display version Huawei Versatile Routing Platform Software VRP (R) software, Version 8.210 (ATN 950D V800R021C00SPC100) Copyright (C) 2012-2021 Huawei Technologies Co., Ltd. HUAWEI ATN 950D uptime is 41 days, 12 hours, 43 minutes Patch Version: V800R021SPH186 ATN 950D version information: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - BKP version information: PCB Version : ANR1AFB REV B CXP Slot Quantity : 2 PIC Slot Quantity : 6 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - CXP version information: CXP (Slave) 7 : uptime is 41 days, 12 hours, 41 minutes StartupTime 2022/11/29 22:09:04 SDRAM Memory Size : 8192M bytes FLASH Memory Size : 64M bytes CFCARD Memory Size : 3478M bytes ANRD00CXPA00 version information PCB Version : ANR1CXPA00 REV B EPLD Version : V110 FPGA1 Version : V100 FPGA2 Version : V100 FPGA3 Version : V100 PE Version : 000 BootROM Version : 08.99 BootLoad Version : 08.99 Software Version : Version 8.210 RELEASE 0001 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - CXP version information: CXP (Master) 8 : uptime is 41 days, 12 hours, 42 minutes StartupTime 2022/11/29 22:08:11 SDRAM Memory Size : 8192M bytes FLASH Memory Size : 64M bytes CFCARD Memory Size : 3478M bytes ANRD00CXPA00 version information PCB Version : ANR1CXPA00 REV B EPLD Version : V110 FPGA1 Version : V100 FPGA2 Version : V100 FPGA3 Version : V100 PE Version : 000 BootROM Version : 08.99 BootLoad Version : 08.99 Software Version : Version 8.210 RELEASE 0001 PIC1: ANND0EM10F00 version information StartupTime : 2022/11/29 22:10:33 PCB Version : ANN1EM10F0 REV D EPLD Version : V105 BOM Version : V100 PIC2: ANND0EM10F00 version information StartupTime : 2022/11/29 22:11:53 PCB Version : ANN1EM10F0 REV D EPLD Version : V105 BOM Version : V100 PIC5: ANKD00EX4S01 version information StartupTime : 2022/11/29 22:09:28 PCB Version : ANN1EX4S REV C EPLD Version : V107 FPGA Version : V103 CHIP Version : V200 BOM Version : V500 PIC6: ANKD00EX4S01 version information StartupTime : 2022/11/29 22:09:29 PCB Version : ANN1EX4S REV C EPLD Version : V107 FPGA Version : V103 CHIP Version : V200 BOM Version : V500 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - PWR version information: PWR9's version information: PCB Version : DP22PDC1K2A1 REV C PWR10's version information: PCB Version : DP22PDC1K2A1 REV C - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - FAN version information: FAN11's version information: PCB Version : ANR1FAN01 REV B display current-configuration !Software Version V800R021C00SPC100 !Last configuration was updated at 2023-01-09 11:36:14+08:00 by backbone !Last configuration was saved at 2023-01-09 11:38:13+08:00 # loop-detect trigger enable # clock timezone my add 08:00:00 # sysname es-50-cx5eb # set neid 20ee2e lldp enable-dcn authentication %^%#/vH]8;MUZ$kCQ=R-i!<-CADoCJ*zC3k]UwY)bg($%^%# # undo FTP server-source all-interface undo FTP ipv6 server-source all-interface # info-center loghost source LoopBack0 info-center loghost 203.121.106.76 info-center loghost 203.121.107.198 info-center loghost 203.121.108.193 info-center loghost 210.19.108.11 info-center loghost 211.24.220.111 info-center timestamp debugging date precision-time second info-center timestamp log date precision-time millisecond info-center logbuffer size 10240 # undo user-security-policy enable # ntp-service server disable ntp-service ipv6 server disable ntp-service server source-interface all disable ntp-service ipv6 server source-interface all disable ntp-service unicast-server 203.121.106.1 preference ntp-service unicast-server 203.121.108.1 ntp-service unicast-server 203.121.110.1 ntp-service source-interface LoopBack0 # undo icmp name timestamp-reply send # router id 223.28.45.152 # undo telnet server enable undo telnet server-source all-interface undo telnet ipv6 server-source all-interface # diffserv domain default # soc # priority-template default # ip vpn-instance SI300003-IMC-MGMT ipv4-family route-distinguisher 9930:170 apply-label per-instance vpn-target 9930:171 export-extcommunity vpn-target 9930:171 import-extcommunity # ip vpn-instance __LOCAL_OAM_VPN__ ipv4-family ipv6-family # ip dcn vpn-instance __dcn_vpn__ ipv4-family # bfd # mpls lsr-id 223.28.45.152 # mpls # mpls l2vpn # mpls ldp graceful-restart # ipv4-family # mpls ldp remote-peer sr-04-glsfb remote-ip 223.28.45.78 # mpls ldp remote-peer sr-03-obsxb remote-ip 223.28.48.153 # dhcp server request-packet all-interface disable # dot1x-template 1 # acl name management-access advance rule 5 permit ip source 203.121.106.0 0.0.1.255 rule 10 permit ip source 203.121.110.0 0.0.1.255 rule 15 permit ip source 203.121.108.0 0.0.1.255 rule 20 permit ip source 203.121.124.0 0.0.0.255 rule 25 permit ip source 223.28.0.0 0.0.127.255 rule 30 permit ip source 192.168.8.0 0.0.0.255 rule 35 permit ip source 203.121.0.0 0.0.127.255 rule 40 permit ip source 211.24.220.0 0.0.0.255 rule 45 permit ip source 20.20.20.0 0.0.0.255 rule 50 permit ip source 203.121.64.0 0.0.0.255 rule 1000 deny ip # acl name snmp-access advance rule 5 permit ip source 203.121.106.0 0.0.1.255 rule 10 permit ip source 203.121.110.0 0.0.1.255 rule 15 permit ip source 203.121.108.0 0.0.1.255 rule 20 permit ip source 211.24.220.0 0.0.0.255 rule 25 permit ip source 203.121.64.0 0.0.0.255 rule 30 permit ip source 203.121.108.0 0.0.0.255 rule 35 permit ip source 203.121.64.0 0.0.3.255 rule 1000 deny ip # security password # rule admin forbidden word changeme_123 # aaa local-user root password irreversible-cipher $1c$]f(3Q#/CI-5}7N8'UB$ local-user backbone service-type ftp ssh local-user backbone level 3 local-user backbone state block fail-times 3 interval 5 local-user backbone ftp-directory cfcard:/ local-user ossdevelopment password irreversible-cipher $1c$:YQ-Tf/x~>$xQXDFn!I#S@`^KV9/Zt8|L-p20T5@4~LTQ=UDyrY$ local-user ossdevelopment service-type ftp ssh local-user ossdevelopment level 3 local-user ossdevelopment state block fail-times 3 interval 5 local-user ossdevelopment ftp-directory cfcard:/ local-user ipaccess password irreversible-cipher $1c$:+5nEz8H2L$,[Lq1R,q|)h\AT1HnOZFLltYKKMA%0|>zYMAIeR'$ local-user ipaccess service-type ftp ssh local-user ipaccess level 3 local-user ipaccess state block fail-times 3 interval 5 local-user ipaccess ftp-directory cfcard:/ local-user provision password irreversible-cipher $1c$U&7e,\OS.S$nV\R5kEHw,0CQEUBT0NlO@rYG.7,WUY>eb'6M@5>_8HG3#@IuG3U$ local-user ipsoc service-type ssh local-user ipsoc level 3 local-user ipsoc state block fail-times 3 interval 5 local-user ipsoc ftp-directory cfcard:/ local-user ipsoctl password irreversible-cipher $1c$fEQ:Se,9B%$B^6|'.[oI/b_Z'Y;|]f0X(A@V#InC6)/D0&g}b#A$ local-user ipsoctl service-type ssh local-user ipsoctl level 3 local-user ipsoctl state block fail-times 3 interval 5 local-user ipsoctl ftp-directory cfcard:/ local-user iptac password irreversible-cipher $1c$$r~w>VA^U3$l~5lR18*y=D11(Zb\U51~PB45Pa=S"r{E\H3)0=:$ local-user iptac service-type ssh local-user iptac level 3 local-user iptac state block fail-times 3 interval 5 local-user iptac ftp-directory cfcard:/ local-user ipplanning password irreversible-cipher $1c$x-y1;&N,@"$84'25*fz2.0'\m4.T!pJW](:H{-)mQ)|U&}8JE$ local-user usergroup1 service-type ssh local-user usergroup1 level 3 local-user usergroup1 state block fail-times 3 interval 5 local-user usergroup1 ftp-directory cfcard:/ local-user usergroup2 password irreversible-cipher $1c$c0!$$=Uyo*$qe`^1xbA1HETex*[9Az6w>89:Mnq,=Q0{lF("~g8$ local-user usergroup2 service-type ssh local-user usergroup2 level 3 local-user usergroup2 state block fail-times 3 interval 5 local-user usergroup2 ftp-directory cfcard:/ local-user usergroup3 password irreversible-cipher $1c$tAv1*p+4VS$8#.%E|P}vJm}R;Zo[90.k(*CL7/F37d^:!Ts65owSV&cZ*MEPsURGkC3jmQD)_Mbv5;b%CO[v>[U%^%# timer spf 5 50 100 traffic-eng level-2 timer lsp-max-age 65535 timer lsp-refresh 65000 # ipv6 enable topology ipv6 ipv6 bfd all-interfaces enable ipv6 bfd all-interfaces min-tx-interval 250 min-rx-interval 250 detect-multiplier 5 # # interface Eth-Trunk1 mtu 9178 description NNI::To 10Gbps::sr-03-obsxb::Eth-Trunk202 ipv6 enable ip address 223.28.53.2 255.255.255.252 ipv6 address 2001:F40:0:2::67:2/126 ipv6 mtu 9178 trust upstream default isis enable 1 isis ipv6 enable 1 isis circuit-type p2p isis circuit-level level-2 isis authentication-mode md5 cipher %^%#wHi)+HqOK*G!J,Eds.h=\jSW%Rf2Q&cSE~7r8m>+%^%# isis ipv6 cost 20000 isis cost 20000 isis bfd enable isis bfd min-tx-interval 250 min-rx-interval 250 detect-multiplier 5 isis ipv6 bfd enable isis ipv6 bfd min-tx-interval 250 min-rx-interval 250 detect-multiplier 5 ip netstream inbound mode lacp-static mpls mpls ldp statistic enable # interface Eth-Trunk2 mtu 9178 description NNI::To 10Gbps::sr-04-glsfb::Eth-Trunk202 ipv6 enable ip address 223.28.53.5 255.255.255.252 ipv6 address 2001:F40:0:2::67:5/126 ipv6 mtu 9178 trust upstream default isis enable 1 isis ipv6 enable 1 isis circuit-type p2p isis circuit-level level-2 isis authentication-mode md5 cipher %^%#*FB=N/pGM<~T%l,*n"XSA;hU,|<*,1p1x@Zt~q<:%^%# isis ipv6 cost 20000 isis cost 20000 isis bfd enable isis bfd min-tx-interval 250 min-rx-interval 250 detect-multiplier 5 isis ipv6 bfd enable isis ipv6 bfd min-tx-interval 250 min-rx-interval 250 detect-multiplier 5 ip netstream inbound mode lacp-static mpls mpls ldp statistic enable # interface Ethernet0/0/0 undo shutdown ip binding vpn-instance __LOCAL_OAM_VPN__ ip address 192.168.0.1 255.255.255.0 # interface GigabitEthernet0/1/0 undo shutdown dcn # interface GigabitEthernet0/1/1 undo shutdown dcn # interface GigabitEthernet0/1/2 undo shutdown dcn # interface GigabitEthernet0/1/3 undo shutdown dcn # interface GigabitEthernet0/1/4 undo shutdown dcn # interface GigabitEthernet0/1/5 undo shutdown dcn # interface GigabitEthernet0/1/6 undo shutdown dcn # interface GigabitEthernet0/1/7 undo shutdown dcn # interface GigabitEthernet0/1/8 undo shutdown dcn # interface GigabitEthernet0/1/9 undo shutdown dcn # interface GigabitEthernet0/2/0 undo shutdown dcn # interface GigabitEthernet0/2/1 undo shutdown dcn # interface GigabitEthernet0/2/2 undo shutdown dcn # interface GigabitEthernet0/2/3 undo shutdown dcn # interface GigabitEthernet0/2/4 undo shutdown dcn # interface GigabitEthernet0/2/5 undo shutdown dcn # interface GigabitEthernet0/2/6 undo shutdown dcn # interface GigabitEthernet0/2/7 undo shutdown dcn # interface GigabitEthernet0/2/8 undo shutdown dcn # interface GigabitEthernet0/2/9 undo shutdown dcn # interface GigabitEthernet0/5/0 description NNI::To 10Gbps::sr-03-obsxb::GigabitEthernet7/0/9::LL036847DF undo shutdown eth-trunk 1 undo dcn port-queue be wfq weight 15 outbound port-queue af1 wfq weight 25 outbound port-queue af3 wfq weight 30 outbound port-queue af4 wfq weight 30 outbound port-queue ef pq shaping shaping-percentage 35 outbound # interface GigabitEthernet0/5/1 undo shutdown dcn # interface GigabitEthernet0/5/2 undo shutdown dcn # interface GigabitEthernet0/5/3 undo shutdown dcn # interface GigabitEthernet0/6/0 description NNI::To 10Gbps::sr-04-glsfb::GigabitEthernet6/1/2::DWDM::LL036853::LL036850DF undo shutdown eth-trunk 2 undo dcn port-queue be wfq weight 15 outbound port-queue af1 wfq weight 25 outbound port-queue af3 wfq weight 30 outbound port-queue af4 wfq weight 30 outbound port-queue ef pq shaping shaping-percentage 35 outbound # interface GigabitEthernet0/6/1 undo shutdown dcn # interface GigabitEthernet0/6/2 undo shutdown dcn # interface GigabitEthernet0/6/3 undo shutdown dcn # interface LoopBack0 description *** Backbone_Router-ID *** ipv6 enable ip address 223.28.45.152 255.255.255.255 ipv6 address 2001:F40::1FE/128 isis enable 1 isis ipv6 enable 1 # interface LoopBack1023 description DCN loopback interface ip binding vpn-instance __dcn_vpn__ ip address 128.32.238.46 255.255.0.0 # interface NULL0 # bgp 9930 router-id 223.28.45.152 graceful-restart graceful-restart timer restart 120 group rr-peers internal peer rr-peers description iBGP Session to AS65206, TIME Route Reflectors (Central Malaysia) peer rr-peers connect-interface LoopBack0 peer rr-peers password cipher %^%#p`LfC0*Gz%^%# peer 223.28.0.234 as-number 9930 peer 223.28.0.234 group rr-peers peer 223.28.0.242 as-number 9930 peer 223.28.0.242 group rr-peers peer 223.28.0.251 as-number 9930 peer 223.28.0.251 group rr-peers group rr-peers6 internal peer rr-peers6 description "iBGP Session to AS9930, TIME Central Malaysia Route Reflectors (IPv6)" peer rr-peers6 connect-interface LoopBack0 peer rr-peers6 password cipher %^%#!yw\9L,uPEWIwh;jYSnYTD"=Y5F0,CEatW4S_PR0%^%# peer 2001:F40::FF6B as-number 9930 peer 2001:F40::FF6B group rr-peers6 peer 2001:F40::FF73 as-number 9930 peer 2001:F40::FF73 group rr-peers6 peer 2001:F40::FF7C as-number 9930 peer 2001:F40::FF7C group rr-peers6 # ipv4-family unicast undo synchronization import-route direct import-route static import-route unr nexthop recursive-lookup non-critical-event delay 0 peer rr-peers enable peer rr-peers route-policy BGP-OUTBOUND-POLICY-RR export peer rr-peers next-hop-local peer rr-peers advertise-community peer rr-peers advertise-ext-community peer 223.28.0.234 enable peer 223.28.0.234 group rr-peers peer 223.28.0.242 enable peer 223.28.0.242 group rr-peers peer 223.28.0.251 enable peer 223.28.0.251 group rr-peers peer rr-peers6 enable # ipv6-family unicast undo synchronization import-route direct import-route static import-route unr nexthop recursive-lookup non-critical-event delay 0 peer rr-peers6 enable peer rr-peers6 route-policy BGP-OUTBOUND-POLICY-RR6 export peer rr-peers6 next-hop-local peer rr-peers6 advertise-community peer rr-peers6 advertise-ext-community peer 2001:F40::FF6B enable peer 2001:F40::FF6B group rr-peers6 peer 2001:F40::FF73 enable peer 2001:F40::FF73 group rr-peers6 peer 2001:F40::FF7C enable peer 2001:F40::FF7C group rr-peers6 # ipv4-family vpnv4 policy vpn-target nexthop recursive-lookup non-critical-event delay 0 peer rr-peers enable peer rr-peers next-hop-local peer rr-peers advertise-community peer 223.28.0.234 enable peer 223.28.0.234 group rr-peers peer 223.28.0.242 enable peer 223.28.0.242 group rr-peers peer 223.28.0.251 enable peer 223.28.0.251 group rr-peers # ipv4-family vpn-instance SI300003-IMC-MGMT # ospf 65534 vpn-instance __dcn_vpn__ description DCN ospf create by default opaque-capability enable hostname vpn-instance-capability simple area 0.0.0.0 network 0.0.0.0 255.255.255.255 # !The DCN function implements the capability of plug-and-play for this device. !A NE IP address based on the unique NE ID is automatically generated in VPN !of DCN. It is recommended that the NE IP address be changed to the planned !one by running the ne-ip X.X.X.X command after the device being online. dcn # route-policy BGP-INBOUND-POLICY-CUSTOMERS permit node 10 apply local-preference 180 apply community 9930:1140 # route-policy BGP-INBOUND-POLICY-CUSTOMERS6 permit node 10 apply local-preference 180 apply community 9930:1140 # route-policy BGP-OUTBOUND-POLICY-RR permit node 10 apply local-preference 190 apply community 9930:1100 additive # route-policy BGP-OUTBOUND-POLICY-RR permit node 20 apply local-preference 180 apply community 9930:1140 additive # route-policy BGP-OUTBOUND-POLICY-RR permit node 999 # route-policy BGP-OUTBOUND-POLICY-RR6 permit node 10 apply local-preference 190 apply community 9930:1100 additive # route-policy BGP-OUTBOUND-POLICY-RR6 permit node 20 apply local-preference 180 apply community 9930:1140 additive # route-policy BGP-OUTBOUND-POLICY-RR6 permit node 999 # ip ip-prefix time-own-routes description "Announce These Routes To The Route Reflectors" ip ip-prefix time-own-routes index 10 permit 103.5.236.0 22 greater-equal 22 less-equal 32 ip ip-prefix time-own-routes index 20 permit 203.121.0.0 19 greater-equal 19 less-equal 32 ip ip-prefix time-own-routes index 30 permit 203.121.32.0 19 greater-equal 19 less-equal 32 ip ip-prefix time-own-routes index 40 permit 203.121.64.0 18 greater-equal 18 less-equal 32 ip ip-prefix time-own-routes index 50 permit 210.19.0.0 17 greater-equal 17 less-equal 32 ip ip-prefix time-own-routes index 60 permit 210.19.128.0 17 greater-equal 17 less-equal 32 ip ip-prefix time-own-routes index 70 permit 211.24.0.0 17 greater-equal 17 less-equal 32 ip ip-prefix time-own-routes index 80 permit 211.24.128.0 17 greater-equal 17 less-equal 32 ip ip-prefix time-own-routes index 90 permit 211.25.0.0 16 greater-equal 16 less-equal 32 ip ip-prefix time-own-routes index 100 permit 223.28.0.0 17 greater-equal 17 less-equal 32 ip ip-prefix time-own-routes index 110 permit 149.129.0.0 16 greater-equal 16 less-equal 32 ip ip-prefix time-own-routes index 120 permit 170.33.0.0 16 greater-equal 16 less-equal 32 ip ip-prefix time-own-routes index 130 permit 103.243.156.0 22 greater-equal 22 less-equal 32 ip ip-prefix time-own-routes index 999 deny 0.0.0.0 0 less-equal 32 ip ip-prefix transit-customers-no-routes-out description "Announce Only A Default Route To Transit BGP Customers" ip ip-prefix transit-customers-no-routes-out index 10 deny 0.0.0.0 0 less-equal 32 ip ip-prefix transit-non-bgp-customer-routes description "Announce These Non-BGP Customer Routes To The Route Reflectors" ip ip-prefix transit-non-bgp-customer-routes index 999 deny 0.0.0.0 0 less-equal 32 # ip ipv6-prefix time-own-routes6 description "Announce These Routes To The Route Reflectors" ip ipv6-prefix time-own-routes6 index 5 permit 2001:F40:: 32 greater-equal 32 less-equal 128 ip ipv6-prefix time-own-routes6 index 10 deny :: 0 less-equal 128 ip ipv6-prefix transit-customers-no-routes-out6 description "Announce No Routes To Transit BGP Customers (IPv6)" ip ipv6-prefix transit-customers-no-routes-out6 index 5 deny :: 0 less-equal 128 ip ipv6-prefix transit-non-bgp-customer-routes6 description "Announce These Non-BGP Customer Routes To The Route Reflectors" ip ipv6-prefix transit-non-bgp-customer-routes6 index 5 deny :: 0 less-equal 128 # snmp-agent snmp-agent acl snmp-access snmp-agent local-engineid 800007DB03E04BA6096A7D snmp-agent community read cipher %^%#I1.WFnJOj+r\ex~7Tjz5[pY%IOLQ4-ZQj#5{t!Q@5x^3(UvR\BLpQj+8{X,8uu\-MEo/&'%B}C6|DYMA%^%# alias __CommunityAliasName_01_33955 snmp-agent community read cipher %^%#HkOkAnmH@Y8&8--S+e1:xYwQ9EiUA"dJ]++8sBl1-4[~$gv]@ZyomL5>V(|G8>&<0[I{G6QoAxOKJi>U%^%# alias __CommunityAliasName_02_48940 # snmp-agent sys-info contact TIME dotCom NOC [soc@time.com.my] snmp-agent sys-info location CX5 Cyberjaya (CX5EB) snmp-agent sys-info version v2c v3 snmp-agent community complexity-check disable snmp-agent target-host host-name __targetHost_1_54738 trap address udp-domain 203.121.106.136 params securityname cipher %^%#$kWU+3g$v!e0:~9Y$zC=f[LND9"95Px=9=;l}AXS%^%# snmp-agent target-host host-name __targetHost_2_53207 trap address udp-domain 203.121.106.137 params securityname cipher %^%#"8EuQBvR\INza9%Y3>)+:Ls)1#E{Q=|cbZ)6CnG:%^%# snmp-agent target-host host-name __targetHost_3_36109 trap address udp-domain 203.121.107.198 params securityname cipher %^%#,4oy4Qu,iFd}95,jd6AS$Z_z)8]w1&UPXuNTKXpG%^%# snmp-agent target-host host-name __targetHost_4_47035 trap address udp-domain 203.121.108.193 params securityname cipher %^%#!WuHHr@Fb<8/4w/#)IMHT{`gYf\[iOW~}'0@)2[J%^%# # snmp-agent mib-view included iso iso # snmp-agent trap source LoopBack0 # snmp-agent protocol source-status all-interface snmp-agent protocol source-status ipv6 all-interface # undo snmp-agent proxy protocol source-status all-interface undo snmp-agent proxy protocol source-status ipv6 all-interface # snmp-agent trap enable # lldp enable # stelnet server enable sftp server enable snetconf server enable ssh user backbone ssh user backbone authentication-type password ssh user backbone service-type stelnet ssh user backbone sftp-directory cfcard: ssh user ipaccess ssh user ipaccess authentication-type password ssh user ipaccess service-type stelnet ssh user ipaccess sftp-directory cfcard: ssh user ossdevelopment ssh user ossdevelopment authentication-type password ssh user ossdevelopment service-type stelnet ssh user ossdevelopment sftp-directory cfcard: ssh user provision ssh user provision authentication-type password ssh user provision service-type stelnet ssh user provision sftp-directory cfcard: ssh user root ssh user root authentication-type password ssh user root service-type stelnet ssh user root sftp-directory cfcard: ssh server-source -i LoopBack1023 ssh server-source all-interface ssh ipv6 server-source all-interface ssh server acl management-access ssh authorization-type default aaa # ssh server cipher aes256_gcm aes128_gcm aes256_ctr aes192_ctr aes128_ctr ssh server hmac sha2_512 sha2_256_96 sha2_256 sha1 sha1_96 md5 md5_96 ssh server key-exchange dh_group_exchange_sha256 dh_group_exchange_sha1 dh_group14_sha1 dh_group1_sha1 ecdh_sha2_nistp256 ecdh_sha2_nistp384 ecdh_sha2_nistp521 sm2_kep dh_group16_sha512 # ssh server publickey ecc rsa rsa_sha2_256 rsa_sha2_512 # ssh server dh-exchange min-len 3072 # ssh client first-time enable sftp client-source -i LoopBack0 # ssh client publickey ecc rsa rsa_sha2_256 rsa_sha2_512 # ssh client cipher aes256_gcm aes128_gcm aes256_ctr aes192_ctr aes128_ctr ssh client hmac sha2_512 sha2_256_96 sha2_256 sha1 sha1_96 md5 md5_96 ssh client key-exchange dh_group_exchange_sha256 dh_group_exchange_sha1 dh_group14_sha1 dh_group1_sha1 ecdh_sha2_nistp256 ecdh_sha2_nistp384 ecdh_sha2_nistp521 sm2_kep dh_group16_sha512 # user-interface maximum-vty 21 # user-interface con 0 authentication-mode password set authentication password cipher $1c$WJo^~hO3>'$J#g<9='E^~FK22K.S11O[sByO;I!7.mI\iGMYYU0$ # user-interface vty 0 4 acl management-access inbound authentication-mode aaa protocol inbound ssh # user-interface vty 5 14 authentication-mode aaa # netconf activate module huawei-ip # local-aaa-server # warranty # return