Network Config Template v0.1

Network Config Template V0.1

jsmith
May 14, 2014
CHGXXXXXXX

Short Customer Name


In the format 10.5.5 eg. leave off the last octet



Allocate unused ACL from border router

In bps, eg. 10Mbps = 10000000

In bps, eg. 10Mbps = 10000000

// Network Configuration Template v0.1

// %{Change_Number}% - xxxx Network Configuration

Customer Name:	 		%{Cust_Name}%
VLAN ID:		 	%{VLAN_ID}%
Hosted Subnet:	 		%{Hosted_Subnet_24}%
Core Switch ACL Number:         %{Core_Switch_ACL}%
Customer Dynamic NAT IP:        %{Public_Dyn_Nat}%
Border Router ACL Number:       %{Border_Router_ACL}%
Internet BW CIR & PIR:          %{BW_CIR}%, %{BW_PIR}%


// **** Core_Switch <x.x.x.x> ****

vlan %{VLAN_ID}%
name %{Cust_Name}%
state active

access-list %{Core_Switch_ACL}% remark %{Cust_Name}% routing
access-list %{Core_Switch_ACL}% permit ip %{Hosted_Subnet_24}%.0 0.0.0.255 any
access-list %{Core_Switch_ACL}% permit ip any %{Hosted_Subnet_24}%.0 0.0.0.255

route-map NET204%{Cust_Name}% permit 10
     match ip address %{Core_Switch_ACL}%
     set ip default next-hop 10.90.201.251

ip access-list extended %{Cust_Name}%
  permit ip %{Hosted_Subnet_24}%.0 0.0.0.255 any
  permit ip x.x.x.0 0.0.0.255 any
  permit ip x.x.x.0 0.0.0.255 any
  permit ip x.x.x.0 0.0.0.255 any
  deny   ip 10.0.0.0 0.255.255.255 any
  deny   ip 172.16.0.0 0.0.15.255 any
  deny   ip 192.168.0.0 0.0.255.255 any
  permit ip any any

interface vlan%{VLAN_ID}%
description %{Cust_Name}%
ip address %{Hosted_Subnet_24}%.7 255.255.255.0
ip access-group %{Cust_Name}% out
ip policy route-map NET204%{Cust_Name}%
no shut

//*** On nexus A <x.x.x.x> ***

vlan %{VLAN_ID}%
 name %{Cust_Name}%

vrf context %{Cust_Name}%
ip route 0.0.0.0/0 %{Hosted_Subnet_24}%.7
ip route x.x.x.x/24 %{Hosted_Subnet_24}%.7
ip route y.y.y.y/24 %{Hosted_Subnet_24}%.7
ip route z.z.z.z/24 %{Hosted_Subnet_24}%.7

interface port-channel1
switchport trunk allowed vlan add %{VLAN_ID}%

interface port-channel2
switchport trunk allowed vlan add %{VLAN_ID}%

interface Vlan%{VLAN_ID}%
  description %{Cust_Name}%
  vrf member %{Cust_Name}%
  ip address %{Hosted_Subnet_24}%.2/24
  hsrp version 2
  hsrp %{VLAN_ID}%
    authentication md5 key-chain hsrp-key
    preempt delay minimum 120
    priority 120
    ip %{Hosted_Subnet_24}%.1
    track 1 decrement 40
  no shutdown



//*** On nexus B <x.x.x.x> ***

vlan %{VLAN_ID}%
 name %{Cust_Name}%

vrf context %{Cust_Name}%
ip route 0.0.0.0/0 %{Hosted_Subnet_24}%.7
ip route x.x.x.x/24 %{Hosted_Subnet_24}%.7
ip route y.y.y.y/24 %{Hosted_Subnet_24}%.7
ip route z.z.z.z/24 %{Hosted_Subnet_24}%.7

interface port-channel1
switchport trunk allowed vlan add %{VLAN_ID}%

interface port-channel2
switchport trunk allowed vlan add %{VLAN_ID}%

interface Vlan%{VLAN_ID}%
  description %{Cust_Name}%
  vrf member %{Cust_Name}%
  ip address %{Hosted_Subnet_24}%.3/24
  hsrp version 2
  hsrp %{VLAN_ID}%
    authentication md5 key-chain hsrp-key
    ip %{Hosted_Subnet_24}%.1
  no shutdown

// ****  On ASA  <d.d.d.d> ****

object network obj-%{Hosted_Subnet_24}%.0
     description %{Cust_Name}% Dynamic NAT
     subnet %{Hosted_Subnet_24}%.0 255.255.255.0
     nat (inside,outside) dynamic %{Public_Dyn_Nat}%



// **** On border router 1 <e.e.e.e> ****


access-list %{Border_Router_ACL}% permit ip host %{Public_Dyn_Nat}% any
access-list %{Border_Router_ACL}% permit ip any host %{Public_Dyn_Nat}%


class-map match-any %{Cust_Name}%
match access-group %{Border_Router_ACL}%

policy-map NSPI-CIR-map-IN
class %{Cust_Name}%
  police cir %{BW_CIR}% pir %{BW_PIR}%
   conform-action set-prec-transmit 1
   exceed-action set-prec-transmit 0
   violate-action drop

policy-map NSPI-CIR-map
class %{Cust_Name}%
  police cir %{BW_CIR}% pir %{BW_PIR}%
   conform-action set-prec-transmit 1
   exceed-action set-prec-transmit 0
   violate-action drop



// **** On border router 2 <f.f.f.f> ****

access-list %{Border_Router_ACL}% permit ip host %{Public_Dyn_Nat}% any
access-list %{Border_Router_ACL}% permit ip any host %{Public_Dyn_Nat}%


class-map match-any %{Cust_Name}%
match access-group %{Border_Router_ACL}%

policy-map NSPI-CIR-map-IN
class %{Cust_Name}%
  police cir %{BW_CIR}% pir %{BW_PIR}%
   conform-action set-prec-transmit 1
   exceed-action set-prec-transmit 0
   violate-action drop

policy-map NSPI-CIR-map
class %{Cust_Name}%
  police cir %{BW_CIR}% pir %{BW_PIR}%
   conform-action set-prec-transmit 1
   exceed-action set-prec-transmit 0
   violate-action drop

// **** In Netflow <netflow.com> ****

Create new IP Group for %{Cust_Name}%. Include %{Public_Dyn_Nat}%, set bps for %{BW_CIR}% bps


// **** in UCS Manager *** 

LAN tab:

1.	Expand LAN > Policies > vNIC Templates
2.	For each of the templates highlight it
3.	Click modify VLANs
4.	Create VLAN 
1.	NAME: VLAN%{VLAN_ID}% - %{Cust_Name}%
2.	Common
3.	VLAN ID: %{VLAN_ID}%
4.	Sharing None
5.	Check overlap
6.	Ok, Ok.

Servers tab:

1.	Expand Servers > Service Profiles > root
2.	For all servers that are SERVER BLAH and SERVER BLAHBLAH 
1.	Expand server
2.	Expand vNICs
3.	For each vNIC 
1.	Highlight and click Modify vLANs
2.	Find new vLAN anc select the check box and hit ok

// **** On SERVER BLAH ****

Click Networking
Highlight dv_hosted_ha_switch01
Create distributed port group
NAME: VLAN %{VLAN_ID}% - %{Cust_Name}%
Num of ports: 128
VLAN type: VLAN
VLAN ID: %{VLAN_ID}%