vyos configure

1. firewall {
2. all-ping enable
3. broadcast-ping enable
4. config-trap disable
5. ipv6-receive-redirects disable
6. ipv6-src-route disable
7. ip-src-route enable
8. log-martians enable
9. name lan1-lan2 {
10. rule 1 {
11. action accept
12. description LAN1-LAN2
13. protocol all
14. state {
15. established enable
16. new enable
17. related enable
18. }
19. }
20. }
21. receive-redirects enable
22. send-redirects enable
23. source-validation disable
24. syn-cookies enable
25. twa-hazards-protection disable
26. }
27. interfaces {
28. bridge br1 {
29. address xxx.xxx.0.1/24
30. aging 300
31. description "Private switch"
32. hello-time 2
33. ip {
34. enable-arp-accept
35. ospf {
36. network point-to-multipoint
37. }
38. }
39. max-age 20
40. priority 0
41. stp false
42. }
43. bridge br2 {
44. address xxx.xxx.101.1/24
45. aging 300
46. description "private switch"
47. hello-time 2
48. ip {
49. enable-arp-accept
50. ospf {
51. network point-to-multipoint
52. }
53. }
54. max-age 20
55. priority 0
56. stp false
57. }
58. bridge br3 {
59. address xxx.xxx.2.1/24
60. description "private switch"
61. ip {
62. enable-arp-accept
63. ospf {
64. network point-to-multipoint
65. }
66. }
67. }
68. bridge br4 {
69. address xxx.xxx.3.1/24
70. description "private switch"
71. ip {
72. enable-arp-accept
73. ospf {
74. network point-to-multipoint
75. }
76. }
77. }
78. bridge br5 {
79. address xxx.xxx.4.1/24
80. description "private switch"
81. ip {
82. enable-arp-accept
83. ospf {
84. network point-to-multipoint
85. }
86. }
87. }
88. ethernet eth0 {
89. bridge-group {
90. bridge br2
91. }
92. description private
93. duplex auto
94. hw-id XX:XX:XX:f8:3f:11
95. smp-affinity auto
96. speed auto
97. }
98. ethernet eth1 {
99. bridge-group {
100. bridge br1
101. }
102. description private
103. duplex auto
104. hw-id XX:XX:XX:f8:3f:12
105. smp-affinity auto
106. speed auto
107. vif 1 {
108. bridge-group {
109. bridge br2
110. }
111. description "private VLAN 1"
112. }
113. vif 1002 {
114. bridge-group {
115. bridge br3
116. }
117. description "private VLAN 1002"
118. }
119. vif 1003 {
120. bridge-group {
121. bridge br4
122. }
123. description "private VLAN 1003"
124. }
125. vif 1004 {
126. bridge-group {
127. bridge br5
128. }
129. description "private VLAN 1004"
130. }
131. }
132. ethernet eth2 {
133. bridge-group {
134. bridge br2
135. }
136. description private
137. duplex auto
138. hw-id XX:XX:XX:f8:3f:13
139. smp-affinity auto
140. speed auto
141. }
142. ethernet eth3 {
143. bridge-group {
144. bridge br2
145. }
146. description private
147. duplex auto
148. hw-id XX:XX:XX:f8:3f:14
149. smp-affinity auto
150. speed auto
151. }
152. ethernet eth4 {
153. bridge-group {
154. bridge br2
155. }
156. description private
157. duplex auto
158. hw-id XX:XX:XX:f8:3f:15
159. smp-affinity auto
160. speed auto
161. }
162. ethernet eth5 {
163. description public
164. duplex auto
165. hw-id XX:XX:XX:f8:3f:16
166. pppoe 0 {
167. default-route auto
168. mtu 1492
169. name-server auto
170. password xxxxxx
171. user-id xxxxxx
172. }
173. smp-affinity auto
174. speed auto
175. }
176. loopback lo {
177. address xxx.xxx.0.1/8
178. address ::1/128
179. description local
180. }
181. }
182. nat {
183. source {
184. rule 100 {
185. description "TO PUBLIC"
186. outbound-interface pppoe0
187. source {
188. address xxx.xxx.0.0/16
189. }
190. translation {
191. address masquerade
192. }
193. }
194. }
195. }
196. policy {
197. route-map CONNECT {
198. rule 10 {
199. action permit
200. match {
201. interface lo
202. }
203. }
204. }
205. }
206. protocols {
207. ospf {
208. area xxx.xxx.0.0 {
209. network xxx.xxx.0.0/16
210. }
211. area xxx.xxx.0.1 {
212. network xxx.xxx.0.0/24
213. }
214. area xxx.xxx.0.2 {
215. network xxx.xxx.101.0/24
216. }
217. area xxx.xxx.0.3 {
218. network xxx.xxx.2.0/24
219. }
220. area xxx.xxx.0.4 {
221. network xxx.xxx.3.0/24
222. }
223. area xxx.xxx.0.5 {
224. network xxx.xxx.4.0/24
225. }
226. default-information {
227. originate {
228. always
229. metric 10
230. metric-type 2
231. }
232. }
233. log-adjacency-changes {
234. }
235. parameters {
236. router-id xxx.xxx.0.0
237. }
238. redistribute {
239. connected {
240. metric-type 2
241. route-map CONNECT
242. }
243. }
244. }
245. }
246. service {
247. dhcp-server {
248. shared-network-name xxxxxx {
249. subnet xxx.xxx.101.0/24 {
250. default-router xxx.xxx.101.1
251. dns-server xxx.xxx.101.1
252. lease 86400
253. range 0 {
254. start xxx.xxx.101.2
255. stop xxx.xxx.101.254
256. }
257. }
258. }
259. }
260. dns {
261. forwarding {
262. cache-size 512
263. listen-on br1
264. listen-on br2
265. name-server xxx.xxx.114.114
266. name-server xxx.xxx.8.8
267. }
268. }
269. snmp {
270. community v3 {
271. authorization ro
272. }
273. listen-address xxx.xxx.0.0 {
274. port 161
275. }
276. }
277. ssh {
278. port 22
279. }
280. }
281. system {
282. config-management {
283. commit-revisions 20
284. }
285. console {
286. device ttyS0 {
287. speed 9600
288. }
289. }
290. host-name xxxxxx
291. ip {
292. arp {
293. table-size 16384
294. }
295. }
296. login {
297. user xxxxxx {
298. authentication {
299. encrypted-password xxxxxx
300. plaintext-password xxxxxx
301. }
302. level admin
303. }
304. }
305. ntp {
306. server xxxxx.tld {
307. }
308. server xxxxx.tld {
309. }
310. server xxxxx.tld {
311. }
312. }
313. syslog {
314. global {
315. facility all {
316. level notice
317. }
318. facility protocols {
319. level debug
320. }
321. }
322. }
323. time-zone Asia/Shanghai
324. }
325. vpn {
326. }
327. zone-policy {
328. zone lan1 {
329. from lan2 {
330. firewall {
331. name lan1-lan2
332. }
333. }
334. interface br1
335. }
336. zone lan2 {
337. from lan1 {
338. firewall {
339. name lan1-lan2
340. }
341. }
342. interface br2
343. }
344. zone lan3 {
345. interface br3
346. }
347. zone lan4 {
348. interface br4
349. }
350. zone lan5 {
351. interface br5
352. }
353. }