# Huawei Versatile Routing Platform Software # VRP (R) software, Version 5.170 (S5720 V200R011C10SPC600) # Copyright (C) 2000-2018 HUAWEI TECH Co., Ltd. # # DDR Memory Size : 2048 M bytes # FLASH Total Memory Size : 512 M bytes # FLASH Available Memory Size : 344 M bytes # Pcb Version : VER.A # BootROM Version : 020b.0a05 # BootLoad Version : 020b.0a05 # CPLD Version : 0107 # Software Version : VRP (R) Software, Version 5.170 (V200R011C10SPC600) # S5720-32X-EI-24S-AC's Device status: # Slot Sub Type Online Power Register Status Role # ------------------------------------------------------------------------------- # 0 - S5720-32X-EI-24S Present PowerOn Registered Normal Master !Software Version V200R011C10SPC600 # sysname PR-PGO-D-COLONIA_DONALUIZA # vlan batch 30 99 150 706 730 750 to 751 754 934 985 1005 vlan batch 1065 to 1066 2034 2198 to 2200 3034 3249 3805 to 3806 4000 # lnp disable # stp disable # authentication-profile name default_authen_profile authentication-profile name dot1x_authen_profile authentication-profile name mac_authen_profile authentication-profile name portal_authen_profile authentication-profile name dot1xmac_authen_profile authentication-profile name multi_authen_profile # set save-configuration interval 1440 delay 30 # telnet server enable # diffserv domain default # ip vpn-instance ONNET-CDN ipv4-family route-distinguisher 172.16.30.14:65000 vpn-target 65000:65000 export-extcommunity vpn-target 65000:65000 import-extcommunity ipv6-family route-distinguisher 172.16.30.14:65000 vpn-target 65000:65000 export-extcommunity vpn-target 65000:65000 import-extcommunity # radius-server template default # bfd # mpls lsr-id 172.16.30.14 mpls mpls te mpls te signaling-delay-trigger enable label advertise non-null mpls rsvp-te mpls rsvp-te hello mpls rsvp-te srefresh mpls rsvp-te timer refresh 45 mpls rsvp-te hello full-gr mpls rsvp-te send-message suggest-label mpls rsvp-te send-message extend-class-type value-length-type mpls rsvp-te send-message session-attribute without-affinity mpls rsvp-te fast-reroute-bandwidth compatible mpls rsvp-te send-message down-reason mpls te cspf mpls te cspf preferred-igp ospf 1 # mpls l2vpn # vsi VLAN750 pwsignal ldp vsi-id 750 peer 172.16.30.8 mtu 1600 # vsi VLAN4000 pwsignal ldp vsi-id 4000 peer 172.16.30.8 mtu 1600 # vsi VLAN30 pwsignal ldp vsi-id 30 peer 172.16.30.8 mtu 1600 # vsi VLAN706 pwsignal ldp vsi-id 706 peer 172.16.30.8 mtu 1600 # mpls ldp # # mpls ldp remote-peer 172.16.30.8 remote-ip 172.16.30.8 # mpls ldp remote-peer 172.16.30.10 remote-ip 172.16.30.10 # mpls ldp remote-peer 172.16.30.12 remote-ip 172.16.30.12 # mpls ldp remote-peer 172.16.30.15 remote-ip 172.16.30.15 # mpls ldp remote-peer 172.16.30.20 remote-ip 172.16.30.20 # ecc peer-public-key 172.16.30.10 encoding-type der public-key-code begin 042A1544 F44E58B6 1B44BF1F 23A0A1C6 D5721EF8 168D653D 637622CA 515FD0C4 5E581F95 9BEE0AA0 9B99468C 4FBB68C8 1BD12F23 9F490834 6504D221 458E710A E5 public-key-code end peer-public-key end # ecc peer-public-key 172.16.30.20 encoding-type der public-key-code begin 04863F28 C275406D 242BB0FB A731D3D9 E9B5B3AC 2ACF9108 C5624BA9 436032EE 93417C32 F17B332E EA058150 100E71F9 F6B9AF7B FBEF64F1 95A72599 6C0CFC8C 63 public-key-code end peer-public-key end # pki realm default # acl number 2000 rule 5 permit source 10.0.0.0 0.255.255.255 rule 10 permit source 45.225.64.0 0.0.3.255 rule 15 permit source 177.10.56.141 0 rule 20 permit source 177.10.56.96 0 rule 25 permit source 18.229.197.228 0 rule 30 permit source 45.187.80.0 0.0.3.255 # acl number 4001 rule 5 permit vlan-id 2198 acl number 4002 rule 5 permit vlan-id 2200 acl number 4003 rule 5 permit vlan-id 2199 # free-rule-template name default_free_rule # portal-access-profile name portal_access_profile # drop-profile default # vlan 30 description Cliente: 3M: via 1Fibra(Nova) vlan 706 description Transporte: Radio Mundi: via NovaG1 vlan 1065 description Transporte: Nova: Aguia Sistemas: Moradas<>Nova vlan 1066 description Transporte: Nova: Aguia Sistemas: Moradas<>Nova vlan 2034 description Transporte: NovaG1: PGO<->TBO vlan 3034 description TRASNPORTE: NOVA G1: TIBAGI vlan 4000 description PPPoE: Serp # aaa authentication-scheme default authentication-scheme radius authentication-mode radius authorization-scheme default accounting-scheme default local-aaa-user password policy administrator password history record number 0 undo password alert original password expire 0 domain default authentication-scheme radius radius-server default domain default_admin authentication-scheme default local-user admin password irreversible-cipher $1a$ppMdUuDQwU$$+mt1wAU)~LKW#4A[!|B9bGFM$jl{GT*m+BA*pt>$ local-user admin privilege level 15 local-user admin service-type telnet terminal ssh http local-user onnet:onnet password irreversible-cipher $1a$G},X*ga9/'$!l~iT\'NNRq_Cn%=`le.wGw(;I%Ht"OmsQXr]J^C$ local-user onnet:onnet privilege level 15 local-user onnet:onnet service-type telnet terminal ssh local-user onnet:onnet expire-date 2099/12/31 local-user backup@onnet password irreversible-cipher $1a$xH<]HA\tC-$1uO%8$[P#N$L2MBYYxzNova mtu 2000 mpls l2vc 172.16.30.10 1065 # interface Vlanif1066 description Transporte: Nova: Aguia Sistemas: Moradas<>Nova mtu 2000 mpls l2vc 172.16.30.10 1066 # interface Vlanif2024 description TRANSPORET: NOVA G1: TELEMACO # interface Vlanif2034 bandwidth 250000 mpls l2vc 172.16.30.8 2034 mtu 1600 statistic enable both # interface Vlanif2198 mpls l2vc 172.16.30.8 2198 statistic enable both # interface Vlanif2199 description TRANSPORTE: NOVAG1-WEB bandwidth 6000 mpls l2vc 172.16.30.20 2199 mtu 9198 statistic enable both # interface Vlanif2200 description TRANSPORTE: NOVAG1-WEB bandwidth 6000 mpls l2vc 172.16.30.20 2200 mtu 9198 statistic enable both # interface Vlanif3034 description TRANSPORET: NOVA G1: TELEMACO bandwidth 250 mpls l2vc 172.16.30.8 3034 mtu 1600 statistic enable both # interface Vlanif3249 description TRANSPORTE: DBUG_LEONARDO_RED_COL mtu 6000 mpls l2vc 172.16.30.8 3249 # interface Vlanif3805 description UPLINK: PR-PGO-A001-BKB-NOVAG1 mtu 5000 ip address 172.16.20.26 255.255.255.252 ospf cost 2 ospf network-type p2p mpls mpls te mpls te bandwidth max-reservable-bandwidth 1410066 mpls rsvp-te mpls rsvp-te hello mpls ldp # interface Vlanif3806 description UPLINK: PR-PGO-A001-BKB-MORADAS mtu 9100 ip address 172.16.20.30 255.255.255.252 ospf cost 1 ospf network-type p2p mpls mpls te mpls te bandwidth max-reservable-bandwidth 1410066 mpls rsvp-te mpls rsvp-te hello mpls ldp # interface Vlanif4000 description PPPoE: Serp l2 binding vsi VLAN4000 statistic enable both # interface MEth0/0/1 # interface GigabitEthernet0/0/1 description CUST: TRANS_PRIMO [100Mbps] port link-type access port default vlan 985 # interface GigabitEthernet0/0/2 shutdown # interface GigabitEthernet0/0/3 shutdown # interface GigabitEthernet0/0/4 shutdown # interface GigabitEthernet0/0/5 shutdown # interface GigabitEthernet0/0/6 shutdown # interface GigabitEthernet0/0/7 # interface GigabitEthernet0/0/8 # interface GigabitEthernet0/0/9 # interface GigabitEthernet0/0/10 # interface GigabitEthernet0/0/11 # interface GigabitEthernet0/0/12 # interface GigabitEthernet0/0/13 # interface GigabitEthernet0/0/14 # interface GigabitEthernet0/0/15 # interface GigabitEthernet0/0/16 # interface GigabitEthernet0/0/17 # interface GigabitEthernet0/0/18 # interface GigabitEthernet0/0/19 # interface GigabitEthernet0/0/20 # interface GigabitEthernet0/0/21 # interface GigabitEthernet0/0/22 # interface GigabitEthernet0/0/23 # interface GigabitEthernet0/0/24 # interface GigabitEthernet0/0/25 # interface GigabitEthernet0/0/26 # interface GigabitEthernet0/0/27 # interface GigabitEthernet0/0/28 port link-type access port default vlan 99 # interface XGigabitEthernet0/0/1 description UPLINK: PR-PGO-A001-LEONARDO-ONNET port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 934 985 3249 3805 # interface XGigabitEthernet0/0/2 description UPLINK: PR-PGO-A001-BKB-ONNET-BARRACAO P:15 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 3806 # interface XGigabitEthernet0/0/3 # interface XGigabitEthernet0/0/4 description UPLINK: PR-PGO-A001-MORADAS-ONNET P:15 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 934 3806 # interface NULL0 # interface LoopBack0 ip address 172.16.30.14 255.255.255.255 # bgp 267018 router-id 172.16.30.14 undo default ipv4-unicast graceful-restart undo check-first-as peer 172.16.30.253 as-number 267018 peer 172.16.30.253 description RR-02 peer 172.16.30.254 as-number 267018 peer 172.16.30.254 description RR-01 # ipv4-family unicast undo synchronization ext-community-change enable preference 20 200 200 import-route direct route-policy OUT-DEFAULT import-route static route-policy OUT-DEFAULT peer 172.16.30.253 enable peer 172.16.30.253 route-policy OUT-IPV4-RR export peer 172.16.30.253 next-hop-local peer 172.16.30.253 advertise-community peer 172.16.30.254 enable peer 172.16.30.254 route-policy OUT-IPV4-RR export peer 172.16.30.254 next-hop-local peer 172.16.30.254 advertise-community # ipv6-family unicast undo synchronization preference 20 200 200 import-route direct route-policy OUT-DEFAULT-V6 import-route static route-policy OUT-DEFAULT-V6 peer 172.16.30.253 enable peer 172.16.30.253 route-policy OUT-IPV6-RR export peer 172.16.30.253 next-hop-local peer 172.16.30.253 label-route-capability peer 172.16.30.253 advertise-community peer 172.16.30.254 enable peer 172.16.30.254 route-policy OUT-IPV6-RR export peer 172.16.30.254 next-hop-local peer 172.16.30.254 label-route-capability peer 172.16.30.254 advertise-community # ipv4-family vpnv4 policy vpn-target peer 172.16.30.253 enable peer 172.16.30.253 route-policy IN-VPNV4-RR import peer 172.16.30.253 route-policy OUT-VPNV4-RR export peer 172.16.30.253 next-hop-local peer 172.16.30.253 advertise-community peer 172.16.30.254 enable peer 172.16.30.254 route-policy IN-VPNV4-RR import peer 172.16.30.254 route-policy OUT-VPNV4-RR export peer 172.16.30.254 next-hop-local peer 172.16.30.254 advertise-community # ipv4-family vpn-instance ONNET-CDN ext-community-change enable preference 20 200 200 # ipv6-family vpnv6 policy vpn-target peer 172.16.30.253 enable peer 172.16.30.253 route-policy IN-VPNV6-RR import peer 172.16.30.253 route-policy OUT-VPNV6-RR export peer 172.16.30.253 next-hop-local peer 172.16.30.253 advertise-community peer 172.16.30.254 enable peer 172.16.30.254 route-policy IN-VPNV6-RR import peer 172.16.30.254 route-policy OUT-VPNV6-RR export peer 172.16.30.254 next-hop-local peer 172.16.30.254 advertise-community # ospf 1 router-id 172.16.30.14 bfd all-interfaces enable bfd all-interfaces min-tx-interval 300 min-rx-interval 300 import-route direct cost 2 type 1 import-route static cost 2 type 1 opaque-capability enable enable log config enable log state enable log error enable log snmp-trap enable traffic-adjustment advertise frr area 0.0.0.0 network 172.16.20.24 0.0.0.3 network 172.16.20.28 0.0.0.3 network 172.16.30.14 0.0.0.0 mpls-te enable # route-policy OUT-DEFAULT permit node 50 if-match ip-prefix AS267018_24 apply local-preference 1000 apply community 65534:1010 # route-policy OUT-DEFAULT permit node 100 apply local-preference 1000 apply community 65534:1019 # route-policy OUT-DEFAULT-V6 permit node 50 if-match ipv6 address prefix-list AS267018_48 apply local-preference 1000 apply community 65534:1010 # route-policy OUT-DEFAULT-V6 permit node 100 if-match ipv6 address prefix-list AS267018_128 apply local-preference 1000 apply community 65534:1019 # route-policy OUT-IPV6-RR permit node 70 if-match ipv6 address prefix-list le_48 apply community 65534:1620 additive apply mpls-label # route-policy OUT-IPV6-RR permit node 100 apply mpls-label # route-policy OUT-IPV4-RR permit node 90 if-match ip-prefix le_24 apply community 65534:1620 additive # route-policy OUT-IPV4-RR permit node 100 # route-policy OUT-VPNV4-RR permit node 100 # route-policy IN-VPNV4-RR permit node 100 if-match as-path-filter 32 # route-policy OUT-VPNV6-RR permit node 100 apply mpls-label # route-policy IN-VPNV6-RR permit node 100 if-match as-path-filter 32 # route-policy OUT-IPV6-CDN permit node 50 if-match community-filter BLOCOS_CDN # route-policy OUT-IPV6-CDN deny node 1000 # route-policy OUT-IPV4-CDN permit node 50 if-match community-filter BLOCOS_CDN # route-policy OUT-IPV4-CDN deny node 1000 # ip ip-prefix AS267018_24 index 5 permit 45.225.64.0 22 greater-equal 22 less-equal 24 ip ip-prefix DEFAULT index 10 permit 0.0.0.0 0 ip ip-prefix FILTRO-LSP index 10 permit 172.16.20.0 24 greater-equal 30 less-equal 32 ip ip-prefix FILTRO-LSP index 15 permit 172.16.30.0 24 greater-equal 30 less-equal 32 ip ip-prefix le_24 index 10 permit 0.0.0.0 0 less-equal 24 # ip as-path-filter 32 permit .* # ip community-filter basic CLIENTES permit 65534:1010 ip community-filter basic GERENCIA permit 65534:1019 ip community-filter basic NO_PTT permit 65534:7880 ip community-filter basic NO_BRT permit 65534:2780 ip community-filter basic NO_INT permit 65534:4680 ip community-filter basic PREPEND_1 permit 65534:6001 ip community-filter basic PREPEND_2 permit 65534:6002 ip community-filter basic PREPEND_3 permit 65534:6003 ip community-filter basic BLACKHOLE permit 65534:666 ip community-filter basic NO-EXPORT permit no-export ip community-filter basic BLOCOS_CDN permit 65534:1017 # ip ipv6-prefix AS267018_48 index 5 permit 2804:46E4:: 32 greater-equal 32 less-equal 48 ip ipv6-prefix AS267018_128 index 5 permit 2804:46E4:: 32 greater-equal 49 less-equal 128 ip ipv6-prefix DEFAUL-v6 index 10 permit :: 0 ip ipv6-prefix le_48 index 10 permit :: 0 less-equal 48 # traffic-limit vlan 2198 inbound acl 4001 cir 256000 pir 256000 cbs 32000000 pbs 32000000 traffic-limit vlan 2198 outbound acl 4001 cir 256000 pir 256000 cbs 32000000 pbs 32000000 # snmp-agent snmp-agent local-engineid 800007DB03F47960BA5320 snmp-agent community read cipher %^%#=)UiT5tA6:kKAH.c!Io*Kw<^U@XTwM}D=H0|sgn+lJe(Tx5@HE'u3GOH;XrD~@J)(`[f9Qq8^I@gM|R(%^%# snmp-agent sys-info version v2c v3 # stelnet ipv4 server enable stelnet ipv6 server enable ssh user admin ssh user admin authentication-type password ssh user admin service-type all ssh user backup@onnet ssh user backup@onnet authentication-type password ssh user backup@onnet service-type stelnet ssh client first-time enable ssh client 172.16.30.10 assign ecc-key 172.16.30.10 ssh client 172.16.30.20 assign ecc-key 172.16.30.20 ssh server acl 2000 ssh server cipher aes256_ctr aes128_ctr ssh server hmac sha2_256 ssh client cipher aes256_ctr aes128_ctr ssh client hmac sha2_256 ssh server dh-exchange min-len 2048 # user-interface con 0 authentication-mode aaa user-interface vty 0 4 authentication-mode aaa protocol inbound all user-interface vty 16 20 # dot1x-access-profile name dot1x_access_profile # mac-access-profile name mac_access_profile # return