[V200R008C20SPC800]

#
sysname REGISTRO_MERCANTIL_SOLOLA
header shell information "||===================================================||
|| ______ _ _ ||
|| (_) | | | | | o ||
|| | _ | | _ | | __ _ _ __ __, ||
|| _ ||/ |/ |/ |/ / \_/ |/ | | / / | ||
|| (_/ |__/|__/|__/|__/\__/ | |_/|_/\___/\_/|_/ ||
|| |\ ||
|| |/ ||
||ADVERTENCIA!! ||
||Usted debe tener autorizacion previa para el acceso||
||a este sistema. Se registran y se supervisan todas ||
||las conexiones. ||
||===================================================||"
header login information
"####################################################################
# ______ _ _ #
# (_) | | | | | o #
# | _ | | _ | | __ _ _ __ __, #
# _ ||/ |/ |/ |/ / \_/ |/ | | / / | #
# (_/ |__/|__/|__/|__/\__/ | |_/|_/\___/\_/|_/ #
# |\ #
# |/ #
# TELEFONICA MOVILES GUATEMALA #
# ADVERTENCIA: Usted debe tener autorizacion previa para el acceso #
# a este sistema. Se registran y se supervisan todas #
# conexiones. Conectando con este sistema usted consiente #
# completamente toda supervision. El acceso o el uso #
# no autorizado sera procesado al maximo grado de la ley. #
####################################################################"
#
ssl renegotiation-rate 1
#
drop illegal-mac alarm
#
ipv6
#
router id 10.13.150.140
#
ipsec authentication sha2 compatible enable
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
dot1x-access-profile dot1x_access_profile
access-domain default
authentication-profile name mac_authen_profile
authentication-profile name portal_authen_profile
authentication-profile name dot1xmac_authen_profile
#
dns resolve
dns server 190.143.189.36
dns server 216.184.96.4
dns proxy enable
#
dhcp enable
#
radius-server template default
radius-server template radius
radius-server shared-key cipher %^%#f3DLKi/.h,>Cb#P&gae#OU*B~_+WW#ePG#8Qji:U%^%#
radius-server authentication 10.10.4.100 1812 source LoopBack 502 weight 80
radius-server accounting 10.10.4.100 1813 source LoopBack 502 weight 80
undo radius-server user-name domain-included
radius-server authorization 10.10.4.100 shared-key cipher %^
%#TBh8Hk#o|"{kVl.db^jGCosC$$bnyUxS{P;`(d;8%^%#
#
pki realm default
enrollment self-signed
#
ssl policy default_policy type server
pki-realm default
version tls1.0 tls1.1
ciphersuite rsa_aes_128_cbc_sha
#
acl number 2000
rule 1 permit source 10.20.154.15 0
#
acl number 3001
description "RADIUS_ACCESO"
step 1
rule 2 permit tcp source 10.120.26.0 0.0.0.255 destination-port eq telnet
rule 3 permit tcp source 192.168.0.0 0.0.255.255 destination-port eq telnet
rule 4 permit tcp source 66.119.95.0 0.0.0.255 destination-port eq telnet
rule 5 permit tcp source 10.10.0.0 0.0.255.255 destination-port eq telnet
rule 6 deny tcp destination-port eq telnet
rule 7 deny tcp destination-port eq 22
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
ip pool usuarios
gateway-list 172.16.1.1
network 172.16.1.0 mask 255.255.255.0
dns-list 172.16.1.1 216.184.96.4 190.143.189.36
#
aaa
authentication-scheme default
authentication-mode radius local
authentication-scheme radius
authentication-mode radius
authorization-scheme default
accounting-scheme default
accounting-mode radius
accounting start-fail online
domain default
authentication-scheme default
domain default_admin
authentication-scheme default
radius-server radius
local-user admin password irreversible-cipher %^
%#G8n_={m~OCXR]OFR2+9L[dmC#GvZZ5tQ2,6aNlXFJlyq6qNt54dw#P9e~'6;%^%#
local-user admin privilege level 15
local-user admin service-type telnet terminal ssh ftp http
#
web
user-set Default
 user-set VIP
#
firewall zone Local
priority 16
#
nat alg dns enable
#
interface Vlanif1
description "LAN CLIENTE"
ip address 172.16.1.1 255.255.255.0
dhcp select global
#
interface Ethernet0/0/0
#
interface GigabitEthernet0/0/0
auto speed 100
auto duplex full
#
interface GigabitEthernet0/0/1
auto speed 100
auto duplex full
#
interface GigabitEthernet0/0/2
auto speed 100
auto duplex full
#
interface GigabitEthernet0/0/3
auto speed 100
auto duplex full
#
interface GigabitEthernet0/0/4
auto speed 100
auto duplex full
#
interface GigabitEthernet0/0/5
description VirtualPort
ip address 192.168.254.1 255.255.255.0
#
interface Wlan-Bss5
#
interface Cellular0/0/0
tcp adjust-mss 1200
dialer enable-circular
dialer-group 1
dialer timer autodial 10
ip address negotiate
#
interface Cellular0/0/1
#
interface NULL0
#
interface LoopBack502
ip address 10.13.150.140 255.255.255.255
#
interface Tunnel0/0/1
description SOLOLA
ip address 5.0.0.24 255.255.255.0
tunnel-protocol gre p2mp
source Cellular0/0/0
 gre key plain 123456
gre checksum
nhrp authentication simple 123456
nhrp entry multicast dynamic
nhrp network-id 100
nhrp entry 5.0.0.1 10.13.150.136 register
#
dialer-rule
dialer-rule 1 ip permit
#
apn profile regmer.movistar.gt
user name movistargt password simple movistargt
apn regmer.movistar.gt
#
bgp 65024
router-id 10.13.150.140
peer 5.0.0.1 as-number 65000
peer 5.0.0.1 timer keepalive 5 hold 20
peer 5.0.0.1 timer connect-retry 1
peer 5.0.0.1 connect-interface Tunnel0/0/1
#
ipv4-family unicast
undo synchronization
import-route direct
peer 5.0.0.1 enable
peer 5.0.0.1 route-policy BLOCK_IP_SIM export
#
route-policy BLOCK_IP_SIM deny node 5
if-match acl 2000
#
route-policy BLOCK_IP_SIM permit node 10
#
info-center timestamp log format-date
#
snmp-agent local-engineid 800007DB0360FA9DFD4CFB
#
stelnet server enable
telnet server enable
#
http secure-server ssl-policy default_policy
http server enable
http secure-server enable
#
ip route-static 0.0.0.0 0.0.0.0 5.0.0.1
ip route-static 10.10.4.0 255.255.255.0 Cellular0/0/0
ip route-static 10.13.150.136 255.255.255.255 Cellular0/0/0
#
user-interface con 0
authentication-mode aaa
idle-timeout 5 5
screen-length 0
user-interface vty 0 4
acl 3001 inbound
authentication-mode aaa
user privilege level 15
idle-timeout 5 5
#
wlan
wmm-profile name wmmf id 0
 traffic-profile name traf id 0
security-profile name secf id 0
radio-profile name radiof id 0
wmm-profile id 0
#
interface Wlan-Radio0/0/0
#
interface Wlan-Radio0/0/1
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
#
ntp-service source-interface LoopBack502
ntp-service unicast-server 10.10.4.100 preference
ntp-service unicast-peer 10.10.4.100
#
voice
#
diagnose
#
ops
#
autostart
#
return