object-group service ssh port-range 22 exit object-group service dhcp_server port-range 67 exit object-group service dhcp_client port-range 68 exit object-group service ntp port-range 14 exit object-group network Subnet_Camera ip prefix 10.98.235.128/26 exit object-group network Subnet_Cloud ip prefix 10.16.130.0/23 exit object-group network Subnet_FMPM ip prefix 10.0.211.64/26 ip prefix 10.0.227.32/27 ip prefix 10.100.0.64/27 ip prefix 10.0.220.64/27 ip prefix 10.100.0.224/29 ip prefix 10.0.230.128/25 ip prefix 10.16.130.0/23 ip prefix 10.0.236.32/27 exit object-group network Subnet_Controller ip prefix 10.0.235.32/27 ip prefix 10.0.234.32/27 ip prefix 10.154.10.128/29 exit object-group network Subnet_Mgmt ip prefix 10.12.235.128/26 ip prefix 10.159.130.0/24 exit object-group network Local_Subnet ip prefix 10.135.92.0/23 ip prefix 10.154.195.0/24 ip prefix 10.156.130.0/24 ip prefix 10.157.130.0/24 ip prefix 10.158.130.0/24 exit object-group network bgp_export ip prefix 10.135.92.0/23 ip prefix 10.98.235.128/26 ip prefix 10.154.195.0/24 ip prefix 10.12.235.128/26 ip prefix 10.156.130.0/24 ip prefix 10.157.130.0/24 ip prefix 10.158.130.0/24 ip prefix 10.159.130.0/24 ip prefix 10.18.98.0/24 exit object-group network service_preCOS ip prefix 10.7.0.0/16 ip prefix 10.18.0.0/16 exit object-group network ex_mgmt_preCOS ip prefix 10.0.26.128/25 ip prefix 10.0.44.0/24 exit username admin password encrypted $6$Srrt7Bi0arsmeohw$TJTBWhSHYFEBI7DYbhwyHqDl94jEUCdwyXFYVKlw.0He1kGkoeq33GYv.Atf1njv2l76u5Bm6O2GmTb7ZKjta/ exit vlan 2 name "Camera" exit vlan 3 name "MGMT" exit vlan 4 name "LAN_DHCP" exit security zone CAMERA exit security zone MGMT exit security zone LAN_DHCP exit security zone WAN exit route-map from_GPE rule 10 match ip address 0.0.0.0/0 exit rule 20 action deny exit exit route-map to_GPE rule 10 match ip address object-group bgp_export exit rule 20 action deny exit exit router bgp 65000 router-id 10.1.131.154 neighbor 10.1.131.153 description "CRYPTO_IPC10" remote-as 65000 update-source 10.1.131.154 address-family ipv4 unicast route-map from_GPE in route-map to_GPE out next-hop-self enable exit enable exit address-family ipv4 unicast network 10.154.195.0/24 network 10.12.235.128/26 network 10.135.92.0/23 network 10.98.235.128/26 network 10.156.130.0/24 network 10.157.130.0/24 network 10.158.130.0/24 network 10.159.130.0/24 network 10.18.98.0/24 exit enable exit bridge 2 description "CAMERA" vlan 2 security-zone CAMERA ip address 10.98.235.129/26 enable exit bridge 3 description "MGMT" vlan 3 security-zone MGMT ip address 10.12.235.129/26 enable exit bridge 4 description "LAN_DHCP" vlan 4 security-zone LAN_DHCP ip address 10.135.92.1/23 ip address 10.154.195.1/24 enable exit interface gigabitethernet 1/0/1 description "ESR20" mode switchport switchport access vlan 4 lldp transmit lldp receive exit interface gigabitethernet 1/0/2 description "KDPOE2" mode switchport switchport forbidden default-vlan switchport mode trunk switchport trunk allowed vlan add 2-4 lldp transmit lldp receive exit interface gigabitethernet 1/0/3 description "KDPOE3" mode switchport switchport forbidden default-vlan switchport mode trunk switchport trunk allowed vlan add 2-4 lldp transmit lldp receive exit interface gigabitethernet 1/0/4 description "WAN" security-zone WAN ip address 10.1.131.154/30 lldp transmit lldp receive exit interface gigabitethernet 1/0/5 description "KDPOE4" mode switchport switchport forbidden default-vlan switchport mode trunk switchport trunk allowed vlan add 2-4 lldp transmit lldp receive exit interface gigabitethernet 1/0/6 description "KDPOE5" mode switchport switchport forbidden default-vlan switchport mode trunk switchport trunk allowed vlan add 2-4 lldp transmit lldp receive exit snmp-server snmp-server community "yoe3nguPr@gc" ro ent-list snmp-server enable traps config snmp-server enable traps config commit snmp-server enable traps config confirm snmp-server enable traps environment snmp-server enable traps environment memory-flash-critical-low snmp-server enable traps environment memory-flash-low snmp-server enable traps environment memory-ram-critical-low snmp-server enable traps environment memory-ram-low snmp-server enable traps environment cpu-load snmp-server enable traps environment cpu-critical-temp snmp-server enable traps environment cpu-overheat-temp snmp-server enable traps environment cpu-supercooling-temp snmp-server enable traps file-operations snmp-server enable traps file-operations successful snmp-server enable traps file-operations failed snmp-server enable traps file-operations canceled snmp-server enable traps interfaces snmp-server enable traps interfaces rx-utilization-high snmp-server enable traps interfaces tx-utilization-high snmp-server enable traps interfaces number-high snmp-server enable traps screen snmp-server enable traps screen dest-limit snmp-server enable traps screen source-limit snmp-server enable traps screen icmp-threshold snmp-server enable traps screen udp-threshold snmp-server enable traps screen syn-flood snmp-server enable traps screen land snmp-server enable traps screen winnuke snmp-server enable traps screen icmp-frag snmp-server enable traps screen udp-frag snmp-server enable traps screen icmp-large snmp-server enable traps screen syn-frag snmp-server enable traps screen unknown-proto snmp-server enable traps screen ip-frag snmp-server enable traps screen port-scan snmp-server enable traps screen ip-sweep snmp-server enable traps screen syn-fin snmp-server enable traps screen fin-no-ack snmp-server enable traps screen no-flag snmp-server enable traps screen spoofing snmp-server enable traps screen reserved snmp-server enable traps screen quench snmp-server enable traps screen echo-request snmp-server enable traps screen time-exceeded snmp-server enable traps screen unreachable snmp-server enable traps screen tcp-all-flags snmp-server enable traps entity snmp-server enable traps entity config-change snmp-server enable traps entity-sensor snmp-server enable traps entity-sensor threshold snmp-server enable traps envmon snmp-server enable traps envmon shutdown snmp-server enable traps envmon temperature snmp-server enable traps flash snmp-server enable traps flash insertion snmp-server enable traps flash removal snmp-server enable traps snmp snmp-server enable traps snmp authentication snmp-server enable traps snmp coldstart snmp-server enable traps snmp linkdown snmp-server enable traps snmp linkup snmp-server enable traps syslog security zone-pair WAN self rule 10 action permit match protocol tcp match source-address Subnet_FMPM match destination-port ssh enable exit rule 30 action permit match protocol icmp enable exit rule 40 action permit match protocol udp match destination-port ntp enable exit exit security zone-pair LAN_DHCP self rule 10 action permit match protocol udp match source-port dhcp_client match destination-port dhcp_server enable exit exit security zone-pair WAN CAMERA rule 10 action permit match source-address Subnet_Mgmt match destination-address Subnet_Camera enable exit rule 20 action permit match source-address Subnet_FMPM match destination-address Subnet_Camera enable exit exit security zone-pair LAN_DHCP WAN rule 10 action permit enable exit exit security zone-pair LAN_DHCP LAN_DHCP rule 10 action permit enable exit exit security zone-pair MGMT self rule 10 action permit enable exit exit security zone-pair MGMT CAMERA rule 10 action permit enable exit exit security zone-pair WAN MGMT rule 10 action permit enable exit exit security zone-pair MGMT WAN rule 10 action permit enable exit exit security zone-pair WAN LAN_DHCP rule 10 action permit match protocol gre enable exit rule 20 action permit match destination-address service_preCOS enable exit rule 30 action permit match source-address ex_mgmt_preCOS match destination-address Subnet_Mgmt enable exit rule 40 action permit match source-address Subnet_Controller match destination-address Subnet_Mgmt enable exit exit ip dhcp-server ip dhcp-server pool LAN_DHCP network 10.135.92.0/23 address-range 10.135.92.2-10.135.93.254 default-router 10.135.92.1 dns-server 95.167.167.95,95.167.167.96 exit ip route 10.156.130.0/24 10.154.195.254 ip route 10.157.130.0/24 10.154.195.254 ip route 10.158.130.0/24 10.154.195.254 ip route 10.159.130.0/24 10.154.195.254 ip route 10.18.98.0/24 10.154.195.254 ip telnet server ip ssh server lldp enable ntp enable ntp broadcast-client enable