!
! Last configuration change at 22:21:28 UTC Sun Jan 3 2021
!
version 16.6
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform console serial
!
hostname CE2
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
subscriber templating
! 
! 
! 
! 
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
crypto pki trustpoint TP-self-signed-4229751996
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-4229751996
 revocation-check none
 rsakeypair TP-self-signed-4229751996
!
!
crypto pki certificate chain TP-self-signed-4229751996
!
!
!
!
!
!
!
!
!
license udi pid CSR1000V sn 9RN6W3YV5S6
diagnostic bootup level minimal
spanning-tree extend system-id
!
!
!
!
redundancy
!
!
!
!
!
!
! 
!
!
!
!
!
!
!
!
!
!
!
!
! 
! 
!
!
interface GigabitEthernet1
 no shutdown
 description Secondary Link to MPLS
 ip address 10.10.1.6 255.255.255.252
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet2
 no shutdown
 description link to LAN
 ip address 10.200.0.253 255.255.255.0
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet3
 no shutdown
 no ip address
 shutdown
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet4
 no shutdown
 no ip address
 shutdown
 negotiation auto
 no mop enabled
 no mop sysid
!
router ospf 1
 router-id 22.22.22.22
 redistribute bgp 65489 metric 10 subnets route-map SET_TAG
 network 10.200.0.0 0.0.0.255 area 0
!
router bgp 65489
 bgp log-neighbor-changes
 neighbor 10.10.1.5 remote-as 100
 !
 address-family ipv4
  redistribute connected
  redistribute static
  redistribute ospf 1 match internal external 2 route-map BLOCK_TAG
  neighbor 10.10.1.5 activate
  neighbor 10.10.1.5 allowas-in
  neighbor 10.10.1.5 soft-reconfiguration inbound
  neighbor 10.10.1.5 route-map BLOCK_LOCALS_AND_DEFAULT in
  neighbor 10.10.1.5 route-map ALLOW_LOCALS_AND_DEFAULT out
  default-information originate
 exit-address-family
!
!
virtual-service csr_mgmt
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
!
ip prefix-list LOCALS_AND_DEFAULT seq 5 permit 0.0.0.0/0
ip prefix-list LOCALS_AND_DEFAULT seq 10 permit 10.200.0.0/24
ip prefix-list LOCALS_AND_DEFAULT seq 100 deny 0.0.0.0/0 le 32
!
!
route-map BLOCK_LOCALS_AND_DEFAULT deny 10 
 match ip address prefix-list LOCALS_AND_DEFAULT
!
route-map BLOCK_LOCALS_AND_DEFAULT permit 20 
!
route-map ALLOW_LOCALS_AND_DEFAULT permit 10 
 match ip address prefix-list LOCALS_AND_DEFAULT
!
route-map BLOCK_TAG deny 10 
 match tag 10
!
route-map BLOCK_TAG permit 20 
!
route-map SET_TAG permit 10 
 set tag 10
!
route-map LOWER_WEIGHT_AND_PREF permit 10 
 set local-preference 95
 set weight 0
!
!
!
control-plane
!
!
!
!
!
!
line con 0
 stopbits 1
line vty 0
 login
line vty 1 2
 login
 length 0
line vty 3 4
 login
!
!
!
!
!
!
end
