-
Notifications
You must be signed in to change notification settings - Fork 0
/
sw2.config
1028 lines (1027 loc) · 66.5 KB
/
sw2.config
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
--{ running }--[ ]--
A:sw2# info flat
set / acl
set / acl cpm-filter
set / acl cpm-filter ipv4-filter
set / acl cpm-filter ipv4-filter statistics-per-entry true
set / acl cpm-filter ipv4-filter entry 10
set / acl cpm-filter ipv4-filter entry 10 description "Accept incoming ICMP unreachable messages"
set / acl cpm-filter ipv4-filter entry 10 action
set / acl cpm-filter ipv4-filter entry 10 action accept
set / acl cpm-filter ipv4-filter entry 10 action accept rate-limit
set / acl cpm-filter ipv4-filter entry 10 action accept rate-limit system-cpu-policer icmp
set / acl cpm-filter ipv4-filter entry 10 match
set / acl cpm-filter ipv4-filter entry 10 match protocol icmp
set / acl cpm-filter ipv4-filter entry 10 match icmp
set / acl cpm-filter ipv4-filter entry 10 match icmp type dest-unreachable
set / acl cpm-filter ipv4-filter entry 10 match icmp code [ 0 1 2 3 4 13 ]
set / acl cpm-filter ipv4-filter entry 20
set / acl cpm-filter ipv4-filter entry 20 description "Accept incoming ICMP time-exceeded messages"
set / acl cpm-filter ipv4-filter entry 20 action
set / acl cpm-filter ipv4-filter entry 20 action accept
set / acl cpm-filter ipv4-filter entry 20 action accept rate-limit
set / acl cpm-filter ipv4-filter entry 20 action accept rate-limit system-cpu-policer icmp
set / acl cpm-filter ipv4-filter entry 20 match
set / acl cpm-filter ipv4-filter entry 20 match protocol icmp
set / acl cpm-filter ipv4-filter entry 20 match icmp
set / acl cpm-filter ipv4-filter entry 20 match icmp type time-exceeded
set / acl cpm-filter ipv4-filter entry 30
set / acl cpm-filter ipv4-filter entry 30 description "Accept incoming ICMP parameter problem messages"
set / acl cpm-filter ipv4-filter entry 30 action
set / acl cpm-filter ipv4-filter entry 30 action accept
set / acl cpm-filter ipv4-filter entry 30 action accept rate-limit
set / acl cpm-filter ipv4-filter entry 30 action accept rate-limit system-cpu-policer icmp
set / acl cpm-filter ipv4-filter entry 30 match
set / acl cpm-filter ipv4-filter entry 30 match protocol icmp
set / acl cpm-filter ipv4-filter entry 30 match icmp
set / acl cpm-filter ipv4-filter entry 30 match icmp type param-problem
set / acl cpm-filter ipv4-filter entry 40
set / acl cpm-filter ipv4-filter entry 40 description "Accept incoming ICMP echo messages"
set / acl cpm-filter ipv4-filter entry 40 action
set / acl cpm-filter ipv4-filter entry 40 action accept
set / acl cpm-filter ipv4-filter entry 40 action accept rate-limit
set / acl cpm-filter ipv4-filter entry 40 action accept rate-limit system-cpu-policer icmp
set / acl cpm-filter ipv4-filter entry 40 match
set / acl cpm-filter ipv4-filter entry 40 match protocol icmp
set / acl cpm-filter ipv4-filter entry 40 match icmp
set / acl cpm-filter ipv4-filter entry 40 match icmp type echo
set / acl cpm-filter ipv4-filter entry 50
set / acl cpm-filter ipv4-filter entry 50 description "Accept incoming ICMP echo-reply messages"
set / acl cpm-filter ipv4-filter entry 50 action
set / acl cpm-filter ipv4-filter entry 50 action accept
set / acl cpm-filter ipv4-filter entry 50 action accept rate-limit
set / acl cpm-filter ipv4-filter entry 50 action accept rate-limit system-cpu-policer icmp
set / acl cpm-filter ipv4-filter entry 50 match
set / acl cpm-filter ipv4-filter entry 50 match protocol icmp
set / acl cpm-filter ipv4-filter entry 50 match icmp
set / acl cpm-filter ipv4-filter entry 50 match icmp type echo-reply
set / acl cpm-filter ipv4-filter entry 60
set / acl cpm-filter ipv4-filter entry 60 description "Accept incoming SSH when the other host initiates the TCP connection"
set / acl cpm-filter ipv4-filter entry 60 action
set / acl cpm-filter ipv4-filter entry 60 action accept
set / acl cpm-filter ipv4-filter entry 60 match
set / acl cpm-filter ipv4-filter entry 60 match protocol tcp
set / acl cpm-filter ipv4-filter entry 60 match destination-port
set / acl cpm-filter ipv4-filter entry 60 match destination-port operator eq
set / acl cpm-filter ipv4-filter entry 60 match destination-port value 22
set / acl cpm-filter ipv4-filter entry 70
set / acl cpm-filter ipv4-filter entry 70 description "Accept incoming SSH when this router initiates the TCP connection"
set / acl cpm-filter ipv4-filter entry 70 action
set / acl cpm-filter ipv4-filter entry 70 action accept
set / acl cpm-filter ipv4-filter entry 70 match
set / acl cpm-filter ipv4-filter entry 70 match protocol tcp
set / acl cpm-filter ipv4-filter entry 70 match source-port
set / acl cpm-filter ipv4-filter entry 70 match source-port operator eq
set / acl cpm-filter ipv4-filter entry 70 match source-port value 22
set / acl cpm-filter ipv4-filter entry 80
set / acl cpm-filter ipv4-filter entry 80 description "Accept incoming Telnet when the other host initiates the TCP connection"
set / acl cpm-filter ipv4-filter entry 80 action
set / acl cpm-filter ipv4-filter entry 80 action accept
set / acl cpm-filter ipv4-filter entry 80 match
set / acl cpm-filter ipv4-filter entry 80 match protocol tcp
set / acl cpm-filter ipv4-filter entry 80 match destination-port
set / acl cpm-filter ipv4-filter entry 80 match destination-port operator eq
set / acl cpm-filter ipv4-filter entry 80 match destination-port value 23
set / acl cpm-filter ipv4-filter entry 90
set / acl cpm-filter ipv4-filter entry 90 description "Accept incoming Telnet when this router initiates the TCP connection"
set / acl cpm-filter ipv4-filter entry 90 action
set / acl cpm-filter ipv4-filter entry 90 action accept
set / acl cpm-filter ipv4-filter entry 90 match
set / acl cpm-filter ipv4-filter entry 90 match protocol tcp
set / acl cpm-filter ipv4-filter entry 90 match source-port
set / acl cpm-filter ipv4-filter entry 90 match source-port operator eq
set / acl cpm-filter ipv4-filter entry 90 match source-port value 23
set / acl cpm-filter ipv4-filter entry 100
set / acl cpm-filter ipv4-filter entry 100 description "Accept incoming TACACS+ when the other host initiates the TCP connection"
set / acl cpm-filter ipv4-filter entry 100 action
set / acl cpm-filter ipv4-filter entry 100 action accept
set / acl cpm-filter ipv4-filter entry 100 match
set / acl cpm-filter ipv4-filter entry 100 match protocol tcp
set / acl cpm-filter ipv4-filter entry 100 match destination-port
set / acl cpm-filter ipv4-filter entry 100 match destination-port operator eq
set / acl cpm-filter ipv4-filter entry 100 match destination-port value 49
set / acl cpm-filter ipv4-filter entry 110
set / acl cpm-filter ipv4-filter entry 110 description "Accept incoming TACACS+ when this router initiates the TCP connection"
set / acl cpm-filter ipv4-filter entry 110 action
set / acl cpm-filter ipv4-filter entry 110 action accept
set / acl cpm-filter ipv4-filter entry 110 match
set / acl cpm-filter ipv4-filter entry 110 match protocol tcp
set / acl cpm-filter ipv4-filter entry 110 match source-port
set / acl cpm-filter ipv4-filter entry 110 match source-port operator eq
set / acl cpm-filter ipv4-filter entry 110 match source-port value 49
set / acl cpm-filter ipv4-filter entry 120
set / acl cpm-filter ipv4-filter entry 120 description "Accept incoming DNS response messages"
set / acl cpm-filter ipv4-filter entry 120 action
set / acl cpm-filter ipv4-filter entry 120 action accept
set / acl cpm-filter ipv4-filter entry 120 match
set / acl cpm-filter ipv4-filter entry 120 match protocol udp
set / acl cpm-filter ipv4-filter entry 120 match source-port
set / acl cpm-filter ipv4-filter entry 120 match source-port operator eq
set / acl cpm-filter ipv4-filter entry 120 match source-port value 53
set / acl cpm-filter ipv4-filter entry 130
set / acl cpm-filter ipv4-filter entry 130 description "Accept incoming DHCP messages targeted for BOOTP/DHCP client"
set / acl cpm-filter ipv4-filter entry 130 action
set / acl cpm-filter ipv4-filter entry 130 action accept
set / acl cpm-filter ipv4-filter entry 130 match
set / acl cpm-filter ipv4-filter entry 130 match protocol udp
set / acl cpm-filter ipv4-filter entry 130 match destination-port
set / acl cpm-filter ipv4-filter entry 130 match destination-port operator eq
set / acl cpm-filter ipv4-filter entry 130 match destination-port value 68
set / acl cpm-filter ipv4-filter entry 140
set / acl cpm-filter ipv4-filter entry 140 description "Accept incoming TFTP read-request and write-request messages"
set / acl cpm-filter ipv4-filter entry 140 action
set / acl cpm-filter ipv4-filter entry 140 action accept
set / acl cpm-filter ipv4-filter entry 140 match
set / acl cpm-filter ipv4-filter entry 140 match protocol udp
set / acl cpm-filter ipv4-filter entry 140 match destination-port
set / acl cpm-filter ipv4-filter entry 140 match destination-port operator eq
set / acl cpm-filter ipv4-filter entry 140 match destination-port value 69
set / acl cpm-filter ipv4-filter entry 150
set / acl cpm-filter ipv4-filter entry 150 description "Accept incoming HTTP(JSON-RPC) when the other host initiates the TCP connection"
set / acl cpm-filter ipv4-filter entry 150 action
set / acl cpm-filter ipv4-filter entry 150 action accept
set / acl cpm-filter ipv4-filter entry 150 match
set / acl cpm-filter ipv4-filter entry 150 match protocol tcp
set / acl cpm-filter ipv4-filter entry 150 match destination-port
set / acl cpm-filter ipv4-filter entry 150 match destination-port operator eq
set / acl cpm-filter ipv4-filter entry 150 match destination-port value 80
set / acl cpm-filter ipv4-filter entry 160
set / acl cpm-filter ipv4-filter entry 160 description "Accept incoming HTTP(JSON-RPC) when this router initiates the TCP connection"
set / acl cpm-filter ipv4-filter entry 160 action
set / acl cpm-filter ipv4-filter entry 160 action accept
set / acl cpm-filter ipv4-filter entry 160 match
set / acl cpm-filter ipv4-filter entry 160 match protocol tcp
set / acl cpm-filter ipv4-filter entry 160 match source-port
set / acl cpm-filter ipv4-filter entry 160 match source-port operator eq
set / acl cpm-filter ipv4-filter entry 160 match source-port value 80
set / acl cpm-filter ipv4-filter entry 170
set / acl cpm-filter ipv4-filter entry 170 description "Accept incoming NTP messages from servers"
set / acl cpm-filter ipv4-filter entry 170 action
set / acl cpm-filter ipv4-filter entry 170 action accept
set / acl cpm-filter ipv4-filter entry 170 match
set / acl cpm-filter ipv4-filter entry 170 match protocol udp
set / acl cpm-filter ipv4-filter entry 170 match source-port
set / acl cpm-filter ipv4-filter entry 170 match source-port operator eq
set / acl cpm-filter ipv4-filter entry 170 match source-port value 123
set / acl cpm-filter ipv4-filter entry 180
set / acl cpm-filter ipv4-filter entry 180 description "Accept incoming SNMP GET/GETNEXT messages from servers"
set / acl cpm-filter ipv4-filter entry 180 action
set / acl cpm-filter ipv4-filter entry 180 action accept
set / acl cpm-filter ipv4-filter entry 180 match
set / acl cpm-filter ipv4-filter entry 180 match protocol udp
set / acl cpm-filter ipv4-filter entry 180 match destination-port
set / acl cpm-filter ipv4-filter entry 180 match destination-port operator eq
set / acl cpm-filter ipv4-filter entry 180 match destination-port value 161
set / acl cpm-filter ipv4-filter entry 190
set / acl cpm-filter ipv4-filter entry 190 description "Accept incoming BGP when the other router initiates the TCP connection"
set / acl cpm-filter ipv4-filter entry 190 action
set / acl cpm-filter ipv4-filter entry 190 action accept
set / acl cpm-filter ipv4-filter entry 190 match
set / acl cpm-filter ipv4-filter entry 190 match protocol tcp
set / acl cpm-filter ipv4-filter entry 190 match destination-port
set / acl cpm-filter ipv4-filter entry 190 match destination-port operator eq
set / acl cpm-filter ipv4-filter entry 190 match destination-port value 179
set / acl cpm-filter ipv4-filter entry 200
set / acl cpm-filter ipv4-filter entry 200 description "Accept incoming BGP when this router initiates the TCP connection"
set / acl cpm-filter ipv4-filter entry 200 action
set / acl cpm-filter ipv4-filter entry 200 action accept
set / acl cpm-filter ipv4-filter entry 200 match
set / acl cpm-filter ipv4-filter entry 200 match protocol tcp
set / acl cpm-filter ipv4-filter entry 200 match source-port
set / acl cpm-filter ipv4-filter entry 200 match source-port operator eq
set / acl cpm-filter ipv4-filter entry 200 match source-port value 179
set / acl cpm-filter ipv4-filter entry 210
set / acl cpm-filter ipv4-filter entry 210 description "Accept incoming HTTPS(JSON-RPC) when the other host initiates the TCP connection"
set / acl cpm-filter ipv4-filter entry 210 action
set / acl cpm-filter ipv4-filter entry 210 action accept
set / acl cpm-filter ipv4-filter entry 210 match
set / acl cpm-filter ipv4-filter entry 210 match protocol tcp
set / acl cpm-filter ipv4-filter entry 210 match destination-port
set / acl cpm-filter ipv4-filter entry 210 match destination-port operator eq
set / acl cpm-filter ipv4-filter entry 210 match destination-port value 443
set / acl cpm-filter ipv4-filter entry 220
set / acl cpm-filter ipv4-filter entry 220 description "Accept incoming HTTPS(JSON-RPC) when this router initiates the TCP connection"
set / acl cpm-filter ipv4-filter entry 220 action
set / acl cpm-filter ipv4-filter entry 220 action accept
set / acl cpm-filter ipv4-filter entry 220 match
set / acl cpm-filter ipv4-filter entry 220 match protocol tcp
set / acl cpm-filter ipv4-filter entry 220 match source-port
set / acl cpm-filter ipv4-filter entry 220 match source-port operator eq
set / acl cpm-filter ipv4-filter entry 220 match source-port value 443
set / acl cpm-filter ipv4-filter entry 230
set / acl cpm-filter ipv4-filter entry 230 description "Accept incoming single-hop BFD session messages"
set / acl cpm-filter ipv4-filter entry 230 action
set / acl cpm-filter ipv4-filter entry 230 action accept
set / acl cpm-filter ipv4-filter entry 230 match
set / acl cpm-filter ipv4-filter entry 230 match protocol udp
set / acl cpm-filter ipv4-filter entry 230 match destination-port
set / acl cpm-filter ipv4-filter entry 230 match destination-port operator eq
set / acl cpm-filter ipv4-filter entry 230 match destination-port value 3784
set / acl cpm-filter ipv4-filter entry 240
set / acl cpm-filter ipv4-filter entry 240 description "Accept incoming multi-hop BFD session messages"
set / acl cpm-filter ipv4-filter entry 240 action
set / acl cpm-filter ipv4-filter entry 240 action accept
set / acl cpm-filter ipv4-filter entry 240 match
set / acl cpm-filter ipv4-filter entry 240 match protocol udp
set / acl cpm-filter ipv4-filter entry 240 match destination-port
set / acl cpm-filter ipv4-filter entry 240 match destination-port operator eq
set / acl cpm-filter ipv4-filter entry 240 match destination-port value 4784
set / acl cpm-filter ipv4-filter entry 250
set / acl cpm-filter ipv4-filter entry 250 description "Accept incoming uBFD session messages"
set / acl cpm-filter ipv4-filter entry 250 action
set / acl cpm-filter ipv4-filter entry 250 action accept
set / acl cpm-filter ipv4-filter entry 250 match
set / acl cpm-filter ipv4-filter entry 250 match protocol udp
set / acl cpm-filter ipv4-filter entry 250 match destination-port
set / acl cpm-filter ipv4-filter entry 250 match destination-port operator eq
set / acl cpm-filter ipv4-filter entry 250 match destination-port value 6784
set / acl cpm-filter ipv4-filter entry 260
set / acl cpm-filter ipv4-filter entry 260 description "Accept incoming gNMI messages when the other host initiates the TCP connection"
set / acl cpm-filter ipv4-filter entry 260 action
set / acl cpm-filter ipv4-filter entry 260 action accept
set / acl cpm-filter ipv4-filter entry 260 match
set / acl cpm-filter ipv4-filter entry 260 match protocol tcp
set / acl cpm-filter ipv4-filter entry 260 match destination-port
set / acl cpm-filter ipv4-filter entry 260 match destination-port operator eq
set / acl cpm-filter ipv4-filter entry 260 match destination-port value 57400
set / acl cpm-filter ipv4-filter entry 270
set / acl cpm-filter ipv4-filter entry 270 description "Accept incoming UDP traceroute messages"
set / acl cpm-filter ipv4-filter entry 270 action
set / acl cpm-filter ipv4-filter entry 270 action accept
set / acl cpm-filter ipv4-filter entry 270 match
set / acl cpm-filter ipv4-filter entry 270 match protocol udp
set / acl cpm-filter ipv4-filter entry 270 match destination-port
set / acl cpm-filter ipv4-filter entry 270 match destination-port range
set / acl cpm-filter ipv4-filter entry 270 match destination-port range start 33434
set / acl cpm-filter ipv4-filter entry 270 match destination-port range end 33464
set / acl cpm-filter ipv4-filter entry 280
set / acl cpm-filter ipv4-filter entry 280 description "Accept incoming ICMP timestamp messages"
set / acl cpm-filter ipv4-filter entry 280 action
set / acl cpm-filter ipv4-filter entry 280 action accept
set / acl cpm-filter ipv4-filter entry 280 action accept rate-limit
set / acl cpm-filter ipv4-filter entry 280 action accept rate-limit system-cpu-policer icmp
set / acl cpm-filter ipv4-filter entry 280 match
set / acl cpm-filter ipv4-filter entry 280 match protocol icmp
set / acl cpm-filter ipv4-filter entry 280 match icmp
set / acl cpm-filter ipv4-filter entry 280 match icmp type timestamp
set / acl cpm-filter ipv4-filter entry 290
set / acl cpm-filter ipv4-filter entry 290 description "Accept incoming OSPF messages"
set / acl cpm-filter ipv4-filter entry 290 action
set / acl cpm-filter ipv4-filter entry 290 action accept
set / acl cpm-filter ipv4-filter entry 290 match
set / acl cpm-filter ipv4-filter entry 290 match protocol 89
set / acl cpm-filter ipv4-filter entry 300
set / acl cpm-filter ipv4-filter entry 300 description "Accept incoming DHCP relay messages targeted for BOOTP/DHCP server"
set / acl cpm-filter ipv4-filter entry 300 action
set / acl cpm-filter ipv4-filter entry 300 action accept
set / acl cpm-filter ipv4-filter entry 300 match
set / acl cpm-filter ipv4-filter entry 300 match protocol udp
set / acl cpm-filter ipv4-filter entry 300 match destination-port
set / acl cpm-filter ipv4-filter entry 300 match destination-port operator eq
set / acl cpm-filter ipv4-filter entry 300 match destination-port value 67
set / acl cpm-filter ipv4-filter entry 310
set / acl cpm-filter ipv4-filter entry 310 description "Accept ICMP fragment packets"
set / acl cpm-filter ipv4-filter entry 310 action
set / acl cpm-filter ipv4-filter entry 310 action accept
set / acl cpm-filter ipv4-filter entry 310 action accept rate-limit
set / acl cpm-filter ipv4-filter entry 310 action accept rate-limit system-cpu-policer icmp
set / acl cpm-filter ipv4-filter entry 310 match
set / acl cpm-filter ipv4-filter entry 310 match fragment true
set / acl cpm-filter ipv4-filter entry 310 match protocol icmp
set / acl cpm-filter ipv4-filter entry 320
set / acl cpm-filter ipv4-filter entry 320 description "Accept incoming LDP packets"
set / acl cpm-filter ipv4-filter entry 320 action
set / acl cpm-filter ipv4-filter entry 320 action accept
set / acl cpm-filter ipv4-filter entry 320 match
set / acl cpm-filter ipv4-filter entry 320 match protocol udp
set / acl cpm-filter ipv4-filter entry 320 match source-port
set / acl cpm-filter ipv4-filter entry 320 match source-port operator eq
set / acl cpm-filter ipv4-filter entry 320 match source-port value 646
set / acl cpm-filter ipv4-filter entry 330
set / acl cpm-filter ipv4-filter entry 330 description "Accept incoming LDP packets with source-port 646"
set / acl cpm-filter ipv4-filter entry 330 action
set / acl cpm-filter ipv4-filter entry 330 action accept
set / acl cpm-filter ipv4-filter entry 330 match
set / acl cpm-filter ipv4-filter entry 330 match protocol tcp
set / acl cpm-filter ipv4-filter entry 330 match source-port
set / acl cpm-filter ipv4-filter entry 330 match source-port operator eq
set / acl cpm-filter ipv4-filter entry 330 match source-port value 646
set / acl cpm-filter ipv4-filter entry 340
set / acl cpm-filter ipv4-filter entry 340 description "Accept incoming LDP packets with destination-port 646"
set / acl cpm-filter ipv4-filter entry 340 action
set / acl cpm-filter ipv4-filter entry 340 action accept
set / acl cpm-filter ipv4-filter entry 340 match
set / acl cpm-filter ipv4-filter entry 340 match protocol tcp
set / acl cpm-filter ipv4-filter entry 340 match destination-port
set / acl cpm-filter ipv4-filter entry 340 match destination-port operator eq
set / acl cpm-filter ipv4-filter entry 340 match destination-port value 646
set / acl cpm-filter ipv4-filter entry 350
set / acl cpm-filter ipv4-filter entry 350 description "Accept incoming gRIBI packets with destination-port 57401"
set / acl cpm-filter ipv4-filter entry 350 action
set / acl cpm-filter ipv4-filter entry 350 action accept
set / acl cpm-filter ipv4-filter entry 350 match
set / acl cpm-filter ipv4-filter entry 350 match protocol tcp
set / acl cpm-filter ipv4-filter entry 350 match destination-port
set / acl cpm-filter ipv4-filter entry 350 match destination-port operator eq
set / acl cpm-filter ipv4-filter entry 350 match destination-port value 57401
set / acl cpm-filter ipv4-filter entry 360
set / acl cpm-filter ipv4-filter entry 360 description "Accept incoming p4rt packets with destination-port 9559"
set / acl cpm-filter ipv4-filter entry 360 action
set / acl cpm-filter ipv4-filter entry 360 action accept
set / acl cpm-filter ipv4-filter entry 360 match
set / acl cpm-filter ipv4-filter entry 360 match protocol tcp
set / acl cpm-filter ipv4-filter entry 360 match destination-port
set / acl cpm-filter ipv4-filter entry 360 match destination-port operator eq
set / acl cpm-filter ipv4-filter entry 360 match destination-port value 9559
set / acl cpm-filter ipv4-filter entry 370
set / acl cpm-filter ipv4-filter entry 370 description "Accept incoming IGMP packets"
set / acl cpm-filter ipv4-filter entry 370 action
set / acl cpm-filter ipv4-filter entry 370 action accept
set / acl cpm-filter ipv4-filter entry 370 match
set / acl cpm-filter ipv4-filter entry 370 match protocol igmp
set / acl cpm-filter ipv4-filter entry 380
set / acl cpm-filter ipv4-filter entry 380 description "Accept incoming PIM packets"
set / acl cpm-filter ipv4-filter entry 380 action
set / acl cpm-filter ipv4-filter entry 380 action accept
set / acl cpm-filter ipv4-filter entry 380 match
set / acl cpm-filter ipv4-filter entry 380 match protocol pim
set / acl cpm-filter ipv4-filter entry 390
set / acl cpm-filter ipv4-filter entry 390 description "Accept incoming RADIUS AAA packets"
set / acl cpm-filter ipv4-filter entry 390 action
set / acl cpm-filter ipv4-filter entry 390 action accept
set / acl cpm-filter ipv4-filter entry 390 match
set / acl cpm-filter ipv4-filter entry 390 match protocol udp
set / acl cpm-filter ipv4-filter entry 390 match source-port
set / acl cpm-filter ipv4-filter entry 390 match source-port range
set / acl cpm-filter ipv4-filter entry 390 match source-port range start 1812
set / acl cpm-filter ipv4-filter entry 390 match source-port range end 1813
set / acl cpm-filter ipv4-filter entry 410
set / acl cpm-filter ipv4-filter entry 410 description "Accept incoming PTP messages with destination-ports 319 and 320"
set / acl cpm-filter ipv4-filter entry 410 action
set / acl cpm-filter ipv4-filter entry 410 action accept
set / acl cpm-filter ipv4-filter entry 410 match
set / acl cpm-filter ipv4-filter entry 410 match protocol udp
set / acl cpm-filter ipv4-filter entry 410 match destination-port
set / acl cpm-filter ipv4-filter entry 410 match destination-port range
set / acl cpm-filter ipv4-filter entry 410 match destination-port range start 319
set / acl cpm-filter ipv4-filter entry 410 match destination-port range end 320
set / acl cpm-filter ipv4-filter entry 420
set / acl cpm-filter ipv4-filter entry 420 description "Drop all else"
set / acl cpm-filter ipv4-filter entry 420 action
set / acl cpm-filter ipv4-filter entry 420 action drop
set / acl cpm-filter ipv4-filter entry 420 action drop log true
set / acl cpm-filter ipv6-filter
set / acl cpm-filter ipv6-filter statistics-per-entry true
set / acl cpm-filter ipv6-filter entry 10
set / acl cpm-filter ipv6-filter entry 10 description "Accept incoming ICMPv6 unreachable messages"
set / acl cpm-filter ipv6-filter entry 10 action
set / acl cpm-filter ipv6-filter entry 10 action accept
set / acl cpm-filter ipv6-filter entry 10 action accept rate-limit
set / acl cpm-filter ipv6-filter entry 10 action accept rate-limit system-cpu-policer icmp
set / acl cpm-filter ipv6-filter entry 10 match
set / acl cpm-filter ipv6-filter entry 10 match next-header icmp6
set / acl cpm-filter ipv6-filter entry 10 match icmp6
set / acl cpm-filter ipv6-filter entry 10 match icmp6 type dest-unreachable
set / acl cpm-filter ipv6-filter entry 10 match icmp6 code [ 0 1 2 3 4 5 6 ]
set / acl cpm-filter ipv6-filter entry 20
set / acl cpm-filter ipv6-filter entry 20 description "Accept incoming ICMPv6 packet-too-big messages"
set / acl cpm-filter ipv6-filter entry 20 action
set / acl cpm-filter ipv6-filter entry 20 action accept
set / acl cpm-filter ipv6-filter entry 20 action accept rate-limit
set / acl cpm-filter ipv6-filter entry 20 action accept rate-limit system-cpu-policer icmp
set / acl cpm-filter ipv6-filter entry 20 match
set / acl cpm-filter ipv6-filter entry 20 match next-header icmp6
set / acl cpm-filter ipv6-filter entry 20 match icmp6
set / acl cpm-filter ipv6-filter entry 20 match icmp6 type packet-too-big
set / acl cpm-filter ipv6-filter entry 30
set / acl cpm-filter ipv6-filter entry 30 description "Accept incoming ICMPv6 time-exceeded messages"
set / acl cpm-filter ipv6-filter entry 30 action
set / acl cpm-filter ipv6-filter entry 30 action accept
set / acl cpm-filter ipv6-filter entry 30 action accept rate-limit
set / acl cpm-filter ipv6-filter entry 30 action accept rate-limit system-cpu-policer icmp
set / acl cpm-filter ipv6-filter entry 30 match
set / acl cpm-filter ipv6-filter entry 30 match next-header icmp6
set / acl cpm-filter ipv6-filter entry 30 match icmp6
set / acl cpm-filter ipv6-filter entry 30 match icmp6 type time-exceeded
set / acl cpm-filter ipv6-filter entry 40
set / acl cpm-filter ipv6-filter entry 40 description "Accept incoming ICMPv6 parameter problem messages"
set / acl cpm-filter ipv6-filter entry 40 action
set / acl cpm-filter ipv6-filter entry 40 action accept
set / acl cpm-filter ipv6-filter entry 40 action accept rate-limit
set / acl cpm-filter ipv6-filter entry 40 action accept rate-limit system-cpu-policer icmp
set / acl cpm-filter ipv6-filter entry 40 match
set / acl cpm-filter ipv6-filter entry 40 match next-header icmp6
set / acl cpm-filter ipv6-filter entry 40 match icmp6
set / acl cpm-filter ipv6-filter entry 40 match icmp6 type param-problem
set / acl cpm-filter ipv6-filter entry 50
set / acl cpm-filter ipv6-filter entry 50 description "Accept incoming ICMPv6 echo-request messages"
set / acl cpm-filter ipv6-filter entry 50 action
set / acl cpm-filter ipv6-filter entry 50 action accept
set / acl cpm-filter ipv6-filter entry 50 action accept rate-limit
set / acl cpm-filter ipv6-filter entry 50 action accept rate-limit system-cpu-policer icmp
set / acl cpm-filter ipv6-filter entry 50 match
set / acl cpm-filter ipv6-filter entry 50 match next-header icmp6
set / acl cpm-filter ipv6-filter entry 50 match icmp6
set / acl cpm-filter ipv6-filter entry 50 match icmp6 type echo-request
set / acl cpm-filter ipv6-filter entry 60
set / acl cpm-filter ipv6-filter entry 60 description "Accept incoming ICMPv6 echo-reply messages"
set / acl cpm-filter ipv6-filter entry 60 action
set / acl cpm-filter ipv6-filter entry 60 action accept
set / acl cpm-filter ipv6-filter entry 60 action accept rate-limit
set / acl cpm-filter ipv6-filter entry 60 action accept rate-limit system-cpu-policer icmp
set / acl cpm-filter ipv6-filter entry 60 match
set / acl cpm-filter ipv6-filter entry 60 match next-header icmp6
set / acl cpm-filter ipv6-filter entry 60 match icmp6
set / acl cpm-filter ipv6-filter entry 60 match icmp6 type echo-reply
set / acl cpm-filter ipv6-filter entry 70
set / acl cpm-filter ipv6-filter entry 70 description "Accept incoming ICMPv6 router-advertisement messages"
set / acl cpm-filter ipv6-filter entry 70 action
set / acl cpm-filter ipv6-filter entry 70 action accept
set / acl cpm-filter ipv6-filter entry 70 action accept rate-limit
set / acl cpm-filter ipv6-filter entry 70 action accept rate-limit system-cpu-policer icmp
set / acl cpm-filter ipv6-filter entry 70 match
set / acl cpm-filter ipv6-filter entry 70 match next-header icmp6
set / acl cpm-filter ipv6-filter entry 70 match icmp6
set / acl cpm-filter ipv6-filter entry 70 match icmp6 type router-advertise
set / acl cpm-filter ipv6-filter entry 80
set / acl cpm-filter ipv6-filter entry 80 description "Accept incoming ICMPv6 neighbor-solicitation messages"
set / acl cpm-filter ipv6-filter entry 80 action
set / acl cpm-filter ipv6-filter entry 80 action accept
set / acl cpm-filter ipv6-filter entry 80 action accept rate-limit
set / acl cpm-filter ipv6-filter entry 80 action accept rate-limit system-cpu-policer icmp
set / acl cpm-filter ipv6-filter entry 80 match
set / acl cpm-filter ipv6-filter entry 80 match next-header icmp6
set / acl cpm-filter ipv6-filter entry 80 match icmp6
set / acl cpm-filter ipv6-filter entry 80 match icmp6 type neighbor-solicit
set / acl cpm-filter ipv6-filter entry 90
set / acl cpm-filter ipv6-filter entry 90 description "Accept incoming ICMPv6 neighbor-advertisement messages"
set / acl cpm-filter ipv6-filter entry 90 action
set / acl cpm-filter ipv6-filter entry 90 action accept
set / acl cpm-filter ipv6-filter entry 90 action accept rate-limit
set / acl cpm-filter ipv6-filter entry 90 action accept rate-limit system-cpu-policer icmp
set / acl cpm-filter ipv6-filter entry 90 match
set / acl cpm-filter ipv6-filter entry 90 match next-header icmp6
set / acl cpm-filter ipv6-filter entry 90 match icmp6
set / acl cpm-filter ipv6-filter entry 90 match icmp6 type neighbor-advertise
set / acl cpm-filter ipv6-filter entry 100
set / acl cpm-filter ipv6-filter entry 100 description "Accept incoming SSH when the other host initiates the TCP connection"
set / acl cpm-filter ipv6-filter entry 100 action
set / acl cpm-filter ipv6-filter entry 100 action accept
set / acl cpm-filter ipv6-filter entry 100 match
set / acl cpm-filter ipv6-filter entry 100 match next-header tcp
set / acl cpm-filter ipv6-filter entry 100 match destination-port
set / acl cpm-filter ipv6-filter entry 100 match destination-port operator eq
set / acl cpm-filter ipv6-filter entry 100 match destination-port value 22
set / acl cpm-filter ipv6-filter entry 110
set / acl cpm-filter ipv6-filter entry 110 description "Accept incoming SSH when this router initiates the TCP connection"
set / acl cpm-filter ipv6-filter entry 110 action
set / acl cpm-filter ipv6-filter entry 110 action accept
set / acl cpm-filter ipv6-filter entry 110 match
set / acl cpm-filter ipv6-filter entry 110 match next-header tcp
set / acl cpm-filter ipv6-filter entry 110 match source-port
set / acl cpm-filter ipv6-filter entry 110 match source-port operator eq
set / acl cpm-filter ipv6-filter entry 110 match source-port value 22
set / acl cpm-filter ipv6-filter entry 120
set / acl cpm-filter ipv6-filter entry 120 description "Accept incoming Telnet when the other host initiates the TCP connection"
set / acl cpm-filter ipv6-filter entry 120 action
set / acl cpm-filter ipv6-filter entry 120 action accept
set / acl cpm-filter ipv6-filter entry 120 match
set / acl cpm-filter ipv6-filter entry 120 match next-header tcp
set / acl cpm-filter ipv6-filter entry 120 match destination-port
set / acl cpm-filter ipv6-filter entry 120 match destination-port operator eq
set / acl cpm-filter ipv6-filter entry 120 match destination-port value 23
set / acl cpm-filter ipv6-filter entry 130
set / acl cpm-filter ipv6-filter entry 130 description "Accept incoming Telnet when this router initiates the TCP connection"
set / acl cpm-filter ipv6-filter entry 130 action
set / acl cpm-filter ipv6-filter entry 130 action accept
set / acl cpm-filter ipv6-filter entry 130 match
set / acl cpm-filter ipv6-filter entry 130 match next-header tcp
set / acl cpm-filter ipv6-filter entry 130 match source-port
set / acl cpm-filter ipv6-filter entry 130 match source-port operator eq
set / acl cpm-filter ipv6-filter entry 130 match source-port value 23
set / acl cpm-filter ipv6-filter entry 140
set / acl cpm-filter ipv6-filter entry 140 description "Accept incoming TACACS+ when the other host initiates the TCP connection"
set / acl cpm-filter ipv6-filter entry 140 action
set / acl cpm-filter ipv6-filter entry 140 action accept
set / acl cpm-filter ipv6-filter entry 140 match
set / acl cpm-filter ipv6-filter entry 140 match next-header tcp
set / acl cpm-filter ipv6-filter entry 140 match destination-port
set / acl cpm-filter ipv6-filter entry 140 match destination-port operator eq
set / acl cpm-filter ipv6-filter entry 140 match destination-port value 49
set / acl cpm-filter ipv6-filter entry 150
set / acl cpm-filter ipv6-filter entry 150 description "Accept incoming TACACS+ when this router initiates the TCP connection"
set / acl cpm-filter ipv6-filter entry 150 action
set / acl cpm-filter ipv6-filter entry 150 action accept
set / acl cpm-filter ipv6-filter entry 150 match
set / acl cpm-filter ipv6-filter entry 150 match next-header tcp
set / acl cpm-filter ipv6-filter entry 150 match source-port
set / acl cpm-filter ipv6-filter entry 150 match source-port operator eq
set / acl cpm-filter ipv6-filter entry 150 match source-port value 49
set / acl cpm-filter ipv6-filter entry 160
set / acl cpm-filter ipv6-filter entry 160 description "Accept incoming DNS response messages"
set / acl cpm-filter ipv6-filter entry 160 action
set / acl cpm-filter ipv6-filter entry 160 action accept
set / acl cpm-filter ipv6-filter entry 160 match
set / acl cpm-filter ipv6-filter entry 160 match next-header udp
set / acl cpm-filter ipv6-filter entry 160 match source-port
set / acl cpm-filter ipv6-filter entry 160 match source-port operator eq
set / acl cpm-filter ipv6-filter entry 160 match source-port value 53
set / acl cpm-filter ipv6-filter entry 170
set / acl cpm-filter ipv6-filter entry 170 description "Accept incoming TFTP read-request and write-request messages"
set / acl cpm-filter ipv6-filter entry 170 action
set / acl cpm-filter ipv6-filter entry 170 action accept
set / acl cpm-filter ipv6-filter entry 170 match
set / acl cpm-filter ipv6-filter entry 170 match next-header udp
set / acl cpm-filter ipv6-filter entry 170 match destination-port
set / acl cpm-filter ipv6-filter entry 170 match destination-port operator eq
set / acl cpm-filter ipv6-filter entry 170 match destination-port value 69
set / acl cpm-filter ipv6-filter entry 180
set / acl cpm-filter ipv6-filter entry 180 description "Accept incoming HTTP(JSON-RPC) when the other host initiates the TCP connection"
set / acl cpm-filter ipv6-filter entry 180 action
set / acl cpm-filter ipv6-filter entry 180 action accept
set / acl cpm-filter ipv6-filter entry 180 match
set / acl cpm-filter ipv6-filter entry 180 match next-header tcp
set / acl cpm-filter ipv6-filter entry 180 match destination-port
set / acl cpm-filter ipv6-filter entry 180 match destination-port operator eq
set / acl cpm-filter ipv6-filter entry 180 match destination-port value 80
set / acl cpm-filter ipv6-filter entry 190
set / acl cpm-filter ipv6-filter entry 190 description "Accept incoming HTTP(JSON-RPC) when this router initiates the TCP connection"
set / acl cpm-filter ipv6-filter entry 190 action
set / acl cpm-filter ipv6-filter entry 190 action accept
set / acl cpm-filter ipv6-filter entry 190 match
set / acl cpm-filter ipv6-filter entry 190 match next-header tcp
set / acl cpm-filter ipv6-filter entry 190 match source-port
set / acl cpm-filter ipv6-filter entry 190 match source-port operator eq
set / acl cpm-filter ipv6-filter entry 190 match source-port value 80
set / acl cpm-filter ipv6-filter entry 200
set / acl cpm-filter ipv6-filter entry 200 description "Accept incoming NTP messages from servers"
set / acl cpm-filter ipv6-filter entry 200 action
set / acl cpm-filter ipv6-filter entry 200 action accept
set / acl cpm-filter ipv6-filter entry 200 match
set / acl cpm-filter ipv6-filter entry 200 match next-header udp
set / acl cpm-filter ipv6-filter entry 200 match source-port
set / acl cpm-filter ipv6-filter entry 200 match source-port operator eq
set / acl cpm-filter ipv6-filter entry 200 match source-port value 123
set / acl cpm-filter ipv6-filter entry 210
set / acl cpm-filter ipv6-filter entry 210 description "Accept incoming SNMP GET/GETNEXT messages from servers"
set / acl cpm-filter ipv6-filter entry 210 action
set / acl cpm-filter ipv6-filter entry 210 action accept
set / acl cpm-filter ipv6-filter entry 210 match
set / acl cpm-filter ipv6-filter entry 210 match next-header udp
set / acl cpm-filter ipv6-filter entry 210 match destination-port
set / acl cpm-filter ipv6-filter entry 210 match destination-port operator eq
set / acl cpm-filter ipv6-filter entry 210 match destination-port value 161
set / acl cpm-filter ipv6-filter entry 220
set / acl cpm-filter ipv6-filter entry 220 description "Accept incoming BGP when the other router initiates the TCP connection"
set / acl cpm-filter ipv6-filter entry 220 action
set / acl cpm-filter ipv6-filter entry 220 action accept
set / acl cpm-filter ipv6-filter entry 220 match
set / acl cpm-filter ipv6-filter entry 220 match next-header tcp
set / acl cpm-filter ipv6-filter entry 220 match destination-port
set / acl cpm-filter ipv6-filter entry 220 match destination-port operator eq
set / acl cpm-filter ipv6-filter entry 220 match destination-port value 179
set / acl cpm-filter ipv6-filter entry 230
set / acl cpm-filter ipv6-filter entry 230 description "Accept incoming BGP when this router initiates the TCP connection"
set / acl cpm-filter ipv6-filter entry 230 action
set / acl cpm-filter ipv6-filter entry 230 action accept
set / acl cpm-filter ipv6-filter entry 230 match
set / acl cpm-filter ipv6-filter entry 230 match next-header tcp
set / acl cpm-filter ipv6-filter entry 230 match source-port
set / acl cpm-filter ipv6-filter entry 230 match source-port operator eq
set / acl cpm-filter ipv6-filter entry 230 match source-port value 179
set / acl cpm-filter ipv6-filter entry 240
set / acl cpm-filter ipv6-filter entry 240 description "Accept incoming HTTPS(JSON-RPC) when the other host initiates the TCP connection"
set / acl cpm-filter ipv6-filter entry 240 action
set / acl cpm-filter ipv6-filter entry 240 action accept
set / acl cpm-filter ipv6-filter entry 240 match
set / acl cpm-filter ipv6-filter entry 240 match next-header tcp
set / acl cpm-filter ipv6-filter entry 240 match destination-port
set / acl cpm-filter ipv6-filter entry 240 match destination-port operator eq
set / acl cpm-filter ipv6-filter entry 240 match destination-port value 443
set / acl cpm-filter ipv6-filter entry 250
set / acl cpm-filter ipv6-filter entry 250 description "Accept incoming HTTPS(JSON-RPC) when this router initiates the TCP connection"
set / acl cpm-filter ipv6-filter entry 250 action
set / acl cpm-filter ipv6-filter entry 250 action accept
set / acl cpm-filter ipv6-filter entry 250 match
set / acl cpm-filter ipv6-filter entry 250 match next-header tcp
set / acl cpm-filter ipv6-filter entry 250 match source-port
set / acl cpm-filter ipv6-filter entry 250 match source-port operator eq
set / acl cpm-filter ipv6-filter entry 250 match source-port value 443
set / acl cpm-filter ipv6-filter entry 260
set / acl cpm-filter ipv6-filter entry 260 description "Accept incoming DHCPv6 client messages"
set / acl cpm-filter ipv6-filter entry 260 action
set / acl cpm-filter ipv6-filter entry 260 action accept
set / acl cpm-filter ipv6-filter entry 260 match
set / acl cpm-filter ipv6-filter entry 260 match next-header udp
set / acl cpm-filter ipv6-filter entry 260 match destination-port
set / acl cpm-filter ipv6-filter entry 260 match destination-port operator eq
set / acl cpm-filter ipv6-filter entry 260 match destination-port value 546
set / acl cpm-filter ipv6-filter entry 270
set / acl cpm-filter ipv6-filter entry 270 description "Accept incoming single-hop BFD session messages"
set / acl cpm-filter ipv6-filter entry 270 action
set / acl cpm-filter ipv6-filter entry 270 action accept
set / acl cpm-filter ipv6-filter entry 270 match
set / acl cpm-filter ipv6-filter entry 270 match next-header udp
set / acl cpm-filter ipv6-filter entry 270 match destination-port
set / acl cpm-filter ipv6-filter entry 270 match destination-port operator eq
set / acl cpm-filter ipv6-filter entry 270 match destination-port value 3784
set / acl cpm-filter ipv6-filter entry 280
set / acl cpm-filter ipv6-filter entry 280 description "Accept incoming multi-hop BFD session messages"
set / acl cpm-filter ipv6-filter entry 280 action
set / acl cpm-filter ipv6-filter entry 280 action accept
set / acl cpm-filter ipv6-filter entry 280 match
set / acl cpm-filter ipv6-filter entry 280 match next-header udp
set / acl cpm-filter ipv6-filter entry 280 match destination-port
set / acl cpm-filter ipv6-filter entry 280 match destination-port operator eq
set / acl cpm-filter ipv6-filter entry 280 match destination-port value 4784
set / acl cpm-filter ipv6-filter entry 290
set / acl cpm-filter ipv6-filter entry 290 description "Accept incoming uBFD session messages"
set / acl cpm-filter ipv6-filter entry 290 action
set / acl cpm-filter ipv6-filter entry 290 action accept
set / acl cpm-filter ipv6-filter entry 290 match
set / acl cpm-filter ipv6-filter entry 290 match next-header udp
set / acl cpm-filter ipv6-filter entry 290 match destination-port
set / acl cpm-filter ipv6-filter entry 290 match destination-port operator eq
set / acl cpm-filter ipv6-filter entry 290 match destination-port value 6784
set / acl cpm-filter ipv6-filter entry 300
set / acl cpm-filter ipv6-filter entry 300 description "Accept incoming gNMI messages when the other host initiates the TCP connection"
set / acl cpm-filter ipv6-filter entry 300 action
set / acl cpm-filter ipv6-filter entry 300 action accept
set / acl cpm-filter ipv6-filter entry 300 match
set / acl cpm-filter ipv6-filter entry 300 match next-header tcp
set / acl cpm-filter ipv6-filter entry 300 match destination-port
set / acl cpm-filter ipv6-filter entry 300 match destination-port operator eq
set / acl cpm-filter ipv6-filter entry 300 match destination-port value 57400
set / acl cpm-filter ipv6-filter entry 310
set / acl cpm-filter ipv6-filter entry 310 description "Accept incoming UDP traceroute messages"
set / acl cpm-filter ipv6-filter entry 310 action
set / acl cpm-filter ipv6-filter entry 310 action accept
set / acl cpm-filter ipv6-filter entry 310 match
set / acl cpm-filter ipv6-filter entry 310 match next-header udp
set / acl cpm-filter ipv6-filter entry 310 match destination-port
set / acl cpm-filter ipv6-filter entry 310 match destination-port range
set / acl cpm-filter ipv6-filter entry 310 match destination-port range start 33434
set / acl cpm-filter ipv6-filter entry 310 match destination-port range end 33464
set / acl cpm-filter ipv6-filter entry 320
set / acl cpm-filter ipv6-filter entry 320 description "Accept incoming IPV6 hop-in-hop messages"
set / acl cpm-filter ipv6-filter entry 320 action
set / acl cpm-filter ipv6-filter entry 320 action accept
set / acl cpm-filter ipv6-filter entry 320 match
set / acl cpm-filter ipv6-filter entry 320 match next-header 0
set / acl cpm-filter ipv6-filter entry 330
set / acl cpm-filter ipv6-filter entry 330 description "Accept incoming IPV6 fragment header messages"
set / acl cpm-filter ipv6-filter entry 330 action
set / acl cpm-filter ipv6-filter entry 330 action accept
set / acl cpm-filter ipv6-filter entry 330 match
set / acl cpm-filter ipv6-filter entry 330 match next-header 44
set / acl cpm-filter ipv6-filter entry 340
set / acl cpm-filter ipv6-filter entry 340 description "Accept incoming OSPF messages"
set / acl cpm-filter ipv6-filter entry 340 action
set / acl cpm-filter ipv6-filter entry 340 action accept
set / acl cpm-filter ipv6-filter entry 340 match
set / acl cpm-filter ipv6-filter entry 340 match next-header 89
set / acl cpm-filter ipv6-filter entry 350
set / acl cpm-filter ipv6-filter entry 350 description "Accept incoming DHCPv6 relay messages"
set / acl cpm-filter ipv6-filter entry 350 action
set / acl cpm-filter ipv6-filter entry 350 action accept
set / acl cpm-filter ipv6-filter entry 350 match
set / acl cpm-filter ipv6-filter entry 350 match next-header udp
set / acl cpm-filter ipv6-filter entry 350 match destination-port
set / acl cpm-filter ipv6-filter entry 350 match destination-port operator eq
set / acl cpm-filter ipv6-filter entry 350 match destination-port value 547
set / acl cpm-filter ipv6-filter entry 360
set / acl cpm-filter ipv6-filter entry 360 description "Accept incoming gRIBI packets with destination-port 57401"
set / acl cpm-filter ipv6-filter entry 360 action
set / acl cpm-filter ipv6-filter entry 360 action accept
set / acl cpm-filter ipv6-filter entry 360 match
set / acl cpm-filter ipv6-filter entry 360 match next-header tcp
set / acl cpm-filter ipv6-filter entry 360 match destination-port
set / acl cpm-filter ipv6-filter entry 360 match destination-port operator eq
set / acl cpm-filter ipv6-filter entry 360 match destination-port value 57401
set / acl cpm-filter ipv6-filter entry 370
set / acl cpm-filter ipv6-filter entry 370 description "Accept incoming p4rt packets with destination-port 9559"
set / acl cpm-filter ipv6-filter entry 370 action
set / acl cpm-filter ipv6-filter entry 370 action accept
set / acl cpm-filter ipv6-filter entry 370 match
set / acl cpm-filter ipv6-filter entry 370 match next-header tcp
set / acl cpm-filter ipv6-filter entry 370 match destination-port
set / acl cpm-filter ipv6-filter entry 370 match destination-port operator eq
set / acl cpm-filter ipv6-filter entry 370 match destination-port value 9559
set / acl cpm-filter ipv6-filter entry 380
set / acl cpm-filter ipv6-filter entry 380 description "Accept incoming MLDv1 report messages"
set / acl cpm-filter ipv6-filter entry 380 action
set / acl cpm-filter ipv6-filter entry 380 action accept
set / acl cpm-filter ipv6-filter entry 380 match
set / acl cpm-filter ipv6-filter entry 380 match next-header icmp6
set / acl cpm-filter ipv6-filter entry 380 match icmp6
set / acl cpm-filter ipv6-filter entry 380 match icmp6 type mld-report
set / acl cpm-filter ipv6-filter entry 390
set / acl cpm-filter ipv6-filter entry 390 description "Accept incoming MLDv2 report messages"
set / acl cpm-filter ipv6-filter entry 390 action
set / acl cpm-filter ipv6-filter entry 390 action accept
set / acl cpm-filter ipv6-filter entry 390 match
set / acl cpm-filter ipv6-filter entry 390 match next-header icmp6
set / acl cpm-filter ipv6-filter entry 390 match icmp6
set / acl cpm-filter ipv6-filter entry 390 match icmp6 type mld-v2
set / acl cpm-filter ipv6-filter entry 400
set / acl cpm-filter ipv6-filter entry 400 description "Accept incoming MLDv1 done messages"
set / acl cpm-filter ipv6-filter entry 400 action
set / acl cpm-filter ipv6-filter entry 400 action accept
set / acl cpm-filter ipv6-filter entry 400 match
set / acl cpm-filter ipv6-filter entry 400 match next-header icmp6
set / acl cpm-filter ipv6-filter entry 400 match icmp6
set / acl cpm-filter ipv6-filter entry 400 match icmp6 type mld-done
set / acl cpm-filter ipv6-filter entry 410
set / acl cpm-filter ipv6-filter entry 410 description "Accept incoming MLD query messages"
set / acl cpm-filter ipv6-filter entry 410 action
set / acl cpm-filter ipv6-filter entry 410 action accept
set / acl cpm-filter ipv6-filter entry 410 match
set / acl cpm-filter ipv6-filter entry 410 match next-header icmp6
set / acl cpm-filter ipv6-filter entry 410 match icmp6
set / acl cpm-filter ipv6-filter entry 410 match icmp6 type mld-query
set / acl cpm-filter ipv6-filter entry 420
set / acl cpm-filter ipv6-filter entry 420 description "Accept incoming PIM messages"
set / acl cpm-filter ipv6-filter entry 420 action
set / acl cpm-filter ipv6-filter entry 420 action accept
set / acl cpm-filter ipv6-filter entry 420 match
set / acl cpm-filter ipv6-filter entry 420 match next-header pim
set / acl cpm-filter ipv6-filter entry 430
set / acl cpm-filter ipv6-filter entry 430 description "Accept incoming RADIUS AAA messages"
set / acl cpm-filter ipv6-filter entry 430 action
set / acl cpm-filter ipv6-filter entry 430 action accept
set / acl cpm-filter ipv6-filter entry 430 match
set / acl cpm-filter ipv6-filter entry 430 match next-header udp
set / acl cpm-filter ipv6-filter entry 430 match source-port
set / acl cpm-filter ipv6-filter entry 430 match source-port range
set / acl cpm-filter ipv6-filter entry 430 match source-port range start 1812
set / acl cpm-filter ipv6-filter entry 430 match source-port range end 1813
set / acl cpm-filter ipv6-filter entry 450
set / acl cpm-filter ipv6-filter entry 450 description "Accept incoming PTP messages with destination-ports 319 and 320"
set / acl cpm-filter ipv6-filter entry 450 action
set / acl cpm-filter ipv6-filter entry 450 action accept
set / acl cpm-filter ipv6-filter entry 450 match
set / acl cpm-filter ipv6-filter entry 450 match next-header udp
set / acl cpm-filter ipv6-filter entry 450 match destination-port
set / acl cpm-filter ipv6-filter entry 450 match destination-port range
set / acl cpm-filter ipv6-filter entry 450 match destination-port range start 319
set / acl cpm-filter ipv6-filter entry 450 match destination-port range end 320
set / acl cpm-filter ipv6-filter entry 460
set / acl cpm-filter ipv6-filter entry 460 description "Drop all else"
set / acl cpm-filter ipv6-filter entry 460 action
set / acl cpm-filter ipv6-filter entry 460 action drop
set / acl cpm-filter ipv6-filter entry 460 action drop log true
set / acl policers
set / acl policers system-cpu-policer icmp
set / acl policers system-cpu-policer icmp entry-specific false
set / acl policers system-cpu-policer icmp peak-packet-rate 1000
set / acl policers system-cpu-policer icmp max-packet-burst 1000
set / interface ethernet-1/31
set / interface ethernet-1/31 admin-state enable
set / interface ethernet-1/31 subinterface 0
set / interface ethernet-1/31 subinterface 0 ipv4
set / interface ethernet-1/31 subinterface 0 ipv4 admin-state enable
set / interface ethernet-1/31 subinterface 0 ipv4 address 10.0.0.2/30
set / interface ethernet-1/32
set / interface ethernet-1/32 admin-state enable
set / interface ethernet-1/32 subinterface 0
set / interface ethernet-1/32 subinterface 0 ipv4
set / interface ethernet-1/32 subinterface 0 ipv4 admin-state enable
set / interface ethernet-1/32 subinterface 0 ipv4 address 10.0.0.6/30
set / interface ethernet-1/33
set / interface ethernet-1/33 admin-state enable
set / interface ethernet-1/34
set / interface ethernet-1/34 admin-state enable
set / interface mgmt0
set / interface mgmt0 admin-state enable
set / interface mgmt0 subinterface 0
set / interface mgmt0 subinterface 0 admin-state enable
set / interface mgmt0 subinterface 0 ip-mtu 1500
set / interface mgmt0 subinterface 0 ipv4
set / interface mgmt0 subinterface 0 ipv4 admin-state enable
set / interface mgmt0 subinterface 0 ipv4 dhcp-client
set / interface mgmt0 subinterface 0 ipv6
set / interface mgmt0 subinterface 0 ipv6 admin-state enable
set / interface mgmt0 subinterface 0 ipv6 dhcp-client
set / interface system0
set / interface system0 subinterface 0
set / interface system0 subinterface 0 ipv4
set / interface system0 subinterface 0 ipv4 admin-state enable
set / interface system0 subinterface 0 ipv4 address 10.2.1.1/32
set / system
set / system configuration
set / system configuration role ntwkadmin
set / system configuration role ntwkadmin rule /
set / system configuration role ntwkadmin rule / action write
set / system aaa
set / system aaa authentication
set / system aaa authentication idle-timeout 4294967295
set / system aaa authentication authentication-method [ local ]
set / system aaa authentication admin-user
set / system aaa authentication admin-user ssh-key [ "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEJJxjAqiJ8Q9vryHanqxTMVtwb6hgqxMG5rEzrTOw4/U0sjfVTjyg/WTDcTf1XZI4sfAJqWl/ckSyS4MC14y8M=" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKQF+1//AxHXBw758qukdExFO/JtjJhlH5Jkq+kM2vDm" "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPV6Zc5nEyKqHjKog4BA48y5hP1ytyXUmKH2h9LRQhExZAyTpbeFbeczRw9dXEV7NDISaTEbPGbrGAdN3lWJZJY=" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfsPDGYa3fAL8bidJ4SoAiMT/JZcl6w7LrixG2sGSFV" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnegbJmcu47fmlmQPA7DcSz3WTKX7x0zPcouZJ5JsQM" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRj4ZWMyXkDSkUDwb7V68TMOw/3xVOTbmPG8M0PWaUs" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIS2zzc1kVVrv4SZ4o3C5BcaLzzVDtfExJsKa3FnICiy" ]
set / system aaa authentication linuxadmin-user
set / system aaa authentication linuxadmin-user password $6$Ni233gqiuJ9zarHl$ZKtMh/vEvlY7XpHSYSJVrFNpUDeM/dsfaxK6csljO5X3.ImsDn8yiOcPASsTNpa1r6XrVlzrpnlJKqYIK0gvO1
set / system aaa authentication linuxadmin-user ssh-key [ "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEJJxjAqiJ8Q9vryHanqxTMVtwb6hgqxMG5rEzrTOw4/U0sjfVTjyg/WTDcTf1XZI4sfAJqWl/ckSyS4MC14y8M=" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKQF+1//AxHXBw758qukdExFO/JtjJhlH5Jkq+kM2vDm" "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPV6Zc5nEyKqHjKog4BA48y5hP1ytyXUmKH2h9LRQhExZAyTpbeFbeczRw9dXEV7NDISaTEbPGbrGAdN3lWJZJY=" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfsPDGYa3fAL8bidJ4SoAiMT/JZcl6w7LrixG2sGSFV" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnegbJmcu47fmlmQPA7DcSz3WTKX7x0zPcouZJ5JsQM" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRj4ZWMyXkDSkUDwb7V68TMOw/3xVOTbmPG8M0PWaUs" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIS2zzc1kVVrv4SZ4o3C5BcaLzzVDtfExJsKa3FnICiy" ]
set / system aaa authorization
set / system aaa authorization role ntwkadmin
set / system aaa authorization role ntwkadmin services [ cli ]
set / system aaa accounting
set / system aaa accounting event command
set / system aaa accounting event command record start-stop
set / system aaa server-group local
set / system aaa server-group local type local
set / system lldp
set / system lldp admin-state enable
set / system gnmi-server
set / system gnmi-server admin-state enable
set / system gnmi-server rate-limit 65000
set / system gnmi-server trace-options [ request response common ]
set / system gnmi-server network-instance mgmt
set / system gnmi-server network-instance mgmt admin-state enable
set / system gnmi-server network-instance mgmt use-authentication true
set / system gnmi-server network-instance mgmt tls-profile clab-profile
set / system gnmi-server network-instance mgmt port 57400
set / system gnmi-server network-instance mgmt services [ gnmi ]
set / system gnmi-server unix-socket
set / system gnmi-server unix-socket admin-state enable
set / system gnmi-server unix-socket services [ gnmi gnoi ]
set / system tls
set / system tls server-profile clab-profile
set / system tls server-profile clab-profile key $aes1$ATRdEpZ88pFUf28=$k8r/4aOv82NkgaZ0utV2lI8/t1CeC+ZZpGLyki4hxvbs5HPJcOUNZ+A0xYbLdE6Bz6EytaTmKbta8sm8mwksBzMayPZmAzafELIAfhPl0dT4LG1ewRw7QifVajYec88++1hbSVMoahcjWpKsOTUK9oW5Y1LQI5gqPnLZn6RwhUW+l6WGGDOpM/RSXRBeol2hR5Ue9I3FCx6cu35e4Jp4rzuCQgiI1cQkeUgvjhRRx1WbHv7+M5iW0ABiSltKtrhDfm3sKDb2OKSQ5PaALJWtqbbO9+SQ3u1lDiZg/roCEViXbJWxifzb5G0VGNl5GdiK2UU0Ihzr+4DzlCA3Cke4YlJfJVw7ZjnKqrd/UuPuOqFDkZ+7/uCpyOOWjIz0qMsYwIQ0uiau1qObq3Dv6lXZixA5LjRK4qxLL+1B8veMWEcJwylhhzBPfmvPOazcNE8X1B7M2FnJnZzL+w1E8Eok+cAm2UPnKZqe8WTP91iP8fejkHOXgT8PlGyjNGxst4pgmj+6+8a/Zi91aop1v2nr5HkybKGd8dXxgdzmlGLykUrXSSJr6WICjNwlDZF+NezNO/IYLXeqYVnaIxzqZPrVTz2ouPQBOZTl7zUIiPokLNE2yemWPD4VjaSg9hfzhPLzMkKSJ0grvoHc7abq/qCpbbE/dkGqaHph8w6UmSFL882T/Wn3Ied5BM9vtH6pB1ez3LQrhe3/xNd7a6FUVizUJQHsqG1V3IMh1FXAYJpghjiCMXzSCZIFku/XGYgkhZ6183NNhTQnkvKgPUa1Du5yMX9EOx/3tTR1+z2gRlGLrx2fwSD+QAP1huDdpwzV82tq3BhX2f/6MoFJSt4sq+tsNnFogVGFfAcI4BINl1tdfDbDmRzwuVDwxwNuu204cxS9oAKwNyWY980zd0U9ZIVWAY9VX4TkO8TEkV1odaJji4ApgIC6u31u2U6x2uQLAjdXZKKrXAs7sSYinXiBO6+11y68zNYGjbbQqI+XI18tpm5yw1JPeBn9v9NHMzNMI2uA2lrjIiNlsNGRuQbtdWv45QyuILLWmsufWxt/oo4gw3u7kHQIFsFMxnceM3/bwzRidQINTwZq6ETQevvFWHExA5A+l6/KQ8g8KXHGvekUelUIxx+bc0/SKEkTJ43qMpQeA/Tm4bGg5ouGfxzMf/ERSXVYTX4s8SLQtg9Qps0or+F1Q8BWuqDC/Zbr9laOR19M6BoPVTeCc8LI3cd++mTeaga9ofh1pKUw1sPbmEiBLL8T8YvEyfxEpnqb3eD8aQRuF4NN2bIY9CVKAcovC1pQvFbKQR5CLJbqxSarDDrWJdpdEVj3/MUxX9YWu1+NtzoBu5fnBoLWpZ5VvuZmZfaRsThcsLwDrrMi7YZKP9eSd1Bk24J2RR1VkeSMmwAq9oBxBRCAAX7JhpsJghI7iGPcBBcwfa9NupONp53Jd35nwPP4E93aju/7QBgPpRcIBL7wnwXjWh9YN3fVKYw1LRIiY0OEuYsqiur6FquHDQ1dsE93QtdTla0IwvGxDcW7lS+53iH2LPORI8QgyV6dJpw5ntFOUcaTMNlt/ZDERFJ95bLLOGEXnYy3FAwPooIz4JDioxW5FWL4G/dt+JmYMasrcmgbrd/kXv5r0lb5wJM3Bu/8utsdatmzbbZQb3lMO0lFQyo3kE94kZv/7Ry7TVqCs0gbeJ8tmJpIAZcif4Dnk/Qjzm6UUWgUqe8WwS5//8VXwqsBEmIQZOm16/sqQSa807N4XgxLwKqtelMZI9P9rem9PQl8jhYfjvTFdu5kOLZUSZPqqEs/uK2z0fI0sWA302Lp9YM+ckwr5JMlVPbStZ1+qnzcacVgT5xbz95vdw1QG8gFlZByD8NbT/aAgNpL5D0yreqAKEFv87nJBN6xUu2AunDCFdWWY3yPx+s4kTc8F6U8LZKzDV4zVWrN1WhhhbjDvPPvaxL0I/FHp+afnMO/g6d0QTYojSerErX+a3o498Fxh6LKdDjKk6/dJxsw60FaCUyQN83LPdseBOwFlEVkLt1AgHOWlhNuc42mhcIufFHCJyLTRmyGIJPh4udo9poWGOzjuw2W990em5zou8HmUrGTurT0+FHr0tiORss10ARTTvubpd8atzlCw9hWpJrKvNd/dx+DtPh16x3FHfiBke3FvIX7OerreDo6aov8hWx4jSiTmKzCZHeI2aRlrWJCdOaro/fPU2X4UTAi5zSRV+cWD0PSi76+Vu8crW9B
set / system tls server-profile clab-profile certificate "-----BEGIN CERTIFICATE-----
MIIDtzCCAp+gAwIBAgICBnowDQYJKoZIhvcNAQELBQAwTzELMAkGA1UEBhMCVVMx
CTAHBgNVBAcTADEVMBMGA1UEChMMY29udGFpbmVybGFiMQkwBwYDVQQLEwAxEzAR
BgNVBAMTCmJncCBsYWIgQ0EwHhcNMjQwMzAxMTAxNDM1WhcNMjUwMzAxMTAxNDM1
WjBPMQswCQYDVQQGEwJVUzEJMAcGA1UEBxMAMRUwEwYDVQQKEwxjb250YWluZXJs
YWIxCTAHBgNVBAsTADETMBEGA1UEAxMKc3cyLmJncC5pbzCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMk/COnFdnHSRGa3lDPtxFE39zlMzaJETKsT8S9a
6T5uM3FCfoEYk9K8iO4o/Qm4v2812uU6DpoxspLPO63E4aajAtFpY6lLwBJxZc3n
5sRchKFx/ATVssS9Xya4pKnumJGhJ5DXJBhS+HfXoNShH3TVz+t6uzNBjjCXEtmm
Dmu3ejZvgcjH0wZ5x3j6GDhlKDgDtAADocucrMuWXgMVOaOel9eOsf0d7OpCQu/R
489HUdc+hqcrbp22c1DKhR7B6j9GxldEHxY9g7FZ/rQUPMK8osNTGkeeazyJXNbp
8hJQoFt3hTKSINQEp7FCgDgVKbDGGoS/kILicSlo6N+ROVMCAwEAAaOBnDCBmTAO
BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA4G
A1UdDgQHBAUBAgMEBjAfBgNVHSMEGDAWgBSFpX5ZLvFZgoOdzQAIDgZnO6LCRjA3
BgNVHREEMDAuggNzdzKCA3N3MoIKc3cyLmJncC5pb4cErBQUA4cQIAEBcgAgACAA
AAAAAAAAAzANBgkqhkiG9w0BAQsFAAOCAQEAeV3Lix+zMCVWo8DLW9IqXtOiew2e
orPmFYpzFzoMY7AlKyVYYkH8DcKa81TjiPOpmb2nH4fJeGp/tt2EVgjuCsaG33iJ
/AZ7VNIr9qz/hTGXQbwoekoqpRzZ+msj1817jQUL63PAxcXCrEfLb3bYbP5Y9wWu
8sImBRBsrfTto8D0Os/1w8I4q8WrfjN/fKd5O5F6ReyX8QVabsn2UOa8OjDa8aEA
1ItJnLWVGgpIeX9qxAhthygP+HQxjYB/f4blnGUsS6Nj3ZFZgL3hLkDEWMrClvss
Np4iWNho3D44ktNuUmgJHltFr6q4s8E1InWqzXj/FX1hyISDiyOU3JK/4w==
-----END CERTIFICATE-----
"
set / system tls server-profile clab-profile authenticate-client false
set / system json-rpc-server
set / system json-rpc-server admin-state enable
set / system json-rpc-server network-instance mgmt
set / system json-rpc-server network-instance mgmt http
set / system json-rpc-server network-instance mgmt http admin-state enable
set / system json-rpc-server network-instance mgmt https
set / system json-rpc-server network-instance mgmt https admin-state enable
set / system json-rpc-server network-instance mgmt https tls-profile clab-profile
set / system dns
set / system dns network-instance mgmt
set / system dns server-list [ 1.1.1.1 8.8.8.8 ]
set / system snmp
set / system snmp community $aes1$AWCbCTAnb8cAEW8=$cCWWC04qBoK7xJxKn/a6mA==
set / system snmp network-instance mgmt
set / system snmp network-instance mgmt admin-state enable
set / system ssh-server
set / system ssh-server network-instance mgmt
set / system ssh-server network-instance mgmt admin-state enable
set / system banner
set / system banner login-banner "................................................................
: Welcome to Nokia SR Linux! :
: Open Network OS for the NetOps era. :
: :
: This is a freely distributed official container image. :
: Use it - Share it :
: :
: Get started: https://learn.srlinux.dev :
: Container: https://go.srlinux.dev/container-image :
: Docs: https://doc.srlinux.dev/23-10 :
: Rel. notes: https://doc.srlinux.dev/rn23-10-1 :
: YANG: https://yang.srlinux.dev/release/v23.10.1 :
: Discord: https://go.srlinux.dev/discord :
: Contact: https://go.srlinux.dev/contact-sales :
................................................................
"
set / system logging
set / system logging buffer messages
set / system logging buffer messages rotate 3
set / system logging buffer messages size 10000000
set / system logging buffer messages facility local6
set / system logging buffer messages facility local6 priority
set / system logging buffer messages facility local6 priority match-above informational
set / system logging buffer system
set / system logging buffer system facility auth
set / system logging buffer system facility auth priority
set / system logging buffer system facility auth priority match-above warning
set / system logging buffer system facility cron
set / system logging buffer system facility cron priority
set / system logging buffer system facility cron priority match-above warning
set / system logging buffer system facility daemon
set / system logging buffer system facility daemon priority
set / system logging buffer system facility daemon priority match-above warning
set / system logging buffer system facility ftp
set / system logging buffer system facility ftp priority
set / system logging buffer system facility ftp priority match-above warning
set / system logging buffer system facility kern
set / system logging buffer system facility kern priority
set / system logging buffer system facility kern priority match-above warning
set / system logging buffer system facility lpr
set / system logging buffer system facility lpr priority
set / system logging buffer system facility lpr priority match-above warning
set / system logging buffer system facility mail
set / system logging buffer system facility mail priority
set / system logging buffer system facility mail priority match-above warning
set / system logging buffer system facility news
set / system logging buffer system facility news priority
set / system logging buffer system facility news priority match-above warning
set / system logging buffer system facility syslog
set / system logging buffer system facility syslog priority
set / system logging buffer system facility syslog priority match-above warning
set / system logging buffer system facility user
set / system logging buffer system facility user priority
set / system logging buffer system facility user priority match-above warning
set / system logging buffer system facility uucp
set / system logging buffer system facility uucp priority
set / system logging buffer system facility uucp priority match-above warning
set / system logging buffer system facility local0
set / system logging buffer system facility local0 priority
set / system logging buffer system facility local0 priority match-above warning
set / system logging buffer system facility local1
set / system logging buffer system facility local1 priority
set / system logging buffer system facility local1 priority match-above warning
set / system logging buffer system facility local2
set / system logging buffer system facility local2 priority
set / system logging buffer system facility local2 priority match-above warning
set / system logging buffer system facility local3
set / system logging buffer system facility local3 priority
set / system logging buffer system facility local3 priority match-above warning
set / system logging buffer system facility local4
set / system logging buffer system facility local4 priority
set / system logging buffer system facility local4 priority match-above warning
set / system logging buffer system facility local5
set / system logging buffer system facility local5 priority
set / system logging buffer system facility local5 priority match-above warning
set / system logging buffer system facility local7
set / system logging buffer system facility local7 priority
set / system logging buffer system facility local7 priority match-above warning
set / system logging file messages
set / system logging file messages rotate 3
set / system logging file messages size 10000000
set / system logging file messages facility local6
set / system logging file messages facility local6 priority
set / system logging file messages facility local6 priority match-above warning
set / network-instance default
set / network-instance default interface ethernet-1/31.0
set / network-instance default interface ethernet-1/32.0
set / network-instance default interface system0.0
set / network-instance default protocols
set / network-instance default protocols bgp
set / network-instance default protocols bgp autonomous-system 65002
set / network-instance default protocols bgp router-id 10.2.1.1
set / network-instance default protocols bgp afi-safi ipv4-unicast
set / network-instance default protocols bgp afi-safi ipv4-unicast admin-state enable
set / network-instance default protocols bgp afi-safi ipv4-unicast multipath
set / network-instance default protocols bgp afi-safi ipv4-unicast multipath allow-multiple-as true
set / network-instance default protocols bgp afi-safi ipv4-unicast multipath max-paths-level-1 4
set / network-instance default protocols bgp group eBGP-underlay
set / network-instance default protocols bgp group eBGP-underlay export-policy announce_loopback
set / network-instance default protocols bgp group eBGP-underlay import-policy all
set / network-instance default protocols bgp neighbor 10.0.0.1
set / network-instance default protocols bgp neighbor 10.0.0.1 description link1
set / network-instance default protocols bgp neighbor 10.0.0.1 peer-as 65001
set / network-instance default protocols bgp neighbor 10.0.0.1 peer-group eBGP-underlay
set / network-instance default protocols bgp neighbor 10.0.0.5
set / network-instance default protocols bgp neighbor 10.0.0.5 description link2
set / network-instance default protocols bgp neighbor 10.0.0.5 peer-as 65001
set / network-instance default protocols bgp neighbor 10.0.0.5 peer-group eBGP-underlay