# Huawei Versatile Routing Platform Software # VRP (R) software, Version 8.210 (NetEngine 8000 V800R021C00SPC100) # Copyright (C) 2012-2021 Huawei Technologies Co., Ltd. # NetEngine 8000 M8's Device status: # ------------------------------------------------------------------------------- # Slot # Type Online Register Status Role LsId Primary # ------------------------------------------------------------------------------- # 1 PWR Present Registered Normal OTHER 0 NA # 3 PWR Present Registered Abnormal OTHER 0 NA # 7 PIC Present Registered Normal OTHER 0 NA # 9 IPU Present Registered Normal MMB 0 Master # 13 FAN Present Registered Normal OTHER 0 NA # 14 CLK Present Registered Normal OTHER 0 Master # ------------------------------------------------------------------------------- !Software Version V800R021C00SPC100 !Last configuration was updated at 2024-01-25 21:02:30+00:00 by nzm@admin(@VS:Admin-VS) !Last configuration was saved at 2024-01-25 21:32:31+00:00 # sysname VS-BGP # undo FTP server-source all-interface undo FTP ipv6 server-source all-interface # undo user-security-policy enable # service-template template-default0 # service-template template-default1 # service-template template-default2 # service-template template-default3 # service-template template-default4 # ntp-service server source-interface all disable ntp-service ipv6 server source-interface all disable # rsa peer-public-key 192.168.15.2 public-key-code begin 3082018A 02820181 00D36A48 F86B89D4 B7684080 B5247095 AA1AEC23 3E3FC474 8655ECFB 2DECED0D 5C942236 334E75B4 2A75EE31 86C39122 70300881 17F84497 30B226F7 76D1DF31 A9A44F9C D57C12F9 93ADB163 2038EECD D047AC42 6BCA5D80 9D95FF71 6615D97A B770A176 5A2938BA 299D942F 83A53330 0377B0EB CC286EDD F3078F6D E3B762F1 AD918080 FFAF33FC B54CC6B5 6132032E E6589BD9 8EA24019 87540C61 13092346 30706AEC B30EDA37 351CDD1B 1446F006 89880761 8B7D5770 39D70BE5 CAE95F12 A7532EFC 523996BE 1237941E F20546C5 87F6A38F 47EAE00C 8A0C6FDF 24A950AF 8A7156C4 03ABD0C4 D378F8D7 0242C616 F7CF38F6 47FA8035 F005A54A AE097265 4486AF0B 67EA24CF A5959DF1 AA6BAEFB 15280D42 373BB49E 463DDF3F 6F518A2C B79FCDD6 1F70D276 B40837A9 5CC59686 342F9EC6 E4290276 7E5060B5 802AA487 D5CF8B20 9CB4C829 B0144228 12B0BC53 BE7A7F12 E27E8EB0 C408BF3F 063415D9 7B6142C9 25C012B5 16B73912 59B683B3 4F182D08 1F414607 B3E6C550 F493E7C8 81 0203 010001 public-key-code end peer-public-key end # undo icmp name timestamp-reply send # as-notation plain # set save-configuration interval 1440 delay 30 # undo telnet server-source all-interface undo telnet ipv6 server-source all-interface # dhcp server request-packet all-interface disable # acl number 2000 rule 5 permit source 10.0.0.0 0.255.255.255 rule 10 permit source 172.16.0.0 0.0.255.255 rule 15 permit source 192.168.0.0 0.0.255.255 rule 20 permit source 45.236.84.0 0.0.3.255 rule 25 permit source 177.10.56.0 0.0.3.255 rule 30 permit source 45.187.80.0 0.0.3.255 # acl number 3001 rule 10 permit ip source 45.236.85.11 0 rule 11 permit ip destination 45.236.85.11 0 # acl name bloqueia-rede-protek-in advance rule 10 permit tcp destination 45.236.84.0 0.0.3.255 destination-port eq 0 rule 15 permit udp destination 45.236.84.0 0.0.3.255 destination-port eq 0 rule 20 permit tcp destination 45.236.84.0 0.0.3.255 destination-port eq smtp rule 30 permit tcp destination 45.236.84.0 0.0.3.255 destination-port eq 8080 rule 40 permit tcp destination 45.236.84.0 0.0.3.255 destination-port eq 10022 # acl name bloqueia-rede-protek-out advance rule 10 permit tcp source 45.236.84.0 0.0.3.255 destination-port eq 0 rule 15 permit udp source 45.236.84.0 0.0.3.255 destination-port eq 0 rule 20 permit tcp source 45.236.84.0 0.0.3.255 destination-port eq smtp # traffic classifier bloqueia-rede-protek-in operator or if-match acl name bloqueia-rede-protek-in precedence 1 # traffic classifier bloqueia-rede-protek-out operator or if-match acl name bloqueia-rede-protek-out precedence 1 # traffic behavior deny deny # traffic behavior permit # traffic policy block-seguranca-in share-mode classifier bloqueia-rede-protek-in behavior deny precedence 50 # traffic policy block-seguranca-out share-mode classifier bloqueia-rede-protek-out behavior deny precedence 50 # aaa local-user nzm@admin password irreversible-cipher $1c$G(qwWG*."+$"G5uXy}(4,DgA:5AVh2=+(1kGlSU!;4.a9)N)D<'$ local-user nzm@admin service-type telnet ssh local-user nzm@admin level 3 local-user nzm@admin state block fail-times 3 interval 5 local-user nzm@admin expire 2099-12-31 local-user backup-oxidized password irreversible-cipher $1c$cuY9C=NYLQ$_^A%$F:XL&m/d,ToHS/*5:C"2mWkM.164}H=%P[/$ local-user backup-oxidized service-type telnet ssh local-user backup-oxidized level 3 local-user backup-oxidized state block fail-times 3 interval 5 local-user backup-oxidized expire 2099-12-31 # authentication-scheme default0 # authentication-scheme default1 # authentication-scheme default authentication-mode local # authorization-scheme default # accounting-scheme default0 # accounting-scheme default1 # domain default0 # domain default1 # domain default_admin # ospfv3 1 router-id 45.236.84.3 import-route direct import-route static default-route-advertise area 0.0.0.0 # interface Eth-Trunk0.11 vlan-type dot1q 11 description CGNAT ipv6 enable ip address 192.168.254.89 255.255.255.252 ipv6 address 2804:4DE8:1002:19::1/64 ospfv3 1 area 0.0.0.0 ospfv3 network-type p2p ospf network-type p2p # interface Ethernet0/0/0 undo shutdown # interface GigabitEthernet0/7/0.600 vlan-type dot1q 600 description UPLINK: ALT ip address 172.25.220.2 255.255.255.252 statistic enable traffic-policy block-seguranca-in inbound traffic-policy block-seguranca-out outbound # interface GigabitEthernet0/7/0.601 vlan-type dot1q 601 ip address 172.28.179.6 255.255.255.252 # interface GigabitEthernet0/7/0.3600 vlan-type dot1q 3600 description UPLINK: ALT IPv6 ipv6 enable ipv6 address 2804:3B0:8200:2057::2/64 statistic enable # interface LoopBack0 ipv6 enable ip address 45.236.84.3 255.255.255.255 ipv6 address 2804:4DE8:1000::19/128 # interface Virtual-Ethernet0/2/1.100 vlan-type dot1q 100 description VS-BRAS ipv6 enable ip address 192.168.254.85 255.255.255.252 ipv6 address 2804:4DE8:1002:20::1/64 ospfv3 1 area 0.0.0.0 ospfv3 network-type p2p ospf network-type p2p # interface NULL0 # bgp 268227 router-id 45.236.84.3 peer 177.155.141.254 as-number 53062 peer 177.155.141.254 description ALT1 peer 177.155.141.254 ebgp-max-hop 64 peer 186.211.109.254 as-number 53062 peer 186.211.109.254 description ALT2 peer 186.211.109.254 ebgp-max-hop 64 peer 2804:3B0:8000:0:177:155:141:254 as-number 53062 peer 2804:3B0:8000:0:177:155:141:254 description ALT1-V6 peer 2804:3B0:8000:0:177:155:141:254 ebgp-max-hop 64 peer 2804:3B0:8000:0:186:211:109:254 as-number 53062 peer 2804:3B0:8000:0:186:211:109:254 description ALT2-V6 peer 2804:3B0:8000:0:186:211:109:254 ebgp-max-hop 64 # ipv4-family unicast undo synchronization network 45.236.84.0 255.255.252.0 network 45.236.84.0 255.255.254.0 network 45.236.84.0 255.255.255.0 network 45.236.85.0 255.255.255.0 network 45.236.86.0 255.255.254.0 network 45.236.86.0 255.255.255.0 network 45.236.87.0 255.255.255.0 peer 177.155.141.254 enable peer 177.155.141.254 route-policy ALT-IN-V4 import peer 177.155.141.254 route-policy ALT-OUT-V4 export peer 177.155.141.254 advertise-community peer 186.211.109.254 enable peer 186.211.109.254 route-policy ALT-IN-V4 import peer 186.211.109.254 route-policy ALT-OUT-V4 export peer 186.211.109.254 advertise-community # ipv6-family unicast undo synchronization network 2804:4DE8:: 32 peer 2804:3B0:8000:0:177:155:141:254 enable peer 2804:3B0:8000:0:177:155:141:254 route-policy ALT-IN-V6 import peer 2804:3B0:8000:0:177:155:141:254 route-policy ALT-OUT-V6 export peer 2804:3B0:8000:0:186:211:109:254 enable peer 2804:3B0:8000:0:186:211:109:254 route-policy ALT-IN-V6 import peer 2804:3B0:8000:0:186:211:109:254 route-policy ALT-OUT-V6 export # ospf 1 router-id 45.236.84.3 default-route-advertise cost 1 import-route direct import-route static opaque-capability enable area 0.0.0.0 network 192.168.254.84 0.0.0.3 description VS-BRAS network 192.168.254.88 0.0.0.3 description CGNAT # route-policy ALT-IN-V4 permit node 100 if-match ip-prefix DEFAULT-V4 # route-policy ALT-IN-V4 deny node 1000 # route-policy ALT-IN-V6 permit node 100 if-match ipv6 address prefix-list DEFAULT-V6 # route-policy ALT-IN-V6 deny node 1000 # route-policy ALT-OUT-V4 permit node 10 if-match ip-prefix PREFIXO_87/24 apply community 53062:50025 53062:50026 53062:50027 53062:50095 53062:50121 53062:50167 53062:50090 53062:50066 53062:50213 53062:50146 53062:50258 53062:50308 # route-policy ALT-OUT-V4 permit node 100 if-match ip-prefix ALT-OUT-V4 # route-policy ALT-OUT-V4 deny node 1000 # route-policy ALT-OUT-V6 permit node 100 if-match ipv6 address prefix-list ALT-OUT-V6 # route-policy ALT-OUT-V6 deny node 1000 # ip ip-prefix ALT-OUT-V4 index 10 permit 45.236.84.0 22 greater-equal 22 less-equal 24 ip ip-prefix DEFAULT-V4 index 10 permit 0.0.0.0 0 ip ip-prefix PREFIXO_87/24 index 10 permit 45.236.87.0 24 # ip route-static 45.236.84.0 255.255.252.0 NULL0 ip route-static 45.236.84.0 255.255.254.0 NULL0 ip route-static 45.236.84.0 255.255.255.0 NULL0 ip route-static 45.236.85.0 255.255.255.0 NULL0 ip route-static 45.236.86.0 255.255.254.0 NULL0 ip route-static 45.236.86.0 255.255.255.0 NULL0 ip route-static 45.236.87.0 255.255.255.0 NULL0 ip route-static 177.155.141.252 255.255.255.255 172.28.179.5 ip route-static 177.155.141.254 255.255.255.255 172.25.220.1 ip route-static 186.211.109.252 255.255.255.255 172.28.179.5 ip route-static 186.211.109.254 255.255.255.255 172.25.220.1 # ipv6 route-static 2804:3B0:8000:0:177:155:141:254 128 2804:3B0:8200:2057::1 ipv6 route-static 2804:3B0:8000:0:186:211:109:254 128 2804:3B0:8200:2057::1 ipv6 route-static 2804:4DE8:: 32 NULL0 # ip ipv6-prefix ALT-OUT-V6 index 10 permit 2804:4DE8:: 32 ip ipv6-prefix DEFAULT-V6 index 10 permit :: 0 # snmp-agent snmp-agent acl 2000 snmp-agent local-engineid 800007DB052102353E3E101500008001 snmp-agent community read cipher %^%#O0Z}%urDuUL^s(/vG7~V;J`D7Dr+fTWCy{/DMk~#t8+';#|fcAb50IIQC{dW8d"0$(7MPX-9'N1cIP93%^%# alias __CommunityAliasName_01_43243 # snmp-agent sys-info contact Acacio Correa snmp-agent sys-info location [-26.42382277, -51.31382207] snmp-agent sys-info version v2c v3 # snmp-agent protocol source-status all-interface undo snmp-agent protocol source-status ipv6 all-interface # undo snmp-agent proxy protocol source-status all-interface undo snmp-agent proxy protocol source-status ipv6 all-interface # stelnet server enable ssh ipv4 server port 9022 ssh ipv6 server port 9022 ssh user backup-oxidized ssh user backup-oxidized authentication-type password ssh user backup-oxidized service-type all ssh user nzm@admin ssh user nzm@admin authentication-type password ssh user nzm@admin service-type all ssh server-source all-interface undo ssh ipv6 server-source all-interface ssh server acl 2000 ssh authorization-type default aaa # ssh server cipher aes256_gcm aes128_gcm aes256_ctr aes192_ctr aes128_ctr ssh server hmac sha2_512 sha2_256 ssh server key-exchange dh_group_exchange_sha256 # ssh server publickey ecc rsa rsa_sha2_256 rsa_sha2_512 # ssh server dh-exchange min-len 3072 # ssh client first-time enable ssh client peer 192.168.15.2 assign rsa-key 192.168.15.2 # ssh client publickey ecc rsa rsa_sha2_256 rsa_sha2_512 # ssh client cipher aes256_gcm aes128_gcm aes256_ctr aes192_ctr aes128_ctr ssh client hmac sha2_512 sha2_256 ssh client key-exchange dh_group_exchange_sha256 dh_group_exchange_sha1 dh_group14_sha1 ecdh_sha2_nistp256 ecdh_sha2_nistp384 ecdh_sha2_nistp521 dh_group16_sha512 # user-interface maximum-vty 21 # user-interface vty 0 20 authentication-mode aaa # local-aaa-server # return