zamtel@ZMT-ZM-LMY-PR-001> show configuration | except SECRET-DATA | no-more ## Last commit: 2013-05-17 03:32:38 CAT by zamtel version 10.3R4.4; groups { re0 { system { host-name ZMT-ZM-LMY-PR-001-RE0; } interfaces { fxp0 { unit 0 { description "OOB Management Interface"; family inet { address 41.72.100.70/27; address 41.72.100.72/27 { master-only; } } } } } } re1 { system { host-name ZMT-ZM-LMY-PR-001-RE1; } interfaces { fxp0 { unit 0 { description "OOB Management Interface"; family inet { address 41.72.100.71/27; address 41.72.100.72/27 { master-only; } } } } } } } apply-groups [ re0 re1 ]; system { host-name ZMT-ZM-LMY-PR-001; domain-name zamtel.zm; backup-router 41.72.100.65; time-zone Africa/Lusaka; internet-options { tcp-drop-synfin-set; } authentication-order [ tacplus password ]; root-authentication { } name-server { 41.72.99.83; } tacplus-server { inactive: 41.72.96.24 { source-address 41.72.100.99; } } accounting { events [ change-log interactive-commands ]; destination { tacplus { server { } } } } login { message " OOOOOO\n OOOOOOOO\n OOOOOOOOOO\n OOOOOOOO\n OO OOOOOO\n OOOO OOO OOOOO\n OO OOOOO OOOOOOO\n OOOOO OOOOOOO\n OOO OOOOO\n\n+----------------------------------------------------------------------+\n| |\n| LEGAL NOTICE |\n| |\n| USE OF THIS DEVICE RESTRICTED TO AUTHORIOED PERSONS! |\n| THIS DEVICE IS SUBJECT TO MONITORING AT ALL TIMES, USE OF THIS |\n| DEVICE CONSTITUTES CONSENT TO MONITORING! |\n| |\n| |\n+----------------------------------------------------------------------+\n"; retry-options { tries-before-disconnect 5; } class superuser-local { idle-timeout 60; permissions all; } user guru { uid 2000; class superuser-local; authentication { } } user remote { full-name "All Remote Users"; uid 2001; class superuser-local; } user zamtel { uid 2002; class superuser-local; authentication { } } } services { ssh { protocol-version v2; } } syslog { user * { any emergency; } host 41.72.99.99 { any alert; } file messages { any notice; authorization info; } file interactive-commands { interactive-commands any; } time-format year; } compress-configuration-files; ntp { server 41.72.99.83; server 41.72.99.138; } } chassis { redundancy { routing-engine 0 master; routing-engine 1 backup; failover { on-loss-of-keepalives; on-disk-failure; } graceful-switchover; } fpc 0 { pic 1 { framing sdh; } } fpc 1 { pic 0 { framing sdh; } pic 1 { framing sdh; } } } interfaces { ge-0/0/0 { vlan-tagging; mtu 9192; unit 201 { description ZMT-ZM-LMY-PR-001-MSE-001-1; vlan-id 201; family inet { address 41.72.100.25/31; } } } ge-0/0/1 { vlan-tagging; mtu 9192; unit 202 { description ZMT-ZM-LMY-PR-001-MSE-001-2; bandwidth 100m; vlan-id 202; family inet { address 41.72.100.27/31; } } } ge-0/0/2 { vlan-tagging; unit 108 { description ZMT-ZM-LMY-PR-001-IXP-1; bandwidth 100m; vlan-id 108; family inet { address 196.223.2.133/27; } } } so-0/1/0 { clocking external; encapsulation cisco-hdlc; framing { sdh; } sonet-options { trigger { rfi-l ignore; rfi-p ignore; plm-p ignore; } rfc-2615; } unit 0 { description ZMT-ZM-LMY-PR-001-NAMIBIA_TELECOM_2; family inet { address 41.205.146.62/30; } } } so-0/1/1 { clocking external; encapsulation cisco-hdlc; framing { sdh; } sonet-options { trigger { rfi-l ignore; rfi-p ignore; plm-p ignore; } rfc-2615; } unit 0 { description ZMT-ZM-LMY-PR-001-NAMIBIA_TELECOM_4; family inet { address 41.205.146.66/30; } } } so-1/0/0 { enable; clocking external; encapsulation cisco-hdlc; framing { sdh; } sonet-options { trigger { rfi-l ignore; rfi-p ignore; plm-p ignore; } rfc-2615; } unit 0 { enable; description ZMT-ZM-LMY-PR-001-NAMIBIA_TELECOM_3; family inet { address 41.205.146.50/30; } } } so-1/0/1 { clocking external; encapsulation cisco-hdlc; framing { sdh; } sonet-options { trigger { rfi-l ignore; rfi-p ignore; plm-p ignore; } rfc-2615; } unit 0 { description ZMT-ZM-LMY-PR-001-NAMIBIA_TELECOM_1; family inet { address 41.205.146.58/30; } } } so-1/0/3 { clocking external; encapsulation cisco-hdlc; framing { sdh; } sonet-options { rfc-2615; } unit 0 { description NEW-STM1; family inet { address 1.1.1.1/30; } } } lo0 { unit 0 { family inet { filter { input 1-VTY; } address 41.72.100.99/32; address 41.72.96.253/32; address 41.72.96.252/32; address 41.72.96.248/32; } } } } snmp { community ZAMTEL { authorization read-only; clients { 41.72.99.96/27; } } community public { authorization read-only; clients { 41.72.99.92/27; } } } routing-options { static { route 41.72.96.0/19 discard; route 41.72.96.0/21 discard; route 41.72.104.0/21 discard; route 41.72.104.0/23 discard; route 41.72.106.0/23 discard; route 41.72.112.0/21 discard; route 41.72.112.0/22 discard; route 41.72.112.0/23 discard; route 41.72.114.0/23 discard; route 41.72.116.0/22 discard; route 41.72.116.0/23 discard; route 83.244.128.0/24 next-hop 41.205.152.182; route 194.216.131.0/24 next-hop 41.205.152.182; route 41.72.102.0/23 discard; route 41.72.120.0/21 discard; route 41.205.152.182/32 { next-hop [ 41.205.146.57 41.205.146.49 41.205.146.61 41.205.146.65 ]; install; } route 41.72.97.0/24 next-hop 41.205.152.182; } aggregate { route 41.72.96.0/19; route 41.72.96.0/21; route 41.72.104.0/21; route 41.72.104.0/22; route 41.72.112.0/21; route 41.72.112.0/22; route 41.72.116.0/22; } router-id 41.72.100.99; autonomous-system 37154; } protocols { bgp { log-updown; tcp-mss 1400; group ZMT-ZM-LMY-MSE1 { type internal; multihop { ttl 2; } local-address 41.72.100.99; log-updown; neighbor 41.72.100.98 { peer-as 37154; } } group IXP { type internal; local-address 196.223.2.133; import IXP-IN; export [ IXP-OUT DEFAUL-BGP-POLICY ]; peer-as 65100; local-as 65100; neighbor 196.223.2.65; neighbor 196.223.2.129; } group NAMIBIA_TELECOM { type external; multihop { ttl 250; } local-address 41.72.96.252; import NAMIBIA_TELECOM-IN; export NAMIBIA_TELECOM-OUT; peer-as 20459; multipath; neighbor 41.205.152.182; } } ospf { export OSPF-EXPORT-POLICY; area 0.0.0.0 { interface ge-0/0/0.201; interface ge-0/0/1.202 { metric 2; } } } } policy-options { prefix-list ZAMTEL-OPS-SERVERS { 41.72.99.64/27; 41.72.99.96/27; 41.72.99.128/27; 41.72.99.160/27; } prefix-list DEFAULT-ROUTE { 0.0.0.0/0; } policy-statement DEFAUL-BGP-POLICY { term FINAL { then reject; } } policy-statement IXP-IN { term FINAL { then { community set ZAMTEL-IXP; } } } policy-statement IXP-OUT { term ZAMTEL-BLOCKS { from { route-filter 41.72.116.0/22 exact; route-filter 41.72.114.0/23 exact; route-filter 41.72.104.0/21 exact; route-filter 41.72.112.0/23 exact; route-filter 41.72.96.0/24 exact; route-filter 41.72.97.0/24 exact; route-filter 41.72.96.0/19 upto /24; route-filter 41.72.120.0/21 exact; route-filter 168.167.203.0/24 exact; } then { as-path-expand 37154; next-hop self; accept; } } } policy-statement NAMIBIA_TELECOM-IN { term DEFAULT-ROUTE { from { protocol bgp; prefix-list DEFAULT-ROUTE; } then { community set NAMIBIA_TELECOM-IN; accept; } } term FINAL { then reject; } } policy-statement NAMIBIA_TELECOM-OUT { term ZAMTEL-BLOCKS { from { route-filter 41.72.96.0/21 exact; route-filter 41.72.96.0/19 exact; route-filter 41.72.114.0/23 exact; route-filter 41.72.104.0/21 exact; route-filter 41.72.116.0/22 exact; route-filter 41.72.112.0/23 exact; route-filter 41.72.97.0/24 exact; route-filter 41.72.120.0/21 exact; route-filter 41.72.102.0/23 exact; } then { next-hop self; load-balance per-packet; accept; } } } policy-statement OSPF-EXPORT-POLICY { term FROM-DIRECT { from protocol direct; then accept; } term DEFAULT-ROUTE { from { protocol bgp; route-filter 0.0.0.0/0 exact; } then accept; } } policy-statement ZAMTEL-OUT { term ZAMTEL-BLOCKS { from { route-filter 41.72.116.0/22 exact; route-filter 41.72.114.0/23 exact; route-filter 41.72.104.0/21 exact; route-filter 41.72.112.0/23 exact; route-filter 41.72.96.0/24 exact; route-filter 41.72.97.0/24 exact; route-filter 41.72.96.0/19 upto /24; } then accept; } } community FULL-FEED-COMMUNITY members 37154:7; community IXP members 37154:2; community NAMIBIA_TELECOM-IN members [ 37154:5 37154:6 37154:2601 ]; community PCCW-1-IN members [ 37154:5 37154:6 37154:2601 ]; community PCCW-IN members [ 37154:5 37154:6 37154:2601 ]; community SKYVISION-IN members [ 37154:5 37154:6 37154:2601 ]; community TRANSIT members 37154:5; community ZAMTEL-IXP members [ 37154:2 37154:6 37154:2601 ]; } firewall { family inet { filter ZAMTEL-OPS-SERVERS { term NMS-OPS { from { source-address { 41.72.99.64/27; 41.72.99.96/27; 41.72.99.128/27; 41.72.99.160/27; } } then accept; } } filter 1-VTY { term T1 { from { source-address { 41.72.99.64/27; 41.72.99.96/27; 41.72.99.128/27; 41.72.99.160/27; 41.76.209.37/32; 82.197.70.122/32; } protocol tcp; destination-port [ telnet ssh ]; } then accept; } term T2 { from { protocol tcp; destination-port [ telnet ssh ]; } then { discard; } } term T3 { then accept; } } } } {master}