configure
license
key "\
VER=1|C1M=SanDiskSDJNJKL742749406|C1S=14J3KJI20|DOI=108|DOE=12\
SIG=MC4CFQCf9f7bAibGKJWqMd5XowxVwIVALIVgTVDsVAAogKe7fUHAEUTokw"
aaa
default-domain subscriber radius
aaa
last-resort context subscriber radius
gtpp
single-source
system
hostname ABCCH4
autoconfirm
clock
timezone asia-calcutta
crash
enable encrypted url 123abc456def789ghi
card
1
mode
active psc
exit
card
2
mode
active psc
exit
card
4
mode
active psc
exit
require
session recovery
require
active-charging
context
local
interface
SPIO1
ip
address 1.2.3.4 255.255.255.0
exit
server
ftpd
exit
ssh
key 123abc456def789ghi123abc456def789ghi len 461
server
sshd
subsystem
sftp
exit
server
telnetd
exit
subscriber
default
exit
administrator
staradmin encrypted password 123abc456def789ghi ftp
aaa
group default
exit
gtpp
group default
exit
ip
route 0.0.0.0 0.0.0.0 2.3.4.5 SPIO1
exit
port
ethernet 24/1
no
shutdown
bind
interface SPIO1 local
exit
ntp
enable
server
10.6.1.1
exit
snmp
engine-id local 77777e66666a55555
active-charging
service service_1
nat
allocation-failure send-icmp-dest-unreachable
host-pool
host1
ip
range 1.2.3.4 to 2.3.4.5
exit
host-pool
host2
ip
range 3.4.5.6 to 4.5.6.7
exit
host-pool
host3
ip
range 5.6.7.8 to 6.7.8.9
exit
ruledef
ip_any
ip
any-match = TRUE
exit
ruledef
rt_ftp
tcp
dst-port = 21
rule-application
routing
exit
ruledef
rt_ftp_data
tcp
dst-port = 20
rule-application
routing
exit
ruledef
rt_rtsp
tcp
dst-port = 554
rule-application
routing
exit
ruledef
rt_http
tcp
dst-port = 80
rule-application
routing
exit
ruledef
rt_pptp
tcp
dst-port = 1723
rule-application
routing
exit
ruledef
rt_tftp
udp
dst-port = 69
rule-application
routing
exit
access-ruledef
fw_icmp
icmp
any-match = TRUE
exit
access-ruledef
fw_tcp
tcp
any-match = TRUE
exit
access-ruledef
fw_udp
udp
any-match = TRUE
exit
edr-format
nbr_format1
attribute
sn-start-time format MM/DD/YYYY-HH:MM:SS priority
5
attribute
sn-end-time format MM/DD/YYYY-HH:MM:SS priority
10
attribute
radius-nas-ip-address priority 15
attribute
sn-correlation-id priority 20
rule-variable
ip subscriber-ip-address priority 25
rule-variable
ip server-ip-address priority 30
attribute
sn-subscriber-port priority 35
attribute
sn-server-port priority 40
attribute
sn-flow-id priority 45
attribute
sn-volume-amt ip bytes uplink priority 50
attribute
sn-volume-amt ip bytes downlink priority 55
attribute
sn-volume-amt ip pkts uplink priority 60
attribute
sn-volume-amt ip pkts downlink priority 65
attribute
sn-volume-amt tcp pkts downlink priority 66
attribute
sn-volume-amt tcp pkts uplink priority 67
attribute
sn-volume-amt tcp bytes downlink priority 68
attribute
sn-volume-amt tcp bytes uplink priority 69
rule-variable
ip protocol priority 70
attribute
sn-app-protocol priority 75
attribute
radius-user-name priority 80
attribute
radius-calling-station-id priority 85
attribute
sn-direction priority 90
attribute
sn-volume-dropped-amt ip bytes uplink priority 100
attribute
sn-volume-dropped-amt ip bytes downlink priority 110
attribute
sn-volume-dropped-amt ip packts uplink priority 115
attribute
sn-volume-dropped-amt ip packts downlink priority 120
attribute
sn-volume-dropped-amt tcp bytes uplink priority 130
attribute
sn-volume-dropped-amt tcp bytes downlink priority 140
attribute
sn-volume-dropped-amt tcp packts uplink priority 155
attribute
sn-volume-dropped-amt tcp packts downlink priority 160
exit
udr-format
udr_format
attribute
sn-start-time format MM/DD/YYYY-HH:MM:SS localtime
priority 1
attribute
sn-end-time format MM/DD/YYYY-HH:MM:SS localtime
priority 2
attribute
sn-correlation-id priority 4
attribute
sn-content-vol bytes uplink priority 6
attribute
sn-content-vol bytes downlink priority 7
attribute
sn-fa-correlation-id priority 8
attribute
radius-fa-nas-ip-address priority 9
attribute
radius-fa-nas-identifier priority 10
attribute
radius-user-name priority 11
attribute
sn-content-vol pkts uplink priority 12
attribute
sn-content-vol pkts downlink priority 13
attribute
sn-group-id priority 14
attribute
sn-content-id priority 15
exit
xheader-format
header
insert
Stpid-1 variable bearer sn-rulebase
insert
Stpid-2 variable bearer subscriber-ip-address
exit
charging-action
ca_nothing
content-id
20
exit
bandwidth-policy
bw1
exit
bandwidth-policy
bw2
exit
rulebase
base_1
route
priority 1 ruledef rt_ftp analyzer ftp-control
route
priority 10 ruledef rt_ftp_data analyzer ftp-data
route
priority 20 ruledef rt_rtsp analyzer rtsp
route
priority 40 ruledef rt_http analyzer http
route
priority 50 ruledef rt_pptp analyzer pptp
route
priority 60 ruledef rt_tftp analyzer tftp
rtp
dynamic-flow-detection
fw-and-nat
default-policy base_1
exit
rulebase
base_2
action
priority 1 ruledef ip_any charging-action ca_nothing
route
priority 1 ruledef rt_ftp analyzer ftp-control
route
priority 10 ruledef rt_ftp_data analyzer ftp-data
route
priority 40 ruledef rt_http analyzer http
route
priority 50 ruledef rt_pptp analyzer pptp
route
priority 60 ruledef rt_tftp analyzer tftp
bandwidth
default-policy bw2
fw-and-nat
default-policy base_2
exit
rulebase
default
exit
fw-and-nat
policy base_1
access-rule
priority 1 access-ruledef fw_tcp permit
access-rule
priority 2 access-ruledef fw_udp permit
firewall
dos-protection source-router
firewall
dos-protection winnuke
firewall
dos-protection mime-flood
firewall
dos-protection ftp-bounce
firewall
dos-protection ip-unaligned-timestamp
firewall
dos-protection tcp-window-containment
firewall
dos-protection teardrop
firewall
dos-protection flooding udp
firewall
dos-protection flooding icmp
firewall
dos-protection flooding tcp-syn
firewall
dos-protection port-scan
firewall
dos-protection ipv6-dst-options invalid-options
firewall
dos-protection ipv6-extension-hdrs limit 2
firewall
dos-protection ipv6-hop-by-hop jumbo-payload
firewall
dos-protection ipv6-hop-by-hop router-alert
firewall
tcp-first-packet-non-syn reset
firewall
policy ipv4-and-ipv6
exit
fw-and-nat
policy base_2
access-rule
priority 5 access-ruledef fw_tcp_port_3000
permit trigger open-port 5000 direction reverse
access-rule
priority 10 access-ruledef fw_tcp permit
access-rule
priority 20 access-ruledef fw_udp permit
access-rule
priority 30 access-ruledef fw_icmp deny
firewall
policy ipv4-and-ipv6
exit
nat
tcp-2msl-timeout 120
exit
context
pdsn
interface
pdsn
ip
address 11.22.33.44 255.255.255.0
ip
address 22.33.44.55 255.255.255.0 secondary
exit
ssh
key 123abc456def789ghi123abc456def789ghi len 461
server
sshd
subsystem
sftp
exit
subscriber
default
ip
access-group css-1 in
ip
access-group css-1 out
ip
context-name isp
mobile-ip
send accounting-correlation-info
active-charging
rulebase base_1
exit
aaa
group default
exit
gtpp
group default
exit
pdsn-service
pdsn
spi
remote-address 1.1.1.1 spi-number 256 encrypted secret 5c4a38dc2ff61f72
timestamp-tolerance 0
spi
remote-address 2.2.2.2 spi-number 256 encrypted secret 5c4a38dc2ff61f72
timestamp-tolerance 0
spi
remote-address 3.3.3.3 spi-number 9999 encrypted secret 5c4a38dc2ff61f72
timestamp-tolerance 0
authentication
pap 1 chap 2 allow-noauth
bind
address 4.4.4.4
exit
edr-module
active-charging-service
file
name NBR_nat current-prefix Record rotation time 45 headers
edr-format-name
exit
exit
context
isp
ip
access-list css
redirect
css service service_1 ip any any
exit
ip
pool pool1 5.5.5.5 255.255.0.0 public 0
interface
isp
ip
address 6.6.6.6 255.255.255.0
exit
subscriber
default
exit
aaa
group default
exit
gtpp
group default
exit
ip
route 0.0.0.0 0.0.0.0 7.7.7.7 isp
exit
context
radius
interface
radius
ip
address 8.8.8.8 255.255.255.0
exit
subscriber
default
exit
subscriber
name ABC7-sub
ip
access-group css in
ip
access-group css out
ip
context-name isp
active-charging
rulebase base_1
exit
subscriber
name ABC9-sub
ip
access-group css in
ip
access-group css out
ip
context-name isp1
active-charging
rulebase base_2
exit
domain
ABC7.com default subscriber ABC7-sub
domain
ABC9.com default subscriber ABC9-sub
radius
change-authorize-nas-ip 77.77.77.77 encrypted key 123abc456def789ghi
port 4000
aaa
group default
radius
attribute nas-ip-address address 99.99.99.99
radius
dictionary custom9
radius
server 9.9.9.9 encrypted key 123abc456def789gh port 1645
radius
accounting server 8.8.8.8 encrypted key 123abc port 1646
exit
gtpp
group default
exit
diameter
endpoint acs-fire.star.com
origin
host acs-fire.star.com address 44.44.44.44
peer
minid realm star.com address 55.55.55.55
exit
exit
bulkstats
collection
bulkstats
mode
sample-interval
1
transfer-interval
15
file
1
remotefile
format /localdisk/ABCCH4.bulkstat
receiver
66.66.66.66 primary mechanism ftp login root encrypted password
123abc456def789ghi
context
schema sfw-dir format "sfw-dir\nsfw-dnlnk-droppkts:%sfw-dnlnk-droppkts%\nsfw-dnlnk-dropbytes:%sfw-dnlnk-dropbytes%\nsfw-uplnk-droppkts:%sfw-uplnk-droppkts%\nsfw-uplnk-dropbytes:%sfw-uplnk-dropbytes%\nsfw-ip-discardpackets:%sfw-ip-discardpackets%\nsfw-ip-malpackets:%sfw-ip-malpackets%\nsfw-icmp-discardpackets:%sfw-icmp-discardpackets%\nsfw-icmp-malpackets:%sfw-icmp-malpackets%\nsfw-tcp-discardpackets:%sfw-tcp-discardpackets%\nsfw-tcp-malpackets:%sfw-tcp-malpackets%\nsfw-udp-discardpackets:%sfw-udp-discardpackets%\nsfw-udp-malpackets:%sfw-udp-malpackets%\n---------------------\n"
context
schema sfw-total format "sfw-total\nvpnname:%vpnname%\nvpnid:%vpnid%\nsfw-total-rxpackets:%sfw-total-rxpackets%\nsfw-total-rxbytes:%sfw-total-rxbytes%\nsfw-total-txpackets:%sfw-total-txpackets%\nsfw-total-txbytes:%sfw-total-txbytes%\nsfw-total-injectedpkts:%sfw-total-injectedpkts%\nsfw-total-injectedbytes:%sfw-total-injectedbytes%sfw-total-malpackets:%sfw-total-malpackets%\nsfw-total-dosattacks:%sfw-total-dosattacks%\nsfw-total-flows:%sfw-total-flows%\n---------------------\n"
exit
exit
port
ethernet 17/1
no
shutdown
bind
interface pdsn pdsn
exit
port
ethernet 17/2
no
shutdown
bind
interface isp isp
exit
port
ethernet 17/3
no
shutdown
bind
interface radius radius
exit
port
ethernet 17/4
no
shutdown
exit
port
ethernet 17/5
no
shutdown
exit
end