You are on page 1of 16

tnhphuong@NKKN_J6350-1> show configuration | no-more

## Last commit: 2010-07-28 14:28:08 ICT by tnhphuong


version 9.6R3.8;
system {
host-name NKKN_J6350-1;
time-zone Asia/Saigon;
root-authentication {
encrypted-password "$1$x1NXGyWA$gThDxZ3a6PTVy3wllWph70"; ## SECRET-DATA
}
login {
class Operation {
idle-timeout 5;
permissions [ network view-configuration ];
allow-commands show;
}
user infras {
uid 2511;
class Operation;
authentication {
encrypted-password "$1$Iy05JaaX$AsqSRNM7ZftV17oB4Mowo."; ## SECR
ET-DATA
}
}
user juniper {
uid 2006;
class super-user;
authentication {
encrypted-password "$1$HmNQkkgO$bWig0Sp7TnjgmDMi8fU071"; ## SECR
ET-DATA
}
}
user netscreen {
uid 2003;
class super-user;
authentication {
encrypted-password "$1$42pDJe6w$6wZH8MF/NiwHo.y86sn7x0"; ## SECR
ET-DATA
}
}
user tnhphuong {
uid 2001;
class super-user;
authentication {
encrypted-password "$1$O5oUQdyY$tw5ODOea1nyaQX2wUrHts/"; ## SECR
ET-DATA
}
}
}
services {
ftp;
telnet;
web-management {
http {
interface [ ge-0/0/0.0 ge-0/0/1.0 ge-0/0/2.0 ge-0/0/3.0 ];
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any any;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
ntp {
server 192.168.7.2;
}
}
chassis {
fpc 0 {
pic 0 {
tunnel-queuing;
}
}
}
interfaces {
ge-0/0/0 {
description "Connect to SSG550M";
unit 0 {
family inet {
filter {
input QoS;
output sampling;
}
address 192.168.3.11/29;
}
}
}
gr-0/0/0 {
per-unit-scheduler;
unit 1 {
clear-dont-fragment-bit;
description "GRE tunnel to Ly Thuong Kiet HN over MegaWAN";
tunnel {
source 10.254.91.2;
destination 10.254.91.10;
}
family inet {
mtu 1442;
filter {
inactive: output QoS-tunnels;
}
address 172.19.128.1/30;
}
}
unit 2 {
description "GRE tunnel to Danang over MegaWAN";
tunnel {
source 10.254.91.2;
destination 192.168.103.1;
}
family inet {
filter {
inactive: output QoS-tunnels;
}
address 172.19.128.5/30;
}
}
unit 3 {
description "GRE tunnel to Vung Tau over MegaWAN";
tunnel {
source 10.254.91.2;
destination 192.168.27.1;
}
family inet {
inactive: filter {
inactive: output QoS;
}
address 172.19.0.13/30;
}
}
unit 4 {
description "GRE tunnel to Can Tho over MegaWAN";
tunnel {
source 10.254.91.2;
destination 10.254.91.34;
}
family inet {
address 172.19.0.17/30;
}
}
unit 5 {
description "GRE tunnel to 201A NKKN over MegaWAN";
tunnel {
source 10.254.91.2;
destination 10.254.91.46;
}
family inet {
address 172.19.0.21/30;
}
}
}
sp-0/0/0 {
unit 0 {
family inet;
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 192.168.3.4/29;
}
}
}
ge-0/0/2 {
description "Giao dien GE ket noi MAN/MegaWAN";
per-unit-scheduler;
vlan-tagging;
unit 793 {
description "To Vinadata, MAN.793";
vlan-id 793;
family inet {
address 172.19.0.53/30;
}
}
unit 1997 {
description "To ngan hang Dong A";
vlan-id 1997;
family inet {
address 172.16.131.113/30;
}
}
unit 1998 {
description "To Phung Hung Quan 5/ Phung Hung dung MAN Ethernet";
vlan-id 1998;
family inet {
address 172.19.0.5/30;
}
}
unit 2000 {
description "To 201 NKKN over MetroNet";
vlan-id 2000;
family inet {
address 172.19.0.9/30;
}
}
unit 2002 {
description "To Calmette / Calmette dung MAN Ethernet";
vlan-id 2002;
family inet {
address 172.19.0.1/30;
}
}
unit 4024 {
description "To VTU-DNG-HNI via MegaWAN _ VTN (bundle with MetroNet)
";
vlan-id 4024;
family inet {
address 10.254.91.2/30;
}
}
}
ge-0/0/3 {
description "To Can Tho";
unit 0 {
description "Leasedline to Can Tho";
family inet {
address 172.18.0.17/30;
}
}
}
ce1-1/0/0 {
e1-options {
framing unframed;
}
no-partition interface-type e1;
}
e1-1/0/0 {
description "To Ly Thuong Kiet";
encapsulation ppp;
e1-options {
fcs 32;
}
unit 0 {
description "To Ly Thuong Kiet";
bandwidth 2048;
family inet {
address 172.18.128.1/30;
}
}
}
ce1-1/0/1 {
description "to Phung Hung";
e1-options {
framing unframed;
}
no-partition interface-type e1;
}
e1-1/0/1 {
description "to Phung Hung";
encapsulation cisco-hdlc;
unit 0 {
bandwidth 2048;
family inet {
address 172.18.0.5/30;
}
}
}
se-3/0/0 {
description "EHTC LL-256kbps To Sacombank";
unit 0 {
family inet {
address 172.31.254.2/30;
}
}
}
ce1-4/0/0 {
description "To Vung Tau & Dong A";
e1-options {
framing g704-no-crc4;
}
partition 2 timeslots 9-24 interface-type ds;
partition 3 timeslots 25-28 interface-type ds;
}
ds-4/0/0:2 {
encapsulation cisco-hdlc;
unit 0 {
description "To Vung Tau";
family inet {
inactive: filter {
output QoS;
}
address 172.18.0.13/30;
}
}
}
ds-4/0/0:3 {
encapsulation cisco-hdlc;
unit 0 {
description "To Dong A";
family inet;
}
}
ce1-4/0/1 {
description "To Da Nang & Sacombank";
e1-options {
framing g704-no-crc4;
}
partition 2 timeslots 9-24 interface-type ds;
partition 3 timeslots 25-28 interface-type ds;
}
ds-4/0/1:3 {
encapsulation cisco-hdlc;
unit 0 {
description "To Sacombank";
family inet {
address 172.31.254.6/30;
}
}
}
ce1-6/0/0 {
description "Connect to Calmette";
e1-options {
framing unframed;
}
no-partition interface-type e1;
}
e1-6/0/0 {
encapsulation cisco-hdlc;
unit 0 {
description "To Calmette";
family inet {
address 172.18.0.1/30;
}
}
}
ce1-6/0/1 {
description "Connect to Da Nang";
e1-options {
framing unframed;
}
no-partition interface-type e1;
}
e1-6/0/1 {
encapsulation cisco-hdlc;
unit 0 {
description "To Da Nang";
family inet {
address 172.18.128.5/30;
}
}
}
lo0 {
unit 0 {
family inet {
address 172.20.0.1/32;
}
}
}
}
forwarding-options {
sampling {
input {
family inet {
rate 100;
}
}
output { ## Warning: 'output' is deprecated
flow-server 192.168.8.18 {
port 6343;
no-local-dump;
source-address 172.20.0.1;
version 5;
}
}
}
hash-key {
family inet {
layer-3;
layer-4;
}
}
}
snmp {
community it-monitor {
authorization read-only;
}
}
routing-options {
static {
route 10.254.91.8/30 {
next-hop 10.254.91.1;
no-readvertise;
}
route 10.254.91.16/30 {
next-hop 10.254.91.1;
no-readvertise;
}
route 10.254.91.28/30 {
next-hop 10.254.91.1;
no-readvertise;
}
route 192.168.27.0/29 next-hop 10.254.91.1;
route 172.16.131.0/30 next-hop 172.16.131.114;
route 0.0.0.0/0 {
next-hop 192.168.3.9;
no-readvertise;
}
route 192.168.35.36/32 next-hop 172.16.131.114;
route 192.168.35.37/32 next-hop 172.16.131.114;
route 192.168.103.0/29 {
next-hop 10.254.91.1;
no-readvertise;
}
route 61.28.228.3/32 next-hop 172.19.0.54;
route 10.254.91.0/24 discard;
route 192.168.103.0/28 discard;
route 192.168.27.0/28 discard;
route 10.254.91.32/30 next-hop 10.254.91.1;
route 61.28.228.8/32 next-hop 172.19.0.54;
route 61.28.228.2/32 next-hop 172.19.0.54;
route 61.28.228.4/32 next-hop 172.19.0.54;
route 10.254.91.44/30 {
next-hop 10.254.91.1;
no-readvertise;
}
route 10.254.91.36/30 {
next-hop 10.254.91.1;
no-readvertise;
}
route 10.254.91.40/30 {
next-hop 10.254.91.1;
no-readvertise;
}
}
router-id 172.20.0.1;
forwarding-table {
export load-balancing;
}
}
protocols {
ospf {
export static-2-ospf;
reference-bandwidth 10g;
area 0.0.0.1 {
area-range 172.18.0.0/24;
area-range 172.19.0.0/24;
interface ds-4/0/0:3.0;
interface ds-4/0/1:1.0 {
metric 20;
}
interface ds-4/0/1:3.0;
interface ds-4/0/2:1.0 {
metric 20;
}
}
area 0.0.0.0 {
interface gr-0/0/0.1 {
metric 100;
}
interface gr-0/0/0.2 {
metric 100;
}
interface e1-6/0/1.0 {
metric 100;
}
interface lo0.0 {
passive;
}
interface e1-1/0/0.0 {
metric 100;
}
interface ge-0/0/0.0;
interface ge-0/0/2.1998 {
metric 10;
}
interface e1-1/0/1.0 {
metric 20;
}
interface ge-0/0/2.2002 {
metric 10;
}
interface e1-6/0/0.0 {
metric 20;
}
interface gr-0/0/0.3 {
metric 10;
}
interface ds-4/0/0:2.0 {
metric 10;
}
interface gr-0/0/0.4 {
metric 10;
}
interface ge-0/0/3.0 {
metric 10;
}
interface ge-0/0/2.2000 {
metric 10;
}
interface ge-0/0/2.793 {
passive;
}
interface gr-0/0/0.5 {
metric 20;
}
}
}
}
policy-options {
policy-statement load-balancing {
term 1 {
then {
load-balance per-packet;
}
}
}
policy-statement static-2-ospf {
term 1 {
from {
protocol static;
route-filter 192.168.35.36/32 exact;
route-filter 192.168.35.37/32 exact;
route-filter 172.16.131.0/30 exact;
route-filter 61.28.228.3/32 exact;
route-filter 61.28.228.8/32 exact;
route-filter 61.28.228.2/32 exact;
route-filter 61.28.228.4/32 exact;
}
then accept;
}
}
}
class-of-service {
virtual-channels {
2Mbps;
default;
}
virtual-channel-groups {
SBS-groups {
2Mbps {
scheduler-map queue-table;
shaping-rate 2m;
}
default {
scheduler-map queue-table;
default;
}
}
}
forwarding-classes {
queue 0 best-effort;
queue 1 video;
queue 2 voice;
queue 3 network-control;
queue 4 data-critical;
queue 5 data-important;
}
interfaces {
gr-0/0/0 {
unit 1 {
scheduler-map queue-table;
shaping-rate 4m;
}
unit 2 {
scheduler-map queue-table;
shaping-rate 2m;
}
unit 3 {
scheduler-map queue-table;
shaping-rate 2m;
}
unit 4 {
scheduler-map queue-table;
shaping-rate 2m;
}
}
ds-4/0/0:2 {
scheduler-map queue-table;
}
}
scheduler-maps {
queue-table {
forwarding-class voice scheduler s-voice;
forwarding-class video scheduler s-video;
forwarding-class network-control scheduler s-network_control;
forwarding-class data-critical scheduler s-data_critical;
forwarding-class data-important scheduler s-data_important;
forwarding-class best-effort scheduler s-best_effort;
}
}
schedulers {
s-network_control {
transmit-rate percent 5;
buffer-size percent 5;
priority high;
}
s-voice {
transmit-rate percent 5;
buffer-size percent 5;
priority high;
}
s-video {
transmit-rate percent 10;
buffer-size percent 10;
priority high;
}
s-data_critical {
transmit-rate percent 50;
buffer-size percent 50;
priority high;
}
s-data_important {
transmit-rate percent 20;
buffer-size percent 20;
priority medium-high;
}
s-best_effort {
transmit-rate remainder;
buffer-size remainder;
priority low;
}
}
}
security {
zones {
security-zone untrust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
gr-0/0/0.1;
gr-0/0/0.2;
gr-0/0/0.3;
ge-0/0/1.0;
ge-0/0/2.793;
ge-0/0/2.1997;
ge-0/0/2.1998;
ge-0/0/2.2000;
ge-0/0/2.2002;
ge-0/0/2.4024;
e1-1/0/0.0;
e1-1/0/1.0;
se-3/0/0.0;
e1-6/0/0.0;
ds-4/0/0:2.0;
ds-4/0/0:3.0;
e1-6/0/1.0;
ds-4/0/1:3.0;
gr-0/0/0.4;
ge-0/0/3.0;
gr-0/0/0.5;
}
}
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
lo0.0;
ge-0/0/0.0;
}
}
}
policies {
from-zone trust to-zone untrust {
policy 1 {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone untrust to-zone trust {
policy 1 {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
default-policy {
permit-all;
}
}
alg {
dns disable;
ftp disable;
h323 disable;
mgcp disable;
sunrpc disable;
real disable;
rsh disable;
rtsp disable;
sccp disable;
sip disable;
sql disable;
talk disable;
tftp disable;
pptp disable;
}
flow {
tcp-mss {
all-tcp {
mss 1472;
}
}
tcp-session {
no-syn-check;
no-syn-check-in-tunnel;
no-sequence-check;
}
}
}
firewall {
family inet {
filter sampling {
term 1 {
then {
sample;
accept;
}
}
}
filter QoS {
term sampling {
then {
sample;
next term;
}
}
term network_control {
from {
source-address {
192.168.7.100/32;
192.168.9.117/32;
192.168.0.137/32;
}
}
then {
forwarding-class network-control;
accept;
}
}
term voice {
from {
source-address {
192.168.6.124/32;
}
}
then {
forwarding-class voice;
accept;
}
}
term video {
from {
source-address {
192.168.8.20/32;
}
destination-address {
192.168.65.5/32;
192.168.96.123/32;
}
}
then {
forwarding-class video;
accept;
}
}
term data_critical {
from {
source-address {
192.168.7.30/32;
192.168.7.31/32;
192.168.7.32/32;
192.168.7.34/32;
192.168.2.4/32;
192.168.2.5/32;
192.168.4.15/32;
192.168.4.16/32;
192.168.7.20/32;
192.168.7.21/32;
192.168.7.45/32;
192.168.7.46/32;
}
}
then {
forwarding-class data-critical;
accept;
}
}
term data_important {
from {
source-address {
192.168.7.14/32;
192.168.4.21/32;
192.168.7.101/32;
}
}
then {
forwarding-class data-important;
accept;
}
}
term best_effort {
then {
forwarding-class best-effort;
accept;
}
}
}
inactive: filter QoS-tunnels {
term network_control {
from {
source-address {
192.168.7.100/32;
192.168.9.117/32;
}
}
then {
forwarding-class network_control;
virtual-channel 2Mbps;
accept;
}
}
term voice {
from {
source-address {
192.168.6.124/32;
}
}
then {
forwarding-class voice;
virtual-channel 2Mbps;
accept;
}
}
term video {
from {
source-address {
192.168.8.20/32;
}
destination-address {
192.168.65.5/32;
192.168.96.123/32;
}
}
then {
forwarding-class video;
virtual-channel 2Mbps;
accept;
}
}
term data_critical {
from {
source-address {
192.168.7.30/32;
192.168.7.31/32;
192.168.7.32/32;
192.168.7.34/32;
192.168.2.4/32;
192.168.2.5/32;
192.168.4.15/32;
192.168.4.16/32;
192.168.7.20/32;
192.168.7.21/32;
192.168.7.45/32;
192.168.7.46/32;
}
}
then {
forwarding-class data_critical;
virtual-channel 2Mbps;
accept;
}
}
term data_important {
from {
source-address {
192.168.7.14/32;
192.168.4.21/32;
}
}
then {
forwarding-class data_important;
virtual-channel 2Mbps;
accept;
}
}
term best_effort {
then {
forwarding-class best_effort;
virtual-channel 2Mbps;
accept;
}
}
}
}
}