#
clock timezone PH add 08:00:00
#
sysname CRM-701_TDCAN_T910D_01_701-VIS1803
#
set neid a86f08
#
FTP server enable
#
info-center loghost 10.163.90.26
#
check code-signature default
#
port-wred Globe_WRED
color green low-limit 80 high-limit 100 discard-percentage 100
color yellow low-limit 70 high-limit 100 discard-percentage 100
color red low-limit 60 high-limit 100 discard-percentage 100
#
ntp-service server disable
ntp-service ipv6 server disable
ntp-service unicast-server 10.81.25.44
ntp-service unicast-server 10.81.25.45 preference
#
vlan batch 10
#
mac-address aging-time 60
#
#
dot1x-template 1
#
router id 10.130.17.154
#
diffserv domain default
#
clock extend-ssm-control on
clock wtr 0
clock ethernet-synchronization enable
#
soc
#
priority-template default
#
ip vpn-instance 2G_ABIS
description 2G Voice/DATA from BTS to BSC
ipv4-family
route-distinguisher 65500:1001
vpn frr
apply-label per-instance
vpn-target 65500:1001 export-extcommunity
vpn-target 65500:1001 import-extcommunity
#
ip vpn-instance 3G_IUB
description Voice &Data traffic, from Node B to RNC
ipv4-family
route-distinguisher 65500:1003
vpn frr
apply-label per-instance
vpn-target 65500:1003 export-extcommunity
� vpn-target 65500:1003 import-extcommunity
#
ip vpn-instance FIXED_WIFI
description WIFI VPN for DATA/Internet
ipv4-family
route-distinguisher 65500:2001
vpn frr
apply-label per-instance
vpn-target 65500:2001 export-extcommunity
vpn-target 65500:2001 import-extcommunity
#
ip vpn-instance FIXED_WIMAX
description Data traffic for FIXED_WIMAX
ipv4-family
route-distinguisher 65500:2002
vpn frr
apply-label per-instance
vpn-target 65500:2002 export-extcommunity
vpn-target 65500:2002 import-extcommunity
#
ip vpn-instance IPOE-CDO01-DVO01
description OLT IPoE Traffic-CDO01-DVO01 CGNAT
ipv4-family
route-distinguisher 65500:40173
vpn-target 65500:40173 export-extcommunity
vpn-target 65500:40173 import-extcommunity
#
ip vpn-instance IPOE-CDO01-LHG01
description OLT IPoE Traffic-CDO01-LHG01 CGNAT
ipv4-family
route-distinguisher 65500:40172
vpn-target 65500:40172 export-extcommunity
vpn-target 65500:40172 import-extcommunity
#
ip vpn-instance IPOE-DVO01-CDO01
description OLT IPoE Traffic-DVO01-CDO01 CGNAT
ipv4-family
route-distinguisher 65500:40175
vpn-target 65500:40175 export-extcommunity
vpn-target 65500:40175 import-extcommunity
#
ip vpn-instance IPOE-DVO01-LHG01
description OLT IPoE Traffic-DVO01-LHG01 CGNAT
ipv4-family
route-distinguisher 65500:40174
vpn-target 65500:40174 export-extcommunity
vpn-target 65500:40174 import-extcommunity
#
ip vpn-instance IPOE-LHG01-CDO01
description OLT IPoE Traffic-LHG01-CDO01 CGNAT
ipv4-family
route-distinguisher 65500:40170
vpn-target 65500:40170 export-extcommunity
vpn-target 65500:40170 import-extcommunity
#
ip vpn-instance IPOE-LHG01-DVO01
description OLT IPoE Traffic-LHG01-DVO01 CGNAT
ipv4-family
route-distinguisher 65500:40171
� vpn-target 65500:40171 export-extcommunity
vpn-target 65500:40171 import-extcommunity
#
ip vpn-instance LTE_S1
description Voice &Data traffic for LTE S1&X2
ipv4-family
route-distinguisher 65500:1013
vpn frr
apply-label per-instance
vpn-target 65500:1013 export-extcommunity
vpn-target 65500:1013 import-extcommunity
#
ip vpn-instance NGN_NETWORK
description NGN VOICE GATEWAY
ipv4-family
route-distinguisher 65500:3001
vpn frr
apply-label per-instance
vpn-target 65500:3001 export-extcommunity
vpn-target 65500:3001 import-extcommunity
#
ip vpn-instance OM_FMS
description NMS for Flexible Monitoring System (FMS)
ipv4-family
route-distinguisher 65500:1011
vpn frr
apply-label per-instance
vpn-target 65500:1011 export-extcommunity
vpn-target 65500:1011 import-extcommunity
diffserv-mode pipe af4 green
#
ip vpn-instance OM_MW
description NMS for microwave
ipv4-family
route-distinguisher 65500:1010
vpn frr
apply-label per-instance
vpn-target 65500:1010 export-extcommunity
vpn-target 65500:1010 import-extcommunity
diffserv-mode pipe af4 green
#
ip vpn-instance OM_RTR_RAN
description NMS for routers, ATN, CX600, NE40E-X16
ipv4-family
route-distinguisher 65500:1009
vpn frr
apply-label per-instance
vpn-target 65500:1009 export-extcommunity
vpn-target 65500:1009 import-extcommunity
diffserv-mode pipe af4 green
#
ip vpn-instance OM_WIRELESS
description Huawei RAN O&M (M2000)
ipv4-family
route-distinguisher 65500:1008
vpn frr
apply-label per-instance
vpn-target 65500:1008 export-extcommunity
vpn-target 65500:1008 import-extcommunity
� diffserv-mode pipe af4 green
#
ip vpn-instance WIFI_SIGTRAN
description Signalling traffic for WIFI_SIGTRAN
ipv4-family
route-distinguisher 65500:2003
vpn frr
apply-label per-instance
vpn-target 65500:2003 export-extcommunity
vpn-target 65500:2003 import-extcommunity
#
ip vpn-instance WIMAX_OM
description Huawei WIMAX O&M (M2000)
ipv4-family
route-distinguisher 65500:2004
vpn frr
apply-label per-instance
vpn-target 65500:2004 import-extcommunity
diffserv-mode pipe af4 green
#
ip vpn-instance __LOCAL_OAM_VPN__
ipv4-family
#
undo pnp enable
#
hwtacacs-server template tacacs
hwtacacs-server authentication 10.198.162.185 vpn-instance OM_RTR_RAN
hwtacacs-server authentication 10.160.53.202 vpn-instance OM_RTR_RAN secondary
hwtacacs-server authorization 10.198.162.185 vpn-instance OM_RTR_RAN
hwtacacs-server authorization 10.160.53.202 vpn-instance OM_RTR_RAN secondary
hwtacacs-server accounting 10.198.162.185 vpn-instance OM_RTR_RAN
hwtacacs-server accounting 10.160.53.202 vpn-instance OM_RTR_RAN secondary
hwtacacs-server source-ip 10.130.19.154
hwtacacs-server shared-key GTHuawei@2019
hwtacacs-server user-name original
#
bfd
#
vlan 10
description testing
#
mpls lsr-id 10.130.17.154
#
mpls
#
mpls l2vpn
#
mpls ldp
graceful-restart
#
ipv4-family
#
mpls ldp remote-peer CARMEN-VIS130-AGFN-X2-01
remote-ip 10.81.25.45
#
mpls ldp remote-peer BORBON-VIS121-AGFN-X2-01
remote-ip 10.81.25.44
#
acl number 2001
� rule 10 deny source 10.10.10.2 0
#
acl number 3300
description **Data Plane Inbound Policy**
rule 95 permit ip destination 10.81.44.194 0
rule 100 permit udp destination-port eq bootps
rule 105 deny tcp source-port eq smtp
rule 110 deny tcp destination-port eq smtp
rule 115 deny tcp source-port eq 139
rule 120 deny tcp destination-port eq 139
rule 125 deny tcp source-port eq 445
rule 130 deny tcp destination-port eq 445
rule 135 deny ip destination 100.64.0.0 0.63.255.255
rule 140 deny ip destination 10.0.0.0 0.255.255.255
rule 145 deny ip destination 172.16.0.0 0.15.255.255
rule 150 deny ip destination 192.168.0.0 0.0.255.255
rule 2000 permit ip
#
acl number 3400
description **Data Plane Outbound Policy**
rule 95 permit ip source 10.81.44.194 0
rule 100 permit udp source-port eq bootps
rule 105 deny tcp destination-port eq smtp
rule 110 deny tcp source-port eq smtp
rule 115 deny tcp destination-port eq 139
rule 120 deny tcp source-port eq 139
rule 125 deny tcp destination-port eq 445
rule 130 deny tcp source-port eq 445
rule 135 deny ip source 100.64.0.0 0.63.255.255
rule 140 deny ip source 10.0.0.0 0.255.255.255
rule 145 deny ip source 172.16.0.0 0.15.255.255
rule 150 deny ip source 192.168.0.0 0.0.255.255
rule 2000 permit ip
#
acl number 3999
description **REMOTE ACCESS AUTHENTICATION**
rule 1 permit ip source 120.28.2.0 0.0.0.255
rule 2 permit ip source 120.28.27.0 0.0.0.255
rule 3 permit ip source 120.28.3.0 0.0.0.255
rule 4 permit ip source 112.198.88.0 0.0.0.255
rule 5 permit ip source 112.198.89.0 0.0.0.255
rule 6 permit ip source 192.9.13.0 0.0.0.255
rule 7 permit ip source 112.198.92.0 0.0.0.255
rule 8 permit ip source 203.177.169.112 0.0.0.15
rule 100 permit ip source 10.198.162.185 0
rule 110 permit ip source 10.163.96.26 0
rule 120 permit ip source 10.163.96.27 0
rule 130 permit ip source 10.226.209.58 0
rule 140 permit ip source 10.174.254.37 0
rule 150 permit ip source 10.174.254.14 0
rule 160 permit ip source 10.163.90.26 0
rule 170 permit ip source 10.81.22.0 0.0.0.255
rule 180 permit ip source 10.81.23.0 0.0.0.255
rule 190 permit ip source 10.81.24.0 0.0.0.255
rule 200 permit ip source 10.81.25.0 0.0.0.255
rule 210 permit ip source 10.81.26.0 0.0.0.255
rule 220 permit ip source 10.81.27.0 0.0.0.255
rule 230 permit ip source 10.8.119.0 0.0.0.31
rule 240 permit ip source 172.16.1.1 0
� rule 250 permit ip source 172.16.1.101 0
rule 260 permit ip source 10.226.22.176 0
rule 270 permit ip source 172.16.3.0 0.0.0.255
rule 280 permit ip source 10.10.79.0 0.0.0.255
rule 290 permit ip source 10.198.172.0 0.0.0.255
rule 300 permit ip source 10.129.0.0 0.0.3.255
rule 310 permit ip source 10.127.0.0 0.0.3.255
rule 320 permit ip source 10.130.12.0 0.0.3.255
rule 330 permit ip source 10.129.4.0 0.0.0.255
rule 340 permit ip source 10.129.144.0 0.0.3.255
rule 350 permit ip source 10.163.97.0 0.0.0.255
rule 360 permit ip source 10.8.70.240 0.0.0.15
rule 370 permit ip source 10.8.71.128 0.0.0.63
rule 380 permit ip source 10.8.75.112 0.0.0.15
rule 390 permit ip source 10.129.12.0 0.0.1.255
rule 400 permit ip source 10.127.6.0 0.0.1.255
rule 410 permit ip source 10.127.129.0 0.0.0.255
rule 420 permit ip source 10.130.18.0 0.0.1.255
rule 430 permit ip source 10.129.153.0 0.0.0.255
rule 450 permit ip source 10.168.56.0 0.0.7.255
rule 460 permit ip vpn-instance OM_RTR_RAN source 10.198.162.185 0
rule 470 permit ip source 10.160.53.202 0
rule 480 permit ip vpn-instance OM_RTR_RAN source 10.160.53.202 0
rule 500 permit ip source 10.86.64.0 0.0.63.255
rule 999 permit ip vpn-instance OM_RTR_RAN
rule 1000 deny ip
#
acl ipv6 number 3300
description **Data Plane Inbound Policy**
rule 100 permit udp destination-port eq bootps
rule 105 deny tcp source-port eq smtp
rule 110 deny tcp destination-port eq smtp
rule 115 deny tcp source-port eq 139
rule 120 deny tcp destination-port eq 139
rule 125 deny tcp source-port eq 445
rule 130 deny tcp destination-port eq 445
rule 135 deny ipv6 destination 2001:FD8:760::/44
rule 140 deny ipv6 destination FD00::/8
rule 2000 permit ipv6
#
acl ipv6 number 3400
description **Data Plane Outbound Policy**
rule 100 permit udp source-port eq bootps
rule 105 deny tcp destination-port eq smtp
rule 110 deny tcp source-port eq smtp
rule 115 deny tcp destination-port eq 139
rule 120 deny tcp source-port eq 139
rule 125 deny tcp destination-port eq 445
rule 130 deny tcp source-port eq 445
rule 135 deny ipv6 source 2001:FD8:760::/44
rule 140 deny ipv6 source FD00::/8
rule 2000 permit ipv6
#
traffic classifier Service_Policy_Inbound operator or
if-match acl 3300
if-match ipv6 acl 3300
#
traffic classifier Service_Policy_Outbound operator or
if-match acl 3400
� if-match ipv6 acl 3400
#
traffic behavior Service_Policy_Inbound
#
traffic behavior Service_Policy_Outbound
#
traffic policy Service_Policy_Inbound
statistics enable
classifier Service_Policy_Inbound behavior Service_Policy_Inbound
#
traffic policy Service_Policy_Outbound
statistics enable
classifier Service_Policy_Outbound behavior Service_Policy_Outbound
#
aaa
local-user huaweissh password cipher GThuawei@2012
local-user huaweissh service-type ftp terminal ssh
local-user huaweissh level 3
local-user huaweissh state block fail-times 3 interval 5
local-user huaweissh ftp-directory cfcard:/
local-user emergency password cipher Ju$tc@ll911
local-user emergency service-type ftp terminal ssh
local-user emergency level 3
local-user emergency state block fail-times 3 interval 5
local-user emergency ftp-directory cfcard:/
local-user pamaccnt password cipher p@m_4CC0unt
local-user pamaccnt service-type terminal ssh
local-user pamaccnt level 3
local-user pamaccnt state block fail-times 3 interval 5
local-user pamaccnt ftp-directory cfcard:/
authentication-scheme default0
authentication-scheme default1
authentication-scheme default
authentication-mode local radius
authentication-scheme tacacs
authentication-mode hwtacacs local
#
authorization-scheme default
authorization-scheme tacacs
authorization-mode hwtacacs local
authorization-cmd 15 hwtacacs local
#
accounting-scheme default0
accounting-scheme default1
accounting-scheme tacacs
accounting-mode hwtacacs
accounting start-fail online
#
domain default_admin
authentication-scheme tacacs
authorization-scheme tacacs
accounting-scheme tacacs
hwtacacs-server tacacs
#
recording-scheme tacacs
recording-mode hwtacacs tacacs
#
cmd recording-scheme tacacs
#
�license
active port-basic slot 2 port 0-27
#
interface Eth-Trunk1
mtu 1600
description TO: CTM-101-VIS2830-ATN910C-01_Eth-trunk 2
ip address 10.86.117.38 255.255.255.252
trust upstream default
ospf authentication-mode md5 1 cipher globenemesis
ospf cost 10
ospf network-type p2p
ospf ldp-sync
ospf timer ldp-sync hold-max-cost infinite
mode lacp-static
mpls
mpls ldp
#
interface Eth-Trunk2
mtu 1600
description TO: CARMEN-VIS130-AGFN-X2-01_Eth-trunk 15
ip address 10.86.117.41 255.255.255.252
trust upstream default
ospf authentication-mode md5 1 cipher globenemesis
ospf cost 2000
ospf network-type p2p
ospf ldp-sync
ospf timer ldp-sync hold-max-cost infinite
mode lacp-static
mpls
mpls ldp
#
interface Eth-Trunk3
description To: CRM_701_VDB_01
mode lacp-static
#
interface Eth-Trunk3.400
vlan-type dot1q 400
description CRM-BOR-HM-01_CRM_701_VDB_01 (FIO-CRMBORHM01_FMC) - IPOE
ip binding vpn-instance IPOE-LHG01-DVO01
ip address 100.70.143.1 255.255.255.128
ip address 100.113.163.129 255.255.255.224 sub
traffic-policy Service_Policy_Inbound inbound
traffic-policy Service_Policy_Outbound outbound
dhcp select relay
ip relay address 112.198.111.196
ip relay address 112.198.111.197
#
interface Eth-Trunk3.1855
vlan-type dot1q 1855
description HSI-CRM-BOR-HM-01
statistic enable
mpls l2vc 10.81.25.45 25005151
mpls l2vc 10.81.25.44 26005151 secondary
mpls l2vpn redundancy master
#
interface Eth-Trunk3.2088
vlan-type dot1q 2088
description SIP- CRM-BOR-HM-01
statistic enable
� mpls l2vc 10.81.25.45 25005150
mpls l2vc 10.81.25.44 26005150 secondary
mpls l2vpn redundancy master
#
interface Eth-Trunk3.3075
vlan-type dot1q 3075
description OM-CRM-BOR-HM-01
statistic enable
mpls l2vc 10.81.25.45 25005149
mpls l2vc 10.81.25.44 26005149 secondary
mpls l2vpn redundancy master
#
interface Eth-Trunk4
description To: CRM_701_VDB_02
mode lacp-static
#
interface Eth-Trunk4.400
vlan-type dot1q 400
description CRM-BOR-HM-01_CRM_701_VDB_02 (FIO-CRMBORHM01_FMC) - IPOE
ip binding vpn-instance IPOE-LHG01-DVO01
ip address 100.70.97.1 255.255.255.0
ip address 100.113.152.1 255.255.255.192 sub
traffic-policy Service_Policy_Inbound inbound
traffic-policy Service_Policy_Outbound outbound
dhcp select relay
ip relay address 112.198.111.196
ip relay address 112.198.111.197
#
interface Eth-Trunk4.1855
vlan-type dot1q 1855
description HSI-CRM-BOR-HM-01
statistic enable
mpls l2vc 10.81.25.45 25005154
mpls l2vc 10.81.25.44 26005154 secondary
mpls l2vpn redundancy master
#
interface Eth-Trunk4.2088
vlan-type dot1q 2088
description SIP-CRM-BOR-HM-01
statistic enable
mpls l2vc 10.81.25.45 25005153
mpls l2vc 10.81.25.44 26005153 secondary
mpls l2vpn redundancy master
#
interface Eth-Trunk4.3258
vlan-type dot1q 3258
description OM-CRM-BOR-HM-01
statistic enable
mpls l2vc 10.81.25.45 25005152
mpls l2vc 10.81.25.44 26005152 secondary
mpls l2vpn redundancy master
#
interface Eth-Trunk5
description To: CRM_701_VDB_03
mode lacp-static
#
interface Eth-Trunk5.400
vlan-type dot1q 400
description CRM-BOR-HM-01_CRM_701_VDB_03 (FIO-CRMBORHM01_FMC) - IPOE
� ip binding vpn-instance IPOE-LHG01-DVO01
ip address 100.70.96.1 255.255.255.0
ip address 100.113.151.193 255.255.255.192 sub
traffic-policy Service_Policy_Inbound inbound
traffic-policy Service_Policy_Outbound outbound
dhcp select relay
ip relay address 112.198.111.196
ip relay address 112.198.111.197
#
interface Eth-Trunk5.1855
vlan-type dot1q 1855
description HSI-CRM-BOR-HM-01
statistic enable
mpls l2vc 10.81.25.45 25005157
mpls l2vc 10.81.25.44 26005157 secondary
mpls l2vpn redundancy master
#
interface Eth-Trunk5.2088
vlan-type dot1q 2088
description SIP-CRM-BOR-HM-01
statistic enable
mpls l2vc 10.81.25.45 25005156
mpls l2vc 10.81.25.44 26005156 secondary
mpls l2vpn redundancy master
#
interface Eth-Trunk5.3258
vlan-type dot1q 3258
description OM-CRM-BOR-HM-01
statistic enable
mpls l2vc 10.81.25.45 25005155
mpls l2vc 10.81.25.44 26005155 secondary
mpls l2vpn redundancy master
#
interface Eth-Trunk7
description To: CRM_701_GPONA_01
mode lacp-static
#
interface Eth-Trunk7.400
vlan-type dot1q 400
description CRM-BOR-HM-01_CRM_701_GPONA_01 (FIO-CRMBORHM01_FMC) - IPOE
ip binding vpn-instance IPOE-LHG01-DVO01
ip address 10.117.132.1 255.255.252.0
ip address 10.119.97.1 255.255.255.0 sub
traffic-policy Service_Policy_Inbound inbound
traffic-policy Service_Policy_Outbound outbound
dhcp select relay
ip relay address 112.198.111.196
ip relay address 112.198.111.197
#
interface Eth-Trunk7.1620
vlan-type dot1q 1620
description HSI_CRM-BOR-HM-01
statistic enable
mpls l2vc 10.81.25.45 25005119
mpls l2vc 10.81.25.44 26005119 secondary
mpls l2vpn redundancy master
#
interface Eth-Trunk7.3779
vlan-type dot1q 3779
� description SIP_CRM-BOR-HM-01
statistic enable
mpls l2vc 10.81.25.45 25005118
mpls l2vc 10.81.25.44 26005118 secondary
mpls l2vpn redundancy master
#
interface Eth-Trunk7.3795
vlan-type dot1q 3795
description OM_CRM-BOR-HM-01
statistic enable
mpls l2vc 10.81.25.45 25005117
mpls l2vc 10.81.25.44 26005117 secondary
mpls l2vpn redundancy master
#
interface Eth-Trunk8
description To: CRM_701_GPONA_02
mode lacp-static
#
interface Eth-Trunk8.400
vlan-type dot1q 400
description CRM-BOR-HM-01_CRM_701_GPONA_02 (FIO-CRMBORHM01_FMC) - IPOE
ip binding vpn-instance IPOE-LHG01-DVO01
ip address 10.54.92.1 255.255.252.0
ip address 10.73.151.1 255.255.255.0 sub
traffic-policy Service_Policy_Inbound inbound
traffic-policy Service_Policy_Outbound outbound
dhcp select relay
ip relay address 112.198.111.196
ip relay address 112.198.111.197
#
interface Eth-Trunk8.1855
vlan-type dot1q 1855
description CRM-BOR-HM-01_HSI
mpls l2vc 10.81.25.45 25006153
mpls l2vc 10.81.25.44 26006153 secondary
mpls l2vpn redundancy master
#
interface Eth-Trunk8.3269
vlan-type dot1q 3269
description CRM-BOR-HM-01_SIP
mpls l2vc 10.81.25.45 25006152
mpls l2vc 10.81.25.44 26006152 secondary
mpls l2vpn redundancy master
#
interface Eth-Trunk8.3762
vlan-type dot1q 3762
description CRM-BOR-HM-01_OM
mpls l2vc 10.81.25.45 25006151
mpls l2vc 10.81.25.44 26006151 secondary
mpls l2vpn redundancy master
#
interface Ethernet0/0/0
undo shutdown
ip binding vpn-instance __LOCAL_OAM_VPN__
ip address 192.168.0.1 255.255.255.0
#
interface GigabitEthernet0/2/0
description TO: CTM-101-VIS2830-ATN910C-01_Gi0/2/2
undo shutdown
� eth-trunk 1
undo dcn
clock synchronization enable
clock priority 1
port-queue be wfq weight 10 port-wred Globe_WRED outbound
port-queue af1 wfq weight 10 port-wred Globe_WRED outbound
port-queue af2 wfq weight 10 port-wred Globe_WRED outbound
port-queue af3 wfq weight 15 port-wred Globe_WRED outbound
port-queue af4 wfq weight 15 port-wred Globe_WRED outbound
#
interface GigabitEthernet0/2/1
description To: CRM_701_GPONA_02 1/3/1
undo shutdown
eth-trunk 8
undo dcn
#
interface GigabitEthernet0/2/2
description TO: CARMEN-VIS130-AGFN-X2-01_Gi0/4/0
undo shutdown
eth-trunk 2
undo dcn
clock synchronization enable
clock priority 2
port-queue be wfq weight 10 port-wred Globe_WRED outbound
port-queue af1 wfq weight 10 port-wred Globe_WRED outbound
port-queue af2 wfq weight 10 port-wred Globe_WRED outbound
port-queue af3 wfq weight 15 port-wred Globe_WRED outbound
port-queue af4 wfq weight 15 port-wred Globe_WRED outbound
#
interface GigabitEthernet0/2/3
description To: CRM_701_GPONA_01 9/1
undo shutdown
eth-trunk 7
undo dcn
#
interface GigabitEthernet0/2/4
undo shutdown
undo dcn
#
interface GigabitEthernet0/2/5
undo shutdown
undo dcn
#
interface GigabitEthernet0/2/6
undo shutdown
undo dcn
#
interface GigabitEthernet0/2/7
undo shutdown
undo dcn
#
interface 25GE0/2/8
undo shutdown
undo dcn
#
interface 25GE0/2/9
undo shutdown
undo dcn
#
�interface 25GE0/2/10
undo shutdown
undo dcn
#
interface 25GE0/2/11
description To: CRM-701-HS 0/2/1
undo shutdown
undo dcn
#
interface 25GE0/2/12
description To: CRM-701-HS 0/2/0
undo shutdown
undo dcn
#
interface 25GE0/2/13
vlan-type dot1q 667
description H248-CRM-701_CRM-BOR-HM-01:667
statistic enable
mpls l2vc 10.81.25.45 25002150
mpls l2vc 10.81.25.44 26002150 secondary
mpls l2vpn redundancy master
#
interface 25GE0/2/8
vlan-type dot1q 668
description RTP-CRM-701_CRM-BOR-HM-01:668
statistic enable
mpls l2vc 10.81.25.45 25002152
mpls l2vc 10.81.25.44 26002152 secondary
mpls l2vpn redundancy master
#
interface GigabitEthernet0/2/12.1855
vlan-type dot1q 1855
description HSI-CRM-701_CRM-BOR-HM-01:1855
statistic enable
mpls l2vc 10.81.25.45 25002149
mpls l2vc 10.81.25.44 26002149 secondary
mpls l2vpn redundancy master
#
interface GigabitEthernet0/2/12.2057
vlan-type dot1q 2057
description SM-CRM-701_CRM-BOR-HM-01:2057
statistic enable
mpls l2vc 10.81.25.45 25002154
mpls l2vc 10.81.25.44 26002154 secondary
mpls l2vpn redundancy master
#
interface GigabitEthernet0/2/12.3075
vlan-type dot1q 3075
description OM-CRM-701_CRM-BOR-HM-01:3075
statistic enable
mpls l2vc 10.81.25.45 25002147
mpls l2vc 10.81.25.44 26002147 secondary
mpls l2vpn redundancy master
#
interface GigabitEthernet0/2/13
description To: CRM_701_VDB_02 NT-A:XFP:1
undo shutdown
eth-trunk 4
undo dcn
� negotiation auto
#
interface GigabitEthernet0/2/14
description To: CRM_701_VDB_02 NT-A:XFP:1
undo shutdown
eth-trunk 4
undo dcn
negotiation auto
#
interface GigabitEthernet0/2/15
description To: CRM_701_VDB_03 NT-A:XFP:1
undo shutdown
eth-trunk 5
undo dcn
negotiation auto
#
interface GigabitEthernet0/2/16
description To: CRM_701_VDB_03 NT-A:XFP:1
undo shutdown
eth-trunk 5
undo dcn
negotiation auto
#
interface GigabitEthernet0/2/17
description To: CRM_701_VDB_01 0/0/0
undo shutdown
eth-trunk 3
undo dcn
negotiation auto
#
interface GigabitEthernet0/2/18
description To: CRM_701_VDB_01 0/0/1
undo shutdown
eth-trunk 3
undo dcn
negotiation auto
#
interface GigabitEthernet0/2/19
undo shutdown
undo dcn
#
interface GigabitEthernet0/2/20
undo shutdown
ip address 10.10.10.1 255.255.255.0
undo dcn
#
interface GigabitEthernet0/2/21
undo shutdown
undo dcn
#
interface GigabitEthernet0/2/22
undo shutdown
undo dcn
#
interface GigabitEthernet0/2/23
undo shutdown
undo dcn
#
interface GigabitEthernet0/2/24
� undo shutdown
undo dcn
#
interface GigabitEthernet0/2/25
undo shutdown
undo dcn
#
interface GigabitEthernet0/2/26
undo shutdown
undo dcn
#
interface GigabitEthernet0/2/27
undo shutdown
undo dcn
#
interface LoopBack0
description Router-ID
ip address 10.130.17.154 255.255.255.255
#
interface LoopBack1
description MANAGEMENT-IP
ip binding vpn-instance OM_RTR_RAN
ip address 10.130.19.154 255.255.255.255
#
interface NULL0
#
bfd CARMEN--1 bind peer-ip default-ip interface GigabitEthernet0/2/2
discriminator local 202
discriminator remote 3101
min-tx-interval 100
min-rx-interval 100
wtr 1
process-interface-status
#
bfd CTM-101-1 bind peer-ip default-ip interface GigabitEthernet0/2/0
discriminator local 101
discriminator remote 202
min-tx-interval 100
min-rx-interval 100
wtr 1
process-interface-status
#
bgp 65500
graceful-restart
graceful-restart timer restart 300
group AG internal
peer AG timer connect-retry 180
peer AG connect-interface LoopBack0
peer AG password cipher %^%#I5_9UlW(I:Kkn2,=_#S(VhRdD42!cYZT}}AR<ny)%^%#
peer AG bfd min-tx-interval 1000 min-rx-interval 1000
peer AG bfd enable
peer AG tracking delay 30
peer AG path-mtu auto-discovery
peer 10.81.25.44 as-number 65500
peer 10.81.25.44 group AG
peer 10.81.25.44 description ** To BORBON-VIS121-AGFN-X2-01**
peer 10.81.25.45 as-number 65500
peer 10.81.25.45 group AG
peer 10.81.25.45 description ** To CARMEN-VIS130-AGFN-X2-01**
�#
ipv4-family unicast
undo synchronization
undo peer AG enable
undo peer 10.81.25.44 enable
undo peer 10.81.25.45 enable
#
ipv4-family vpnv4
policy vpn-target
peer AG enable
peer 10.81.25.44 enable
peer 10.81.25.44 group AG
peer 10.81.25.45 enable
peer 10.81.25.45 group AG
#
ipv4-family vpn-instance 2G_ABIS
import-route direct
#
ipv4-family vpn-instance 3G_IUB
import-route direct
#
ipv4-family vpn-instance FIXED_WIFI
import-route direct
#
ipv4-family vpn-instance FIXED_WIMAX
import-route direct
#
ipv4-family vpn-instance IPOE-CDO01-DVO01
import-route direct
import-route static
auto-frr
#
ipv4-family vpn-instance IPOE-CDO01-LHG01
import-route direct
import-route static
auto-frr
#
ipv4-family vpn-instance IPOE-DVO01-CDO01
import-route direct
import-route static
auto-frr
#
ipv4-family vpn-instance IPOE-DVO01-LHG01
import-route direct
import-route static
auto-frr
#
ipv4-family vpn-instance IPOE-LHG01-CDO01
import-route direct
import-route static
auto-frr
#
ipv4-family vpn-instance IPOE-LHG01-DVO01
import-route direct
import-route static
auto-frr
#
ipv4-family vpn-instance LTE_S1
import-route direct
� #
ipv4-family vpn-instance NGN_NETWORK
import-route direct
#
ipv4-family vpn-instance OM_FMS
import-route direct
#
ipv4-family vpn-instance OM_MW
import-route direct
#
ipv4-family vpn-instance OM_RTR_RAN
import-route direct
#
ipv4-family vpn-instance OM_WIRELESS
import-route direct
#
ipv4-family vpn-instance WIFI_SIGTRAN
import-route direct
#
ipv4-family vpn-instance WIMAX_OM
import-route direct
#
ospf 1
bfd all-interfaces enable
bfd all-interfaces min-tx-interval 50 min-rx-interval 50
silent-interface all
undo silent-interface Eth-Trunk1
undo silent-interface Eth-Trunk2
spf-schedule-interval intelligent-timer 200 50 50
lsa-originate-interval intelligent-timer 200 50 50
lsa-arrival-interval intelligent-timer 100 50 50
opaque-capability enable
graceful-restart
advertise mpls-lsr-id
area 144.44.61.45
network 10.86.117.36 0.0.0.3 description TO: CTM-101-VIS2830-ATN910C-01
network 10.86.117.40 0.0.0.3 description TO: CARMEN-VIS130-AGFN-X2-01
network 10.130.17.154 0.0.0.0
nssa
#
undo dcn
#
snmp-agent
snmp-agent local-engineid 800007DB032841C67BE017
#
snmp-agent sys-info contact Globe Telecom, Phillippines
snmp-agent sys-info version v3
snmp-agent group v3 gtgroup privacy read-view iso-view write-view iso-view notify-
view iso-view
#
snmp-agent mib-view included iso-view iso
snmp-agent usm-user v3 gtuser
snmp-agent usm-user v3 gtuser group gtgroup
snmp-agent usm-user v3 gtuser authentication-mode md5 cipher %^%#%oR>~}O}A"Xfj]*"U
%UKu/(2&Ya=jIM^275H^fY7%^%#
snmp-agent usm-user v3 gtuser privacy-mode des56 cipher
%^%#og)hKh0|5StQ<y/RH4C<iDjS%HX#oH:|)>H_jOkC%^%#
#
snmp-agent trap source LoopBack1
�#
snmp-agent trap enable
undo snmp-agent trap enable feature-name ppp trap-name hwPppLoopbackDetect
undo snmp-agent trap enable feature-name tcp trap-name hwTCPMD5AuthenFail
undo snmp-agent trap enable feature-name ospf trap-name ospfIfConfigError
undo snmp-agent trap enable feature-name ospf trap-name ospfMaxAgeLsa
undo snmp-agent trap enable feature-name ospf trap-name ospfVirtIfConfigError
undo snmp-agent trap enable feature-name l3vpn trap-name
L3VPN_MIB_TRAP_TUNNEL_UPDOWN_EVENT
undo snmp-agent trap enable feature-name lldp trap-name lldpRemTablesChange
#
lldp enable
#
stelnet server enable
sftp server enable
snetconf server enable
ssh server compatible-ssh1x enable
sftp server default-directory cfcard:
ssh user emergency
ssh user emergency authentication-type password
ssh user emergency service-type stelnet
ssh user huaweissh
ssh user huaweissh authentication-type password
ssh user huaweissh service-type all
ssh user pamaccnt
ssh user pamaccnt authentication-type password
ssh user pamaccnt service-type stelnet
ssh user root
ssh user root authentication-type password
ssh user root service-type stelnet
ssh authorization-type default aaa
#
ssh server cipher aes256_ctr aes128_ctr aes256_cbc aes128_cbc 3des_cbc
ssh server hmac sha2_256 sha1
ssh server key-exchange dh_group_exchange_sha256 dh_group_exchange_sha1
dh_group14_sha1 ecdh_sha2_nistp256 ecdh_sha2_nistp384 ecdh_sha2_nistp521 sm2_kep
#
ssh client first-time enable
ssh client 10.203.106.184 assign ecc-key 10.203.106.184
ssh client 10.203.106.189 assign rsa-key 10.203.106.189
ssh client 10.203.11.184 assign ecc-key 10.203.11.184
ssh client 10.203.11.188 assign rsa-key 10.203.11.188
sftp client-source -i LoopBack1
#
ssh client cipher aes256_gcm aes128_gcm aes256_ctr aes192_ctr aes128_ctr aes256_cbc
aes128_cbc 3des_cbc
#
header login information "GLOBE TELECOM *** LEGAL NOTICEWARNING: ONLY AUTHORIZED
USERS ARE ALLOWED TO ACCESS THIS SYSTEM. The programs and data stored in this
system are licensed, private property of Globe Telecom. All login attempts, access
and system activities are recorded and verified. If you are not an authorized user,
DO NOT ATTEMPT TO LOGIN."
#
set net-manager vpn-instance OM_RTR_RAN
#
user-interface maximum-vty 15
#
user-interface con 0
authentication-mode password
� set authentication password cipher $1c$bbe<L:4glW$nNiu:y:-hE|/P-CQCs$FL|
cB.4S[_"li8gD"b9%Z$
#
user-interface vty 0 4
acl 3999 inbound
authentication-mode aaa
user privilege level 3
idle-timeout 15 0
#
user-interface vty 5 14
acl 3999 inbound
user privilege level 3
idle-timeout 15 0
#
local-aaa-server
#
return
