# Huawei Versatile Routing Platform Software # VRP (R) software, Version 8.210 (NetEngine 8000 V800R021C00SPC100) # Copyright (C) 2012-2021 Huawei Technologies Co., Ltd. # Patch Version: V800R021SPH012 # # NetEngine 8000 M8 version information: # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # BKP version information: # PCB Version : CR81BKP08A REV A # IPU Slot Quantity : 2 # CARD Slot Quantity : 8 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # IPU version information: # # StartupTime 2024/03/21 14:15:38 # SDRAM Memory Size : 8192 M bytes # FLASH Memory Size : 64 M bytes # CFCARD Memory Size : 4096 M bytes # IPU CR8DIPU480C1 version information # PCB Version : CR81IPU480AS REV B # EPLD Version : 104 # FPGA Version : 104 # NP Version : 100 # TM Version : 100 # NSE Version : NSE REV A # BootROM Version : 08.99 # PIC7: CR5D00LAXF91 version information # StartupTime : 2024/03/21 14:18:23 # PCB Version : CR51LAXFE0 REV D # EPLD Version : 107 # FPGA Version : 105 # CHIP Version : 100 # BOM Version : 050 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Power version information: # # POWER 1's version information: # PCB Version : PAC1K5S53-AL REV F # DCDC Version : 1.4 # PFC Version : 1.1 # # POWER 3's version information: # PCB Version : PAC1K5S53-AL REV F # DCDC Version : 1.4 # PFC Version : 0.0 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # FAN version information: # # FAN 13's version information: # PCB Version : CR8MM82FBXC1 REV A # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # CLK version information: # # StartupTime 2024/03/21 14:15:40 # FPGA Version : 256 # DSP Version : 30502009 # NetEngine 8000 M8's Device status: # ------------------------------------------------------------------------------- # Slot # Type Online Register Status Role LsId Primary # ------------------------------------------------------------------------------- # 1 PWR Present Registered Normal OTHER 0 NA # 3 PWR Present Registered Abnormal OTHER 0 NA # 7 PIC Present Registered Normal OTHER 0 NA # 9 IPU Present Registered Normal MMB 0 Master # 13 FAN Present Registered Normal OTHER 0 NA # 14 CLK Present Registered Normal OTHER 0 Master # ------------------------------------------------------------------------------- !Software Version V800R021C00SPC100 !Last configuration was updated at 2024-05-17 16:15:41+00:00 by nzm@admin !Last configuration was saved at 2024-05-17 16:45:42+00:00 # sysname Protek-BRAS-General # set neid 8dd40b # undo FTP server-source all-interface undo FTP ipv6 server-source all-interface # undo user-security-policy enable # service-template template-default0 # service-template template-default1 # service-template template-default2 # service-template template-default3 # service-template template-default4 # ntp-service server source-interface all disable ntp-service ipv6 server source-interface all disable # vlan batch 99 211 1500 2080 # rsa peer-public-key 192.168.15.2 public-key-code begin 3082018A 02820181 00D36A48 F86B89D4 B7684080 B5247095 AA1AEC23 3E3FC474 8655ECFB 2DECED0D 5C942236 334E75B4 2A75EE31 86C39122 70300881 17F84497 30B226F7 76D1DF31 A9A44F9C D57C12F9 93ADB163 2038EECD D047AC42 6BCA5D80 9D95FF71 6615D97A B770A176 5A2938BA 299D942F 83A53330 0377B0EB CC286EDD F3078F6D E3B762F1 AD918080 FFAF33FC B54CC6B5 6132032E E6589BD9 8EA24019 87540C61 13092346 30706AEC B30EDA37 351CDD1B 1446F006 89880761 8B7D5770 39D70BE5 CAE95F12 A7532EFC 523996BE 1237941E F20546C5 87F6A38F 47EAE00C 8A0C6FDF 24A950AF 8A7156C4 03ABD0C4 D378F8D7 0242C616 F7CF38F6 47FA8035 F005A54A AE097265 4486AF0B 67EA24CF A5959DF1 AA6BAEFB 15280D42 373BB49E 463DDF3F 6F518A2C B79FCDD6 1F70D276 B40837A9 5CC59686 342F9EC6 E4290276 7E5060B5 802AA487 D5CF8B20 9CB4C829 B0144228 12B0BC53 BE7A7F12 E27E8EB0 C408BF3F 063415D9 7B6142C9 25C012B5 16B73912 59B683B3 4F182D08 1F414607 B3E6C550 F493E7C8 81 0203 010001 public-key-code end peer-public-key end # rsa peer-public-key 45.236.84.23 public-key-code begin 3082010A 02820101 00D48C0A DD81B8C3 96F0FFCC D20372D4 5D69F73E 7C5D7377 313B512C F8A56162 9B39D7D0 261698BC F96A27F1 34EA0D5F 38E8B95A 910B7E14 42016692 2489B7E9 0D673CBD F31BC6D6 5A472E4C 97AAAB7E DF23465E 7FDE5C11 71C56FC1 E5962CC5 C17115B2 85DABCB2 A9A9EF66 AA7BBD97 D4E31B25 92617BF8 33B72515 DE91CAA6 10FDC131 90F5B385 514B46B9 438F4DA9 8E5B8401 81E2163F 5F9FBEBD 73B09728 EDF747F7 AC907642 E190C8A4 A5C94106 AA086D53 CEB3751C 7EAC361C 4A061EBB 91844F1F 8BC556A3 823DAE9E 653C9CD8 CB1982C3 E740CB39 3A086E5C 99F5DFBD 81234B02 31D7C3BD 006B481E 9B0DC1C7 B4FB312F BA2FD7D3 AADBA04D 193120FA 3D 0203 010001 public-key-code end peer-public-key end # ecc peer-public-key 192.168.10.2 public-key-code begin 04003BFE F56DAF3B 09C620F8 7522FA17 06DB1A94 165B1382 28C3A6EB 080DB9A5 5C38B9F0 52BA1CFE B03E572D 05B7A158 3E2168A7 E7575B2D CFC828EC 114B88B4 F6D96401 3F10985B 02C21A71 74774DE6 0521A330 0FA467A4 46B9B8A9 F4ED7882 00F57AB9 8C4CA431 700F90A0 F08AF2DC D97EF429 E72933CF 547A7148 9C3C977C 39718B8B F1 public-key-code end peer-public-key end # ecc peer-public-key 192.168.10.3 public-key-code begin 04003BFE F56DAF3B 09C620F8 7522FA17 06DB1A94 165B1382 28C3A6EB 080DB9A5 5C38B9F0 52BA1CFE B03E572D 05B7A158 3E2168A7 E7575B2D CFC828EC 114B88B4 F6D96401 3F10985B 02C21A71 74774DE6 0521A330 0FA467A4 46B9B8A9 F4ED7882 00F57AB9 8C4CA431 700F90A0 F08AF2DC D97EF429 E72933CF 547A7148 9C3C977C 39718B8B F1 public-key-code end peer-public-key end # ecc peer-public-key 192.168.13.2 public-key-code begin 04003BFE F56DAF3B 09C620F8 7522FA17 06DB1A94 165B1382 28C3A6EB 080DB9A5 5C38B9F0 52BA1CFE B03E572D 05B7A158 3E2168A7 E7575B2D CFC828EC 114B88B4 F6D96401 3F10985B 02C21A71 74774DE6 0521A330 0FA467A4 46B9B8A9 F4ED7882 00F57AB9 8C4CA431 700F90A0 F08AF2DC D97EF429 E72933CF 547A7148 9C3C977C 39718B8B F1 public-key-code end peer-public-key end # undo icmp name timestamp-reply send # set save-configuration interval 1440 delay 30 # undo telnet ipv6 server enable telnet server-source all-interface undo telnet ipv6 server-source all-interface telnet server acl 2000 # radius-attribute hw-policy-name support-type edsg radius-attribute service-type support-type reauthorize # diffserv domain default # diffserv domain 5p3d # qos-profile 200M car cir 104400 cbs 18700000 green pass red discard inbound car cir 204800 cbs 18700000 green pass red discard outbound # qos-profile 45M car cir 47104 cbs 8808448 green pass red discard inbound car cir 47104 cbs 8808448 green pass red discard outbound # qos-profile 130M car cir 66560 cbs 12446720 green pass red discard inbound car cir 133120 cbs 18700000 green pass red discard outbound # qos-profile 200Multra car cir 205824 cbs 18700000 green pass red discard inbound car cir 205824 cbs 18700000 green pass red discard outbound # qos-profile 300Multra car cir 308224 cbs 18700000 green pass red discard inbound car cir 308224 cbs 18700000 green pass red discard outbound # qos-profile 150M car cir 154624 cbs 18700000 green pass red discard inbound car cir 154624 cbs 18700000 green pass red discard outbound # qos-profile 250M car cir 257024 cbs 18700000 green pass red discard inbound car cir 257024 cbs 18700000 green pass red discard outbound # qos-profile 500M car cir 513024 cbs 18700000 green pass red discard inbound car cir 513024 cbs 18700000 green pass red discard outbound # qos-profile 400M car cir 409600 cbs 18700000 green pass red discard inbound car cir 409600 cbs 18700000 green pass red discard outbound # qos-profile 5M car cir 6144 cbs 1148928 green pass red discard inbound car cir 6144 cbs 1148928 green pass red discard outbound # qos-profile 25M car cir 25600 cbs 4787200 green pass red discard inbound car cir 25600 cbs 4787200 green pass red discard outbound # qos-profile 30M car cir 32768 cbs 6127616 green pass red discard inbound car cir 32768 cbs 6127616 green pass red discard outbound # qos-profile 40M car cir 40960 cbs 7659520 green pass red discard inbound car cir 40960 cbs 7659520 green pass red discard outbound # qos-profile 60M car cir 62464 cbs 11680768 green pass red discard inbound car cir 62464 cbs 11680768 green pass red discard outbound # qos-profile 10M car cir 11264 cbs 2106368 green pass red discard inbound car cir 11264 cbs 2106368 green pass red discard outbound # qos-profile 35M car cir 35840 cbs 6702080 green pass red discard inbound car cir 35840 cbs 6702080 green pass red discard outbound # qos-profile 8MRADIO car cir 4096 cbs 765952 green pass red discard inbound car cir 8704 cbs 1627648 green pass red discard outbound # qos-profile 50M car cir 51200 cbs 9574400 green pass red discard inbound car cir 51200 cbs 9574400 green pass red discard outbound # qos-profile 4MRADIO car cir 2048 cbs 382976 green pass red discard inbound car cir 4096 cbs 765952 green pass red discard outbound # qos-profile 1MRADIO car cir 1024 cbs 191488 green pass red discard inbound car cir 1024 cbs 191488 green pass red discard outbound # qos-profile 70M car cir 71680 cbs 13404160 green pass red discard inbound car cir 71680 cbs 13404160 green pass red discard outbound # qos-profile 10MRADIO car cir 5120 cbs 957440 green pass red discard inbound car cir 10240 cbs 1914880 green pass red discard outbound # qos-profile 100M car cir 102400 cbs 18700000 green pass red discard inbound car cir 102400 cbs 18700000 green pass red discard outbound # qos-profile 15M car cir 16896 cbs 3159552 green pass red discard inbound car cir 16896 cbs 3159552 green pass red discard outbound # qos-profile 1.5M car cir 1500 cbs 280500 green pass red discard inbound car cir 1500 cbs 280500 green pass red discard outbound # qos-profile 1.5MRADIO car cir 1536 cbs 287232 green pass red discard inbound car cir 1536 cbs 287232 green pass red discard outbound # qos-profile 20M car cir 21480 cbs 4016760 green pass red discard inbound car cir 21480 cbs 4016760 green pass red discard outbound # qos-profile 2MRADIO car cir 2048 cbs 382976 green pass red discard inbound car cir 4096 cbs 765952 green pass red discard outbound # qos-profile 6MRADIO car cir 2048 cbs 382976 green pass red discard inbound car cir 6144 cbs 1148928 green pass red discard outbound # qos-profile 300M car cir 300000 cbs 18700000 green pass red discard inbound car cir 300000 cbs 18700000 green pass red discard outbound # soc # ip vpn-instance __LOCAL_OAM_VPN__ ipv4-family ipv6-family # ip dcn vpn-instance __dcn_vpn__ ipv4-family # radius-server group proteknet radius-server shared-key-cipher %^%#(658#}W&`<37Q+4Ez]>./C~t8m/f&&)F.fWq@fcD%^%# radius-server authentication 181.214.230.16 1812 weight 0 radius-server accounting 181.214.230.16 1813 weight 0 radius-server retransmit 5 timeout 10 radius-server accounting-start-packet resend 1000 radius-server accounting-stop-packet resend 1000 radius-server accounting-interim-packet resend 1000 radius-server source interface LoopBack0 undo radius-server user-name domain-included radius-attribute include HW-Auth-Type radius-attribute include Reply-Message coa-nak radius-attribute include edsg-service-name accounting-request radius-attribute include Event-Timestamp accounting-on accounting-off radius-server test-aaa accounting-start-packet send radius-server format-attribute nas-port-id vendor redback-simple radius-attribute translate extend HW-Auth-Type vendor-specific 2011 109 access-request radius-attribute assign hw-mng-ipv6 pppoe motm radius-attribute case-sensitive qos-profile-name # radius local-ip 45.236.84.5 undo radius local-ip all radius-server authorization 181.214.230.16 destination-port 3799 shared-key-cipher %^%#ZDZII'arOWEAkGMCv~10]H=C5`gJ[(%IQ18qa6YP%^%# # vlan 99 # vlan 211 description Repetidora_Ravanello # vlan 1500 # vlan 2080 description Transporte Heliocas via ALT # mpls # mpls l2vpn # ip pool cgnat-1 bas local gateway 100.80.0.1 255.255.252.0 section 0 100.80.0.2 100.80.3.254 dns-server 45.236.84.18 45.236.84.19 # ip pool cgnat-2 bas local gateway 100.80.4.1 255.255.252.0 section 0 100.80.4.2 100.80.7.254 dns-server 45.236.84.18 45.236.84.19 # ip pool cgnat-3 bas local gateway 100.80.8.1 255.255.248.0 section 0 100.80.8.2 100.80.15.254 dns-server 45.236.84.18 45.236.84.19 # ip pool pool_bloqueio bas local gateway 172.21.16.1 255.255.255.0 section 0 172.21.16.2 172.21.16.254 lease 0 12 0 # ip pool-group cgnat bas ip-pool cgnat-1 ip-pool cgnat-2 ip-pool cgnat-3 # dhcp server request-packet all-interface disable # ipv6 prefix wan_nd local prefix 2804:4DE8:2C00::/40 # ipv6 prefix lan_pd delegation prefix 2804:4DE8:2D00::/40 delegating-prefix-length 56 pd-unshare-only # ipv6 prefix pre-pool_aviso_bloqueio_ipv6 delegation prefix 2001:DB8:3003::/56 # ipv6 pool lan_pd bas delegation dns-server 2804:4DE8:800:8000::18 2804:4DE8:800:8000::19 prefix lan_pd # ipv6 pool pool_aviso_bloqueio_ipv6 bas delegation prefix pre-pool_aviso_bloqueio_ipv6 # ipv6 pool wan_nd bas local dhcpv6 rapid-commit dns-server 2804:4DE8:800:8000::18 2804:4DE8:800:8000::19 prefix wan_nd # dot1x-template 1 # user-group proteknet # acl number 2000 rule 25 permit source 177.10.56.0 0.0.3.255 rule 30 permit source 45.187.80.250 0 rule 35 permit source 45.236.84.34 0 rule 40 permit source 192.168.0.0 0.0.0.255 rule 45 permit source 45.236.84.23 0 rule 50 permit source 181.214.230.16 0 # acl number 2001 rule 10 permit source 45.236.85.11 0 # acl number 3001 rule 10 permit ip source 45.236.85.11 0 rule 11 permit ip destination 45.236.85.11 0 # acl name acl_cgnat_1 advance rule 5 permit ip source 100.80.0.0 0.0.3.255 rule 10 permit ip source 100.80.4.0 0.0.3.255 rule 15 permit ip source 100.80.8.0 0.0.7.255 # acl name acl_gerencia advance description Gerencia_semPBR rule 5 permit ip destination 10.0.0.0 0.255.255.255 rule 10 permit ip destination 172.16.0.0 0.15.255.255 rule 15 permit ip destination 192.168.0.0 0.0.255.255 rule 20 permit ip destination 100.64.0.0 0.63.255.255 rule 25 permit ip destination 45.236.84.0 0.0.3.255 # acl name redir-dns advance rule 10 permit udp destination 24.152.39.191 0 destination-port eq dns rule 20 permit udp destination 51.161.125.3 0 destination-port eq dns # acl ipv6 number 3001 rule 10 permit ipv6 source 2804:4DE8:2D66:8300::/56 rule 11 permit ipv6 destination 2804:4DE8:2D66:8300::/56 # dhcpv6 duid 000100012b208406482cd020afaf # dhcpv6 rapid-commit # traffic classifier pbr_cgnat_1 operator or if-match acl name acl_cgnat_1 precedence 1 # traffic classifier pbr_gerencia operator or if-match acl name acl_gerencia precedence 1 # traffic classifier redir-dns operator or if-match acl name redir-dns precedence 1 # traffic behavior bhv_DENY deny # traffic behavior bhv_PBR_CGNAT_1 redirect ip-nexthop 192.168.254.94 # traffic behavior bhv_PERMIT # traffic policy pbr-global share-mode classifier pbr_gerencia behavior bhv_PERMIT precedence 1 classifier redir-dns behavior bhv_PBR_CGNAT_1 precedence 2 classifier pbr_cgnat_1 behavior bhv_PBR_CGNAT_1 precedence 10 # security password # rule admin forbidden word changeme_123 # aaa local-user root password irreversible-cipher $1c$w:BcB4MOGJ$xJAAX{MA@%%;o!M%*ZlKSJKZTNEqv(BseR'L4WuG$ local-user root service-type terminal telnet ssh local-user root level 3 local-user root state block fail-times 3 interval 5 local-user root expire 2000-01-01 local-user nzm@admin password irreversible-cipher $1c$z-yM~d)U;;$MWqb@)_kgYIx(EBQPan,$2H7Y\Sy4GQ{T"3B,D@J$ local-user nzm@admin service-type terminal telnet ssh local-user nzm@admin level 3 local-user nzm@admin state block fail-times 3 interval 5 local-user nzm@admin expire 2099-12-31 local-user backup-oxidized password irreversible-cipher $1c$G|eT)6)+2$$1*El6oBw%X*Q);TUx=+5HYo"$9tQn~!vZL.d"3|.$ local-user backup-oxidized service-type telnet ssh local-user backup-oxidized level 3 local-user backup-oxidized state block fail-times 3 interval 5 local-user backup-oxidized expire 2099-12-30 local-user ixcsoft password irreversible-cipher $1c$SymQC]Qy(M$%"Vj+v`/nG9HR;R[jidOry7[@qw83,;RVxRP(@\1$ local-user ixcsoft service-type ssh local-user ixcsoft level 3 local-user ixcsoft state block fail-times 3 interval 5 local-user ixcsoft expire 2099-12-30 # authentication-scheme default0 # authentication-scheme default1 # authentication-scheme default authentication-mode local radius # authentication-scheme proteknet authentication-mode radius local # authorization-scheme default # accounting-scheme default0 # accounting-scheme default1 # accounting-scheme proteknet accounting interim interval 15 accounting send-update # domain default0 # domain default1 # domain default_admin # domain proteknet authentication-scheme proteknet accounting-scheme proteknet radius-server group proteknet ip-pool-group cgnat ipv6-pool lan_pd ipv6-pool wan_nd user-max-session 1 value-added-service account-type radius proteknet dns primary-ip 45.236.84.18 dns second-ip 45.236.84.19 dns primary-ipv6 2804:4DE8:800:8000::18 dns second-ipv6 2804:4DE8:800:8000::19 accounting-start-delay 10 online user-type ppp ipoe static user-group proteknet ipv6 nd autoconfig managed-address-flag ipv6 nd ra unicast ipv6 ppp assign-interfaceid # license # ospfv3 1 router-id 45.236.84.5 import-route direct import-route static import-route unr area 0.0.0.0 # interface Eth-Trunk0 portswitch description "UPLINK: CRS317" port link-type trunk port trunk allow-pass vlan 99 211 1500 2080 mode lacp-static # interface Eth-Trunk0.9 vlan-type dot1q 9 ip address 192.168.254.93 255.255.255.252 # interface Eth-Trunk0.10 vlan-type dot1q 10 description UPLINK: CGNAT ipv6 enable ip address 192.168.254.81 255.255.255.252 ipv6 address 2804:4DE8:1002:18::1/64 statistic enable ospfv3 1 area 0.0.0.0 ospfv3 network-type p2p ospf cost 30000 ospf network-type p2p # interface Eth-Trunk0.11 vlan-type dot1q 11 # interface Eth-Trunk0.93 vlan-type dot1q 93 description "Gerencia OLT3 Digistar" ip address 192.168.13.1 255.255.255.0 # interface Eth-Trunk0.2017 ipv6 enable ipv6 address auto link-local statistic enable 8021p 0 user-vlan 2017 pppoe-server bind Virtual-Template 1 ipv6 nd autoconfig managed-address-flag ipv6 nd autoconfig other-flag bas # access-type layer2-subscriber default-domain authentication force proteknet default-domain authentication ppp-user proteknet # # interface Eth-Trunk0.5000 description "PPPoEs OLT" ipv6 enable ipv6 address auto link-local statistic enable 8021p 0 user-vlan 206 user-vlan 1001 1016 pppoe-server bind Virtual-Template 1 ipv6 nd autoconfig managed-address-flag ipv6 nd autoconfig other-flag bas # access-type layer2-subscriber default-domain authentication force proteknet default-domain authentication ppp-user proteknet # # interface Eth-Trunk1 portswitch description UPLINK: OLT-Huawei port link-type trunk port trunk allow-pass vlan 99 211 1500 mode lacp-static # interface Eth-Trunk1.1100 description PPPoEs-OLT Huawei ipv6 enable ipv6 address auto link-local statistic enable 8021p 0 user-vlan 603 604 user-vlan 1000 1016 user-vlan 1100 1115 user-vlan 1200 1215 user-vlan 1300 1315 user-vlan 1600 user-vlan 2017 pppoe-server bind Virtual-Template 1 ipv6 nd autoconfig managed-address-flag ipv6 nd autoconfig other-flag bas # access-type layer2-subscriber default-domain authentication force proteknet default-domain authentication ppp-user proteknet # # interface Eth-Trunk1.2018 description "PPPoEs-Repetidora Madsul" statistic enable 8021p 0 user-vlan 2018 bas # access-type layer2-subscriber default-domain authentication force proteknet default-domain authentication ppp-user proteknet # # interface Ethernet0/0/0 speed auto duplex auto undo shutdown ip binding vpn-instance __LOCAL_OAM_VPN__ ip address 192.168.0.1 255.255.255.0 # interface Virtual-Template0 ppp authentication-mode auto ip urpf strict enable check subnet ipv6 urpf strict enable check subnet # interface Virtual-Template1 description BRAS-PPPOE-NE8000 ppp authentication-mode auto ppp keepalive interval 20 retransmit 3 datacheck ip urpf strict enable check subnet ipv6 urpf strict enable check subnet # interface GigabitEthernet0/7/0 portswitch description UPLINK: ALT undo shutdown port trunk allow-pass vlan 2080 dcn # interface GigabitEthernet0/7/0.600 vlan-type dot1q 600 # interface GigabitEthernet0/7/0.601 vlan-type dot1q 601 # interface GigabitEthernet0/7/0.3600 vlan-type dot1q 3600 # interface GigabitEthernet0/7/1 undo shutdown eth-trunk 1 dcn # interface GigabitEthernet0/7/2 undo shutdown eth-trunk 1 dcn # interface GigabitEthernet0/7/3 undo shutdown eth-trunk 0 dcn # interface GigabitEthernet0/7/4 undo shutdown dcn # interface GigabitEthernet0/7/5 undo shutdown dcn # interface GigabitEthernet0/7/6 undo shutdown dcn # interface GigabitEthernet0/7/7 description UPLINK: CRS317 [SFP+15] shutdown eth-trunk 0 dcn # interface GigabitEthernet0/7/8 description UPLINK: CRS317 [SFP+11] undo shutdown eth-trunk 0 undo dcn # interface GigabitEthernet0/7/9 undo shutdown undo dcn # interface GigabitEthernet0/7/9.11 vlan-type dot1q 11 # interface LoopBack0 ipv6 enable ip address 45.236.84.5 255.255.255.255 ipv6 address 2804:4DE8:1000::18/128 # interface LoopBack1023 description DCN loopback interface ip binding vpn-instance __dcn_vpn__ ip address 128.141.212.11 255.255.0.0 # interface Virtual-Ethernet0/1/0 ve-group 1 l2-terminate # interface Virtual-Ethernet0/1/0.100 vlan-type dot1q 100 # interface Virtual-Ethernet0/1/1 ve-group 2 l2-terminate # interface Virtual-Ethernet0/1/1.100 vlan-type dot1q 100 # interface Virtual-Ethernet0/2/0 ve-group 1 l3-access # interface Virtual-Ethernet0/2/0.100 vlan-type dot1q 100 description UPLINK: VS-BGP ipv6 enable ip address 192.168.254.86 255.255.255.252 ipv6 address 2804:4DE8:1002:20::2/64 statistic enable ospfv3 1 area 0.0.0.0 ospfv3 network-type p2p ospf network-type p2p # interface Virtual-Ethernet0/2/1 ve-group 2 l3-access mac-address c4b8-b434-ab45 # interface Virtual-Ethernet0/2/1.100 vlan-type dot1q 100 # interface NULL0 # radius-server source interface LoopBack0 radius-server coa update username # ccc VS-MASTER-to-VS-BGP interface Virtual-Ethernet0/1/0.100 tagged out-interface Virtual-Ethernet0/1/1.100 tagged # ospf 1 router-id 45.236.84.5 import-route direct import-route static import-route unr opaque-capability enable area 0.0.0.0 network 192.168.254.80 0.0.0.3 description CGNAT network 192.168.254.84 0.0.0.3 description VS-BGP # ospf 65534 vpn-instance __dcn_vpn__ description DCN ospf create by default opaque-capability enable hostname vpn-instance-capability simple area 0.0.0.0 network 0.0.0.0 255.255.255.255 # !The DCN function implements the capability of plug-and-play for this device. !A NE IP address based on the unique NE ID is automatically generated in VPN !of DCN. It is recommended that the NE IP address be changed to the planned !one by running the ne-ip X.X.X.X command after the device being online. dcn # ip route-static 45.65.140.0 255.255.255.0 NULL0 ip route-static 45.236.87.64 255.255.255.224 192.168.254.82 ip route-static 143.208.71.0 255.255.255.0 NULL0 # snmp-agent snmp-agent local-engineid 800007DB03482CD020AFAF snmp-agent community read cipher %^%#$Bph>8K'e))xgkG[d1)!nUbN;InzM-]RotFv]';FB4}@H/bmIS\05@DIo"dHj6w{5ZR{;K-kCk8RRX_H%^%# alias __CommunityAliasName_01_60011 # snmp-agent sys-info contact Acacio Correa snmp-agent sys-info location [-26.42382277, -51.31382207] snmp-agent sys-info version v2c v3 # snmp-agent protocol source-status all-interface undo snmp-agent protocol source-status ipv6 all-interface # undo snmp-agent proxy protocol source-status all-interface undo snmp-agent proxy protocol source-status ipv6 all-interface # lldp enable # undo web-auth-server source-ip all # undo web-auth-server source-ipv6 all # stelnet server enable scp server enable snetconf server enable ssh ipv4 server port 9022 ssh ipv6 server port 9022 ssh user backup-oxidized ssh user backup-oxidized authentication-type password ssh user backup-oxidized service-type all ssh user ixcsoft ssh user ixcsoft authentication-type password ssh user ixcsoft service-type stelnet ssh user nzm@admin ssh user nzm@admin authentication-type password ssh user nzm@admin service-type all ssh user root ssh user root authentication-type password ssh user root service-type snetconf stelnet ssh server-source -i LoopBack1023 ssh server-source all-interface ssh ipv6 server-source all-interface ssh server acl 2000 ssh authorization-type default aaa # ssh server cipher aes256_gcm aes128_gcm aes256_ctr aes192_ctr aes128_ctr ssh server hmac sha2_512 sha2_256 ssh server key-exchange dh_group_exchange_sha256 dh_group_exchange_sha1 dh_group14_sha1 ecdh_sha2_nistp256 ecdh_sha2_nistp384 ecdh_sha2_nistp521 dh_group16_sha512 # ssh server publickey ecc rsa rsa_sha2_256 rsa_sha2_512 # ssh server dh-exchange min-len 3072 # ssh client first-time enable ssh client peer 192.168.10.2 assign ecc-key 192.168.10.2 ssh client peer 192.168.10.3 assign ecc-key 192.168.10.3 ssh client peer 192.168.13.2 assign ecc-key 192.168.13.2 ssh client peer 192.168.15.2 assign rsa-key 192.168.15.2 ssh client peer 45.236.84.23 assign rsa-key 45.236.84.23 # ssh client publickey ecc rsa rsa_sha2_256 rsa_sha2_512 # ssh client cipher aes256_gcm aes128_gcm aes256_ctr aes192_ctr aes128_ctr ssh client hmac sha2_512 sha2_256 ssh client key-exchange dh_group_exchange_sha256 dh_group_exchange_sha1 dh_group14_sha1 ecdh_sha2_nistp256 ecdh_sha2_nistp384 ecdh_sha2_nistp521 dh_group16_sha512 # traffic-policy pbr-global inbound global-acl # dns server 45.236.84.18 dns server 45.236.84.19 dns server ipv6 2804:4DE8:800:8000::18 dns server ipv6 2804:4DE8:800:8000::19 # user-interface maximum-vty 21 # user-interface con 0 # user-interface vty 0 4 authentication-mode aaa # netconf activate module huawei-ip # local-aaa-server # admin virtual-system VS-BGP pvmb slot 10 9 port-mode port resource u4route upper-limit 1048576 resource m4route upper-limit 2000 resource u6route upper-limit 1048576 resource m6route upper-limit 512 resource vpn-instance upper-limit 512 resource cpu weight 5 assign interface Eth-Trunk0.11 assign interface GigabitEthernet0/7/0.600 assign interface GigabitEthernet0/7/0.601 assign interface GigabitEthernet0/7/0.3600 assign interface Virtual-Ethernet0/2/1.100 # warranty # l2tp-group default-lac tunnel name HUAWEI # l2tp-group default-lns tunnel name HUAWEI # return