! ---------- EDR-810-VPN-2GSFP ---------- vlan create 1 vlan create 10 vlan create 11 vlan create 101 vlan create 896 interface ethernet 1/1 no shutdown speed-duplex Auto no flowcontrol media cable-mode auto switchport access vlan 10 no spanning-tree edge-port interface ethernet 1/2 no shutdown speed-duplex Auto no flowcontrol media cable-mode auto switchport access vlan 11 no spanning-tree edge-port interface ethernet 1/3 no shutdown speed-duplex Auto no flowcontrol media cable-mode auto switchport access vlan 101 no spanning-tree edge-port interface ethernet 1/4 no shutdown speed-duplex Auto no flowcontrol media cable-mode auto switchport access vlan 1 no spanning-tree edge-port interface ethernet 1/5 no shutdown speed-duplex Auto no flowcontrol media cable-mode auto switchport access vlan 1 no spanning-tree edge-port interface ethernet 1/6 no shutdown speed-duplex Auto no flowcontrol media cable-mode auto switchport access vlan 1 no spanning-tree edge-port interface ethernet 1/7 no shutdown speed-duplex Auto no flowcontrol media cable-mode auto switchport access vlan 1 no spanning-tree edge-port interface ethernet 1/8 no shutdown speed-duplex Auto no flowcontrol media cable-mode auto switchport access vlan 896 no spanning-tree edge-port interface ethernet 1/9 no shutdown switchport access vlan 1 no spanning-tree edge-port interface ethernet 1/10 no shutdown switchport access vlan 1 no spanning-tree edge-port interface lan bind vlan 1 ip address static 192.168.127.254 255.255.255.0 name LAN interface vlan 10 ip address 10.0.1.29 255.255.255.224 name LAN10 interface vlan 11 ip address 10.0.1.61 255.255.255.224 name LAN11 interface vlan 101 ip address 10.0.101.254 255.255.255.0 name LAN101 interface bridge ip address 192.168.126.254 255.255.255.0 name BRG_LAN shutdown no goose-pass-through interface zone-base-bridge ip address 0.0.0.0 0.0.0.0 name ZONE_BRG shutdown no goose-pass-through interface wan bind vlan 896 ip address static 172.28.198.77 255.255.255.192 0.0.0.0 firewall 1 action accept interface ALL ALL protocol All mode ip src-ip all src-port all dst-ip all dst-port all logging severity 0 firewall malformed logging severity 0 l2-filter 1 action accept interface all all protocol all src-mac 0:0:0:0:0:0 dst-mac 0:0:0:0:0:0 ip nat static inside 10.0.1.1 outside wan 172.28.198.77 object network VM1 ip nat static inside 10.0.1.33 outside wan 10.0.101.11 object network VM2_WAN ip nat static inside 10.0.0.2 outside LAN11 10.0.1.58 object network VM4 ip nat static inside 10.0.101.1 outside LAN11 10.0.1.55 object network VM3 ip nat static inside 10.0.1.33 outside LAN101 10.0.101.11 object network VM2 dos icmp-death 4000 no dos icmp-death dos syn-flood 4000 no dos syn-flood dos arp-flood 4000 no dos arp-flood logging dos severity 0 snmp-server trap-mode trap-v1 ip ddns service disable lldp enable lldp timer 30 hostname EDR Left snmp-server location Device Location ip route static WAN 10.0.0.0 255.255.255.0 172.28.198.83 1 settingcheck timer 180 no interface trusted-access logging trusted-access severity 0 modbus-filter 1 action accept protocol all src-ip all dst-ip all function 0 uid 0 interface all all modbus-filter 1 disable redundancy no turbo-ring-v2 1 master no turbo-ring-v2 2 master no turbo-ring-v2 1 no turbo-ring-v2 2 no turbo-ring-v2 coupling redundancy mode rstp no ip igmp-snooping qos mapping dscp-to-queue 30 2 qos mode weighted-fair monitor source interface 1/1,2,3,4 both monitor destination interface 1/5 username admin password 810448e13d53513dddd17d6c045025abddd17d6c045025abddd17d6c045025ab31048d2e6661d3e07ec5d571e37f1886 privilege 1 username configadmin password 810448e13d53513dddd17d6c045025abddd17d6c045025abddd17d6c045025ab31048d2e6661d3e07ec5d571e37f1886 privilege 2 username configadmin privilege 4 username user password 810448e13d53513dddd17d6c045025abddd17d6c045025abddd17d6c045025ab31048d2e6661d3e07ec5d571e37f1886 privilege 3 moxa-utility ip telnet port 23 ip telnet ip ssh port 22 ip ssh ip telnet max-login-users 5 ip http-server port 80 ip http-server ip http-server secure port 443 ip http-server secure ip http-server max-login-users 5 ip ping-response ip auto-logout 5 auth radius auth-type pap ip broadcast-forward ip broadcast-forward in LAN10 out LAN101 udp 980 openvpn server 1 device-type tun protocol udp port 1194 no client-to-client comp-lzo keepalive cipher BF-CBC hash SHA1 network 10.8.0.0 255.255.255.0 push route 192.168.127.0 255.255.255.0 server-bridge openvpn server 1 disable openvpn client 1 device-type tun protocol udp server 0.0.0.0 port 1194 cipher BF-CBC hash SHA1 comp-lzo client-auth certificate openvpn client 1 disable openvpn client 2 device-type tun protocol udp server 0.0.0.0 port 1194 cipher BF-CBC hash SHA1 comp-lzo client-auth certificate openvpn client 2 disable no security-notification event-firewall no security-notification event-dosattack no security-notification event-accessviolation no security-notification event-loginfail password-policy minimum-length 4 no password-policy complexity-check no password-policy complexity-check digit no password-policy complexity-check alphabet no password-policy complexity-check special-characters no login-lockout login-lockout retry-threshold 5 login-lockout lockout-time 5 no logging-capacity logging-capacity snmp-trap-warning logging-capacity email-warning logging-capacity over-size-action overwrite-oldest no fast-bootup mtu WAN 1500 mtu LAN 1500 mtu LAN10 1500 mtu LAN11 1500 mtu LAN101 1500