=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2021.08.30 10:38:32 =~=~=~=~=~=~=~=~=~=~=~= dis cu # version 5.20, Release 2104P09 # sysname RT007 # clock timezone 1 minus 06:00:00 # dhcp relay server-group 1 ip 172.16.33.2 dhcp relay server-group 2 ip 192.168.152.250 # firewall enable # domain default enable system # dns resolve dns server 172.16.17.45 dns domain domino.local # router id 1.1.1.3 # dar p2p signature-file flash:/p2p_default.mtd # lldp enable ---- More ---- # undo ip http enable # multicast routing-enable # acl number 3000 rule 1 deny tcp source 172.16.35.0 0.0.0.255 destination 100.32.3.0 0.0.0.255 destination-port eq www rule 2 deny tcp source 172.16.35.0 0.0.0.255 destination 100.32.3.0 0.0.0.255 destination-port eq 443 rule 3 deny tcp source 172.16.35.0 0.0.0.255 destination 192.168.0.0 0.0.255.255 destination-port eq www rule 4 deny tcp source 172.16.35.0 0.0.0.255 source-port eq domain destination 192.168.0.0 0.0.255.255 destination-port eq 443 rule 5 deny tcp source 172.16.35.0 0.0.0.255 destination 172.16.0.0 0.0.255.255 destination-port eq www rule 6 deny tcp source 172.16.35.0 0.0.0.255 source-port eq domain destination 172.16.0.0 0.0.255.255 destination-port eq 443 rule 7 deny tcp source 172.16.35.0 0.0.0.255 destination 172.17.0.0 0.0.255.255 destination-port eq www rule 8 deny tcp source 172.16.35.0 0.0.0.255 source-port eq domain destination 172.17.0.0 0.0.255.255 destination-port eq 443 rule 9 deny tcp source 172.16.35.0 0.0.0.255 destination 172.18.0.0 0.0.255.255 destination-port eq www rule 10 deny tcp source 172.16.35.0 0.0.0.255 destination 172.18.0.0 0.0.255.255 destination-port eq 443 rule 11 permit tcp destination 0.0.0.0 0 destination-port eq www rule 12 permit tcp destination 0.0.0.0 0 destination-port eq 443 rule 13 permit udp destination 0.0.0.0 0 destination-port eq dns rule 14 permit udp source-port eq dns rule 15 permit tcp destination-port eq domain rule 16 permit tcp source-port eq domain rule 17 permit tcp destination-port eq smtp ---- More ----  rule 18 permit tcp destination-port eq pop3 rule 19 permit tcp destination-port eq 465 rule 20 permit tcp destination-port eq 995 rule 21 permit tcp destination-port eq 993 rule 22 permit ip destination 172.16.16.7 0 rule 23 deny ip destination 172.16.0.0 0.0.255.255 rule 24 deny ip destination 172.17.0.0 0.0.255.255 rule 25 deny ip destination 192.168.0.0 0.0.255.255 rule 26 deny ip destination 100.32.3.0 0.0.0.255 acl number 3001 rule 1 deny tcp source 172.16.35.0 0.0.0.255 destination 100.32.3.0 0.0.0.255 destination-port eq www rule 2 deny tcp source 172.16.35.0 0.0.0.255 destination 100.32.3.0 0.0.0.255 destination-port eq 443 rule 3 deny tcp source 172.16.35.0 0.0.0.255 destination 192.168.0.0 0.0.255.255 destination-port eq www rule 4 deny tcp source 172.16.35.0 0.0.0.255 destination 192.168.0.0 0.0.255.255 destination-port eq 443 rule 5 deny tcp source 172.16.35.0 0.0.0.255 destination 172.16.0.0 0.0.255.255 destination-port eq www rule 6 deny tcp source 172.16.35.0 0.0.0.255 source-port eq domain destination 172.16.0.0 0.0.255.255 destination-port eq 443 rule 7 deny tcp source 172.16.35.0 0.0.0.255 destination 172.17.0.0 0.0.255.255 destination-port eq www rule 8 deny tcp source 172.16.35.0 0.0.0.255 source-port eq domain destination 172.17.0.0 0.0.255.255 destination-port eq 443 rule 9 deny tcp source 172.16.35.0 0.0.0.255 destination 172.18.0.0 0.0.255.255 destination-port eq www rule 10 deny tcp source 172.16.35.0 0.0.0.255 destination 172.18.0.0 0.0.255.255 destination-port eq 443 rule 11 permit tcp destination 0.0.0.0 0 destination-port eq www rule 12 permit tcp destination 0.0.0.0 0 destination-port eq 443 rule 13 permit udp destination 0.0.0.0 0 destination-port eq dns ---- More ----  rule 14 permit udp source-port eq dns rule 15 permit tcp destination-port eq domain rule 16 permit tcp source-port eq domain rule 17 permit tcp destination-port eq smtp rule 18 permit tcp destination-port eq pop3 rule 19 permit tcp destination-port eq 465 rule 20 permit tcp destination-port eq 995 rule 21 permit tcp destination-port eq 993 rule 22 permit ip destination 172.16.16.7 0 rule 23 deny ip destination 172.16.0.0 0.0.255.255 rule 24 deny ip destination 172.17.0.0 0.0.255.255 rule 25 deny ip destination 192.168.0.0 0.0.255.255 rule 26 deny ip destination 100.32.3.0 0.0.0.255 acl number 3002 rule 1 deny tcp source 172.16.38.23 0 source-port eq 445 rule 2 deny tcp source 172.16.38.23 0 destination-port eq 445 rule 3 deny tcp source 172.16.38.24 0 source-port eq 445 rule 4 deny tcp source 172.16.38.24 0 destination-port eq 445 rule 5 deny tcp source 172.16.38.27 0 source-port eq 445 rule 6 deny tcp source 172.16.38.27 0 destination-port eq 445 rule 7 deny tcp source 172.16.38.51 0 source-port eq 445 rule 8 deny tcp source 172.16.38.51 0 destination-port eq 445 rule 9 deny tcp source 172.16.38.52 0 source-port eq 445 ---- More ----  rule 10 deny tcp source 172.16.38.52 0 destination-port eq 445 rule 11 deny tcp source 172.16.38.53 0 source-port eq 445 rule 12 deny tcp source 172.16.38.53 0 destination-port eq 445 rule 13 deny tcp source 172.16.38.54 0 source-port eq 445 rule 14 deny tcp source 172.16.38.54 0 destination-port eq 445 rule 15 deny tcp source 172.16.38.55 0 source-port eq 445 rule 16 deny tcp source 172.16.38.55 0 destination-port eq 445 rule 17 deny tcp source 172.16.38.56 0 source-port eq 445 rule 18 deny tcp source 172.16.38.56 0 destination-port eq 445 rule 19 deny tcp source 172.16.38.57 0 source-port eq 445 rule 20 deny tcp source 172.16.38.57 0 destination-port eq 445 rule 21 deny tcp source 172.16.38.58 0 source-port eq 445 rule 22 deny tcp source 172.16.38.58 0 destination-port eq 445 rule 23 deny tcp source 172.16.38.59 0 source-port eq 445 rule 24 deny tcp source 172.16.38.59 0 destination-port eq 445 rule 25 deny tcp source 172.16.38.60 0 source-port eq 445 rule 26 deny tcp source 172.16.38.60 0 destination-port eq 445 rule 27 deny tcp source 172.16.38.61 0 source-port eq 445 rule 28 deny tcp source 172.16.38.61 0 destination-port eq 445 rule 29 deny tcp source 172.16.38.62 0 source-port eq 445 rule 30 deny tcp source 172.16.38.62 0 destination-port eq 445 rule 31 deny tcp source 172.16.38.63 0 source-port eq 445 rule 32 deny tcp source 172.16.38.63 0 destination-port eq 445 ---- More ----  rule 33 deny tcp source 172.16.38.64 0 source-port eq 445 rule 34 deny tcp source 172.16.38.64 0 destination-port eq 445 rule 35 deny tcp source 172.16.38.65 0 source-port eq 445 rule 36 deny tcp source 172.16.38.65 0 destination-port eq 445 rule 37 deny tcp source 172.16.38.66 0 source-port eq 445 rule 38 deny tcp source 172.16.38.66 0 destination-port eq 445 rule 39 deny tcp source 172.16.38.67 0 source-port eq 445 rule 40 deny tcp source 172.16.38.67 0 destination-port eq 445 rule 41 deny tcp source 172.16.38.69 0 source-port eq 445 rule 42 deny tcp source 172.16.38.69 0 destination-port eq 445 rule 43 deny tcp source 172.16.38.70 0 source-port eq 445 rule 44 deny tcp source 172.16.38.70 0 destination-port eq 445 rule 45 deny tcp source 172.16.38.72 0 source-port eq 445 rule 46 deny tcp source 172.16.38.72 0 destination-port eq 445 rule 47 deny tcp source 172.16.38.74 0 source-port eq 445 rule 48 deny tcp source 172.16.38.74 0 destination-port eq 445 rule 49 deny tcp source 172.16.38.75 0 source-port eq 445 rule 50 deny tcp source 172.16.38.75 0 destination-port eq 445 rule 51 deny tcp source 172.16.38.76 0 source-port eq 445 rule 52 deny tcp source 172.16.38.76 0 destination-port eq 445 rule 53 deny tcp source 172.16.38.77 0 source-port eq 445 rule 54 deny tcp source 172.16.38.77 0 destination-port eq 445 rule 55 deny tcp source 172.16.38.78 0 source-port eq 445 ---- More ----  rule 56 deny tcp source 172.16.38.78 0 destination-port eq 445 rule 57 deny tcp source 172.16.38.79 0 source-port eq 445 rule 58 deny tcp source 172.16.38.79 0 destination-port eq 445 rule 59 deny tcp source 172.16.38.80 0 source-port eq 445 rule 60 deny tcp source 172.16.38.80 0 destination-port eq 445 rule 61 deny tcp source 172.16.38.81 0 source-port eq 445 rule 62 deny tcp source 172.16.38.81 0 destination-port eq 445 rule 63 deny tcp source 172.16.38.82 0 source-port eq 445 rule 64 deny tcp source 172.16.38.82 0 destination-port eq 445 rule 65 permit tcp # vlan 1 # domain system access-limit disable state active idle-cut disable self-service-url disable # public-key peer 172.16.32.2 public-key-code begin 30819F300D06092A864886F70D010101050003818D0030818902818100B792D31B10F489FA 6BB61C45BFF2BE678A2BA3C76D3A03EF7F9CCDA105CAA7FA8C91A84077BAC7D3450DEDE7E1 ---- More ----  631667D3C308215B9893A76356D0AFB84710E8AC74219DDB4B8753AFB0E16A6D6139E52045 01CA6421FDBB9148D1E27B923A3640B81E3D866C2FAB169E110E1AD79E8C5324D8C8C9AD2B 2DC2790092CD6885F70203010001 public-key-code end peer-public-key end # public-key peer 10.20.20.2 public-key-code begin 30819F300D06092A864886F70D010101050003818D0030818902818100BDE1403897776BDA 72EABE779F16DB98798F57BEB166B97839738CC712831DEF474BDEF32443CC8916B540DF8F 2148D75777FAB3D217D8786CB94F9D8947FAA446063B17597A8183CC07280CD9AD3C663301 88895269726CF88DA24EC55417868B42FD08964DD35458FA9AB3553B65A0B18A1D22B62ABA 0C4700E39A30D7633B0203010001 public-key-code end peer-public-key end # user-group system # local-user admin password cipher @ZW\BI9L+R6A]=B$ZJ>7=Q!! authorization-attribute level 3 service-type ssh telnet terminal # ---- More ---- cwmp undo cwmp enable # interface Aux0 async mode flow link-protocol ppp # interface Cellular0/0 async mode protocol link-protocol ppp # interface Ethernet0/0 port link-mode route description Enlace Red Metro ip address 192.168.100.3 255.255.255.0 ospf cost 6 # interface Ethernet0/1 port link-mode route firewall packet-filter 3001 inbound # interface Ethernet0/1.105 description Isolation ---- More ----  vlan-type dot1q vid 105 ip address 172.16.40.1 255.255.255.0 dhcp select relay dhcp relay server-select 2 # interface Ethernet0/1.130 description Administrativa vlan-type dot1q vid 130 ip address 172.16.32.1 255.255.255.0 dhcp relay server-select 1 igmp enable pim dm # interface Ethernet0/1.131 description Corporativa vlan-type dot1q vid 131 ip address 172.16.33.1 255.255.255.0 dhcp select relay dhcp relay server-select 1 igmp enable pim dm # interface Ethernet0/1.132 ---- More ----  description WirelessCorporativa vlan-type dot1q vid 132 ip address 172.16.34.1 255.255.255.0 dhcp select relay dhcp relay server-select 1 igmp enable pim dm # interface Ethernet0/1.133 description WirelessInvitados vlan-type dot1q vid 133 firewall packet-filter 3000 inbound ip address 172.16.35.1 255.255.255.0 dhcp select relay dhcp relay server-select 1 igmp enable pim dm # interface Ethernet0/1.134 description Voz vlan-type dot1q vid 134 ip address 172.16.36.1 255.255.255.0 dhcp select relay ---- More ----  dhcp relay server-select 1 igmp enable pim dm # interface Ethernet0/1.135 description Video vlan-type dot1q vid 135 ip address 172.16.37.1 255.255.255.0 igmp enable pim dm # interface Ethernet0/1.136 description Symbol vlan-type dot1q vid 136 firewall packet-filter 3002 inbound firewall packet-filter 3002 outbound ip address 172.16.38.1 255.255.255.0 dhcp select relay dhcp relay server-select 1 igmp enable pim dm # interface Ethernet0/1.137 ---- More ----  description Smart-TV vlan-type dot1q vid 137 ip address 172.16.39.1 255.255.255.0 dhcp select relay dhcp relay server-select 1 igmp enable pim dm # interface Ethernet3/0 port link-mode route description Enlace Optel ip address 10.20.20.4 255.255.255.0 ospf cost 8 # interface Ethernet3/1 port link-mode route description Enlace Telefonica ip address 192.168.130.42 255.255.255.252 # interface NULL0 # interface Tunnel901 description Hacia Zona 4 via Telefonica ---- More ----  mtu 1500 ip address 90.90.1.2 255.255.255.252 source Ethernet3/1 destination 192.168.130.37 keepalive 10 3 tunnel bandwidth 10240 ospf cost 200 # ospf 1 import-route direct area 0.0.0.0 network 192.168.100.0 0.0.0.255 network 90.90.1.0 0.0.0.3 network 10.20.20.0 0.0.0.255 area 0.0.0.3 network 172.16.32.0 0.0.0.255 network 172.16.33.0 0.0.0.255 network 172.16.34.0 0.0.0.255 network 172.16.35.0 0.0.0.255 network 172.16.36.0 0.0.0.255 network 172.16.37.0 0.0.0.255 network 172.16.38.0 0.0.0.255 network 172.16.39.0 0.0.0.255 ---- More ---- # policy-based-route 1 permit node 1 if-match acl 3001 apply output-interface Ethernet0/1.133 # ip route-static 192.168.130.37 255.255.255.255 192.168.130.41 # snmp-agent snmp-agent local-engineid 800063A2033CE5A681A0EF snmp-agent community read C3m@c0 snmp-agent community write C3m@c0_wr snmp-agent sys-info contact Informatica snmp-agent sys-info location Datacenter Zona 7 snmp-agent sys-info version all snmp-agent target-host trap address udp-domain 172.16.17.41 params securityname C3m@c0 v2c snmp-agent target-host trap address udp-domain 172.16.17.50 params securityname C3m@c0 v2c # dhcp enable # ntp-service unicast-server 172.16.17.45 # ssh server enable ssh client authentication server 172.16.32.2 assign publickey 172.16.32.2 ---- More ----  ssh client authentication server 10.20.20.2 assign publickey 10.20.20.2 # load xml-configuration # load tr069-configuration # user-interface tty 12 user-interface aux 0 authentication-mode scheme user-interface vty 0 4 authentication-mode scheme protocol inbound ssh # return save The current configuration will be written to the device. Are you sure? [Y/N]:y Please input the file name(*.cfg)[flash:/startup.cfg] (To leave the existing filename unchanged, press the enter key): flash:/startup.cfg exists, overwrite? [Y/N]:y Validating file. Please wait.... Configuration is saved to device successfully. quit