Exemplo de BGP config
username@dr-ER4-BGP-RTR1:~$ show configuration
firewall {
group {
network-group ALLOWED_ADMIN_GROUP {
network 38.x.x.0/24
network 38.x.x.128/26
network 38.x.x.0/24
network 10.x.x.0/24
network 10.x.x.0/24
network 172.x.x.0/24
network 10.x.x.0/24
network 10.x.x.0/24
}
}
name REMOTE_ACCESS {
default-action drop
description "IPv4 inbound traffic to the router"
enable-default-log
rule 5 {
action accept
description "Allow Established"
log disable
protocol all
state {
: established enable
related enable
}
}
rule 10 {
action accept
description "Allow BGP"
destination {
port 179
}
log disable
protocol tcp
}
rule 20 {
action accept
description "Allow ICMP"
log disable
protocol icmp
}
rule 30 {
action accept
description "Allow SNMP"
destination {
: port 161
}
log disable
protocol udp
source {
group {
network-group ALLOWED_ADMIN_GROUP
}
}
}
rule 40 {
action accept
description "Allow SSH"
destination {
port 22
}
log disable
protocol tcp
source {
group {
network-group ALLOWED_ADMIN_GROUP
}
}
: }
rule 50 {
action accept
description "Allow HTTPS"
destination {
port 443
}
log disable
protocol tcp
source {
group {
network-group ALLOWED_ADMIN_GROUP
}
}
}
rule 60 {
action accept
description "Allow HTTP"
destination {
port 80
}
log disable
protocol tcp
: source {
group {
network-group ALLOWED_ADMIN_GROUP
}
}
}
}
}
interfaces {
ethernet eth0 {
address 38.x.x.1/24
description "USABLE BGP CLASS C FROM COGENT"
duplex auto
firewall {
local {
name REMOTE_ACCESS
}
}
speed auto
}
ethernet eth1 {
address 144.x.x.230/30
description "LIGHTTOWER 200"
: duplex auto
firewall {
local {
name REMOTE_ACCESS
}
}
speed auto
}
ethernet eth2 {
duplex auto
firewall {
local {
name REMOTE_ACCESS
}
}
speed auto
}
ethernet eth3 {
address 38.x.x.126/30
description "COGENT 1000"
duplex full
firewall {
local {
: name REMOTE_ACCESS
}
}
speed 1000
}
}
policy {
prefix-list BGP {
}
prefix-list EXPORT {
rule 10 {
action permit
prefix 38.x.x.0/24
}
}
prefix-list IMPORT {
rule 20 {
action permit
prefix 0.0.0.0/0
}
}
}
protocols {
: bgp 5xxx1 {
neighbor 38.x.x.125 {
description "COGENT AS Neighbor"
prefix-list {
export EXPORT
import IMPORT
}
remote-as 174
soft-reconfiguration {
inbound
}
}
neighbor 144.x.x.229 {
description "LIGHTOWER AS Neighbor"
prefix-list {
export EXPORT
import IMPORT
}
remote-as 46887
soft-reconfiguration {
inbound
}
}
: network 38.x.x.0/24 {
}
}
static {
route 38.x.x.0/24 {
blackhole {
}
}
}
}
service {
gui {
http-port 80
https-port 443
older-ciphers enable
}
snmp {
community XXX_SNMP_RO {
authorization ro
}
}
ssh {
port 22
: protocol-version v2
}
ubnt-discover {
disable
}
unms {
disable
}
}
system {
host-name dr-ER4-BGP-RTR1
login {
user username {
authentication {
encrypted-password ****************
plaintext-password ****************
}
full-name ""
level admin
}
user ubnt {
authentication {
encrypted-password ****************
: }
level admin
}
}
name-server 8.8.8.8
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
: }
}
time-zone America/New_York
}