Saturday, September 10, 2016

Cisco dCloud Free Virtual Labs

Cisco dCloud offers free virtual labs (you can use your CCO login) for doing network simulation and Proof of Concept (POC). With dCloud, you don't have to go through your Cisco account manager and ask for hardware just to test some latest feature and services in your network environment. My first experience using dCloud was doing a POC for ASA with FirePower. Just follow these steps to register and schedule an event with dCloud. It will first ask you to create a profile and select which dCloud server is near your country. There's a cool video introduction and a helpful dCloud manual which will guide you on each step.


You can use a Cisco IOS router as an endpoint device that will establish a VPN session to dCloud network. There's a list of recommended routers but I was able to use a Cisco 2811 router with Advanced Security K9 IOS 15.4 (c2800nm-advsecurityk9-mz.151-4.M10.bin). I've installed this IOS in order to support the ip dns view commands. You can also use a virtual router to connect to dCloud.



There are a few options which dCloud can configure your endpoint router. I chose the Console method so that I have full control on which configurations to apply.



You'll be asked to download a KitWizard, which is a zipped file, and apply it to your router and other LAN devices via console connection. I only applied the EZVPN related config, IP addressing and changed the ports to FastEthernet since I'm using a 2811 router.


You can also test your router connection to gauge its download/upload speed to dCloud.



I see a lot of benefits using dCloud such as there's no need to download evaluation software and license, you don't need to buy a VM server and worry about RAM size and you'll only need a fairly recent Cisco ISR router or a PC with AnyConnect installed. Most of all you don't have to blow up your production network and you could leverage dCloud for studying high level certs such as CCNP Security, CCNP Wireless, CCNP Collaboration or CCNP Service Provider. Below is the wireless lab topology that I've used while studying for my CCNA Wireless (WIFUND) and CWNA, which I integrated to dCloud network.



Go to My Sessions > search for a Content > I chose Cisco ISE2.0 For BYOD and Guest Management v1.1 since it includes Cisco Identity Services Engine (ISE) 2.0 and Cisco Prime Infrastructure (PI) 2.2 which is all I need for my wireless lab. The requested schedule will only be approved by dCloud support during business hours. 



Cisco ISE 2.0 For BYOD and Guest Management v1.1

Components

    Cisco Identity Services Engine (ISE) 2.0
    Cisco Prime Infrastructure 2.2
    Cisco Mobility Services Engine (MSE) 8.0
    Microsoft Active Directory-Windows 2008 R2
    Microsoft Exchange 2010-Windows 2008 R2
    Cisco Virtual Wireless Controller (vWLC) 8.0
    Cisco Virtual Cloud Services Router (CSRv)


Once your content is chosen, click Schedule. I clicked Extend session for longer than 5 days to give me plenty of time to play around. Click Request an Event.
 




An email notification will be sent to your registered email once booking is successful. My initial scheduled event wasn’t successful since I booked it on a weekend and after business hours. I was contacted by dCloud to make sure to schedule an event during business hours on a weekday.
 

You can add your router to your scheduled event by going to My sessions > select the router name under Available routers > click the down arrow > click Update.


You can verify if the router was successfully added under Routers > View Schedule.
 

Once your schedule is active, select View.


There are three main tabs which gives you more details for the selected lab: Details, Servers and Resources.
 



Click on a server and HTTPS to the given public IP address and type the username/password provided.


I was able to test and play around with the features of Cisco ISE and Prime afterwards.





Below are the "minimum" EZVPN configuration that I applied on my Cisco 2811 router to make it work with dCloud.

service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime

hostname kit-7869

logging buffered 5120000 debugging
enable secret cisco

aaa new-model

aaa authentication login default none

ip dhcp excluded-address 10.72.235.193 10.72.235.195
ip dhcp excluded-address 10.74.235.193 10.74.235.195

ip dhcp pool wired-data
   import all
   network 10.72.235.192 255.255.255.240
   default-router 10.72.235.193
   dns-server 10.72.235.193
   domain-name dcloud.cisco.com
   option 186 ip 198.18.133.6

ip dhcp pool wireless-data
   import all
   network 10.74.235.192 255.255.255.240
   default-router 10.74.235.193
   dns-server 10.74.235.193
   domain-name dcloud.cisco.com

username admin secret 5 $1$ByPQ$iCfNIwXDn5aBTKJQ4Dig1.

ip access-list extended acl-vpn-initiate
 remark traffic that will initiate the VPN session
 permit ip 10.64.0.0 0.63.255.255 198.18.0.0 0.1.255.255
ip access-list extended acl-nontunnel-traffic
 remark nat only non-tunnel-traffic
 remark no-nat to vpod networks
 deny   ip 10.64.0.0 0.63.255.255 198.18.0.0 0.1.255.255
 remark no-nat to other kits
 deny   ip 10.64.0.0 0.63.255.255 10.64.0.0 0.63.255.255
 remark no-nat to device VPNs
 deny   ip 10.64.0.0 0.63.255.255 10.16.0.0 0.1.255.255
 remark nat all other traffic
 permit ip 10.64.0.0 0.63.255.255 any

crypto isakmp keepalive 10 periodic

crypto ipsec client ezvpn ToDemo
 connect acl acl-vpn-initiate
 ctcp port 443
 group dcloud-ipsec key Sup6pSup6p
 local-address FastEthernet0/0
 mode network-extension
 peer dcloud-rtp-ipsec.cisco.com
 peer dcloud-emear-ipsec.cisco.com
 peer dcloud-apjc-ipsec.cisco.com
 peer dcloud-chi-ipsec.cisco.com

username endpoint-kit-7869 password jetq0tXcgIQWsuoZqnzF

xauth userid mode local

ip dns server
ip dns name-list 1 permit .*.DCLOUD.CISCO.COM
ip dns view vpod-dns
 domain name-server  198.18.133.1
 dns forwarder 198.18.133.1
 dns forwarding source-interface FastEthernet0/1.10
ip dns view-list splitdns
 view vpod-dns 10
  restrict name-group 1
 view default 20

ip domain lookup source-interface FastEthernet0/1.10

interface FastEthernet0/0
 description dCloud Kit outside Interface for EZVPN
 no ip dhcp client request tftp-server-address
 ip address dhcp client-id FastEthernet0/0
 ip flow ingress
 ip nat outside
 duplex auto
 speed auto
 no cdp enable
 crypto ipsec client ezvpn ToDemo
 no shutdown

interface FastEthernet0/1
 description Connection to dCloud Kit LAN
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 duplex auto
 speed auto
 no shutdown

interface FastEthernet0/1.10
 description : dCloud Kit Wired Data
 encapsulation dot1Q 10
 ip address 10.72.235.193 255.255.255.240
 ip dns view-group splitdns
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1000
 crypto ipsec client ezvpn ToDemo inside
 no shutdown

 interface FastEthernet0/1.11
 description VLAN11 : dCloud Kit Wireless Data
 encapsulation dot1Q 11
 ip address 10.74.235.193 255.255.255.240
 ip dns view-group splitdns
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1000
 crypto ipsec client ezvpn ToDemo inside
 no shutdown

interface Loopback 0
 description Used for telnet access to the router
 ip address 10.0.1.1 255.255.255.255
 no shutdown

ip nat inside source list acl-nontunnel-traffic interface FastEthernet0/0 overload

line con 0
 password cisco
 login
 logging synchronous

line vty 0 15
 password cisco
 login
 logging synchronous


Below is the full router running config.

kit-7869#show run
Building configuration...

Current configuration : 4430 bytes
!
! Last configuration change at 15:24:51 UTC Thu Sep 1 2016
! NVRAM config last updated at 15:30:08 UTC Thu Sep 1 2016
! NVRAM config last updated at 15:30:08 UTC Thu Sep 1 2016
version 15.1
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
service sequence-numbers
!
hostname kit-7869
!
boot-start-marker
boot-end-marker
!
!
logging buffered 5120000
enable password 7 01100F175804
!
aaa new-model
!
!
aaa authentication login default none
!
!
!
!
!
aaa session-id common
!
!
dot11 syslog
ip source-route
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.74.235.193 10.74.235.195
ip dhcp excluded-address 10.72.235.193 10.72.235.196
!
ip dhcp pool wired-data
 import all
 network 10.72.235.192 255.255.255.240
 default-router 10.72.235.193
 dns-server 10.72.235.193
 domain-name dcloud.cisco.com
 option 186 ip 198.18.133.6
!
ip dhcp pool wireless-data
 import all
 network 10.74.235.192 255.255.255.240
 default-router 10.74.235.193
 dns-server 10.74.235.193
 domain-name dcloud.cisco.com
!
!
!
ip domain lookup source-interface FastEthernet0/1.10
ip name-server 8.8.8.8
!
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2811 sn FHK1308F18L
username admin privilege 15 secret 5 $1$ByPQ$iCfNIwXDn5aBTKJQ4Dig1.
!
redundancy
!
!
!
crypto isakmp key Sup6pSup6p hostname dcloud-apjc-ipsec.cisco.com
crypto isakmp keepalive 10 periodic
!
!
!
!
!
crypto ipsec client ezvpn ToDemo
 connect acl acl-vpn-initiate
 ctcp port 443
 group dcloud-ipsec key Sup6pSup6p
 local-address FastEthernet0/0
 mode network-extension
 peer dcloud-rtp-ipsec.cisco.com
 peer dcloud-emear-ipsec.cisco.com
 peer dcloud-apjc-ipsec.cisco.com
 peer dcloud-chi-ipsec.cisco.com
 username endpoint-kit-7869 password jetq0tXcgIQWsuoZqnzF
 xauth userid mode local
!
!
!
!
!
!
interface FastEthernet0/0
 description dCloud Kit outside Interface for EZVPN
 no ip dhcp client request tftp-server-address
 ip address dhcp client-id FastEthernet0/0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
 no cdp enable
 crypto ipsec client ezvpn ToDemo
!
interface FastEthernet0/1
 description Connection to dCloud Kit LAN
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface FastEthernet0/1.10
 description : dCloud Kit Wired Data
 encapsulation dot1Q 10
 ip address 10.72.235.193 255.255.255.240
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1000
 crypto ipsec client ezvpn ToDemo inside
!
ip forward-protocol nd
ip http server
no ip http secure-server
!
!
ip dns view vpod-dns
 domain name-server  198.18.133.1
 dns forwarder 198.18.133.1
 dns forwarding source-interface FastEthernet0/1.10
ip dns view-list splitdns
 view vpod-dns 10
  restrict name-group 1
 view default 20
ip dns name-list 1 permit .*.DCLOUD.CISCO.COM
ip dns server
ip nat inside source list acl-nontunnel-traffic interface FastEthernet0/0 overlo
ad
!
ip access-list standard acl-telnet
 remark allowed networks for telnet access to endpoint kit
 permit 10.72.235.192 0.7.0.15
 permit 198.18.0.0 0.1.255.255
!
ip access-list extended acl-deny-dhcp
 remark deny DHCP packets from clients on the outside/dirty network
 deny   udp any any eq bootps
 permit ip any any
ip access-list extended acl-nontunnel-traffic
 remark nat only non-tunnel-traffic
 remark no-nat to vpod networks
 deny   ip 10.64.0.0 0.63.255.255 198.18.0.0 0.1.255.255
 remark no-nat to other kits
 deny   ip 10.64.0.0 0.63.255.255 10.64.0.0 0.63.255.255
 remark no-nat to device VPNs
 deny   ip 10.64.0.0 0.63.255.255 10.16.0.0 0.1.255.255
 remark nat all other traffic
 permit ip 10.64.0.0 0.63.255.255 any
ip access-list extended acl-vpn-initiate
 remark traffic that will initiate the VPN session
 permit ip 10.64.0.0 0.63.255.255 198.18.0.0 0.1.255.255
!
access-list 10 permit 192.168.1.0 0.0.0.255
!
!
!
!
!
!
!
control-plane
!
!
!
line con 0
 password 7 110A1016141D
 logging synchronous
line aux 0
line vty 0 4
 password 7 121A0C041104
 logging synchronous
 transport input all
!
scheduler allocate 20000 1000
ntp master
end


Below are some helpful show commands for troubleshooting EZVPN client connection to Cisco's dCloud. If your connection got stuck, just bounce the router's WAN port.

kit-7869#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst             src             state          conn-id status
64.100.12.21    22.165.96.17  MM_NO_STATE       1003 ACTIVE (deleted)
173.38.218.8    22.165.96.17  MM_NO_STATE       1005 ACTIVE (deleted)
173.38.218.8    22.165.96.17  MM_NO_STATE       1004 ACTIVE (deleted)

IPv6 Crypto ISAKMP SA

kit-7869#show crypto ipsec client ezvpn
Easy VPN Remote Phase: 8

Tunnel name : ToDemo
Inside interface list: FastEthernet0/1.10
Outside interface: FastEthernet0/0
Easy VPN connect ACL checking active
Connect : ACL based with access-list acl-vpn-initiate
Current State: CONNECT_REQUIRED
Last Event: CONN_DOWN
Save Password: Allowed
Current EzVPN Peer: dcloud-emear-ipsec.cisco.com (cTCP encapsulated)

kit-7869#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
kit-7869(config)#interface f0/0
kit-7869(config-if)#shut
kit-7869(config-if)#no shut
kit-7869(config-if)#end
000031: Sep  2 23:03:56.663: %SYS-5-CONFIG_I: Configured from console by vty1 (10.72.235.198)
000032: Sep  2 23:03:57.475: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
000033: Sep  2 23:03:58.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

kit-7869#show ip interface brief
Interface                  IP-Address      OK? Method Status                Prot
ocol
FastEthernet0/0            unassigned      YES DHCP   up                    up

FastEthernet0/1            unassigned      YES NVRAM  up                    up

FastEthernet0/1.10         10.72.235.193   YES NVRAM  up                    up

NVI0                       unassigned      YES unset  administratively down down

kit-7869#
000034: Sep  2 23:04:04.583: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0/0 a
ssigned DHCP address 22.165.96.17, mask 255.255.248.0, hostname kit-7869


kit-7869#show crypto isa sa
IPv4 Crypto ISAKMP SA
dst             src             state          conn-id status

IPv6 Crypto ISAKMP SA

kit-7869#
000035: Sep  2 23:04:41.755: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client)  User=  Group=dcloud-ipsec  Client_public_addr=22.165.96.17  Server_public_addr=173.38.218.8
kit-7869#
000036: Sep  2 23:04:47.019: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client)  User=  Group=dcloud-ipsec  Client_public_addr=22.165.96.17  Server_public_addr=173.38.218.8
kit-7869#
000037: Sep  2 23:04:48.699: %CRYPTO-6-EZVPN_CONNECTION_UP: (Client)  User=endpoint-kit-7869  Group=dcloud-ipsec  Client_public_addr=22.165.96.17  Server_publ
ic_addr=173.39.116.8  NEM_Remote_Subnets=10.72.235.192/255.255.255.240



kit-7869#show ip interface brief
Interface                  IP-Address      OK? Method Status                Prot
ocol
FastEthernet0/0            22.165.96.17  YES DHCP   up                    up

FastEthernet0/1            unassigned      YES NVRAM  up                    up

FastEthernet0/1.10         10.72.235.193   YES NVRAM  up                    up

NVI0                       unassigned      YES unset  administratively down down

kit-7869#show crypto isa sa
IPv4 Crypto ISAKMP SA
dst             src             state          conn-id status
173.38.218.8    22.165.96.17  MM_NO_STATE       1006 ACTIVE (deleted)
173.39.116.8    22.165.96.17  QM_IDLE           1007 ACTIVE

IPv6 Crypto ISAKMP SA


kit-7869#show crypto ipsec client ezvpn
Easy VPN Remote Phase: 8

Tunnel name : ToDemo
Inside interface list: FastEthernet0/1.10
Outside interface: FastEthernet0/0
Connect : ACL based with access-list acl-vpn-initiate
Current State: IPSEC_ACTIVE
Last Event: MTU_CHANGED
Save Password: Allowed
Split Tunnel List: 1
       Address    : 198.18.0.0
       Mask       : 255.254.0.0
       Protocol   : 0x0
       Source Port: 0
       Dest Port  : 0
Split Tunnel List: 2
       Address    : 10.16.0.0
       Mask       : 255.254.0.0
       Protocol   : 0x0
       Source Port: 0
       Dest Port  : 0
Split Tunnel List: 3
       Address    : 10.64.0.0
       Mask       : 255.192.0.0
       Protocol   : 0x0
       Source Port: 0
       Dest Port  : 0
Current EzVPN Peer: dcloud-apjc-ipsec.cisco.com (cTCP encapsulated)


kit-7869#ping 198.18.133.27 source 10.72.235.193   // PING TO CISCO ISE SOURCED FROM LAN IP
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 198.18.133.27, timeout is 2 seconds:
Packet sent with a source address of 10.72.235.193
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/14/16 ms


Below is the full KitWizard config file generated by dCloud.

**************************************************************************************************
!   
!
!           ___ _                     _   ___ _                 _
!          / __(_)___  ___ ___     __| | / __\ | ___  _   _  __| |
!         / /  | / __|/ __/ _ \   / _` |/ /  | |/ _ \| | | |/ _` |
!        / /___| \__ \ (_| (_) | | (_| / /___| | (_) | |_| | (_| |
!        \____/|_|___/\___\___/   \__,_\____/|_|\___/ \__,_|\__,_|
!                                                                                   
!       
!       
! For information on how to configure your device please refer to the url -
! https://dcloud-cms.cisco.com/help/configure-router-for-cisco-dcloud
!
!
!**************************************************************************************************
!
!
! dCloud_2911_config_version: 1.0
! Built for Kit John on Sat Aug 27 00:13:48 UTC 2016
!
! This Config is for the Router.
!
!
!**************************************************************************************************
!
!
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
service sequence-numbers
no service config
!
hostname kit-7869
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 5120000 debugging
enable secret 5 $1$GwQZ$BDkrd.2SO/0s/IDy8FSdc0
!
aaa new-model
!
!
aaa authentication login default none
!
!
!
!
aaa session-id common
!
crypto pki token default removal timeout 0
!
!
Vlan 10
name dcloud-wired-data
!
Vlan 100
name dcloud-wired-voice
!
Vlan 11
name dcloud-wireless-data
!
Vlan 101
name dcloud-wireless-voice
!
no ip source-route
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.72.235.193 10.72.235.195
ip dhcp excluded-address 10.74.235.193 10.74.235.195
!
ip dhcp pool wired-data
   import all
   network 10.72.235.192 255.255.255.240
   default-router 10.72.235.193
   dns-server 10.72.235.193
   domain-name dcloud.cisco.com
   option 186 ip 198.18.133.6
!
ip dhcp pool wireless-data
   import all
   network 10.74.235.192 255.255.255.240
   default-router 10.74.235.193
   dns-server 10.74.235.193
   domain-name dcloud.cisco.com
!
ip tcp synwait-time 10
ip cef
no ip bootp server
!
no ipv6 cef
!
!
voice-card 0
 voice-service dsp-reservation 50
!
!
voice service voip
 no ip address trusted authenticate
 address-hiding
 mode border-element
 media forking
 allow-connections h323 to h323
 allow-connections h323 to sip
 allow-connections sip to h323
 allow-connections sip to sip
 fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
 sip
  bind control source-interface BVI100
  bind media source-interface BVI100
  registrar server
  asymmetric payload full
  video screening
!
voice class codec 1
 codec preference 1 aacld
 codec preference 2 g722-64
 codec preference 3 g711ulaw
 codec preference 4 g729r8
 video codec h264
!
!
voice register global
system message dCloud Service Interruption
max-pool 5
!
voice register pool  1
translation-profile incoming PLUS
id network 0.0.0.0 mask 0.0.0.0
!
!
!
voice translation-rule 1
rule 1 /^6\(...\)$/ /+14085556\1/
rule 2 /^911$/ /+14085556018/
!
voice translation-rule 101
 rule 1 /^89/ //
!
voice translation-profile Forking101
 translate called 101
!
voice translation-profile PLUS
translate called 1
!
media class 1
 recorder parameter
  media-recording 101
!
username admin secret 5 $1$ByPQ$iCfNIwXDn5aBTKJQ4Dig1.
!
ip access-list standard acl-telnet
 remark allowed networks for telnet access to endpoint kit
 permit 10.72.235.192 0.7.0.15
 permit 198.18.0.0 0.1.255.255
!
ip access-list extended acl-deny-dhcp
 remark deny DHCP packets from clients on the outside/dirty network
 deny   udp any any eq bootps
 permit ip any any
ip access-list extended acl-vpn-initiate
 remark traffic that will initiate the VPN session
 permit ip 10.64.0.0 0.63.255.255 198.18.0.0 0.1.255.255
ip access-list extended acl-nontunnel-traffic
 remark nat only non-tunnel-traffic
 remark no-nat to vpod networks
 deny   ip 10.64.0.0 0.63.255.255 198.18.0.0 0.1.255.255
 remark no-nat to other kits
 deny   ip 10.64.0.0 0.63.255.255 10.64.0.0 0.63.255.255
 remark no-nat to device VPNs
 deny   ip 10.64.0.0 0.63.255.255 10.16.0.0 0.1.255.255
 remark nat all other traffic
 permit ip 10.64.0.0 0.63.255.255 any
!
!
crypto isakmp keepalive 10 periodic
!
!
!
crypto ipsec client ezvpn ToDemo
 connect acl acl-vpn-initiate
 ctcp port 443
 group dcloud-ipsec key Sup6pSup6p
 local-address GigabitEthernet0/0
 mode network-extension
 peer dcloud-rtp-ipsec.cisco.com
 peer dcloud-emear-ipsec.cisco.com
 peer dcloud-apjc-ipsec.cisco.com
 peer dcloud-chi-ipsec.cisco.com

 username endpoint-kit-7869 password jetq0tXcgIQWsuoZqnzF
 xauth userid mode local
!
!
bridge irb
bridge 10 protocol ieee
bridge 10 route ip
bridge 11 protocol ieee
bridge 11 route ip
bridge 100 protocol ieee
bridge 100 route ip
bridge 101 protocol ieee
bridge 101 route ip
!
interface BVI10
!
ip dns server
ip dns name-list 1 permit .*.DCLOUD.CISCO.COM
ip dns view vpod-dns
 domain name-server  198.18.133.1
 dns forwarder 198.18.133.1
 dns forwarding source-interface BVI10
ip dns view-list splitdns
 view vpod-dns 10
  restrict name-group 1
 view default 20
!
ip domain lookup source-interface BVI10
!
interface GigabitEthernet0/0
 description dCloud Kit outside Interface for EZVPN
 no ip dhcp client request tftp-server-address
 ip address dhcp client-id GigabitEthernet0/0
 ip access-group acl-deny-dhcp in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
 no cdp enable
 crypto ipsec client ezvpn ToDemo
 no shut
!
interface GigabitEthernet0/1
 description Connection to 3560 Switch Gi0/10
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 no shutdown
 duplex auto
 speed auto
!
interface GigabitEthernet0/1.10
 description : dCloud Kit Wired Data
 encapsulation dot1Q 10
 bridge-group 10
 !
 interface GigabitEthernet0/1.11
 description VLAN11 : dCloud Kit Wireless Data
 encapsulation dot1Q 11
 bridge-group 11
 !
 interface GigabitEthernet0/1.100
 description VLAN100 : dCloud Kit Wired Voice
 encapsulation dot1Q 100
 bridge-group 100
 !
 interface GigabitEthernet0/1.101
 description dCloud Kit Wireless Voice
 encapsulation dot1Q 101
 bridge-group 101
 !
interface GigabitEthernet0/1/0
 description Connection for AP 1142
 switchport access vlan 10
 switchport trunk native vlan 10
 switchport voice vlan 100
 spanning-tree portfast
 switchport mode trunk
 no shut
!
interface GigabitEthernet0/1/1
 switchport access vlan 10
 switchport trunk native vlan 10
 switchport voice vlan 100
 spanning-tree portfast
 switchport mode trunk
 no shut
!
interface GigabitEthernet0/1/2
 switchport access vlan 10
 switchport trunk native vlan 10
 switchport voice vlan 100
 spanning-tree portfast
 switchport mode trunk
 no shut
!
interface GigabitEthernet0/1/3
 switchport access vlan 10
 switchport trunk native vlan 10
 switchport voice vlan 100
 spanning-tree portfast
 switchport mode trunk
 no shut
!
interface GigabitEthernet0/1/4
 switchport access vlan 10
 switchport trunk native vlan 10
 switchport voice vlan 100
 spanning-tree portfast
 switchport mode trunk
 no shut
!
interface GigabitEthernet0/1/5
 switchport access vlan 10
 switchport trunk native vlan 10
 switchport voice vlan 100
 spanning-tree portfast
 switchport mode trunk
 no shut
!
interface GigabitEthernet0/1/6
 switchport access vlan 10
 switchport trunk native vlan 10
 switchport voice vlan 100
 spanning-tree portfast
 switchport mode trunk
 no shut
!
interface GigabitEthernet0/1/7
 switchport access vlan 10
 switchport trunk native vlan 10
 switchport voice vlan 100
 spanning-tree portfast
 switchport mode trunk
 no shut
!
!
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan10
 description VLAN10 : dCloud Kit Wired Data
 no ip address
 bridge-group 10
 no shut
!
interface Vlan11
 description VLAN11 : dCloud Kit Wireless Data
 no ip address
 bridge-group 11
 no shut
!
interface Vlan100
 description VLAN100 : dCloud Kit Wired Voice
 no ip address
 bridge-group 100
 no shut
!
interface Vlan101
 description VLAN101 : dCloud Kit Wireless Voice
 no ip address
 bridge-group 101
 no shut
!
interface Loopback 0
 description Used for telnet access to the router
 ip address 10.0.1.1 255.255.255.255
 no shutdown
!
interface BVI10
 description BVI10 : dCloud Kit Wired Data
 ip address 10.72.235.193 255.255.255.240
 ip dns view-group splitdns
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1000
 crypto ipsec client ezvpn ToDemo inside
 no shut
!
interface BVI11
 description BVI11 : dCloud Kit Wireless Data
 ip address 10.74.235.193 255.255.255.240
 ip dns view-group splitdns
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1000
 crypto ipsec client ezvpn ToDemo inside
 no shut
 !
interface BVI100
 description BVI100 : dCloud Kit Wired Voice
 ip address 10.73.235.193 255.255.255.240
 ip helper-address 198.19.255.21
 ip helper-address 198.19.255.22
 ip dns view-group splitdns
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1000
 crypto ipsec client ezvpn ToDemo inside
 no shut
!
interface BVI101
 description BVI101 : dCloud Kit Wireless Voice
 ip address 10.75.235.193 255.255.255.240
 ip helper-address 198.19.255.21
 ip helper-address 198.19.255.22
 ip dns view-group splitdns
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1000
 crypto ipsec client ezvpn ToDemo inside
 no shut
!
ip forward-protocol nd
no ip http server
!
ip nat inside source list acl-nontunnel-traffic interface GigabitEthernet0/0 overload
!
logging trap debugging
!
radius-server vsa send accounting
!
!
control-plane
!
!
mgcp profile default
!
sccp local BVI100
sccp ccm 198.18.133.3 identifier 1 version 7.0
sccp
!
sccp ccm group 1
 associate ccm 1 priority 1
 associate profile 1 register dCloud-remvid
!
dspfarm profile 1 conference video homogeneous 
 codec g722-64
 codec g711ulaw
 codec g711alaw
 codec g729ar8
 codec g729abr8
 codec g729r8
 codec g729br8
 codec h264 w360p frame-rate 30 bitrate 1mbps
 maximum sessions 1
 associate application SCCP
 no shutdown
!
dial-peer voice 1 voip
 description Default incoming dial-peer for all calls
 incoming called-number .T
 voice-class codec 1 
 dtmf-relay rtp-nte
 no vad
!
dial-peer voice 5 voip
 description Recording Inbound Dial-Peer
 translation-profile incoming Forking101
 incoming called-number 89.T
 voice-class codec 1 
 media-class 1
 dtmf-relay rtp-nte
 no vad
!
dial-peer voice 10 voip
 description outbound Recording dial peer
 preference 1
 destination-pattern .T
 session protocol sipv2
 session target ipv4:198.18.133.3
 session transport tcp
 voice-class codec 1 
 dtmf-relay rtp-nte
 no vad
!
dial-peer voice 101 voip
 description Forking Dial-Peer to MediaSense
 destination-pattern 3083
 signaling forward none
 session protocol sipv2
 session target ipv4:198.18.133.186
 session transport tcp
 voice-class codec 1 
!
!
!
!
gatekeeper
 shutdown
!
!
call-manager-fallback
secondary-dialtone 9
max-conferences 8 gain -6
transfer-system full-consult
ip source-address 10.72.235.193 port 2000
max-ephones 25
max-dn 50 octo-line
application default
system message primary dCloud Service Interruption
keepalive 10
voicemail 3050
translation-profile incoming PLUS
call-forward busy 3050
call-forward noan 3050 timeout 15
!
!
!
line con 0
 exec-timeout 240 0
 privilege level 15
 transport output telnet
line aux 0
 transport output telnet
line vty 0 15
 access-class acl-telnet in
 privilege level 15
 transport input telnet
!
end

No comments:

Post a Comment