PRIMERO EJECUTAR ESTAS LINEAS DE COMANDO PARA ESTE CLIENTE: ESTO ES YA QUE DEBES

LIBERAR EL PUERTO GE-0/0/5 DEL GRUPO DE LA VLAN ASOCIADA AL INTERNET

PARA UTILIZAR ESTE PUERTO PARA EL ENLACE DEL TRONCAL SIP.

#delete interfaces interface-range VLAN_10_INTERFACES member-range ge-0/0/1 to ge-

0/0/5
#set interfaces interface-range VLAN_10_INTERFACES member-range ge-0/0/1 to ge-
0/0/4
#commit check
#commit

---------------------------------------------------------

set interfaces ge-0/0/8 per-unit-scheduler

set interfaces ge-0/0/8 unit 30 description Enlace-TKSIP-CID-9579047
set interfaces ge-0/0/8 unit 30 vlan-id 705
set interfaces ge-0/0/8 unit 30 family inet filter output policing-wan-E1
set interfaces ge-0/0/8 unit 30 family inet address 10.14.16.118/30 primary

set interfaces ge-0/0/7 speed 100m

set interfaces ge-0/0/7 link-mode full-duplex
set interfaces ge-0/0/7 gigether-options no-auto-negotiation
set interfaces ge-0/0/7 unit 0 description TKSIP-CID-9579047
set interfaces ge-0/0/7 unit 0 family inet filter input setqosClass-E1
set interfaces ge-0/0/7 unit 0 family inet address 172.28.39.5/30 primary
set interfaces ge-0/0/7 unit 0 family inet address 192.168.30.248/23

set class-of-service forwarding-classes queue 0 best-effort

set class-of-service forwarding-classes queue 7 qos5
set class-of-service forwarding-classes queue 3 network-control

set class-of-service interfaces ge-0/0/8 unit 30 scheduler-map qos-map-sched-E1

set class-of-service interfaces ge-0/0/8 unit 30 shaping-rate 8384k
set class-of-service interfaces ge-0/0/8 unit 30 rewrite-rules dscp SetDscpWan-E1

set class-of-service rewrite-rules dscp SetDscpWan-E1 forwarding-class qos5 loss-

priority low code-point cs5
set class-of-service rewrite-rules dscp SetDscpWan-E1 forwarding-class best-effort
loss-priority low code-point 000000
set class-of-service rewrite-rules dscp SetDscpWan-E1 forwarding-class network-
control loss-priority low code-point cs6

set class-of-service scheduler-maps qos-map-sched-E1 forwarding-class qos5

scheduler sched-qos5-E1
set class-of-service scheduler-maps qos-map-sched-E1 forwarding-class best-effort
scheduler sched-default-E1
set class-of-service scheduler-maps qos-map-sched-E1 forwarding-class network-
control scheduler sched-network-control-E1

set class-of-service schedulers sched-qos5-E1 transmit-rate 98048k

set class-of-service schedulers sched-qos5-E1 buffer-size percent 90
set class-of-service schedulers sched-qos5-E1 priority strict-high
set class-of-service schedulers sched-network-control-E1 transmit-rate 64k
set class-of-service schedulers sched-network-control-E1 buffer-size percent 5
set class-of-service schedulers sched-network-control-E1 priority high
set class-of-service schedulers sched-default-E1 transmit-rate 128k
set class-of-service schedulers sched-default-E1 buffer-size remainder
set class-of-service schedulers sched-default-E1 priority low

set security zones security-zone Lan-E1 interfaces ge-0/0/7.0 host-inbound-traffic

system-services all
set security zones security-zone Lan-E1 interfaces ge-0/0/7.0 host-inbound-traffic
protocols all
set security zones security-zone Wan-E1 interfaces ge-0/0/8.30 host-inbound-traffic
system-services all
set security zones security-zone Wan-E1 interfaces ge-0/0/8.30 host-inbound-traffic
protocols all

set security policies from-zone Lan-E1 to-zone Wan-E1 policy permit-all match
source-address any
set security policies from-zone Lan-E1 to-zone Wan-E1 policy permit-all match
destination-address any
set security policies from-zone Lan-E1 to-zone Wan-E1 policy permit-all match
application any
set security policies from-zone Lan-E1 to-zone Wan-E1 policy permit-all then permit
set security policies from-zone Wan-E1 to-zone Lan-E1 policy permit-all match
source-address any
set security policies from-zone Wan-E1 to-zone Lan-E1 policy permit-all match
destination-address any
set security policies from-zone Wan-E1 to-zone Lan-E1 policy permit-all match
application any
set security policies from-zone Wan-E1 to-zone Lan-E1 policy permit-all then permit
set security policies default-policy permit-all

set firewall family inet filter setqosClass-E1 term cos5 from destination-address
0.0.0.0/0
set firewall family inet filter setqosClass-E1 term cos5 then loss-priority low
set firewall family inet filter setqosClass-E1 term cos5 then forwarding-class qos5
set firewall family inet filter setqosClass-E1 term cos5 then accept
set firewall family inet filter setqosClass-E1 term default then forwarding-class
best-effort
set firewall family inet filter setqosClass-E1 term default then accept
set firewall family inet filter policing-wan-E1 term qos5 from destination-address
0.0.0.0/0
set firewall family inet filter policing-wan-E1 term qos5 then policer qos5-
policer-E1
set firewall family inet filter policing-wan-E1 term qos5 then loss-priority low
set firewall family inet filter policing-wan-E1 term qos5 then accept
set firewall family inet filter policing-wan-E1 term default then loss-priority low
set firewall family inet filter policing-wan-E1 term default then accept

set firewall policer qos5-policer-E1 if-exceeding bandwidth-limit 98048k

set firewall policer qos5-policer-E1 if-exceeding burst-size-limit 18384k
set firewall policer qos5-policer-E1 then discard

set routing-instances VRF-100 instance-type virtual-router

set routing-instances VRF-100 interface ge-0/0/8.30
set routing-instances VRF-100 interface ge-0/0/7.0
set routing-instances VRF-100 routing-options static route 0.0.0.0/0 next-hop
10.14.16.117

commit check
commit
777777777777777777777777777777777777

NOC@rKOBRANZAS_SAC_LOS_OLIVOS# run show configuration | display set

set version 15.1X49-D70.3
set system host-name rKOBRANZAS_SAC_LOS_OLIVOS
set system time-zone America/Lima
set system authentication-order tacplus
set system root-authentication encrypted-password
"$1$mcY.Gwyx$vc/Y0yJMQ021Y5t8Iwvaq."
set system name-server 200.24.191.11
set system name-server 200.24.191.12
set system name-server 200.62.191.11
set system name-server 200.62.191.12
set system tacplus-server 200.14.241.43 secret "$9$Ka.WLNwYoGUH-V4aUDPf369pu1LX7"
set system tacplus-server 200.14.241.43 source-address 200.24.183.232
set system accounting events login
set system accounting events change-log
set system accounting events interactive-commands
set system accounting destination tacplus server 200.14.241.43 secret
"$9$Ka.WLNwYoGUH-V4aUDPf369pu1LX7"
set system accounting destination tacplus server 200.14.241.43 single-connection
set system accounting destination tacplus server 200.14.241.43 source-address
200.24.183.232
set system login user NOC uid 2000
set system login user NOC class super-user
set system login user NOC authentication encrypted-password
"$1$htGKp6OC$cT0.zNppOFyFacYBZFzh1/"
set system login user remote uid 2001
set system login user remote class super-user
set system services ssh
set system services telnet
set system ntp server 190.81.124.76
set security alg dns disable
set security alg ftp disable
set security alg h323 disable
set security alg mgcp disable
set security alg msrpc disable
set security alg sunrpc disable
set security alg rsh disable
set security alg rtsp disable
set security alg sccp disable
set security alg sip disable
set security alg sql disable
set security alg talk disable
set security alg tftp disable
set security alg pptp disable
set security policies from-zone LAN to-zone WAN policy PERMIT_ALL match source-
address any
set security policies from-zone LAN to-zone WAN policy PERMIT_ALL match
destination-address any
set security policies from-zone LAN to-zone WAN policy PERMIT_ALL match application
any
set security policies from-zone LAN to-zone WAN policy PERMIT_ALL then permit
set security policies from-zone WAN to-zone LAN policy PERMIT_ALL match source-
address any
set security policies from-zone WAN to-zone LAN policy PERMIT_ALL match
destination-address any
set security policies from-zone WAN to-zone LAN policy PERMIT_ALL match application
any
set security policies from-zone WAN to-zone LAN policy PERMIT_ALL then permit
set security policies default-policy permit-all
set security zones security-zone LAN interfaces irb.10 host-inbound-traffic system-
services all
set security zones security-zone LAN interfaces irb.10 host-inbound-traffic
protocols all
set security zones security-zone WAN interfaces ge-0/0/0.0 host-inbound-traffic
system-services all
set security zones security-zone WAN interfaces ge-0/0/0.0 host-inbound-traffic
protocols all
set interfaces interface-range VLAN_10_INTERFACES member-range ge-0/0/1 to ge-0/0/5
set interfaces interface-range VLAN_10_INTERFACES unit 0 family ethernet-switching
vlan members LAN
set interfaces ge-0/0/0 per-unit-scheduler
set interfaces ge-0/0/0 vlan-tagging
set interfaces ge-0/0/0 speed 100m
set interfaces ge-0/0/0 link-mode full-duplex
set interfaces ge-0/0/0 gigether-options no-auto-negotiation
set interfaces ge-0/0/0 unit 0 description "Interface WAN CID:7455799"
set interfaces ge-0/0/0 unit 0 vlan-id 520
set interfaces ge-0/0/0 unit 0 family inet filter input local_acl
set interfaces ge-0/0/0 unit 0 family inet sampling input
set interfaces ge-0/0/0 unit 0 family inet sampling output
set interfaces ge-0/0/0 unit 0 family inet address 200.24.183.232/28 primary
set interfaces irb unit 10 description LAN-CID7455799
set interfaces irb unit 10 family inet sampling input
set interfaces irb unit 10 family inet sampling output
set interfaces irb unit 10 family inet address 190.116.53.129/29 primary
set interfaces irb unit 10 family inet address 190.116.53.177/28
set snmp engine-id use-mac-address
set snmp community mra authorization read-write
set snmp community mra clients 190.81.124.70/32
set snmp community mra clients 190.81.124.68/32
set snmp trap-group mra version all
set snmp trap-group mra categories chassis
set snmp trap-group mra categories link
set snmp trap-group mra categories remote-operations
set snmp trap-group mra categories startup
set snmp trap-group mra categories rmon-alarm
set snmp trap-group mra targets 190.81.124.70
set snmp trap-group mra targets 190.81.124.68
set snmp traceoptions file snmplog
set snmp traceoptions file size 128k
set snmp traceoptions file files 4
set snmp traceoptions flag all
set forwarding-options sampling input rate 100
set forwarding-options sampling input run-length 0
set forwarding-options sampling input max-packets-per-second 7000
set forwarding-options sampling family inet output flow-inactive-timeout 15
set forwarding-options sampling family inet output flow-active-timeout 60
set forwarding-options sampling family inet output file filename flowjun
set forwarding-options sampling family inet output file files 3
set forwarding-options sampling family inet output file size 100k
set forwarding-options sampling family inet output file world-readable
set forwarding-options sampling family inet output flow-server 190.81.124.75 port
9996
set forwarding-options sampling family inet output flow-server 190.81.124.75
autonomous-system-type origin
set forwarding-options sampling family inet output flow-server 190.81.124.75 no-
local-dump
set forwarding-options sampling family inet output flow-server 190.81.124.75
version 5
set forwarding-options sampling family inet output flow-server 190.81.124.212 port
9996
set forwarding-options sampling family inet output flow-server 190.81.124.212
autonomous-system-type origin
set forwarding-options sampling family inet output flow-server 190.81.124.212 no-
local-dump
set forwarding-options sampling family inet output flow-server 190.81.124.212
version 5
set routing-options static route 0.0.0.0/0 next-hop 200.24.183.225
set protocols l2-learning global-mode switching
set firewall family inet filter SECURE term 1 from protocol udp
set firewall family inet filter SECURE term 1 from port ntp
set firewall family inet filter SECURE term 1 then log
set firewall family inet filter SECURE term 1 then discard
set firewall family inet filter SECURE term 2 then accept
set firewall family inet filter local_acl term terminal_access from source-address
200.24.183.225/32
set firewall family inet filter local_acl term terminal_access from protocol tcp
set firewall family inet filter local_acl term terminal_access from port ssh
set firewall family inet filter local_acl term terminal_access from port telnet
set firewall family inet filter local_acl term terminal_access then accept
set firewall family inet filter local_acl term terminal_access_denied from protocol
tcp
set firewall family inet filter local_acl term terminal_access_denied from port ssh
set firewall family inet filter local_acl term terminal_access_denied from port
telnet
set firewall family inet filter local_acl term terminal_access_denied then log
set firewall family inet filter local_acl term terminal_access_denied then reject
set firewall family inet filter local_acl term default-term then accept
set vlans LAN description VLAN_DATOS
set vlans LAN vlan-id 10
set vlans LAN l3-interface irb.10

[edit]
NOC@rKOBRANZAS_SAC_LOS_OLIVOS#

&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&6

set version 15.1X49-D70.3

set system host-name rKOBRANZAS_SAC_LOS_OLIVOS
set system time-zone America/Lima
set system authentication-order tacplus
set system root-authentication encrypted-password
"$1$mcY.Gwyx$vc/Y0yJMQ021Y5t8Iwvaq."
set system name-server 200.24.191.11
set system name-server 200.24.191.12
set system name-server 200.62.191.11
set system name-server 200.62.191.12
set system tacplus-server 200.14.241.43 secret "$9$Ka.WLNwYoGUH-V4aUDPf369pu1LX7"
set system tacplus-server 200.14.241.43 source-address 200.24.183.232
set system accounting events login
set system accounting events change-log
set system accounting events interactive-commands
set system accounting destination tacplus server 200.14.241.43 secret
"$9$Ka.WLNwYoGUH-V4aUDPf369pu1LX7"
set system accounting destination tacplus server 200.14.241.43 single-connection
set system accounting destination tacplus server 200.14.241.43 source-address
200.24.183.232
set system login user NOC uid 2000
set system login user NOC class super-user
set system login user NOC authentication encrypted-password
"$1$htGKp6OC$cT0.zNppOFyFacYBZFzh1/"
set system login user remote uid 2001
set system login user remote class super-user
set system services ssh
set system services telnet
set system ntp server 190.81.124.76
set security alg dns disable
set security alg ftp disable
set security alg h323 disable
set security alg mgcp disable
set security alg msrpc disable
set security alg sunrpc disable
set security alg rsh disable
set security alg rtsp disable
set security alg sccp disable
set security alg sip disable
set security alg sql disable
set security alg talk disable
set security alg tftp disable
set security alg pptp disable
set security policies from-zone LAN to-zone WAN policy PERMIT_ALL match source-
address any
set security policies from-zone LAN to-zone WAN policy PERMIT_ALL match
destination-address any
set security policies from-zone LAN to-zone WAN policy PERMIT_ALL match application
any
set security policies from-zone LAN to-zone WAN policy PERMIT_ALL then permit
set security policies from-zone WAN to-zone LAN policy PERMIT_ALL match source-
address any
set security policies from-zone WAN to-zone LAN policy PERMIT_ALL match
destination-address any
set security policies from-zone WAN to-zone LAN policy PERMIT_ALL match application
any
set security policies from-zone WAN to-zone LAN policy PERMIT_ALL then permit
set security policies default-policy permit-all
set security zones security-zone LAN interfaces irb.10 host-inbound-traffic system-
services all
set security zones security-zone LAN interfaces irb.10 host-inbound-traffic
protocols all
set security zones security-zone WAN interfaces ge-0/0/8.0 host-inbound-traffic
system-services all
set security zones security-zone WAN interfaces ge-0/0/8.0 host-inbound-traffic
protocols all
set interfaces interface-range VLAN_10_INTERFACES member-range ge-0/0/1 to ge-0/0/5
set interfaces interface-range VLAN_10_INTERFACES unit 0 family ethernet-switching
vlan members LAN
set interfaces ge-0/0/8 per-unit-scheduler
set interfaces ge-0/0/8 vlan-tagging
set interfaces ge-0/0/8 speed 1000m
set interfaces ge-0/0/8 link-mode full-duplex
set interfaces ge-0/0/8 gigether-options no-auto-negotiation
set interfaces ge-0/0/8 unit 0 description "Interface WAN CID:7455799"
set interfaces ge-0/0/8 unit 0 vlan-id 520
set interfaces ge-0/0/8 unit 0 family inet filter input local_acl
set interfaces ge-0/0/8 unit 0 family inet sampling input
set interfaces ge-0/0/8 unit 0 family inet sampling output
set interfaces ge-0/0/8 unit 0 family inet address 200.24.183.232/28 primary
set interfaces irb unit 10 description LAN-CID7455799
set interfaces irb unit 10 family inet sampling input
set interfaces irb unit 10 family inet sampling output
set interfaces irb unit 10 family inet address 190.116.53.129/29 primary
set interfaces irb unit 10 family inet address 190.116.53.177/28
set snmp engine-id use-mac-address
set snmp community mra authorization read-write
set snmp community mra clients 190.81.124.70/32
set snmp community mra clients 190.81.124.68/32
set snmp trap-group mra version all
set snmp trap-group mra categories chassis
set snmp trap-group mra categories link
set snmp trap-group mra categories remote-operations
set snmp trap-group mra categories startup
set snmp trap-group mra categories rmon-alarm
set snmp trap-group mra targets 190.81.124.70
set snmp trap-group mra targets 190.81.124.68
set snmp traceoptions file snmplog
set snmp traceoptions file size 128k
set snmp traceoptions file files 4
set snmp traceoptions flag all
set forwarding-options sampling input rate 100
set forwarding-options sampling input run-length 0
set forwarding-options sampling input max-packets-per-second 7000
set forwarding-options sampling family inet output flow-inactive-timeout 15
set forwarding-options sampling family inet output flow-active-timeout 60
set forwarding-options sampling family inet output file filename flowjun
set forwarding-options sampling family inet output file files 3
set forwarding-options sampling family inet output file size 100k
set forwarding-options sampling family inet output file world-readable
set forwarding-options sampling family inet output flow-server 190.81.124.75 port
9996
set forwarding-options sampling family inet output flow-server 190.81.124.75
autonomous-system-type origin
set forwarding-options sampling family inet output flow-server 190.81.124.75 no-
local-dump
set forwarding-options sampling family inet output flow-server 190.81.124.75
version 5
set forwarding-options sampling family inet output flow-server 190.81.124.212 port
9996
set forwarding-options sampling family inet output flow-server 190.81.124.212
autonomous-system-type origin
set forwarding-options sampling family inet output flow-server 190.81.124.212 no-
local-dump
set forwarding-options sampling family inet output flow-server 190.81.124.212
version 5
set routing-options static route 0.0.0.0/0 next-hop 200.24.183.225
set protocols l2-learning global-mode switching
set firewall family inet filter SECURE term 1 from protocol udp
set firewall family inet filter SECURE term 1 from port ntp
set firewall family inet filter SECURE term 1 then log
set firewall family inet filter SECURE term 1 then discard
set firewall family inet filter SECURE term 2 then accept
set firewall family inet filter local_acl term terminal_access from source-address
200.24.183.225/32
set firewall family inet filter local_acl
set firewall family inet filter local_acl
set firewall family inet filter local_acl
set firewall family inet filter local_acl
set firewall family inet filter local_acl
tcp
set firewall family inet filter local_acl
set firewall family inet filter local_acl
telnet
set firewall family inet filter local_acl
set firewall family inet filter local_acl
set firewall family inet filter local_acl
set vlans LAN description VLAN_DATOS
set vlans LAN vlan-id 10
set vlans LAN l3-interface irb.10
term terminal_access from protocol tcp
term terminal_access from port ssh
term terminal_access from port telnet
term terminal_access then accept
term terminal_access_denied from protocol
term terminal_access_denied from port ssh
term terminal_access_denied from port
term terminal_access_denied then log
term terminal_access_denied then reject
term default-term then accept

[edit]
NOC@rKOBRANZAS_SAC_LOS_OLIVOS#

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%5 pitufo

set system time-zone America/Lima

set system authentication-order tacplus
set system root-authentication encrypted-password
"$1$mcY.Gwyx$vc/Y0yJMQ021Y5t8Iwvaq."
set system name-server 200.24.191.11
set system name-server 200.24.191.12
set system name-server 200.62.191.11
set system name-server 200.62.191.12
set system tacplus-server 200.14.241.43 secret "$9$Ka.WLNwYoGUH-V4aUDPf369pu1LX7"
set system tacplus-server 200.14.241.43 source-address 200.24.183.232
set system accounting events login
set system accounting events change-log
set system accounting events interactive-commands
set system accounting destination tacplus server 200.14.241.43 secret
"$9$Ka.WLNwYoGUH-V4aUDPf369pu1LX7"
set system accounting destination tacplus server 200.14.241.43 single-connection
set system accounting destination tacplus server 200.14.241.43 source-address
200.24.183.232
set system login user NOC uid 2000
set system login user NOC class super-user
set system login user NOC authentication encrypted-password
"$1$htGKp6OC$cT0.zNppOFyFacYBZFzh1/"
set system login user remote uid 2001
set system login user remote class super-user
set system services ssh
set system services telnet
set security alg dns disable
set security alg ftp disable
set security alg h323 disable
set security alg mgcp disable
set security alg msrpc disable
set security alg sunrpc disable
set security alg rsh disable
set security alg rtsp disable
set security alg sccp disable
set security alg sip disable
set security alg sql disable
set security alg talk disable
set security alg tftp disable
set security alg pptp disable
set security policies from-zone LAN to-zone WAN policy PERMIT_ALL match source-
address any
set security policies from-zone LAN to-zone WAN policy PERMIT_ALL match
destination-address any
set security policies from-zone LAN to-zone WAN policy PERMIT_ALL match application
any
set security policies from-zone LAN to-zone WAN policy PERMIT_ALL then permit
set security policies from-zone WAN to-zone LAN policy PERMIT_ALL match source-
address any
set security policies from-zone WAN to-zone LAN policy PERMIT_ALL match
destination-address any
set security policies from-zone WAN to-zone LAN policy PERMIT_ALL match application
any
set security policies from-zone WAN to-zone LAN policy PERMIT_ALL then permit
set security policies from-zone Lan-E1 to-zone Wan-E1 policy permit-all match
source-address any
set security policies from-zone Lan-E1 to-zone Wan-E1 policy permit-all match
destination-address any
set security policies from-zone Lan-E1 to-zone Wan-E1 policy permit-all match
application any
set security policies from-zone Lan-E1 to-zone Wan-E1 policy permit-all then permit
set security policies from-zone Wan-E1 to-zone Lan-E1 policy permit-all match
source-address any
set security policies from-zone Wan-E1 to-zone Lan-E1 policy permit-all match
destination-address any
set security policies from-zone Wan-E1 to-zone Lan-E1 policy permit-all match
application any
set security policies from-zone Wan-E1 to-zone Lan-E1 policy permit-all then permit
set security policies default-policy permit-all
set security zones security-zone LAN interfaces irb.10 host-inbound-traffic system-
services all
set security zones security-zone LAN interfaces irb.10 host-inbound-traffic
protocols all
set security zones security-zone WAN interfaces ge-0/0/8.0 host-inbound-traffic
system-services all
set security zones security-zone WAN interfaces ge-0/0/8.0 host-inbound-traffic
protocols all
set security zones security-zone Lan-E1 interfaces ge-0/0/7.0 host-inbound-traffic
system-services all
set security zones security-zone Lan-E1 interfaces ge-0/0/7.0 host-inbound-traffic
protocols all
set security zones security-zone Wan-E1 interfaces ge-0/0/8.30 host-inbound-traffic
system-services all
set security zones security-zone Wan-E1 interfaces ge-0/0/8.30 host-inbound-traffic
protocols all
set interfaces interface-range VLAN_10_INTERFACES member-range ge-0/0/0 to ge-0/0/4
set interfaces interface-range VLAN_10_INTERFACES unit 0 family ethernet-switching
vlan members LAN
set interfaces ge-0/0/8 per-unit-scheduler
set interfaces ge-0/0/8 vlan-tagging
set interfaces ge-0/0/8 speed 100m
set interfaces ge-0/0/8 link-mode full-duplex
set interfaces ge-0/0/8 gigether-options no-auto-negotiation
set interfaces ge-0/0/8 unit 0 description INTERFACE_WAN-CID:7350188
set interfaces ge-0/0/8 unit 0 vlan-id 520
set interfaces ge-0/0/8 unit 0 family inet filter input SECURE
set interfaces ge-0/0/8 unit 0 family inet sampling input
set interfaces ge-0/0/8 unit 0 family inet sampling output
set interfaces ge-0/0/8 unit 0 family inet address 200.24.183.232/28 primary
set interfaces ge-0/0/8 unit 30 description Enlace-TKSIP-CID-9548958
set interfaces ge-0/0/8 unit 30 vlan-id 705
set interfaces ge-0/0/8 unit 30 family inet filter output policing-wan-E1
set interfaces ge-0/0/8 unit 30 family inet address 10.14.16.118/30
set interfaces ge-0/0/7 speed 100m
set interfaces ge-0/0/7 link-mode full-duplex
set interfaces ge-0/0/7 gigether-options no-auto-negotiation
set interfaces ge-0/0/7 unit 0 family inet filter input setqosClass-E1
set interfaces ge-0/0/7 unit 0 family inet address 172.28.39.5/30 primary
set interfaces ge-0/0/7 unit 0 family inet address 192.168.30.248/23
set interfaces irb unit 10 description INTERFACE_LAN
set interfaces irb unit 10 family inet address 190.116.53.129/29 primary
set interfaces irb unit 10 family inet address 190.116.53.177/28
set forwarding-options sampling input rate 1
set forwarding-options sampling input run-length 0
set forwarding-options sampling input max-packets-per-second 2000
set forwarding-options sampling family inet output file filename flowjun
set forwarding-options sampling family inet output file files 3
set forwarding-options sampling family inet output file size 100k
set forwarding-options sampling family inet output file world-readable
set routing-options static route 0.0.0.0/0 next-hop 200.24.183.232
set protocols l2-learning global-mode switching
set class-of-service forwarding-classes queue 0 best-effort
set class-of-service forwarding-classes queue 7 qos5
set class-of-service forwarding-classes queue 3 network-control
set class-of-service interfaces ge-0/0/8 unit 30 scheduler-map qos-map-sched-E1
set class-of-service interfaces ge-0/0/8 unit 30 shaping-rate 18384k
set class-of-service interfaces ge-0/0/8 unit 30 rewrite-rules dscp SetDscpWan-E1
set class-of-service rewrite-rules dscp SetDscpWan-E1 forwarding-class qos5 loss-
priority low code-point cs5
set class-of-service rewrite-rules dscp SetDscpWan-E1 forwarding-class best-effort
loss-priority low code-point 000000
set class-of-service rewrite-rules dscp SetDscpWan-E1 forwarding-class network-
control loss-priority low code-point cs6
set class-of-service scheduler-maps qos-map-sched-E1 forwarding-class qos5
scheduler sched-qos5-E1
set class-of-service scheduler-maps qos-map-sched-E1 forwarding-class best-effort
scheduler sched-default-E1
set class-of-service scheduler-maps qos-map-sched-E1 forwarding-class network-
control scheduler sched-network-control-E1
set class-of-service schedulers sched-qos5-E1 transmit-rate 98048k
set class-of-service schedulers sched-qos5-E1 buffer-size percent 90
set class-of-service schedulers sched-qos5-E1 priority strict-high
set class-of-service schedulers sched-network-control-E1 transmit-rate 64k
set class-of-service schedulers sched-network-control-E1 buffer-size percent 5
set class-of-service schedulers sched-network-control-E1 priority high
set class-of-service schedulers sched-default-E1 transmit-rate 128k
set class-of-service schedulers sched-default-E1 buffer-size remainder
set class-of-service schedulers sched-default-E1 priority low
set firewall family inet filter SECURE term 1 from source-address 190.81.124.76/32
set firewall family inet filter SECURE term 1 from destination-address
190.223.8.204/32
set firewall family inet filter SECURE term 1 from protocol udp
set firewall family inet filter SECURE term 1 from port ntp
set firewall family inet filter SECURE term 1 then accept
set firewall family inet filter SECURE term 2 from destination-address
190.223.8.204/32
set firewall family inet filter SECURE term 2 from destination-address
190.81.61.81/32
set firewall family inet filter SECURE term 2 from protocol udp
set firewall family inet filter SECURE term 2 from port ntp
set firewall family inet filter SECURE term 2 then discard
set firewall family inet filter SECURE term 3 then accept
set firewall family inet filter setqosClass-E1 term cos5 from destination-address
0.0.0.0/0
set firewall family inet filter setqosClass-E1 term cos5 then loss-priority low
set firewall family inet filter setqosClass-E1 term cos5 then forwarding-class qos5
set firewall family inet filter setqosClass-E1 term cos5 then accept
set firewall family inet filter setqosClass-E1 term default then forwarding-class
best-effort
set firewall family inet filter setqosClass-E1 term default then accept
set firewall family inet filter policing-wan-E1 term qos5 from destination-address
0.0.0.0/0
set firewall family inet filter policing-wan-E1 term qos5 then policer qos5-
policer-E1
set firewall family inet filter policing-wan-E1 term qos5 then loss-priority low
set firewall family inet filter policing-wan-E1 term qos5 then accept
set firewall family inet filter policing-wan-E1 term default then loss-priority low
set firewall family inet filter policing-wan-E1 term default then accept
set firewall policer qos5-policer-E1 if-exceeding bandwidth-limit 98048k
set firewall policer qos5-policer-E1 if-exceeding burst-size-limit 18384k
set firewall policer qos5-policer-E1 then discard
set routing-instances VRF-100 instance-type virtual-router
set routing-instances VRF-100 interface ge-0/0/8.30
set routing-instances VRF-100 interface ge-0/0/7.0
set routing-instances VRF-100 routing-options static route 0.0.0.0/0 next-hop
10.14.16.117
set vlans LAN description VLAN_DATOS
set vlans LAN vlan-id 10
set vlans LAN l3-interface irb.10