Create a gist now

Instantly share code, notes, and snippets.

! NEC Portable Internetwork Core Operating System Software
! IX Series IX2010 (magellan-sec) Software, Version 8.3.49, RELEASE SOFTWARE
! Compiled Nov 25-Fri-2011 10:29:23 JST #1
! Current time May 11-Mon-2015 03:53:50 JST
!
!
hostname kotori
timezone +09 00
terminal default-length 0
terminal default-width 120
terminal timeout 10
terminal timestamp datetime
terminal speed 38400
!
!
!
username root password hash DEADBEEF administrator
!
!
!
ntp ip enable
ntp ipv6 enable
ntp server 133.243.238.244 source FastEthernet0/0.1
ntp retry 2
ntp interval 120
!
!
!
logging buffered 131072
logging subsystem ntp warn
logging subsystem flt warn
logging subsystem nat warn
logging subsystem ppoe warn
logging subsystem ppp warn
access-list m-allow-v4v6 permit src any dest any type ipv6
access-list m-allow-v4v6 permit src any dest any type ip
!
!
ip ufs-cache enable
ip route default FastEthernet0/0.2
ip route 192.168.96.0/19 FastEthernet0/1.1
ip access-list allow-all permit ip src any dest any
ip access-list allow-console permit ip src 192.168.96.0/19 dest any
ip access-list allow-ping permit icmp echo src any dest any
ip access-list allow-ping permit icmp echo-reply src any dest any
ip access-list allow-ping permit icmp ttl-exceeded src any dest any
ip access-list allow-ping permit icmp time-exceeded src any dest any
ip access-list allow-ping permit icmp host-unknown src any dest any
ip access-list allow-ping permit icmp network-unknown src any dest any
ip access-list allow-ping permit icmp port-unreachable src any dest any
ip access-list allow-ping permit icmp packet-too-big src any dest any
ip access-list allow-ping permit icmp unreachable src any dest any
ip access-list allow-ping permit icmp net-unreachable src any dest any
ip access-list allow-ping permit icmp host-unreachable src any dest any
ip access-list allow-ping permit icmp protocol-unreachable src any dest any
ip access-list block-crs-home permit ip src any dest 192.168.96.1/32
ip access-list block-crs-home permit ip src any dest 192.168.0.10/32
ip access-list block-crs-home permit ip src any dest 192.168.32.1/32
ip access-list block-crs-home permit ip src any dest 192.168.128.1/32
ip access-list block-crs-home permit ip src any dest 192.168.160.1/32
ip access-list block-crs-home permit ip src any dest 172.30.96.1/32
ip access-list block-crs-home permit ip src 192.168.96.1/32 dest 192.168.0.0/16
ip access-list block-crs-home permit ip src 192.168.0.10/32 dest 192.168.0.0/16
ip access-list block-crs-home permit ip src 192.168.32.1/32 dest 192.168.0.0/16
ip access-list block-crs-home permit ip src 192.168.128.1/32 dest 192.168.0.0/16
ip access-list block-crs-home permit ip src 192.168.160.1/32 dest 192.168.0.0/16
ip access-list block-crs-home permit ip src 172.30.96.1/32 dest 192.168.0.0/16
ip access-list block-crs-home deny ip src 192.168.0.0/16 dest 192.168.0.0/16
ip access-list clients permit ip src 192.168.32.0/19 dest any
ip access-list clients permit ip src 192.168.128.0/19 dest any
ip access-list clients permit ip src 192.168.160.0/19 dest any
ip access-list clients permit ip src 172.30.96.0/24 dest any
ip access-list deny-all deny ip src any dest any
ip access-list deny-to-intl deny ip src any dest 10.0.0.0/8
ip access-list fixed-ext-ip permit ip src 192.168.0.0/19 dest any
ip access-list fixed-ext-ip permit ip src 192.168.96.0/19 dest any
ip access-list monitors permit ip src 10.0.0.1/32 dest any
ip access-list monitors permit ip src 10.2.0.1/32 dest any
ip access-list monitors permit ip src 192.168.96.0/19 dest any
ip access-list monitors permit ip src 192.168.128.0/19 dest any
ip access-list sonet-dy-ext-ip permit ip src 192.168.0.4/32 dest any
ip access-list svc-oakland permit tcp src any sport any dest 192.168.96.10/32 dport eq 8888
ip access-list svc-oakland permit tcp src any sport any dest 172.30.96.2/31 dport any
ip access-list svc-oakland permit tcp src any sport any dest 192.168.96.10/32 dport eq 22
ip access-list svc-oakland permit tcp src any sport any dest 192.168.96.10/32 dport eq 80
ip access-list svc-oakland permit tcp src any sport any dest 192.168.96.10/32 dport eq 443
ip access-list dynamic dyn-all access allow-all
!
!
ipv6 ufs-cache enable
ipv6 access-list v6-allow-all permit ip src any dest any
ipv6 access-list v6-allow-ndp permit icmp neighbor-advertisement src any dest any
ipv6 access-list v6-allow-ndp permit icmp neighbor-solicitation src any dest any
ipv6 access-list v6-allow-ndp permit icmp router-solicitation src any dest any
ipv6 access-list v6-allow-ndp permit icmp router-advertisement src any dest any
ipv6 access-list v6-allow-ping permit icmp echo src any dest any
ipv6 access-list v6-allow-ping permit icmp echo-reply src any dest any
ipv6 access-list v6-deny-all deny ip src any dest any
ipv6 access-list v6-oakland permit tcp src any sport any dest-domain 2409:10:2040:500::beef dport eq 80
ipv6 access-list v6-oakland permit tcp src any sport any dest-domain 2409:10:2040:500::beef dport eq 443
ipv6 access-list v6-oakland permit tcp src any sport any dest-domain 2409:10:2040:500::beef dport eq 22
ipv6 access-list dynamic v6-dyn-all access v6-allow-all
!
!
snmp-agent ip enable
snmp-agent ip community public monitors
!
bridge irb enable
no bridge 1 bridge ip
!
!
ip name-server 192.168.96.10
ip name-server 8.8.8.8
ipv6 name-server 2409:10:2040:500::beef
ipv6 name-server 2404:1a8:7f01:b::3
dns cache enable
dns cache lifetime 3600
dns ncache lifetime 60
!
!
telnet-server ip enable
telnet-server ip access-list allow-console
!
!
!
!
!
!
!
!
!
route-map rmap permit 10
match ip address access-list sonet-dy-ext-ip
set interface FastEthernet0/0.3
!
route-map rmap permit 100
match ip address access-list fixed-ext-ip
set interface FastEthernet0/0.1
!
ppp profile iij-fiberaccess-nf
authentication myname xxx
authentication password xxx xxx
!
ppp profile sonet
authentication myname xxx
authentication password xxx xxx
!
ppp profile sonet-fixed
authentication myname xxx
authentication password xxx xxx
!
device FastEthernet0/0
!
device FastEthernet0/1
!
device FastEthernet1/0
!
device BRI1/0
isdn switch-type hsd128k
!
interface FastEthernet0/0.0
filter m-allow-v4v6 1 in
no ip address
ipv6 enable
ipv6 address autoconfig receive-default
bridge-group 1
bridge ipv6 filter v6-allow-ndp 100 in
bridge ipv6 filter v6-allow-all 10000 in
no shutdown
!
interface FastEthernet0/1.0
no ip address
no shutdown
!
interface FastEthernet1/0.0
no ip address
shutdown
!
interface BRI1/0.0
encapsulation ppp
no auto-connect
no ip address
shutdown
!
interface FastEthernet0/0.1
encapsulation pppoe
auto-connect
ppp binding sonet-fixed
ip address ipcp
ip napt enable
ip napt translation max-entries 65535
ip napt static 192.168.96.10 tcp 22
ip napt static 192.168.96.10 tcp 80
ip napt static 192.168.96.10 tcp 443
ip napt static 192.168.96.10 tcp 8888
ip filter svc-oakland 200 in
ip filter allow-ping 9000 in
ip filter deny-all 10000 in
ip filter dyn-all 100 out
bridge ipv6 filter v6-dyn-all 9000 out
no shutdown
!
interface FastEthernet0/0.2
encapsulation pppoe
auto-connect
ppp binding iij-fiberaccess-nf
ip address ipcp
ip napt enable
ip napt translation max-entries 65535
ip napt service any 172.20.96.2 none any any
ip filter svc-oakland 200 in
ip filter allow-ping 9000 in
ip filter deny-all 10000 in
ip filter dyn-all 100 out
no shutdown
!
interface FastEthernet0/0.3
encapsulation pppoe
auto-connect
ppp binding sonet
ip address ipcp
ip napt enable
ip napt translation max-entries 65535
ip filter allow-ping 9000 in
ip filter deny-all 10000 in
ip filter dyn-all 100 out
no shutdown
!
interface FastEthernet0/1.1
encapsulation dot1q 1 tpid 8100
filter m-allow-v4v6 1 in
auto-connect
ip address 192.168.96.1/19
ip filter block-crs-home 100 in
ip filter allow-all 10000 in
ip filter block-crs-home 100 out
ip filter allow-all 10000 out
ip policy route-map rmap
ipv6 enable
bridge-group 1
bridge ipv6 filter v6-dyn-all 9000 in
bridge ipv6 filter v6-allow-ping 100 out
bridge ipv6 filter v6-allow-ndp 9500 out
bridge ipv6 filter v6-deny-all 10000 out
no shutdown
!
interface FastEthernet0/1.2
encapsulation dot1q 100 tpid 8100
auto-connect
ip address 192.168.0.10/19
ip filter block-crs-home 100 in
ip filter allow-all 10000 in
ip filter block-crs-home 100 out
ip filter allow-all 10000 out
ip policy route-map rmap
bridge-group 1
bridge ipv6 filter v6-dyn-all 9000 in
bridge ipv6 filter v6-allow-ndp 9500 out
bridge ipv6 filter v6-allow-all 10000 out
no shutdown
!
interface FastEthernet0/1.3
encapsulation dot1q 200 tpid 8100
auto-connect
ip address 192.168.32.1/19
ip filter block-crs-home 100 in
ip filter allow-all 10000 in
ip filter block-crs-home 100 out
ip filter allow-all 10000 out
ip policy route-map rmap
bridge-group 1
bridge ipv6 filter v6-dyn-all 9000 in
bridge ipv6 filter v6-allow-ping 100 out
bridge ipv6 filter v6-allow-ndp 9500 out
bridge ipv6 filter v6-deny-all 10000 out
no shutdown
!
interface FastEthernet0/1.4
encapsulation dot1q 300 tpid 8100
auto-connect
ip address 192.168.128.1/19
ip filter block-crs-home 100 in
ip filter allow-all 10000 in
ip filter block-crs-home 100 out
ip filter allow-all 10000 out
ip policy route-map rmap
bridge-group 1
bridge ipv6 filter v6-dyn-all 9000 in
bridge ipv6 filter v6-allow-ndp 9500 out
bridge ipv6 filter v6-deny-all 10000 out
no shutdown
!
interface FastEthernet0/1.5
encapsulation dot1q 400 tpid 8100
auto-connect
ip address 192.168.160.1/19
ip filter block-crs-home 100 in
ip filter allow-all 10000 in
ip filter block-crs-home 100 out
ip filter allow-all 10000 out
ip policy route-map rmap
bridge-group 1
bridge ipv6 filter v6-dyn-all 9000 in
bridge ipv6 filter v6-allow-ndp 9500 out
bridge ipv6 filter v6-deny-all 10000 out
no shutdown
!
interface FastEthernet0/1.6
encapsulation dot1q 10 tpid 8100
auto-connect
ip address 172.30.96.1/19
ip napt enable
ip policy route-map rmap
no shutdown
!
interface Loopback0.0
no ip address
!
interface Null0.0
no ip address
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment