
#------------------------------------------------------------------------
#               DES-1210-28/ME Fast Ethernet Switch Configuration
#
#                           Firmware: Build 6.01.B053
#         Copyright(C) 2010 D-Link Corporation. All rights reserved.
#------------------------------------------------------------------------

command-start

# Basic
config syslogintimeout 5
config sysgroupinterval 0
enable web 80
enable clipaging
config arp_aging time 5
config fdb aging_time 300
enable telnet 23

config ipif System ipaddress 172.10.10.99/255.255.255.0
create iproute default 172.10.10.1 1
config command_prompt zapolnit-imya
create vlan "NMS" tag 11
config vlan  NMS add tagged 26-28
config vlan  NMS add untagged 25
config vlan  NMS advertisement disable
enable management vlan
config management vlan NMS
config gvrp 25 pvid 11
config snmp system_name zapolnit-imya
config snmp system_location zapolnit-imya
config snmp system_contact 499-999999
enable password encryption

# Vlan
disable asymmetric_vlan
config vlan default delete 1-28
config vlan  default advertisement disable


create vlan "PPPOE1101" tag 1101
config vlan  PPPOE1101 delete 1-28
config vlan  PPPOE1101 add tagged 27-28
config vlan  PPPOE1101 add untagged 1
config vlan  PPPOE1101 advertisement disable


create vlan "PPPOE1102" tag 1102
config vlan  PPPOE1102 delete 1-28
config vlan  PPPOE1102 add tagged 27-28
config vlan  PPPOE1102 add untagged 2
config vlan  PPPOE1102 advertisement disable


create vlan "PPPOE1103" tag 1103
config vlan  PPPOE1103 delete 1-28
config vlan  PPPOE1103 add tagged 27-28
config vlan  PPPOE1103 add untagged 3
config vlan  PPPOE1103 advertisement disable


create vlan "PPPOE1104" tag 1104
config vlan  PPPOE1104 delete 1-28
config vlan  PPPOE1104 add tagged 27-28
config vlan  PPPOE1104 add untagged 4
config vlan  PPPOE1104 advertisement disable


create vlan "PPPOE1105" tag 1105
config vlan  PPPOE1105 delete 1-28
config vlan  PPPOE1105 add tagged 27-28
config vlan  PPPOE1105 add untagged 5
config vlan  PPPOE1105 advertisement disable


create vlan "PPPOE1106" tag 1106
config vlan  PPPOE1106 delete 1-28
config vlan  PPPOE1106 add tagged 27-28
config vlan  PPPOE1106 add untagged 6
config vlan  PPPOE1106 advertisement disable


create vlan "PPPOE1107" tag 1107
config vlan  PPPOE1107 delete 1-28
config vlan  PPPOE1107 add tagged 27-28
config vlan  PPPOE1107 add untagged 7
config vlan  PPPOE1107 advertisement disable


create vlan "PPPOE1108" tag 1108
config vlan  PPPOE1108 delete 1-28
config vlan  PPPOE1108 add tagged 27-28
config vlan  PPPOE1108 add untagged 8
config vlan  PPPOE1108 advertisement disable


create vlan "PPPOE1109" tag 1109
config vlan  PPPOE1109 delete 1-28
config vlan  PPPOE1109 add tagged 27-28
config vlan  PPPOE1109 add untagged 9
config vlan  PPPOE1109 advertisement disable


create vlan "PPPOE1110" tag 1110
config vlan  PPPOE1110 delete 1-28
config vlan  PPPOE1110 add tagged 27-28
config vlan  PPPOE1110 add untagged 10
config vlan  PPPOE1110 advertisement disable


create vlan "PPPOE1111" tag 1111
config vlan  PPPOE1111 delete 1-28
config vlan  PPPOE1111 add tagged 27-28
config vlan  PPPOE1111 add untagged 11
config vlan  PPPOE1111 advertisement disable


create vlan "PPPOE1112" tag 1112
config vlan  PPPOE1112 delete 1-28
config vlan  PPPOE1112 add tagged 27-28
config vlan  PPPOE1112 add untagged 12
config vlan  PPPOE1112 advertisement disable


create vlan "PPPOE1113" tag 1113
config vlan  PPPOE1113 delete 1-28
config vlan  PPPOE1113 add tagged 27-28
config vlan  PPPOE1113 add untagged 13
config vlan  PPPOE1113 advertisement disable


create vlan "PPPOE1114" tag 1114
config vlan  PPPOE1114 delete 1-28
config vlan  PPPOE1114 add tagged 27-28
config vlan  PPPOE1114 add untagged 14
config vlan  PPPOE1114 advertisement disable


create vlan "PPPOE1115" tag 1115
config vlan  PPPOE1115 delete 1-28
config vlan  PPPOE1115 add tagged 27-28
config vlan  PPPOE1115 add untagged 15
config vlan  PPPOE1115 advertisement disable


create vlan "PPPOE1116" tag 1116
config vlan  PPPOE1116 delete 1-28
config vlan  PPPOE1116 add tagged 27-28
config vlan  PPPOE1116 add untagged 16
config vlan  PPPOE1116 advertisement disable


create vlan "PPPOE1117" tag 1117
config vlan  PPPOE1117 delete 1-28
config vlan  PPPOE1117 add tagged 27-28
config vlan  PPPOE1117 add untagged 17
config vlan  PPPOE1117 advertisement disable


create vlan "PPPOE1118" tag 1118
config vlan  PPPOE1118 delete 1-28
config vlan  PPPOE1118 add tagged 27-28
config vlan  PPPOE1118 add untagged 18
config vlan  PPPOE1118 advertisement disable


create vlan "PPPOE1119" tag 1119
config vlan  PPPOE1119 delete 1-28
config vlan  PPPOE1119 add tagged 27-28
config vlan  PPPOE1119 add untagged 19
config vlan  PPPOE1119 advertisement disable


create vlan "PPPOE1120" tag 1120
config vlan  PPPOE1120 delete 1-28
config vlan  PPPOE1120 add tagged 27-28
config vlan  PPPOE1120 add untagged 20
config vlan  PPPOE1120 advertisement disable


create vlan "PPPOE1121" tag 1121
config vlan  PPPOE1121 delete 1-28
config vlan  PPPOE1121 add tagged 27-28
config vlan  PPPOE1121 add untagged 21
config vlan  PPPOE1121 advertisement disable


create vlan "PPPOE1122" tag 1122
config vlan  PPPOE1122 delete 1-28
config vlan  PPPOE1122 add tagged 27-28
config vlan  PPPOE1122 add untagged 22
config vlan  PPPOE1122 advertisement disable


create vlan "PPPOE1123" tag 1123
config vlan  PPPOE1123 delete 1-28
config vlan  PPPOE1123 add tagged 27-28
config vlan  PPPOE1123 add untagged 23
config vlan  PPPOE1123 advertisement disable


create vlan "PPPOE1124" tag 1124
config vlan  PPPOE1124 delete 1-28
config vlan  PPPOE1124 add tagged 27-28
config vlan  PPPOE1124 add untagged 24
config vlan  PPPOE1124 advertisement disable


config multicast filter 1-28 forward
enable pvid auto_assign

# ISM vlan
enable igmp_snooping multicast_vlan
create igmp_snooping multicast_vlan "MCAST" 2401
config igmp_snooping multicast_vlan "MCAST" add member_port 1-24
config igmp_snooping multicast_vlan "MCAST" add source_port 27-28
config igmp_snooping multicast_vlan "MCAST" state enable
config igmp_snooping multicast_vlan "MCAST" replace_source_ip none
config mld_snooping multicast_vlan "MCAST" replace_source_ipv6 none
config igmp_snooping multicast_vlan_group "MCAST" add ipv4_range 224.0.1.0 239.255.254.255

# IP
config ipif System dhcp_option12 state disable
config ipif System dhcp_option12 hostname switch
config ipif System dhcpv6_client disable
disable ipif_ipv6_link_local_auto System
config ipif System ipv6 state enable
disable autoconfig

# STP
enable stp
config stp version rstp
config stp priority 4096 instance_id 0
config stp txholdcount 6 maxage 20 hellotime 2 forwarddelay 15
config stp fbpdu enable
config stp ports 1-24 externalcost auto edge auto restricted_tcn false restricted_role false p2p auto state disable priority 128 fbpdu disable
config stp ports 25-28 externalcost auto edge auto restricted_tcn false restricted_role false p2p auto state enable priority 128 fbpdu enable
config stp mst_config_id name C8-BE-19-E9-60-31 revision_level 0

# traffic segmentation
config traffic_segmentation 1 forward_list 1,27-28
config traffic_segmentation 2 forward_list 2,27-28
config traffic_segmentation 3 forward_list 3,27-28
config traffic_segmentation 4 forward_list 4,27-28
config traffic_segmentation 5 forward_list 5,27-28
config traffic_segmentation 6 forward_list 6,27-28
config traffic_segmentation 7 forward_list 7,27-28
config traffic_segmentation 8  forward_list 8,27-28
config traffic_segmentation 9 forward_list 9,27-28
config traffic_segmentation 10 forward_list 10,27-28
config traffic_segmentation 11 forward_list 11,27-28
config traffic_segmentation 12 forward_list 12,27-28
config traffic_segmentation 13 forward_list 13,27-28
config traffic_segmentation 14 forward_list 14,27-28
config traffic_segmentation 15 forward_list 15,27-28
config traffic_segmentation 16 forward_list 16,27-28
config traffic_segmentation 17 forward_list 17,27-28
config traffic_segmentation 18 forward_list 18,27-28
config traffic_segmentation 19 forward_list 19,27-28
config traffic_segmentation 20 forward_list 20,27-28
config traffic_segmentation 21 forward_list 21,27-28
config traffic_segmentation 22 forward_list 22,27-28
config traffic_segmentation 23 forward_list 23,27-28
config traffic_segmentation 24 forward_list 24,27-28
config traffic_segmentation 25 forward_list 25,27-28
config traffic_segmentation 26-28  forward_list 1-28

# QoS
config scheduling_mechanism strict
config scheduling 0 weight 1
config scheduling 1 weight 2
config scheduling 2 weight 4
config scheduling 3 weight 8
config 802.1p default_priority 1-28 0
config 802.1p user_priority 0 1
config 802.1p user_priority 1 0
config 802.1p user_priority 2 0
config 802.1p user_priority 3 1
config 802.1p user_priority 4 2
config 802.1p user_priority 5 2
config 802.1p user_priority 6 3
config 802.1p user_priority 7 3
config dscp_mapping dscp_value 20 class 1
config dscp_mapping dscp_value 21 class 1
config dscp_mapping dscp_value 22 class 1
config dscp_mapping dscp_value 23 class 1
config dscp_mapping dscp_value 24 class 1
config dscp_mapping dscp_value 25 class 1
config dscp_mapping dscp_value 26 class 1
config dscp_mapping dscp_value 27 class 1
config dscp_mapping dscp_value 28 class 1
config dscp_mapping dscp_value 29 class 1
config dscp_mapping dscp_value 30 class 1
config dscp_mapping dscp_value 31 class 1
config dscp_mapping dscp_value 32 class 1
config dscp_mapping dscp_value 33 class 1
config dscp_mapping dscp_value 34 class 1
config dscp_mapping dscp_value 35 class 1
config dscp_mapping dscp_value 36 class 1
config dscp_mapping dscp_value 37 class 1
config dscp_mapping dscp_value 38 class 1
config dscp_mapping dscp_value 39 class 1
config dscp_mapping dscp_value 40 class 2
config dscp_mapping dscp_value 41 class 2
config dscp_mapping dscp_value 42 class 2
config dscp_mapping dscp_value 43 class 2
config dscp_mapping dscp_value 44 class 2
config dscp_mapping dscp_value 45 class 2
config dscp_mapping dscp_value 46 class 2
config dscp_mapping dscp_value 47 class 2
config dscp_mapping dscp_value 48 class 2
config dscp_mapping dscp_value 49 class 2
config dscp_mapping dscp_value 50 class 2
config dscp_mapping dscp_value 51 class 2
config dscp_mapping dscp_value 52 class 2
config dscp_mapping dscp_value 53 class 2
config dscp_mapping dscp_value 54 class 2
config dscp_mapping dscp_value 55 class 2
config dscp_mapping dscp_value 56 class 2
config dscp_mapping dscp_value 57 class 2
config dscp_mapping dscp_value 58 class 2
config dscp_mapping dscp_value 59 class 2
config dscp_mapping dscp_value 60 class 3
config dscp_mapping dscp_value 61 class 3
config dscp_mapping dscp_value 62 class 3
config dscp_mapping dscp_value 63 class 3
config cos mapping port 1-28 none
config cos mapping port 1-28 802.1p
config cos tos value 0 class 0
config cos tos value 1 class 0
config cos tos value 2 class 0
config cos tos value 3 class 0
config cos tos value 4 class 0
config cos tos value 5 class 0
config cos tos value 6 class 0
config cos tos value 7 class 0
config dscp mode
config bandwidth_control 1-28 rx_rate no_limit tx_rate no_limit

# FDB (forwarding data base)
enable auto learning

# Syslog
enable syslog
config log_save_timing on_demand

# ACL

# SNMP
enable snmp
disable snmp authenticate traps
config snmp coldstart_traps disable
config snmp warmstart_traps disable
disable snmp linkchange_traps
config snmp linkchange_traps ports 1-28 disable
disable snmp rstpport_state_change traps
disable snmp firmware_upgrade_state traps
disable snmp port_security_violation traps
disable snmp IMPB_violation traps
disable snmp LBD traps
disable snmp DHCP_screening traps
disable snmp duplicate_IP_detected traps

# port security
config port_security 1-28 admin_state disable max_learning_addr 0 lock_address_mode Delete OnTimeout

# MAC address table notification
disable mac_notification
config mac_notification interval 1
config mac_notification historysize 1
config mac_notification ports 1-28 disable

# SNTP
config sntp primary 10.2.100.100 secondary 0.0.0.0 poll-interval 30
enable  sntp
config time_zone operator + hour 4 minute 0
config dst disable

# GVRP
disable gvrp
config gvrp 1-28 state disable
config gvrp 1-28 ingress_checking enable
config gvrp 1-28 acceptable_frame All_Frames


config gvrp 1 pvid 1101


config gvrp 2 pvid 1102


config gvrp 3 pvid 1103


config gvrp 4 pvid 1104


config gvrp 5 pvid 1105


config gvrp 6 pvid 1106


config gvrp 7 pvid 1107


config gvrp 8 pvid 1108


config gvrp 9 pvid 1109


config gvrp 10 pvid 1110


config gvrp 11 pvid 1111


config gvrp 12 pvid 1112


config gvrp 13 pvid 1113


config gvrp 14 pvid 1114


config gvrp 15 pvid 1115


config gvrp 16 pvid 1116


config gvrp 17 pvid 1117


config gvrp 18 pvid 1118


config gvrp 19 pvid 1119


config gvrp 20 pvid 1120


config gvrp 21 pvid 1121


config gvrp 22 pvid 1122


config gvrp 23 pvid 1123


config gvrp 24 pvid 1124


config gvrp 26-28 pvid 1


config gvrp timer join_timer 200
config gvrp timer leave_timer 600
config gvrp timer leave-all_timer 10000

# Loopback Detection
enable loopdetect
config loopdetect ports 1-24 state enable 

# BPDU Attack Protection
disable bpdu_protection
config bpdu_protection recovery_timer 60
config bpdu_protection ports 1-24 state enable mode drop
config bpdu_protection ports 25-28 state disable mode shutdown
config bpdu_protection trap none
config bpdu_protection log none

# IGMP snooping
enable igmp_snooping
config igmp_snooping all router_timeout 125
config igmp_snooping all host_timeout 260
config igmp_snooping all leave_timer 1
config igmp_snooping querier vlanid 1 state disable robustness_variable 2
config igmp_snooping querier vlanid 1 state disable query_interval 125
config igmp_snooping querier vlanid 1 state disable max_response_time 10
config igmp_snooping data_driven_learning max_learned_entry 256
config igmp_snooping vlan_name "default" state disable fast_leave disable
config igmp_snooping data_driven_learning vlan_name "default" state disable
config igmp_snooping data_driven_learning vlan_name "default" aged_out disable
config igmp_snooping querier vlan_name "default" state disable querier_version 2 last_member_query_interval 1
config igmp_snooping vlan_name "NMS" state disable fast_leave disable
config igmp_snooping data_driven_learning vlan_name "NMS" state disable
config igmp_snooping data_driven_learning vlan_name "NMS" aged_out disable
config igmp_snooping querier vlan_name "NMS" state disable querier_version 2 last_member_query_interval 1
config igmp_snooping vlan_name "PPPOE1" state disable fast_leave disable
config igmp_snooping data_driven_learning vlan_name "PPPOE1" state disable
config igmp_snooping data_driven_learning vlan_name "PPPOE1" aged_out disable
config igmp_snooping querier vlan_name "PPPOE1" state disable querier_version 2 last_member_query_interval 1
config igmp_snooping vlan_name "PPPOE2" state disable fast_leave disable
config igmp_snooping data_driven_learning vlan_name "PPPOE2" state disable
config igmp_snooping data_driven_learning vlan_name "PPPOE2" aged_out disable
config igmp_snooping querier vlan_name "PPPOE2" state disable querier_version 2 last_member_query_interval 1
config igmp_snooping vlan_name "PPPOE3" state disable fast_leave disable
config igmp_snooping data_driven_learning vlan_name "PPPOE3" state disable
config igmp_snooping data_driven_learning vlan_name "PPPOE3" aged_out disable
config igmp_snooping querier vlan_name "PPPOE3" state disable querier_version 2 last_member_query_interval 1
config igmp_snooping vlan_name "PPPOE4" state disable fast_leave disable
config igmp_snooping data_driven_learning vlan_name "PPPOE4" state disable
config igmp_snooping data_driven_learning vlan_name "PPPOE4" aged_out disable
config igmp_snooping querier vlan_name "PPPOE4" state disable querier_version 2 last_member_query_interval 1
config igmp_snooping vlan_name "PPPOE5" state disable fast_leave disable
config igmp_snooping data_driven_learning vlan_name "PPPOE5" state disable
config igmp_snooping data_driven_learning vlan_name "PPPOE5" aged_out disable
config igmp_snooping querier vlan_name "PPPOE5" state disable querier_version 2 last_member_query_interval 1
config igmp_snooping vlan_name "PPPOE6" state disable fast_leave disable
config igmp_snooping data_driven_learning vlan_name "PPPOE6" state disable
config igmp_snooping data_driven_learning vlan_name "PPPOE6" aged_out disable
config igmp_snooping querier vlan_name "PPPOE6" state disable querier_version 2 last_member_query_interval 1
config igmp_snooping vlan_name "PPPOE7" state disable fast_leave disable
config igmp_snooping data_driven_learning vlan_name "PPPOE7" state disable
config igmp_snooping data_driven_learning vlan_name "PPPOE7" aged_out disable
config igmp_snooping querier vlan_name "PPPOE7" state disable querier_version 2 last_member_query_interval 1
config igmp_snooping vlan_name "PPPOE8" state disable fast_leave disable
config igmp_snooping data_driven_learning vlan_name "PPPOE8" state disable
config igmp_snooping data_driven_learning vlan_name "PPPOE8" aged_out disable
config igmp_snooping querier vlan_name "PPPOE8" state disable querier_version 2 last_member_query_interval 1
config igmp_snooping vlan_name "PPPOE9" state disable fast_leave disable
config igmp_snooping data_driven_learning vlan_name "PPPOE9" state disable
config igmp_snooping data_driven_learning vlan_name "PPPOE9" aged_out disable
config igmp_snooping querier vlan_name "PPPOE9" state disable querier_version 2 last_member_query_interval 1
config igmp_snooping vlan_name "PPPOE10" state disable fast_leave disable
config igmp_snooping data_driven_learning vlan_name "PPPOE10" state disable
config igmp_snooping data_driven_learning vlan_name "PPPOE10" aged_out disable
config igmp_snooping querier vlan_name "PPPOE10" state disable querier_version 2 last_member_query_interval 1
config igmp_snooping vlan_name "PPPOE11" state disable fast_leave disable
config igmp_snooping data_driven_learning vlan_name "PPPOE11" state disable
config igmp_snooping data_driven_learning vlan_name "PPPOE11" aged_out disable
config igmp_snooping querier vlan_name "PPPOE11" state disable querier_version 2 last_member_query_interval 1
config igmp_snooping vlan_name "PPPOE12" state disable fast_leave disable
config igmp_snooping data_driven_learning vlan_name "PPPOE12" state disable
config igmp_snooping data_driven_learning vlan_name "PPPOE12" aged_out disable
config igmp_snooping querier vlan_name "PPPOE12" state disable querier_version 2 last_member_query_interval 1
config igmp_snooping vlan_name "PPPOE13" state disable fast_leave disable
config igmp_snooping data_driven_learning vlan_name "PPPOE13" state disable
config igmp_snooping data_driven_learning vlan_name "PPPOE13" aged_out disable
config igmp_snooping querier vlan_name "PPPOE13" state disable querier_version 2 last_member_query_interval 1
config igmp_snooping vlan_name "PPPOE14" state disable fast_leave disable
config igmp_snooping data_driven_learning vlan_name "PPPOE14" state disable
config igmp_snooping data_driven_learning vlan_name "PPPOE14" aged_out disable
config igmp_snooping querier vlan_name "PPPOE14" state disable querier_version 2 last_member_query_interval 1
config igmp_snooping vlan_name "PPPOE15" state disable fast_leave disable
config igmp_snooping data_driven_learning vlan_name "PPPOE15" state disable
config igmp_snooping data_driven_learning vlan_name "PPPOE15" aged_out disable
config igmp_snooping querier vlan_name "PPPOE15" state disable querier_version 2 last_member_query_interval 1
config igmp_snooping vlan_name "PPPOE16" state disable fast_leave disable
config igmp_snooping data_driven_learning vlan_name "PPPOE16" state disable
config igmp_snooping data_driven_learning vlan_name "PPPOE16" aged_out disable
config igmp_snooping querier vlan_name "PPPOE16" state disable querier_version 2 last_member_query_interval 1
config igmp_snooping vlan_name "PPPOE17" state disable fast_leave disable
config igmp_snooping data_driven_learning vlan_name "PPPOE17" state disable
config igmp_snooping data_driven_learning vlan_name "PPPOE17" aged_out disable
config igmp_snooping querier vlan_name "PPPOE17" state disable querier_version 2 last_member_query_interval 1
config igmp_snooping vlan_name "PPPOE18" state disable fast_leave disable
config igmp_snooping data_driven_learning vlan_name "PPPOE18" state disable
config igmp_snooping data_driven_learning vlan_name "PPPOE18" aged_out disable
config igmp_snooping querier vlan_name "PPPOE18" state disable querier_version 2 last_member_query_interval 1
config igmp_snooping vlan_name "PPPOE19" state disable fast_leave disable
config igmp_snooping data_driven_learning vlan_name "PPPOE19" state disable
config igmp_snooping data_driven_learning vlan_name "PPPOE19" aged_out disable
config igmp_snooping querier vlan_name "PPPOE19" state disable querier_version 2 last_member_query_interval 1
config igmp_snooping vlan_name "PPPOE20" state disable fast_leave disable
config igmp_snooping data_driven_learning vlan_name "PPPOE20" state disable
config igmp_snooping data_driven_learning vlan_name "PPPOE20" aged_out disable
config igmp_snooping querier vlan_name "PPPOE20" state disable querier_version 2 last_member_query_interval 1
config igmp_snooping vlan_name "PPPOE21" state disable fast_leave disable
config igmp_snooping data_driven_learning vlan_name "PPPOE21" state disable
config igmp_snooping data_driven_learning vlan_name "PPPOE21" aged_out disable
config igmp_snooping querier vlan_name "PPPOE21" state disable querier_version 2 last_member_query_interval 1
config igmp_snooping vlan_name "PPPOE22" state disable fast_leave disable
config igmp_snooping data_driven_learning vlan_name "PPPOE22" state disable
config igmp_snooping data_driven_learning vlan_name "PPPOE22" aged_out disable
config igmp_snooping querier vlan_name "PPPOE22" state disable querier_version 2 last_member_query_interval 1
config igmp_snooping vlan_name "PPPOE23" state disable fast_leave disable
config igmp_snooping data_driven_learning vlan_name "PPPOE23" state disable
config igmp_snooping data_driven_learning vlan_name "PPPOE23" aged_out disable
config igmp_snooping querier vlan_name "PPPOE23" state disable querier_version 2 last_member_query_interval 1
config igmp_snooping vlan_name "PPPOE24" state disable fast_leave disable
config igmp_snooping data_driven_learning vlan_name "PPPOE24" state disable
config igmp_snooping data_driven_learning vlan_name "PPPOE24" aged_out disable
config igmp_snooping querier vlan_name "PPPOE24" state disable querier_version 2 last_member_query_interval 1
config igmp_snooping vlan_name "MCAST" state enable fast_leave disable
config igmp_snooping data_driven_learning vlan_name "MCAST" state disable
config igmp_snooping data_driven_learning vlan_name "MCAST" aged_out disable
config igmp_snooping querier vlan_name "MCAST" state disable querier_version 2 last_member_query_interval 1
config router_ports vlan_name "MCAST" add 27-28
config igmp access_authentication ports 1-28 state disable



# MLD Snooping
disable mld_snooping

# 8021X
disable 802.1x

# port mirroring

# trusted host

# SSH
disable ssh

# access authentication control
disable authen_policy
config authen parameter response_timeout 30
config authen parameter attempt 3
create authen server_group tacacs+
create authen server_group radius
create authen_login method_list_name default
config authen_login default method local
create authen_enable method_list_name default
config authen_enable default method none
config authen application console login method_list_name default
config authen application telnet login method_list_name default
config authen application ssh login method_list_name default
config authen application http login method_list_name default
config authen application console enable method_list_name default
config authen application telnet enable method_list_name default
config authen application ssh enable method_list_name default
config authen application http enable method_list_name default
config admin local_enable *@&2jmj7l5rSw0yVb/vlWAYkK/YBwmwMs6D

# PPPoE
config pppoe circuit_id_insertion state disable
config pppoe circuit_id_insertion ports 1-28 circuit_id ip state disable

# safeguard_engine
config safeguard_engine state disable
disable command logging

# Discover Trap setting

disable qinq
config qinq ports 1-28 role uni outer_tpid 0x8100 trust_cvid disable vlan_translation disable
disable vlan_trunk
config ports 1-24 medium_type copper speed auto state enable flow_control disable MDI/MDIX auto learning enable description ""
config ports 25-26 medium_type fiber speed auto state disable flow_control disable learning enable description "Rezerv"
config ports 27-28 medium_type fiber speed 1000_full state enable flow_control disable learning enable description "Uplink"

# LACP
config link_aggregation state disable
config link_aggregation algorithm mac_source
config lacp port_priority 1-28 128 timeout long
config lacp_ports 1-28 mode active

# Limited IP Multicast
config max_mcast_group ports 1-28 ipv4 max_group 256
config max_mcast_group ports 1-28 ipv6 max_group 256
config limited_multicast_addr ports 1-28 ipv4 access permit
config limited_multicast_addr ports 1-28 ipv6 access permit
config dos_prevention dos_type land_attack action drop disable
config dos_prevention dos_type blat_attack action drop disable
config dos_prevention dos_type smurf_attack action drop disable
config dos_prevention dos_type tcp_null_scan action drop disable
config dos_prevention dos_type tcp_xmascan action drop disable
config dos_prevention dos_type tcp_synfin action drop disable
config dos_prevention dos_type tcp_syn_srcport_less_1024 action drop disable
disable flood_fdb

create account admin admin


enable trusted_host network
###vpisat suda seti dla upravleniya###
create trusted_host network 172.0.0.0/8
save

command-end

