomercriticalapplications'suchasVoiceapplicationswherehighlatencycanreducevoicequalityanduserexperience.
SNMP,NTPandSyslogallowsforexternalmanagementoftheroutersandcanaideinproactivesupportofthenetworkaswellashistoricalperformanceandtroubleshooting.
SSHv2providessecureremoteaccesstothebranchrouters.
FlexibleNetFlowisusedtoacquireoperationaldataandusethatdatatounderstandhowthenetworkisbehaving.
DataisexportedtoacollectorattheDataCenter.
VoiceissupportedthroughtheCallManageratthecorporatesite,andcanuseQoStogiveprioritytovoicecallstoensurecallsarealwaysofthehighestquality.
PSTNaccessforbranchusersisprovidedbyaSIPtrunkterminatedbyaCUBEserverthatisdeployedattheDataCenter.
HighavailabilityiscriticaltotheHighAvailabilityBranchwithSurvivableVoiceandissupportedwiththeCisco3900ISRG2dualpowersupplies,multiplebranchroutersandpotentiallymultiplehead-endrouters,multipleHSRPgroups,andSurvivableRemoteSiteTelephony(SRST/SRSV).
CiscoEnergyWiseisenabledontheroutertoreducepowerconsumption.
Thissolutionusesthefollowingmodulesforfeaturesupport:VWIC2-1MFT-T1/E1NME-CUENME-WAE-502-K9NME-UMG2-33CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoiceFigure3HighAvailabilityBranchwithSurvivableVoiceTopologyIPIPIPIP249616MPLSWANGETVPNPEGigabitEthernet2960/3560/375037503750CiscoAggregationServicesRouterCentralManagerDataCenterCiscoSecureAccessControlServerCiscoConfigurationEngineNetworkManagementStationCiscoNetflowCollectorHSRPWAASPET1PRISRS+SRSV3900SeriesISRG23900SeriesISRG2NME-502-WAE-K9MMMMMCiscoUnityConnectionUMGSIPSIPAT&TSIP/VoIPNetworkPSTNHighAvailabilityBranchwithVoiceSurvivableVoicePSTNCiscoUnifiedCommunicationsManagerSCCPSCCP35603560WAASAppliance28512851KeyServersGigabitEthernet2-34CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoiceExamplesBranchConfigurationsBranchRouter1,page2-34BranchRouter2,page2-41NME-WAE-502-K9,page2-46NME-CUE,page2-61HeadquarterConfigurationsKeyServer1,page2-65KeyServer2,page2-68HeadquartersAggregationRouter,page2-70CiscoUnifiedMessagingGateway,page2-76BranchRouter1!
version15.
0servicetimestampsdebugdatetimemseclocaltimeservicetimestampslogdatetimemseclocaltimenoservicepassword-encryption!
hostname3945-LBR-1!
boot-start-markerbootsystemflash:c3900-universalk9-mz.
SPA.
150-1.
M2.
13boot-end-marker!
cardtypet100loggingbuffered5000000enablepasswordlab!
clocktimezonePST-7network-clock-participatewic0!
cryptopkitokendefaultremovaltimeout0!
cryptopkitrustpointTP-self-signed-3732185865enrollmentselfsignedsubject-namecn=IOS-Self-Signed-Certificate-3732185865revocation-checknonersakeypairTP-self-signed-3732185865!
!
cryptopkicertificatechainTP-self-signed-3732185865certificateself-signed023082024D308201B6A003020102020102300D06092A864886F70D01010405003031312F302D06035504031326494F532D53656C662D5369676E65642D43657274696669636174652D33373332313835383635301E170D3130303633303231303830355A170D3230303130313030303030305A3031312F302D06035504031326494F532D53656C662D5369676E65642D43657274696669636174652D3337333231383538363530819F300D06092A864886F70D010101050003818D0030818902818100EB1F952F8FC6A34E479814C3DDBB433DF03A6A2D950E991911694ED7B7BAF19B5F9D9274133854B0500A52B90826D2C027BBD72984339C000428C273286428A04B44A3BCDBECA3E1F5053A98FD8079CBA8786D872863F8A6A992C0F103EB2-35CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoiceC1D0FA66EF7BBF36A19A7A04CF6D9AC13689F8DD9F32FD809924AC29FD3967BBAA1F0203010001A3753073300F0603551D130101FF040530030101FF30200603551D110419301782154D4C494E452D4C42522D312E6D6C696E652E636F6D301F0603551D2304183016801491EC4AAC0C2275163276C44A2C2BA6735FFCC81F301D0603551D0E0416041491EC4AAC0C2275163276C44A2C2BA6735FFCC81F300D06092A864886F70D010104050003818100B9D1D73028632D5151D7D5AFBA5CBD2C11E0BA31DBB398F85B4D8B2728BB5CFE0BD39C0E2E46A63F7DA1C7D2B4A859A2155BCF0825C9173C7EE23C5F29F7E026D2DBFBD98D2C4074C6D336783DB920FAFC77F96C77A0AE9E4A92EC91B86054225362BACB8D46D7F397F5AA8919C33C832FEABE53854138742C3BDCC8AE80A239quitnoipv6cef!
ipsource-routeipcef!
ipmulticast-routing!
ArangeofaddresseswhichareusedfortherouterinterfacesareexcludedfrombeingassignedtothebranchIPphonesusingDHCP.
ipdhcpexcluded-address10.
1.
150.
110.
1.
150.
10!
!
ADHCPpooliscreatedonthebranchroutertoprovideIPaddressestothebranchIPphones.
ipdhcppoolBRANCH_PHONESnetwork10.
1.
150.
0255.
255.
255.
0option150ip192.
168.
200.
100default-router10.
1.
150.
10!
Onlypacketsmatchingtheaccess-list120arechosenforWCCPredirection.
ThisenablescontroloverwhichpacketsareinterceptedandredirectedbyWCCPforWAAS.
ipwccp61redirect-list120ipwccp62redirect-list120!
multilinkbundle-nameauthenticated!
parameter-maptypeinspectglobal!
isdnswitch-typeprimary-5ess!
EnergyWiseisenabledonthebranchrouter.
energywisedomainmlinesecurityshared-secret0cisco!
voice-card0!
applicationglobalservicealternateDefault!
!
licenseudipidC3900-SPE150/K9snFOC14090YW1hw-modulepvdm0/0energywiseactivitycheck!
hw-modulesm2!
hw-modulesm4!
!
!
usernamelabpassword0lab!
redundancy!
!
2-36CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoicecontrollerT10/0/0cablelengthlong0dbpri-grouptimeslots1-24!
track1interfaceGigabitEthernet0/1line-protocol!
!
AneightclassQoSmodelisdefined.
ClassmapsareconfiguredtomatchandclassifypacketsbasedonDSCPvalues/protocoltypes/ACLs.
ThisisusedontheINBOUNDLANside.
class-mapmatch-allqos-callcontrolmatchprotocolskinnyclass-mapmatch-allqos-buscritmatchaccess-group111class-mapmatch-allqos-transactionalmatchaccess-group112class-mapmatch-allqos-netmgmtmatchprotocolsnmpclass-mapmatch-allqos-voicematchprotocolrtpclass-mapmatch-allqos-routingmatchdscpcs6class-mapmatch-allqos-scavengermatchdscpcs1class-mapmatch-anyqos-bulkdatamatchprotocolftpmatchprotocolsmtpmatchaccess-group110!
AneightclassQoSmodelisdefined.
ClassmapsareconfiguredtomatchandclassifypacketsbasedonDSCPvalues.
ThisisusedontheOUTBOUNDWANside.
class-mapmatch-allCALLCONTROLmatchdscpcs3class-mapmatch-allBUSCRITmatchdscpaf31class-mapmatch-allTRANSACTIONALmatchdscpaf21class-mapmatch-allNETMGMTmatchdscpcs2class-mapmatch-allVOICEmatchdscpefclass-mapmatch-allROUTINGmatchdscpcs6class-mapmatch-allSCAVENGERmatchdscpcs1class-mapmatch-allBULKDATAmatchdscpaf11!
!
Apolicymapisdefined,specifyingthebandwidthallocationtothevariousclasses.
Shapingisconfiguredtolimitthetrafficto10%oftheavailablelinkbandwidth.
policy-mapOUTBOUND-WAN-CLASSIFYclassBULKDATAbandwidthpercent5classROUTINGbandwidthpercent3classNETMGMTbandwidthpercent3classCALLCONTROLbandwidthpercent5classVOICEbandwidthpercent202-37CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoiceclassTRANSACTIONALbandwidthpercent8classBUSCRITbandwidthpercent10classSCAVENGERbandwidthpercent1classclass-defaultbandwidthpercent45policy-mapOUTBOUND-WAN-SHAPEclassclass-defaultshapeaveragepercent10service-policyOUTBOUND-WAN-CLASSIFY!
PolicymapisdefinedtoremarkINBOUNDtrafficattheLANedge.
policy-mapINBOUND_LAN_REMARKINGclassqos-callcontrolsetdscpcs3classqos-buscritsetdscpaf31classqos-transactionalsetdscpaf21classqos-netmgmtsetdscpcs2classqos-voicesetdscpefclassqos-routingsetdscpcs6classqos-scavengersetdscpcs1classqos-bulkdatasetdscpaf11!
!
IKEPhase1(ISAKMP)policyisdefined.
EncryptionisAESandpre-shared(PSK)authenticationisusedwheresharedsecretsarepre-definedintheencryptiondevices.
!
ThisisrequiredtoenabletheGETVPNGM(Groupmember)andtheKS(Keyserver)toauthenticateeachother.
cryptoisakmppolicy10encraesauthenticationpre-sharegroup2lifetime1200cryptoisakmpkey1234567ABCDEFGaddress172.
16.
81.
3cryptoisakmpkey1234567ABCDEFGaddress172.
16.
81.
4!
!
GETPVNGDOIgroupisconfiguredusingthesameidentifydefinedontheKS(KeyServer).
TheIPaddressesofthekeyserversarespecified.
cryptogdoigroupgetvpnidentitynumber1234serveraddressipv4172.
16.
81.
3serveraddressipv4172.
16.
81.
4!
!
Thecryptomapisdefinedwiththe"gdoi"typewhichindicatesGETVPN.
ThecryptomapisappliedtotheWANinterfacei.
e.
Gig0/1.
cryptomapgetvpn-map10gdoisetgroupgetvpn!
interfaceLoopback0ipaddress10.
1.
3.
1255.
255.
255.
255!
!
interfaceGigabitEthernet0/02-38CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoicedescriptionLANnoipaddressload-interval30duplexfullspeed1000!
service-policyinputINBOUND_LAN_REMARKING!
TheservicepolicyisappliedtotheLANinterfacetoremarkpackets,thuspreventinghostsfromsettingprecedencevaluesandgainingundesiredhigherpriority.
!
!
ThisisthesubinterfacefortheVOICEtraffic.
HSRPisconfiguredwithauthentication.
ThevirtualIPisspecified.
!
PriorityisconfiguredsuchthatundernormaloperationthisbranchrouterwillbetheActiverouter.
interfaceGigabitEthernet0/0.
150descriptionVOICEVLANencapsulationdot1Q150ipaddress10.
1.
150.
1255.
255.
255.
0standby1ip10.
1.
150.
10standby1priority200standby1preemptstandby1authentication1234ABCDstandby1track1decrement110!
!
ThisisthesubinterfacefortheDATAtraffic.
2HSRPgroupsareconfiguredwithauthentication.
!
Prioritiesareconfiguredsuchthatundernormaloperation,thisbranchrouteristheActiverouterforgroup1andthestandbyrouterforgroup2.
Therolesarereversedontheotherbranchrouter.
!
ThisenablesloadbalancingifbranchhostsareorganizedandconfiguredsuchthattheirdefaultgatewaysaredifferentHSRPvirtualIPs.
interfaceGigabitEthernet0/0.
151descriptionDATAVLANencapsulationdot1Q151ipaddress10.
1.
151.
1255.
255.
255.
0ipwccp61redirectin!
WAASTCPpromiscuousmodegroup61configuredfortrafficredirectionippimsparse-mode!
MulticastPIMsparse-modeisconfigured.
ipigmpjoin-group224.
1.
1.
1standby1ip10.
1.
151.
10standby1priority200standby1preemptstandby1authentication1234ABCDstandby1track1decrement110standby2ipstandby2preemptstandby2authenticationABCD1234!
!
ThisistheWANinterface.
interfaceGigabitEthernet0/1ipaddress172.
16.
80.
1255.
255.
255.
0ipwccp62redirectin!
WAASTCPpromiscuousmodegroup62configuredfortrafficredirectionippimsparse-modeload-interval30duplexfullspeed1000cryptomapgetvpn-map!
Thecryptomapisappliedtothisinterfacesothattrafficentering/leavingthisinterfacecanbeencryptedaccordingtotheACLsdefinedontheKS.
!
2-39CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoiceservice-policyoutputOUTBOUND-WAN-SHAPE!
Thepreviouslyconfiguredpolicymapisappliedtotheinterfaceforalloutboundtraffic.
!
interfaceSerial0/0/0:23noipaddressencapsulationhdlcisdnswitch-typeprimary-5essisdnincoming-voicevoicenocdpenable!
!
!
ThisinterfacecorrespondstotheCUEmodulerunningSRSV-CUEsoftware.
!
InSRSTmode,voicemailisstoredlocallyonthismoduleanduploadedtothecentralCiscoUnityConnectionwhentheWANlinkisrestored.
!
ItworksinconjunctionwiththeUMG(UnifiedMessagingGateway)locatedcentrallyattheDataCenter.
interfaceIntegrated-Service-Engine2/0ipaddress10.
1.
4.
20255.
255.
255.
0service-moduleipaddress10.
1.
5.
30255.
255.
255.
0!
Application:SRSV-CUERunningonNMEservice-moduleipdefault-gateway10.
1.
4.
20nokeepalive!
!
!
ThisinterfacecorrespondstotheWAASmodulerunningWAASsoftware.
!
WAASprovidessWANoptimizationusingcompression,tranportfileoptimizationandcachingservices.
interfaceIntegrated-Service-Engine4/0ipaddress10.
1.
6.
20255.
255.
255.
0ipwccpredirectexcludeinservice-moduleipaddress10.
1.
7.
30255.
255.
255.
0!
Application:RestartedatWedJun1612:08:002010service-moduleipdefault-gateway10.
1.
6.
20nokeepalive!
!
!
ThePE-CEroutingprotocoliseBGP.
routerbgp600nosynchronizationbgplog-neighbor-changesnetwork10.
1.
4.
0mask255.
255.
255.
0network10.
1.
5.
0mask255.
255.
255.
0network10.
1.
6.
0mask255.
255.
255.
0network10.
1.
7.
0mask255.
255.
255.
0network10.
1.
150.
0mask255.
255.
255.
0network10.
1.
151.
0mask255.
255.
255.
0network172.
16.
80.
0mask255.
255.
255.
0network10.
1.
3.
1mask255.
255.
255.
255neighbor172.
16.
80.
2remote-as65000noauto-summary!
ipforward-protocolnd!
ippimrp-address172.
16.
81.
2iphttpserveriphttpaccess-class23iphttpauthenticationlocaliphttpsecure-server2-40CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoiceiphttptimeout-policyidle60life86400requests10000ipflow-exportsourceLoopback0!
iproute10.
1.
3.
2255.
255.
255.
25510.
1.
151.
2!
access-list110remarkMATCHDSCPAF11HOSTSaccess-list110permitip10.
1.
151.
160.
0.
0.
15anyaccess-list111remarkMATCHDSCPAF21HOSTSaccess-list111permitip10.
1.
151.
800.
0.
0.
15anyaccess-list112remarkMATCHDSCPAF31HOSTSaccess-list112permitip10.
1.
151.
960.
0.
0.
15anyaccess-list120remarkWAASREDIRECTACLaccess-list120permitip10.
1.
151.
00.
0.
0.
255192.
168.
201.
00.
0.
0.
255access-list120permitip192.
168.
201.
00.
0.
0.
25510.
1.
151.
00.
0.
0.
255nlsresp-timeout1cpdcr-id1!
control-plane!
voice-port0/0/0:23!
The2dial-peersareusedinSRSTmodewhentheWANlinkisdown.
!
ThebranchrouterfallsbacktoH.
323modeandthesedial-peershandleinboundandoutboundcallsfrom/tothePSTN.
dial-peervoice100potsdescription**INBOUNDFROMPSTN**incomingcalled-number408555.
.
.
.
direct-inward-dialport0/0/0:23!
dial-peervoice200potsdescription**OUTBOUNDTOPSTN**destination-pattern9Tport0/0/0:23!
!
Thisdial-peerisrequiredtoroutecallstotheSRSV-CUEmodulesothatPSTNcallerscanleavevoicemailforbranchusersinSRSTmode.
dial-peervoice5000voipdestination-pattern5000sessionprotocolsipv2sessiontargetipv4:10.
1.
4.
30codecg711ulaw!
gatekeepershutdown!
!
SRSTisenabled.
5000isthevoicemailpilotnumber.
Busy/NoAnswersituationsresultincallerbeingdirectedtotheSRSV-CUEmoduletoleavevoicemail.
call-manager-fallbackmax-conferences8gain-6transfer-systemfull-consultipsource-address10.
1.
150.
1port2000max-ephones10max-dn10voicemail5000call-forwardbusy5000call-forwardnoan5000timeout8!
2-41CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoicelinecon0exec-timeout00lineaux0line131noactivation-characternoexectransportpreferrednonetransportinputalltransportoutputpadtelnetrloginlapb-tamopudptnv120sshline259noactivation-characternoexectransportpreferrednonetransportinputalltransportoutputpadtelnetrloginlapb-tamopudptnv120sshlinevty04exec-timeout00privilegelevel15passwordlabtransportinputall!
exceptiondata-corruptionbuffertruncateschedulerallocate200001000!
Branchrouter(andallotherdevicesinthenetwork)issync'dtoacentralNTPserverwhichprovidesreliabletime.
ntpsourceLoopback0ntpupdate-calendarntpserver172.
16.
81.
43945-LBR-1#BranchRouter2!
version15.
0servicetimestampsdebugdatetimemsecservicetimestampslogdatetimemsecnoservicepassword-encryption!
hostname3945-LBR-2!
boot-start-markerbootsystemflash:c3900-universalk9-mz.
SPA.
150-1.
M2.
13boot-end-marker!
loggingbuffered5000000!
memory-sizeiomem15clocktimezonePST-7!
cryptopkitrustpointTP-self-signed-3139033350enrollmentselfsignedsubject-namecn=IOS-Self-Signed-Certificate-3139033350revocation-checknonersakeypairTP-self-signed-3139033350!
cryptopkicertificatechainTP-self-signed-3139033350certificateself-signed0130820252308201BBA003020102020101300D06092A864886F70D01010405003031312F302D06035504031326494F532D53656C662D5369676E65642D436572742-42CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoice696669636174652D33313339303333333530301E170D3130303430393233353234305A170D3230303130313030303030305A3031312F302D06035504031326494F532D53656C662D5369676E65642D43657274696669636174652D3331333930333333353030819F300D06092A864886F70D010101050003818D0030818902818100A46117A078DAA658562DE86CB102480EE254BACBDC04E7E4C31095A6FD8DA551B7D19B20763DF2196ED33E5DDAB605E70C3F9BEEDA28799C044A1AA3324EDC66616F1723F33E43FBA5EFA8025C9BF3F1E287BC1C5A7799ED6F20991D260CAA048E58857CE22D3826AC2B82EB4BD3095AEA5FB200D0583A82DBCAF7740C3056770203010001A37A3078300F0603551D130101FF040530030101FF30250603551D11041E301C821A4D4C494E452D4C42522D322E796F7572646F6D61696E2E636F6D301F0603551D23041830168014A8D13438E766D0C7A17B0565C0C80D8287487001301D0603551D0E04160414A8D13438E766D0C7A17B0565C0C80D8287487001300D06092A864886F70D010104050003818100329DCA3AB7E8D560F6DD86D2D878A943240E124609BF89ABEAB2BA702976429E0AB412C06610C2F04E25A77867BEADB67033B4FF42A9EC9D4EF875EA56A7B06D39FFBF46D7DB690598AC269D2C006CBA91321A1740FF2F39E161C70C4056B019FCBC31594688609529B6D357DF3C9C108149E3DD952C9A7F7C286407A1FC7C45quitnoipv6cef!
ipsource-routeipcef!
noipdomainlookupipdomainnameyourdomain.
com!
multilinkbundle-nameauthenticated!
!
!
EnergyWiseisenabledonthebranchrouterenergywisedomainmlinesecurityshared-secret0cisco!
licenseudipidC3900-SPE150/K9snFOC13102BR1licensebootmodulec3900technology-packageuck9hw-modulesm4!
redundancy!
track1interfaceGigabitEthernet0/1line-protocol!
AneightclassQoSmodelisdefined.
ClassmapsareconfiguredtomatchandclassifypacketsbasedonDSCPvalues/protocoltypes/ACLs.
ThisisusedontheINBOUNDLANside.
class-mapmatch-allqos-callcontrolmatchprotocolskinnyclass-mapmatch-allqos-buscritmatchaccess-group111class-mapmatch-allqos-transactionalmatchaccess-group112class-mapmatch-allqos-netmgmtmatchprotocolsnmpclass-mapmatch-allqos-voicematchprotocolrtpclass-mapmatch-allqos-routingmatchdscpcs6class-mapmatch-allqos-scavengermatchdscpcs1class-mapmatch-anyqos-bulkdatamatchprotocolftpmatchprotocolsmtpmatchaccess-group110!
AneightclassQoSmodelisdefined.
ClassmapsareconfiguredtomatchandclassifypacketsbasedonDSCPvalues.
ThisisusedontheOUTBOUNDWANside.
2-43CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoiceclass-mapmatch-allCALLCONTROLmatchdscpcs3class-mapmatch-allBUSCRITmatchdscpaf31class-mapmatch-allTRANSACTIONALmatchdscpaf21class-mapmatch-allNETMGMTmatchdscpcs2class-mapmatch-allVOICEmatchdscpefclass-mapmatch-allROUTINGmatchdscpcs6class-mapmatch-allSCAVENGERmatchdscpcs1class-mapmatch-allBULKDATAmatchdscpaf11!
!
Apolicymapisdefined,specifyingthebandwidthallocationtothevariousclasses.
Shapingisconfiguredtolimitthetrafficto10%oftheavailablelinkbandwidth.
policy-mapOUTBOUND-WAN-CLASSIFYclassBULKDATAbandwidthpercent5classROUTINGbandwidthpercent3classNETMGMTbandwidthpercent3classCALLCONTROLbandwidthpercent5classVOICEbandwidthpercent20classTRANSACTIONALbandwidthpercent8classBUSCRITbandwidthpercent10classSCAVENGERbandwidthpercent1classclass-defaultbandwidthpercent45policy-mapOUTBOUND-WAN-SHAPEclassclass-defaultshapeaveragepercent10service-policyOUTBOUND-WAN-CLASSIFY!
PolicymapisdefinedtoremarkINBOUNDtrafficattheLANedge.
policy-mapINBOUND_LAN_REMARKINGclassqos-callcontrolsetdscpcs3classqos-buscritsetdscpaf31classqos-transactionalsetdscpaf21classqos-netmgmtsetdscpcs22-44CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoiceclassqos-voicesetdscpefclassqos-routingsetdscpcs6classqos-scavengersetdscpcs1classqos-bulkdatasetdscpaf11!
!
IKEPhase1(ISAKMP)policyisdefined.
EncryptionisAESandpre-shared(PSK)authenticationisusedwheresharedsecretsarepre-definedintheencryptiondevices.
!
ThisisrequiredtoenabletheGETVPNGM(Groupmember)andtheKS(Keyserver)toauthenticateeachother.
cryptoisakmppolicy10encraesauthenticationpre-sharegroup2lifetime1200cryptoisakmpkey1234567ABCDEFGaddress172.
16.
81.
3cryptoisakmpkey1234567ABCDEFGaddress172.
16.
81.
4!
!
GETPVNGDOIgroupisconfiguredusingthesameidentifydefinedontheKS(KeyServer).
TheIPaddressesofthekeyserversarespecified.
cryptogdoigroupgetvpnidentitynumber1234serveraddressipv4172.
16.
81.
3serveraddressipv4172.
16.
81.
4!
!
Thecryptomapisdefinedwiththe"gdoi"typewhichindicatesGETVPN.
ThecryptomapisappliedtotheWANinterfacei.
e.
Gig0/1.
cryptomapgetvpn-map10gdoisetgroupgetvpn!
interfaceLoopback0ipaddress10.
1.
3.
2255.
255.
255.
255!
!
interfaceGigabitEthernet0/0noipaddressduplexautospeedauto!
service-policyinputINBOUND_LAN_REMARKING!
TheservicepolicyisappliedtotheLANinterfacetoremarkpackets,thuspreventinghostsfromsettingprecedencevaluesandgainingundesiredhigherpriority.
!
!
ThisisthesubinterfacefortheVOICEtraffic.
HSRPisconfiguredwithauthentication.
ThevirtualIPisspecified.
!
Priorityisdefault(100).
UndernormaloperationthisbranchrouterwillbetheStandbyrouter.
interfaceGigabitEthernet0/0.
150encapsulationdot1Q150ipaddress10.
1.
150.
2255.
255.
255.
0standby1ipstandby1preemptstandby1authentication1234ABCDstandby1track1decrement15!
2-45CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoice!
ThisisthesubinterfacefortheDATAtraffic.
2HSRPgroupsareconfiguredwithauthentication.
!
Prioritiesareconfiguredsuchthatundernormaloperation,thisbranchrouteristheActiverouterforgroup1andthestandbyrouterforgroup2.
Therolesarereversedontheotherbranchrouter.
!
ThisenablesloadbalancingifbranchhostsareorganizedandconfiguredsuchthattheirdefaultgatewaysaredifferentHSRPvirtualIPs.
interfaceGigabitEthernet0/0.
151descriptionDATAVLANencapsulationdot1Q151ipaddress10.
1.
151.
2255.
255.
255.
0ippimsparse-mode!
MulticastPIMsparse-modeisconfiguredipigmpjoin-group224.
1.
1.
1standby1ipstandby1preemptstandby1authentication1234ABCDstandby1track1decrement15standby2ip10.
1.
151.
9standby2priority200standby2preemptstandby2authenticationABCD1234!
!
ThisistheWANinterface.
interfaceGigabitEthernet0/1ipaddress172.
16.
82.
1255.
255.
255.
252duplexautospeedautocryptomapgetvpn-map!
Thecryptomapisappliedtothisinterfacesothattrafficentering/leavingthisinterfacecanbeencryptedaccordingtotheACLsdefinedontheKS.
!
service-policyoutputOUTBOUND-WAN-SHAPE!
Thepreviouslyconfiguredpolicymapisappliedtotheinterfaceforalloutboundtraffic.
!
!
ThePE-CEroutingprotocoliseBGProuterbgp500nosynchronizationbgplog-neighbor-changesnetwork10.
1.
150.
0mask255.
255.
255.
0network10.
1.
151.
0mask255.
255.
255.
0network172.
16.
82.
0mask255.
255.
255.
0network10.
1.
3.
2mask255.
255.
255.
255neighbor172.
16.
82.
2remote-as65000noauto-summary!
ipforward-protocolnd!
ippimrp-address172.
16.
81.
2iphttpserveriphttpaccess-class23iphttpauthenticationlocaliphttpsecure-serveriphttptimeout-policyidle60life86400requests10000!
iproute10.
1.
3.
1255.
255.
255.
25510.
1.
151.
1!
!
BranchrouterisconfiguredtorespondtoIPSLAtraffic.
ipslaresponderloggingtrapwarningsloggingsource-interfaceLoopback0logging192.
168.
201.
1042-46CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoice!
access-list110remarkMATCHDSCPAF11HOSTSaccess-list110permitip10.
1.
151.
160.
0.
0.
15anyaccess-list111remarkMATCHDSCPAF21HOSTSaccess-list111permitip10.
1.
151.
800.
0.
0.
15anyaccess-list112remarkMATCHDSCPAF31HOSTSaccess-list112permitip10.
1.
151.
960.
0.
0.
15any!
control-plane!
linecon0exec-timeout00lineaux0line131noactivation-characternoexectransportpreferrednonetransportinputalltransportoutputpadtelnetrloginlapb-tamopudptnv120sshline259noactivation-characternoexectransportpreferrednonetransportinputalltransportoutputpadtelnetrloginlapb-tamopudptnv120sshlinevty04exec-timeout00privilegelevel15passwordlabtransportinputall!
schedulerallocate200001000!
Branchrouter(andallotherdevicesinthenetwork)issync'dtoacentralNTPserverwhichprovidesreliabletime.
ntpsourceLoopback0ntpupdate-calendarntpserver172.
16.
81.
43945-LBR-2#NME-WAE-502-K9!
WAASversion4.
1.
5f(buildb2Apr202010)!
devicemodeapplication-accelerator!
!
hostnameLBR-WAE-502!
clocktimezonePST-70!
!
!
!
!
primary-interfaceGigabitEthernet1/0!
!
!
2-47CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoiceinterfaceGigabitEthernet1/0ipaddress10.
1.
7.
30255.
255.
255.
0noautosensebandwidth1000full-duplexexitinterfaceGigabitEthernet2/0shutdownexit!
!
ipdefault-gateway10.
1.
5.
20!
noauto-registerenable!
!
ippath-mtu-discoveryisdisabledinWAASbydefault!
!
!
!
ntpserver172.
16.
81.
4!
!
wccprouter-list110.
1.
151.
1wccptcp-promiscuousrouter-list-num1wccpversion2!
!
!
usernameadminpassword1bVmDmMMmZAPjYusernameadminprivilege15usernameadminprint-admin-password129D5C31BFF3D8D25AAD3B435B51404EE7D891AB402CAF2E89CCDD33ED54333AC!
!
!
!
authenticationloginlocalenableprimaryauthenticationconfigurationlocalenableprimary!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
policy-engineapplicationset-dscpcopy2-48CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoicenameAuthenticationnameBackupnameCADnameCall-ManagementnameConferencingnameConsolenameContent-ManagementnameDirectory-ServicesnameEmail-and-MessagingnameEnterprise-ApplicationsnameFile-SystemnameFile-TransfernameInstant-MessagingnameName-ServicesnameP2PnamePrintingnameRemote-DesktopnameReplicationnameSQLnameSSHnameStoragenameStreamingnameSystems-ManagementnameVPNnameVersion-ManagementnameWAFSnameWebnameSSLnameOtherclassifierAFSmatchdstportrange70007009exitclassifierAOLmatchdstportrange51905193exitclassifierAltiris-CarbonCopymatchdstporteq1680exitclassifierAmandamatchdstporteq10080exitclassifierAppSocketmatchdstporteq9100exitclassifierApple-AFPmatchdstporteq548exitclassifierApple-NetAssistantmatchdstporteq3283exitclassifierApple-iChatmatchdstporteq5297matchdstporteq5298exitclassifierBFTPmatchdstporteq152exitclassifierBGPmatchdstporteq179exitclassifierBMC-Patrolmatchdstporteq6161matchdstporteq6162matchdstporteq81602-49CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoicematchdstporteq8161matchdstporteq6767matchdstporteq6768matchdstporteq10128exitclassifierBackupExpressmatchdstporteq6123exitclassifierBasic-TCP-servicesmatchdstportrange119exitclassifierBitTorrentmatchdstportrange68816889matchdstporteq6969exitclassifierBorland-Interbasematchdstporteq3050exitclassifierCIFSmatchdstporteq139matchdstporteq445exitclassifierCU-SeeMematchdstporteq7640matchdstporteq7642matchdstporteq7648matchdstporteq7649exitclassifierCVSmatchdstporteq2401exitclassifierCisco-CallManagermatchdstporteq2748matchdstporteq2443exitclassifierCitrix-ICAmatchdstporteq1494matchdstporteq2598exitclassifierClearcasematchdstporteq371exitclassifierCommVaultmatchdstportrange84008403exitclassifierConnected-DataProtectormatchdstporteq16384exitclassifierControlITmatchdstporteq799exitclassifierDNSmatchdstporteq53exitclassifierDanware-NetOpmatchdstporteq6502exitclassifierDocumentummatchdstporteq1489exitclassifierDouble-Takematchdstporteq1100matchdstporteq1105exit2-50CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoiceclassifierEMC-Celerra-Replicatormatchdstporteq8888exitclassifierEMC-SRDFA-IPmatchdstporteq1748exitclassifierFCIPmatchdstporteq3225exitclassifierFTP-Controlmatchdstporteq21exitclassifierFTP-Datamatchsrcporteq20exitclassifierFTPSmatchdstporteq990exitclassifierFTPS-Controlmatchsrcporteq989exitclassifierFilenetmatchdstportrange3276832774exitclassifierGnutellamatchdstportrange63466349matchdstporteq6355matchdstporteq5634exitclassifierGroupermatchdstporteq8038exitclassifierHP-OpenMailmatchdstporteq5755matchdstporteq5757matchdstporteq5766matchdstporteq5767matchdstporteq5768matchdstporteq5729exitclassifierHP-OpenViewmatchdstportrange74267431matchdstporteq7501matchdstporteq7510exitclassifierHP-Radiamatchdstporteq3460matchdstporteq3461matchdstporteq3464matchdstporteq3466exitclassifierHTTPmatchdstporteq80matchdstporteq8080matchdstporteq8000matchdstporteq8001matchdstporteq3128exitclassifierHTTPSmatchdstporteq443exitclassifierHotLinematchdstportrange55005503exit2-51CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoiceclassifierIBM-DB2matchdstporteq523exitclassifierIBM-NetViewmatchdstportrange729731exitclassifierIBM-TSMmatchdstportrange15001502exitclassifierIBM-Tivolimatchdstporteq94matchdstporteq627matchdstporteq1965matchdstporteq1580matchdstporteq1581exitclassifierIPPmatchdstporteq631exitclassifierIRCmatchdstporteq531matchdstportrange66606669exitclassifierIntel-Prosharematchdstportrange57135717exitclassifierInterSystems-Cachematchdstporteq1972exitclassifierInternet-Mailmatchdstporteq25matchdstporteq110matchdstporteq143matchdstporteq220exitclassifierInternet-Mail-securematchdstporteq995matchdstporteq993matchdstporteq465exitclassifierJabbermatchdstporteq5222matchdstporteq5269exitclassifierKazaamatchdstporteq1214exitclassifierKerberosmatchdstporteq88matchdstporteq2053matchdstporteq754matchdstporteq888matchdstporteq543matchdstporteq464matchdstporteq544matchdstporteq749exitclassifierL2TPmatchdstporteq1701exitclassifierLANDeskmatchdstporteq9535matchdstportrange95939595exit2-52CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoiceclassifierLDAPmatchdstporteq389matchdstporteq8404exitclassifierLDAP-Global-Catalogmatchdstporteq3268exitclassifierLDAP-Global-Catalog-Securematchdstporteq3269exitclassifierLDAP-securematchdstporteq636exitclassifierLaplink-Hostmatchdstporteq1547exitclassifierLaplink-PCSyncmatchdstporteq8444exitclassifierLaplink-PCSync-securematchdstporteq8443exitclassifierLaplink-ShareDirectmatchdstporteq2705exitclassifierLegato-NetWorkermatchdstporteq7937matchdstporteq7938matchdstporteq7939exitclassifierLegato-RepliStormatchdstporteq7144matchdstporteq7145exitclassifierLiquid-Audiomatchdstporteq18888exitclassifierLotus-Notesmatchdstporteq1352exitclassifierLotus-Sametime-Connectmatchdstporteq1533exitclassifierMDaemonmatchdstporteq3000matchdstporteq3001exitclassifierMS-Chatmatchdstporteq6665matchdstporteq6667exitclassifierMS-Content-Replication-Servicematchdstporteq560matchdstporteq507exitclassifierMS-EndPointMappermatchdstporteq135exitclassifierMS-Message-Queuingmatchdstporteq1801matchdstporteq2101matchdstporteq2103matchdstporteq2105exit2-53CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoiceclassifierMS-NetMeetingmatchdstporteq522matchdstporteq1503matchdstporteq1731exitclassifierMS-NetShowmatchdstporteq1755exitclassifierMS-SQLmatchdstporteq1433exitclassifierMS-Terminal-Servicesmatchdstporteq3389exitclassifierMSN-Messengermatchdstporteq1863matchdstportrange68916900exitclassifierMySQLmatchdstporteq3306exitclassifierNFSmatchdstporteq2049exitclassifierNNTPmatchdstporteq119exitclassifierNNTP-securematchdstporteq563exitclassifierNTPmatchdstporteq123exitclassifierNapstermatchdstporteq8875matchdstporteq7777matchdstporteq6700matchdstporteq6666matchdstporteq6677matchdstporteq6688exitclassifierNetApp-SnapMirrormatchdstportrange1056510569exitclassifierNetIQmatchdstporteq2220matchdstporteq2735matchdstportrange1011310116exitclassifierNetopia-Timbuktumatchdstporteq407matchdstportrange14171420exitclassifierNetopia-netOctopusmatchdstporteq1917matchdstporteq1921exitclassifierNovell-Groupwisematchdstporteq1677matchdstporteq1099matchdstporteq9850matchdstporteq7205matchdstporteq3800matchdstporteq71002-54CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoicematchdstporteq7180matchdstporteq7101matchdstporteq7181matchdstporteq2800exitclassifierNovell-NetWarematchdstporteq524exitclassifierNovell-ZenWorksmatchdstportrange17611763matchdstporteq517matchdstporteq2544matchdstporteq8039matchdstporteq2037exitclassifierOpenVPNmatchdstporteq1194exitclassifierOraclematchdstporteq66matchdstporteq1525matchdstporteq1521exitclassifierOther-Securematchdstporteq261matchdstporteq448matchdstporteq684matchdstporteq695matchdstporteq994matchdstporteq2252matchdstporteq2478matchdstporteq2479matchdstporteq2482matchdstporteq2484matchdstporteq2679matchdstporteq2762matchdstporteq2998matchdstporteq3077matchdstporteq3078matchdstporteq3183matchdstporteq3191matchdstporteq3220matchdstporteq3410matchdstporteq3424matchdstporteq3471matchdstporteq3496matchdstporteq3509matchdstporteq3529matchdstporteq3539matchdstporteq3660matchdstporteq3661matchdstporteq3747matchdstporteq3864matchdstporteq3885matchdstporteq3896matchdstporteq3897matchdstporteq3995matchdstporteq4031matchdstporteq5007matchdstporteq5989matchdstporteq5990matchdstporteq7674matchdstporteq9802matchdstporteq121092-55CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoiceexitclassifierPCAnywherematchdstporteq73matchdstportrange56315632matchdstporteq65301exitclassifierPCMail-Servermatchdstporteq158exitclassifierPDMWorksmatchdstporteq30000matchdstporteq40000exitclassifierPPTPmatchdstporteq1723exitclassifierPervasive-SQLmatchdstporteq1583exitclassifierPostgreSQLmatchdstporteq5432exitclassifierProjectWise-FileTransfermatchdstporteq5800exitclassifierQMTPmatchdstporteq209exitclassifierQnextmatchdstporteq44matchdstporteq5555exitclassifierRAdminmatchdstporteq4899exitclassifierRTSPmatchdstporteq554matchdstporteq8554exitclassifierRemote-Anythingmatchdstportrange39994000exitclassifierRemote-Replication-Agentmatchdstporteq5678exitclassifierRsyncmatchdstporteq873exitclassifierSAPmatchdstportrange32003219matchdstportrange32213224matchdstportrange32263267matchdstportrange32703282matchdstportrange32843305matchdstportrange33073388matchdstportrange33903399matchdstportrange36003659matchdstportrange36623699exitclassifierSASLmatchdstporteq3659exitclassifierSIP-securematchdstporteq50612-56CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoiceexitclassifierSOAPmatchdstporteq7627exitclassifierSQL-Servicematchdstporteq156exitclassifierSSHmatchdstporteq22exitclassifierSSL-Shellmatchdstporteq614exitclassifierSUN-Xprintmatchdstporteq8100exitclassifierScalable-SQLmatchdstporteq3352exitclassifierService-Locationmatchdstporteq427exitclassifierSiebelmatchdstporteq8448matchdstporteq2320matchdstporteq2321exitclassifierSimple-FTPmatchdstporteq115exitclassifierSoulSeekmatchdstporteq2234matchdstporteq5534exitclassifierSun-RPCmatchdstporteq111exitclassifierSybase-SQLmatchdstporteq1498matchdstporteq2638matchdstporteq2439matchdstporteq3968exitclassifierSymantec-AntiVirusmatchdstporteq2847matchdstporteq2848matchdstporteq2967matchdstporteq2968matchdstporteq38037matchdstporteq38292exitclassifierTACACSmatchdstporteq49exitclassifierTFTPmatchdstporteq69exitclassifierTFTPSmatchdstporteq3713exitclassifierTelnetmatchdstporteq23matchdstporteq107matchdstporteq5132-57CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoiceexitclassifierTelnetsmatchdstporteq992exitclassifierUniSQLmatchdstporteq1978matchdstporteq1979exitclassifierUnix-Printingmatchdstporteq515matchdstporteq170exitclassifierUnix-Remote-Executionmatchdstporteq514matchdstporteq512exitclassifierVDOLivematchdstporteq7000exitclassifierVNCmatchdstportrange58015809matchdstportrange69006909exitclassifierVeritas-BackupExecmatchdstporteq6101matchdstporteq6102matchdstporteq6106matchdstporteq3527matchdstporteq1125exitclassifierVeritas-NetBackupmatchdstporteq13720matchdstporteq13721matchdstporteq13782matchdstporteq13785exitclassifierVmware-VMConsolematchdstporteq902exitclassifierVoIP-Controlmatchdstporteq1300matchdstporteq2428matchdstportrange20002002matchdstportrange17181720matchdstporteq5060matchdstportrange1100011999exitclassifierVocalTecmatchdstporteq1490matchdstporteq6670matchdstporteq25793matchdstporteq22555exitclassifierWAAS-FlowMonitormatchdstporteq7878exitclassifierWASTEmatchdstporteq1337exitclassifierWBEMmatchdstporteq5987matchdstporteq5988exitclassifierWINS2-58CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoicematchdstporteq42matchdstporteq137matchdstporteq1512exitclassifierWinMXmatchdstporteq6699exitclassifierX400matchdstporteq102exitclassifierXWindowsmatchdstportrange60006063exitclassifierYahoo-Messengermatchdstportrange50005001matchdstporteq5050matchdstporteq5100exitclassifiereDonkeymatchdstportrange46614662exitclassifierezMeetingmatchdstportrange1010110103matchdstportrange2626026261exitclassifieriFCPmatchdstporteq3420exitclassifieriSCSImatchdstporteq3260exitclassifieriSNSmatchdstporteq3205exitmapbasicnameFile-SystemclassifierAFSactionoptimizefullnameInstant-MessagingclassifierAOLactionpass-throughnameRemote-DesktopclassifierAltiris-CarbonCopyactionpass-throughnameBackupclassifierAmandaactionoptimizeDREnocompressionnonenamePrintingclassifierAppSocketactionoptimizefullnameFile-SystemclassifierApple-AFPactionoptimizefullnameRemote-DesktopclassifierApple-NetAssistantactionpass-throughnameInstant-MessagingclassifierApple-iChatactionpass-throughnameFile-TransferclassifierBFTPactionoptimizefullnameOtherclassifierBGPactionoptimizefullnameSystems-ManagementclassifierBMC-Patrolactionpass-throughnameBackupclassifierBackupExpressactionoptimizeDREnocompressionnonenameOtherclassifierBasic-TCP-servicesactionpass-throughnameP2PclassifierBitTorrentactionpass-throughnameSQLclassifierBorland-InterbaseactionoptimizefullnameWAFSclassifierCIFSactionoptimizefullacceleratecifsnameConferencingclassifierCU-SeeMeactionpass-throughnameVersion-ManagementclassifierCVSactionoptimizefullnameCall-ManagementclassifierCisco-CallManageractionpass-throughnameRemote-DesktopclassifierCitrix-ICAactionoptimizefullnameVersion-ManagementclassifierClearcaseactionoptimizefullnameBackupclassifierCommVaultactionoptimizeDREnocompressionnonenameBackupclassifierConnected-DataProtectoractionoptimizeDREnocompressionnonenameRemote-DesktopclassifierControlITactionoptimizeDREnocompressionnonenameName-ServicesclassifierDNSactionpass-throughnameRemote-DesktopclassifierDanware-NetOpactionoptimizeDREnocompressionnonenameContent-ManagementclassifierDocumentumactionoptimizefullnameReplicationclassifierDouble-Takeactionoptimizefull2-59CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoicenameReplicationclassifierEMC-Celerra-ReplicatoractionoptimizefullnameStorageclassifierEMC-SRDFA-IPactionoptimizefullnameStorageclassifierFCIPactionoptimizefullnameFile-TransferclassifierFTP-Controlactionpass-throughnameFile-TransferclassifierFTP-DataactionoptimizefullnameFile-TransferclassifierFTPSactionoptimizeDREnocompressionnonenameFile-TransferclassifierFTPS-Controlactionpass-throughnameContent-ManagementclassifierFilenetactionoptimizefullnameP2PclassifierGnutellaactionpass-throughnameP2PclassifierGrouperactionpass-throughnameEmail-and-MessagingclassifierHP-OpenMailactionoptimizefullnameSystems-ManagementclassifierHP-OpenViewactionpass-throughnameSystems-ManagementclassifierHP-RadiaactionoptimizefullnameWebclassifierHTTPactionoptimizefullacceleratehttpnameSSLclassifierHTTPSactionoptimizeDREnocompressionnonenameP2PclassifierHotLineactionpass-throughnameSQLclassifierIBM-DB2actionoptimizefullnameSystems-ManagementclassifierIBM-NetViewactionpass-throughnameBackupclassifierIBM-TSMactionoptimizefullnameSystems-ManagementclassifierIBM-TivoliactionoptimizefullnamePrintingclassifierIPPactionoptimizefullnameConferencingclassifierIntel-Proshareactionpass-throughnameSQLclassifierInterSystems-CacheactionoptimizefullnameEmail-and-MessagingclassifierInternet-MailactionoptimizefullnameEmail-and-MessagingclassifierInternet-Mail-secureactionoptimizeDREnocompressionnonenameInstant-MessagingclassifierJabberactionpass-throughnameP2PclassifierKazaaactionpass-throughnameAuthenticationclassifierKerberosactionpass-throughnameVPNclassifierL2TPactionoptimizeDREnocompressionnonenameSystems-ManagementclassifierLANDeskactionoptimizefullnameDirectory-ServicesclassifierLDAPactionoptimizefullnameDirectory-ServicesclassifierLDAP-Global-CatalogactionoptimizefullnameDirectory-ServicesclassifierLDAP-Global-Catalog-Secureactionpass-throughnameDirectory-ServicesclassifierLDAP-secureactionpass-throughnameRemote-DesktopclassifierLaplink-HostactionoptimizeDREnocompressionnonenameRemote-DesktopclassifierLaplink-PCSyncactionoptimizeDREnocompressionnonenameRemote-DesktopclassifierLaplink-PCSync-secureactionoptimizeDREnocompressionnonenameP2PclassifierLaplink-ShareDirectactionpass-throughnameBackupclassifierLegato-NetWorkeractionoptimizeDREnocompressionnonenameBackupclassifierLegato-RepliStoractionoptimizeDREnocompressionnonenameStreamingclassifierLiquid-AudioactionoptimizefullnameEmail-and-MessagingclassifierLotus-NotesactionoptimizefullnameInstant-MessagingclassifierLotus-Sametime-Connectactionpass-throughnameEmail-and-MessagingclassifierMDaemonactionoptimizefullnameInstant-MessagingclassifierMS-Chatactionpass-throughnameReplicationclassifierMS-Content-Replication-ServiceactionoptimizeDREnocompressionnonenameOtherclassifierMS-EndPointMapperactionoptimizeDREnocompressionnoneaccelerateMS-port-mappernameOtherclassifierMS-Message-QueuingactionoptimizefullnameConferencingclassifierMS-NetMeetingactionpass-throughnameStreamingclassifierMS-NetShowactionoptimizefullnameSQLclassifierMS-SQLactionoptimizefullnameRemote-DesktopclassifierMS-Terminal-ServicesactionoptimizeDREnocompressionnonenameInstant-MessagingclassifierMSN-Messengeractionpass-throughnameSQLclassifierMySQLactionoptimizefullnameFile-SystemclassifierNFSactionoptimizefullacceleratenfsnameEmail-and-MessagingclassifierNNTPactionoptimizefullnameEmail-and-MessagingclassifierNNTP-secureactionoptimizeDREnocompressionnone2-60CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoicenameOtherclassifierNTPactionpass-throughnameP2PclassifierNapsteractionpass-throughnameReplicationclassifierNetApp-SnapMirroractionoptimizefullnameSystems-ManagementclassifierNetIQactionpass-throughnameRemote-DesktopclassifierNetopia-TimbuktuactionoptimizeDREnocompressionnonenameSystems-ManagementclassifierNetopia-netOctopusactionpass-throughnameEmail-and-MessagingclassifierNovell-GroupwiseactionoptimizefullnameFile-SystemclassifierNovell-NetWareactionoptimizefullnameSystems-ManagementclassifierNovell-ZenWorksactionoptimizefullnameVPNclassifierOpenVPNactionoptimizeDREnocompressionnonenameSQLclassifierOracleactionoptimizefullnameOtherclassifierOther-Secureactionpass-throughnameRemote-DesktopclassifierPCAnywhereactionoptimizeDREnocompressionnonenameEmail-and-MessagingclassifierPCMail-ServeractionoptimizefullnameCADclassifierPDMWorksactionoptimizefullnameVPNclassifierPPTPactionoptimizeDREnocompressionnonenameSQLclassifierPervasive-SQLactionoptimizefullnameSQLclassifierPostgreSQLactionoptimizefullnameContent-ManagementclassifierProjectWise-FileTransferactionoptimizefullnameEmail-and-MessagingclassifierQMTPactionoptimizefullnameP2PclassifierQnextactionpass-throughnameRemote-DesktopclassifierRAdminactionoptimizeDREnocompressionnonenameStreamingclassifierRTSPactionoptimizefullacceleratevideonameRemote-DesktopclassifierRemote-AnythingactionoptimizeDREnocompressionnonenameReplicationclassifierRemote-Replication-AgentactionoptimizeDREnocompressionnonenameReplicationclassifierRsyncactionoptimizefullnameAuthenticationclassifierSASLactionpass-throughnameCall-ManagementclassifierSIP-secureactionpass-throughnameOtherclassifierSOAPactionoptimizefullnameSQLclassifierSQL-ServiceactionoptimizefullnameSSHclassifierSSHactionoptimizeDREnocompressionnonenameConsoleclassifierSSL-Shellactionpass-throughnamePrintingclassifierSUN-XprintactionoptimizefullnameSQLclassifierScalable-SQLactionoptimizefullnameName-ServicesclassifierService-Locationactionpass-throughnameEnterprise-ApplicationsclassifierSiebelactionoptimizefullnameFile-TransferclassifierSimple-FTPactionoptimizefullnameP2PclassifierSoulSeekactionpass-throughnameFile-SystemclassifierSun-RPCactionpass-throughnameSQLclassifierSybase-SQLactionoptimizefullnameOtherclassifierSymantec-AntiVirusactionoptimizefullnameAuthenticationclassifierTACACSactionpass-throughnameFile-TransferclassifierTFTPactionoptimizefullnameFile-TransferclassifierTFTPSactionoptimizeDREnocompressionnonenameConsoleclassifierTelnetactionpass-throughnameConsoleclassifierTelnetsactionpass-throughnameSQLclassifierUniSQLactionoptimizefullnamePrintingclassifierUnix-PrintingactionoptimizefullnameConsoleclassifierUnix-Remote-Executionactionpass-throughnameStreamingclassifierVDOLiveactionoptimizefullnameBackupclassifierVeritas-BackupExecactionoptimizeDREnocompressionnonenameBackupclassifierVeritas-NetBackupactionoptimizeDREnocompressionnonenameRemote-DesktopclassifierVmware-VMConsoleactionoptimizeDREnocompressionnonenameCall-ManagementclassifierVoIP-Controlactionpass-throughnameConferencingclassifierVocalTecactionpass-throughnameSystems-ManagementclassifierWAAS-FlowMonitoractionoptimizeDREnocompressionLZnameP2PclassifierWASTEactionpass-throughnameSystems-ManagementclassifierWBEMactionpass-throughnameName-ServicesclassifierWINSactionpass-through2-61CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoicenameP2PclassifierWinMXactionpass-throughnameEmail-and-MessagingclassifierX400actionoptimizefullnameRemote-DesktopclassifierXWindowsactionoptimizeDREnocompressionnonenameInstant-MessagingclassifierYahoo-Messengeractionpass-throughnameP2PclassifiereDonkeyactionpass-throughnameConferencingclassifierezMeetingactionpass-throughnameStorageclassifieriFCPactionoptimizefullnameStorageclassifieriSCSIactionoptimizefullnameName-ServicesclassifieriSNSactionpass-throughnameInstant-MessagingclassifierIRCactionpass-throughnameEnterprise-ApplicationsclassifierSAPactionoptimizefullnameRemote-DesktopclassifierVNCactionoptimizeDREnocompressionnoneexitmapadaptorWAFStransportnameWAFSAllactionoptimizefullexitmapadaptorEPM1544f5e0-613c-11d1-93df-00c04fd7bd09nameEmail-and-MessagingAllactionpass-throughexitmapadaptorEPMms-sql-rpcnameSQLAllactionoptimizefullexitmapadaptorEPMmapinameEmail-and-MessagingAllactionoptimizefullacceleratemapiexitmapadaptorEPMms-ad-replicationnameReplicationAllactionoptimizefullexitmapadaptorEPMms-frsnameReplicationAllactionoptimizefullexitmapadaptorEPMf5cc5a18-4264-101a-8c59-08002b2f8426nameEmail-and-MessagingAllactionpass-throughexitmapotheroptimizefullexit!
central-manageraddress192.
168.
203.
5cmsenable!
!
!
!
!
!
EndofWAASconfigurationLBR-WAE-502#NME-CUEclocktimezoneAmerica/Los_AngeleshostnameMLINE-CUEipdomain-namemline.
comlineconsolelength0systemlanguagepreferred"en_US"ipname-server192.
168.
201.
1042-62CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoicentpserver172.
16.
81.
4prefersoftwaredownloadserverurl"ftp://127.
0.
0.
1/ftp"credentialshidden"6u/dKTN/hsEuSAEfw40XlF2eFHnZfyUTSd8ZZNgd+Y9J3xlk2B35j0nfGWTYHfmPSd8ZZNgd+Y9J3xlk2B35j0nfGWTYHfmPSd8ZZNgd+Y9J3xlk2B35j0nfGWTYHfmP"logtracelocalenablesitenamelocalendsitelicenseagentmax-sessions9privilegeViewPrivateListcreateprivilegeManagePromptscreateprivilegemanage-passwordscreateprivilegelocal-broadcastcreateprivilegeViewRealTimeReportscreateprivilegemanage-userscreateprivilegebroadcastcreateprivilegeViewHistoricalReportscreateprivilegevm-imapcreateprivilegeManagePublicListcreategroupnameBroadcasterscreateprivilegeViewPrivateListdescription"Privilegetoviewprivatelist"privilegeManagePromptsdescription"Privilegetocreate,modify,ordeletesystemprompts"privilegemanage-passwordsdescription"Privilegetoresetuserpasswords"privilegelocal-broadcastdescription"Privilegetosendlocalbroadcastmessages"privilegeViewRealTimeReportsdescription"Privilegetoviewrealtimereports"privilegemanage-usersdescription"Privilegetocreate,modify,anddeleteusersandgroups"privilegebroadcastdescription"Privilegetosendlocalorremotebroadcastmessages"privilegeViewHistoricalReportsdescription"Privilegetoviewhistoricalreports"privilegevm-imapdescription"PrivilegetomanagepersonalvoicemailviaIMAPclient"privilegeManagePublicListdescription"Privilegetomanagepubliclists"privilegeViewPrivateListoperationvoicemail.
lists.
private.
viewprivilegeManagePromptsoperationsystem.
debugprivilegeManagePromptsoperationprompt.
modifyprivilegemanage-passwordsoperationuser.
pinprivilegemanage-passwordsoperationuser.
passwordprivilegemanage-passwordsoperationsystem.
debugprivilegelocal-broadcastoperationsystem.
debugprivilegelocal-broadcastoperationbroadcast.
localprivilegeViewRealTimeReportsoperationreport.
realtimeprivilegemanage-usersoperationuser.
mailboxprivilegemanage-usersoperationuser.
pinprivilegemanage-usersoperationuser.
notificationprivilegemanage-usersoperationuser.
configurationprivilegemanage-usersoperationuser.
passwordprivilegemanage-usersoperationsystem.
debugprivilegemanage-usersoperationuser.
remoteprivilegemanage-usersoperationgroup.
configurationprivilegebroadcastoperationbroadcast.
remoteprivilegebroadcastoperationsystem.
debugprivilegebroadcastoperationbroadcast.
localprivilegeViewHistoricalReportsoperationreport.
historical.
viewprivilegevm-imapoperationvoicemail.
imap.
userprivilegeManagePublicListoperationvoicemail.
lists.
publicprivilegeManagePublicListoperationsystem.
debug2-63CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoicegroupnameAdministratorsmemberciscogroupnameBroadcastersprivilegebroadcastrestrictionmsg-notificationcreaterestrictionmsg-notificationmin-digits1restrictionmsg-notificationmax-digits30restrictionmsg-notificationdial-stringpreference1pattern*allowedbackupserverurl"ftp://127.
0.
0.
1/ftp"credentialshidden"EWlTygcMhYmjazXhE/VNXHCkplVV4KjescbDaLa4fl4WLSPFvv1rWUnfGWTYHfmPSd8ZZNgd+Y9J3xlk2B35j0nfGWTYHfmPSd8ZZNgd+Y9J3xlk2B35j0nfGWTYHfmP"calendarbiz-schedulesystemscheduleopenday1from00:00to24:00openday2from00:00to24:00openday3from00:00to24:00openday4from00:00to24:00openday5from00:00to24:00openday6from00:00to24:00openday7from00:00to24:00endscheduleccnapplicationautoattendantaadescription"autoattendant"enabledmaxsessions32script"aa.
aef"parameter"dialByExtnAnytime""false"parameter"busOpenPrompt""AABusinessOpen.
wav"parameter"dialByExtnAnytimeInputLength""4"parameter"operExtn"""parameter"welcomePrompt""AAWelcome.
wav"parameter"disconnectAfterMenu""false"parameter"dialByFirstName""false"parameter"busClosedPrompt""AABusinessClosed.
wav"parameter"allowExternalTransfers""false"parameter"holidayPrompt""AAHolidayPrompt.
wav"parameter"businessSchedule""systemschedule"parameter"MaxRetry""3"endapplicationccnapplicationcallrouteraadescription"callrouter"enabledmaxsessions32script"call_router.
aef"parameter"rootCallHandlerObjectId""40cf3e77-d75e-4672-8812-41ac7d3760a3"parameter"aaUri""http://localhost/aa/vxml/callhandler.
jsp"endapplicationccnapplicationciscomwiapplicationaadescription"ciscomwiapplication"enabledmaxsessions32script"setmwi.
aef"parameter"CallControlGroupID""0"parameter"strMWI_OFF_DN""8001"parameter"strMWI_ON_DN""8000"endapplicationccnapplicationmsgnotificationaadescription"msgnotification"enabledmaxsessions322-64CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoicescript"msgnotify.
aef"parameter"logoutUri""http://localhost/voicemail/vxmlscripts/mbxLogout.
jsp"parameter"DelayBeforeSendDTMF""1"endapplicationccnapplicationpromptmgmtaadescription"promptmgmt"enabledmaxsessions32script"promptmgmt.
aef"parameter"appManagementScript"""endapplicationccnapplicationvoicemailaadescription"voicemail"enabledmaxsessions32script"voicebrowser.
aef"parameter"uri""http://localhost/voicemail/vxmlscripts/login.
vxml"parameter"logoutUri""http://localhost/voicemail/vxmlscripts/mbxLogout.
jsp"endapplicationccnengineendengineccnreportinghistoricaldatabaselocaldescription"se-11-0-0-30"endreportingccnsubsystemsipmwisipsub-notifyendsubsystemccntriggerhttpurlnamemsgnotifytrgapplication"msgnotification"enabledmaxsessions2endtriggerccntriggerhttpurlnamemwiappapplication"ciscomwiapplication"enabledmaxsessions1endtriggerccntriggersipphonenumber5000application"callrouter"enabledmaxsessions32endtriggerservicephone-authenticationendphone-authenticationservicevoiceviewenableendvoiceviewvoicemailcalleridvoicemailbroadcastrecordingtime300voicemaildefaultmessagesize240voicemailnotificationrestrictionmsg-notificationvoicemaillive-recordbeepduration02-65CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoicevoicemailmailboxowner"MLINE_HighAvailibilityBranchwithVoiceSurvivableVoice_PH1"size3600endmailboxvoicemailmailboxowner"MLINE_HighAvailibilityBranchwithVoiceSurvivableVoice_PH2"size3600endmailboxlistnameallvoicemailusersnumber99991createlistnameallvoicemailenabledcontactsnumber99992createendMLINE-CUE#KeyServer1Buildingconfiguration.
.
.
Currentconfiguration:3405bytes!
!
Lastconfigurationchangeat11:48:36PSTFriJun182010!
version12.
4servicetimestampsdebugdatetimemsecservicetimestampslogdatetimemsecnoservicepassword-encryption!
hostnameMLINE-LBR-KS1!
boot-start-markerbootsystemflash:c2800nm-adventerprisek9-mz.
M2.
13boot-end-marker!
loggingmessage-countersyslogloggingbuffered5000000!
noaaanew-modelclocktimezonePST-7!
dot11syslogipsource-route!
!
ipcef!
!
noipdomainlookupipdomainnameyourdomain.
comnoipv6cef!
multilinkbundle-nameauthenticated!
!
!
!
!
!
!
!
2-66CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoice!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card0!
!
!
!
!
archivelogconfighidekeys!
!
cryptoisakmppolicy10encraesauthenticationpre-sharegroup2cryptoisakmpkey1234567ABCDEFGaddress172.
16.
80.
1cryptoisakmpkey1234567ABCDEFGaddress172.
16.
81.
2cryptoisakmpkey1234567ABCDEFGaddress172.
16.
81.
4cryptoisakmpkey1234567ABCDEFGaddress172.
16.
83.
2cryptoisakmpkey1234567ABCDEFGaddress172.
16.
82.
1cryptoisakmpkeepalive15periodic!
!
cryptoipsectransform-setmygdoi-transesp-aesesp-sha-hmac!
cryptoipsecprofilegdoi-profile-getvpnsetsecurity-associationlifetimeseconds7200settransform-setmygdoi-trans!
cryptogdoigroupgetvpnidentitynumber1234serverlocalrekeyretransmit40number2rekeyauthenticationmypubkeyrsagetvpn-export-generalrekeytransportunicastsaipsec1profilegdoi-profile-getvpnmatchaddressipv4199replaytimewindow-size5addressipv4172.
16.
81.
3redundancylocalpriority100peeraddressipv4172.
16.
81.
4!
!
!
!
!
!
2-67CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoice!
interfaceGigabitEthernet0/0ipaddress172.
16.
81.
3255.
255.
255.
0duplexautospeedauto!
interfaceGigabitEthernet0/1noipaddressshutdownduplexautospeedauto!
ipforward-protocolndiphttpserveriphttpauthenticationlocalnoiphttpsecure-serveriphttptimeout-policyidle60life86400requests10000!
!
iproute172.
16.
0.
0255.
255.
0.
0172.
16.
81.
2!
access-list100remarkACLpoliciespushedtoauthenticatedgroupmembersaccess-list199permitip10.
1.
150.
00.
0.
0.
255192.
168.
200.
00.
0.
0.
255access-list199permitip10.
1.
151.
00.
0.
0.
255192.
168.
200.
00.
0.
0.
255access-list199permitip10.
1.
150.
00.
0.
0.
255192.
168.
201.
00.
0.
0.
255access-list199permitip10.
1.
151.
00.
0.
0.
255192.
168.
201.
00.
0.
0.
255access-list199permitip192.
168.
200.
00.
0.
0.
25510.
1.
150.
00.
0.
0.
255access-list199permitip192.
168.
200.
00.
0.
0.
25510.
1.
151.
00.
0.
0.
255access-list199permitip192.
168.
201.
00.
0.
0.
25510.
1.
150.
00.
0.
0.
255access-list199permitip192.
168.
201.
00.
0.
0.
25510.
1.
151.
00.
0.
0.
255access-list199permitiphost10.
1.
3.
1192.
168.
201.
00.
0.
0.
255access-list199permitip192.
168.
201.
00.
0.
0.
255host10.
1.
3.
1access-list199permitiphost10.
1.
3.
2192.
168.
201.
00.
0.
0.
255access-list199permitip192.
168.
201.
00.
0.
0.
255host10.
1.
3.
2!
control-plane!
linecon0exec-timeout00lineaux0linevty04privilegelevel15loginlocaltransportinputtelnetlinevty515privilegelevel15loginlocaltransportinputtelnet!
schedulerallocate200001000ntpsourceGigabitEthernet0/1ntpupdate-calendarntpserver172.
16.
81.
4endMLINE-LBR-KS1#2-68CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoiceKeyServer2!
version15.
0servicetimestampsdebugdatetimemsecservicetimestampslogdatetimemsecnoservicepassword-encryption!
hostnameMLINE-LBR-KS2!
boot-start-markerbootsystemflash:c2800nm-adventerprisek9-mz.
150-1.
M2.
13boot-end-marker!
loggingbuffered5000000!
noaaanew-model!
!
!
clocktimezonePST-7!
dot11syslogipsource-route!
!
ipcef!
!
noipdomainlookupipdomainnameyourdomain.
comnoipv6cef!
multilinkbundle-nameauthenticated!
!
!
!
!
!
!
!
!
!
voice-card0!
!
!
!
!
licenseudipidCISCO2851snFTX1411AKZU!
redundancy!
!
!
!
cryptoisakmppolicy10encraesauthenticationpre-sharegroup2cryptoisakmpkey1234567ABCDEFGaddress172.
16.
80.
1cryptoisakmpkey1234567ABCDEFGaddress172.
16.
81.
22-69CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoicecryptoisakmpkey1234567ABCDEFGaddress172.
16.
81.
3cryptoisakmpkey1234567ABCDEFGaddress172.
16.
83.
2cryptoisakmpkey1234567ABCDEFGaddress172.
16.
82.
1cryptoisakmpkeepalive15periodic!
!
cryptoipsectransform-setmygdoi-transesp-aesesp-sha-hmac!
cryptoipsecprofilegdoi-profile-getvpnsetsecurity-associationlifetimeseconds7200settransform-setmygdoi-trans!
cryptogdoigroupgetvpnidentitynumber1234serverlocalrekeyretransmit40number2rekeyauthenticationmypubkeyrsagetvpn-export-generalrekeytransportunicastsaipsec1profilegdoi-profile-getvpnmatchaddressipv4199replaytimewindow-size5addressipv4172.
16.
81.
4redundancylocalpriority200peeraddressipv4172.
16.
81.
3!
!
!
!
!
!
interfaceGigabitEthernet0/0ipaddress172.
16.
81.
4255.
255.
255.
248duplexautospeedauto!
!
interfaceGigabitEthernet0/1description**CONNECTIONTOEXTERNALNTPSERVER171.
68.
10.
150**ipaddress172.
25.
222.
132255.
255.
255.
0duplexautospeedauto!
!
ipforward-protocolndiphttpserveriphttpauthenticationlocalnoiphttpsecure-serveriphttptimeout-policyidle60life86400requests10000!
iproute172.
16.
0.
0255.
255.
0.
0172.
16.
81.
2iproute171.
68.
10.
150255.
255.
255.
255172.
25.
222.
1!
access-list100remarkACLpoliciespushedtoauthenticatedgroupmembersaccess-list199permitip10.
1.
150.
00.
0.
0.
255192.
168.
200.
00.
0.
0.
255access-list199permitip10.
1.
151.
00.
0.
0.
255192.
168.
200.
00.
0.
0.
255access-list199permitip10.
1.
150.
00.
0.
0.
255192.
168.
201.
00.
0.
0.
255access-list199permitip10.
1.
151.
00.
0.
0.
255192.
168.
201.
00.
0.
0.
255access-list199permitip192.
168.
200.
00.
0.
0.
25510.
1.
150.
00.
0.
0.
255access-list199permitip192.
168.
200.
00.
0.
0.
25510.
1.
151.
00.
0.
0.
255access-list199permitip192.
168.
201.
00.
0.
0.
25510.
1.
150.
00.
0.
0.
255access-list199permitip192.
168.
201.
00.
0.
0.
25510.
1.
151.
00.
0.
0.
2552-70CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoiceaccess-list199permitiphost10.
1.
3.
1192.
168.
201.
00.
0.
0.
255access-list199permitip192.
168.
201.
00.
0.
0.
255host10.
1.
3.
1access-list199permitiphost10.
1.
3.
2192.
168.
201.
00.
0.
0.
255access-list199permitip192.
168.
201.
00.
0.
0.
255host10.
1.
3.
2!
control-plane!
aliasexeccoopshowcryptogdoikscoop!
linecon0exec-timeout00lineaux0linevty04access-class23inprivilegelevel15loginlocaltransportinputtelnetlinevty515access-class23inprivilegelevel15loginlocaltransportinputtelnet!
schedulerallocate200001000ntpsourceGigabitEthernet0/1ntpupdate-calendarntpserver171.
68.
10.
150version3endMLINE-LBR-KS2#HeadquartersAggregationRouterversion15.
0servicetimestampsdebugdatetimemseclocaltimeservicetimestampslogdatetimemseclocaltimenoservicepassword-encryption!
hostnamemline-Headend-CE!
boot-start-markerbootsystemflash:c3900-universalk9-mz.
SPA.
150-1.
M2.
13boot-end-marker!
loggingbuffered5000000nologgingmonitorenablepasswordlab!
aaanew-model!
!
aaaauthenticationlogindefaultlocal!
!
!
!
!
aaasession-idcommon!
2-71CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoice!
!
clocktimezonePST-7!
cryptopkitokendefaultremovaltimeout0!
!
noipv6cefipsource-routeipcef!
!
ipmulticast-routingDHCPconfigurationforVoice********ipdhcpexcluded-address192.
168.
200.
100192.
168.
200.
254!
ipdhcppoolCUCM7.
1.
3network192.
168.
200.
0255.
255.
255.
0option150ip192.
168.
200.
100default-router192.
168.
200.
1!
!
noipdomainlookup!
Onlypacketsmatchingtheaccess-list120arechosenforWCCPredirection.
ThisenablescontroloverwhichpacketsareinterceptedandredirectedbyWCCPforWAAS.
ipwccp61redirect-list120ipwccp62redirect-list120multilinkbundle-nameauthenticated!
voice-card0!
licenseudipidC3900-SPE150/K9snFOC140942FGlicensebootmodulec3900technology-packageuck9hw-modulepvdm0/0!
usernameadminpassword0ciscousernamelabpassword0lab!
redundancy!
!
!
Createaccess-listtodefinethetrafficforencryption(GREoverIPsec)access-list130permitgrehost172.
16.
85.
58host172.
16.
87.
54access-list136permitgrehost172.
16.
86.
18host172.
16.
88.
10!
Internetsecurityassociationandkeymanagementprotocol(ISAKMP),ISAKMPkeyandIPSECtransformsetcryptoisakmppolicy10authenticationpre-share!
cryptoisakmpkeycisc0123address172.
16.
87.
54cryptoisakmpkeyciscoaddress172.
16.
88.
10cryptoipsectransform-setstrongesp-3desesp-md5-hmac2-72CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoicemodetransport!
cryptomapconfigsforGREoverIPseccryptomapvpn10ipsec-isakmpsetpeer172.
16.
87.
54setsecurity-associationreplaywindow-size1024settransform-setstrongmatchaddress130!
cryptomapvpn210ipsec-isakmpsetpeer172.
16.
88.
10setsecurity-associationreplaywindow-size1024settransform-setstrongmatchaddress136!
IKEPhase1(ISAKMP)policyisdefined.
EncryptionisAESandpre-shared(PSK)authenticationisusedwheresharedsecretsarepre-definedintheencryptiondevices.
!
ThisisrequiredtoenabletheGETVPNGM(Groupmember)andtheKS(Keyserver)toauthenticateeachother.
cryptoisakmppolicy50encraesauthenticationpre-sharegroup2lifetime1200cryptoisakmpkey1234567ABCDEFGaddress172.
16.
81.
3cryptoisakmpkey1234567ABCDEFGaddress172.
16.
81.
4cryptoisakmpkeepalive10!
!
!
GETPVNGDOIgroupisconfiguredusingthesameidentifydefinedontheKS(KeyServer).
TheIPaddressesofthekeyserversarespecified.
cryptogdoigroupgetvpnidentitynumber1234serveraddressipv4172.
16.
81.
3serveraddressipv4172.
16.
81.
4!
!
cryptomapisdefinedwiththe"gdoi"typewhichindicatesGETVPN.
ThecryptomapisappliedtotheWANinterfacecryptomapgetvpn-map50gdoisetgroupgetvpn!
interfaceLoopback0ipaddress10.
10.
11.
185255.
255.
255.
255!
!
!
*******description*******GREoverIPSECTUNNEL1interfaceTunnel0ipaddress192.
168.
16.
2255.
255.
255.
0ippimsparse-dense-modeipigmpjoin-group239.
0.
10.
10keepalive53tunnelsourceGigabitEthernet0/1.
12-73CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoicetunneldestination172.
16.
87.
54!
!
********descriptionGREoverIPSECTunnel2fordualMultilinkbundlescenariointerfaceTunnel10ipaddress192.
168.
15.
2255.
255.
255.
0keepalive53tunnelsourceGigabitEthernet0/1.
4tunneldestination172.
16.
88.
10!
!
!
!
interfaceGigabitEthernet0/0noipaddressippimsparse-modeload-interval30duplexautospeedauto!
!
interfaceGigabitEthernet0/0.
200descriptionVOICEVLANencapsulationdot1Q200ipaddress192.
168.
200.
1255.
255.
255.
0!
interfaceGigabitEthernet0/0.
201descriptionDATAVLANencapsulationdot1Q201ipaddress192.
168.
201.
1255.
255.
255.
0ipwccp61redirectin!
WAASTCPpromiscuousmodegroup61configuredfortrafficredirectionippimsparse-mode!
!
interfaceGigabitEthernet0/0.
203description**WAASSUBNET**encapsulationdot1Q203ipaddress192.
168.
203.
1255.
255.
255.
0ipwccpredirectexcludein!
interfaceGigabitEthernet0/1noipaddressippimsparse-modeload-interval30duplexautospeedauto!
!
interfaceGigabitEthernet0/1.
1******descriptionWANinterfaceforVoiceEnabledBranchtunnel0******encapsulationdot1Q10ipaddress172.
16.
85.
58255.
255.
255.
0ipospfnetworkpoint-to-pointcryptomapvpn!
cryptomapappliedtotheWANinterface!
!
Thereare2WANinterfacesparticipatinginGETVPN.
Theycorrespondto2differentVRFsconfigured!
ontheMPLSPErouter.
interfaceGigabitEthernet0/1.
22-74CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoiceencapsulationdot1Q20ipaddress172.
16.
81.
2255.
255.
255.
0ipwccp62redirectin!
WAASTCPpromiscuousmodegroup62configuredfortrafficredirectionippimsparse-modecryptomapgetvpn-map!
Thecryptomapisappliedtothisinterfacesothattrafficentering/leavingthisinterfacecanbeencryptedaccordingtotheACLsdefinedontheKS!
interfaceGigabitEthernet0/1.
3encapsulationdot1Q30ipaddress172.
16.
83.
2255.
255.
255.
0ipwccp62redirectincryptomapgetvpn-map!
!
Thecryptomapisappliedtothisinterfacesothattrafficentering/leavingthisinterfacecanbeencryptedaccordingtotheACLsdefinedontheKS!
interfaceGigabitEthernet0/1.
4******descriptionWANinterfaceforVoiceEnabledBranchtunnel10*****encapsulationdot1Q40ipaddress172.
16.
86.
18255.
255.
255.
0ipospfnetworkpoint-to-pointcryptomapvpn2!
interfaceGigabitEthernet0/2shutdownduplexautospeedauto!
!
!
!
EIGRProutingforGREoverIPSECtunnelroutereigrp10network10.
1.
200.
00.
0.
0.
255network10.
1.
201.
00.
0.
0.
255network10.
1.
202.
00.
0.
0.
255network192.
168.
15.
0network192.
168.
16.
0redistributestaticneighbor192.
168.
16.
1Tunnel0neighbor192.
168.
15.
1Tunnel10!
!
PE-CEROUTINGrouterospf109router-id172.
16.
80.
58log-adjacency-changesnetwork10.
10.
11.
1850.
0.
0.
0area109network172.
16.
85.
560.
0.
0.
3area109network172.
16.
86.
160.
0.
0.
7area109!
routerospf110router-id172.
16.
81.
2log-adjacency-changesnetwork192.
168.
200.
00.
0.
0.
255area110network192.
168.
201.
00.
0.
0.
255area110network192.
168.
203.
00.
0.
0.
255area110network172.
16.
81.
00.
0.
0.
255area110!
routerospf200router-id172.
16.
83.
2log-adjacency-changesredistributeospf110subnetsnetwork192.
168.
200.
00.
0.
0.
255area2002-75CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoicenetwork192.
168.
201.
00.
0.
0.
255area200network172.
16.
83.
00.
0.
0.
255area200!
ipforward-protocolnd!
!
Multicastconfigurationippimrp-address192.
168.
200.
1ippimssmdefaultipmroute192.
168.
201.
0255.
255.
255.
0Tunnel0noiphttpservernoiphttpsecure-server!
ipslaresponder!
IPSLAoperationsconfiguredheretargetthebranchrouterswhichareconfigured!
asIPSLAresponders.
ipsla1udp-jitter10.
1.
150.
164000source-ip192.
168.
200.
1codecg729aipslaschedule1start-timenowipsla2udp-jitter10.
1.
151.
15000num-packets1000ipslaschedule2start-timenowipsla3icmp-jitter10.
1.
151.
1source-ip192.
168.
201.
1ipslaschedule3start-timenowSYSLOGconfigurationloggingtrapwarningslogging192.
168.
201.
104access-list120remarkWAASREDIRECTACLaccess-list120permitip10.
1.
151.
00.
0.
0.
255192.
168.
201.
00.
0.
0.
255access-list120permitip192.
168.
201.
00.
0.
0.
25510.
1.
151.
00.
0.
0.
255!
nlsresp-timeout1cpdcr-id1!
!
control-plane!
!
gatekeepershutdown!
linecon0exec-timeout00lineaux0linevty04exec-timeout00passwordlabtransportinputall!
exceptiondata-corruptionbuffertruncateschedulerallocate200001000!
NTPconfiguration2-76CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoicentpsourceGigabitEthernet0/1.
2ntpupdate-calendarntpserver172.
16.
81.
4endmline-Headend-CE#CiscoUnifiedMessagingGatewayMLINE-LBR-UMG#showrunBuildingconfiguration.
.
.
Currentconfiguration:1972bytes!
!
Lastconfigurationchangeat11:42:51PSTThuJul12010!
NVRAMconfiglastupdatedat11:42:52PSTThuJul12010!
version15.
0servicetimestampsdebugdatetimemsecservicetimestampslogdatetimemsecnoservicepassword-encryption!
hostnameMLINE-LBR-UMG!
boot-start-markerboot-end-marker!
loggingbuffered51200warnings!
noaaanew-model!
!
!
clocktimezonePST-7!
dot11syslogipsource-route!
!
ipcef!
!
ipdomainnameyourdomain.
comnoipv6cef!
multilinkbundle-nameauthenticated!
!
!
!
!
!
!
!
!
!
voice-card0!
!
2-77CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoice!
!
!
licenseudipidCISCO2851snFTX1411AKZT!
redundancy!
!
!
!
!
!
!
!
!
!
interfaceGigabitEthernet0/0ipaddress192.
168.
200.
104255.
255.
255.
0duplexautospeedauto!
!
interfaceGigabitEthernet0/1noipaddressshutdownduplexautospeedauto!
!
interfaceIntegrated-Service-Engine1/0ipaddress10.
1.
8.
20255.
255.
255.
0service-moduleipaddress10.
1.
9.
30255.
255.
255.
0!
Application:CiscoUMGrunningonNMEservice-moduleipdefault-gateway10.
1.
8.
20nokeepalive!
!
routerospf110log-adjacency-changesnetwork10.
0.
0.
00.
0.
0.
255area110network192.
168.
200.
00.
0.
0.
255area110!
ipforward-protocolndiphttpserveriphttpaccess-class23iphttpauthenticationlocalnoiphttpsecure-serveriphttptimeout-policyidle60life86400requests10000!
iproute0.
0.
0.
00.
0.
0.
0192.
168.
200.
1!
control-plane!
linecon0exec-timeout00lineaux0line66noactivation-characternoexectransportpreferrednonetransportinputalltransportoutputlatpadtelnetrloginlapb-tamopudptnv120sshlinevty04privilegelevel152-78CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionHighAvailabilityBranchwithSurvivableVoiceloginlocaltransportinputtelnetlinevty515privilegelevel15loginlocaltransportinputtelnet!
schedulerallocate200001000ntpupdate-calendarntpserver80.
80.
81.
4endMLINE-LBR-UMG#NME-UMGclocktimezoneAmerica/Los_AngeleshostnameMLINE-UMGipdomain-namemline.
comlineconsolelength0systemlanguagepreferred"en_US"ipname-server192.
168.
201.
104ntpserver172.
16.
81.
4prefersoftwaredownloadserverurl"ftp://127.
0.
0.
1/ftp"credentialshidden"6u/dKTN/hsEuSAEfw40XlF2eFHnZfyUTSd8ZZNgd+Y9J3xlk2B35j0nfGWTYHfmPSd8ZZNgd+Y9J3xlk2B35j0nfGWTYHfmPSd8ZZNgd+Y9J3xlk2B35j0nfGWTYHfmP"logtracelocalenablelicenseagentmax-sessions9usernameciscocreategroupnameAdministratorsmemberciscobackupserverurl"ftp://127.
0.
0.
1/ftp"credentialshidden"EWlTygcMhYmjazXhE/VNXHCkplVV4KjescbDaLa4fl4WLSPFvv1rWUnfGWTYHfmPSd8ZZNgd+Y9J3xlk2B35j0nfGWTYHfmPSd8ZZNgd+Y9J3xlk2B35j0nfGWTYHfmP"registrationendregistrationendMLINE-UMG2-79CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionListofFeaturesListofFeaturesTable1liststhefeaturesthatareincorporatedintheATM/KioskBranch,SurvivableVoiceEnabledBranch,andHighAvailabilityBranchwithSurvivableVoicesolutions.
EachrowinthetableincludesthefeaturenameandalinktoconfigurationdocumentationonCisco.
com.
Table1ListofFeaturesFeaturesDocument3G3GHigh-SpeedWANInterfaceCardSolutionDeploymentGuidehttp://www.
cisco.
com/en/US/docs/routers/access/1800/1861/software/guide/3g_sol_dg.
htmlAAACiscoIOSSecurityConfigurationGuide:SecuringUserServices,Release15.
1http://www.
cisco.
com/en/US/docs/ios/sec_user_services/configuration/guide/15_1/sec_user_services_15_1_book.
htmlBGPCiscoIOSIPRouting:BGPConfigurationGuide,Release15.
1,http://www.
cisco.
com/en/US/docs/ios/iproute_bgp/configuration/guide/15_1/irg_15_1_book.
htmlDHCPCiscoIOSIPAddressingConfigurationGuide,Release15.
1,http://www.
cisco.
com/en/US/docs/ios/ipaddr/configuration/guide/15_1/iad_15_1_book.
htmlDMVPNCiscoIOSSecurityConfigurationGuide:SecureConnectivity,Release15.
1,http://www.
cisco.
com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/15_1/sec_secure_connectivity_15_1_book.
htmlEIGRPCiscoIOSIPRouting:EIGRPConfigurationGuide,Release15.
1,http://www.
cisco.
com/en/US/docs/ios/iproute_eigrp/configuration/guide/15_1/ire_15_1_book.
htmlFlexibleNetFlowCiscoGettingStartedwithConfiguringCiscoIOSFlexibleNetFlow,Release15.
1http://www.
cisco.
com/en/US/docs/ios/fnetflow/configuration/guide/get_start_cfg_fnflow_ps10592_TSD_Products_Configuration_Guide_Chapter.
htmlFrameRelayCiscoIOSWide-AreaNetworkingConfigurationGuide,Release15.
1,http://www.
cisco.
com/en/US/docs/ios/wan/configuration/guide/15_1/wan_15_1_book.
htmlGETVPNCiscoIOSVPNConfigurationGuide,http://www.
cisco.
com/en/US/docs/security/vpn_modules/6342/vpn_cg.
htmlGRECiscoGenericRoutingEncapsulation(GRE),http://www.
cisco.
com/en/US/tech/tk827/tk369/tk287/tsd_technology_support_sub-protocol_home.
htmlHSRPCiscoIOSIPv6ConfigurationGuide,Release12.
4T,http://www.
cisco.
com/en/US/docs/ios/ipv6/configuration/guide/12_4t/ipv6_12_4t_book.
htmlIPMulticastCiscoIOSIPMulticastConfigurationGuide,Release15.
1http://www.
cisco.
com/en/US/docs/ios/ipmulti/configuration/guide/15_1/imc_15_1_book.
htmlIPSECCiscoIOSSecurityConfigurationGuide:SecureConnectivity,Release15.
1,http://www.
cisco.
com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/15_1/sec_secure_connectivity_15_1_book.
htmlIPSLACiscoIOSIPSLAsConfigurationGuide,Release15.
1,http://www.
cisco.
com/en/US/docs/ios/ipsla/configuration/guide/15_1/sla_15_1_book.
htmlMGCPCiscoIOSMGCPandRelatedProtocolsConfigurationGuide,Release15.
1http://www.
cisco.
com/en/US/docs/ios/voice/mgcp/configuration/guide/15_1/vm_15_1_book.
htmlMLPPPCiscoIOSDialConfigurationGuide,Release15.
1,http://www.
cisco.
com/en/US/docs/ios/dial/configuration/guide/15_1/dia_15_1_book.
html2-80CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionListofFeaturesNHRPCiscoIOSIPAddressingServicesConfigurationGuide,Release12.
4,http://www.
cisco.
com/en/US/docs/ios/ipaddr/configuration/guide/12_4/iad_12_4_book.
htmlNTPCiscoNetworkTimeProtocol(NTP)Introduction,http://www.
cisco.
com/en/US/tech/tk648/tk362/tk461/tsd_technology_support_sub-protocol_home.
htmlOSPFCiscoIOSIPRouting:OSPFConfigurationGuide,Release15.
1http://www.
cisco.
com/en/US/docs/ios/iproute_ospf/configuration/guide/15_1/iro_15_1_book.
htmlQoSCiscoIOSQualityofServiceSolutionsConfigurationGuide,Release15.
1,http://www.
cisco.
com/en/US/docs/ios/qos/configuration/guide/15_1/qos_15_1_book.
htmlSNMPCiscoIOSNetworkManagementConfigurationGuide,Release15.
1,SNMPSupport,http://www.
cisco.
com/en/US/docs/ios/netmgmt/configuration/guide/15_1/nm_15_1_book.
htmlSRSTCiscoUnifiedSurvivableRemoteSiteTelephonyConfigurationGuides,http://www.
cisco.
com/en/US/products/sw/voicesw/ps2169/products_installation_and_configuration_guides_list.
htmlSSHCiscoIOSSecurityConfigurationGuide:SecuringUserServices,Release15.
1,http://www.
cisco.
com/en/US/docs/ios/sec_user_services/configuration/guide/15_1/sec_user_services_15_1_book.
htmlSyslogCiscoIOSNetworkManagementConfigurationGuide,Release15.
1,http://www.
cisco.
com/en/US/docs/ios/netmgmt/configuration/guide/15_1/nm_15_1_book.
htmlTACACSCiscoIOSSecurityConfigurationGuide,Release15.
1,SecurityServerProtocols,http://www.
cisco.
com/en/US/docs/ios/sec_user_services/configuration/guide/15_1/sec_user_services_15_1_book.
htmlWAASCiscoWideAreaApplicationServices(WAAS)SoftwareConfigurationGuides,http://www.
cisco.
com/en/US/products/ps6870/products_installation_and_configuration_guides_list.
htmlZBFWCiscoIOSSecurityConfigurationGuide:SecuringtheDataPlane,Release15.
1,http://www.
cisco.
com/en/US/docs/ios/sec_data_plane/configuration/guide/15_1/sec_data_plane_15_1_book.
htmlTable1ListofFeaturesFeaturesDocument2-81CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionVerifyingFunctionalityVerifyingFunctionalityUsethefollowingsectionstoverifyservices,memoryandCPU,andthefeaturesthatarepartofthesolution.
VerifyCommonServices,page2-81VerifyMemoryandCPU,page2-83VerifyFeatures,page2-83VerifyCommonServicesUsethefollowingshowcommandsanddebugcommandstoverifycommonservicesusedacrossallfinancialbranchCiscoValidatedDesigns(CVDs).
Tovieworprintthecommands,usetheCommandLookuptoolonCisco.
combyenteringthekeywords"commandlookup"intheCisco.
comsearchfield.
ACisco.
comuseraccountisrequiredtousethetool.
Ifyoudonothaveauseraccount,youcancreateone,https://tools.
cisco.
com/RPF/register/register.
do.
Table2listscommonservicesthatarerunninginthebackgroundintheCiscoValidatedDesigns,andcommandsyoucanusetoverifyoperationsandconfiguration.
Debugcommandsarelistedafterthetabletohelpyoutroubleshootservicesthatarenotrunningproperly.
.
Table2CommonServicesShowCommandsServicesShowCommandsCommandDescriptionCDPshowcdpneighborsshowcdpshowcdpneighborsdetailUsethiscommandtoshowCDPneighbors.
UsethiscommandtoverifytheconfiguredvaluesofCDPparametersontherouter.
UsethiscommandtocheckwhichCiscodevicesareconnectedtotherouter.
EnergyWiseshowenergywisestatisticsUsethiscommandtodisplaythecountersforalleventsanderrors.
showenergywiserecurrencesUsethiscommandtocheckthenumberofrecurrencesofapredefinedenergywisepolicy.
showenergywiseUsethiscommandtodisplaytheenergywisestatusandsettingsfortheenergywiseenabledrouter.
IPSLAshowipslastatisticsshowipslaresponderUsethiscommandtodisplaytheIPSLAtypeconfiguredandrelatedstatisticsontherouter.
UsethiscommandtodisplaytheIPSLAresponder-relatedstatisticsontherouter.
Forinstance,thiscommandwouldbeapplicablewhentherouterisconfiguredasIPSLAresponder.
NetFlowshowipflowexportshowipcacheflowUsethesecommandstoverifytheNetFlowpacketsexportedtotheNetFlowcollectorenginefromthebranchrouter.
2-82CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionVerifyingFunctionalityDebugCommandsdebugtacacsdebugaaadebugipslaerrordebugipslatracedebugflowexporterdebugsnmppacketsdebugntppacketsdebugipsshNTPshowntpstatusshowntpassociationsUsethiscommandtoverifywhethertherouter,whichisconfiguredasanNTPclient,issyncedtotheconfiguredNTPserver.
UsethiscommandtoverifywhichNTPservertherouterissynced.
SNMPshowsnmpUsethiscommandtoverifythesnmppackets/traps/eventssenttoaconfiguredSNMPserverfromtherouter.
SSHv2showipsshshowsshshowipflowexportshowipcacheflowUsethiscommandtochecktheSSHversionandconfiguration.
UsethiscommandtocheckthestateofthecurrentSSHconnections(ifany)ontherouter.
UsethiscommandtochecktheSSHversionandconfiguration.
UsethiscommandtocheckthestateofthecurrentSSHconnections(ifany)ontherouter.
ZeroTouchshowcnseventconnectionsshowcnsconfigconnectionsUsethiscommandtoshowthestatusofcommunicationbetweentheembeddedCNSagentintheIOSandtheeventhandlerontheCiscoConfigurationEngine.
UsethiscommandtoshowthestatusofcommunicationbetweentheembeddedCNSagentintheIOSandtheconfigurationhandlerontheCiscoConfigurationEngine.
Table2CommonServicesShowCommandsServicesShowCommandsCommandDescription2-83CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionVerifyingFunctionalityVerifyMemoryandCPUTable3listscommandsthatyouenteronthecommandlineinterfacetolearnaboutmemoryandCPUstatisticsfortherouter.
VerifyFeaturesThefollowingfeaturesareincludedintheATM/KioskBranch,SurvivableVoiceEnabledBranch,andHighAvailabilityBranchwithSurvivableVoicesolutions.
UsethefollowingshowcommandsanddebugcommandstoverifycommonservicesintheCiscoValidatedDesigns(CVDs).
Tovieworprintthecommands,usetheCommandLookuptoolonCisco.
com.
ACisco.
comuseraccountisrequiredtousethetool.
Ifyoudonothaveauseraccount,youcancreateone,https://tools.
cisco.
com/RPF/register/register.
do.
CiscoUnifiedSRSV-CUE,page2-84EnergyWise,page2-85Fax,page2-85FrameRelay,page2-85HSRP,page2-86Multicast,page2-86NetFlow,page2-87PRI,page2-87QoS,page2-87SSHv2,page2-90Voice,page2-90WideAreaApplicationServices(WAAS),page2-93Table3MemoryandCPUShowCommandsShowCommandsCommandDescriptionshowprocesscpusortedUsethiscommandtodisplaysorteddetailedCPUutilizationstatistics.
showprocessmemorysortedUsethiscommandtoshowmemoryused.
showprocesscpuhistoryUsethiscommandtodisplaydetailedCPUutilizationstatistics(CPUuseperprocess)whenCiscoIOSorCiscoIOSSoftwareModularityimagesarerunning.
showdebugmemoryleakssummaryUsethiscommandtodisplayasummaryofdetectedmemoryleaks.
2-84CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionVerifyingFunctionalityCiscoUnifiedSRSV-CUETable4providescommandsthatverifyCiscoUnifiedSRSV-CUEoperationsandconfigurations.
DebugCommandstracesrsxsrsv-engineallshowtracebuffertailTable4CiscoUnifiedSRSV-CUEShowCommandsShowCommandsCommandDescriptionshowsrsvauto-attendantUsethiscommandtodisplaythestatusoftheauto-attendantconfigurationthatisprovisionedbytheCiscoUMG.
showsrsvconfigurationUsethiscommandtodisplaytheSRSVconfiguration.
showccnapplicationUsethiscommandtodisplaythecurrentlyconfiguredapplications.
showccnengineUsethiscommandtodisplaydetailsoftheconfiguredCiscoUnityExpresssoftwareengine.
showccnsubsystemjtapiUsethiscommandtodisplaytheJTAPIsubsystemparameters.
showsystemlanguageinstalledUsethiscommandtodisplaythelanguagesthatareavailableforuse.
showvoicemailconfigurationUsethiscommandtodisplaytheconfiguredFromaddressforoutgoinge-mail.
showvoicemaildetailUsethiscommandtodisplaythedetailsforageneraldeliverymailboxorasubscriberwiththenamevalue.
showvoicemaillimitsUsethiscommandtodisplaydefaultvaluesforallmailboxes.
showvoicemailmailboxesUsethiscommandtodisplayallconfiguredmailboxesandtheircurrentstoragestatus.
showvoicemailmailboxesUsethiscommandtodisplayallconfiguredmailboxesandtheircurrentstoragestatus.
showvoicemailmessagesfutureUsethiscommandtodisplayallmessagesscheduledforfuturedelivery.
showvoicemailusersUsethiscommandtolistallthelocalvoicemailsubscribers.
2-85CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionVerifyingFunctionalityEnergyWiseTable5providescommandsthatdisplayEnergyWisesettingsandconfigurations.
FaxTable6providescommandsthatverifyfaxoperationsandconfigurations.
DebugCommandsdebugmgcppacketsdebugvoiprtppacketsdebugsccpconnFrameRelayTable7providesacommandthatverifiesFrameRelaystatistics.
DebugCommandsdebugframe-relayeventsdebugframe-relaypacketTable5EnergyWiseShowCommandsShowCommandsCommandDescriptionshowenergywiseneighborsUsethiscommandtodeletethediscoveredneighborsandendpointsrunningagentsorclientsfromtheEnergyWiseneighbortable.
showenergywiseUsethiscommandtodisplaytheEnergyWisesettings,thestatusofthedomainmember,andthestatusoftheswitchportwithaconnectedendpoint.
showenergywiseversionUsethiscommandtodisplaytheEnergyWiseversion.
Table6FaxShowCommandsShowCommandsCommandDescriptionshowvoiprtpconnUsethiscommandtodisplayReal-TimeTransportProtocol(RTP)eventpackets.
showcallactivevoiceUsethiscommandtodisplaycallinformationforcallsinprogress.
showsccpconnUsethiscommandwhenthefaxtranscoderisinvolved.
Table7FrameRelayShowCommandShowCommandCommandDescriptionshowframe-relaypvc[number]Usethiscommandtodisplaystatisticslikeinput/outputpackets/bytesandpacketdropsforspecificsconfiguredonframe-relayencapsulatedinterfacesontherouter.
2-86CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionVerifyingFunctionalityHSRPTable8providesacommandthatverifiesHSRPgroupsandinterface.
DebugCommandsdebugstandbypacketsdebugstandbyeventsMulticastTable9providescommandsthatverifytheProtocolIndependentMulticast(PIM)neighborrelationships.
DebugCommandsdebugipmpacketdebugipmfibpsTable8HighAvailabilityShowCommandShowCommandCommandDescriptionshowstandbyUsethiscommandtoshowthedifferentHSRPgroupsandtheassociatedinterfaces.
Italsodisplaysusefulinformationaboutthecurrentroleoftherouter(active/standby),priorities,authenticationstring(ifany),andinterfacesbeingtracked.
Table9MulticastShowCommandsShowCommandsCommandDescriptionshowippimneighborUsethiscommandtodisplayinformationaboutPIMneighborsdiscoveredbyPIMv1routerquerymessagesorPIMv2hellomessages.
showipigmpgroupsUsethiscommandtodisplaythemulticastgroupswithreceiversthataredirectlyconnectedtotherouterandthatwerelearnedthroughInternetGroupManagementProtocol(IGMP).
showippimrpmappingUsethiscommandtodisplaythemappingsforthePIMgrouptotheactiverendezvouspoints.
showipmrouteUsethiscommandtodisplaythecontentsofthemulticastrouting(mroute)table.
showipmulticastUsethiscommandtodisplayinformationaboutIPmulticastglobalconfigurationparameters.
2-87CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionVerifyingFunctionalityNetFlowTable10providescommandsthatverifyNetFlowoperationsandconfigurations.
PRITable11providesacommandthatverifiesPRIchannelinformation.
DebugCommandsdebugisdnq931debugisdnq921QoSTable12providescommandsthatdisplaystatisticsandconfigurationsfortheQoSpoliciesonrouterinterfaces.
DebugCommandsdebugqoseventsdebugqosstatsdebugqoscceTable10NetFlowShowCommandsShowCommandsCommandDescriptionshowipflowexportUsethiscommandtodisplaythestatusandthestatisticsforNetFlowaccountingdataexport,includingthemaincacheandallotherenabledcaches.
showipflowtop-talkersUsethiscommandtodisplaythestatisticsfortheNetFlowaggregatedtoptalkersornotaggregatedtopflows.
showipcacheflowUsethiscommandtodisplayasummaryoftheNetFlowaccountingstatistics.
Table11PRIChannelsShowCommandsShowCommandsCommandDescriptionshowisdnstatusUsethiscommandtoshowinformationaboutmemory,Layer2andLayer3timers,andthestatusofPRIchannels.
Table12QualityofServiceShowCommandsShowCommandsCommandDescriptionshowclass-mapUsethiscommandtodisplayalloftheclassmapsandtheirmatchingcriteria.
showpolicy-mapinterfaceUsethiscommandtodisplaythestatisticsandtheconfigurationoftheinputandoutputpoliciesthatareattachedtoaninterface.
2-88CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionVerifyingFunctionalityRoutingTable13providescommandsthatverifyroutingconfigurations.
.
DebugCommandsdebugbgpalleventsdebugeigrppacketsdebugbgpipv4unicast/multicastSecurityIPSec,page2-89Zone-basedFirewall,page2-89GETVPN,page2-89Table13RoutingShowCommandsShowCommandsCommandDescriptionshowipbgpUsethiscommandtodisplaythebgprelatedconfigurationsontherouter.
showipeigrpUsethiscommandtodisplaytheeigrprelatedconfigurationsontherouter.
showiproutebgpUsethiscommandtodisplaybgproutesdiscoveredontherouter.
showiprouteeigrpUsethiscommandtodisplayeigrproutesdiscoveredontherouter.
showipbgpneighborUsethiscommandtodisplayallthebgpneighborsoftherouter.
showipeigrpneighborUsethiscommandtodisplayalltheeigrpneighborsoftherouter.
showiprouteUsethiscommandtodisplayalltheroutesintheroutingtableoftherouter.
showiproutetrackUsethiscommandtodisplaythestateoftheroutingtable(up/down)fortheroutestrackedontherouter.
showipmrouteactiveUsethiscommandtodisplaythecontentsofthemulticastrouting(mroute)table,whichdisplaystheratethatactivesourcesaresendingtomulticastgroupsinkilobitspersecond.
showipmroutecountUsethiscommandtodisplaythecontentsofthemulticastrouting(mroute)table,whichdisplaysstatisticsaboutthegroupandsource,includingnumberofpackets,packetspersecond,averagepacketsize,andbytespersecond.
2-89CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionVerifyingFunctionalityIPSecTable14providescommandsthatverifycommonsecurityfeaturesandoperations.
DebugCommandsdebugcryptoipsecdebugcryptoisakmpZone-basedFirewallTable15providescommandsthatverifyZone-basedFirewallpoliciesandstatistics.
DebugCommandsdebugzone-securityeventsGETVPNTable16providescommandsthatverifyVPNoperations.
Table14Security—IPSECShowCommandsShowCommandsCommandDescriptionshowcryptoipsecsaUsethiscommandtodisplaythesettingsusedbycurrentsecurityassociations(SAs).
showcryptoisakmpsaUsethiscommandtodisplaycurrentIKESA's.
showcryptoisakmppolicyUsethiscommandtodisplaytheparametersforeachInternetKeyExchange(IKE)policy.
Table15Zone-basedFirewallShowCommandsShowCommandsCommandDescriptionshowzone-pairsecurityUsethiscommandtodisplaythesourcezone,destinationzone,andpolicyattachedtothezone-pair.
showzonesecurityUsethiscommandtodisplayzonesecurityinformation.
showpolicy-maptypeinspectzone-pairUsethiscommandtodisplaytheruntimeinspecttypepolicymapstatisticsandinformationsuchassessionsexistingonaspecifiedzonepair.
Table16SecurityShowCommandsShowCommandsCommandDescriptionshowcryptogdoigmUsethiscommandtoverifythattheGETVPNGroupMember(GM)(thatis,router)hassuccessfullyregisteredtoakeyserver.
showcryptogdoigmaclUsethiscommandtodisplaytheACLsthathavebeendownloadedfromtheKeyServer.
ItalsodisplaysthelocalconfiguredACLs,ifany.
TheseACLsdeterminethetrafficthatisselectedforencryption.
2-90CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionVerifyingFunctionalityDebugCommandsdebugcryptogdoigmdebugcryptogdoiksdebugcryptoipsecSSHv2Table17providescommandsthatverifySSHv2operations.
VoiceVoiceCalls,page2-91MGCP,page2-91VoiceSecurity,page2-92showcryptogdoigmreplayUsethiscommandifTBARisconfigured.
ItdisplaystheTBARparameters.
IfthereareTBARerrors,thiscommandhelpsyoucheckthetimechangebetweenthisGMandotherGMs.
showcryptoipsecsaUsethiscommandtodisplaytheIPSecsecurityassociationscurrentlyestablishedontherouter.
Wheninterpretingtheoutput,rememberthattheSAsareunidirectionalandtheyareuniqueineachsecurityprotocol.
showcryptogdoiksmembersUsethiscommandonlyontheKeyServer.
UseittodisplaythegroupmembersthatarecurrentlyintheGETVPNgroupandmanagedbythekeyserver(s).
showcryptogdoikscoopUsethiscommandonlyontheKeyServer.
UseitwhenmultiplekeyserversareoperatinginCOOPmode.
Thiscommanddisplaysthestateofthekeyservers(Active/Secondary,priority,andsoon).
showcryptogdoikspolicyUsethiscommandonlyontheKeyServer.
UseittodisplaytheTEKandKEKpolicycurrentlyconfiguredandappliedtothegroupmembers.
Table16SecurityShowCommandsShowCommandsCommandDescriptionTable17SSHv2ShowCommandsShowCommandsCommandDescriptionshowsslUsethiscommandtodisplaythestatusofSecureShell(SSH)serverconnectionsontherouter.
showipsshUsethiscommandtodisplaytheversionandconfigurationdataforSecureShell(SSH).
2-91CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionVerifyingFunctionalityVoiceCallsTable18providescommandsthatverifyVoicecalloperationsandconfigurations.
DebugCommandsdebugisdnq931debugisdnq921debugsccpalldebugmgcppacketsdebugvoiprtpconnMGCPTable19providescommandsthatverifyVoiceMGCPgatewayoperationsandconfigurations.
Table20providescommandsthatverifyMGCPfallbackoperations.
Table18VoiceShowCommandsShowCommandsCommandDescriptionshowvoicecallsummaryUsethiscommandtodisplaycallsfromPSTNtocustomer-site/headquartersorviceversathroughPRI.
showcallactivevoicebrUsethiscommandtodisplaycallinformation.
showvoiprtpconnUsethiscommandtodisplayReal-TimeTransportProtocol(RTP)namedeventpackets.
showsccpconnectionUsethiscommandifthecallgoestovoicemailandthereistranscoding.
showcallactivevoiceecho-cancellersummaryUsethiscommandtodisplaythestateofechocanceller.
showcallactivevoicesummaryUsethiscommandtodisplayasummaryofvoicecallinformationinprogress.
Table19VoiceMGCPGatewayShowCommandsShowCommandsCommandDescriptionshowccm-managerUsethiscommandtoverifytheactiveandredundantconfiguredCiscoCallManagerservers.
ItalsoindicateswhetherthegatewayiscurrentlyregisteredwiththeCiscoCallManager.
showmgcpUsethiscommandtoverifythestatusoftherouterMGCPparameters.
YoushouldrefertotheIPaddressoftheCiscoCallManagerserverthatyouuse.
Allotherparametersremainintheirdefaultstateinthisconfiguration.
showmgcpendpointUsethiscommandtoshowthevoiceports(endpoints)thatareunderMGCPcontrolintherouter.
ThiscommandverifieswhichvoiceportshavebeenboundtotheMGCPapplication.
2-92CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionVerifyingFunctionalityDebugCommandsdebugmgcp[all|errors|events|packets|parser]debugccm-managereventsVoiceSecurityTable21providescommandsthatverifyVoicesecurityfeaturesandoperations.
showmgcpconnectionUsethiscommandtodisplayanyactiveMGCPconnections.
ThiscorrespondstotheMGCPMemberConfigurationidentifierinCiscoCallManager.
Ittellsyouwhichportontherouteristheendpointinthecall.
showvoiceportmod_number/slot_number/port_numberUsethiscommandtoverifythecurrentstatusandconfigurationofthevoiceportsontherouter.
showmgcpstatisticsUsethiscommandtoshowstatisticalinformationrelatedtoMGCPactivityontherouter.
showdial-peervoicesummaryUsethiscommandtodisplaydial-peerinformation.
showsccpUsethiscommandtoverifyiftheexternaltranscoderisregisteredtotheCall-manager.
Table20MGCPFallbackShowCommandsShowCommandsCommandDescriptionshowcall-manager-fallbackallUsethiscommandtodisplaythedetailedconfigurationofallCiscoIPPhones,voiceports,anddialpeersinyournetworkduringCiscoCallManagerfallback.
showcall-manager-fallbackdial-peerUsethiscommandtodisplaytheoutputforthedialpeersduringCiscoCallManagerfallback.
showccm-managerfallback-mgcpUsethiscommandtodisplayalistofCiscoCallManagerserversandtheircurrentstatusandavailability.
Table19VoiceMGCPGatewayShowCommandsShowCommandsCommandDescriptionTable21VoiceShowCommandsShowCommandsCommandDescriptionshowcryptoisakmpsaUsethiscommandtodisplaythestateofisakmpsecurityassociationscurrentlyestablishedontherouter.
showcryptosessiondetailUsethiscommandtodisplaythestateofthecryptotunnelestablishedontherouter.
showdmvpndetailUsethiscommandtodisplaythestateoftheDMVPNtunnel,tunnelsource/destinationipaddresses,andNBMApeersontherouter.
2-93CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionVerifyingFunctionalityDebugCommandsdebugvoiceccapiinoutdebugisdnq931debugvoiprtppacketdebugccsipalldebugephonedetaildebugdmvpnallalldebugcryptoipsecWideAreaApplicationServices(WAAS)Table22providesacommandthatisenteredfromtheCiscoInternetOperatingSystem(IOS)commandpromptontherouter.
ThecommandalsoverifiesCiscoWebCacheCommunicationProtocol(WCCP)ontheWAEdevice.
showipnhrpsummaryUsethiscommandtodisplayNBMAandNHRPrelatedinformationontherouter.
showephoneregisteredUsethiscommandinSRSTmodetoverifythattheSCCPphonesareregisteredtotherouter.
showisdnstatUsethiscommandtocheckthestatusoftheISDNPRIconnectiontothePSTN.
showdial-peervoicesummaryUsethiscommandtoseeasummaryofthedial-peersandthestatus.
showvoiprtpconnectionsUsethiscommandtocheckallactiveRTPconnections(IPsandports)ontherouter.
ItisusefulontheCUBEdevicewheretherearetwolegsofmediabeingbridged.
showcallactivevoicebriefUsethiscommandtoseeasummaryofallvoiceconnectionscurrentlyactiveontherouter.
ItincludesinformationonTx/Rxpackets,codecsused,andtheendpointIPaddresses.
Table21VoiceShowCommandsShowCommandsCommandDescriptionTable22WAASRouter-SideShowCommandShowCommandsCommandDescriptionshowipwccpUsethiscommandtodisplaytheglobalWCCPinformation,includingtheconfiguredservicegroups,statisticsonpktsseen/redirectedtotheWAASmodule,andtherouteridentifierandversion.
ThisisausefulcommandtoverifythatthebasicWAASmoduleisupandrunningontherouter.
2-94CiscoSolutionsforFinancialBranchBankingChapter2DeployingtheSolutionVerifyingFunctionalityTable23listscommandsthatareenteredfromtheWAEdevicecommandprompt,andtheyverifiesWCCPontheWAEdevice.
DebugCommandsdebugwccpeventsdebugwccperrorsTable23WAEModuleShowCommandsShowCommandsCommandDescriptionshowwccpUsethiscommandtodisplaytheWCCPinformationforaCiscoWAEdevice.
showwccpgreUsethiscommandtodisplaytheCiscoWCCPgenericroutingencapsulation(GRE)packet-relatedinformation.
showwccproutersUsethiscommandtodisplaytheroutersseenornotseenbythisCiscoWAEdevice.
showwccpstatusUsethiscommandtodisplaytheversionofCiscoWCCPthatisenabledandrunning.
showdevice-modeconfiguredcurrentUsethiscommandtodisplaytheconfiguredorcurrentdevicemodeofaCiscoWideAreaApplicationServices(WAAS)device.
showdevice-modeconfigured/currentUsethiscommandtodisplaytheconfiguredorcurrentdevicemodeofaCiscoWideAreaApplicationServices(WAAS)device.
showegress-methodsUsethiscommandtodisplaytheegressmethodthatisconfiguredandbeingusedonaparticularCiscoWAEdevice.
showcifsconnectivitypeersUsethiscommandtodisplayrun-timeinformationonedge-coreconnectivityandalistofconnectedcores.
showcifssessionscountUsethiscommandtodisplayrun-timeinformationabouttheactiveCIFSsessionsandthenumberofpendingCIFSrequests.
showcifssessionslistUsethiscommandtodisplayrun-timeinformationonactiveCIFSsessionsandalistingofconnectedCIFSsessions.
showpolicy-engineapplicationclassifiedUsethiscommandtodisplayinformationaboutthespecifiedapplicationclassifierorallclassifiersifnoapplicationisspecified.
Itincludestheapplicationnameandthematchstatementthatdefinestheinterestingtraffic.
showstatisticscifsUsethiscommandtodisplaytheCIFSstatisticsinformation.
showstatisticsdredetailUsethiscommandtodisplaydataredundancyelimination(DRE)generalstatisticsforaCiscoWAEdevice.
showstatisticstfodetailUsethiscommandtodisplayTFOstatisticsforaCiscoWAEdevice.
Itisausefulcommandfordebugproblemssuchasconnectionoverloadandcheckingthetotalnumberofhits.
CHAPTER3-1CiscoSolutionsforFinancialBranchBanking3ManagementInformationDatabasesThischapterprovidesalistoftheMIBSthatareincludedinthesolutions.
ATM/KioskBranchVoiceEnabledBranchHighAvailibilityBranchwithVoiceSurvivableVoiceTable3-1ATM/KioskBranchMIBDescriptionCISCO-BGP4-MIBThisMIBprovidesBGPstatusandstatistics.
CISCO-CDP-MIBThisMIBcontainsinformationrelatedtoCDPandenablesSNMPagentstoobtaininformationaboutadevice'sneighbor.
CISCO-NETFLOW-MIBThisMIBprovidesamethodforgettingnetflowcacheinformation,andcurrentnetflowconfigurationandstatistics.
CISCO-NTP-MIBThisMIBenablesuserstomonitorthestatusofNTPonadevice.
CISCO-IPSEC-MIBThisIPSecMIBallowsIPSecconfigurationmonitoringandIPSecstatusmonitoringusingSNMP.
CISCO-EIGRP-MIBThisMIBprovidesEIGRPstatusandstatistics.
CISCO-FRAME-RELAY-MIBThisMIBprovidesFrameRelaystatistics.
Table3-2VoiceEnabledBranchMIBDescriptionCISCO-CLASS-BASED-QOS-MIBThisMIBprovidesreadaccesstoQoSconfigurationandstatisticsinformationforCiscoplatformsthatsupportthemodularQoScommandlineinterface.
CISCO-EIGRP-MIBThisMIBprovidesEIGRPstatistics.
CISCO-ENERGYWISE-MIBThisMIBisusedtomanageandoptimizeCiscopowerextensionsspecifications.
CISCO-IPSEC-MIBThisMIBallowsIPSecconfigurationmonitoringandIPSecstatusmonitoringusingSNMP.
3-2CiscoSolutionsforFinancialBranchBankingChapter3ManagementInformationDatabasesCISCO-ICSUDSU-MIBThisMIBisusedtomonitortheT1interfaces.
CISCO-NETFLOW-MIBThisMIBprovidesasimpleandeasymethodtogetnetflowcacheinformation,andcurrentnetflowconfigurationandstatistics.
Table3-3HighAvailibilityBranchwithVoiceSurvivableVoiceMIBDescriptionCISCO-BGP4-MIBThisMIBprovidesBGPstatusandstatistics.
CISCO-CDP-MIBThisMIBcontainsinformationrelatedtoCDPandenablesSNMPagentstoobtaininformationaboutadevice'sneighbor.
CISCO-CLASS-BASED-QOS-MIBThisMIBprovidesreadaccesstoQoSconfigurationandstatisticsinformationforCiscoplatformsthatsupportthemodularQoScommandlineinterface.
CISCO-ENERGYWISE-MIBThisMIBisusedtomanageandoptimizeCiscopowerextensionsspecifications.
CISCO-ENVMON-MIBThisMIBtracksthestatusoftheenvironmentmonitorondevices.
CISCO-HSRP-MIBTheHSRBMIBenablesSNMPgetoperationstoallownetworkdevicestogetreportsaboutHSRPgroupsinanetworkfromthenetworkmanagementstation.
CISCO-ISDN-MIBThisMIBprovidesstatusonISDNchannels.
CISCO-NETFLOW-MIBThisMIBprovidesawaytogetnetflowcacheinformation,andcurrentnetflowconfigurationandstatistics.
CISCO-NTP-MIBThisMIBenablesuserstomonitorthestatusofNTPonadevice.
CISCO-IPSEC-MIBThisMIBallowsIPSec-configurationmonitoringandIPSec-statusmonitoringusingSNMP.
Table3-2VoiceEnabledBranchMIBDescription