sorah/kotori.config

## kotori.config
! NEC Portable Internetwork Core Operating System Software
! IX Series IX2010 (magellan-sec) Software, Version 8.3.49, RELEASE SOFTWARE
! Compiled Nov 25-Fri-2011 10:29:23 JST #1
! Current time May 11-Mon-2015 03:53:50 JST
!
!
hostname kotori
timezone +09 00
terminal default-length 0
terminal default-width 120
terminal timeout 10
terminal timestamp datetime
terminal speed 38400
!
!
!
username root password hash DEADBEEF administrator
!
!
!
ntp ip enable
ntp ipv6 enable
ntp server 133.243.238.244 source FastEthernet0/0.1
ntp retry 2
ntp interval 120
!
!
!
logging buffered 131072
logging subsystem ntp warn
logging subsystem flt warn
logging subsystem nat warn
logging subsystem ppoe warn
logging subsystem ppp warn
access-list m-allow-v4v6 permit src any dest any type ipv6
access-list m-allow-v4v6 permit src any dest any type ip
!
!
ip ufs-cache enable
ip route default FastEthernet0/0.2
ip route 192.168.96.0/19 FastEthernet0/1.1
ip access-list allow-all permit ip src any dest any
ip access-list allow-console permit ip src 192.168.96.0/19 dest any
ip access-list allow-ping permit icmp echo src any dest any
ip access-list allow-ping permit icmp echo-reply src any dest any
ip access-list allow-ping permit icmp ttl-exceeded src any dest any
ip access-list allow-ping permit icmp time-exceeded src any dest any
ip access-list allow-ping permit icmp host-unknown src any dest any
ip access-list allow-ping permit icmp network-unknown src any dest any
ip access-list allow-ping permit icmp port-unreachable src any dest any
ip access-list allow-ping permit icmp packet-too-big src any dest any
ip access-list allow-ping permit icmp unreachable src any dest any
ip access-list allow-ping permit icmp net-unreachable src any dest any
ip access-list allow-ping permit icmp host-unreachable src any dest any
ip access-list allow-ping permit icmp protocol-unreachable src any dest any
ip access-list block-crs-home permit ip src any dest 192.168.96.1/32
ip access-list block-crs-home permit ip src any dest 192.168.0.10/32
ip access-list block-crs-home permit ip src any dest 192.168.32.1/32
ip access-list block-crs-home permit ip src any dest 192.168.128.1/32
ip access-list block-crs-home permit ip src any dest 192.168.160.1/32
ip access-list block-crs-home permit ip src any dest 172.30.96.1/32
ip access-list block-crs-home permit ip src 192.168.96.1/32 dest 192.168.0.0/16
ip access-list block-crs-home permit ip src 192.168.0.10/32 dest 192.168.0.0/16
ip access-list block-crs-home permit ip src 192.168.32.1/32 dest 192.168.0.0/16
ip access-list block-crs-home permit ip src 192.168.128.1/32 dest 192.168.0.0/16
ip access-list block-crs-home permit ip src 192.168.160.1/32 dest 192.168.0.0/16
ip access-list block-crs-home permit ip src 172.30.96.1/32 dest 192.168.0.0/16
ip access-list block-crs-home deny ip src 192.168.0.0/16 dest 192.168.0.0/16
ip access-list clients permit ip src 192.168.32.0/19 dest any
ip access-list clients permit ip src 192.168.128.0/19 dest any
ip access-list clients permit ip src 192.168.160.0/19 dest any
ip access-list clients permit ip src 172.30.96.0/24 dest any
ip access-list deny-all deny ip src any dest any
ip access-list deny-to-intl deny ip src any dest 10.0.0.0/8
ip access-list fixed-ext-ip permit ip src 192.168.0.0/19 dest any
ip access-list fixed-ext-ip permit ip src 192.168.96.0/19 dest any
ip access-list monitors permit ip src 10.0.0.1/32 dest any
ip access-list monitors permit ip src 10.2.0.1/32 dest any
ip access-list monitors permit ip src 192.168.96.0/19 dest any
ip access-list monitors permit ip src 192.168.128.0/19 dest any
ip access-list sonet-dy-ext-ip permit ip src 192.168.0.4/32 dest any
ip access-list svc-oakland permit tcp src any sport any dest 192.168.96.10/32 dport eq 8888
ip access-list svc-oakland permit tcp src any sport any dest 172.30.96.2/31 dport any
ip access-list svc-oakland permit tcp src any sport any dest 192.168.96.10/32 dport eq 22
ip access-list svc-oakland permit tcp src any sport any dest 192.168.96.10/32 dport eq 80
ip access-list svc-oakland permit tcp src any sport any dest 192.168.96.10/32 dport eq 443
ip access-list dynamic dyn-all access allow-all
!
!
ipv6 ufs-cache enable
ipv6 access-list v6-allow-all permit ip src any dest any
ipv6 access-list v6-allow-ndp permit icmp neighbor-advertisement src any dest any
ipv6 access-list v6-allow-ndp permit icmp neighbor-solicitation src any dest any
ipv6 access-list v6-allow-ndp permit icmp router-solicitation src any dest any
ipv6 access-list v6-allow-ndp permit icmp router-advertisement src any dest any
ipv6 access-list v6-allow-ping permit icmp echo src any dest any
ipv6 access-list v6-allow-ping permit icmp echo-reply src any dest any
ipv6 access-list v6-deny-all deny ip src any dest any
ipv6 access-list v6-oakland permit tcp src any sport any dest-domain 2409:10:2040:500::beef dport eq 80
ipv6 access-list v6-oakland permit tcp src any sport any dest-domain 2409:10:2040:500::beef dport eq 443
ipv6 access-list v6-oakland permit tcp src any sport any dest-domain 2409:10:2040:500::beef dport eq 22
ipv6 access-list dynamic v6-dyn-all access v6-allow-all
!
!
snmp-agent ip enable
snmp-agent ip community public monitors
!
bridge irb enable
no bridge 1 bridge ip
!
!
ip name-server 192.168.96.10
ip name-server 8.8.8.8
ipv6 name-server 2409:10:2040:500::beef
ipv6 name-server 2404:1a8:7f01:b::3
dns cache enable
dns cache lifetime 3600
dns ncache lifetime 60
!
!
telnet-server ip enable
telnet-server ip access-list allow-console
!
!
!
!
!
!
!
!
!
route-map rmap permit 10
  match ip address access-list sonet-dy-ext-ip
  set interface FastEthernet0/0.3
!
route-map rmap permit 100
  match ip address access-list fixed-ext-ip
  set interface FastEthernet0/0.1
!
ppp profile iij-fiberaccess-nf
  authentication myname xxx
  authentication password xxx xxx
!
ppp profile sonet
  authentication myname xxx
  authentication password xxx xxx
!
ppp profile sonet-fixed
  authentication myname xxx
  authentication password xxx xxx
!
device FastEthernet0/0
!
device FastEthernet0/1
!
device FastEthernet1/0
!
device BRI1/0
  isdn switch-type hsd128k
!
interface FastEthernet0/0.0
  filter m-allow-v4v6 1 in
  no ip address
  ipv6 enable
  ipv6 address autoconfig receive-default
  bridge-group 1
  bridge ipv6 filter v6-allow-ndp 100 in
  bridge ipv6 filter v6-allow-all 10000 in
  no shutdown
!
interface FastEthernet0/1.0
  no ip address
  no shutdown
!
interface FastEthernet1/0.0
  no ip address
  shutdown
!
interface BRI1/0.0
  encapsulation ppp
  no auto-connect
  no ip address
  shutdown
!
interface FastEthernet0/0.1
  encapsulation pppoe
  auto-connect
  ppp binding sonet-fixed
  ip address ipcp
  ip napt enable
  ip napt translation max-entries 65535
  ip napt static 192.168.96.10 tcp 22
  ip napt static 192.168.96.10 tcp 80
  ip napt static 192.168.96.10 tcp 443
  ip napt static 192.168.96.10 tcp 8888
  ip filter svc-oakland 200 in
  ip filter allow-ping 9000 in
  ip filter deny-all 10000 in
  ip filter dyn-all 100 out
  bridge ipv6 filter v6-dyn-all 9000 out
  no shutdown
!
interface FastEthernet0/0.2
  encapsulation pppoe
  auto-connect
  ppp binding iij-fiberaccess-nf
  ip address ipcp
  ip napt enable
  ip napt translation max-entries 65535
  ip napt service any 172.20.96.2 none any any
  ip filter svc-oakland 200 in
  ip filter allow-ping 9000 in
  ip filter deny-all 10000 in
  ip filter dyn-all 100 out
  no shutdown
!
interface FastEthernet0/0.3
  encapsulation pppoe
  auto-connect
  ppp binding sonet
  ip address ipcp
  ip napt enable
  ip napt translation max-entries 65535
  ip filter allow-ping 9000 in
  ip filter deny-all 10000 in
  ip filter dyn-all 100 out
  no shutdown
!
interface FastEthernet0/1.1
  encapsulation dot1q 1 tpid 8100
  filter m-allow-v4v6 1 in
  auto-connect
  ip address 192.168.96.1/19
  ip filter block-crs-home 100 in
  ip filter allow-all 10000 in
  ip filter block-crs-home 100 out
  ip filter allow-all 10000 out
  ip policy route-map rmap
  ipv6 enable
  bridge-group 1
  bridge ipv6 filter v6-dyn-all 9000 in
  bridge ipv6 filter v6-allow-ping 100 out
  bridge ipv6 filter v6-allow-ndp 9500 out
  bridge ipv6 filter v6-deny-all 10000 out
  no shutdown
!
interface FastEthernet0/1.2
  encapsulation dot1q 100 tpid 8100
  auto-connect
  ip address 192.168.0.10/19
  ip filter block-crs-home 100 in
  ip filter allow-all 10000 in
  ip filter block-crs-home 100 out
  ip filter allow-all 10000 out
  ip policy route-map rmap
  bridge-group 1
  bridge ipv6 filter v6-dyn-all 9000 in
  bridge ipv6 filter v6-allow-ndp 9500 out
  bridge ipv6 filter v6-allow-all 10000 out
  no shutdown
!
interface FastEthernet0/1.3
  encapsulation dot1q 200 tpid 8100
  auto-connect
  ip address 192.168.32.1/19
  ip filter block-crs-home 100 in
  ip filter allow-all 10000 in
  ip filter block-crs-home 100 out
  ip filter allow-all 10000 out
  ip policy route-map rmap
  bridge-group 1
  bridge ipv6 filter v6-dyn-all 9000 in
  bridge ipv6 filter v6-allow-ping 100 out
  bridge ipv6 filter v6-allow-ndp 9500 out
  bridge ipv6 filter v6-deny-all 10000 out
  no shutdown
!
interface FastEthernet0/1.4
  encapsulation dot1q 300 tpid 8100
  auto-connect
  ip address 192.168.128.1/19
  ip filter block-crs-home 100 in
  ip filter allow-all 10000 in
  ip filter block-crs-home 100 out
  ip filter allow-all 10000 out
  ip policy route-map rmap
  bridge-group 1
  bridge ipv6 filter v6-dyn-all 9000 in
  bridge ipv6 filter v6-allow-ndp 9500 out
  bridge ipv6 filter v6-deny-all 10000 out
  no shutdown
!
interface FastEthernet0/1.5
  encapsulation dot1q 400 tpid 8100
  auto-connect
  ip address 192.168.160.1/19
  ip filter block-crs-home 100 in
  ip filter allow-all 10000 in
  ip filter block-crs-home 100 out
  ip filter allow-all 10000 out
  ip policy route-map rmap
  bridge-group 1
  bridge ipv6 filter v6-dyn-all 9000 in
  bridge ipv6 filter v6-allow-ndp 9500 out
  bridge ipv6 filter v6-deny-all 10000 out
  no shutdown
!
interface FastEthernet0/1.6
  encapsulation dot1q 10 tpid 8100
  auto-connect
  ip address 172.30.96.1/19
  ip napt enable
  ip policy route-map rmap
  no shutdown
!
interface Loopback0.0
  no ip address
!
interface Null0.0
  no ip address
	! NEC Portable Internetwork Core Operating System Software
	! IX Series IX2010 (magellan-sec) Software, Version 8.3.49, RELEASE SOFTWARE
	! Compiled Nov 25-Fri-2011 10:29:23 JST #1
	! Current time May 11-Mon-2015 03:53:50 JST
	!
	!
	hostname kotori
	timezone +09 00
	terminal default-length 0
	terminal default-width 120
	terminal timeout 10
	terminal timestamp datetime
	terminal speed 38400
	!
	!
	!
	username root password hash DEADBEEF administrator
	!
	!
	!
	ntp ip enable
	ntp ipv6 enable
	ntp server 133.243.238.244 source FastEthernet0/0.1
	ntp retry 2
	ntp interval 120
	!
	!
	!
	logging buffered 131072
	logging subsystem ntp warn
	logging subsystem flt warn
	logging subsystem nat warn
	logging subsystem ppoe warn
	logging subsystem ppp warn
	access-list m-allow-v4v6 permit src any dest any type ipv6
	access-list m-allow-v4v6 permit src any dest any type ip
	!
	!
	ip ufs-cache enable
	ip route default FastEthernet0/0.2
	ip route 192.168.96.0/19 FastEthernet0/1.1
	ip access-list allow-all permit ip src any dest any
	ip access-list allow-console permit ip src 192.168.96.0/19 dest any
	ip access-list allow-ping permit icmp echo src any dest any
	ip access-list allow-ping permit icmp echo-reply src any dest any
	ip access-list allow-ping permit icmp ttl-exceeded src any dest any
	ip access-list allow-ping permit icmp time-exceeded src any dest any
	ip access-list allow-ping permit icmp host-unknown src any dest any
	ip access-list allow-ping permit icmp network-unknown src any dest any
	ip access-list allow-ping permit icmp port-unreachable src any dest any
	ip access-list allow-ping permit icmp packet-too-big src any dest any
	ip access-list allow-ping permit icmp unreachable src any dest any
	ip access-list allow-ping permit icmp net-unreachable src any dest any
	ip access-list allow-ping permit icmp host-unreachable src any dest any
	ip access-list allow-ping permit icmp protocol-unreachable src any dest any
	ip access-list block-crs-home permit ip src any dest 192.168.96.1/32
	ip access-list block-crs-home permit ip src any dest 192.168.0.10/32
	ip access-list block-crs-home permit ip src any dest 192.168.32.1/32
	ip access-list block-crs-home permit ip src any dest 192.168.128.1/32
	ip access-list block-crs-home permit ip src any dest 192.168.160.1/32
	ip access-list block-crs-home permit ip src any dest 172.30.96.1/32
	ip access-list block-crs-home permit ip src 192.168.96.1/32 dest 192.168.0.0/16
	ip access-list block-crs-home permit ip src 192.168.0.10/32 dest 192.168.0.0/16
	ip access-list block-crs-home permit ip src 192.168.32.1/32 dest 192.168.0.0/16
	ip access-list block-crs-home permit ip src 192.168.128.1/32 dest 192.168.0.0/16
	ip access-list block-crs-home permit ip src 192.168.160.1/32 dest 192.168.0.0/16
	ip access-list block-crs-home permit ip src 172.30.96.1/32 dest 192.168.0.0/16
	ip access-list block-crs-home deny ip src 192.168.0.0/16 dest 192.168.0.0/16
	ip access-list clients permit ip src 192.168.32.0/19 dest any
	ip access-list clients permit ip src 192.168.128.0/19 dest any
	ip access-list clients permit ip src 192.168.160.0/19 dest any
	ip access-list clients permit ip src 172.30.96.0/24 dest any
	ip access-list deny-all deny ip src any dest any
	ip access-list deny-to-intl deny ip src any dest 10.0.0.0/8
	ip access-list fixed-ext-ip permit ip src 192.168.0.0/19 dest any
	ip access-list fixed-ext-ip permit ip src 192.168.96.0/19 dest any
	ip access-list monitors permit ip src 10.0.0.1/32 dest any
	ip access-list monitors permit ip src 10.2.0.1/32 dest any
	ip access-list monitors permit ip src 192.168.96.0/19 dest any
	ip access-list monitors permit ip src 192.168.128.0/19 dest any
	ip access-list sonet-dy-ext-ip permit ip src 192.168.0.4/32 dest any
	ip access-list svc-oakland permit tcp src any sport any dest 192.168.96.10/32 dport eq 8888
	ip access-list svc-oakland permit tcp src any sport any dest 172.30.96.2/31 dport any
	ip access-list svc-oakland permit tcp src any sport any dest 192.168.96.10/32 dport eq 22
	ip access-list svc-oakland permit tcp src any sport any dest 192.168.96.10/32 dport eq 80
	ip access-list svc-oakland permit tcp src any sport any dest 192.168.96.10/32 dport eq 443
	ip access-list dynamic dyn-all access allow-all
	!
	!
	ipv6 ufs-cache enable
	ipv6 access-list v6-allow-all permit ip src any dest any
	ipv6 access-list v6-allow-ndp permit icmp neighbor-advertisement src any dest any
	ipv6 access-list v6-allow-ndp permit icmp neighbor-solicitation src any dest any
	ipv6 access-list v6-allow-ndp permit icmp router-solicitation src any dest any
	ipv6 access-list v6-allow-ndp permit icmp router-advertisement src any dest any
	ipv6 access-list v6-allow-ping permit icmp echo src any dest any
	ipv6 access-list v6-allow-ping permit icmp echo-reply src any dest any
	ipv6 access-list v6-deny-all deny ip src any dest any
	ipv6 access-list v6-oakland permit tcp src any sport any dest-domain 2409:10:2040:500::beef dport eq 80
	ipv6 access-list v6-oakland permit tcp src any sport any dest-domain 2409:10:2040:500::beef dport eq 443
	ipv6 access-list v6-oakland permit tcp src any sport any dest-domain 2409:10:2040:500::beef dport eq 22
	ipv6 access-list dynamic v6-dyn-all access v6-allow-all
	!
	!
	snmp-agent ip enable
	snmp-agent ip community public monitors
	!
	bridge irb enable
	no bridge 1 bridge ip
	!
	!
	ip name-server 192.168.96.10
	ip name-server 8.8.8.8
	ipv6 name-server 2409:10:2040:500::beef
	ipv6 name-server 2404:1a8:7f01:b::3
	dns cache enable
	dns cache lifetime 3600
	dns ncache lifetime 60
	!
	!
	telnet-server ip enable
	telnet-server ip access-list allow-console
	!
	!
	!
	!
	!
	!
	!
	!
	!
	route-map rmap permit 10
	match ip address access-list sonet-dy-ext-ip
	set interface FastEthernet0/0.3
	!
	route-map rmap permit 100
	match ip address access-list fixed-ext-ip
	set interface FastEthernet0/0.1
	!
	ppp profile iij-fiberaccess-nf
	authentication myname xxx
	authentication password xxx xxx
	!
	ppp profile sonet
	authentication myname xxx
	authentication password xxx xxx
	!
	ppp profile sonet-fixed
	authentication myname xxx
	authentication password xxx xxx
	!
	device FastEthernet0/0
	!
	device FastEthernet0/1
	!
	device FastEthernet1/0
	!
	device BRI1/0
	isdn switch-type hsd128k
	!
	interface FastEthernet0/0.0
	filter m-allow-v4v6 1 in
	no ip address
	ipv6 enable
	ipv6 address autoconfig receive-default
	bridge-group 1
	bridge ipv6 filter v6-allow-ndp 100 in
	bridge ipv6 filter v6-allow-all 10000 in
	no shutdown
	!
	interface FastEthernet0/1.0
	no ip address
	no shutdown
	!
	interface FastEthernet1/0.0
	no ip address
	shutdown
	!
	interface BRI1/0.0
	encapsulation ppp
	no auto-connect
	no ip address
	shutdown
	!
	interface FastEthernet0/0.1
	encapsulation pppoe
	auto-connect
	ppp binding sonet-fixed
	ip address ipcp
	ip napt enable
	ip napt translation max-entries 65535
	ip napt static 192.168.96.10 tcp 22
	ip napt static 192.168.96.10 tcp 80
	ip napt static 192.168.96.10 tcp 443
	ip napt static 192.168.96.10 tcp 8888
	ip filter svc-oakland 200 in
	ip filter allow-ping 9000 in
	ip filter deny-all 10000 in
	ip filter dyn-all 100 out
	bridge ipv6 filter v6-dyn-all 9000 out
	no shutdown
	!
	interface FastEthernet0/0.2
	encapsulation pppoe
	auto-connect
	ppp binding iij-fiberaccess-nf
	ip address ipcp
	ip napt enable
	ip napt translation max-entries 65535
	ip napt service any 172.20.96.2 none any any
	ip filter svc-oakland 200 in
	ip filter allow-ping 9000 in
	ip filter deny-all 10000 in
	ip filter dyn-all 100 out
	no shutdown
	!
	interface FastEthernet0/0.3
	encapsulation pppoe
	auto-connect
	ppp binding sonet
	ip address ipcp
	ip napt enable
	ip napt translation max-entries 65535
	ip filter allow-ping 9000 in
	ip filter deny-all 10000 in
	ip filter dyn-all 100 out
	no shutdown
	!
	interface FastEthernet0/1.1
	encapsulation dot1q 1 tpid 8100
	filter m-allow-v4v6 1 in
	auto-connect
	ip address 192.168.96.1/19
	ip filter block-crs-home 100 in
	ip filter allow-all 10000 in
	ip filter block-crs-home 100 out
	ip filter allow-all 10000 out
	ip policy route-map rmap
	ipv6 enable
	bridge-group 1
	bridge ipv6 filter v6-dyn-all 9000 in
	bridge ipv6 filter v6-allow-ping 100 out
	bridge ipv6 filter v6-allow-ndp 9500 out
	bridge ipv6 filter v6-deny-all 10000 out
	no shutdown
	!
	interface FastEthernet0/1.2
	encapsulation dot1q 100 tpid 8100
	auto-connect
	ip address 192.168.0.10/19
	ip filter block-crs-home 100 in
	ip filter allow-all 10000 in
	ip filter block-crs-home 100 out
	ip filter allow-all 10000 out
	ip policy route-map rmap
	bridge-group 1
	bridge ipv6 filter v6-dyn-all 9000 in
	bridge ipv6 filter v6-allow-ndp 9500 out
	bridge ipv6 filter v6-allow-all 10000 out
	no shutdown
	!
	interface FastEthernet0/1.3
	encapsulation dot1q 200 tpid 8100
	auto-connect
	ip address 192.168.32.1/19
	ip filter block-crs-home 100 in
	ip filter allow-all 10000 in
	ip filter block-crs-home 100 out
	ip filter allow-all 10000 out
	ip policy route-map rmap
	bridge-group 1
	bridge ipv6 filter v6-dyn-all 9000 in
	bridge ipv6 filter v6-allow-ping 100 out
	bridge ipv6 filter v6-allow-ndp 9500 out
	bridge ipv6 filter v6-deny-all 10000 out
	no shutdown
	!
	interface FastEthernet0/1.4
	encapsulation dot1q 300 tpid 8100
	auto-connect
	ip address 192.168.128.1/19
	ip filter block-crs-home 100 in
	ip filter allow-all 10000 in
	ip filter block-crs-home 100 out
	ip filter allow-all 10000 out
	ip policy route-map rmap
	bridge-group 1
	bridge ipv6 filter v6-dyn-all 9000 in
	bridge ipv6 filter v6-allow-ndp 9500 out
	bridge ipv6 filter v6-deny-all 10000 out
	no shutdown
	!
	interface FastEthernet0/1.5
	encapsulation dot1q 400 tpid 8100
	auto-connect
	ip address 192.168.160.1/19
	ip filter block-crs-home 100 in
	ip filter allow-all 10000 in
	ip filter block-crs-home 100 out
	ip filter allow-all 10000 out
	ip policy route-map rmap
	bridge-group 1
	bridge ipv6 filter v6-dyn-all 9000 in
	bridge ipv6 filter v6-allow-ndp 9500 out
	bridge ipv6 filter v6-deny-all 10000 out
	no shutdown
	!
	interface FastEthernet0/1.6
	encapsulation dot1q 10 tpid 8100
	auto-connect
	ip address 172.30.96.1/19
	ip napt enable
	ip policy route-map rmap
	no shutdown
	!
	interface Loopback0.0
	no ip address
	!
	interface Null0.0
	no ip address