! ---------- EDR-810-VPN-2GSFP ----------
vlan create  99
vlan create  1
vlan create  898
interface ethernet 1/1
 no shutdown 
 speed-duplex Auto
 no flowcontrol 
 media cable-mode auto
 switchport access vlan  1
 no spanning-tree edge-port 
interface ethernet 1/2
 no shutdown 
 speed-duplex Auto
 no flowcontrol 
 media cable-mode auto
 switchport access vlan  99
 no spanning-tree edge-port 
interface ethernet 1/3
 no shutdown 
 speed-duplex Auto
 no flowcontrol 
 media cable-mode auto
 switchport access vlan  99
 no spanning-tree edge-port 
interface ethernet 1/4
 no shutdown 
 speed-duplex Auto
 no flowcontrol 
 media cable-mode auto
 switchport access vlan  99
 no spanning-tree edge-port 
interface ethernet 1/5
 no shutdown 
 speed-duplex Auto
 no flowcontrol 
 media cable-mode auto
 switchport access vlan  99
 no spanning-tree edge-port 
interface ethernet 1/6
 no shutdown 
 speed-duplex Auto
 no flowcontrol 
 media cable-mode auto
 switchport access vlan  99
 no spanning-tree edge-port 
interface ethernet 1/7
 no shutdown 
 speed-duplex Auto
 no flowcontrol 
 media cable-mode auto
 switchport access vlan  99
 no spanning-tree edge-port 
interface ethernet 1/8
 no shutdown 
 speed-duplex Auto
 no flowcontrol 
 media cable-mode auto
 switchport access vlan  898
 no spanning-tree edge-port 
interface ethernet 1/9
 no shutdown 
 switchport access vlan  1
 no spanning-tree edge-port 
interface ethernet 1/10
 no shutdown 
 switchport access vlan  1
 no spanning-tree edge-port 
interface lan 
 bind vlan 99
 ip address  static 192.168.127.254 255.255.255.0
 name  LAN
interface vlan  1
 ip address   10.0.0.100 255.255.255.0
 name  LAN1
interface bridge 
 ip address 192.168.126.254 255.255.255.0
 name BRG_LAN
 shutdown 
 no goose-pass-through 
interface zone-base-bridge 
 ip address 0.0.0.0 0.0.0.0
 name ZONE_BRG
 shutdown 
 no goose-pass-through 
interface wan 
 bind vlan 898
 ip address static 172.28.198.83 255.255.255.192 0.0.0.0 
firewall 1
 action accept
 interface ALL ALL
 protocol All
 mode ip
 src-ip all
 src-port all
 dst-ip all
 dst-port all
 logging severity 0
firewall malformed logging severity 0
l2-filter 1
 action accept
 interface all all
 protocol all
 src-mac 0:0:0:0:0:0
 dst-mac 0:0:0:0:0:0
dos icmp-death 4000
no dos icmp-death
dos syn-flood 4000
no dos syn-flood
dos arp-flood 4000
no dos arp-flood
logging dos severity 0
snmp-server trap-mode trap-v1
ip ddns service disable
lldp enable 
lldp timer 30
hostname EDR Right
snmp-server location Device Location
ip route static WAN 10.0.101.0 255.255.255.0 172.28.198.77 1
ip route static WAN2 10.0.1.32 255.255.255.224 172.28.198.77 1
ip route static WAN2 disable
settingcheck timer 180
no interface trusted-access  
logging trusted-access severity 0
modbus-filter 1
 action accept
 protocol all
 src-ip all
 dst-ip all
 function 0
 uid 0
 interface all all 
modbus-filter 1 disable
redundancy 
 no turbo-ring-v2  1 master
 no turbo-ring-v2  2 master
 no turbo-ring-v2  1
 no turbo-ring-v2  2
 no turbo-ring-v2 coupling  
redundancy mode rstp
no ip igmp-snooping 
qos mapping dscp-to-queue 30 2
qos mode weighted-fair
monitor source interface 1/1,8 both
monitor destination interface 1/5
username admin password 810448e13d53513dddd17d6c045025abddd17d6c045025abddd17d6c045025ab31048d2e6661d3e07ec5d571e37f1886 privilege 1
username configadmin password 810448e13d53513dddd17d6c045025abddd17d6c045025abddd17d6c045025ab31048d2e6661d3e07ec5d571e37f1886 privilege 2
username configadmin privilege 4
username user password 810448e13d53513dddd17d6c045025abddd17d6c045025abddd17d6c045025ab31048d2e6661d3e07ec5d571e37f1886 privilege 3
moxa-utility 
ip telnet port 23
ip telnet
ip ssh port 22
ip ssh
ip telnet max-login-users 5
ip http-server port 80
ip http-server
ip http-server secure port 443
ip http-server secure
ip http-server max-login-users 5
ip ping-response
ip auto-logout 5
auth radius auth-type pap
openvpn server 1
 device-type tun
 protocol udp
 port 1194
 no client-to-client 
 comp-lzo 
 keepalive 
 cipher BF-CBC
 hash SHA1
 network 10.8.0.0 255.255.255.0
 push route 192.168.127.0 255.255.255.0
 server-bridge 
openvpn server 1 disable
openvpn client 1
 device-type tun
 protocol udp
 server 0.0.0.0 port 1194
 cipher BF-CBC
 hash SHA1
 comp-lzo 
 client-auth certificate
openvpn client 1 disable
openvpn client 2
 device-type tun
 protocol udp
 server 0.0.0.0 port 1194
 cipher BF-CBC
 hash SHA1
 comp-lzo 
 client-auth certificate
openvpn client 2 disable
no security-notification event-firewall
no security-notification event-dosattack
no security-notification event-accessviolation
no security-notification event-loginfail
password-policy minimum-length 4
no password-policy complexity-check
no password-policy complexity-check digit
no password-policy complexity-check alphabet
no password-policy complexity-check special-characters
no login-lockout 
login-lockout retry-threshold 5
login-lockout lockout-time 5
no logging-capacity 
logging-capacity snmp-trap-warning
logging-capacity email-warning
logging-capacity over-size-action overwrite-oldest
no fast-bootup 
mtu WAN 1500
mtu LAN 1500
mtu LAN1 1500