Wiki source code of Exemplo de BGP config

Version 1.1 by Jean Franco on 2024/06/09 20:41
Show last authors
1 username@dr-ER4-BGP-RTR1:~~$ show configuration
2
3 firewall {
4
5 group {
6
7 network-group ALLOWED_ADMIN_GROUP {
8
9 network 38.x.x.0/24
10
11 network 38.x.x.128/26
12
13 network 38.x.x.0/24
14
15 network 10.x.x.0/24
16
17 network 10.x.x.0/24
18
19 network 172.x.x.0/24
20
21 network 10.x.x.0/24
22
23 network 10.x.x.0/24
24
25 }
26
27 }
28
29 name REMOTE_ACCESS {
30
31 default-action drop
32
33 description "IPv4 inbound traffic to the router"
34
35 enable-default-log
36
37 rule 5 {
38
39 action accept
40
41 description "Allow Established"
42
43 log disable
44
45 protocol all
46
47 state {
48
49 :                established enable
50
51 related enable
52
53 }
54
55 }
56
57 rule 10 {
58
59 action accept
60
61 description "Allow BGP"
62
63 destination {
64
65 port 179
66
67 }
68
69 log disable
70
71 protocol tcp
72
73 }
74
75 rule 20 {
76
77 action accept
78
79 description "Allow ICMP"
80
81 log disable
82
83 protocol icmp
84
85 }
86
87 rule 30 {
88
89 action accept
90
91 description "Allow SNMP"
92
93 destination {
94
95 :                port 161
96
97 }
98
99 log disable
100
101 protocol udp
102
103 source {
104
105 group {
106
107 network-group ALLOWED_ADMIN_GROUP
108
109 }
110
111 }
112
113 }
114
115 rule 40 {
116
117 action accept
118
119 description "Allow SSH"
120
121 destination {
122
123 port 22
124
125 }
126
127 log disable
128
129 protocol tcp
130
131 source {
132
133 group {
134
135 network-group ALLOWED_ADMIN_GROUP
136
137 }
138
139 }
140
141 :        }
142
143 rule 50 {
144
145 action accept
146
147 description "Allow HTTPS"
148
149 destination {
150
151 port 443
152
153 }
154
155 log disable
156
157 protocol tcp
158
159 source {
160
161 group {
162
163 network-group ALLOWED_ADMIN_GROUP
164
165 }
166
167 }
168
169 }
170
171 rule 60 {
172
173 action accept
174
175 description "Allow HTTP"
176
177 destination {
178
179 port 80
180
181 }
182
183 log disable
184
185 protocol tcp
186
187 :            source {
188
189 group {
190
191 network-group ALLOWED_ADMIN_GROUP
192
193 }
194
195 }
196
197 }
198
199 }
200
201 }
202
203 interfaces {
204
205 ethernet eth0 {
206
207 address 38.x.x.1/24
208
209 description "USABLE BGP CLASS C FROM COGENT"
210
211 duplex auto
212
213 firewall {
214
215 local {
216
217 name REMOTE_ACCESS
218
219 }
220
221 }
222
223 speed auto
224
225 }
226
227 ethernet eth1 {
228
229 address 144.x.x.230/30
230
231 description "LIGHTTOWER 200"
232
233 :        duplex auto
234
235 firewall {
236
237 local {
238
239 name REMOTE_ACCESS
240
241 }
242
243 }
244
245 speed auto
246
247 }
248
249 ethernet eth2 {
250
251 duplex auto
252
253 firewall {
254
255 local {
256
257 name REMOTE_ACCESS
258
259 }
260
261 }
262
263 speed auto
264
265 }
266
267 ethernet eth3 {
268
269 address 38.x.x.126/30
270
271 description "COGENT 1000"
272
273 duplex full
274
275 firewall {
276
277 local {
278
279 :                name REMOTE_ACCESS
280
281 }
282
283 }
284
285 speed 1000
286
287 }
288
289 }
290
291 policy {
292
293 prefix-list BGP {
294
295 }
296
297 prefix-list EXPORT {
298
299 rule 10 {
300
301 action permit
302
303 prefix 38.x.x.0/24
304
305 }
306
307 }
308
309 prefix-list IMPORT {
310
311 rule 20 {
312
313 action permit
314
315 prefix 0.0.0.0/0
316
317 }
318
319 }
320
321 }
322
323 protocols {
324
325 :    bgp 5xxx1 {
326
327 neighbor 38.x.x.125 {
328
329 description "COGENT AS Neighbor"
330
331 prefix-list {
332
333 export EXPORT
334
335 import IMPORT
336
337 }
338
339 remote-as 174
340
341 soft-reconfiguration {
342
343 inbound
344
345 }
346
347 }
348
349 neighbor 144.x.x.229 {
350
351 description "LIGHTOWER AS Neighbor"
352
353 prefix-list {
354
355 export EXPORT
356
357 import IMPORT
358
359 }
360
361 remote-as 46887
362
363 soft-reconfiguration {
364
365 inbound
366
367 }
368
369 }
370
371 :        network 38.x.x.0/24 {
372
373 }
374
375 }
376
377 static {
378
379 route 38.x.x.0/24 {
380
381 blackhole {
382
383 }
384
385 }
386
387 }
388
389 }
390
391 service {
392
393 gui {
394
395 http-port 80
396
397 https-port 443
398
399 older-ciphers enable
400
401 }
402
403 snmp {
404
405 community XXX_SNMP_RO {
406
407 authorization ro
408
409 }
410
411 }
412
413 ssh {
414
415 port 22
416
417 :        protocol-version v2
418
419 }
420
421 ubnt-discover {
422
423 disable
424
425 }
426
427 unms {
428
429 disable
430
431 }
432
433 }
434
435 system {
436
437 host-name dr-ER4-BGP-RTR1
438
439 login {
440
441 user username {
442
443 authentication {
444
445 encrypted-password ~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*
446
447 plaintext-password ~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*
448
449 }
450
451 full-name ""
452
453 level admin
454
455 }
456
457 user ubnt {
458
459 authentication {
460
461 encrypted-password ~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*
462
463 :            }
464
465 level admin
466
467 }
468
469 }
470
471 name-server 8.8.8.8
472
473 ntp {
474
475 server 0.ubnt.pool.ntp.org {
476
477 }
478
479 server 1.ubnt.pool.ntp.org {
480
481 }
482
483 server 2.ubnt.pool.ntp.org {
484
485 }
486
487 server 3.ubnt.pool.ntp.org {
488
489 }
490
491 }
492
493 syslog {
494
495 global {
496
497 facility all {
498
499 level notice
500
501 }
502
503 facility protocols {
504
505 level debug
506
507 }
508
509 :        }
510
511 }
512
513 time-zone America/New_York
514
515 }
Maila Networks