1. Configure VPDN with dial in VPN from Microsoft VPN Client
RO-PPTP(config)# vpdn enable
RO-PPTP(config)# vpdn-group PPTP-DIALIN
RO-PPTP(config-vpdn)# accept-dialin
RO-PPTP(config-vpdn)# protocol pptp
RO-PPTP(config-vpdn)# virtual-template 1
RO-PPTP(config-vpdn)# exit
2. Activate interface from IP Dial In to Microsoft VPN Client and LAN wan to access from out leat VPN ini.
RO-PPTP(config)# interface Ethernet5/0
RO-PPTP(config-if)# description DIAL-IN IP INTERFACE FROM OUTSIDE
RO-PPTP(config-if)# ip address 202.150.64.81 255.255.255.240
RO-PPTP(config-if)# no shutdown
RO-PPTP(config)# interface Ethernet5/1
RO-PPTP(config-if)# description SECURED-LAN
RO-PPTP(config-if)# ip address 192.168.0.254 255.255.255.0
RO-PPTP(config-if)# no shutdown
3. Create Virtual-template untuk sebagai virtual interface untuk diapply ke inbound VPN connections.
IP menggunakan unnunmbered E5/1 agar nantinya IP yang didapat oleh
Microsoft VPN client dalam satu subnet dengan IP Secured-LAN.
IP client diperoleh dari DHCP dari Pool Address pptp-pool (misalnya)
RO-PPTP(config)# interface Virtual-Template1
RO-PPTP(config-if)# ip unnumbered ethernet5/1
RO-PPTP(config-if)# peer default ip address pool pptp-pool
RO-PPTP(config-if)# ppp encrypt mppe auto required
(Bila Router Anda tidak support, lewatkan saja & di Micorosoft VPN client dibagian security, Require Data Encryptionnya tidak usah di check-list / centang).
RO-PPTP(config-if)# ppp authentication ms-chap ms-chap-v2 chap pap
(enable semua bila perlu chap/pap selain Microsoft)
4. Create Pool IP Address untuk VPN ‘pptp-pool’ (misal untuk 20 user / ip) & pastikan IP pool tersebut tidak dipakai di Secured-LAN
RO-PPTP(config)# ip local pool pptp-pool 192.168.0.100 192.168.0.119
5. Create Account untuk login VPN
RO-PPTP(config)# username vpdn password 0 pptp
6. Configure Autentikasi PPP vpn ini ke local (Router) atau selanjutnya ke Radius bila memang sudah available.
RO-PPTP(config)# aaa new-model
RO-PPTP(config)# aaa authentication ppp default local
Berikut Konfigurasi Lengkap (hanya vpdn saja) :
================================================
username vpdn password 0 pptp
!
aaa new-model
aaa authentication ppp default local
!
vpdn enable
!
vpdn-group PPTP-DIALIN
accept-dialin
protocol pptp
virtual-template 1
!
interface Ethernet5/0
description DIAL-IN IP INTERFACE FROM OUTSIDE
ip address 202.150.64.81 255.255.255.240
!
interface Ethernet5/1
description SECURED-LAN
ip address 192.168.0.254 255.255.255.0
!
interface Virtual-Template1
ip unnumbered Ethernet0/1
peer default ip address pool pptp-pool
ppp encrypt mppe auto required
ppp authentication ms-chap ms-chap-v2 chap pap
!
ip local pool defaultpool 192.168.0.100 192.168.0.119
================================================
Tuesday, July 15, 2014
Sunday, July 6, 2014
DNS ISP Indonesia
Telkom
202.134.1.10 (Surabaya)
202.134.1.7
202.134.0.155 (Jakarta)
203.130.196.5 (Jakarta)
202.134.2.5 (Surabaya)
203.130.206.250 (Medan)
203.130.193.74 (Batam)
203.130.209.242 (Balikpapan)
222.124.204.34 (Bandung)
203.130.208.18 (Semarang)
61.94.192.12 (Denpasar)
Indosat
202.155.0.20
202.155.0.15
Centrin
202.146.255.3
202.146.255.5
CBN
202.158.20.1
202.158.40.1
Indonet
202.159.32.2
202.159.33.2
Pesat
202.95.128.180
202.95.128.60
Melsa
202.138.224.2
202.138.224.4
202.138.225.253
Radnet
202.154.1.2
202.154.3.2
ITB
167.205.23.1
167.205.22.123
167.205.30.114
202.249.24.65
UI
152.118.148.225
152.118.24.8
OpenDNS
208.67.222.222
208.67.220.220
202.134.1.10 (Surabaya)
202.134.1.7
202.134.0.155 (Jakarta)
203.130.196.5 (Jakarta)
202.134.2.5 (Surabaya)
203.130.206.250 (Medan)
203.130.193.74 (Batam)
203.130.209.242 (Balikpapan)
222.124.204.34 (Bandung)
203.130.208.18 (Semarang)
61.94.192.12 (Denpasar)
Indosat
202.155.0.20
202.155.0.15
Centrin
202.146.255.3
202.146.255.5
CBN
202.158.20.1
202.158.40.1
Indonet
202.159.32.2
202.159.33.2
Pesat
202.95.128.180
202.95.128.60
Melsa
202.138.224.2
202.138.224.4
202.138.225.253
Radnet
202.154.1.2
202.154.3.2
ITB
167.205.23.1
167.205.22.123
167.205.30.114
202.249.24.65
UI
152.118.148.225
152.118.24.8
OpenDNS
208.67.222.222
208.67.220.220
Saturday, January 22, 2011
Tools Laptop
Laptop pakai linux harus install
1. qtktem / minicom
2. Iperf / jperf
3.Nload /iptraf
4.netspeed
1. qtktem / minicom
2. Iperf / jperf
3.Nload /iptraf
4.netspeed
Vll Metro-e Alcatel
epipe 100 customer 1 create
shutdown
description "TES VLL to XXXX"
sap lag-1:10.* create
exit
exit
shutdown
description "TES VLL to XXXX"
sap lag-1:10.* create
exit
exit
Ies Metro-e
ies 999 customer 1 create
description "LINK TO OMNI XXXX"
interface "to-sw-pd-XXX" create
address 172.XXXXX/29
sap lag-1:999.* create
exit
exit
no shutdown
exit
description "LINK TO OMNI XXXX"
interface "to-sw-pd-XXX" create
address 172.XXXXX/29
sap lag-1:999.* create
exit
exit
no shutdown
exit
DNS ISP Indonesia
Telkom
202.134.1.10 (Surabaya)
202.134.1.7
202.134.0.155 (Jakarta)
203.130.196.5 (Jakarta)
202.134.2.5 (Surabaya)
203.130.206.250 (Medan)
203.130.193.74 (Batam)
203.130.209.242 (Balikpapan)
222.124.204.34 (Bandung)
203.130.208.18 (Semarang)
61.94.192.12 (Denpasar)
Indosat
202.155.0.20
202.155.0.15
Centrin
202.146.255.3
202.146.255.5
CBN
202.158.20.1
202.158.40.1
Indonet
202.159.32.2
202.159.33.2
Pesat
202.95.128.180
202.95.128.60
Melsa
202.138.224.2
202.138.224.4
202.138.225.253
Radnet
202.154.1.2
202.154.3.2
ITB
167.205.23.1
167.205.22.123
167.205.30.114
202.249.24.65
UI
152.118.148.225
152.118.24.8
OpenDNS
208.67.222.222
208.67.220.220
202.134.1.10 (Surabaya)
202.134.1.7
202.134.0.155 (Jakarta)
203.130.196.5 (Jakarta)
202.134.2.5 (Surabaya)
203.130.206.250 (Medan)
203.130.193.74 (Batam)
203.130.209.242 (Balikpapan)
222.124.204.34 (Bandung)
203.130.208.18 (Semarang)
61.94.192.12 (Denpasar)
Indosat
202.155.0.20
202.155.0.15
Centrin
202.146.255.3
202.146.255.5
CBN
202.158.20.1
202.158.40.1
Indonet
202.159.32.2
202.159.33.2
Pesat
202.95.128.180
202.95.128.60
Melsa
202.138.224.2
202.138.224.4
202.138.225.253
Radnet
202.154.1.2
202.154.3.2
ITB
167.205.23.1
167.205.22.123
167.205.30.114
202.249.24.65
UI
152.118.148.225
152.118.24.8
OpenDNS
208.67.222.222
208.67.220.220
Friday, December 24, 2010
Simple sample Prolink Load Balancing Cryptone.Net
Config Show
System Configuration Setting
=========================================================================
Firmware: Version : TMH121-A V1013-MB2.4-E
Release Date : Jan 24 2006
Printout Time : SUN NOV 25 16:30:40 2007
Time Zone : GM+08:00
Primary NTP IP: time.chttl.com.tw
Secondary NTP : stdtime.gov.hk
<!--more--> =========================================================
LAN status: IP address : 192.168.1.1
MAC address : 00:D0:DA:00:18:51
Mask : 255.255.255.0
Dhcp status : Enable
Dhcp IP Start : 192.168.1.12 - 192.168.1.20
DNS IP address: 203.130.193.74
=========================================================
DHCP
reserved IP: MAC address IP address
-----------------------------------
=========================================================
System Configuration Setting
=========================================================================
Firmware: Version : TMH121-A V1013-MB2.4-E
Release Date : Jan 24 2006
Printout Time : SUN NOV 25 16:30:40 2007
Time Zone : GM+08:00
Primary NTP IP: time.chttl.com.tw
Secondary NTP : stdtime.gov.hk
<!--more--> =========================================================
LAN status: IP address : 192.168.1.1
MAC address : 00:D0:DA:00:18:51
Mask : 255.255.255.0
Dhcp status : Enable
Dhcp IP Start : 192.168.1.12 - 192.168.1.20
DNS IP address: 203.130.193.74
=========================================================
DHCP
reserved IP: MAC address IP address
-----------------------------------
=========================================================
MikroTik Wireless Configuration
Setup uses Safe Mode. It means that all changes that are made during setup
are reverted in case of error, or if Ctrl-C is used to abort setup. To keep
changes exit setup using the ‘x’ key.
Choose options by pressing one of the letters in the left column, before
dash. Pressing ‘x’ will exit current menu, pressing Enter key will select the
entry that is marked by an ‘*’. You can abort setup at any time by pressing
Ctrl-C.
Entries marked by ‘+’ are already configured.
Entries marked by ‘-’ cannot be used yet.
Entries marked by ‘X’ cannot be used without installing additional packages.
r - reset all router configuration
+ l - load interface driver
+ a - configure ip address and gateway
d - setup dhcp client
+ s - setup dhcp server
p - setup pppoe client
t - setup pptp client
* x - exit menu
your choice:
OR
[admin@MikroTik] > ip address
[admin@MikroTik] ip address> add address=192.168.1.1/24 interface=ether1
[admin@MikroTik] ip address> pr
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.1.1/24 192.168.1.0 192.168.1.255 ether1
admin@MikroTik] ip address> /
[admin@MikroTik] >
[admin@MikroTik] >interface
[admin@MikroTik] interface> pr
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE RX-RATE TX-RATE MTU
0 X ether1 ether 0 0 1500
1 X wlan1 wlan 0 0 1500
[admin@MikroTik] interface> enable 0
[admin@MikroTik] interface> enable 1
[admin@MikroTik] interface> pr
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE RX-RATE TX-RATE MTU
0 R ether1 ether 0 0 1500
1 X wlan1 wlan 0 0 1500
[admin@MikroTik] ip address>add address=172.1.2.1/30 interface=wlan1
[admin@MikroTik] interface eoip>
[admin@MikroTik] interface eoip>add name=eoip-tunnel1 remote-address=172.1.2.2 tunnel-id=1 disabled=no arp=enabled
[admin@MikroTik] interface eoip>pr
Flags: X - disabled, R - running
0 R name=”eoip-tunnel1? mtu=1500 mac-address=FE:FD:00:00:00:00 arp=enabled remote-address=172.1.2.2 tunnel-id=1
[admin@MikroTik] interface eoip>..
[admin@MikroTik] interface>
[admin@MikroTik] interface> bridge
[admin@MikroTik] interface bridge> add name=bridge1
[admin@MikroTik] interface bridge>pr
Flags: X - disabled, R - running
0 R name=”bridge1? mtu=1500 arp=enabled mac-address=00:00:00:00:00:0 forward-protocols=ip,arp,appletalk,ipx,ipv6,other stp=no priority=32768 ageing-time=5m forward-delay=15s garbage-collection-interval=4s hello-time=2s max-message-age=20s
[admin@MikroTik] interface bridge>port
[admin@MikroTik] interface bridge port>pr
# INTERFACE BRIDGE PRIORITY PATH-COST
0 ether1 none 128 10
1 eoip-tunnel1 none 128 10
2 wlan1 none 128 10
[admin@MikroTik] interface bridge port>set eoip-tunnel1 bridge=bridge1
[admin@MikroTik] interface bridge port>set ether1 bridge=bridge1
[admin@MikroTik] interface bridge port>pr
# INTERFACE BRIDGE PRIORITY PATH-COST
0 ether1 bridge1 128 10
1 eoip-tunnel1 bridge1 128 10
3 wlan1 none 128 10
[admin@MikroTik] interface bridge port>.. ..
[admin@MikroTik] interface>wireless
[admin@MikroTik] interface wireless>set wlan1 mode=bridge disable-running-check=no band=5ghz frequency=5180 ssid=test1
Configurration For Mikrotik Station / Client
[admin@MikroTik] interface eoip>add name=eoip-tunnel1 remote-address=172.1.2.1 tunnel-id=1 disabled=no arp=enabled
[admin@MikroTik] interface wireless>set wlan1 mode=station disable-running-check=no band=5ghz frequency=5180 ssid=test1
[admin@MikroTik] interface>pr
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE RX-RATE TX-RATE MTU
0 R ether1 ether 0 0 1500
1 R bridge1 bridge 0 0 1500
2 R eoip-tunnel1 eoip-tunnel 0 0 1500
3 R wlan1 wlan 0 0 1500
Belajar Msan
Login kedalam MSAN
>>User name:root
>>User password:
Huawei HONET UA5000 Universal Access Unit.
Copyright(C) 1998-2008 by Huawei Technologies Co., Ltd.
Command MSAN
MSAN01-D1-PPJ-1-MRF>enable
MSAN01-D1-PPJ-1-MRF#?
---------------------------------------------
Command of privilege Mode:
---------------------------------------------
active Enable configuration
alarm alarm command group
autosave autosave command group
backup backup command group
backup-server Backup information
baudrate Set serial baudrate
clear Clear alarm statistics table
client Users information
config Configuration from terminal
debugging debugging command group
diagnose Change into diagnose mode
disable Turn off privileged mode commands
display Display information
duplicate duplicate command group
equipment-mode Set the system MSAN working mode
erase Erase command
event Set event level
ftp FTP user and password configuration
igmp Internet Group Management Protocol keyword
infolevel Set the output level of the information terminal
infoswitch Set output switch of information terminal
load load command group
log Modify log configuration
loghost Log server configuration operation
monitor Change into monitor mode
patch Patch operation
quit Exit from current mode and enter prior mode
reboot Reboot system,active board or standby board
reset reset command group
resource System resources(mem,message,cpu)
rollback Active/standby mainboard rollback command
save The command of saving immediately
search Search command
serial-mode Set access-mode: console/CQT/112/SPL
set Set the operative time of rollback function
ssh Specify SSH (secure shell) configuration information
syslog Config the syslog information
sysname Set system network name
system system command group
terminal terminal command group
time time command group
timezone Set time zone
undo Negate a command or set its defaults
bandwidth Modify bandwidth or convergence
cls Clear screen
display Display information
help Description of the interactive help system
history-command Enable and control the command history function
idle-timeout Display interval of terminal timeout
interactive Enable or disable command execute confirm function
ping Check network connectivity or whether the host is
reachable
quit Exit from current mode and enter prior mode
scroll Set auto or manual scroll function
shutdown Deactivate the port on the standby board
smart Enable or disable smart function
switch Switch language mode
telnet Open a telnet connection
terminal Operation of config terminal
tracert Trace route to destination
undo Negate a command or set its defaults
Command MSAN
1. MSAN01-D1-PPJ-1-MRF#display version
{ |frameid/slotid<1,15> }:
Command:
display version
UA5000IPMBV100R017 RELEASE SOFTWARE
Copyright (C) 1998-2008 by Huawei Technologies Co., Ltd.
Uptime is 0 day(s), 8 hour(s), 11 minute(s), 9 second(s)
2. MSAN01-D1-PPJ-1-MRF#display system sys-info
--------------------------------------------------
The main service identification of this node:
78
The IP address of this node:
0.0.0.0
The physical location of this node:
Shenzhen China
The contact person for this managed node:
R&D Shenzhen, Huawei Technologies Co., Ltd.
The description of this node:
Huawei Integrated Access Software
--------------------------------------------------
3.MSAN01-D1-PPJ-1-MRF#display board 0/6
-------------------------------------
Board Name : H603ADRB
Board Status : Normal
Online state : -
-------------------------------------
RAT board is Normal
-----------------------------------------------------------------------------
Port Port Type Port Status Line Profile Alarm Profile Ext Profile
-----------------------------------------------------------------------------
0 ADSL Activated 17 1 --
1 ADSL Activating 17 1 --
2 ADSL Activating 17 1 --
3 ADSL Activating 17 1 --
4 ADSL Activating 17 1 --
5 ADSL Activating 17 1 --
6 ADSL Activating 17 1 --
7 ADSL Activating 17 1 --
8 ADSL Activating 17 1 --
9 ADSL Activating 17 1 --
10 ADSL Activating 17 1 --
11 ADSL Activating 17 1 --
12 ADSL Activating 17 1 --
13 ADSL Activating 17 1 --
14 ADSL Activating 17 1 --
15 ADSL Activating 17 1 --
16 ADSL Activating 17 1 --
17 ADSL Activating 17 1 --
18 ADSL Activating 17 1 --
19 ADSL Activating 17 1 --
20 ADSL Activating 17 1 --
21 ADSL Activating 17 1 --
22 ADSL Activating 17 1 --
23 ADSL Activating 17 1 --
24 ADSL Activating 17 1 --
25 ADSL Activating 17 1 --
26 ADSL Activating 17 1 --
27 ADSL Activating 17 1 --
28 ADSL Activating 17 1 --
29 ADSL Activating 17 1 --
30 ADSL Activating 17 1 --
31 ADSL Activating 17 1 --
-----------------------------------------------------------------------------
Total number of activated port : 1
Total number of unactivated port: 31
port 1 sedang up
>>User name:root
>>User password:
Huawei HONET UA5000 Universal Access Unit.
Copyright(C) 1998-2008 by Huawei Technologies Co., Ltd.
Command MSAN
MSAN01-D1-PPJ-1-MRF>enable
MSAN01-D1-PPJ-1-MRF#?
---------------------------------------------
Command of privilege Mode:
---------------------------------------------
active Enable configuration
alarm alarm command group
autosave autosave command group
backup backup command group
backup-server Backup information
baudrate Set serial baudrate
clear Clear alarm statistics table
client Users information
config Configuration from terminal
debugging debugging command group
diagnose Change into diagnose mode
disable Turn off privileged mode commands
display Display information
duplicate duplicate command group
equipment-mode Set the system MSAN working mode
erase Erase command
event Set event level
ftp FTP user and password configuration
igmp Internet Group Management Protocol keyword
infolevel Set the output level of the information terminal
infoswitch Set output switch of information terminal
load load command group
log Modify log configuration
loghost Log server configuration operation
monitor Change into monitor mode
patch Patch operation
quit Exit from current mode and enter prior mode
reboot Reboot system,active board or standby board
reset reset command group
resource System resources(mem,message,cpu)
rollback Active/standby mainboard rollback command
save The command of saving immediately
search Search command
serial-mode Set access-mode: console/CQT/112/SPL
set Set the operative time of rollback function
ssh Specify SSH (secure shell) configuration information
syslog Config the syslog information
sysname Set system network name
system system command group
terminal terminal command group
time time command group
timezone Set time zone
undo Negate a command or set its defaults
bandwidth Modify bandwidth or convergence
cls Clear screen
display Display information
help Description of the interactive help system
history-command Enable and control the command history function
idle-timeout Display interval of terminal timeout
interactive Enable or disable command execute confirm function
ping Check network connectivity or whether the host is
reachable
quit Exit from current mode and enter prior mode
scroll Set auto or manual scroll function
shutdown Deactivate the port on the standby board
smart Enable or disable smart function
switch Switch language mode
telnet Open a telnet connection
terminal Operation of config terminal
tracert Trace route to destination
undo Negate a command or set its defaults
Command MSAN
1. MSAN01-D1-PPJ-1-MRF#display version
{ |frameid/slotid<1,15> }:
Command:
display version
UA5000IPMBV100R017 RELEASE SOFTWARE
Copyright (C) 1998-2008 by Huawei Technologies Co., Ltd.
Uptime is 0 day(s), 8 hour(s), 11 minute(s), 9 second(s)
2. MSAN01-D1-PPJ-1-MRF#display system sys-info
--------------------------------------------------
The main service identification of this node:
78
The IP address of this node:
0.0.0.0
The physical location of this node:
Shenzhen China
The contact person for this managed node:
R&D Shenzhen, Huawei Technologies Co., Ltd.
The description of this node:
Huawei Integrated Access Software
--------------------------------------------------
3.MSAN01-D1-PPJ-1-MRF#display board 0/6
-------------------------------------
Board Name : H603ADRB
Board Status : Normal
Online state : -
-------------------------------------
RAT board is Normal
-----------------------------------------------------------------------------
Port Port Type Port Status Line Profile Alarm Profile Ext Profile
-----------------------------------------------------------------------------
0 ADSL Activated 17 1 --
1 ADSL Activating 17 1 --
2 ADSL Activating 17 1 --
3 ADSL Activating 17 1 --
4 ADSL Activating 17 1 --
5 ADSL Activating 17 1 --
6 ADSL Activating 17 1 --
7 ADSL Activating 17 1 --
8 ADSL Activating 17 1 --
9 ADSL Activating 17 1 --
10 ADSL Activating 17 1 --
11 ADSL Activating 17 1 --
12 ADSL Activating 17 1 --
13 ADSL Activating 17 1 --
14 ADSL Activating 17 1 --
15 ADSL Activating 17 1 --
16 ADSL Activating 17 1 --
17 ADSL Activating 17 1 --
18 ADSL Activating 17 1 --
19 ADSL Activating 17 1 --
20 ADSL Activating 17 1 --
21 ADSL Activating 17 1 --
22 ADSL Activating 17 1 --
23 ADSL Activating 17 1 --
24 ADSL Activating 17 1 --
25 ADSL Activating 17 1 --
26 ADSL Activating 17 1 --
27 ADSL Activating 17 1 --
28 ADSL Activating 17 1 --
29 ADSL Activating 17 1 --
30 ADSL Activating 17 1 --
31 ADSL Activating 17 1 --
-----------------------------------------------------------------------------
Total number of activated port : 1
Total number of unactivated port: 31
port 1 sedang up
Thursday, May 14, 2009
Router Vertex Filter
### IP FILTERING & MASQUERADING RULES ###
ipchains -A input -j DENY -s 0.0.0.0/0 137 -d 0.0.0.0/0 137 -p icmp
ipchains -A input -j DENY -s 0.0.0.0/0 137 -d 0.0.0.0/0 137 -p tcp
ipchains -A input -j DENY -s 0.0.0.0/0 137 -d 0.0.0.0/0 137 -p udp
ipchains -A input -j DENY -s 0.0.0.0/0 138 -d 0.0.0.0/0 138 -p udp
ipchains -A input -j DENY -s 0.0.0.0/0 138 -d 0.0.0.0/0 138 -p icmp
ipchains -A input -j DENY -s 0.0.0.0/0 138 -d 0.0.0.0/0 138 -p tcp
ipchains -A input -j DENY -s 0.0.0.0/0 139 -d 0.0.0.0/0 139 -p tcp
ipchains -A input -j DENY -s 0.0.0.0/0 139 -d 0.0.0.0/0 139 -p icmp
ipchains -A input -j DENY -s 0.0.0.0/0 139 -d 0.0.0.0/0 139 -p udp
ipchains -A input -j DENY -s 0.0.0.0/0 139 -d 0.0.0.0/0 445 -p tcp
ipchains -A input -j DENY -s 0.0.0.0/0 139 -d 0.0.0.0/0 445 -p icmp
ipchains -A input -j DENY -s 0.0.0.0/0 139 -d 0.0.0.0/0 445 -p udp
ipchains -A input -j DENY -s 0.0.0.0/0 137 -d 0.0.0.0/0 137 -p icmp
ipchains -A input -j DENY -s 0.0.0.0/0 137 -d 0.0.0.0/0 137 -p tcp
ipchains -A input -j DENY -s 0.0.0.0/0 137 -d 0.0.0.0/0 137 -p udp
ipchains -A input -j DENY -s 0.0.0.0/0 138 -d 0.0.0.0/0 138 -p udp
ipchains -A input -j DENY -s 0.0.0.0/0 138 -d 0.0.0.0/0 138 -p icmp
ipchains -A input -j DENY -s 0.0.0.0/0 138 -d 0.0.0.0/0 138 -p tcp
ipchains -A input -j DENY -s 0.0.0.0/0 139 -d 0.0.0.0/0 139 -p tcp
ipchains -A input -j DENY -s 0.0.0.0/0 139 -d 0.0.0.0/0 139 -p icmp
ipchains -A input -j DENY -s 0.0.0.0/0 139 -d 0.0.0.0/0 139 -p udp
ipchains -A input -j DENY -s 0.0.0.0/0 139 -d 0.0.0.0/0 445 -p tcp
ipchains -A input -j DENY -s 0.0.0.0/0 139 -d 0.0.0.0/0 445 -p icmp
ipchains -A input -j DENY -s 0.0.0.0/0 139 -d 0.0.0.0/0 445 -p udp
DSLAM ZTE
######################################################################
# #
# Welcome to ZTE Full Service Access Platform #
# #
# Press Return to get started #
# #
# Copyright 2005-2009 , ZTE Co.,Ltd. #
# #
######################################################################
Login:
Login:admin
Password:
ZTE-COBA-SHDSL>enable
Please input password:
ZTE-COBA-SHDSL# show run
add-card SSTEB 1
end
configure
add-vlan 31,771
ip host 10.62.5.101 255.255.0.0
ip subnet 172.20.xxx.x 255.255.255.128 31 name "ZTESUBNET"
ip modem 192.168.2.2 255.255.255.0
system hostname ZTE-
end
configure interface shdsl 1/1
pvid 771 pvc 1
end
configure interface shdsl 1/2
pvid 771 pvc 1
end
configure interface shdsl 1/3
pvid 771 pvc 1
end
configure interface shdsl 1/4
pvid 771 pvc 1
end
configure interface shdsl 1/5
pvid 771 pvc 1
end
configure interface shdsl 1/6
pvid 771 pvc 1
end
configure interface shdsl 1/7
pvid 771 pvc 1
end
configure interface shdsl 1/8
pvid 771 pvc 1
end
configure interface shdsl 1/9
pvid 771 pvc 1
end
configure interface shdsl 1/10
pvid 771 pvc 1
end
configure interface shdsl 1/11
pvid 771 pvc 1
end
configure interface shdsl 1/12
pvid 771 pvc 1
end
configure interface shdsl 1/13
pvid 771 pvc 1
end
configure interface shdsl 1/14
pvid 771 pvc 1
end
configure interface shdsl 1/15
pvid 771 pvc 1
end
configure interface shdsl 1/16
pvid 771 pvc 1
end
configure interface shdsl 1/17
pvid 771 pvc 1
end
configure interface shdsl 1/18
pvid 771 pvc 1
end
configure interface shdsl 1/19
pvid 771 pvc 1
end
configure interface shdsl 1/20
pvid 771 pvc 1
end
configure interface shdsl 1/21
pvid 771 pvc 1
end
configure interface shdsl 1/22
pvid 771 pvc 1
end
configure interface shdsl 1/23
pvid 771 pvc 1
end
configure interface shdsl 1/24
pvid 771 pvc 1
end
configure
vlan 771 1/1-24 untag pvc 1
vlan 31 5/1 tag
vlan 771 5/1 tag
uplink-mode cascade master-port 5/1
# #
# Welcome to ZTE Full Service Access Platform #
# #
# Press Return to get started #
# #
# Copyright 2005-2009 , ZTE Co.,Ltd. #
# #
######################################################################
Login:
Login:admin
Password:
ZTE-COBA-SHDSL>enable
Please input password:
ZTE-COBA-SHDSL# show run
add-card SSTEB 1
end
configure
add-vlan 31,771
ip host 10.62.5.101 255.255.0.0
ip subnet 172.20.xxx.x 255.255.255.128 31 name "ZTESUBNET"
ip modem 192.168.2.2 255.255.255.0
system hostname ZTE-
end
configure interface shdsl 1/1
pvid 771 pvc 1
end
configure interface shdsl 1/2
pvid 771 pvc 1
end
configure interface shdsl 1/3
pvid 771 pvc 1
end
configure interface shdsl 1/4
pvid 771 pvc 1
end
configure interface shdsl 1/5
pvid 771 pvc 1
end
configure interface shdsl 1/6
pvid 771 pvc 1
end
configure interface shdsl 1/7
pvid 771 pvc 1
end
configure interface shdsl 1/8
pvid 771 pvc 1
end
configure interface shdsl 1/9
pvid 771 pvc 1
end
configure interface shdsl 1/10
pvid 771 pvc 1
end
configure interface shdsl 1/11
pvid 771 pvc 1
end
configure interface shdsl 1/12
pvid 771 pvc 1
end
configure interface shdsl 1/13
pvid 771 pvc 1
end
configure interface shdsl 1/14
pvid 771 pvc 1
end
configure interface shdsl 1/15
pvid 771 pvc 1
end
configure interface shdsl 1/16
pvid 771 pvc 1
end
configure interface shdsl 1/17
pvid 771 pvc 1
end
configure interface shdsl 1/18
pvid 771 pvc 1
end
configure interface shdsl 1/19
pvid 771 pvc 1
end
configure interface shdsl 1/20
pvid 771 pvc 1
end
configure interface shdsl 1/21
pvid 771 pvc 1
end
configure interface shdsl 1/22
pvid 771 pvc 1
end
configure interface shdsl 1/23
pvid 771 pvc 1
end
configure interface shdsl 1/24
pvid 771 pvc 1
end
configure
vlan 771 1/1-24 untag pvc 1
vlan 31 5/1 tag
vlan 771 5/1 tag
uplink-mode cascade master-port 5/1
Wednesday, May 13, 2009
Subscribe to:
Posts (Atom)