amilan@bras-lab-01> show configuration | display set | no-more

set version 19.4R3.11

set system host-name bras-lab-01
set system root-authentication encrypted-password
"$6$Fc/jeGcN$dJFuqc2vLhQJs2ehVhAHFjmC7uiDwT1GFNjSnX/enUNBBbTdhXPzVA3kGAqvVdU8a4dAzA
bMxr3YI9nsKKfa//"
set system configuration-database max-db-size 314572800
set system login class rancid-class idle-timeout 5
set system login class rancid-class login-alarms
set system login class rancid-class permissions secret
set system login class rancid-class permissions view
set system login class rancid-class permissions view-configuration
set system login class rancid-class allow-commands "(set cli.*)|(show.*)|(quit)"
set system login class rancid-class deny-commands .*
set system login user abhishek uid 2024
set system login user abhishek class super-user
set system login user abhishek authentication encrypted-password
"$5$m7CD1TX7$tg/wZDxTGtupoAJ2YqWKm7jhYBB7uJQOxsQQhXjqE1B"
set system login user abhishek authentication ssh-rsa "ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAuFMb3BrJ7TJ77N+fYVMSSQEC4p4f+MiYyAJnBCpf8ijmq1wiPvvBYLP
uxu7EooFYL/xWSSCVIHBFdcNzJlalLnUXxviGpU/S5R/H2UDF1x9W3KAngZLqCBl43y0HpGZNMIWEt9Is5w
JfeGKpliTbLYfL10V0yecV/JYrmA7cwa5VnSi6Yn9aTLP+oiD2lB+BRdzBqGRdRZnsnNF0eIRxV6F+65Y1k
U1GUz5yZBZhn8V8W597hxP8E6Vx9IHnpwGlSAXf5V6SFLQ3Q6+m8rYrO4CZ8/4JGB4Vc7AJWIlwBh//w+rN
N1bHqSTgf/kOCAMPIdVuEaWsRg/KrFrwvE+ESw=="
set system login user amilan uid 2010
set system login user amilan class super-user
set system login user amilan authentication encrypted-password
"$6$SMUp0Lk/$URCoVEmoxM/2RnGaucf/B503af4CuJrtsIUlnWFzjBUGgjFzNy8YbeBaiU7JPg3vdbZqPd
KC/kf2Fou6pYd3.0"
set system login user amilan authentication ssh-rsa "ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEArJlqzAgkO2uaBv1rp2hvKb6ZiHjSHLnHhTy3gPcGFDkekS+CBq6Dqvr
dRRpfOkco0w2wPGN35PLr3BeswLKCUDj3/dfAG0bi1TSylmqIwAmHiTJQ0BgS1PRW10JvxEqYgGd8/J4f4q
f8y/EhCHHS7oB1Wld/MV514hj//NHgUDShw0LUdLBXZ+9vJygOTjySjE4NPtz9F222qVJIVkyMTjG4bdpE+
eqY7j4q4sQ9dB44l3AgVWHW9c42cORf8CCok0Y2brjOnSlXXFjQTxKGgQ3Q0GLWsmSGxqNR9Tp3UQvd70mu
iBpSmAIydHGKC2q4kwRQ/BiYsqZYOOqeVpnlrw=="
set system login user bidhanb uid 2026
set system login user bidhanb class super-user
set system login user bidhanb authentication encrypted-password
"$6$Uyxpf1LQ$rZxgj0KVLH3z8tOYYkX1CYgO.uEJEG9PP5qbDJB67ypnrWb2xT.5rTL18LffP/Pxqlmsg7
gXAxtB3y08QZWEV."
set system login user craju uid 2006
set system login user craju class super-user
set system login user craju authentication encrypted-password
"$6$mWtUHXK6$IAzSunEtpWoVa/cDlX6FVDnioHeHjBDZH1IQB.QHw.6XNR4O0mXe..cHkWAs0o236.f8Hl
yIhj.pcpy1eR.DO1"
set system login user gbijay uid 2011
set system login user gbijay class super-user
set system login user gbijay authentication encrypted-password
"$6$IPMPL5bD$Y9bIeuSHmk.RTP5h/dWeuj1BFATkaUfIINZG.vTE1aD0Z2uL8Jq54ESINjb6cw0qZNTOJQ
anFwqY0OkzsCky21"
set system login user gshyam uid 2000
set system login user gshyam class super-user
set system login user gshyam authentication encrypted-password
"$6$xPGuF79q$uh3VRTB.7BjC0r0oItUXxTFYwlsWK3ZF9eFEyoIxXgZYjJedubHqTqTguxF0aTXV8fO3cB
J2gE5YHvSabZLw0."
set system login user jspace uid 2027
set system login user jspace class super-user
set system login user jspace authentication encrypted-password
"$6$Zhg1Udol$wXTzbNgSk828oVrvvrbG8D5vjR4qFS1E2LcdBgYEfQqE/X2/VZi4KqzXYdNC.hE9BrBJ/9
n7.4Ekzgb0u8RZM."
set system login user junadmin full-name "TACACS Authenticated users with super-
user privileges"
set system login user junadmin uid 2029
set system login user junadmin class super-user
set system login user kijush uid 2016
set system login user kijush class super-user
set system login user kijush authentication encrypted-password
"$6$pVQsVgrS$id39yjau59hfXFqmnzUkm3odCCuznQGu1V2f8fSa3yTSNdusktuhPFdnqVMHafxJDBW1N1
Y2g3zVJcxIbB49G/"
set system login user lab uid 2017
set system login user lab class super-user
set system login user lab authentication encrypted-password
"$6$AbJiNwze$MbLs7bNTM73tC63RleqsoiUMeGhb5BA9dZXPpWsjm0XzHCSIdxI./bj7/oEW/JSc/Qpbp9
ADk4rGEkiBfHY7C/"
set system login user laxman uid 2022
set system login user laxman class super-user
set system login user laxman authentication encrypted-password
"$6$HlwVGX/P$YXnuqnL/5HcPUbOvUmhOHYOPZbRqmewo.F6/cRixNwdA4ckFgfeTDaAAyQDkI33CK8HqwT
42RNHtXirnKI0Y81"
set system login user mhjsakar uid 2020
set system login user mhjsakar class super-user
set system login user mhjsakar authentication encrypted-password
"$6$jaBQ0k1v$cuaBsQ6fva8UneB1O4Ya7kQKU32dSg1Yico2nbnYGuDqENERRyM6YcEYXPFutJtjv2vxTV
0B8ordICPUHNY8a1"
set system login user rancid uid 2015
set system login user rancid class super-user
set system login user rancid authentication encrypted-password
"$1$TFci3GHn$pU3DsQul8vZw6W37cJhYo/"
set system login user saralps uid 2025
set system login user saralps class super-user
set system login user saralps authentication encrypted-password
"$6$Vz50rL/9$XDjdzfVxHCqw8hJlKLaOBjzLL31Tafxoa3lhmBtLe5pu5h.2cs7eP.7NB/7fOpmYN0Egrr
Gc2MZdpjT6.56zw0"
set system login user script uid 2019
set system login user script class super-user
set system login user srijan uid 2028
set system login user srijan class super-user
set system login user srijan authentication encrypted-password
"$6$jVvonUyq$7jc3aNF2f/bRnIu1GR/a6RoL4AhdkEJ4ZoqjvuvKqTnWVF1hwG1movUSLNTYOn1w3DuxBM
0fzRVYaH6ti/18f."
set system login user sthashish uid 2001
set system login user sthashish class super-user
set system login user sthashish authentication encrypted-password
"$6$ML/NZGy5$DWKmg/IL92VuuKjao/fenF.WfQv8iiHGtj68F1.26tcqkJHUxLYp7XN/HPRFdUnipbA55j
46rj/6p4cjgvXxA0"
set system services ftp
set system services ssh root-login allow
set system services ssh protocol-version v2
set system services ssh max-sessions-per-connection 64
set system services extension-service request-response grpc clear-text port 9000
set system services extension-service request-response grpc skip-authentication
set system services netconf ssh
set system services rest http
set system services rest enable-explorer
set system services dhcp-local-server dhcpv6 short-cycle-protection lockout-min-
time 2
set system services dhcp-local-server dhcpv6 short-cycle-protection lockout-max-
time 900
set system services dhcp-local-server dhcpv6 group IPv6 overrides rapid-commit
set system services dhcp-local-server dhcpv6 group IPv6 overrides delegated-pool
Default-v6-pd-pool
set system services dhcp-local-server dhcpv6 group IPv6 overrides delete-binding-
on-renegotiation
deactivate system services dhcp-local-server dhcpv6 group IPv6 overrides delete-
binding-on-renegotiation
set system services dhcp-local-server dhcpv6 group IPv6 overrides asymmetric-lease-
time 1200
set system services dhcp-local-server dhcpv6 group IPv6 overrides asymmetric-
prefix-lease-time 1200
set system services dhcp-local-server dhcpv6 group IPv6 overrides dual-stack dual-
stack-group
set system services dhcp-local-server dhcpv6 group IPv6 interface xe-0/0/0.0
set system services dhcp-local-server dhcpv6 group IPv6 interface xe-1/0/0:1.0
set system services dhcp-local-server dhcpv6 group IPv6 interface ae14.0
set system services dhcp-local-server dhcpv6 group IPv6 interface demux0.0
set system services dhcp-local-server pool-match-order external-authority
set system services dhcp-local-server pool-match-order ip-address-first
set system services dhcp-local-server liveness-detection failure-action clear-
binding-if-interface-up
set system services dhcp-local-server liveness-detection method bfd version
automatic
set system services dhcp-local-server liveness-detection method bfd minimum-
interval 45000
set system services dhcp-local-server liveness-detection method bfd minimum-
receive-interval 60000
set system services dhcp-local-server liveness-detection method bfd multiplier 1
set system services dhcp-local-server liveness-detection method bfd no-adaptation
set system services dhcp-local-server liveness-detection method bfd transmit-
interval minimum-interval 45000
set system services dhcp-local-server liveness-detection method bfd transmit-
interval threshold 60000
set system services dhcp-local-server liveness-detection method bfd detection-time
threshold 66000
set system services dhcp-local-server liveness-detection method bfd session-mode
automatic
set system services dhcp-local-server liveness-detection method bfd holddown-
interval 50
deactivate system services dhcp-local-server liveness-detection
set system services dhcp-local-server overrides client-discover-match incoming-
interface
set system services dhcp-local-server overrides dual-stack dual-stack-group
set system services dhcp-local-server short-cycle-protection lockout-min-time 2
set system services dhcp-local-server short-cycle-protection lockout-max-time 900
set system services dhcp-local-server group IPv4 overrides delete-binding-on-
renegotiation
deactivate system services dhcp-local-server group IPv4 overrides delete-binding-
on-renegotiation
set system services dhcp-local-server group IPv4 overrides asymmetric-lease-time
1200
set system services dhcp-local-server group IPv4 overrides dual-stack dual-stack-
group
set system services dhcp-local-server group IPv4 interface xe-0/0/0.0
set system services dhcp-local-server group IPv4 interface xe-1/0/0:1.0
set system services dhcp-local-server group IPv4 interface ae14.0
set system services dhcp-local-server group IPv4 interface demux0.0
set system services dhcp-local-server dual-stack-group dual-stack-group
authentication password "wlink123$"
set system services dhcp-local-server dual-stack-group dual-stack-group
authentication username-include mac-address
set system services dhcp-local-server dual-stack-group dual-stack-group dynamic-
profile wlink-default-prof
set system services dhcp-local-server dual-stack-group dual-stack-group on-demand-
address-allocation
deactivate system services dhcp-local-server dual-stack-group dual-stack-group on-
demand-address-allocation
set system services dhcp-local-server dual-stack-group dual-stack-group
classification-key mac-address
set system services dhcp-local-server dual-stack-group dual-stack-group
renegotiation-master inet
set system services dhcp-local-server dual-stack-group dual-stack-group
renegotiation-master inet6
set system services dhcp-local-server dual-stack-group dual-stack-group liveness-
detection failure-action clear-binding-if-interface-up
set system services dhcp-local-server dual-stack-group dual-stack-group liveness-
detection method layer2-liveness-detection transmit-interval 300
set system services dhcp-local-server dual-stack-group dual-stack-group liveness-
detection method layer2-liveness-detection max-consecutive-retries 5
deactivate system services dhcp-local-server dual-stack-group dual-stack-group
liveness-detection
set system services dhcp-local-server dual-stack-group dual-stack-group short-
cycle-protection lockout-min-time 2
set system services dhcp-local-server dual-stack-group dual-stack-group short-
cycle-protection lockout-max-time 900
set system services dhcp-local-server no-stale-timer-refresh
set system services subscriber-management traceoptions file test_log1
set system services subscriber-management traceoptions file size 2m
set system services subscriber-management traceoptions file files 20
set system services subscriber-management traceoptions file world-readable
set system services subscriber-management enable
set system time-zone Asia/Kathmandu
set system authentication-order tacplus
set system authentication-order password
set system name-server 202.79.32.4
set system tacplus-server 202.79.32.39 port 49
set system tacplus-server 202.79.32.39 secret "$9$qmQn0BErKWIRVYoGq.0B1"
set system tacplus-server 202.79.32.39 source-address 202.166.192.34
set system tacplus-server 202.166.193.74 port 49
set system tacplus-server 202.166.193.74 secret "$9$OtlA1clxNbgaGdVmT39OBxN-"
set system tacplus-server 202.166.193.74 source-address 202.166.192.34
set system accounting events change-log
set system accounting destination tacplus server 202.79.32.39 port 49
set system accounting destination tacplus server 202.79.32.39 secret
"$9$AUEsp1hM87bY4Xxi.5FAtM8L"
set system accounting destination tacplus server 202.79.32.39 timeout 30
set system accounting destination tacplus server 202.79.32.39 single-connection
set system accounting destination tacplus server 202.166.193.74 port 49
set system accounting destination tacplus server 202.166.193.74 secret
"$9$AUEsp1hM87bY4Xxi.5FAtM8L"
set system accounting destination tacplus server 202.166.193.74 timeout 30
set system accounting destination tacplus server 202.166.193.74 single-connection
set system schema openconfig unhide
set system syslog user * any emergency
set system syslog host 202.79.32.84 any any
set system syslog host 202.79.32.84 port 5140
set system syslog host 202.79.32.84 source-address 202.166.192.34
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system syslog file config-change change-log any
set system syslog file BGP-log any info
set system syslog file BGP-log match BGP_
set system syslog file updown any any
set system syslog file updown match TRAP_LINK
set system syslog file ddos-log any info
set system syslog file ddos-log match DDOS_
set system syslog file default-log-messages any info
set system syslog file default-log-messages match "(requested 'commit' operation)|
(requested 'commit synchronize' operation)|(copying configuration to juniper.save)|
(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link
UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package
-X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|
CFMD_CCM_DEFECT| LFMD_3AH | RPD_MPLS_PATH_BFD|(Master Unchanged, Members Changed)|
(Master Changed, Members Changed)|(Master Detected, Members Changed)|(vc add)|(vc
delete)|(Master detected)|(Master changed)|(Backup detected)|(Backup changed)|
(interface vcp-)"
set system syslog file default-log-messages structured-data
set system syslog log-rotate-frequency 59
set system processes general-authentication-service traceoptions file jauthd
set system processes general-authentication-service traceoptions file size 100m
set system processes general-authentication-service traceoptions file files 10
set system processes general-authentication-service traceoptions flag all
set system processes smg-service traceoptions file smgd
set system processes smg-service traceoptions file size 100m
set system processes smg-service traceoptions file files 10
set system processes smg-service traceoptions level all
set system processes smg-service traceoptions flag all
deactivate system processes smg-service traceoptions
set system processes bbe-mib-daemon traceoptions file bbe-mibd
set system processes bbe-mib-daemon traceoptions file size 100m
set system processes bbe-mib-daemon traceoptions file files 10
set system processes bbe-mib-daemon traceoptions level all
set system processes bbe-mib-daemon traceoptions flag all
deactivate system processes bbe-mib-daemon traceoptions
set system processes dhcp-service traceoptions file jdhcpd
set system processes dhcp-service traceoptions file size 100m
set system processes dhcp-service traceoptions level all
set system processes dhcp-service traceoptions flag packet
set system processes dhcp-service traceoptions flag all
set system ddos-protection protocols dhcpv4 discover recover-time 10
set system ntp server 202.79.32.104
set chassis aggregated-devices ethernet device-count 25
set chassis fpc 0 sampling-instance s1
set chassis fpc 1 pic 0 port 0 number-of-sub-ports 4
set chassis fpc 1 pic 0 port 0 speed 10g
set chassis fpc 1 pic 0 port 2 speed 100g
set chassis fpc 1 pic 0 port 5 speed 100g
set chassis fpc 1 pic 1 port 0 number-of-sub-ports 4
set chassis fpc 1 pic 1 port 0 speed 10g
set chassis fpc 1 pic 1 port 2 speed 100g
set chassis fpc 1 pic 1 port 5 speed 100g
set chassis fpc 1 max-queues 512k
set chassis network-services enhanced-ip
set services analytics streaming-server telemetry-server remote-address 10.21.7.34
set services analytics streaming-server telemetry-server remote-port 9000
set services analytics export-profile export-param local-address 202.166.192.34
set services analytics export-profile export-param local-port 21111
set services analytics export-profile export-param reporting-rate 60
set services analytics export-profile export-param format gpb
set services analytics export-profile export-param transport udp
set services analytics sensor interface-1 server-name telemetry-server
set services analytics sensor interface-1 export-name export-param
set services analytics sensor interface-1 resource
/junos/system/linecard/interface/logical/usage/
set services analytics sensor interface-1 resource-filter xe-*
set services analytics sensor resource-1 server-name telemetry-server
set services analytics sensor resource-1 export-name export-param
set services analytics sensor resource-1 resource
/junos/system/linecard/cpu/memory/
set services flow-monitoring version-ipfix template ipv4 flow-active-timeout 60
set services flow-monitoring version-ipfix template ipv4 flow-inactive-timeout 70
set services flow-monitoring version-ipfix template ipv4 template-refresh-rate
seconds 30
set services flow-monitoring version-ipfix template ipv4 option-refresh-rate
seconds 30
set services flow-monitoring version-ipfix template ipv4 ipv4-template
set access-profile Rad
set interfaces xe-0/2/4 unit 0
set interfaces xe-1/0/0:0 description WAN_jnpr-prera-01_xe-2/0/1
set interfaces xe-1/0/0:0 unit 0 family inet address 202.79.40.6/31
set interfaces xe-1/0/0:0 unit 0 family inet6 address 2400:1a00:0:42::179/127
set interfaces xe-1/0/0:1 description jnpr-prera-01_xe-2/0/3_VPLS
set interfaces xe-1/0/0:1 hierarchical-scheduler maximum-hierarchy-levels 2
set interfaces xe-1/0/0:1 hierarchical-scheduler implicit-hierarchy
set interfaces xe-1/0/0:1 flexible-vlan-tagging
set interfaces xe-1/0/0:1 auto-configure stacked-vlan-ranges dynamic-profile
FtthZoom-svlan-prof accept dhcp-v4
set interfaces xe-1/0/0:1 auto-configure stacked-vlan-ranges dynamic-profile
FtthZoom-svlan-prof accept dhcp-v6
set interfaces xe-1/0/0:1 auto-configure stacked-vlan-ranges dynamic-profile
FtthZoom-svlan-prof ranges 3800-3800,121-121
set interfaces xe-1/0/0:1 auto-configure stacked-vlan-ranges dynamic-profile
FtthZoom-svlan-prof ranges 3700-3700,121-121
set interfaces xe-1/0/0:1 auto-configure stacked-vlan-ranges dynamic-profile
FtthZoom-svlan-profile accept pppoe
set interfaces xe-1/0/0:1 auto-configure stacked-vlan-ranges dynamic-profile
FtthZoom-svlan-profile ranges 3800-3800,120-120
set interfaces xe-1/0/0:1 auto-configure stacked-vlan-ranges dynamic-profile
FtthZoom-svlan-profile ranges 3700-3700,120-120
set interfaces xe-1/0/0:1 auto-configure stacked-vlan-ranges access-profile Rad
set interfaces xe-1/0/0:1 auto-configure remove-when-no-subscribers
set interfaces xe-1/0/0:1 mtu 9192
set interfaces xe-1/0/0:1 encapsulation flexible-ethernet-services
set interfaces xe-1/0/0:1 gigether-options ignore-l3-incompletes
set interfaces xe-1/0/0:2 description gw-jwl-stc-02_BGP_VL1120
set interfaces xe-1/0/0:2 flexible-vlan-tagging
set interfaces xe-1/0/0:2 encapsulation flexible-ethernet-services
set interfaces xe-1/0/0:2 unit 1120 vlan-id 1120
set interfaces xe-1/0/0:2 unit 1120 family inet address 202.166.220.2/24
set interfaces et-1/1/5 description To_X590
set interfaces et-1/1/5 unit 0 family inet address 172.16.16.2/30
set interfaces xe-2/0/0 unit 0 family inet
set interfaces xe-2/0/0 unit 0 family inet6
set interfaces fxp0 unit 0 description MGMT
set interfaces fxp0 unit 0 family inet address 10.10.250.22/23
set interfaces fxp0 unit 0 family inet address 10.0.1.6/24
set interfaces lo0 unit 0 family inet filter input ProtectRE
set interfaces lo0 unit 0 family inet address 202.166.192.34/32
set interfaces lo0 unit 0 family inet address 124.41.255.1/32
set interfaces lo0 unit 0 family inet6 filter input ipv6-ProtectRE
deactivate interfaces lo0 unit 0 family inet6 filter
set interfaces lo0 unit 0 family inet6 address 2400:1a00::34/128
set interfaces lo0 unit 0 family inet6 address 2400:1a00:8001:1::1/128 primary
set interfaces lo0 unit 0 family inet6 address 2400:1a00:8001:1::1/128 preferred
set snmp filter-interfaces interfaces pp0.*
set snmp filter-interfaces interfaces demux0.*
set snmp filter-interfaces all-internal-interfaces
set snmp engine-id use-mac-address
set snmp community 3263all authorization read-only
set snmp community 3263all clients 202.79.32.218/32
set snmp community 3263all clients 202.79.32.51/32
set snmp community 3263all clients 202.79.32.207/32
set snmp community 3263all clients 202.166.193.41/32
set snmp community 3263all clients 202.166.193.42/32
set snmp community 3263all clients 202.166.193.86/32
set snmp community 3263all clients 202.79.32.85/32
set snmp community 3263all clients 202.79.38.61/32
set snmp trap-group logstash destination-port 1062
set snmp trap-group logstash categories authentication
set snmp trap-group logstash categories chassis
set snmp trap-group logstash categories link
set snmp trap-group logstash categories routing
set snmp trap-group logstash categories startup
set snmp trap-group logstash categories rmon-alarm
set snmp trap-group logstash categories configuration
set snmp trap-group logstash categories services
set snmp trap-group logstash targets 202.79.32.200
set snmp trap-group Junos-space targets 202.79.32.12
set snmp trap-group space targets 202.79.38.60
set snmp trap-group space targets 202.79.38.62
set snmp traceoptions file bbe-snmp
set snmp traceoptions file size 100m
set snmp traceoptions file files 10
set snmp traceoptions flag all
set forwarding-options sampling instance s1 input rate 10
set forwarding-options sampling instance s1 family inet output flow-server
202.79.36.101 port 2055
set forwarding-options sampling instance s1 family inet output flow-server
202.79.36.101 version-ipfix template ipv4
set forwarding-options sampling instance s1 family inet output inline-jflow source-
address 202.166.192.34
set policy-options prefix-list IPTV-EDGE-SERVERS 103.213.31.0/24
set policy-options prefix-list IPTV-EDGE-SERVERS 202.79.40.32/29
set policy-options prefix-list IPTV-EDGE-SERVERS 202.79.40.180/31
set policy-options prefix-list IPTV-EDGE-SERVERS 202.79.40.182/31
set policy-options prefix-list IPTV-EDGE-SERVERS 202.79.40.192/31
set policy-options prefix-list IPTV-EDGE-SERVERS 202.79.40.196/31
set policy-options prefix-list IPTV-EDGE-SERVERS 202.79.40.198/31
set policy-options prefix-list IPTV-EDGE-SERVERS 202.79.40.200/31
set policy-options prefix-list IPTV-EDGE-SERVERS 202.79.40.204/31
set policy-options prefix-list IPTV-EDGE-SERVERS 202.79.40.206/31
set policy-options prefix-list IPTV-EDGE-SERVERS 202.79.40.212/31
set policy-options prefix-list IPTV-EDGE-SERVERS 202.79.40.216/31
set policy-options prefix-list IPTV-EDGE-SERVERS 202.79.40.220/31
set policy-options prefix-list IPTV-EDGE-SERVERS 202.79.40.222/31
set policy-options prefix-list IPTV-EDGE-SERVERS 202.79.40.226/31
set policy-options prefix-list IPTV-EDGE-SERVERS 202.79.40.240/31
set policy-options prefix-list IPTV-EDGE-SERVERS 202.79.40.242/31
set policy-options prefix-list IPTV-EDGE-SERVERS 202.79.40.244/31
set policy-options prefix-list IPTV-EDGE-SERVERS 202.79.40.246/31
set policy-options prefix-list IPTV-EDGE-SERVERS 202.79.40.250/31
set policy-options prefix-list IPTV-EDGE-SERVERS 202.79.40.252/31
set policy-options prefix-list IPTV-EDGE-SERVERS 202.166.192.204/30
set policy-options policy-statement import-routes term T0 from route-filter
0.0.0.0/0 exact
set policy-options policy-statement import-routes term T0 then accept
set policy-options policy-statement import-routes then reject
set policy-options policy-statement ipv6-outbound-routes term default from route-
filter ::/0 exact reject
set policy-options policy-statement ipv6-outbound-routes term static from family
inet6
set policy-options policy-statement ipv6-outbound-routes term static from protocol
static
set policy-options policy-statement ipv6-outbound-routes term static from route-
filter ::/0 upto /48
set policy-options policy-statement ipv6-outbound-routes term static then accept
set policy-options policy-statement ipv6-outbound-routes term direct from family
inet6
set policy-options policy-statement ipv6-outbound-routes term direct from protocol
direct
set policy-options policy-statement ipv6-outbound-routes term direct from route-
filter ::/0 upto /48
set policy-options policy-statement ipv6-outbound-routes term direct then accept
set policy-options policy-statement ipv6-outbound-routes term DHCP_IA-NA from
route-filter 2400:1a00:8001:1::/64 exact
set policy-options policy-statement ipv6-outbound-routes term DHCP_IA-NA then
accept
set policy-options policy-statement ipv6-outbound-routes then reject
set policy-options policy-statement next-hop-self then next-hop self
set policy-options policy-statement outbound-route term T0 from route-filter
0.0.0.0/0 exact
set policy-options policy-statement outbound-route term T0 from route-filter
10.0.1.0/24 exact
set policy-options policy-statement outbound-route term T0 from route-filter
124.41.211.0/24 exact
set policy-options policy-statement outbound-route term T0 from route-filter
202.79.32.0/24 upto /32
set policy-options policy-statement outbound-route term T0 from route-filter
202.79.36.0/24 upto /32
set policy-options policy-statement outbound-route term T0 then reject
set policy-options policy-statement outbound-route term direct from protocol static
set policy-options policy-statement outbound-route term direct then accept
deactivate policy-options policy-statement outbound-route term direct
set policy-options policy-statement outbound-route term test-prefix from route-
filter 124.41.255.0/24 exact
set policy-options policy-statement outbound-route term test-prefix from route-
filter 202.166.192.34/32 exact
set policy-options policy-statement outbound-route term test-prefix then accept
set policy-options policy-statement outbound-route then reject
set class-of-service host-outbound-traffic forwarding-class NC
set class-of-service forwarding-classes queue 0 INTERNET
set class-of-service forwarding-classes queue 0 priority low
set class-of-service forwarding-classes queue 1 IPTV
set class-of-service forwarding-classes queue 1 priority high
set class-of-service forwarding-classes queue 2 VOICE
deactivate class-of-service forwarding-classes queue 2
set class-of-service forwarding-classes queue 3 NC
set class-of-service forwarding-classes queue 3 priority high
set class-of-service rewrite-rules ieee-802.1 pbit-rewrite forwarding-class IPTV
loss-priority low code-point 101
set firewall family inet filter block-frag-in term 1 from packet-length 20
set firewall family inet filter block-frag-in term 1 from fragment-offset-except 0
set firewall family inet filter block-frag-in term 1 from fragment-flags "!more-
fragments"
set firewall family inet filter block-frag-in term 1 then count lenth0-in
set firewall family inet filter block-frag-in term 1 then discard
set firewall family inet filter block-frag-in term 2 then count test-in
set firewall family inet filter block-frag-in term 2 then accept
set firewall family inet filter block-frag-out term 1 from packet-length 20
set firewall family inet filter block-frag-out term 1 from fragment-offset-except 0
set firewall family inet filter block-frag-out term 1 from fragment-flags "!more-
fragments"
set firewall family inet filter block-frag-out term 1 then count lenth0-out
set firewall family inet filter block-frag-out term 1 then discard
set firewall family inet filter block-frag-out term 2 then count test-out
set firewall family inet filter block-frag-out term 2 then accept
set firewall family inet filter internal-ingress-filter term NO-NAT from
destination-address 100.64.0.0/10
set firewall family inet filter internal-ingress-filter term NO-NAT then accept
set firewall family inet filter internal-ingress-filter term 0 from destination-
address 192.168.0.0/16
set firewall family inet filter internal-ingress-filter term 0 from destination-
address 172.16.0.0/12
set firewall family inet filter internal-ingress-filter term 0 from destination-
address 10.0.0.0/8
set firewall family inet filter internal-ingress-filter term 0 then discard
set firewall family inet filter IPTV-TRAFFIC term FROM-EDGE-SERVER from prefix-list
IPTV-EDGE-SERVERS
set firewall family inet filter IPTV-TRAFFIC term FROM-EDGE-SERVER then count IPTV-
TRAFFIC
set firewall family inet filter IPTV-TRAFFIC term FROM-EDGE-SERVER then forwarding-
class IPTV
set firewall family inet filter IPTV-TRAFFIC term FROM-EDGE-SERVER then accept
set firewall family inet filter IPTV-TRAFFIC term FROM-EDGE-SERVER then dscp af41
set firewall family inet filter IPTV-TRAFFIC term DEFAULT then count DEFAULT-
TRAFFIC
set firewall family inet filter IPTV-TRAFFIC term DEFAULT then accept
set firewall family inet6 filter ALLOW-v6-Filter term DHCPv6-accept from next-
header udp
set firewall family inet6 filter ALLOW-v6-Filter term DHCPv6-accept from source-
port 546
set firewall family inet6 filter ALLOW-v6-Filter term DHCPv6-accept from source-
port 547
set firewall family inet6 filter ALLOW-v6-Filter term DHCPv6-accept from
destination-port 546
set firewall family inet6 filter ALLOW-v6-Filter term DHCPv6-accept from
destination-port 547
set firewall family inet6 filter ALLOW-v6-Filter term DHCPv6-accept then accept
set firewall family inet6 filter ALLOW-v6-Filter term ICMPv6-accept from next-
header icmp6
set firewall family inet6 filter ALLOW-v6-Filter term ICMPv6-accept from icmp-type
router-solicit
set firewall family inet6 filter ALLOW-v6-Filter term ICMPv6-accept from icmp-type
neighbor-solicit
set firewall family inet6 filter ALLOW-v6-Filter term ICMPv6-accept from icmp-type
neighbor-advertisement
set firewall family inet6 filter ALLOW-v6-Filter term ICMPv6-accept from icmp-type
router-advertisement
set firewall family inet6 filter ALLOW-v6-Filter term ICMPv6-accept then accept
set firewall family inet6 filter ipv6-ProtectRE term 0 filter ALLOW-v6-Filter
set firewall family inet6 filter ipv6-ProtectRE term 1 from source-address
2400:1a00::/63
set firewall family inet6 filter ipv6-ProtectRE term 1 from source-address
2400:1a00:2::/48
set firewall family inet6 filter ipv6-ProtectRE term 1 from source-address
2400:1a00:0::/48
set firewall family inet6 filter ipv6-ProtectRE term 1 then count
ipv6_RE_protect_count
set firewall family inet6 filter ipv6-ProtectRE term 1 then log
set firewall family inet6 filter ipv6-ProtectRE term 1 then accept
set firewall family inet6 filter ipv6-ProtectRE term 2 from payload-protocol ospf
set firewall family inet6 filter ipv6-ProtectRE term 2 then accept
set firewall family inet6 filter ipv6-ProtectRE term 4 from payload-protocol tcp
set firewall family inet6 filter ipv6-ProtectRE term 4 from port 179
set firewall family inet6 filter ipv6-ProtectRE term 4 then accept
set firewall family inet6 filter ipv6-ProtectRE term icmp6 from payload-protocol
icmp6
set firewall family inet6 filter ipv6-ProtectRE term icmp6 then accept
set firewall family inet6 filter ipv6-ProtectRE term 3 then discard
set firewall policer 32k filter-specific
set firewall policer 32k if-exceeding bandwidth-limit 32k
set firewall policer 32k if-exceeding burst-size-limit 4k
set firewall policer 32k then discard
set firewall filter ProtectRE term 0 filter ALLOW-DHCP
set firewall filter ProtectRE term 1 from source-address 202.79.32.0/24
set firewall filter ProtectRE term 1 from source-address 202.79.40.0/23
set firewall filter ProtectRE term 1 from source-address 202.166.192.0/24
set firewall filter ProtectRE term 1 from source-address 202.79.36.0/24
set firewall filter ProtectRE term 1 from source-address 192.168.1.0/24
set firewall filter ProtectRE term 1 from source-address 202.166.193.64/26
set firewall filter ProtectRE term 1 from source-address 124.41.211.1/32
set firewall filter ProtectRE term 1 from source-address 10.0.1.0/24
set firewall filter ProtectRE term 1 from source-address 202.166.193.32/27
set firewall filter ProtectRE term 1 from source-address 10.12.9.0/24
set firewall filter ProtectRE term 1 from source-address 202.79.36.101/32
set firewall filter ProtectRE term 1 from source-address 202.79.38.61/32
set firewall filter ProtectRE term 1 from source-address 10.10.250.0/23
set firewall filter ProtectRE term 1 from source-address 202.166.220.1/32
set firewall filter ProtectRE term 1 then accept
set firewall filter ProtectRE term 2 from tcp-established
set firewall filter ProtectRE term 2 then accept
set firewall filter ProtectRE term 3 from destination-port bgp
set firewall filter ProtectRE term 3 then accept
set firewall filter ProtectRE term 4 from protocol icmp
set firewall filter ProtectRE term 4 from protocol ospf
set firewall filter ProtectRE term 4 then accept
set firewall filter ProtectRE term 5 then count ProtectRE
set firewall filter ProtectRE term 5 then log
set firewall filter ProtectRE term 5 then discard
set firewall filter ALLOW-DHCP term dhcp-client-accept from source-address
0.0.0.0/32
set firewall filter ALLOW-DHCP term dhcp-client-accept from destination-address
255.255.255.255/32
set firewall filter ALLOW-DHCP term dhcp-client-accept from protocol udp
set firewall filter ALLOW-DHCP term dhcp-client-accept from source-port 68
set firewall filter ALLOW-DHCP term dhcp-client-accept from destination-port 67
set firewall filter ALLOW-DHCP term dhcp-client-accept then accept
set firewall filter ALLOW-DHCP term dhcp-server-accept from protocol udp
set firewall filter ALLOW-DHCP term dhcp-server-accept from source-port 67
set firewall filter ALLOW-DHCP term dhcp-server-accept from source-port 68
set firewall filter ALLOW-DHCP term dhcp-server-accept from destination-port 67
set firewall filter ALLOW-DHCP term dhcp-server-accept from destination-port 68
set firewall filter ALLOW-DHCP term dhcp-server-accept then accept
set access domain-name-server 202.79.32.4
set access domain-name-server-inet 202.79.32.4
set access domain-name-server-inet6 2400:1a00:0:32::165
set access domain-name-server-inet6 2400:1a00:8000:4::73
set access profile Rad authentication-order radius
set access profile Rad radius authentication-server 202.79.32.202
set access profile Rad radius accounting-server 202.79.32.202
set access profile Rad radius options client-authentication-algorithm round-robin
set access profile Rad radius options client-accounting-algorithm round-robin
set access profile Rad session-options client-idle-timeout 10
deactivate access profile Rad session-options client-idle-timeout
set access profile Rad radius-server 202.79.32.51 port 1649
set access profile Rad radius-server 202.79.32.51 accounting-port 1650
set access profile Rad radius-server 202.79.32.51 secret "$9$NB-sg4aUDHmYgGj"
set access profile Rad radius-server 202.79.32.51 max-outstanding-requests 2000
set access profile Rad radius-server 202.79.32.51 source-address 202.166.192.34
set access profile Rad radius-server 202.79.32.201 port 1649
set access profile Rad radius-server 202.79.32.201 accounting-port 1650
set access profile Rad radius-server 202.79.32.201 secret "$9$.mQ3n/tpORz3Au"
set access profile Rad radius-server 202.79.32.201 max-outstanding-requests 2000
set access profile Rad radius-server 202.79.32.201 source-address 202.166.192.34
set access profile Rad radius-server 10.21.8.10 port 1812
set access profile Rad radius-server 10.21.8.10 accounting-port 1813
set access profile Rad radius-server 10.21.8.10 secret
"$9$4OaDiqmTzF/Ygi.P5/9KM8xVwgoJjik"
set access profile Rad radius-server 10.21.8.10 max-outstanding-requests 2000
set access profile Rad radius-server 10.21.8.10 source-address 202.166.192.34
set access profile Rad radius-server 202.79.32.202 port 1649
set access profile Rad radius-server 202.79.32.202 accounting-port 1650
set access profile Rad radius-server 202.79.32.202 secret "$9$.mQ3n/tpORz3Au"
set access profile Rad radius-server 202.79.32.202 max-outstanding-requests 2000
set access profile Rad radius-server 202.79.32.202 source-address 202.166.192.34
set access profile Rad radius-server 202.79.32.224 port 1649
set access profile Rad radius-server 202.79.32.224 accounting-port 1650
set access profile Rad radius-server 202.79.32.224 secret "$9$.mQ3n/tpORz3Au"
set access profile Rad radius-server 202.79.32.224 max-outstanding-requests 2000
set access profile Rad radius-server 202.79.32.224 source-address 202.166.192.34
set access profile Rad radius-server 202.79.32.222 port 1812
set access profile Rad radius-server 202.79.32.222 accounting-port 1813
set access profile Rad radius-server 202.79.32.222 secret "$9$.mQ3n/tpORz3Au"
set access profile Rad radius-server 202.79.32.222 max-outstanding-requests 2000
set access profile Rad radius-server 202.79.32.222 source-address 202.166.192.34
set access profile Rad accounting order radius
set access profile Rad accounting accounting-stop-on-failure
set access profile Rad accounting accounting-stop-on-access-deny
deactivate access profile Rad accounting accounting-stop-on-access-deny
set access profile Rad accounting immediate-update
deactivate access profile Rad accounting immediate-update
set access profile Rad accounting coa-immediate-update
set access profile Rad accounting statistics volume-time
set access address-assignment pool safenet-pool family inet network 124.41.255.0/24
set access address-assignment pool safenet-pool family inet range 0-255 low
124.41.255.2
set access address-assignment pool safenet-pool family inet range 0-255 high
124.41.255.254
set access address-assignment pool safenet-pool family inet dhcp-attributes
maximum-lease-time 3600
set access address-assignment pool safenet-pool family inet dhcp-attributes router
124.41.255.1
set access address-assignment pool Default-v6-pool family inet6 prefix
2400:1a00:8001:1::/64
set access address-assignment pool Default-v6-pool family inet6 range 0-ffff low
2400:1a00:8001:1::2/128
set access address-assignment pool Default-v6-pool family inet6 range 0-ffff high
2400:1a00:8001:1:ffff:ffff:ffff:ffff/128
set access address-assignment pool Default-v6-pool family inet6 dhcp-attributes
dns-server 2400:1a00:0:32::165
set access address-assignment pool Default-v6-pool family inet6 dhcp-attributes
dns-server 2400:1a00:8000:4::73
set access address-assignment pool Default-v6-pool family inet6 dhcp-attributes
valid-lifetime 4800
set access address-assignment pool Default-v6-pool family inet6 dhcp-attributes
preferred-lifetime 3600
set access address-assignment pool Default-v6-pd-pool family inet6 prefix
2400:1a00:8002::/48
set access address-assignment pool Default-v6-pd-pool family inet6 range v6-pd
prefix-length 64
set access address-assignment pool Default-v6-pd-pool family inet6 dhcp-attributes
dns-server 2400:1a00:0:32::165
set access address-assignment pool Default-v6-pd-pool family inet6 dhcp-attributes
dns-server 2400:1a00:8000:4::73
set access address-assignment pool Default-v6-pd-pool family inet6 dhcp-attributes
valid-lifetime 4800
set access address-assignment pool Default-v6-pd-pool family inet6 dhcp-attributes
preferred-lifetime 3600
set access address-assignment pool default-pool family inet network 192.168.0.0/24
set access address-assignment pool default-pool family inet range 0-255 low
192.168.0.2
set access address-assignment pool default-pool family inet range 0-255 high
192.168.0.254
set access address-assignment pool default-pool family inet dhcp-attributes
maximum-lease-time 3600
set access address-assignment pool default-pool family inet dhcp-attributes router
192.168.0.1
set routing-options rib inet6.0 static route 2400:1a00:8002::/48 discard
set routing-options static route 124.41.255.0/24 discard
set routing-options static route 172.16.0.0/12 discard
set routing-options static route 172.16.0.0/12 no-readvertise
set routing-options static route 10.0.0.0/8 discard
set routing-options static route 10.0.0.0/8 no-readvertise
set routing-options static route 192.168.0.0/16 discard
set routing-options static route 192.168.0.0/16 no-readvertise
set routing-options static route 10.21.8.10/32 next-hop 202.79.40.7
set routing-options router-id 202.166.192.34
set routing-options autonomous-system 17501
set protocols ospf area 0.0.0.1 interface lo0.0 passive
set protocols ospf area 0.0.0.1 interface xe-1/0/0:0.0 interface-type p2p
deactivate protocols ospf
set protocols bgp group gw-jwl-stc-01 type internal
set protocols bgp group gw-jwl-stc-01 local-address 202.166.220.2
set protocols bgp group gw-jwl-stc-01 import import-routes
set protocols bgp group gw-jwl-stc-01 export next-hop-self
set protocols bgp group gw-jwl-stc-01 export outbound-route
set protocols bgp group gw-jwl-stc-01 local-as 17501
set protocols bgp group gw-jwl-stc-01 neighbor 202.166.220.1
set protocols ldp explicit-null
set protocols ldp transport-address router-id
set protocols ldp interface xe-1/0/0:0.0
set protocols ldp interface xe-2/1/0.0
set protocols ldp interface lo0.0
set protocols ospf3 area 0.0.0.1 interface lo0.0
set protocols ospf3 area 0.0.0.1 interface xe-1/0/0:0.0 interface-type p2p
set protocols lldp interface all
set dynamic-profiles FtthZoom-svlan-profile routing-instances "$junos-routing-
instance" interface "$junos-interface-name"
set dynamic-profiles FtthZoom-svlan-profile interfaces demux0 unit "$junos-
interface-unit" vlan-tags outer "$junos-stacked-vlan-id"
set dynamic-profiles FtthZoom-svlan-profile interfaces demux0 unit "$junos-
interface-unit" vlan-tags inner "$junos-vlan-id"
set dynamic-profiles FtthZoom-svlan-profile interfaces demux0 unit "$junos-
interface-unit" demux-options underlying-interface "$junos-interface-ifd-name"
set dynamic-profiles FtthZoom-svlan-profile interfaces demux0 unit "$junos-
interface-unit" family pppoe access-concentrator FtthZoom
set dynamic-profiles FtthZoom-svlan-profile interfaces demux0 unit "$junos-
interface-unit" family pppoe duplicate-protection
set dynamic-profiles FtthZoom-svlan-profile interfaces demux0 unit "$junos-
interface-unit" family pppoe dynamic-profile FtthZoom-pp0
set dynamic-profiles FtthZoom-svlan-profile interfaces demux0 unit "$junos-
interface-unit" family pppoe short-cycle-protection lockout-time-min 2
set dynamic-profiles FtthZoom-svlan-profile interfaces demux0 unit "$junos-
interface-unit" family pppoe short-cycle-protection lockout-time-max 1800
set dynamic-profiles wlink-dynamic-prof variables bandwidth default-value 10m
set dynamic-profiles wlink-dynamic-prof variables bandwidth mandatory
set dynamic-profiles wlink-dynamic-prof variables burst default-value 1280000
set dynamic-profiles wlink-dynamic-prof variables burst mandatory
set dynamic-profiles wlink-dynamic-prof variables filter-out uid
set dynamic-profiles wlink-dynamic-prof variables filter-in uid
set dynamic-profiles wlink-dynamic-prof variables pol-out uid
set dynamic-profiles wlink-dynamic-prof variables pol-in uid
set dynamic-profiles wlink-dynamic-prof variables filter-out-v6 uid
set dynamic-profiles wlink-dynamic-prof variables filter-in-v6 uid
set dynamic-profiles wlink-dynamic-prof variables iptv-bandwidth equals
"($bandwidth)/2"
set dynamic-profiles wlink-dynamic-prof variables iptv-bandwidth uid
deactivate dynamic-profiles wlink-dynamic-prof variables iptv-bandwidth
set dynamic-profiles wlink-dynamic-prof variables iptv-burst equals "($burst)/2"
set dynamic-profiles wlink-dynamic-prof variables iptv-burst uid
deactivate dynamic-profiles wlink-dynamic-prof variables iptv-burst
set dynamic-profiles wlink-dynamic-prof variables pol-iptv-out uid
set dynamic-profiles wlink-dynamic-prof variables pol-iptv-in uid
set dynamic-profiles wlink-dynamic-prof interfaces demux0 unit "$junos-interface-
unit" family inet filter input "$filter-in"
set dynamic-profiles wlink-dynamic-prof interfaces demux0 unit "$junos-interface-
unit" family inet filter input precedence 100
set dynamic-profiles wlink-dynamic-prof interfaces demux0 unit "$junos-interface-
unit" family inet filter output "$filter-out"
set dynamic-profiles wlink-dynamic-prof interfaces demux0 unit "$junos-interface-
unit" family inet filter output precedence 100
set dynamic-profiles wlink-dynamic-prof interfaces demux0 unit "$junos-interface-
unit" family inet6 filter input "$filter-in-v6"
set dynamic-profiles wlink-dynamic-prof interfaces demux0 unit "$junos-interface-
unit" family inet6 filter input precedence 100
set dynamic-profiles wlink-dynamic-prof interfaces demux0 unit "$junos-interface-
unit" family inet6 filter output "$filter-out-v6"
set dynamic-profiles wlink-dynamic-prof interfaces demux0 unit "$junos-interface-
unit" family inet6 filter output precedence 100
set dynamic-profiles wlink-dynamic-prof firewall family inet filter "$filter-in"
interface-specific
set dynamic-profiles wlink-dynamic-prof firewall family inet filter "$filter-in"
term NETTV-DESTINATION from destination-prefix-list IPTV-EDGE-SERVERS
set dynamic-profiles wlink-dynamic-prof firewall family inet filter "$filter-in"
term NETTV-DESTINATION then policer "$pol-iptv-in"
deactivate dynamic-profiles wlink-dynamic-prof firewall family inet filter
"$filter-in" term NETTV-DESTINATION then policer
set dynamic-profiles wlink-dynamic-prof firewall family inet filter "$filter-in"
term NETTV-DESTINATION then accept
set dynamic-profiles wlink-dynamic-prof firewall family inet filter "$filter-in"
term DNS from destination-port 53
set dynamic-profiles wlink-dynamic-prof firewall family inet filter "$filter-in"
term DNS then policer 32k
set dynamic-profiles wlink-dynamic-prof firewall family inet filter "$filter-in"
term DNS then next term
set dynamic-profiles wlink-dynamic-prof firewall family inet filter "$filter-in"
term internet-traffic then policer "$pol-in"
set dynamic-profiles wlink-dynamic-prof firewall family inet filter "$filter-in"
term internet-traffic then service-accounting
set dynamic-profiles wlink-dynamic-prof firewall family inet filter "$filter-in"
term internet-traffic then accept
set dynamic-profiles wlink-dynamic-prof firewall family inet filter "$filter-out"
interface-specific
set dynamic-profiles wlink-dynamic-prof firewall family inet filter "$filter-out"
term NETTV-SOURCE from source-prefix-list IPTV-EDGE-SERVERS
set dynamic-profiles wlink-dynamic-prof firewall family inet filter "$filter-out"
term NETTV-SOURCE then policer "$pol-iptv-out"
deactivate dynamic-profiles wlink-dynamic-prof firewall family inet filter
"$filter-out" term NETTV-SOURCE then policer
set dynamic-profiles wlink-dynamic-prof firewall family inet filter "$filter-out"
term NETTV-SOURCE then accept
set dynamic-profiles wlink-dynamic-prof firewall family inet filter "$filter-out"
term internet-traffic then policer "$pol-out"
set dynamic-profiles wlink-dynamic-prof firewall family inet filter "$filter-out"
term internet-traffic then service-accounting
set dynamic-profiles wlink-dynamic-prof firewall family inet filter "$filter-out"
term internet-traffic then accept
set dynamic-profiles wlink-dynamic-prof firewall family inet6 filter "$filter-in-
v6" interface-specific
set dynamic-profiles wlink-dynamic-prof firewall family inet6 filter "$filter-in-
v6" term DNS-v6 from destination-port 53
set dynamic-profiles wlink-dynamic-prof firewall family inet6 filter "$filter-in-
v6" term DNS-v6 then policer 32k
set dynamic-profiles wlink-dynamic-prof firewall family inet6 filter "$filter-in-
v6" term DNS-v6 then next term
set dynamic-profiles wlink-dynamic-prof firewall family inet6 filter "$filter-in-
v6" term internet-traffic then policer "$pol-in"
set dynamic-profiles wlink-dynamic-prof firewall family inet6 filter "$filter-in-
v6" term internet-traffic then service-accounting
set dynamic-profiles wlink-dynamic-prof firewall family inet6 filter "$filter-in-
v6" term internet-traffic then accept
set dynamic-profiles wlink-dynamic-prof firewall family inet6 filter "$filter-out-
v6" interface-specific
set dynamic-profiles wlink-dynamic-prof firewall family inet6 filter "$filter-out-
v6" term internet-traffic then policer "$pol-out"
set dynamic-profiles wlink-dynamic-prof firewall family inet6 filter "$filter-out-
v6" term internet-traffic then service-accounting
set dynamic-profiles wlink-dynamic-prof firewall family inet6 filter "$filter-out-
v6" term internet-traffic then accept
set dynamic-profiles wlink-dynamic-prof firewall policer "$pol-iptv-in" filter-
specific
set dynamic-profiles wlink-dynamic-prof firewall policer "$pol-iptv-in" if-
exceeding bandwidth-limit "$iptv-bandwidth"
set dynamic-profiles wlink-dynamic-prof firewall policer "$pol-iptv-in" if-
exceeding burst-size-limit "$iptv-burst"
deactivate dynamic-profiles wlink-dynamic-prof firewall policer "$pol-iptv-in"
set dynamic-profiles wlink-dynamic-prof firewall policer "$pol-iptv-out" filter-
specific
set dynamic-profiles wlink-dynamic-prof firewall policer "$pol-iptv-out" if-
exceeding bandwidth-limit "$iptv-bandwidth"
set dynamic-profiles wlink-dynamic-prof firewall policer "$pol-iptv-out" if-
exceeding burst-size-limit "$iptv-burst"
deactivate dynamic-profiles wlink-dynamic-prof firewall policer "$pol-iptv-out"
set dynamic-profiles wlink-dynamic-prof firewall policer "$pol-out" filter-specific
set dynamic-profiles wlink-dynamic-prof firewall policer "$pol-out" logical-
interface-policer
set dynamic-profiles wlink-dynamic-prof firewall policer "$pol-out" if-exceeding
bandwidth-limit "$bandwidth"
set dynamic-profiles wlink-dynamic-prof firewall policer "$pol-out" if-exceeding
burst-size-limit "$burst"
set dynamic-profiles wlink-dynamic-prof firewall policer "$pol-out" then discard
set dynamic-profiles wlink-dynamic-prof firewall policer "$pol-in" filter-specific
set dynamic-profiles wlink-dynamic-prof firewall policer "$pol-in" logical-
interface-policer
set dynamic-profiles wlink-dynamic-prof firewall policer "$pol-in" if-exceeding
bandwidth-limit "$bandwidth"
set dynamic-profiles wlink-dynamic-prof firewall policer "$pol-in" if-exceeding
burst-size-limit "$burst"
set dynamic-profiles wlink-dynamic-prof firewall policer "$pol-in" then discard
set dynamic-profiles FtthZoom-svlan-prof routing-instances "$junos-routing-
instance" interface "$junos-interface-name"
set dynamic-profiles FtthZoom-svlan-prof interfaces demux0 interface-mib
set dynamic-profiles FtthZoom-svlan-prof interfaces demux0 unit "$junos-interface-
unit" proxy-arp unrestricted
set dynamic-profiles FtthZoom-svlan-prof interfaces demux0 unit "$junos-interface-
unit" vlan-tags outer "$junos-stacked-vlan-id"
set dynamic-profiles FtthZoom-svlan-prof interfaces demux0 unit "$junos-interface-
unit" vlan-tags inner "$junos-vlan-id"
set dynamic-profiles FtthZoom-svlan-prof interfaces demux0 unit "$junos-interface-
unit" demux-options underlying-interface "$junos-underlying-interface"
set dynamic-profiles FtthZoom-svlan-prof interfaces demux0 unit "$junos-interface-
unit" family inet unnumbered-address "$junos-loopback-interface"
set dynamic-profiles FtthZoom-svlan-prof interfaces demux0 unit "$junos-interface-
unit" family inet6 unnumbered-address "$junos-loopback-interface"
set dynamic-profiles FtthZoom-svlan-prof protocols router-advertisement interface
"$junos-interface-name" max-advertisement-interval 15
set dynamic-profiles FtthZoom-svlan-prof protocols router-advertisement interface
"$junos-interface-name" min-advertisement-interval 10
set dynamic-profiles FtthZoom-svlan-prof protocols router-advertisement interface
"$junos-interface-name" managed-configuration
set dynamic-profiles FtthZoom-svlan-prof protocols router-advertisement interface
"$junos-interface-name" dns-server-address 2400:1a00:0:32::165 lifetime 180
set dynamic-profiles FtthZoom routing-instances "$junos-routing-instance" interface
"$junos-interface-name"
set dynamic-profiles FtthZoom interfaces demux0 unit "$junos-interface-unit" vlan-
id "$junos-vlan-id"
set dynamic-profiles FtthZoom interfaces demux0 unit "$junos-interface-unit" demux-
options underlying-interface "$junos-interface-ifd-name"
set dynamic-profiles FtthZoom interfaces demux0 unit "$junos-interface-unit" family
pppoe access-concentrator FtthZoom
set dynamic-profiles FtthZoom interfaces demux0 unit "$junos-interface-unit" family
pppoe duplicate-protection
set dynamic-profiles FtthZoom interfaces demux0 unit "$junos-interface-unit" family
pppoe dynamic-profile FtthZoom-pp0
set dynamic-profiles FtthZoom interfaces demux0 unit "$junos-interface-unit" family
pppoe short-cycle-protection lockout-time-min 2
set dynamic-profiles FtthZoom interfaces demux0 unit "$junos-interface-unit" family
pppoe short-cycle-protection lockout-time-max 1800
set dynamic-profiles FtthZoom-pp0 routing-instances "$junos-routing-instance"
interface "$junos-interface-name"
set dynamic-profiles FtthZoom-pp0 interfaces pp0 interface-mib
set dynamic-profiles FtthZoom-pp0 interfaces pp0 unit "$junos-interface-unit" ppp-
options pap
set dynamic-profiles FtthZoom-pp0 interfaces pp0 unit "$junos-interface-unit" ppp-
options authentication pap
set dynamic-profiles FtthZoom-pp0 interfaces pp0 unit "$junos-interface-unit" ppp-
options ipcp-suggest-dns-option
set dynamic-profiles FtthZoom-pp0 interfaces pp0 unit "$junos-interface-unit"
pppoe-options underlying-interface "$junos-underlying-interface"
set dynamic-profiles FtthZoom-pp0 interfaces pp0 unit "$junos-interface-unit"
pppoe-options server
set dynamic-profiles FtthZoom-pp0 interfaces pp0 unit "$junos-interface-unit"
keepalives interval 30
set dynamic-profiles FtthZoom-pp0 interfaces pp0 unit "$junos-interface-unit"
family inet rpf-check
set dynamic-profiles FtthZoom-pp0 interfaces pp0 unit "$junos-interface-unit"
family inet unnumbered-address lo0.0
set dynamic-profiles FtthZoom-pp0 interfaces pp0 unit "$junos-interface-unit"
family inet6 rpf-check
set dynamic-profiles FtthZoom-pp0 interfaces pp0 unit "$junos-interface-unit"
family inet6 address $junos-ipv6-address
set dynamic-profiles FtthZoom-pp0 protocols router-advertisement interface "$junos-
interface-name" dns-server-address 2400:1a00:8000:4::73 lifetime 1800
set dynamic-profiles FtthZoom-pp0 protocols router-advertisement interface "$junos-
interface-name" prefix $junos-ipv6-ndra-prefix
set dynamic-profiles wlink-default-prof predefined-variable-defaults cos-scheduler-
map SCHED-MAP-DEFAULT
set dynamic-profiles wlink-default-prof routing-instances "$junos-routing-instance"
interface "$junos-interface-name"
set dynamic-profiles wlink-default-prof interfaces demux0 unit "$junos-interface-
unit" family inet unnumbered-address "$junos-loopback-interface"
set dynamic-profiles wlink-default-prof interfaces demux0 unit "$junos-interface-
unit" family inet6 unnumbered-address "$junos-loopback-interface"
set dynamic-profiles wlink-default-prof class-of-service traffic-control-profiles
TC-PROFILE-01 scheduler-map "$junos-cos-scheduler-map"
set dynamic-profiles wlink-default-prof class-of-service interfaces "$junos-
interface-ifd-name" unit "$junos-interface-unit" output-traffic-control-profile TC-
PROFILE-01
set dynamic-profiles wlink-default-prof class-of-service interfaces "$junos-
interface-ifd-name" unit "$junos-interface-unit" rewrite-rules ieee-802.1 pbit-
rewrite
set dynamic-profiles wlink-default-prof class-of-service interfaces "$junos-
interface-ifd-name" unit "$junos-interface-unit" rewrite-rules ieee-802.1 vlan-tag
outer-and-inner
set dynamic-profiles wlink-default-prof class-of-service scheduler-maps SCHED-MAP-
DEFAULT forwarding-class INTERNET scheduler SCHED-INTERNET
set dynamic-profiles wlink-default-prof class-of-service scheduler-maps SCHED-MAP-
DEFAULT forwarding-class IPTV scheduler SCHED-IPTV
set dynamic-profiles wlink-default-prof class-of-service scheduler-maps SCHED-MAP-
DEFAULT forwarding-class NC scheduler SCHED-NC
set dynamic-profiles wlink-default-prof class-of-service schedulers SCHED-INTERNET
priority low
set dynamic-profiles wlink-default-prof class-of-service schedulers SCHED-IPTV
priority high
set dynamic-profiles wlink-default-prof class-of-service schedulers SCHED-NC
priority high
set dynamic-profiles dynamic-profiles
set dynamic-profiles wlink-pppoe-prof variables bandwidth default-value 10m
set dynamic-profiles wlink-pppoe-prof variables bandwidth mandatory
set dynamic-profiles wlink-pppoe-prof variables burst default-value 1280000
set dynamic-profiles wlink-pppoe-prof variables burst mandatory
set dynamic-profiles wlink-pppoe-prof variables filter-out uid
set dynamic-profiles wlink-pppoe-prof variables filter-in uid
set dynamic-profiles wlink-pppoe-prof variables pol-in uid
set dynamic-profiles wlink-pppoe-prof variables pol-out uid
set dynamic-profiles wlink-pppoe-prof variables filter-in-v6 uid
set dynamic-profiles wlink-pppoe-prof variables filter-out-v6 uid
set dynamic-profiles wlink-pppoe-prof interfaces pp0 unit "$junos-interface-unit"
targeted-distribution
deactivate dynamic-profiles wlink-pppoe-prof interfaces pp0 unit "$junos-interface-
unit" targeted-distribution
set dynamic-profiles wlink-pppoe-prof interfaces pp0 unit "$junos-interface-unit"
family inet filter input "$filter-in"
set dynamic-profiles wlink-pppoe-prof interfaces pp0 unit "$junos-interface-unit"
family inet filter input precedence 100
set dynamic-profiles wlink-pppoe-prof interfaces pp0 unit "$junos-interface-unit"
family inet filter output "$filter-out"
set dynamic-profiles wlink-pppoe-prof interfaces pp0 unit "$junos-interface-unit"
family inet filter output precedence 100
set dynamic-profiles wlink-pppoe-prof interfaces pp0 unit "$junos-interface-unit"
family inet6 filter input "$filter-in-v6"
set dynamic-profiles wlink-pppoe-prof interfaces pp0 unit "$junos-interface-unit"
family inet6 filter input precedence 100
set dynamic-profiles wlink-pppoe-prof interfaces pp0 unit "$junos-interface-unit"
family inet6 filter output "$filter-out-v6"
set dynamic-profiles wlink-pppoe-prof interfaces pp0 unit "$junos-interface-unit"
family inet6 filter output precedence 100
set dynamic-profiles wlink-pppoe-prof firewall family inet filter "$filter-in"
interface-specific
set dynamic-profiles wlink-pppoe-prof firewall family inet filter "$filter-in" term
DNS from destination-port 53
set dynamic-profiles wlink-pppoe-prof firewall family inet filter "$filter-in" term
DNS then policer 32k
set dynamic-profiles wlink-pppoe-prof firewall family inet filter "$filter-in" term
DNS then next term
set dynamic-profiles wlink-pppoe-prof firewall family inet filter "$filter-in" term
internet-traffic then policer "$pol-in"
set dynamic-profiles wlink-pppoe-prof firewall family inet filter "$filter-in" term
internet-traffic then service-accounting
set dynamic-profiles wlink-pppoe-prof firewall family inet filter "$filter-in" term
internet-traffic then accept
set dynamic-profiles wlink-pppoe-prof firewall family inet filter "$filter-out"
interface-specific
set dynamic-profiles wlink-pppoe-prof firewall family inet filter "$filter-out"
term internet-traffic then policer "$pol-out"
set dynamic-profiles wlink-pppoe-prof firewall family inet filter "$filter-out"
term internet-traffic then service-accounting
set dynamic-profiles wlink-pppoe-prof firewall family inet filter "$filter-out"
term internet-traffic then accept
set dynamic-profiles wlink-pppoe-prof firewall family inet6 filter "$filter-in-v6"
interface-specific
set dynamic-profiles wlink-pppoe-prof firewall family inet6 filter "$filter-in-v6"
term DNS-v6 from destination-port 53
set dynamic-profiles wlink-pppoe-prof firewall family inet6 filter "$filter-in-v6"
term DNS-v6 then policer 32k
set dynamic-profiles wlink-pppoe-prof firewall family inet6 filter "$filter-in-v6"
term DNS-v6 then next term
set dynamic-profiles wlink-pppoe-prof firewall family inet6 filter "$filter-in-v6"
term internet-traffic then policer "$pol-in"
set dynamic-profiles wlink-pppoe-prof firewall family inet6 filter "$filter-in-v6"
term internet-traffic then service-accounting
set dynamic-profiles wlink-pppoe-prof firewall family inet6 filter "$filter-in-v6"
term internet-traffic then accept
set dynamic-profiles wlink-pppoe-prof firewall family inet6 filter "$filter-out-v6"
interface-specific
set dynamic-profiles wlink-pppoe-prof firewall family inet6 filter "$filter-out-v6"
term internet-traffic then policer "$pol-out"
set dynamic-profiles wlink-pppoe-prof firewall family inet6 filter "$filter-out-v6"
term internet-traffic then service-accounting
set dynamic-profiles wlink-pppoe-prof firewall family inet6 filter "$filter-out-v6"
term internet-traffic then accept
set dynamic-profiles wlink-pppoe-prof firewall policer "$pol-in" filter-specific
set dynamic-profiles wlink-pppoe-prof firewall policer "$pol-in" logical-interface-
policer
set dynamic-profiles wlink-pppoe-prof firewall policer "$pol-in" if-exceeding
bandwidth-limit "$bandwidth"
set dynamic-profiles wlink-pppoe-prof firewall policer "$pol-in" if-exceeding
burst-size-limit "$burst"
set dynamic-profiles wlink-pppoe-prof firewall policer "$pol-in" then discard
set dynamic-profiles wlink-pppoe-prof firewall policer "$pol-out" filter-specific
set dynamic-profiles wlink-pppoe-prof firewall policer "$pol-out" logical-
interface-policer
set dynamic-profiles wlink-pppoe-prof firewall policer "$pol-out" if-exceeding
bandwidth-limit "$bandwidth"
set dynamic-profiles wlink-pppoe-prof firewall policer "$pol-out" if-exceeding
burst-size-limit "$burst"
set dynamic-profiles wlink-pppoe-prof firewall policer "$pol-out" then discard
set dynamic-profiles wlink-stb-int-prof variables bandwidth default-value 10m
set dynamic-profiles wlink-stb-int-prof variables bandwidth mandatory
set dynamic-profiles wlink-stb-int-prof variables burst default-value 1280000
set dynamic-profiles wlink-stb-int-prof variables burst mandatory
set dynamic-profiles wlink-stb-int-prof variables filter-out uid
set dynamic-profiles wlink-stb-int-prof variables filter-in uid
set dynamic-profiles wlink-stb-int-prof variables pol-out uid
set dynamic-profiles wlink-stb-int-prof variables pol-in uid
set dynamic-profiles wlink-stb-int-prof variables filter-out-v6 uid
set dynamic-profiles wlink-stb-int-prof variables filter-in-v6 uid
set dynamic-profiles wlink-stb-int-prof interfaces demux0 unit "$junos-interface-
unit" family inet filter input "$filter-in"
set dynamic-profiles wlink-stb-int-prof interfaces demux0 unit "$junos-interface-
unit" family inet filter input precedence 100
set dynamic-profiles wlink-stb-int-prof interfaces demux0 unit "$junos-interface-
unit" family inet filter output "$filter-out"
set dynamic-profiles wlink-stb-int-prof interfaces demux0 unit "$junos-interface-
unit" family inet filter output precedence 100
set dynamic-profiles wlink-stb-int-prof interfaces demux0 unit "$junos-interface-
unit" family inet6 filter input "$filter-in-v6"
set dynamic-profiles wlink-stb-int-prof interfaces demux0 unit "$junos-interface-
unit" family inet6 filter input precedence 100
set dynamic-profiles wlink-stb-int-prof interfaces demux0 unit "$junos-interface-
unit" family inet6 filter output "$filter-out-v6"
set dynamic-profiles wlink-stb-int-prof interfaces demux0 unit "$junos-interface-
unit" family inet6 filter output precedence 100
set dynamic-profiles wlink-stb-int-prof firewall family inet filter "$filter-in"
interface-specific
set dynamic-profiles wlink-stb-int-prof firewall family inet filter "$filter-in"
term DNS from destination-port 53
set dynamic-profiles wlink-stb-int-prof firewall family inet filter "$filter-in"
term DNS then policer 32k
set dynamic-profiles wlink-stb-int-prof firewall family inet filter "$filter-in"
term DNS then next term
set dynamic-profiles wlink-stb-int-prof firewall family inet filter "$filter-in"
term internet-traffic then policer "$pol-in"
set dynamic-profiles wlink-stb-int-prof firewall family inet filter "$filter-in"
term internet-traffic then service-accounting
set dynamic-profiles wlink-stb-int-prof firewall family inet filter "$filter-in"
term internet-traffic then accept
set dynamic-profiles wlink-stb-int-prof firewall family inet filter "$filter-out"
interface-specific
set dynamic-profiles wlink-stb-int-prof firewall family inet filter "$filter-out"
term internet-traffic then policer "$pol-out"
set dynamic-profiles wlink-stb-int-prof firewall family inet filter "$filter-out"
term internet-traffic then service-accounting
set dynamic-profiles wlink-stb-int-prof firewall family inet filter "$filter-out"
term internet-traffic then accept
set dynamic-profiles wlink-stb-int-prof firewall family inet6 filter "$filter-in-
v6" interface-specific
set dynamic-profiles wlink-stb-int-prof firewall family inet6 filter "$filter-in-
v6" term DNS-v6 from destination-port 53
set dynamic-profiles wlink-stb-int-prof firewall family inet6 filter "$filter-in-
v6" term DNS-v6 then policer 32k
set dynamic-profiles wlink-stb-int-prof firewall family inet6 filter "$filter-in-
v6" term DNS-v6 then next term
set dynamic-profiles wlink-stb-int-prof firewall family inet6 filter "$filter-in-
v6" term internet-traffic then policer "$pol-in"
set dynamic-profiles wlink-stb-int-prof firewall family inet6 filter "$filter-in-
v6" term internet-traffic then service-accounting
set dynamic-profiles wlink-stb-int-prof firewall family inet6 filter "$filter-in-
v6" term internet-traffic then accept
set dynamic-profiles wlink-stb-int-prof firewall family inet6 filter "$filter-out-
v6" interface-specific
set dynamic-profiles wlink-stb-int-prof firewall family inet6 filter "$filter-out-
v6" term internet-traffic then policer "$pol-out"
set dynamic-profiles wlink-stb-int-prof firewall family inet6 filter "$filter-out-
v6" term internet-traffic then service-accounting
set dynamic-profiles wlink-stb-int-prof firewall family inet6 filter "$filter-out-
v6" term internet-traffic then accept
set dynamic-profiles wlink-stb-int-prof firewall policer "$pol-in" filter-specific
set dynamic-profiles wlink-stb-int-prof firewall policer "$pol-in" logical-
interface-policer
set dynamic-profiles wlink-stb-int-prof firewall policer "$pol-in" if-exceeding
bandwidth-limit "$bandwidth"
set dynamic-profiles wlink-stb-int-prof firewall policer "$pol-in" if-exceeding
burst-size-limit "$burst"
set dynamic-profiles wlink-stb-int-prof firewall policer "$pol-in" then discard
set dynamic-profiles wlink-stb-int-prof firewall policer "$pol-out" filter-specific
set dynamic-profiles wlink-stb-int-prof firewall policer "$pol-out" logical-
interface-policer
set dynamic-profiles wlink-stb-int-prof firewall policer "$pol-out" if-exceeding
bandwidth-limit "$bandwidth"
set dynamic-profiles wlink-stb-int-prof firewall policer "$pol-out" if-exceeding
burst-size-limit "$burst"
set dynamic-profiles wlink-stb-int-prof firewall policer "$pol-out" then discard
set dynamic-profiles wlink-single-pipe-prof variables bandwidth default-value 10m
set dynamic-profiles wlink-single-pipe-prof variables bandwidth mandatory
set dynamic-profiles wlink-single-pipe-prof variables burst default-value 1280000
set dynamic-profiles wlink-single-pipe-prof variables burst mandatory
set dynamic-profiles wlink-single-pipe-prof variables filter-out uid
set dynamic-profiles wlink-single-pipe-prof variables filter-in uid
set dynamic-profiles wlink-single-pipe-prof variables pol-out uid
set dynamic-profiles wlink-single-pipe-prof variables pol-in uid
set dynamic-profiles wlink-single-pipe-prof variables filter-out-v6 uid
set dynamic-profiles wlink-single-pipe-prof variables filter-in-v6 uid
set dynamic-profiles wlink-single-pipe-prof interfaces demux0 unit "$junos-
interface-unit" family inet filter input "$filter-in"
set dynamic-profiles wlink-single-pipe-prof interfaces demux0 unit "$junos-
interface-unit" family inet filter input precedence 100
set dynamic-profiles wlink-single-pipe-prof interfaces demux0 unit "$junos-
interface-unit" family inet filter output "$filter-out"
set dynamic-profiles wlink-single-pipe-prof interfaces demux0 unit "$junos-
interface-unit" family inet filter output precedence 100
set dynamic-profiles wlink-single-pipe-prof interfaces demux0 unit "$junos-
interface-unit" family inet6 filter input "$filter-in-v6"
set dynamic-profiles wlink-single-pipe-prof interfaces demux0 unit "$junos-
interface-unit" family inet6 filter input precedence 100
set dynamic-profiles wlink-single-pipe-prof interfaces demux0 unit "$junos-
interface-unit" family inet6 filter output "$filter-out-v6"
set dynamic-profiles wlink-single-pipe-prof interfaces demux0 unit "$junos-
interface-unit" family inet6 filter output precedence 100
set dynamic-profiles wlink-single-pipe-prof firewall family inet filter "$filter-
in" interface-specific
set dynamic-profiles wlink-single-pipe-prof firewall family inet filter "$filter-
in" term DNS from destination-port 53
set dynamic-profiles wlink-single-pipe-prof firewall family inet filter "$filter-
in" term DNS then policer 32k
set dynamic-profiles wlink-single-pipe-prof firewall family inet filter "$filter-
in" term DNS then next term
set dynamic-profiles wlink-single-pipe-prof firewall family inet filter "$filter-
in" term internet-traffic then policer "$pol-in"
set dynamic-profiles wlink-single-pipe-prof firewall family inet filter "$filter-
in" term internet-traffic then service-accounting
set dynamic-profiles wlink-single-pipe-prof firewall family inet filter "$filter-
in" term internet-traffic then accept
set dynamic-profiles wlink-single-pipe-prof firewall family inet filter "$filter-
out" interface-specific
set dynamic-profiles wlink-single-pipe-prof firewall family inet filter "$filter-
out" term internet-traffic then policer "$pol-out"
set dynamic-profiles wlink-single-pipe-prof firewall family inet filter "$filter-
out" term internet-traffic then service-accounting
set dynamic-profiles wlink-single-pipe-prof firewall family inet filter "$filter-
out" term internet-traffic then accept
set dynamic-profiles wlink-single-pipe-prof firewall family inet6 filter "$filter-
in-v6" interface-specific
set dynamic-profiles wlink-single-pipe-prof firewall family inet6 filter "$filter-
in-v6" term DNS-v6 from destination-port 53
set dynamic-profiles wlink-single-pipe-prof firewall family inet6 filter "$filter-
in-v6" term DNS-v6 then policer 32k
set dynamic-profiles wlink-single-pipe-prof firewall family inet6 filter "$filter-
in-v6" term DNS-v6 then next term
set dynamic-profiles wlink-single-pipe-prof firewall family inet6 filter "$filter-
in-v6" term internet-traffic then policer "$pol-in"
set dynamic-profiles wlink-single-pipe-prof firewall family inet6 filter "$filter-
in-v6" term internet-traffic then service-accounting
set dynamic-profiles wlink-single-pipe-prof firewall family inet6 filter "$filter-
in-v6" term internet-traffic then accept
set dynamic-profiles wlink-single-pipe-prof firewall family inet6 filter "$filter-
out-v6" interface-specific
set dynamic-profiles wlink-single-pipe-prof firewall family inet6 filter "$filter-
out-v6" term internet-traffic then policer "$pol-out"
set dynamic-profiles wlink-single-pipe-prof firewall family inet6 filter "$filter-
out-v6" term internet-traffic then service-accounting
set dynamic-profiles wlink-single-pipe-prof firewall family inet6 filter "$filter-
out-v6" term internet-traffic then accept
set dynamic-profiles wlink-single-pipe-prof firewall policer "$pol-in" filter-
specific
set dynamic-profiles wlink-single-pipe-prof firewall policer "$pol-in" logical-
interface-policer
set dynamic-profiles wlink-single-pipe-prof firewall policer "$pol-in" if-exceeding
bandwidth-limit "$bandwidth"
set dynamic-profiles wlink-single-pipe-prof firewall policer "$pol-in" if-exceeding
burst-size-limit "$burst"
set dynamic-profiles wlink-single-pipe-prof firewall policer "$pol-in" then discard
set dynamic-profiles wlink-single-pipe-prof firewall policer "$pol-out" filter-
specific
set dynamic-profiles wlink-single-pipe-prof firewall policer "$pol-out" logical-
interface-policer
set dynamic-profiles wlink-single-pipe-prof firewall policer "$pol-out" if-
exceeding bandwidth-limit "$bandwidth"
set dynamic-profiles wlink-single-pipe-prof firewall policer "$pol-out" if-
exceeding burst-size-limit "$burst"
set dynamic-profiles wlink-single-pipe-prof firewall policer "$pol-out" then
discard

amilan@bras-lab-01> show configuration | no-more

## Last commit: 2021-09-12 15:28:11 NPT by amilan
version 19.4R3.11;
system {
host-name bras-lab-01;
root-authentication {
encrypted-password
"$6$Fc/jeGcN$dJFuqc2vLhQJs2ehVhAHFjmC7uiDwT1GFNjSnX/enUNBBbTdhXPzVA3kGAqvVdU8a4dAzA
bMxr3YI9nsKKfa//"; ## SECRET-DATA
}
configuration-database {
max-db-size 314572800;
}
login {
class rancid-class {
idle-timeout 5;
login-alarms;
permissions [ secret view view-configuration ];
allow-commands "(set cli.*)|(show.*)|(quit)";
deny-commands .*;
}
user abhishek {
uid 2024;
class super-user;
authentication {
encrypted-password
"$5$m7CD1TX7$tg/wZDxTGtupoAJ2YqWKm7jhYBB7uJQOxsQQhXjqE1B"; ## SECRET-DATA
ssh-rsa "ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAuFMb3BrJ7TJ77N+fYVMSSQEC4p4f+MiYyAJnBCpf8ijmq1wiPvvBYLP
uxu7EooFYL/xWSSCVIHBFdcNzJlalLnUXxviGpU/S5R/H2UDF1x9W3KAngZLqCBl43y0HpGZNMIWEt9Is5w
JfeGKpliTbLYfL10V0yecV/JYrmA7cwa5VnSi6Yn9aTLP+oiD2lB+BRdzBqGRdRZnsnNF0eIRxV6F+65Y1k
U1GUz5yZBZhn8V8W597hxP8E6Vx9IHnpwGlSAXf5V6SFLQ3Q6+m8rYrO4CZ8/4JGB4Vc7AJWIlwBh//w+rN
N1bHqSTgf/kOCAMPIdVuEaWsRg/KrFrwvE+ESw=="; ## SECRET-DATA
}
}
user amilan {
uid 2010;
class super-user;
authentication {
encrypted-password
"$6$SMUp0Lk/$URCoVEmoxM/2RnGaucf/B503af4CuJrtsIUlnWFzjBUGgjFzNy8YbeBaiU7JPg3vdbZqPd
KC/kf2Fou6pYd3.0"; ## SECRET-DATA
ssh-rsa "ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEArJlqzAgkO2uaBv1rp2hvKb6ZiHjSHLnHhTy3gPcGFDkekS+CBq6Dqvr
dRRpfOkco0w2wPGN35PLr3BeswLKCUDj3/dfAG0bi1TSylmqIwAmHiTJQ0BgS1PRW10JvxEqYgGd8/J4f4q
f8y/EhCHHS7oB1Wld/MV514hj//NHgUDShw0LUdLBXZ+9vJygOTjySjE4NPtz9F222qVJIVkyMTjG4bdpE+
eqY7j4q4sQ9dB44l3AgVWHW9c42cORf8CCok0Y2brjOnSlXXFjQTxKGgQ3Q0GLWsmSGxqNR9Tp3UQvd70mu
iBpSmAIydHGKC2q4kwRQ/BiYsqZYOOqeVpnlrw=="; ## SECRET-DATA
}
}
user bidhanb {
uid 2026;
class super-user;
authentication {
encrypted-password
"$6$Uyxpf1LQ$rZxgj0KVLH3z8tOYYkX1CYgO.uEJEG9PP5qbDJB67ypnrWb2xT.5rTL18LffP/Pxqlmsg7
gXAxtB3y08QZWEV."; ## SECRET-DATA
}
}
user craju {
uid 2006;
class super-user;
authentication {
encrypted-password
"$6$mWtUHXK6$IAzSunEtpWoVa/cDlX6FVDnioHeHjBDZH1IQB.QHw.6XNR4O0mXe..cHkWAs0o236.f8Hl
yIhj.pcpy1eR.DO1"; ## SECRET-DATA
 }
}
user gbijay {
uid 2011;
class super-user;
authentication {
encrypted-password
"$6$IPMPL5bD$Y9bIeuSHmk.RTP5h/dWeuj1BFATkaUfIINZG.vTE1aD0Z2uL8Jq54ESINjb6cw0qZNTOJQ
anFwqY0OkzsCky21"; ## SECRET-DATA
}
}
user gshyam {
uid 2000;
class super-user;
authentication {
encrypted-password
"$6$xPGuF79q$uh3VRTB.7BjC0r0oItUXxTFYwlsWK3ZF9eFEyoIxXgZYjJedubHqTqTguxF0aTXV8fO3cB
J2gE5YHvSabZLw0."; ## SECRET-DATA
}
}
user jspace {
uid 2027;
class super-user;
authentication {
encrypted-password
"$6$Zhg1Udol$wXTzbNgSk828oVrvvrbG8D5vjR4qFS1E2LcdBgYEfQqE/X2/VZi4KqzXYdNC.hE9BrBJ/9
n7.4Ekzgb0u8RZM."; ## SECRET-DATA
}
}
user junadmin {
full-name "TACACS Authenticated users with super-user privileges";
uid 2029;
class super-user;
}
user kijush {
uid 2016;
class super-user;
authentication {
encrypted-password
"$6$pVQsVgrS$id39yjau59hfXFqmnzUkm3odCCuznQGu1V2f8fSa3yTSNdusktuhPFdnqVMHafxJDBW1N1
Y2g3zVJcxIbB49G/"; ## SECRET-DATA
}
}
user lab {
uid 2017;
class super-user;
authentication {
encrypted-password
"$6$AbJiNwze$MbLs7bNTM73tC63RleqsoiUMeGhb5BA9dZXPpWsjm0XzHCSIdxI./bj7/oEW/JSc/Qpbp9
ADk4rGEkiBfHY7C/"; ## SECRET-DATA
}
}
user laxman {
uid 2022;
class super-user;
authentication {
encrypted-password
"$6$HlwVGX/P$YXnuqnL/5HcPUbOvUmhOHYOPZbRqmewo.F6/cRixNwdA4ckFgfeTDaAAyQDkI33CK8HqwT
42RNHtXirnKI0Y81"; ## SECRET-DATA
 }
}
user mhjsakar {
uid 2020;
class super-user;
authentication {
encrypted-password
"$6$jaBQ0k1v$cuaBsQ6fva8UneB1O4Ya7kQKU32dSg1Yico2nbnYGuDqENERRyM6YcEYXPFutJtjv2vxTV
0B8ordICPUHNY8a1"; ## SECRET-DATA
}
}
user rancid {
uid 2015;
class super-user;
authentication {
encrypted-password "$1$TFci3GHn$pU3DsQul8vZw6W37cJhYo/"; ## SECRET-
DATA
}
}
user saralps {
uid 2025;
class super-user;
authentication {
encrypted-password
"$6$Vz50rL/9$XDjdzfVxHCqw8hJlKLaOBjzLL31Tafxoa3lhmBtLe5pu5h.2cs7eP.7NB/7fOpmYN0Egrr
Gc2MZdpjT6.56zw0"; ## SECRET-DATA
}
}
user script {
uid 2019;
class super-user;
}
user srijan {
uid 2028;
class super-user;
authentication {
encrypted-password
"$6$jVvonUyq$7jc3aNF2f/bRnIu1GR/a6RoL4AhdkEJ4ZoqjvuvKqTnWVF1hwG1movUSLNTYOn1w3DuxBM
0fzRVYaH6ti/18f."; ## SECRET-DATA
}
}
user sthashish {
uid 2001;
class super-user;
authentication {
encrypted-password
"$6$ML/NZGy5$DWKmg/IL92VuuKjao/fenF.WfQv8iiHGtj68F1.26tcqkJHUxLYp7XN/HPRFdUnipbA55j
46rj/6p4cjgvXxA0"; ## SECRET-DATA
}
}
}
services {
ftp;
ssh {
root-login allow;
protocol-version v2;
max-sessions-per-connection 64;
}
extension-service {
 request-response {
grpc {
clear-text {
port 9000;
}
skip-authentication;
}
}
}
netconf {
ssh;
}
rest {
http;
enable-explorer;
}
dhcp-local-server {
dhcpv6 {
short-cycle-protection lockout-min-time 2 lockout-max-time 900;
group IPv6 {
overrides {
rapid-commit;
delegated-pool Default-v6-pd-pool;
inactive: delete-binding-on-renegotiation;
asymmetric-lease-time 1200;
asymmetric-prefix-lease-time 1200;
dual-stack dual-stack-group;
}
interface xe-0/0/0.0;
interface xe-1/0/0:1.0;
interface ae14.0;
interface demux0.0;
}
}
pool-match-order {
external-authority;
ip-address-first;
}
inactive: liveness-detection {
failure-action clear-binding-if-interface-up;
method {
bfd {
version automatic;
minimum-interval 45000;
minimum-receive-interval 60000;
multiplier 1;
no-adaptation;
transmit-interval {
minimum-interval 45000;
threshold 60000;
}
detection-time {
threshold 66000;
}
session-mode automatic;
holddown-interval 50;
}
}
}
 overrides {
client-discover-match incoming-interface;
dual-stack dual-stack-group;
}
short-cycle-protection lockout-min-time 2 lockout-max-time 900;
group IPv4 {
overrides {
inactive: delete-binding-on-renegotiation;
asymmetric-lease-time 1200;
dual-stack dual-stack-group;
}
interface xe-0/0/0.0;
interface xe-1/0/0:1.0;
interface ae14.0;
interface demux0.0;
}
dual-stack-group dual-stack-group {
authentication {
password "wlink123$";
username-include {
mac-address;
}
}
dynamic-profile wlink-default-prof;
inactive: on-demand-address-allocation;
classification-key {
mac-address;
}
renegotiation-master inet inet6;
inactive: liveness-detection {
failure-action clear-binding-if-interface-up;
method {
layer2-liveness-detection {
transmit-interval 300;
max-consecutive-retries 5;
}
}
}
short-cycle-protection lockout-min-time 2 lockout-max-time 900;
}
no-stale-timer-refresh;
}
subscriber-management {
traceoptions {
file test_log1 size 2m files 20 world-readable;
}
enable;
}
}
time-zone Asia/Kathmandu;
authentication-order [ tacplus password ];
name-server {
202.79.32.4;
}
tacplus-server {
202.79.32.39 {
port 49;
secret "$9$qmQn0BErKWIRVYoGq.0B1"; ## SECRET-DATA
source-address 202.166.192.34;
 }
202.166.193.74 {
port 49;
secret "$9$OtlA1clxNbgaGdVmT39OBxN-"; ## SECRET-DATA
source-address 202.166.192.34;
}
}
accounting {
events change-log;
destination {
tacplus {
server {
202.79.32.39 {
port 49;
secret "$9$AUEsp1hM87bY4Xxi.5FAtM8L"; ## SECRET-DATA
timeout 30;
single-connection;
}
202.166.193.74 {
port 49;
secret "$9$AUEsp1hM87bY4Xxi.5FAtM8L"; ## SECRET-DATA
timeout 30;
single-connection;
}
}
}
}
}
schema {
openconfig {
unhide;
}
}
syslog {
user * {
any emergency;
}
host 202.79.32.84 {
any any;
port 5140;
source-address 202.166.192.34;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
file config-change {
change-log any;
}
file BGP-log {
any info;
match BGP_;
}
file updown {
any any;
match TRAP_LINK;
 }
file ddos-log {
any info;
match DDOS_;
}
file default-log-messages {
any info;
match "(requested 'commit' operation)|(requested 'commit synchronize'
operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|
(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|
transfer-file|(license add)|(license delete)|(package -X update)|(package -X
delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|CFMD_CCM_DEFECT|
LFMD_3AH | RPD_MPLS_PATH_BFD|(Master Unchanged, Members Changed)|(Master Changed,
Members Changed)|(Master Detected, Members Changed)|(vc add)|(vc delete)|(Master
detected)|(Master changed)|(Backup detected)|(Backup changed)|(interface vcp-)";
structured-data;
}
log-rotate-frequency 59;
}
processes {
general-authentication-service {
traceoptions {
file jauthd size 100m files 10;
flag all;
}
}
smg-service {
inactive: traceoptions {
file smgd size 100m files 10;
level all;
flag all;
}
}
bbe-mib-daemon {
inactive: traceoptions {
file bbe-mibd size 100m files 10;
level all;
flag all;
}
}
dhcp-service {
traceoptions {
file jdhcpd size 100m;
level all;
flag packet;
flag all;
}
}
}
ddos-protection {
protocols {
dhcpv4 {
discover {
recover-time 10;
}
}
}
}
ntp {
 server 202.79.32.104;
}
}
chassis {
aggregated-devices {
ethernet {
device-count 25;
}
}
fpc 0 {
sampling-instance s1;
}
fpc 1 {
pic 0 {
port 0 {
number-of-sub-ports 4;
speed 10g;
}
port 2 {
speed 100g;
}
port 5 {
speed 100g;
}
}
pic 1 {
port 0 {
number-of-sub-ports 4;
speed 10g;
}
port 2 {
speed 100g;
}
port 5 {
speed 100g;
}
}
max-queues 512k;
}
network-services enhanced-ip;
}
services {
analytics {
streaming-server telemetry-server {
remote-address 10.21.7.34;
remote-port 9000;
}
export-profile export-param {
local-address 202.166.192.34;
local-port 21111;
reporting-rate 60;
format gpb;
transport udp;
}
sensor interface-1 {
server-name telemetry-server;
export-name export-param;
resource /junos/system/linecard/interface/logical/usage/;
resource-filter xe-*;
 }
sensor resource-1 {
server-name telemetry-server;
export-name export-param;
resource /junos/system/linecard/cpu/memory/;
}
}
flow-monitoring {
version-ipfix {
template ipv4 {
flow-active-timeout 60;
flow-inactive-timeout 70;
template-refresh-rate {
seconds 30;
}
option-refresh-rate {
seconds 30;
}
ipv4-template;
}
}
}
}
access-profile Rad;
interfaces {
xe-0/2/4 {
unit 0;
}
xe-1/0/0:0 {
description WAN_jnpr-prera-01_xe-2/0/1;
unit 0 {
family inet {
address 202.79.40.6/31;
}
family inet6 {
address 2400:1a00:0:42::179/127;
}
}
}
xe-1/0/0:1 {
description jnpr-prera-01_xe-2/0/3_VPLS;
hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy;
flexible-vlan-tagging;
auto-configure {
stacked-vlan-ranges {
dynamic-profile FtthZoom-svlan-prof {
accept [ dhcp-v4 dhcp-v6 ];
ranges {
3800-3800,121-121;
3700-3700,121-121;
}
}
dynamic-profile FtthZoom-svlan-profile {
accept pppoe;
ranges {
3800-3800,120-120;
3700-3700,120-120;
}
}
 access-profile Rad;
}
remove-when-no-subscribers;
}
mtu 9192;
encapsulation flexible-ethernet-services;
gigether-options {
ignore-l3-incompletes;
}
}
xe-1/0/0:2 {
description gw-jwl-stc-02_BGP_VL1120;
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
unit 1120 {
vlan-id 1120;
family inet {
address 202.166.220.2/24;
}
}
}
et-1/1/5 {
description To_X590;
unit 0 {
family inet {
address 172.16.16.2/30;
}
}
}
xe-2/0/0 {
unit 0 {
family inet;
family inet6;
}
}
fxp0 {
unit 0 {
description MGMT;
family inet {
address 10.10.250.22/23;
address 10.0.1.6/24;
}
}
}
lo0 {
unit 0 {
family inet {
filter {
input ProtectRE;
}
address 202.166.192.34/32;
address 124.41.255.1/32;
}
family inet6 {
inactive: filter {
input ipv6-ProtectRE;
}
address 2400:1a00::34/128;
address 2400:1a00:8001:1::1/128 {
 primary;
preferred;
}
}
}
}
}
snmp {
filter-interfaces {
interfaces {
pp0.*;
demux0.*;
}
all-internal-interfaces;
}
engine-id {
use-mac-address;
}
community 3263all {
authorization read-only;
clients {
202.79.32.218/32;
202.79.32.51/32;
202.79.32.207/32;
202.166.193.41/32;
202.166.193.42/32;
202.166.193.86/32;
202.79.32.85/32;
202.79.38.61/32;
}
}
trap-group logstash {
destination-port 1062;
categories {
authentication;
chassis;
link;
routing;
startup;
rmon-alarm;
configuration;
services;
}
targets {
202.79.32.200;
}
}
trap-group Junos-space {
targets {
202.79.32.12;
}
}
trap-group space {
targets {
202.79.38.60;
202.79.38.62;
}
}
traceoptions {
 file bbe-snmp size 100m files 10;
flag all;
}
}
forwarding-options {
sampling {
instance {
s1 {
input {
rate 10;
}
family inet {
output {
flow-server 202.79.36.101 {
port 2055;
version-ipfix {
template {
ipv4;
}
}
}
inline-jflow {
source-address 202.166.192.34;
}
}
}
}
}
}
}
policy-options {
prefix-list IPTV-EDGE-SERVERS {
103.213.31.0/24;
202.79.40.32/29;
202.79.40.180/31;
202.79.40.182/31;
202.79.40.192/31;
202.79.40.196/31;
202.79.40.198/31;
202.79.40.200/31;
202.79.40.204/31;
202.79.40.206/31;
202.79.40.212/31;
202.79.40.216/31;
202.79.40.220/31;
202.79.40.222/31;
202.79.40.226/31;
202.79.40.240/31;
202.79.40.242/31;
202.79.40.244/31;
202.79.40.246/31;
202.79.40.250/31;
202.79.40.252/31;
202.166.192.204/30;
}
policy-statement import-routes {
term T0 {
from {
route-filter 0.0.0.0/0 exact;
 }
then accept;
}
then reject;
}
policy-statement ipv6-outbound-routes {
term default {
from {
route-filter ::/0 exact reject;
}
}
term static {
from {
family inet6;
protocol static;
route-filter ::/0 upto /48;
}
then accept;
}
term direct {
from {
family inet6;
protocol direct;
route-filter ::/0 upto /48;
}
then accept;
}
term DHCP_IA-NA {
from {
route-filter 2400:1a00:8001:1::/64 exact;
}
then accept;
}
then reject;
}
policy-statement next-hop-self {
then {
next-hop self;
}
}
policy-statement outbound-route {
term T0 {
from {
route-filter 0.0.0.0/0 exact;
route-filter 10.0.1.0/24 exact;
route-filter 124.41.211.0/24 exact;
route-filter 202.79.32.0/24 upto /32;
route-filter 202.79.36.0/24 upto /32;
}
then reject;
}
inactive: term direct {
from protocol static;
then accept;
}
term test-prefix {
from {
route-filter 124.41.255.0/24 exact;
route-filter 202.166.192.34/32 exact;
 }
then accept;
}
then reject;
}
}
class-of-service {
host-outbound-traffic {
forwarding-class NC;
}
forwarding-classes {
queue 0 INTERNET priority low;
queue 1 IPTV priority high;
inactive: queue 2 VOICE;
queue 3 NC priority high;
}
rewrite-rules {
ieee-802.1 pbit-rewrite {
forwarding-class IPTV {
loss-priority low code-point 101;
}
}
}
}
firewall {
family inet {
filter block-frag-in {
term 1 {
from {
packet-length 20;
fragment-offset-except 0;
fragment-flags "!more-fragments";
}
then {
count lenth0-in;
discard;
}
}
term 2 {
then {
count test-in;
accept;
}
}
}
filter block-frag-out {
term 1 {
from {
packet-length 20;
fragment-offset-except 0;
fragment-flags "!more-fragments";
}
then {
count lenth0-out;
discard;
}
}
term 2 {
then {
 count test-out;
accept;
}
}
}
filter internal-ingress-filter {
term NO-NAT {
from {
destination-address {
100.64.0.0/10;
}
}
then accept;
}
term 0 {
from {
destination-address {
192.168.0.0/16;
172.16.0.0/12;
10.0.0.0/8;
}
}
then {
discard;
}
}
}
filter IPTV-TRAFFIC {
term FROM-EDGE-SERVER {
from {
prefix-list {
IPTV-EDGE-SERVERS;
}
}
then {
count IPTV-TRAFFIC;
forwarding-class IPTV;
accept;
dscp af41;
}
}
term DEFAULT {
then {
count DEFAULT-TRAFFIC;
accept;
}
}
}
}
family inet6 {
filter ALLOW-v6-Filter {
term DHCPv6-accept {
from {
next-header udp;
source-port [ 546 547 ];
destination-port [ 546 547 ];
}
then accept;
}
 term ICMPv6-accept {
from {
next-header icmp6;
icmp-type [ router-solicit neighbor-solicit neighbor-
advertisement router-advertisement ];
}
then accept;
}
}
filter ipv6-ProtectRE {
term 0 {
filter ALLOW-v6-Filter;
}
term 1 {
from {
source-address {
2400:1a00::/63;
2400:1a00:2::/48;
2400:1a00:0::/48;
}
}
then {
count ipv6_RE_protect_count;
log;
accept;
}
}
term 2 {
from {
payload-protocol ospf;
}
then accept;
}
term 4 {
from {
payload-protocol tcp;
port 179;
}
then accept;
}
term icmp6 {
from {
payload-protocol icmp6;
}
then accept;
}
term 3 {
then discard;
}
}
}
policer 32k {
filter-specific;
if-exceeding {
bandwidth-limit 32k;
burst-size-limit 4k;
}
then discard;
}
filter ProtectRE {
term 0 {
filter ALLOW-DHCP;
}
term 1 {
from {
source-address {
202.79.32.0/24;
202.79.40.0/23;
202.166.192.0/24;
202.79.36.0/24;
192.168.1.0/24;
202.166.193.64/26;
124.41.211.1/32;
10.0.1.0/24;
202.166.193.32/27;
10.12.9.0/24;
202.79.36.101/32;
202.79.38.61/32;
10.10.250.0/23;
202.166.220.1/32;
}
}
then accept;
}
term 2 {
from {
tcp-established;
}
then accept;
}
term 3 {
from {
destination-port bgp;
}
then accept;
}
term 4 {
from {
protocol [ icmp ospf ];
}
then accept;
}
term 5 {
then {
count ProtectRE;
log;
discard;
}
}
}
filter ALLOW-DHCP {
term dhcp-client-accept {
from {
source-address {
0.0.0.0/32;
}
destination-address {
255.255.255.255/32;
 }
protocol udp;
source-port 68;
destination-port 67;
}
then accept;
}
term dhcp-server-accept {
from {
protocol udp;
source-port [ 67 68 ];
destination-port [ 67 68 ];
}
then accept;
}
}
}
access {
domain-name-server {
202.79.32.4;
}
domain-name-server-inet {
202.79.32.4;
}
domain-name-server-inet6 {
2400:1a00:0:32::165;
2400:1a00:8000:4::73;
}
profile Rad {
authentication-order radius;
radius {
authentication-server 202.79.32.202;
accounting-server 202.79.32.202;
options {
client-authentication-algorithm round-robin;
client-accounting-algorithm round-robin;
}
}
session-options {
inactive: client-idle-timeout 10;
}
radius-server {
202.79.32.51 {
port 1649;
accounting-port 1650;
secret "$9$NB-sg4aUDHmYgGj"; ## SECRET-DATA
max-outstanding-requests 2000;
source-address 202.166.192.34;
}
202.79.32.201 {
port 1649;
accounting-port 1650;
secret "$9$.mQ3n/tpORz3Au"; ## SECRET-DATA
max-outstanding-requests 2000;
source-address 202.166.192.34;
}
10.21.8.10 {
port 1812;
accounting-port 1813;
 secret "$9$4OaDiqmTzF/Ygi.P5/9KM8xVwgoJjik"; ## SECRET-DATA
max-outstanding-requests 2000;
source-address 202.166.192.34;
}
202.79.32.202 {
port 1649;
accounting-port 1650;
secret "$9$.mQ3n/tpORz3Au"; ## SECRET-DATA
max-outstanding-requests 2000;
source-address 202.166.192.34;
}
202.79.32.224 {
port 1649;
accounting-port 1650;
secret "$9$.mQ3n/tpORz3Au"; ## SECRET-DATA
max-outstanding-requests 2000;
source-address 202.166.192.34;
}
202.79.32.222 {
port 1812;
accounting-port 1813;
secret "$9$.mQ3n/tpORz3Au"; ## SECRET-DATA
max-outstanding-requests 2000;
source-address 202.166.192.34;
}
}
accounting {
order radius;
accounting-stop-on-failure;
inactive: accounting-stop-on-access-deny;
inactive: immediate-update;
coa-immediate-update;
statistics volume-time;
}
}
address-assignment {
pool safenet-pool {
family inet {
network 124.41.255.0/24;
range 0-255 {
low 124.41.255.2;
high 124.41.255.254;
}
dhcp-attributes {
maximum-lease-time 3600;
router {
124.41.255.1;
}
}
}
}
pool Default-v6-pool {
family inet6 {
prefix 2400:1a00:8001:1::/64;
range 0-ffff {
low 2400:1a00:8001:1::2/128;
high 2400:1a00:8001:1:ffff:ffff:ffff:ffff/128;
}
dhcp-attributes {
 dns-server {
2400:1a00:0:32::165;
2400:1a00:8000:4::73;
}
valid-lifetime 4800;
preferred-lifetime 3600;
}
}
}
pool Default-v6-pd-pool {
family inet6 {
prefix 2400:1a00:8002::/48;
range v6-pd prefix-length 64;
dhcp-attributes {
dns-server {
2400:1a00:0:32::165;
2400:1a00:8000:4::73;
}
valid-lifetime 4800;
preferred-lifetime 3600;
}
}
}
pool default-pool {
family inet {
network 192.168.0.0/24;
range 0-255 {
low 192.168.0.2;
high 192.168.0.254;
}
dhcp-attributes {
maximum-lease-time 3600;
router {
192.168.0.1;
}
}
}
}
}
}
routing-options {
rib inet6.0 {
static {
route 2400:1a00:8002::/48 discard;
}
}
static {
route 124.41.255.0/24 discard;
route 172.16.0.0/12 {
discard;
no-readvertise;
}
route 10.0.0.0/8 {
discard;
no-readvertise;
}
route 192.168.0.0/16 {
discard;
no-readvertise;
 }
route 10.21.8.10/32 next-hop 202.79.40.7;
}
router-id 202.166.192.34;
autonomous-system 17501;
}
protocols {
inactive: ospf {
area 0.0.0.1 {
interface lo0.0 {
passive;
}
interface xe-1/0/0:0.0 {
interface-type p2p;
}
}
}
bgp {
group gw-jwl-stc-01 {
type internal;
local-address 202.166.220.2;
import import-routes;
export [ next-hop-self outbound-route ];
local-as 17501;
neighbor 202.166.220.1;
}
}
ldp {
explicit-null;
transport-address router-id;
interface xe-1/0/0:0.0;
interface xe-2/1/0.0;
interface lo0.0;
}
ospf3 {
area 0.0.0.1 {
interface lo0.0;
interface xe-1/0/0:0.0 {
interface-type p2p;
}
}
}
lldp {
interface all;
}
}
dynamic-profiles {
FtthZoom-svlan-profile {
routing-instances {
"$junos-routing-instance" {
interface "$junos-interface-name";
}
}
interfaces {
demux0 {
unit "$junos-interface-unit" {
vlan-tags outer "$junos-stacked-vlan-id" inner "$junos-vlan-
id";
demux-options {
 underlying-interface "$junos-interface-ifd-name";
}
family pppoe {
access-concentrator FtthZoom;
duplicate-protection;
dynamic-profile FtthZoom-pp0;
short-cycle-protection {
lockout-time-min 2;
lockout-time-max 1800;
}
}
}
}
}
}
wlink-dynamic-prof {
variables {
bandwidth {
default-value 10m;
mandatory;
}
burst {
default-value 1280000;
mandatory;
}
filter-out uid;
filter-in uid;
pol-out uid;
pol-in uid;
filter-out-v6 uid;
filter-in-v6 uid;
inactive: iptv-bandwidth {
equals "($bandwidth)/2";
uid;
}
inactive: iptv-burst {
equals "($burst)/2";
uid;
}
pol-iptv-out uid;
pol-iptv-in uid;
}
interfaces {
demux0 {
unit "$junos-interface-unit" {
family inet {
filter {
input "$filter-in" precedence 100;
output "$filter-out" precedence 100;
}
}
family inet6 {
filter {
input "$filter-in-v6" precedence 100;
output "$filter-out-v6" precedence 100;
}
}
}
}
}
firewall {
family inet {
filter "$filter-in" {
interface-specific;
term NETTV-DESTINATION {
from {
destination-prefix-list {
IPTV-EDGE-SERVERS;
}
}
then {
inactive: policer "$pol-iptv-in";
accept;
}
}
term DNS {
from {
destination-port 53;
}
then {
policer 32k;
next term;
}
}
term internet-traffic {
then {
policer "$pol-in";
service-accounting;
accept;
}
}
}
filter "$filter-out" {
interface-specific;
term NETTV-SOURCE {
from {
source-prefix-list {
IPTV-EDGE-SERVERS;
}
}
then {
inactive: policer "$pol-iptv-out";
accept;
}
}
term internet-traffic {
then {
policer "$pol-out";
service-accounting;
accept;
}
}
}
}
family inet6 {
filter "$filter-in-v6" {
interface-specific;
term DNS-v6 {
 from {
destination-port 53;
}
then {
policer 32k;
next term;
}
}
term internet-traffic {
then {
policer "$pol-in";
service-accounting;
accept;
}
}
}
filter "$filter-out-v6" {
interface-specific;
term internet-traffic {
then {
policer "$pol-out";
service-accounting;
accept;
}
}
}
}
inactive: policer "$pol-iptv-in" {
filter-specific;
if-exceeding {
bandwidth-limit "$iptv-bandwidth";
burst-size-limit "$iptv-burst";
}
}
inactive: policer "$pol-iptv-out" {
filter-specific;
if-exceeding {
bandwidth-limit "$iptv-bandwidth";
burst-size-limit "$iptv-burst";
}
}
policer "$pol-out" {
filter-specific;
logical-interface-policer;
if-exceeding {
bandwidth-limit "$bandwidth";
burst-size-limit "$burst";
}
then discard;
}
policer "$pol-in" {
filter-specific;
logical-interface-policer;
if-exceeding {
bandwidth-limit "$bandwidth";
burst-size-limit "$burst";
}
then discard;
}
 }
}
FtthZoom-svlan-prof {
routing-instances {
"$junos-routing-instance" {
interface "$junos-interface-name";
}
}
interfaces {
demux0 {
interface-mib;
unit "$junos-interface-unit" {
proxy-arp unrestricted;
vlan-tags outer "$junos-stacked-vlan-id" inner "$junos-vlan-
id";
demux-options {
underlying-interface "$junos-underlying-interface";
}
family inet {
unnumbered-address "$junos-loopback-interface";
}
family inet6 {
unnumbered-address "$junos-loopback-interface";
}
}
}
}
protocols {
router-advertisement {
interface "$junos-interface-name" {
max-advertisement-interval 15;
min-advertisement-interval 10;
managed-configuration;
dns-server-address 2400:1a00:0:32::165 {
lifetime 180;
}
}
}
}
}
FtthZoom {
routing-instances {
"$junos-routing-instance" {
interface "$junos-interface-name";
}
}
interfaces {
demux0 {
unit "$junos-interface-unit" {
vlan-id "$junos-vlan-id";
demux-options {
underlying-interface "$junos-interface-ifd-name";
}
family pppoe {
access-concentrator FtthZoom;
duplicate-protection;
dynamic-profile FtthZoom-pp0;
short-cycle-protection {
lockout-time-min 2;
 lockout-time-max 1800;
}
}
}
}
}
}
FtthZoom-pp0 {
routing-instances {
"$junos-routing-instance" {
interface "$junos-interface-name";
}
}
interfaces {
pp0 {
interface-mib;
unit "$junos-interface-unit" {
ppp-options {
pap;
authentication pap;
ipcp-suggest-dns-option;
}
pppoe-options {
underlying-interface "$junos-underlying-interface";
server;
}
keepalives interval 30;
family inet {
rpf-check;
unnumbered-address lo0.0;
}
family inet6 {
rpf-check;
address $junos-ipv6-address;
}
}
}
}
protocols {
router-advertisement {
interface "$junos-interface-name" {
dns-server-address 2400:1a00:8000:4::73 {
lifetime 1800;
}
prefix $junos-ipv6-ndra-prefix;
}
}
}
}
wlink-default-prof {
predefined-variable-defaults {
cos-scheduler-map SCHED-MAP-DEFAULT;
}
routing-instances {
"$junos-routing-instance" {
interface "$junos-interface-name";
}
}
interfaces {
 demux0 {
unit "$junos-interface-unit" {
family inet {
unnumbered-address "$junos-loopback-interface";
}
family inet6 {
unnumbered-address "$junos-loopback-interface";
}
}
}
}
class-of-service {
traffic-control-profiles {
TC-PROFILE-01 {
scheduler-map "$junos-cos-scheduler-map";
}
}
interfaces {
"$junos-interface-ifd-name" {
unit "$junos-interface-unit" {
output-traffic-control-profile TC-PROFILE-01;
rewrite-rules {
ieee-802.1 pbit-rewrite vlan-tag outer-and-inner;
}
}
}
}
scheduler-maps {
SCHED-MAP-DEFAULT {
forwarding-class INTERNET scheduler SCHED-INTERNET;
forwarding-class IPTV scheduler SCHED-IPTV;
forwarding-class NC scheduler SCHED-NC;
}
}
schedulers {
SCHED-INTERNET {
priority low;
}
SCHED-IPTV {
priority high;
}
SCHED-NC {
priority high;
}
}
}
}
dynamic-profiles;
wlink-pppoe-prof {
variables {
bandwidth {
default-value 10m;
mandatory;
}
burst {
default-value 1280000;
mandatory;
}
filter-out uid;
 filter-in uid;
pol-in uid;
pol-out uid;
filter-in-v6 uid;
filter-out-v6 uid;
}
interfaces {
pp0 {
unit "$junos-interface-unit" {
inactive: targeted-distribution;
family inet {
filter {
input "$filter-in" precedence 100;
output "$filter-out" precedence 100;
}
}
family inet6 {
filter {
input "$filter-in-v6" precedence 100;
output "$filter-out-v6" precedence 100;
}
}
}
}
}
firewall {
family inet {
filter "$filter-in" {
interface-specific;
term DNS {
from {
destination-port 53;
}
then {
policer 32k;
next term;
}
}
term internet-traffic {
then {
policer "$pol-in";
service-accounting;
accept;
}
}
}
filter "$filter-out" {
interface-specific;
term internet-traffic {
then {
policer "$pol-out";
service-accounting;
accept;
}
}
}
}
family inet6 {
filter "$filter-in-v6" {
 interface-specific;
term DNS-v6 {
from {
destination-port 53;
}
then {
policer 32k;
next term;
}
}
term internet-traffic {
then {
policer "$pol-in";
service-accounting;
accept;
}
}
}
filter "$filter-out-v6" {
interface-specific;
term internet-traffic {
then {
policer "$pol-out";
service-accounting;
accept;
}
}
}
}
policer "$pol-in" {
filter-specific;
logical-interface-policer;
if-exceeding {
bandwidth-limit "$bandwidth";
burst-size-limit "$burst";
}
then discard;
}
policer "$pol-out" {
filter-specific;
logical-interface-policer;
if-exceeding {
bandwidth-limit "$bandwidth";
burst-size-limit "$burst";
}
then discard;
}
}
}
wlink-stb-int-prof {
variables {
bandwidth {
default-value 10m;
mandatory;
}
burst {
default-value 1280000;
mandatory;
}
 filter-out uid;
filter-in uid;
pol-out uid;
pol-in uid;
filter-out-v6 uid;
filter-in-v6 uid;
}
interfaces {
demux0 {
unit "$junos-interface-unit" {
family inet {
filter {
input "$filter-in" precedence 100;
output "$filter-out" precedence 100;
}
}
family inet6 {
filter {
input "$filter-in-v6" precedence 100;
output "$filter-out-v6" precedence 100;
}
}
}
}
}
firewall {
family inet {
filter "$filter-in" {
interface-specific;
term DNS {
from {
destination-port 53;
}
then {
policer 32k;
next term;
}
}
term internet-traffic {
then {
policer "$pol-in";
service-accounting;
accept;
}
}
}
filter "$filter-out" {
interface-specific;
term internet-traffic {
then {
policer "$pol-out";
service-accounting;
accept;
}
}
}
}
family inet6 {
filter "$filter-in-v6" {
 interface-specific;
term DNS-v6 {
from {
destination-port 53;
}
then {
policer 32k;
next term;
}
}
term internet-traffic {
then {
policer "$pol-in";
service-accounting;
accept;
}
}
}
filter "$filter-out-v6" {
interface-specific;
term internet-traffic {
then {
policer "$pol-out";
service-accounting;
accept;
}
}
}
}
policer "$pol-in" {
filter-specific;
logical-interface-policer;
if-exceeding {
bandwidth-limit "$bandwidth";
burst-size-limit "$burst";
}
then discard;
}
policer "$pol-out" {
filter-specific;
logical-interface-policer;
if-exceeding {
bandwidth-limit "$bandwidth";
burst-size-limit "$burst";
}
then discard;
}
}
}
wlink-single-pipe-prof {
variables {
bandwidth {
default-value 10m;
mandatory;
}
burst {
default-value 1280000;
mandatory;
}
 filter-out uid;
filter-in uid;
pol-out uid;
pol-in uid;
filter-out-v6 uid;
filter-in-v6 uid;
}
interfaces {
demux0 {
unit "$junos-interface-unit" {
family inet {
filter {
input "$filter-in" precedence 100;
output "$filter-out" precedence 100;
}
}
family inet6 {
filter {
input "$filter-in-v6" precedence 100;
output "$filter-out-v6" precedence 100;
}
}
}
}
}
firewall {
family inet {
filter "$filter-in" {
interface-specific;
term DNS {
from {
destination-port 53;
}
then {
policer 32k;
next term;
}
}
term internet-traffic {
then {
policer "$pol-in";
service-accounting;
accept;
}
}
}
filter "$filter-out" {
interface-specific;
term internet-traffic {
then {
policer "$pol-out";
service-accounting;
accept;
}
}
}
}
family inet6 {
filter "$filter-in-v6" {
 interface-specific;
term DNS-v6 {
from {
destination-port 53;
}
then {
policer 32k;
next term;
}
}
term internet-traffic {
then {
policer "$pol-in";
service-accounting;
accept;
}
}
}
filter "$filter-out-v6" {
interface-specific;
term internet-traffic {
then {
policer "$pol-out";
service-accounting;
accept;
}
}
}
}
policer "$pol-in" {
filter-specific;
logical-interface-policer;
if-exceeding {
bandwidth-limit "$bandwidth";
burst-size-limit "$burst";
}
then discard;
}
policer "$pol-out" {
filter-specific;
logical-interface-policer;
if-exceeding {
bandwidth-limit "$bandwidth";
burst-size-limit "$burst";
}
then discard;
}
}
}
}

[END] 9/13/2021 3:28:01 PM