diff options
Diffstat (limited to 'tools/conf-examples/isp-sec.conf')
-rw-r--r-- | tools/conf-examples/isp-sec.conf | 189 |
1 files changed, 189 insertions, 0 deletions
diff --git a/tools/conf-examples/isp-sec.conf b/tools/conf-examples/isp-sec.conf new file mode 100644 index 0000000..33a35a6 --- /dev/null +++ b/tools/conf-examples/isp-sec.conf @@ -0,0 +1,189 @@ +eth 110 0Mbps cpe11 ar1 +eth 120 0Mbps cpe12 ar1 +eth 130 0Mbps cpe13 ar1 +eth 210 0Mbps cpe21 ar2 +eth 220 0Mbps cpe22 ar2 +eth 230 0Mbps cpe23 ar2 +eth 310 0Mbps cpe31 ar3 +eth 320 0Mbps cpe32 ar3 +eth 330 0Mbps cpe33 ar3 +eth 100 0Mbps ar1 manpe1 +eth 200 0Mbps ar2 manpe1 +eth 300 0Mbps ar3 manpe2 +eth 410 0Mbps manpe1 manpe2 +eth 411 0Mbps manpe1 manpe3 +eth 412 0Mbps manpe1 manpe4 +eth 420 0Mbps manpe2 manpe3 +eth 421 0Mbps manpe2 manpe4 +eth 430 0Mbps manpe3 manpe4 +eth 510 0Mbps manpe3 ser1 +eth 520 0Mbps manpe4 ser2 +eth 600 0Mbps ser1 core1 +eth 610 0Mbps ser1 core2 +eth 620 0Mbps ser2 core1 +eth 630 0Mbps ser2 core2 +eth 700 0Mbps core1 core2 +eth 710 0Mbps core1 core3 +eth 720 0Mbps core2 core4 +eth 730 0Mbps core3 core4 +eth 640 0Mbps core3 edge1 +eth 650 0Mbps core4 edge1 +eth 660 0Mbps core3 edge2 +eth 670 0Mbps core4 edge2 +eth 800 0Mbps edge1 isp2 +eth 810 0Mbps edge1 isp3 +eth 820 0Mbps edge2 isp4 +eth 830 0Mbps edge2 isp5 + +# DIF core +dif core ser1 600 610 +dif core ser2 620 630 +dif core core1 600 620 700 710 +dif core core2 610 630 700 720 +dif core core3 640 660 710 730 +dif core core4 650 670 720 730 +dif core edge1 640 650 +dif core edge2 660 670 + +# DIF access +dif access ar1 100 +dif access ar2 200 +dif access ar3 300 +dif access manpe1 100 200 410 411 412 +dif access manpe2 300 410 420 421 +dif access manpe3 411 420 430 510 +dif access manpe4 412 421 430 520 +dif access ser1 510 +dif access ser2 520 + +# DIF service +dif service ar1 access +dif service ar2 access +dif service ar3 access +dif service ser1 access core +dif service ser2 access core +dif service edge1 core +dif service edge2 core + +# DIF emall1 +dif emall1 cpe11 110 +dif emall1 cpe12 120 +dif emall1 cpe21 210 +dif emall1 cpe22 220 +dif emall1 cpe31 310 +dif emall1 ar1 110 120 service +dif emall1 ar2 210 220 service +dif emall1 ar3 310 service +dif emall1 edge1 service 800 +dif emall1 edge2 service 820 +dif emall1 isp2 800 +dif emall1 isp4 820 + +# DIF emall2 +dif emall2 cpe13 130 +dif emall2 cpe23 230 +dif emall2 cpe32 320 +dif emall2 cpe33 330 +dif emall2 ar1 130 service +dif emall2 ar2 230 service +dif emall2 ar3 320 330 service +dif emall2 edge1 service 810 +dif emall2 edge2 service 830 +dif emall2 isp3 810 +dif emall2 isp5 830 + +#policies +policy emall1 * security-manager.auth.default PSOC_authentication-ssh2 keyExchangeAlg=EDH keystore=/creds/ssh2 keystorePass=test +policy emall1 * security-manager.encrypt.default default encryptAlg=AES128 macAlg=SHA256 compressAlg=deflate +policy emall1 ar1,ar2,ar3,edge1,edge2 security-manager.auth.service PSOC_authentication-none +policy emall2 * security-manager.auth.default PSOC_authentication-ssh2 keyExchangeAlg=EDH keystore=/creds/ssh2 keystorePass=test +policy emall2 * security-manager.encrypt.default default encryptAlg=AES128 macAlg=SHA256 compressAlg=deflate +policy emall2 ar1,ar2,ar3,edge1,edge2 security-manager.auth.service PSOC_authentication-none + +#Enrollments +enroll access ar1 manpe1 100 +enroll access ar2 manpe1 200 +enroll access ar3 manpe2 300 +enroll access ser1 manpe3 510 +enroll access ser2 manpe4 520 +enroll access manpe1 manpe2 410 +enroll access manpe1 manpe3 411 +enroll access manpe1 manpe4 412 +enroll access manpe2 manpe3 420 +enroll access manpe2 manpe4 421 +enroll access manpe3 manpe4 430 + +enroll core core1 core2 700 +enroll core core1 core3 710 +enroll core core2 core4 720 +enroll core core3 core4 730 +enroll core ser1 core1 600 +enroll core ser1 core2 610 +enroll core ser2 core1 620 +enroll core ser2 core2 630 +enroll core edge1 core3 640 +enroll core edge1 core4 650 +enroll core edge2 core3 660 +enroll core edge2 core4 670 + +enroll service edge1 edge2 core +enroll service edge1 ser1 core +enroll service edge1 ser2 core +enroll service edge2 ser1 core +enroll service edge2 ser2 core +enroll service ser1 ser2 core +enroll service ar1 ser1 access +enroll service ar1 ser2 access +enroll service ar2 ser1 access +enroll service ar2 ser2 access +enroll service ar3 ser1 access +enroll service ar3 ser2 access + +enroll emall1 cpe11 ar1 110 +enroll emall1 cpe12 ar1 120 +enroll emall1 cpe21 ar2 210 +enroll emall1 cpe22 ar2 220 +enroll emall1 cpe31 ar3 310 +enroll emall1 ar1 edge1 service +enroll emall1 ar1 edge2 service +enroll emall1 ar2 edge1 service +enroll emall1 ar2 edge2 service +enroll emall1 ar3 edge1 service +enroll emall1 ar3 edge2 service +enroll emall1 edge1 edge2 service +enroll emall1 isp2 edge1 800 +enroll emall1 isp4 edge2 820 + +enroll emall2 cpe13 ar1 130 +enroll emall2 cpe23 ar2 230 +enroll emall2 cpe32 ar3 320 +enroll emall2 cpe33 ar3 330 +enroll emall2 ar1 edge1 service +enroll emall2 ar1 edge2 service +enroll emall2 ar2 edge1 service +enroll emall2 ar2 edge2 service +enroll emall2 ar3 edge1 service +enroll emall2 ar3 edge2 service +enroll emall2 edge1 edge2 service +enroll emall2 isp3 edge1 810 +enroll emall2 isp5 edge2 830 + +#Overlays +overlay ar1 overlays/ispsec/ar1 +overlay ar2 overlays/ispsec/ar2 +overlay ar3 overlays/ispsec/ar3 +overlay cpe11 overlays/ispsec/cpe11 +overlay cpe12 overlays/ispsec/cpe12 +overlay cpe13 overlays/ispsec/cpe13 +overlay cpe21 overlays/ispsec/cpe21 +overlay cpe22 overlays/ispsec/cpe22 +overlay cpe23 overlays/ispsec/cpe23 +overlay cpe31 overlays/ispsec/cpe31 +overlay cpe32 overlays/ispsec/cpe32 +overlay cpe33 overlays/ispsec/cpe33 +overlay edge1 overlays/ispsec/edge1 +overlay edge2 overlays/ispsec/edge2 +overlay isp2 overlays/ispsec/isp2 +overlay isp3 overlays/ispsec/isp3 +overlay isp4 overlays/ispsec/isp4 +overlay isp5 overlays/ispsec/isp5 |