#-------------------------------------------------------------------
# DES-3526 Configuration
#
# Firmware: Build 6.00.B60
# Copyright(C) 2008 D-Link Corporation. All rights reserved.
#-------------------------------------------------------------------


# BASIC

config serial_port baud_rate 9600 auto_logout 10_minutes
enable telnet 23
enable web 80
config terminal_line default
enable clipaging
debug error_log auto_reboot enabled

# ACCOUNT LIST

create account admin support
support
support


# PASSWORD ENCRYPTION

disable password encryption

# BNR

config command_prompt default

# STORM

config traffic control_trap none
config traffic control 1-3 broadcast enable multicast enable unicast enable action drop threshold 10000
config traffic control 4-5 broadcast enable multicast disable unicast disable action drop threshold 10000

# LOOP_DETECT

enable loopdetect
config loopdetect recover_timer 60
config loopdetect interval 10
config loopdetect mode port-based
config loopdetect ports 1-24 state enabled
config loopdetect ports 25-26 state disabled

# GM

config sim candidate
disable sim
config sim dp_interval 30
config sim hold_time 100

# SYSLOG

disable syslog
config system_severity trap information
config system_severity log information

# QOS

config scheduling 0 max_packet 0 max_latency 0
config scheduling 1 max_packet 0 max_latency 0
config scheduling 2 max_packet 0 max_latency 0
config scheduling 3 max_packet 0 max_latency 0
config 802.1p user_priority 0 1
config 802.1p user_priority 1 0
config 802.1p user_priority 2 0
config 802.1p user_priority 3 1
config 802.1p user_priority 4 2
config 802.1p user_priority 5 2
config 802.1p user_priority 6 3
config 802.1p user_priority 7 3
config 802.1p default_priority 1-26 0
config bandwidth_control 1-26 rx_rate no_limit tx_rate no_limit

# MIRROR

disable mirror

# TRAF-SEGMENTATION

config traffic_segmentation 1-24 forward_list 25-26
config traffic_segmentation 25-26 forward_list 1-26

# PORT

config ports 1-24 speed auto flow_control disable mdix auto learning enable state enable trap disable
config ports 25-26 medium_type copper speed auto flow_control disable mdix auto learning enable state enable trap disable
config ports 25-26 medium_type fiber speed auto flow_control disable learning enable state enable trap disable

# PORT_LOCK

enable port_security trap_log
config port_security ports 1-24 admin_state enable max_learning_addr 20 lock_address_mode DeleteOnTimeout
config port_security ports 25-26 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnReset

# 8021X

disable 802.1x
config 802.1x auth_protocol radius_eap
config 802.1x capability ports 1-26 none
config 802.1x auth_parameter ports 1-26 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable

# SNMPv3

delete snmp community public
delete snmp community private
delete snmp user initial
delete snmp group initial
delete snmp view restricted all
delete snmp view CommunityView all
config snmp engineID 800000ab03001b11217e27
create snmp view restricted 1.3.6.1.2.1.1 view_type included
create snmp view restricted 1.3.6.1.2.1.11 view_type included
create snmp view restricted 1.3.6.1.6.3.10.2.1 view_type included
create snmp view restricted 1.3.6.1.6.3.11.2.1 view_type included
create snmp view restricted 1.3.6.1.6.3.15.1.1 view_type included
create snmp view CommunityView 1 view_type included
create snmp view CommunityView 1.3.6.1.6.3 view_type excluded
create snmp view CommunityView 1.3.6.1.6.3.1 view_type included
create snmp group public v1 read_view CommunityView notify_view CommunityView
create snmp group public v2c read_view CommunityView notify_view CommunityView
create snmp group initial v3 noauth_nopriv read_view restricted notify_view restricted
create snmp group private v1 read_view CommunityView write_view CommunityView notify_view CommunityView
create snmp group private v2c read_view CommunityView write_view CommunityView notify_view CommunityView
create snmp group desbamtn v1 read_view CommunityView notify_view CommunityView
create snmp group desbamtn v2c read_view CommunityView notify_view CommunityView
create snmp group ReadGroup v1 read_view CommunityView notify_view CommunityView
create snmp group ReadGroup v2c read_view CommunityView notify_view CommunityView
create snmp group dessnmptn v1 read_view CommunityView write_view CommunityView notify_view CommunityView
create snmp group dessnmptn v2c read_view CommunityView write_view CommunityView notify_view CommunityView
create snmp group WriteGroup v1 read_view CommunityView write_view CommunityView notify_view CommunityView
create snmp group WriteGroup v2c read_view CommunityView write_view CommunityView notify_view CommunityView
create snmp community desbamtn view CommunityView read_only
create snmp community dessnmptn view CommunityView read_write
create snmp user initial initial
create snmp host 78.111.241.21 v2c desbamtn

# MANAGEMENT

enable snmp traps
enable snmp authenticate traps
config snmp system_name kosta258p3.tn
config snmp system_location kosta258p3
config snmp system_contact noc@tvingo.ru
disable rmon

# VLAN

disable asymmetric_vlan
config vlan default delete 1-26
config vlan default advertisement enable
create vlan MGMT tag 10
config vlan MGMT add tagged 25-26
config vlan MGMT advertisement disable
create vlan 101 tag 101
config vlan 101 add tagged 25-26
config vlan 101 advertisement disable
create vlan 102 tag 102
config vlan 102 add tagged 25-26
config vlan 102 advertisement disable
create vlan 103 tag 103
config vlan 103 add tagged 25-26
config vlan 103 advertisement disable
create vlan 104 tag 104
config vlan 104 add tagged 25-26
config vlan 104 advertisement disable
create vlan 105 tag 105
config vlan 105 add tagged 25-26
config vlan 105 advertisement disable
create vlan 106 tag 106
config vlan 106 add tagged 25-26
config vlan 106 advertisement disable
create vlan 107 tag 107
config vlan 107 add tagged 25-26
config vlan 107 advertisement disable
create vlan 108 tag 108
config vlan 108 add tagged 25-26
config vlan 108 advertisement disable
create vlan 109 tag 109
config vlan 109 add tagged 25-26
config vlan 109 advertisement disable
create vlan 110 tag 110
config vlan 110 add tagged 25-26
config vlan 110 advertisement disable
create vlan 111 tag 111
config vlan 111 add tagged 25-26
config vlan 111 advertisement disable
create vlan 112 tag 112
config vlan 112 add tagged 25-26
config vlan 112 advertisement disable
create vlan 113 tag 113
config vlan 113 add tagged 25-26
config vlan 113 advertisement disable
create vlan 114 tag 114
config vlan 114 add tagged 25-26
config vlan 114 advertisement disable
create vlan 115 tag 115
config vlan 115 add tagged 25-26
config vlan 115 advertisement disable
create vlan 116 tag 116
config vlan 116 add tagged 25-26
config vlan 116 advertisement disable
create vlan 117 tag 117
config vlan 117 add tagged 25-26
config vlan 117 advertisement disable
create vlan 118 tag 118
config vlan 118 add tagged 25-26
config vlan 118 advertisement disable
create vlan 119 tag 119
config vlan 119 add tagged 25-26
config vlan 119 advertisement disable
create vlan 120 tag 120
config vlan 120 add tagged 25-26
config vlan 120 advertisement disable
create vlan 121 tag 121
config vlan 121 add tagged 25-26
config vlan 121 advertisement disable
create vlan 122 tag 122
config vlan 122 add tagged 25-26
config vlan 122 advertisement disable
create vlan 123 tag 123
config vlan 123 add tagged 25-26
config vlan 123 advertisement disable
create vlan 124 tag 124
config vlan 124 add tagged 25-26
config vlan 124 advertisement disable
create vlan 125 tag 125
config vlan 125 add tagged 25-26
config vlan 125 advertisement disable
create vlan 126 tag 126
config vlan 126 add tagged 25-26
config vlan 126 advertisement disable
create vlan 127 tag 127
config vlan 127 add tagged 25-26
config vlan 127 advertisement disable
create vlan 128 tag 128
config vlan 128 add tagged 25-26
config vlan 128 advertisement disable
create vlan 129 tag 129
config vlan 129 add tagged 25-26
config vlan 129 advertisement disable
create vlan 130 tag 130
config vlan 130 add tagged 25-26
config vlan 130 advertisement disable
create vlan 131 tag 131
config vlan 131 add tagged 25-26
config vlan 131 advertisement disable
create vlan 132 tag 132
config vlan 132 add tagged 25-26
config vlan 132 advertisement disable
create vlan 133 tag 133
config vlan 133 add tagged 25-26
config vlan 133 advertisement disable
create vlan 134 tag 134
config vlan 134 add tagged 25-26
config vlan 134 advertisement disable
create vlan 135 tag 135
config vlan 135 add tagged 25-26
config vlan 135 advertisement disable
create vlan 136 tag 136
config vlan 136 add tagged 25-26
config vlan 136 advertisement disable
create vlan 137 tag 137
config vlan 137 add tagged 25-26
config vlan 137 advertisement disable
create vlan 138 tag 138
config vlan 138 add tagged 25-26
config vlan 138 advertisement disable
create vlan 139 tag 139
config vlan 139 add tagged 25-26
config vlan 139 advertisement disable
create vlan 140 tag 140
config vlan 140 add tagged 25-26
config vlan 140 advertisement disable
create vlan 141 tag 141
config vlan 141 add tagged 25-26
config vlan 141 advertisement disable
create vlan 142 tag 142
config vlan 142 add tagged 25-26
config vlan 142 advertisement disable
create vlan 143 tag 143
config vlan 143 add tagged 25-26
config vlan 143 advertisement disable
create vlan 144 tag 144
config vlan 144 add tagged 25-26
config vlan 144 advertisement disable
create vlan 145 tag 145
config vlan 145 add tagged 25-26
config vlan 145 advertisement disable
create vlan 146 tag 146
config vlan 146 add tagged 25-26
config vlan 146 advertisement disable
create vlan 147 tag 147
config vlan 147 add tagged 25-26
config vlan 147 advertisement disable
create vlan 148 tag 148
config vlan 148 add tagged 25-26
config vlan 148 advertisement disable
create vlan 149 tag 149
config vlan 149 add tagged 25-26
config vlan 149 advertisement disable
create vlan 150 tag 150
config vlan 150 add tagged 25-26
config vlan 150 advertisement disable
create vlan Office_vlan tag 200
config vlan Office_vlan add tagged 25-26
config vlan Office_vlan advertisement disable
create vlan 201 tag 201
config vlan 201 add tagged 25-26
config vlan 201 advertisement disable
create vlan 202 tag 202
config vlan 202 add tagged 25-26
config vlan 202 advertisement disable
create vlan 203 tag 203
config vlan 203 add tagged 25-26
config vlan 203 add untagged 1-24
config vlan 203 advertisement disable
create vlan 204 tag 204
config vlan 204 add tagged 25-26
config vlan 204 advertisement disable
create vlan 205 tag 205
config vlan 205 add tagged 25-26
config vlan 205 advertisement disable
create vlan 206 tag 206
config vlan 206 add tagged 25-26
config vlan 206 advertisement disable
create vlan 207 tag 207
config vlan 207 add tagged 25-26
config vlan 207 advertisement disable
create vlan 208 tag 208
config vlan 208 add tagged 25-26
config vlan 208 advertisement disable
create vlan 209 tag 209
config vlan 209 add tagged 25-26
config vlan 209 advertisement disable
create vlan 210 tag 210
config vlan 210 add tagged 25-26
config vlan 210 advertisement disable
create vlan 211 tag 211
config vlan 211 add tagged 25-26
config vlan 211 advertisement disable
create vlan 212 tag 212
config vlan 212 add tagged 25-26
config vlan 212 advertisement disable
create vlan 213 tag 213
config vlan 213 add tagged 25-26
config vlan 213 advertisement disable
create vlan 214 tag 214
config vlan 214 add tagged 25-26
config vlan 214 advertisement disable
create vlan 215 tag 215
config vlan 215 add tagged 25-26
config vlan 215 advertisement disable
create vlan 216 tag 216
config vlan 216 add tagged 25-26
config vlan 216 advertisement disable
create vlan 217 tag 217
config vlan 217 add tagged 25-26
config vlan 217 advertisement disable
create vlan 218 tag 218
config vlan 218 add tagged 25-26
config vlan 218 advertisement disable
create vlan 219 tag 219
config vlan 219 add tagged 25-26
config vlan 219 advertisement disable
create vlan 220 tag 220
config vlan 220 add tagged 25-26
config vlan 220 advertisement disable
create vlan 221 tag 221
config vlan 221 add tagged 25-26
config vlan 221 advertisement disable
create vlan 222 tag 222
config vlan 222 add tagged 25-26
config vlan 222 advertisement disable
create vlan 223 tag 223
config vlan 223 add tagged 25-26
config vlan 223 advertisement disable
create vlan 224 tag 224
config vlan 224 add tagged 25-26
config vlan 224 advertisement disable
create vlan 225 tag 225
config vlan 225 add tagged 25-26
config vlan 225 advertisement disable
create vlan 226 tag 226
config vlan 226 add tagged 25-26
config vlan 226 advertisement disable
create vlan 227 tag 227
config vlan 227 add tagged 25-26
config vlan 227 advertisement disable
create vlan 228 tag 228
config vlan 228 add tagged 25-26
config vlan 228 advertisement disable
create vlan 229 tag 229
config vlan 229 add tagged 25-26
config vlan 229 advertisement disable
create vlan 230 tag 230
config vlan 230 add tagged 25-26
config vlan 230 advertisement disable
create vlan 231 tag 231
config vlan 231 add tagged 25-26
config vlan 231 advertisement disable
create vlan 232 tag 232
config vlan 232 add tagged 25-26
config vlan 232 advertisement disable
create vlan 233 tag 233
config vlan 233 add tagged 25-26
config vlan 233 advertisement disable
create vlan 234 tag 234
config vlan 234 add tagged 25-26
config vlan 234 advertisement disable
create vlan 235 tag 235
config vlan 235 add tagged 25-26
config vlan 235 advertisement disable
create vlan 236 tag 236
config vlan 236 add tagged 25-26
config vlan 236 advertisement disable
create vlan 237 tag 237
config vlan 237 add tagged 25-26
config vlan 237 advertisement disable
create vlan 238 tag 238
config vlan 238 add tagged 25-26
config vlan 238 advertisement disable
create vlan 239 tag 239
config vlan 239 add tagged 25-26
config vlan 239 advertisement disable
create vlan 240 tag 240
config vlan 240 add tagged 25-26
config vlan 240 advertisement disable
create vlan 241 tag 241
config vlan 241 add tagged 25-26
config vlan 241 advertisement disable
create vlan 242 tag 242
config vlan 242 add tagged 25-26
config vlan 242 advertisement disable
create vlan 243 tag 243
config vlan 243 add tagged 25-26
config vlan 243 advertisement disable
create vlan 244 tag 244
config vlan 244 add tagged 25-26
config vlan 244 advertisement disable
create vlan 245 tag 245
config vlan 245 add tagged 25-26
config vlan 245 advertisement disable
create vlan 246 tag 246
config vlan 246 add tagged 25-26
config vlan 246 advertisement disable
create vlan 247 tag 247
config vlan 247 add tagged 25-26
config vlan 247 advertisement disable
create vlan 248 tag 248
config vlan 248 add tagged 25-26
config vlan 248 advertisement disable
create vlan 249 tag 249
config vlan 249 add tagged 25-26
config vlan 249 advertisement disable
create vlan 250 tag 250
config vlan 250 add tagged 25-26
config vlan 250 advertisement disable
create vlan MSTP tag 999
config vlan MSTP add tagged 25-26
config vlan MSTP advertisement disable
disable gvrp
config gvrp 1-24 state disable ingress_checking enable acceptable_frame admit_all pvid 203
config gvrp 25-26 state disable ingress_checking enable acceptable_frame admit_all pvid 1

# FDB

config fdb aging_time 120
config multicast port_filtering_mode 1-24 filter_unregistered_groups
config multicast port_filtering_mode 25-26 forward_unregistered_groups

# MAC_ADDRESS_TABLE_NOTIFICATION

config mac_notification interval 10 historysize 100
enable mac_notification
config mac_notification ports 1-24 enable
config mac_notification ports 25-26 disable

# STP

config stp version mstp
config stp maxage 6 maxhops 20 forwarddelay 4 txholdcount 3 fbpdu enable
config stp priority 32768 instance_id 0
config stp mst_config_id name STP_RING_311 revision_level 5
disable stp
config stp ports 1-23 externalCost auto hellotime 2 edge true p2p auto state disable
config stp ports 1-24 fbpdu disable
config stp ports 1-24 restricted_role true
config stp ports 1-24 restricted_tcn true
config stp mst_ports 1-26 instance_id 0 internalCost auto priority 128
config stp ports 24 externalCost auto hellotime 2 edge true p2p auto state enable
config stp ports 25-26 externalCost auto hellotime 2 edge false p2p auto state enable
config stp ports 25-26 fbpdu enable
config stp ports 25-26 restricted_role false
config stp ports 25-26 restricted_tcn false

# SSH

config ssh server maxsession 8
config ssh server contimeout 300
config ssh server authfail 2
config ssh server rekey never
config ssh server port 22
disable ssh
config ssh user support authmode password

# SSL

disable ssl
enable ssl ciphersuite RSA_with_RC4_128_MD5
enable ssl ciphersuite RSA_with_3DES_EDE_CBC_SHA
enable ssl ciphersuite DHE_DSS_with_3DES_EDE_CBC_SHA
enable ssl ciphersuite RSA_EXPORT_with_RC4_40_MD5
config ssl cachetimeout timeout 600

# SAFE_GUARD

config safeguard_engine state disable cpu_utilization rising_threshold 100 falling_threshold 20 trap_log disable

# TIMERANGE


# security_ACL

create access_profile ethernet destination_mac FF-FF-FF-00-00-00 profile_id 10
config access_profile profile_id 10 add access_id 1 ethernet destination_mac 40-55-39-00-00-00 port 1 permit
config access_profile profile_id 10 add access_id 2 ethernet destination_mac 40-55-39-00-00-00 port 2 permit
config access_profile profile_id 10 add access_id 3 ethernet destination_mac 40-55-39-00-00-00 port 3 permit
config access_profile profile_id 10 add access_id 4 ethernet destination_mac 40-55-39-00-00-00 port 4 permit
config access_profile profile_id 10 add access_id 5 ethernet destination_mac 40-55-39-00-00-00 port 5 permit
config access_profile profile_id 10 add access_id 6 ethernet destination_mac 40-55-39-00-00-00 port 6 permit
config access_profile profile_id 10 add access_id 7 ethernet destination_mac 40-55-39-00-00-00 port 7 permit
config access_profile profile_id 10 add access_id 8 ethernet destination_mac 40-55-39-00-00-00 port 8 permit
config access_profile profile_id 10 add access_id 9 ethernet destination_mac 40-55-39-00-00-00 port 9 permit
config access_profile profile_id 10 add access_id 10 ethernet destination_mac 40-55-39-00-00-00 port 10 permit
config access_profile profile_id 10 add access_id 11 ethernet destination_mac 40-55-39-00-00-00 port 11 permit
config access_profile profile_id 10 add access_id 12 ethernet destination_mac 40-55-39-00-00-00 port 12 permit
config access_profile profile_id 10 add access_id 13 ethernet destination_mac 40-55-39-00-00-00 port 13 permit
config access_profile profile_id 10 add access_id 14 ethernet destination_mac 40-55-39-00-00-00 port 14 permit
config access_profile profile_id 10 add access_id 15 ethernet destination_mac 40-55-39-00-00-00 port 15 permit
config access_profile profile_id 10 add access_id 16 ethernet destination_mac 40-55-39-00-00-00 port 16 permit
config access_profile profile_id 10 add access_id 17 ethernet destination_mac 40-55-39-00-00-00 port 17 permit
config access_profile profile_id 10 add access_id 18 ethernet destination_mac 40-55-39-00-00-00 port 18 permit
config access_profile profile_id 10 add access_id 19 ethernet destination_mac 40-55-39-00-00-00 port 19 permit
config access_profile profile_id 10 add access_id 20 ethernet destination_mac 40-55-39-00-00-00 port 20 permit
config access_profile profile_id 10 add access_id 21 ethernet destination_mac 40-55-39-00-00-00 port 21 permit
config access_profile profile_id 10 add access_id 22 ethernet destination_mac 40-55-39-00-00-00 port 22 permit
config access_profile profile_id 10 add access_id 23 ethernet destination_mac 40-55-39-00-00-00 port 23 permit
config access_profile profile_id 10 add access_id 24 ethernet destination_mac 40-55-39-00-00-00 port 24 permit

create access_profile ethernet destination_mac FF-FF-FF-00-00-00 profile_id 11
config access_profile profile_id 11 add access_id 1 ethernet destination_mac 00-30-88-00-00-00 port 1 permit
config access_profile profile_id 11 add access_id 2 ethernet destination_mac 00-30-88-00-00-00 port 2 permit
config access_profile profile_id 11 add access_id 3 ethernet destination_mac 00-30-88-00-00-00 port 3 permit
config access_profile profile_id 11 add access_id 4 ethernet destination_mac 00-30-88-00-00-00 port 4 permit
config access_profile profile_id 11 add access_id 5 ethernet destination_mac 00-30-88-00-00-00 port 5 permit
config access_profile profile_id 11 add access_id 6 ethernet destination_mac 00-30-88-00-00-00 port 6 permit
config access_profile profile_id 11 add access_id 7 ethernet destination_mac 00-30-88-00-00-00 port 7 permit
config access_profile profile_id 11 add access_id 8 ethernet destination_mac 00-30-88-00-00-00 port 8 permit
config access_profile profile_id 11 add access_id 9 ethernet destination_mac 00-30-88-00-00-00 port 9 permit
config access_profile profile_id 11 add access_id 10 ethernet destination_mac 00-30-88-00-00-00 port 10 permit
config access_profile profile_id 11 add access_id 11 ethernet destination_mac 00-30-88-00-00-00 port 11 permit
config access_profile profile_id 11 add access_id 12 ethernet destination_mac 00-30-88-00-00-00 port 12 permit
config access_profile profile_id 11 add access_id 13 ethernet destination_mac 00-30-88-00-00-00 port 13 permit
config access_profile profile_id 11 add access_id 14 ethernet destination_mac 00-30-88-00-00-00 port 14 permit
config access_profile profile_id 11 add access_id 15 ethernet destination_mac 00-30-88-00-00-00 port 15 permit
config access_profile profile_id 11 add access_id 16 ethernet destination_mac 00-30-88-00-00-00 port 16 permit
config access_profile profile_id 11 add access_id 17 ethernet destination_mac 00-30-88-00-00-00 port 17 permit
config access_profile profile_id 11 add access_id 18 ethernet destination_mac 00-30-88-00-00-00 port 18 permit
config access_profile profile_id 11 add access_id 19 ethernet destination_mac 00-30-88-00-00-00 port 19 permit
config access_profile profile_id 11 add access_id 20 ethernet destination_mac 00-30-88-00-00-00 port 20 permit
config access_profile profile_id 11 add access_id 21 ethernet destination_mac 00-30-88-00-00-00 port 21 permit
config access_profile profile_id 11 add access_id 22 ethernet destination_mac 00-30-88-00-00-00 port 22 permit
config access_profile profile_id 11 add access_id 23 ethernet destination_mac 00-30-88-00-00-00 port 23 permit
config access_profile profile_id 11 add access_id 24 ethernet destination_mac 00-30-88-00-00-00 port 24 permit

create access_profile ethernet destination_mac FF-FF-FF-00-00-00 profile_id 12
config access_profile profile_id 12 add access_id 1 ethernet destination_mac 00-00-5E-00-00-00 port 1 permit
config access_profile profile_id 12 add access_id 2 ethernet destination_mac 00-00-5E-00-00-00 port 2 permit
config access_profile profile_id 12 add access_id 3 ethernet destination_mac 00-00-5E-00-00-00 port 3 permit
config access_profile profile_id 12 add access_id 4 ethernet destination_mac 00-00-5E-00-00-00 port 4 permit
config access_profile profile_id 12 add access_id 5 ethernet destination_mac 00-00-5E-00-00-00 port 5 permit
config access_profile profile_id 12 add access_id 6 ethernet destination_mac 00-00-5E-00-00-00 port 6 permit
config access_profile profile_id 12 add access_id 7 ethernet destination_mac 00-00-5E-00-00-00 port 7 permit
config access_profile profile_id 12 add access_id 8 ethernet destination_mac 00-00-5E-00-00-00 port 8 permit
config access_profile profile_id 12 add access_id 9 ethernet destination_mac 00-00-5E-00-00-00 port 9 permit
config access_profile profile_id 12 add access_id 10 ethernet destination_mac 00-00-5E-00-00-00 port 10 permit
config access_profile profile_id 12 add access_id 11 ethernet destination_mac 00-00-5E-00-00-00 port 11 permit
config access_profile profile_id 12 add access_id 12 ethernet destination_mac 00-00-5E-00-00-00 port 12 permit
config access_profile profile_id 12 add access_id 13 ethernet destination_mac 00-00-5E-00-00-00 port 13 permit
config access_profile profile_id 12 add access_id 14 ethernet destination_mac 00-00-5E-00-00-00 port 14 permit
config access_profile profile_id 12 add access_id 15 ethernet destination_mac 00-00-5E-00-00-00 port 15 permit
config access_profile profile_id 12 add access_id 16 ethernet destination_mac 00-00-5E-00-00-00 port 16 permit
config access_profile profile_id 12 add access_id 17 ethernet destination_mac 00-00-5E-00-00-00 port 17 permit
config access_profile profile_id 12 add access_id 18 ethernet destination_mac 00-00-5E-00-00-00 port 18 permit
config access_profile profile_id 12 add access_id 19 ethernet destination_mac 00-00-5E-00-00-00 port 19 permit
config access_profile profile_id 12 add access_id 20 ethernet destination_mac 00-00-5E-00-00-00 port 20 permit
config access_profile profile_id 12 add access_id 21 ethernet destination_mac 00-00-5E-00-00-00 port 21 permit
config access_profile profile_id 12 add access_id 22 ethernet destination_mac 00-00-5E-00-00-00 port 22 permit
config access_profile profile_id 12 add access_id 23 ethernet destination_mac 00-00-5E-00-00-00 port 23 permit
config access_profile profile_id 12 add access_id 24 ethernet destination_mac 00-00-5E-00-00-00 port 24 permit

create access_profile ethernet destination_mac FF-FF-FF-00-00-00 profile_id 13
config access_profile profile_id 13 add access_id 1 ethernet destination_mac 10-F3-11-00-00-00 port 1 permit
config access_profile profile_id 13 add access_id 2 ethernet destination_mac 10-F3-11-00-00-00 port 2 permit
config access_profile profile_id 13 add access_id 3 ethernet destination_mac 10-F3-11-00-00-00 port 3 permit
config access_profile profile_id 13 add access_id 4 ethernet destination_mac 10-F3-11-00-00-00 port 4 permit
config access_profile profile_id 13 add access_id 5 ethernet destination_mac 10-F3-11-00-00-00 port 5 permit
config access_profile profile_id 13 add access_id 6 ethernet destination_mac 10-F3-11-00-00-00 port 6 permit
config access_profile profile_id 13 add access_id 7 ethernet destination_mac 10-F3-11-00-00-00 port 7 permit
config access_profile profile_id 13 add access_id 8 ethernet destination_mac 10-F3-11-00-00-00 port 8 permit
config access_profile profile_id 13 add access_id 9 ethernet destination_mac 10-F3-11-00-00-00 port 9 permit
config access_profile profile_id 13 add access_id 10 ethernet destination_mac 10-F3-11-00-00-00 port 10 permit
config access_profile profile_id 13 add access_id 11 ethernet destination_mac 10-F3-11-00-00-00 port 11 permit
config access_profile profile_id 13 add access_id 12 ethernet destination_mac 10-F3-11-00-00-00 port 12 permit
config access_profile profile_id 13 add access_id 13 ethernet destination_mac 10-F3-11-00-00-00 port 13 permit
config access_profile profile_id 13 add access_id 14 ethernet destination_mac 10-F3-11-00-00-00 port 14 permit
config access_profile profile_id 13 add access_id 15 ethernet destination_mac 10-F3-11-00-00-00 port 15 permit
config access_profile profile_id 13 add access_id 16 ethernet destination_mac 10-F3-11-00-00-00 port 16 permit
config access_profile profile_id 13 add access_id 17 ethernet destination_mac 10-F3-11-00-00-00 port 17 permit
config access_profile profile_id 13 add access_id 18 ethernet destination_mac 10-F3-11-00-00-00 port 18 permit
config access_profile profile_id 13 add access_id 19 ethernet destination_mac 10-F3-11-00-00-00 port 19 permit
config access_profile profile_id 13 add access_id 20 ethernet destination_mac 10-F3-11-00-00-00 port 20 permit
config access_profile profile_id 13 add access_id 21 ethernet destination_mac 10-F3-11-00-00-00 port 21 permit
config access_profile profile_id 13 add access_id 22 ethernet destination_mac 10-F3-11-00-00-00 port 22 permit
config access_profile profile_id 13 add access_id 23 ethernet destination_mac 10-F3-11-00-00-00 port 23 permit
config access_profile profile_id 13 add access_id 24 ethernet destination_mac 10-F3-11-00-00-00 port 24 permit

create access_profile ethernet destination_mac FF-FF-FF-FF-FF-FF profile_id 20
config access_profile profile_id 20 add access_id 1 ethernet destination_mac FF-FF-FF-FF-FF-FF port 1 permit
config access_profile profile_id 20 add access_id 2 ethernet destination_mac FF-FF-FF-FF-FF-FF port 2 permit
config access_profile profile_id 20 add access_id 3 ethernet destination_mac FF-FF-FF-FF-FF-FF port 3 permit
config access_profile profile_id 20 add access_id 4 ethernet destination_mac FF-FF-FF-FF-FF-FF port 4 permit
config access_profile profile_id 20 add access_id 5 ethernet destination_mac FF-FF-FF-FF-FF-FF port 5 permit
config access_profile profile_id 20 add access_id 6 ethernet destination_mac FF-FF-FF-FF-FF-FF port 6 permit
config access_profile profile_id 20 add access_id 7 ethernet destination_mac FF-FF-FF-FF-FF-FF port 7 permit
config access_profile profile_id 20 add access_id 8 ethernet destination_mac FF-FF-FF-FF-FF-FF port 8 permit
config access_profile profile_id 20 add access_id 9 ethernet destination_mac FF-FF-FF-FF-FF-FF port 9 permit
config access_profile profile_id 20 add access_id 10 ethernet destination_mac FF-FF-FF-FF-FF-FF port 10 permit
config access_profile profile_id 20 add access_id 11 ethernet destination_mac FF-FF-FF-FF-FF-FF port 11 permit
config access_profile profile_id 20 add access_id 12 ethernet destination_mac FF-FF-FF-FF-FF-FF port 12 permit
config access_profile profile_id 20 add access_id 13 ethernet destination_mac FF-FF-FF-FF-FF-FF port 13 permit
config access_profile profile_id 20 add access_id 14 ethernet destination_mac FF-FF-FF-FF-FF-FF port 14 permit
config access_profile profile_id 20 add access_id 15 ethernet destination_mac FF-FF-FF-FF-FF-FF port 15 permit
config access_profile profile_id 20 add access_id 16 ethernet destination_mac FF-FF-FF-FF-FF-FF port 16 permit
config access_profile profile_id 20 add access_id 17 ethernet destination_mac FF-FF-FF-FF-FF-FF port 17 permit
config access_profile profile_id 20 add access_id 18 ethernet destination_mac FF-FF-FF-FF-FF-FF port 18 permit
config access_profile profile_id 20 add access_id 19 ethernet destination_mac FF-FF-FF-FF-FF-FF port 19 permit
config access_profile profile_id 20 add access_id 20 ethernet destination_mac FF-FF-FF-FF-FF-FF port 20 permit
config access_profile profile_id 20 add access_id 21 ethernet destination_mac FF-FF-FF-FF-FF-FF port 21 permit
config access_profile profile_id 20 add access_id 22 ethernet destination_mac FF-FF-FF-FF-FF-FF port 22 permit
config access_profile profile_id 20 add access_id 23 ethernet destination_mac FF-FF-FF-FF-FF-FF port 23 permit
config access_profile profile_id 20 add access_id 24 ethernet destination_mac FF-FF-FF-FF-FF-FF port 24 permit

create access_profile ethernet destination_mac 00-00-00-00-00-00 profile_id 30
config access_profile profile_id 30 add access_id 1 ethernet destination_mac 00-00-00-00-00-00 port 1 deny
config access_profile profile_id 30 add access_id 2 ethernet destination_mac 00-00-00-00-00-00 port 2 deny
config access_profile profile_id 30 add access_id 3 ethernet destination_mac 00-00-00-00-00-00 port 3 deny
config access_profile profile_id 30 add access_id 4 ethernet destination_mac 00-00-00-00-00-00 port 4 deny
config access_profile profile_id 30 add access_id 5 ethernet destination_mac 00-00-00-00-00-00 port 5 deny
config access_profile profile_id 30 add access_id 6 ethernet destination_mac 00-00-00-00-00-00 port 6 deny
config access_profile profile_id 30 add access_id 7 ethernet destination_mac 00-00-00-00-00-00 port 7 deny
config access_profile profile_id 30 add access_id 8 ethernet destination_mac 00-00-00-00-00-00 port 8 deny
config access_profile profile_id 30 add access_id 9 ethernet destination_mac 00-00-00-00-00-00 port 9 deny
config access_profile profile_id 30 add access_id 10 ethernet destination_mac 00-00-00-00-00-00 port 10 deny
config access_profile profile_id 30 add access_id 11 ethernet destination_mac 00-00-00-00-00-00 port 11 deny
config access_profile profile_id 30 add access_id 12 ethernet destination_mac 00-00-00-00-00-00 port 12 deny
config access_profile profile_id 30 add access_id 13 ethernet destination_mac 00-00-00-00-00-00 port 13 deny
config access_profile profile_id 30 add access_id 14 ethernet destination_mac 00-00-00-00-00-00 port 14 deny
config access_profile profile_id 30 add access_id 15 ethernet destination_mac 00-00-00-00-00-00 port 15 deny
config access_profile profile_id 30 add access_id 16 ethernet destination_mac 00-00-00-00-00-00 port 16 deny
config access_profile profile_id 30 add access_id 17 ethernet destination_mac 00-00-00-00-00-00 port 17 deny
config access_profile profile_id 30 add access_id 18 ethernet destination_mac 00-00-00-00-00-00 port 18 deny
config access_profile profile_id 30 add access_id 19 ethernet destination_mac 00-00-00-00-00-00 port 19 deny
config access_profile profile_id 30 add access_id 20 ethernet destination_mac 00-00-00-00-00-00 port 20 deny
config access_profile profile_id 30 add access_id 21 ethernet destination_mac 00-00-00-00-00-00 port 21 deny
config access_profile profile_id 30 add access_id 22 ethernet destination_mac 00-00-00-00-00-00 port 22 deny
config access_profile profile_id 30 add access_id 23 ethernet destination_mac 00-00-00-00-00-00 port 23 deny
config access_profile profile_id 30 add access_id 24 ethernet destination_mac 00-00-00-00-00-00 port 24 deny

config filter dhcp_server ports 1-24 state enable
config pppoe circuit_id_insertion state enable
enable dhcp_local_relay
disable address_binding acl_mode
disable address_binding dhcp_snoop

# ACL

disable cpu_interface_filtering

# SNTP

enable sntp
config time_zone operator + hour 4 min 0

config dst disable

# IPBIND

disable address_binding trap_log
config address_binding dhcp_snoop max_entry ports 1-26 limit 5

# FILTER


# PPPoE_Circuit_ID_Insertion

config pppoe circuit_id_insertion ports 1-24 state enable circuit_id ip
config pppoe circuit_id_insertion ports 25-26 state disable circuit_id ip

# ROUTE

create iproute default 10.128.26.1 1

# SNOOP

enable igmp_snooping
create igmp_snooping multicast_vlan IPTV 30
config igmp_snooping multicast_vlan IPTV state enable replace_source_ip 0.0.0.0 source_port 25-26
create igmp_snooping multicast_vlan MEGAFON_TV 31
config igmp_snooping multicast_vlan MEGAFON_TV state enable replace_source_ip 0.0.0.0 member_port 1-24 source_port 25-26
config igmp_snooping IPTV host_timeout 260 router_timeout 260 leave_timer 2 state enable
config igmp_snooping querier IPTV query_interval 125 max_response_time 10 robustness_variable 2
config igmp_snooping querier IPTV last_member_query_interval 1 state disable
config igmp_snooping MEGAFON_TV host_timeout 260 router_timeout 260 leave_timer 2 state enable
config igmp_snooping querier MEGAFON_TV query_interval 125 max_response_time 10 robustness_variable 2
config igmp_snooping querier MEGAFON_TV last_member_query_interval 1 state disable
config router_ports IPTV add 25-26
config router_ports MEGAFON_TV add 25-26
config limited_multicast_addr ports 1-26 access deny state disable

# LACP

config link_aggregation algorithm mac_source
config lacp_port 1-26 mode passive

# GVLAN


# IP

config ipif System vlan MGMT ipaddress 10.128.26.103/24 state enable
disable autoconfig
config autoconfig timeout 50
config ipif System dhcp_option12 state disable

# ARP

config arp_aging time 20
config gratuitous_arp send ipif_status_up enable
config gratuitous_arp send dup_ip_detected enable
config gratuitous_arp learning enable

# LLDP

disable lldp
config lldp message_tx_interval 30
config lldp tx_delay 2
config lldp message_tx_hold_multiplier 4
config lldp reinit_delay 2
config lldp notification_interval 5
config lldp ports 1-26 notification disable
config lldp ports 1-26 admin_status tx_and_rx

# ACCESS_AUTHENTICATION_CONTROL

config authen_login default method local
config authen_enable default method local_enable
config authen application console login default
config authen application console enable default
config authen application telnet login default
config authen application telnet enable default
config authen application ssh login default
config authen application ssh enable default
config authen application http login default
config authen application http enable default
config authen parameter response_timeout 30
config authen parameter attempt 3
config authen enable_admin all state enable
disable authen_policy

# DHCP_RELAY

disable dhcp_relay
config dhcp_relay hops 4 time 0
config dhcp_relay option_82 state enable
config dhcp_relay option_82 check enable
config dhcp_relay option_82 policy replace
config dhcp_relay option_82 remote_id default
config dhcp_relay option_60 state disable
config dhcp_relay option_60 default mode drop
config dhcp_relay option_61 state disable
config dhcp_relay option_61 default drop

# DHCP_LOCAL_RELAY

config dhcp_local_relay vlan vlanid 103,203 state enable
config dhcp_local_relay option_82 ports 1-24 policy replace
config dhcp_local_relay option_82 ports 25-26 policy keep

#-------------------------------------------------------------------
# End of configuration file for DES-3526
#-------------------------------------------------------------------