#
# Module devmgr configuration.
#
configure snmp sysName "SummitX450-24t"
configure snmp sysContact "support@extremenetworks.com, +1 888 257 3000"
configure slot 1 module SummitX450-24t
configure sys-recovery-level switch reset

#
# Module vlan configuration.
#
configure vr VR-Default add ports 1-26
create vlan "Compliant"
configure vlan Compliant tag 2
configure vlan Default tag 1
create vlan "nlVlan"
create vlan "Non-Compliant"
configure vlan Non-Compliant tag 3
enable snmp traps port-up-down port 1
configure ports 1 auto off speed 100 duplex full
enable snmp traps port-up-down port 2
configure ports 2 auto off speed 100 duplex full
enable snmp traps port-up-down port 3
configure ports 3 auto off speed 100 duplex full
enable snmp traps port-up-down port 4
configure ports 4 auto off speed 100 duplex full
enable snmp traps port-up-down port 5
configure ports 5 auto off speed 100 duplex full
enable snmp traps port-up-down port 6
configure ports 6 auto off speed 100 duplex full
enable snmp traps port-up-down port 7
configure ports 7 auto off speed 100 duplex full
enable snmp traps port-up-down port 8
configure ports 8 auto off speed 100 duplex full
enable snmp traps port-up-down port 9
configure ports 9 auto off speed 100 duplex full
enable snmp traps port-up-down port 10
configure ports 10 auto off speed 100 duplex full
enable snmp traps port-up-down port 11
configure ports 11 auto off speed 100 duplex full
enable snmp traps port-up-down port 12
configure ports 12 auto off speed 100 duplex full
enable snmp traps port-up-down port 13
configure ports 13 auto off speed 100 duplex full
enable snmp traps port-up-down port 14
configure ports 14 auto off speed 100 duplex full
enable snmp traps port-up-down port 15
configure ports 15 auto off speed 100 duplex full
enable snmp traps port-up-down port 16
configure ports 16 auto off speed 100 duplex full
enable snmp traps port-up-down port 17
configure ports 17 auto off speed 100 duplex full
enable snmp traps port-up-down port 18
configure ports 18 auto off speed 100 duplex full
enable snmp traps port-up-down port 19
configure ports 19 auto off speed 100 duplex full
enable snmp traps port-up-down port 20
configure ports 20 auto off speed 100 duplex full
enable snmp traps port-up-down port 21
configure ports 21 auto off speed 100 duplex full
enable snmp traps port-up-down port 22
configure ports 22 auto off speed 100 duplex full
enable snmp traps port-up-down port 23
configure ports 23 auto off speed 100 duplex full
enable snmp traps port-up-down port 24
configure ports 24 auto off speed 100 duplex full
enable snmp traps port-up-down port 25
configure ports 25 auto off speed 10000 duplex full
enable snmp traps port-up-down port 26
configure ports 26 auto off speed 10000 duplex full
configure vlan Default add ports 2-26 untagged
configure vlan Default ipaddress 10.0.0.5 255.0.0.0
enable ipforwarding vlan Default
configure vlan Non-Compliant ipaddress 30.3.0.1 255.255.0.0
enable ipforwarding vlan Non-Compliant
configure vlan Compliant ipaddress 20.3.0.1 255.255.0.0
enable ipforwarding vlan Compliant
configure qosscheduler strict-priority

#
# Module fdb configuration.
#
configure fdb agingtime 300
configure fdb vpls agingtime 300
configure iparp vr VR-Default max_entries 4096
configure iparp vr VR-Default max_pending_entries 256
configure iparp vr VR-Default max_proxy_entries 256
configure iparp vr VR-Default timeout 20
enable iparp vr VR-Default checking
enable iparp vr VR-Default refresh
configure iparp vr VR-Mgmt max_entries 4096
configure iparp vr VR-Mgmt max_pending_entries 256
configure iparp vr VR-Mgmt max_proxy_entries 256
configure iparp vr VR-Mgmt timeout 20
enable iparp vr VR-Mgmt checking
enable iparp vr VR-Mgmt refresh

#
# Module rtmgr configuration.
#
disable iproute sharing
configure iproute priority mpls 20
configure iproute priority blackhole 50
configure iproute priority static 1100
configure iproute priority icmp 1200
configure iproute priority ebgp 1700
configure iproute priority ibgp 1900
configure iproute priority ospf-intra 2200
configure iproute priority ospf-inter 2300
configure iproute priority rip 2400
configure iproute priority ospf-as-external 3100
configure iproute priority ospf-extern1 3200
configure iproute priority ospf-extern2 3300
configure iproute priority bootp 5000
configure iproute ipv6 priority mpls 20
configure iproute ipv6 priority blackhole 50
configure iproute ipv6 priority static 1100
configure iproute ipv6 priority icmp 1200
configure iproute ipv6 priority ospfv3-intra 2200
configure iproute ipv6 priority ospfv3-inter 2300
configure iproute ipv6 priority ripng 2400
configure iproute ipv6 priority ospfv3-as-external 3100
configure iproute ipv6 priority ospfv3-extern1 3200
configure iproute ipv6 priority ospfv3-extern2 3300
configure irdp broadcast
configure irdp 450 600 1800 0
disable irdp "Compliant"
disable irdp "Default"
disable irdp "Non-Compliant"
disable icmp address-mask vlan "Compliant"
enable icmp parameter-problem vlan "Compliant"
enable icmp port-unreachables vlan "Compliant"
enable icmp unreachables vlan "Compliant"
enable icmp redirects vlan "Compliant"
enable icmp time-exceeded vlan "Compliant"
disable icmp timestamp vlan "Compliant"
disable icmp address-mask vlan "Default"
enable icmp parameter-problem vlan "Default"
enable icmp port-unreachables vlan "Default"
enable icmp unreachables vlan "Default"
enable icmp redirects vlan "Default"
enable icmp time-exceeded vlan "Default"
disable icmp timestamp vlan "Default"
disable icmp address-mask vlan "Non-Compliant"
enable icmp parameter-problem vlan "Non-Compliant"
enable icmp port-unreachables vlan "Non-Compliant"
enable icmp unreachables vlan "Non-Compliant"
enable icmp redirects vlan "Non-Compliant"
enable icmp time-exceeded vlan "Non-Compliant"
disable icmp timestamp vlan "Non-Compliant"
enable ip-option loose-source-route
enable ip-option strict-source-route
enable ip-option record-timestamp
enable ip-option router-alert
enable ip-option record-route
disable ipforwarding broadcast vlan "Compliant"
disable ipforwarding broadcast vlan "Default"
disable ipforwarding broadcast vlan "Non-Compliant"
disable icmp useredirects
disable iproute mpls-next-hop
configure ipforwarding originated-packets dont-require-ipforwarding

#
# Module mcmgr configuration.
#
configure igmp snooping cache 32 64
configure igmp snooping timer 260 260 vr VR-Default
configure igmp snooping leave-timeout 1000 vr VR-Default
configure MLD snooping timer 260 260 vr VR-Default
configure MLD snooping leave-timeout 1000 vr VR-Default
disable igmp snooping forward-mcrouter-only vr VR-Default
disable MLD snooping forward-mcrouter-only vr VR-Default
configure igmp 125 10 1 2 vr VR-Default
configure MLD 125 10 1 2 vr VR-Default
enable igmp snooping with-proxy vr VR-Default
enable MLD snooping with-proxy vr VR-Default
configure igmp snooping flood-list none vr VR-Default
configure MLD snooping flood-list none vr VR-Default
disable mvr vr VR-Default

#
# Module aaa configuration.
#
configure radius netlogin primary server 10.0.0.1 1812 client-ip 10.0.0.5 vr VR-Default
configure radius netlogin primary shared-secret encrypted qijxou
disable radius mgmt-access
configure radius mgmt-access timeout 3
disable radius-accounting mgmt-access
configure radius-accounting mgmt-access timeout 3
enable radius netlogin
configure radius netlogin timeout 3
disable radius-accounting netlogin
configure radius-accounting netlogin timeout 3
disable tacacs
configure tacacs timeout 3
disable tacacs-accounting
configure tacacs-accounting timeout 3
disable tacacs-authorization
configure account admin encrypted Rx/l/7$6rHq3aTQo8j.aJJxyHuqN.

#
# Module acl configuration.
#
enable access-list refresh blackhole
enable access-list permit to-cpu
configure access-list zone DOS zone-priority 1
configure access-list zone SYSTEM zone-priority 2
configure access-list zone SECURITY zone-priority 3
configure access-list zone DOS application Dos application-priority 1
configure access-list zone SYSTEM application Cli application-priority 1
configure access-list zone SYSTEM application IpSecurity application-priority 2
configure access-list zone SYSTEM application NetLogin application-priority 3
configure access-list zone SECURITY application GenericXml application-priority 2

#
# Module cfgmgr configuration.
#
disable cli-config-logging
configure cli max-sessions 8
configure cli max-failed-logins 3
configure banner
configure idletimeout 20
enable idletimeout
configure debug core-dumps internal-memory

#
# Module dosprotect configuration.
#
disable dos-protect
configure dos-protect interval 1
configure dos-protect type l3-protect alert-threshold 4000
configure dos-protect type l3-protect notify-threshold 3500

#
# Module eaps configuration.
#
configure eaps fast-convergence off
configure eaps config-warnings on
disable eaps

#
# Module edp configuration.
#
configure edp advertisement-interval 60 holddown-interval 180
enable edp ports 1
enable edp ports 2
enable edp ports 3
enable edp ports 4
enable edp ports 5
enable edp ports 6
enable edp ports 7
enable edp ports 8
enable edp ports 9
enable edp ports 10
enable edp ports 11
enable edp ports 12
enable edp ports 13
enable edp ports 14
enable edp ports 15
enable edp ports 16
enable edp ports 17
enable edp ports 18
enable edp ports 19
enable edp ports 20
enable edp ports 21
enable edp ports 22
enable edp ports 23
enable edp ports 24
enable edp ports 25
enable edp ports 26

#
# Module elrp configuration.
#
disable elrp-client

#
# Module ems configuration.
#
disable log debug-mode
create log filter DefaultFilter
configure log filter DefaultFilter add event All
enable log target memory-buffer
configure log target memory-buffer filter DefaultFilter severity Debug-Data
configure log target memory-buffer match Any
configure log target memory-buffer format timestamp hundredths date mm-dd-yyyy event-name condition severity
configure log target memory-buffer number-of-messages 1000 enable log target nvram
configure log target nvram filter DefaultFilter severity Warning
configure log target nvram match Any
configure log target nvram format timestamp hundredths date mm-dd-yyyy event-name condition severity
disable log target console
configure log target console filter DefaultFilter severity Info
configure log target console match Any
configure log target console format timestamp hundredths date mm-dd-yyyy event-name condition severity

#
# Module epm configuration.
#
configure sys-recovery-level All
enable watchdog
configure firmware install-on-demand
enable cpu-monitoring interval 20 threshold 60

#
# Module esrp configuration.
#
configure esrp mode extended

#
# Module etmon configuration.
#
configure sflow sample-rate 8192
configure sflow max-cpu-sample-limit 2000
configure sflow poll-interval 20
disable sflow
disable rmon

#
# Module hal configuration.
#
configure iproute sharing max-gateways 4

#
# Module lldp configuration.
#
configure lldp transmit-interval 30
configure lldp transmit-hold 4
configure lldp reinitialize-delay 2
configure lldp transmit-delay 2
configure lldp snmp-notification-interval 5
configure lldp med fast-start repeat-count 3

#
# Module netLogin configuration.
#
configure netlogin vlan nlVlan
enable netlogin dot1x
enable netlogin ports 1 dot1x
configure netlogin ports 1 mode port-based-vlans
configure netlogin ports 1 no-restart
configure netlogin dot1x timers server-timeout 30 quiet-period 60 reauth-period 3600 supp-resp-timeout 30
configure netlogin dot1x eapol-transmit-version v1
enable netlogin logout-privilege
enable netlogin session-refresh 3
configure netlogin base-url "network-access.com"
configure netlogin redirect-page "http://www.extremenetworks.com"
configure netlogin banner ""

#
# Module netTools configuration.
#
configure sntp-client update-interval 64
disable sntp-client
enable bootp vlan Mgmt
enable bootp vlan nlVlan
configure bootprelay add 10.0.0.1 vr VR-Default
enable bootprelay vr VR-Default
unconfigure bootprelay dhcp-agent information option vr VR-Default
unconfigure bootprelay dhcp-agent information check vr VR-Default
unconfigure bootprelay dhcp-agent information policy vr VR-Default

#
# Module ospf configuration.
#
configure ospf routerid automatic
configure ospf spf-hold-time 3
configure ospf metric-table 10M 10 100M 5 1G 4 10G 2
configure ospf lsa-batch-interval 30
configure ospf import-policy none
configure ospf ase-limit 0
disable ospf originate-default
disable ospf use-ip-router-alert
disable ospf
configure ospf restart none
configure ospf restart grace-period 120
disable ospf export direct
disable ospf export static
disable ospf export rip
disable ospf export e-bgp
disable ospf export i-bgp
configure ospf area 0.0.0.0 external-filter none
configure ospf area 0.0.0.0 interarea-filter none
configure ospf vlan Compliant area 0.0.0.0
configure ospf vlan Compliant cost automatic
configure ospf vlan Compliant priority 0
configure ospf vlan Compliant authentication none
configure ospf vlan Compliant timer 5 1 10 40
configure ospf vlan Compliant restart-helper none
enable ospf vlan Compliant restart-helper-lsa-check
configure ospf vlan Default area 0.0.0.0
configure ospf vlan Default cost automatic
configure ospf vlan Default priority 0
configure ospf vlan Default authentication none
configure ospf vlan Default timer 5 1 10 40
configure ospf vlan Default restart-helper none
enable ospf vlan Default restart-helper-lsa-check
configure ospf vlan Non-Compliant area 0.0.0.0
configure ospf vlan Non-Compliant cost automatic
configure ospf vlan Non-Compliant priority 0
configure ospf vlan Non-Compliant authentication none
configure ospf vlan Non-Compliant timer 5 1 10 40
configure ospf vlan Non-Compliant restart-helper none
enable ospf vlan Non-Compliant restart-helper-lsa-check

#
# Module pim configuration.
#
disable pim
configure pim crp timer 60
configure pim register-suppress-interval 60 register-probe-interval 5
configure pim register-checksum-to include-data

#
# Module poe configuration.
#
disable inline-power
configure inline-power usage-threshold 70
configure inline-power disconnect-precedence deny-port

#
# Module rip configuration.
#
configure rip garbagetime 120
configure rip import-policy none
configure rip routetimeout 180
configure rip updatetime 30
disable rip originate-default
enable rip use-ip-router-alert
disable rip aggregation
enable rip poisonreverse
enable rip splithorizon
enable rip triggerupdates
disable rip
disable rip export direct
disable rip export static
disable rip export ospf-intra
disable rip export ospf-inter
disable rip export ospf-extern1
disable rip export ospf-extern2
disable rip export e-bgp
disable rip export i-bgp

#
# Module ripng configuration.
#
disable ripng
configure ripng garbagetime 120
configure ripng updatetime 30
configure ripng routetimeout 180

#
# Module snmpMaster configuration.
#
configure snmpv3 engine-id 03:00:04:96:20:ac:7f
configure snmpv3 add user admin authentication md5 hex d4:ad:d9:16:48:36:a7:b0:f7:e2:01:6b:d2:91:e4:2b privacy hex d4:ad:d9:16:48:36:a7:b0:f7:e2:01:6b:d2:91:e4:2b
configure snmpv3 add user initial
configure snmpv3 add user initialmd5 authentication md5 hex 7e:fe:44:d6:57:be:98:0e:b6:4b:b7:ea:0b:dc:eb:25
configure snmpv3 add user initialsha authentication sha hex a7:93:03:5d:7f:ec:49:e3:aa:24:07:02:d8:c6:51:02:23:f2:ea:bd
configure snmpv3 add user initialmd5Priv authentication md5 hex 1e:f8:18:76:cb:40:bb:33:c7:74:d2:c7:51:6f:68:60 privacy hex 1e:f8:18:76:cb:40:bb:33:c7:74:d2:c7:51:6f:68:60
configure snmpv3 add user initialshaPriv authentication sha hex 95:d9:49:73:bb:a0:b3:a5:26:6c:a8:cc:bc:49:29:b9:d1:07:d6:20 privacy hex 95:d9:49:73:bb:a0:b3:a5:26:6c:a8:cc:bc:49:29:b9:d1:07:d6:20
configure snmpv3 add group v1v2c_ro user v1v2c_ro sec-model snmpv1
configure snmpv3 add group v1v2c_rw user v1v2c_rw sec-model snmpv1
configure snmpv3 add group v1v2c_ro user v1v2c_ro sec-model snmpv2c
configure snmpv3 add group v1v2c_rw user v1v2c_rw sec-model snmpv2c
configure snmpv3 add group v1v2cNotifyGroup user v1v2cNotifyUser1 sec-model snmpv2c
configure snmpv3 add group admin user admin sec-model usm
configure snmpv3 add group initial user initial sec-model usm
configure snmpv3 add group initial user initialmd5 sec-model usm
configure snmpv3 add group initial user initialsha sec-model usm
configure snmpv3 add group initial user initialmd5Priv sec-model usm
configure snmpv3 add group initial user initialshaPriv sec-model usm
configure snmpv3 add access admin sec-model usm sec-level priv read-view default AdminView write-view defaultAdminView notify-view defaultNotifyView
configure snmpv3 add access initial sec-model usm sec-level noauth read-view defaultUserView notify-view defaultNotifyView
configure snmpv3 add access initial sec-model usm sec-level authnopriv read-view defaultUserView write-view defaultUserView notify-view defaultNotifyView
configure snmpv3 add access v1v2c_ro sec-model snmpv1 sec-level noauth read-view defaultUserView notify-view defaultNotifyView
configure snmpv3 add access v1v2c_ro sec-model snmpv2c sec-level noauth read-view defaultUserView notify-view defaultNotifyView
configure snmpv3 add access v1v2c_rw sec-model snmpv1 sec-level noauth read-view defaultUserView write-view defaultUserView notify-view defaultNotifyView
configure snmpv3 add access v1v2c_rw sec-model snmpv2c sec-level noauth read-view defaultUserView write-view defaultUserView notify-view defaultNotifyView
configure snmpv3 add access v1v2cNotifyGroup sec-model snmpv1 sec-level noauth notify-view defaultNotifyView
configure snmpv3 add access v1v2cNotifyGroup sec-model snmpv2c sec-level noauth notify-view defaultNotifyView
configure snmpv3 add mib-view defaultUserView subtree 1 type included
configure snmpv3 add mib-view defaultUserView subtree 1.3.6.1.6.3.16 type excluded
configure snmpv3 add mib-view defaultUserView subtree 1.3.6.1.6.3.18 type excluded
configure snmpv3 add mib-view defaultUserView subtree 1.3.6.1.6.3.15.1.2.2.1.4 type excluded
configure snmpv3 add mib-view defaultUserView subtree 1.3.6.1.6.3.15.1.2.2.1.6 type excluded
configure snmpv3 add mib-view defaultUserView subtree 1.3.6.1.6.3.15.1.2.2.1.9 type excluded
configure snmpv3 add mib-view defaultAdminView subtree 1 type included
configure snmpv3 add mib-view defaultNotifyView subtree 1 type included
configure snmpv3 add community private name private user v1v2c_rw
configure snmpv3 add community public name public user v1v2c_ro
configure snmpv3 add community v1v2cNotifyComm1 name rsademo user v1v2cNotifyUser1
configure snmpv3 add target-addr v1v2cNotifyTAddr1 param v1v2cNotifyParam1 ipaddress 192.168.0.1 transport-port 162 tag-list defaultNotify
configure snmpv3 add target-params v1v2cNotifyParam1 user v1v2cNotifyUser1 mp-model snmpv2c sec-model snmpv2c sec-level noauth
configure snmpv3 add notify defaultNotify tag defaultNotify
enable snmp access
enable snmp traps

#
# Module stp configuration.
#
configure mstp region 00049620ac7f
configure mstp revision 3
configure mstp format 0
configure stpd s0 mode dot1d
configure stpd s0 forwarddelay 15
configure stpd s0 hellotime 2
configure stpd s0 maxage 20
configure stpd s0 priority 32768
disable stpd s0 rapid-root-failover
configure stpd s0 default-encapsulation dot1d
enable stpd s0 auto-bind vlan Default
configure stpd s0 tag 0
disable stpd s0

#
# Module telnetd configuration.
#
configure telnet vr all

#
# Module tftpd configuration.
#

#
# Module thttpd configuration.
#
enable web http

#
# Module vrrp configuration.
#