#-------------------------------------------------------------------
#                       DES-3828 Configuration
#
#                       Firmware: Build 4.00.B10
#        Copyright(C) 2004-2005 D-Link Corporation. All rights reserved.
#-------------------------------------------------------------------

# DOUBLE_VLAN

disable double_vlan

# BASIC

config serial_port baud_rate 9600 auto_logout 10_minutes
enable telnet 23
enable web 80
config terminal_line default

# STORM

config traffic control_trap none
config traffic control 1-28 broadcast disable action drop threshold 128000 time_interval 5 countdown 0
config traffic control 1-28 multicast disable action drop threshold 128000 time_interval 5 countdown 0
config traffic control 1-28 unicast disable threshold 128000

# GM

config sim candidate
disable sim
config sim dp_interval 30
config sim hold_time 100

# SYSLOG

disable syslog
config system_severity trap information
config system_severity log information

# MIRROR

disable mirror
config mirror port 1

# QOS

config scheduling_mechanism strict
config scheduling 0 max_packet 1
config scheduling 1 max_packet 2
config scheduling 2 max_packet 3
config scheduling 3 max_packet 4
config scheduling 4 max_packet 5
config scheduling 5 max_packet 6
config scheduling 6 max_packet 7
config scheduling 7 max_packet 8
config 802.1p user_priority 0  2
config 802.1p user_priority 1  0
config 802.1p user_priority 2  1
config 802.1p user_priority 3  3
config 802.1p user_priority 4  4
config 802.1p user_priority 5  5
config 802.1p user_priority 6  6
config 802.1p user_priority 7  7
disable wred
config 802.1p default_priority 1-28 0
config bandwidth_control 1-28 rx_rate no_limit tx_rate no_limit
config wred ports 1-28 average_time 100
config wred ports 1-28 class_id 0 drop_start 50 drop_slope 45
config wred ports 1-28 class_id 1 drop_start 50 drop_slope 45
config wred ports 1-28 class_id 2 drop_start 50 drop_slope 45
config wred ports 1-28 class_id 3 drop_start 50 drop_slope 45
config wred ports 1-28 class_id 4 drop_start 50 drop_slope 45
config wred ports 1-28 class_id 5 drop_start 50 drop_slope 45
config wred ports 1-28 class_id 6 drop_start 50 drop_slope 45
config wred ports 1-28 class_id 7 drop_start 50 drop_slope 45

# TRAF-SEGMENTATION

config traffic_segmentation 1-28 forward_list 1-28

# PORT

disable jumbo_frame
config ports 1-28 speed auto flow_control disable learning enable state enable

# PORT_LOCK

disable port_security trap_log
config port_security ports 1-28 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnReset

# PORT_LOCK_PERMANENT

# 8021X

enable 802.1x
config 802.1x auth_mode port_based
config radius add 1 10.0.0.1 key secret auth_port 1812 acct_port 1813
config 802.1x capability ports 1 authenticator
config 802.1x capability ports 2-28 none
config 802.1x auth_parameter ports 1-28 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable

# SNMPv3

delete snmp community public
delete snmp community private
delete snmp user initial
delete snmp group initial
delete snmp view restricted all
delete snmp view CommunityView all
config snmp engineID 800000ab03000102030480
create snmp view restricted 1.3.6.1.2.1.1 view_type included
create snmp view restricted 1.3.6.1.2.1.11 view_type included
create snmp view restricted 1.3.6.1.6.3.10.2.1 view_type included
create snmp view restricted 1.3.6.1.6.3.11.2.1 view_type included
create snmp view restricted 1.3.6.1.6.3.15.1.1 view_type included
create snmp view CommunityView 1 view_type included
create snmp view CommunityView 1.3.6.1.6.3 view_type excluded
create snmp view CommunityView 1.3.6.1.6.3.1 view_type included
create snmp group public v1 read_view CommunityView notify_view CommunityView
create snmp group public v2c read_view CommunityView notify_view CommunityView
create snmp group initial v3  noauth_nopriv read_view restricted notify_view restricted
create snmp group private v1 read_view CommunityView write_view CommunityView notify_view CommunityView
create snmp group private v2c read_view CommunityView write_view CommunityView notify_view CommunityView
create snmp group ReadGroup v1 read_view CommunityView notify_view CommunityView
create snmp group ReadGroup v2c read_view CommunityView notify_view CommunityView
create snmp group WriteGroup v1 read_view CommunityView write_view CommunityView notify_view CommunityView
create snmp group WriteGroup v2c read_view CommunityView write_view CommunityView notify_view CommunityView
create snmp community private view CommunityView read_write
create snmp community public view CommunityView read_only
create snmp user initial initial

# MANAGEMENT

disable snmp
enable snmp traps
enable snmp authenticate traps
disable rmon

# 802.1V

# VLAN

config vlan default delete 1-28
config vlan default add untagged 2-28
config vlan default advertisement enable
create vlan FullAccess tag 2
config vlan FullAccess add untagged 1
config vlan FullAccess advertisement disable
create vlan Restricted tag 3
config vlan Restricted advertisement disable
disable gvrp
config gvrp 1 state disable ingress_checking enable acceptable_frame admit_all pvid 2
config gvrp 2-28 state disable ingress_checking enable acceptable_frame admit_all pvid 1

# FDB

config fdb aging_time 300

# MAC_ADDRESS_TABLE_NOTIFICATION

config mac_notification interval 1 historysize 1
disable mac_notification
config mac_notification ports 1-28 disable

# STP

config stp maxage 20 maxhops 20 forwarddelay 15 txholdcount 3 fbpdu enable
config stp version rstp
config stp priority 32768 instance_id 0
config stp hellotime 2
config stp lbd enable
config stp lbd_recover_timer 60
config stp mst_config_id name 00:01:02:03:04:80 revision_level 0
disable stp
config stp ports 1-28 externalCost auto edge false p2p auto state enable
config stp ports 1-28 lbd disable
config stp mst_ports 1-28 instance_id 0 internalCost auto priority 128
config stp ports 1-28 fbpdu disable

# MULTI FILTER

config max_mcast_group port 1-2 max_group 2048

# SSH

config ssh server maxsession 8
config ssh server contimeout 300
config ssh server authfail 2
config ssh server rekey never
disable ssh

# SSL

disable ssl
enable ssl ciphersuite RSA_with_RC4_128_MD5
enable ssl ciphersuite RSA_with_3DES_EDE_CBC_SHA
enable ssl ciphersuite DHE_DSS_with_3DES_EDE_CBC_SHA
enable ssl ciphersuite RSA_EXPORT_with_RC4_40_MD5
config ssl cachetimeout timeout 600

# SAFE_GUARD

config safeguard_engine state disable cpu_utilization rising_threshold 100 falling_threshold 20 trap_log disable

# ACL

disable cpu_interface_filtering

# SNTP

disable sntp
config time_zone operator - hour 6 min 0
config sntp primary 0.0.0.0 secondary 0.0.0.0 poll-interval 720
config dst disable

# IPBIND

disable address_binding acl_mode
disable address_binding trap_log

# LACP

config link_aggregation algorithm ip_source
config lacp_port 1-28 mode passive

# SNOOP

disable igmp_snooping
config igmp_snooping querier default query_interval 125 max_response_time 10 robustness_variable 2 last_member_query_interval 1 state disable
config igmp_snooping default host_timeout 260 router_timeout 260 leave_timer 2 state disable fast_leave disable
config igmp_snooping querier FullAccess query_interval 125 max_response_time 10 robustness_variable 2 last_member_query_interval 1 state disable
config igmp_snooping FullAccess host_timeout 260 router_timeout 260 leave_timer 2 state disable fast_leave disable
config igmp_snooping querier Restricted query_interval 125 max_response_time 10 robustness_variable 2 last_member_query_interval 1 state disable
config igmp_snooping Restricted host_timeout 260 router_timeout 260 leave_timer 2 state disable fast_leave disable

# MLDSNP

disable mld_snooping

# IP

config ipif System vlan default ipaddress 10.0.0.7/8 state enable proxy_arp disable
create ipif vlan2if 20.5.0.1/16 FullAccess state enable proxy_arp disable
create ipif vlan3if 30.5.0.1/16 Restricted state enable proxy_arp disable
disable autoconfig

# ARP

config arp_aging time 40

# ACCESS_AUTHENTICATION_CONTROL

config authen_login default method local
config authen_enable default method local_enable
config authen application console login default
config authen application console enable default
config authen application telnet login default
config authen application telnet enable default
config authen application ssh login default
config authen application ssh enable default
config authen application http login default
config authen application http enable default
config authen parameter response_timeout 30
config authen parameter attempt 3
disable authen_policy
config accounting type exec state disable
config accounting type system state disable

# DHCP_RELAY

enable dhcp_relay
config dhcp_relay hops 4 time 0
config dhcp_relay option_82 state disable
config dhcp_relay option_82 check disable
config dhcp_relay option_82 policy replace
config dhcp_relay add ipif vlan2if 10.0.0.1
config dhcp_relay add ipif vlan3if 10.0.0.1

# DHCP_SERVER

config dhcp ping_packets 500
config dhcp ping_timeout 500
disable dhcp server

# ROUTE

config route preference static 60
config route preference rip 100
config route preference ospfIntra 80
config route preference ospfInter 90
config route preference ospfExt1 110
config route preference ospfExt2 115

# IGMP

config igmp ipif System version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif System last_member_query_interval 1
config igmp ipif vlan2if version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif vlan2if last_member_query_interval 1
config igmp ipif vlan3if version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif vlan3if last_member_query_interval 1

# WAC

config wac method radius
disable wac

# GVLAN

create 802.1x guest_vlan default
config 802.1x guest_vlan ports 1-12 state enable

# MBA

disable mac_based_access_control
config mac_based_access_control ports 1-28 state disable
config mac_based_access_control method local
config mac_based_access_control password default

# PIMSM

disable pim
config pim cbsr hash_masklen 30
config pim cbsr bootstrap_period 60
config pim register_probe_time 5
config pim register_suppression_time 60
config pim last_hop_spt_threshold 0
config pim rp_spt_threshold 0
config pim crp holdtime 0 priority 192
config pim crp wildcard_prefix_cnt 0
config pim ipif System state disable hello 30 jp_interval 60 mode dm dr_priority 1
config pim cbsr ipif System priority -1
config pim ipif vlan2if state disable hello 30 jp_interval 60 mode dm dr_priority 1
config pim cbsr ipif vlan2if priority -1
config pim ipif vlan3if state disable hello 30 jp_interval 60 mode dm dr_priority 1
config pim cbsr ipif vlan3if priority -1

# DVMRP

disable dvmrp
config dvmrp ipif System metric 1 probe 10 neighbor_timeout 35 state disable
config dvmrp ipif vlan2if metric 1 probe 10 neighbor_timeout 35 state disable
config dvmrp ipif vlan3if metric 1 probe 10 neighbor_timeout 35 state disable

# RIP

config rip ipif System authentication disable tx_mode v2_only rx_mode v1_or_v2 state disable
config rip ipif vlan2if authentication disable tx_mode v2_only rx_mode v1_or_v2 state disable
config rip ipif vlan3if authentication disable tx_mode v2_only rx_mode v1_or_v2 state disable
config rip timer update_interval 30
config rip timer timeout_interval 180
config rip timer garbage_collect_interval 120
disable rip

# MD5

# OSPF

config ospf ipif System area 0.0.0.0 priority 1 hello_interval 10 dead_interval 40
config ospf ipif System authentication none metric 1 state disable active
config ospf ipif vlan2if area 0.0.0.0 priority 1 hello_interval 10 dead_interval  40
config ospf ipif vlan2if authentication none metric 1 state disable active
config ospf ipif vlan3if area 0.0.0.0 priority 1 hello_interval 10 dead_interval  40
config ospf ipif vlan3if authentication none metric 1 state disable active
config ospf router_id 0.0.0.0
disable ospf

# DNSR

disable dnsr
config dnsr primary nameserver 0.0.0.0
config dnsr secondary nameserver 0.0.0.0
disable dnsr cache
disable dnsr static

# VRRP

config vrrp ipif System authtype none
config vrrp ipif vlan2if authtype none
config vrrp ipif vlan3if authtype none
disable vrrp
disable vrrp ping

#-------------------------------------------------------------------
#             End of configuration file for DES-3828
#-------------------------------------------------------------------