Scribd Logo
Upload

Welcome to Scribd!

  • Arcturus router configuration

    Uploaded by

    Ramon Pirbux
    33 views10 pages
    r4

    Original Title

    r4

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    r4

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    33 views10 pages

    Arcturus router configuration

    Uploaded by

    Ramon Pirbux
    r4

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 10

    ## Last commit: 2012-09-23 09:44:22 CEST by lab

    version 11.4R5.5;
    system {
    host-name Arcturus;
    backup-router 10.10.1.254 destination 10.10.10.0/24;
    time-zone Europe/Amsterdam;
    authentication-order [ radius password ];
    root-authentication {
    encrypted-password "$1$YpstA.mZ$uh1QVGGnSRigvLpxTdQH4/"; ## SECRET-DATA
    }
    name-server {
    10.10.10.1;
    }
    radius-server {
    10.10.10.1 {
    secret "$9$cTzl87GUH.fzgoZjqfn6cylMLN"; ## SECRET-DATA
    timeout 2;
    retry 1;
    }
    }
    inactive: scripts {
    commit {
    file interface-mask-check.slax;
    }
    op {
    file show-interfaces.slax;
    }
    }
    login {
    class limited {
    permissions [ view view-configuration ];
    }
    class privileged {
    permissions all;
    deny-commands "(clear)|(configure)|(edit)|(start shell)";
    }
    user lab {
    uid 2000;
    class super-user;
    authentication {
    encrypted-password "$1$RKAQmjDt$PRiEFMNcJ0i0x.TryJCHU1"; ## SECRET-
    DATA
    }
    }
    user noc {
    uid 2001;
    class privileged;
    authentication {
    encrypted-password "$1$9vRw6uu/$FsTkMWlOp1bu2aZvfHz3W/"; ## SECRET-
    DATA
    }
    }
    user ops {
    uid 2002;
    class operator;
    authentication {
    encrypted-password "$1$PVW/3KJ/$IWZ9CZtwVJyBBa/4vwNhl."; ## SECRET-
    DATA
    }
    }
    user remote {
    uid 2003;
    class limited;
    }
    }
    services {
    ftp;
    ssh;
    telnet;
    }
    syslog {
    archive size 100k files 3;
    user * {
    any critical;
    }
    user ops {
    any warning;
    }
    file user-commands {
    interactive-commands any;
    }
    file jncie-sp-messages {
    any notice;
    change-log any;
    interactive-commands any;
    }
    }
    archival {
    configuration {
    transfer-on-commit;
    archive-sites {
    "ftp://lab@10.10.10.1" password "$9$eCTK87-dsg4Z7NikPfzF"; ##
    SECRET-DATA
    }
    }
    }
    ntp {
    boot-server 10.10.1.100;
    authentication-key 1 type md5 value "$9$tMfLOhrbwgaGixNVYoGq.tuORcl"; ##
    SECRET-DATA
    server 10.10.1.100 key 1; ## SECRET-DATA
    trusted-key 1;
    }
    }
    interfaces {
    ge-0/0/0 {
    unit 0 {
    description "OoB management";
    family inet {
    address 10.10.1.4/24;
    }
    }
    }
    ge-0/0/4 {
    vlan-tagging;
    unit 114 {
    description "R1 connection";
    vlan-id 114;
    family inet {
    address 172.30.0.6/30;
    }
    }
    unit 134 {
    description "R3 connection";
    vlan-id 134;
    family inet {
    address 172.30.0.22/30;
    }
    family inet6;
    }
    unit 145 {
    description "R5 connection";
    vlan-id 145;
    family inet {
    address 172.30.0.29/30;
    }
    family inet6;
    }
    unit 200 {
    description "DC1 LAN 1";
    vlan-id 200;
    family inet {
    address 172.30.1.2/24 {
    vrrp-group 1 {
    virtual-address 172.30.1.254;
    authentication-type md5;
    authentication-key "$9$4kZHmpu1ESe69tORSMW4aZjkP"; ##
    SECRET-DATA
    }
    }
    }
    }
    unit 201 {
    description "DC1 LAN 2";
    vlan-id 201;
    family inet {
    address 172.30.2.2/24 {
    vrrp-group 2 {
    virtual-address 172.30.2.254;
    priority 150;
    authentication-type md5;
    authentication-key "$9$4kZHmpu1ESe69tORSMW4aZjkP"; ##
    SECRET-DATA
    track {
    interface ge-0/0/4.114 {
    priority-cost 30;
    }
    interface ge-0/0/4.145 {
    priority-cost 30;
    }
    }
    }
    }
    }
    }
    unit 202 {
    description "DC2 connection";
    vlan-id 202;
    family inet {
    address 172.30.0.49/30;
    }
    }
    unit 203 {
    description "DC3 connection";
    vlan-id 203;
    family inet {
    address 172.30.0.53/30;
    }
    family inet6;
    }
    }
    lo0 {
    unit 0 {
    family inet {
    filter {
    input protect-re;
    }
    address 172.30.5.4/32;
    }
    family inet6 {
    address fd17:f0f4:f691:5::4/128;
    }
    }
    }
    }
    inactive: event-options {
    policy syslog_if_description {
    events [ SNMP_TRAP_LINK_UP SNMP_TRAP_LINK_DOWN ];
    then {
    event-script syslog-int-desc-on-link-change.slax;
    }
    }
    policy snmptrap_if_description {
    events SYSTEM;
    attributes-match {
    SYSTEM.message matches NEW_SNMP_TRAP_LINK;
    }
    then {
    raise-trap;
    }
    }
    event-script {
    file syslog-int-desc-on-link-change.slax;
    }
    }
    snmp {
    v3 {
    usm {
    local-engine {
    user lab {
    authentication-sha {
    authentication-key
    "$9$R6ScKMNdbsgobwoGUi.mQFn90BcylXNduOdb2gJZHqmfn/tpBcSefTlKWLVbmf5Tz6O1RcretpM8X7s
    YZUjHkP5QF6/tzFev8LVbP5TFnCOBEeK8z3lKWLN-.PfTz6BIESlKhcoJZGiHp0OIEyvWLx7VyrJGUDkqQF
    n/uOrevWX7CtvWLxdVk.m5n/"; ## SECRET-DATA
    }
    privacy-3des {
    privacy-key
    "$9$2KoDifTz3/CzFCu01hcevWXVwoJG.fTdbTz6/tpIEcyWLN-woaUylGDHqQzcyrlK8bs2oZUN-
    ik.P3np0BIRSrev8LNKvUjkqQzSrlvWxbwgUDkKMGDHqf5hSylK8wYgaGD4oCtpu1I-
    VbYgJjHqmPQJZtu0OREevWLdbZUjH.PxNjHqmTQRhcrWL"; ## SECRET-DATA
    }
    }
    }
    }
    vacm {
    security-to-group {
    security-model usm {
    security-name lab {
    group primary-group;
    }
    }
    }
    access {
    group primary-group {
    default-context-prefix {
    security-model usm {
    security-level privacy {
    read-view root-view;
    }
    }
    }
    }
    }
    }
    target-address S1 {
    address 10.10.10.1;
    tag-list all-nms;
    target-parameters S1-parameters;
    }
    target-parameters S1-parameters {
    parameters {
    message-processing-model v3;
    security-model usm;
    security-level privacy;
    security-name lab;
    }
    notify-filter all-traps;
    }
    notify traps {
    type trap;
    tag all-nms;
    }
    notify-filter all-traps {
    oid snmpTraps;
    oid jnxTraps;
    }
    }
    view root-view {
    oid .1 include;
    }
    }
    routing-options {
    static {
    route 10.10.10.0/24 {
    next-hop 10.10.1.254;
    no-readvertise;
    }
    }
    router-id 172.30.5.4;
    }
    protocols {
    ospf {
    export rip-to-ospf;
    area 0.0.0.4 {
    stub;
    interface ge-0/0/4.134 {
    authentication {
    md5 1 key "$9$eGdWNbHkPTF/ZUi.5FAtevWx-w"; ## SECRET-DATA
    }
    }
    interface ge-0/0/4.145 {
    authentication {
    md5 1 key "$9$GGiPQ1IcrK8tuBEyKx7GDi.fz"; ## SECRET-DATA
    }
    }
    interface lo0.0;
    }
    }
    rip {
    group rip {
    export default-to-rip;
    neighbor ge-0/0/4.202;
    }
    }
    }
    policy-options {
    prefix-list bgp-peers {
    apply-path "protocols bgp group <*> neighbor <*>";
    }
    policy-statement default-to-rip {
    term 1 {
    from {
    protocol ospf;
    route-filter 0.0.0.0/0 exact;
    }
    then accept;
    }
    }
    policy-statement rip-to-ospf {
    term 1 {
    from protocol rip;
    then accept;
    }
    }
    }
    security {
    forwarding-options {
    family {
    inet6 {
    mode packet-based;
    }
    mpls {
    mode packet-based;
    }
    iso {
    mode packet-based;
    }
    }
    }
    }
    firewall {
    family inet {
    filter protect-re {
    term ah {
    from {
    protocol ah;
    }
    then accept;
    }
    term bfd {
    from {
    protocol udp;
    port 3784;
    }
    then accept;
    }
    term vrrp {
    from {
    protocol vrrp;
    }
    then accept;
    }
    term rip {
    from {
    protocol udp;
    port rip;
    }
    then accept;
    }
    term ospf {
    from {
    protocol ospf;
    }
    then accept;
    }
    term ldp {
    from {
    protocol [ udp tcp ];
    port ldp;
    }
    then accept;
    }
    term rsvp {
    from {
    protocol rsvp;
    }
    then accept;
    }
    term pim {
    from {
    protocol pim;
    }
    then accept;
    }
    term igmp {
    from {
    protocol igmp;
    }
    then accept;
    }
    term msdp {
    from {
    protocol tcp;
    port msdp;
    }
    then accept;
    }
    term bgp {
    from {
    source-prefix-list {
    bgp-peers;
    }
    protocol tcp;
    port bgp;
    }
    }
    term ntp {
    from {
    source-address {
    10.10.1.0/24;
    }
    protocol udp;
    port ntp;
    }
    then accept;
    }
    term snmp {
    from {
    source-address {
    10.10.1.0/24;
    }
    protocol udp;
    port snmp;
    }
    then accept;
    }
    term radius {
    from {
    source-address {
    10.10.1.0/24;
    }
    protocol udp;
    port radius;
    }
    then accept;
    }
    term dns {
    from {
    source-address {
    10.10.1.0/24;
    }
    protocol udp;
    port domain;
    }
    then accept;
    }
    term ssh {
    from {
    source-address {
    10.10.1.0/24;
    }
    protocol tcp;
    port ssh;
    }
    then accept;
    }
    term telnet {
    from {
    source-address {
    10.10.1.0/24;
    }
    protocol tcp;
    port telnet;
    }
    then accept;
    }
    term ftp {
    from {
    source-address {
    10.10.1.00/24;
    }
    protocol tcp;
    port [ ftp ftp-data ];
    }
    then accept;
    }
    term icmp {
    from {
    protocol icmp;
    }
    then {
    policer re-policer;
    accept;
    }
    }
    term traceroute {
    from {
    protocol udp;
    port 33434-33534;
    }
    then {
    policer re-policer;
    accept;
    }
    }
    term last {
    then {
    count dropped-packets;
    log;
    discard;
    }
    }
    }
    }
    policer re-policer {
    if-exceeding {
    bandwidth-limit 100k;
    burst-size-limit 25k;
    }
    then discard;
    }
    }

    You might also like