aboutsummaryrefslogtreecommitdiff
path: root/tools/isp-sec.conf
blob: 33a35a6336786f46660b78962bf8ea8cb624c905 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
eth 110 0Mbps cpe11 ar1
eth 120 0Mbps cpe12 ar1
eth 130 0Mbps cpe13 ar1
eth 210 0Mbps cpe21 ar2
eth 220 0Mbps cpe22 ar2
eth 230 0Mbps cpe23 ar2
eth 310 0Mbps cpe31 ar3
eth 320 0Mbps cpe32 ar3
eth 330 0Mbps cpe33 ar3
eth 100 0Mbps ar1 manpe1
eth 200 0Mbps ar2 manpe1
eth 300 0Mbps ar3 manpe2
eth 410 0Mbps manpe1 manpe2
eth 411 0Mbps manpe1 manpe3
eth 412 0Mbps manpe1 manpe4
eth 420 0Mbps manpe2 manpe3
eth 421 0Mbps manpe2 manpe4
eth 430 0Mbps manpe3 manpe4
eth 510 0Mbps manpe3 ser1
eth 520 0Mbps manpe4 ser2
eth 600 0Mbps ser1 core1
eth 610 0Mbps ser1 core2
eth 620 0Mbps ser2 core1
eth 630 0Mbps ser2 core2
eth 700 0Mbps core1 core2
eth 710 0Mbps core1 core3
eth 720 0Mbps core2 core4
eth 730 0Mbps core3 core4
eth 640 0Mbps core3 edge1
eth 650 0Mbps core4 edge1
eth 660 0Mbps core3 edge2
eth 670 0Mbps core4 edge2
eth 800 0Mbps edge1 isp2
eth 810 0Mbps edge1 isp3
eth 820 0Mbps edge2 isp4
eth 830 0Mbps edge2 isp5

# DIF core
dif core ser1 600 610
dif core ser2 620 630
dif core core1 600 620 700 710
dif core core2 610 630 700 720
dif core core3 640 660 710 730 
dif core core4 650 670 720 730
dif core edge1 640 650
dif core edge2 660 670

# DIF access
dif access ar1 100
dif access ar2 200
dif access ar3 300
dif access manpe1 100 200 410 411 412
dif access manpe2 300 410 420 421
dif access manpe3 411 420 430 510
dif access manpe4 412 421 430 520
dif access ser1 510
dif access ser2 520

# DIF service
dif service ar1 access
dif service ar2 access
dif service ar3 access
dif service ser1 access core
dif service ser2 access core
dif service edge1 core
dif service edge2 core

# DIF emall1
dif emall1 cpe11 110
dif emall1 cpe12 120
dif emall1 cpe21 210
dif emall1 cpe22 220
dif emall1 cpe31 310
dif emall1 ar1 110 120 service
dif emall1 ar2 210 220 service
dif emall1 ar3 310 service
dif emall1 edge1 service 800
dif emall1 edge2 service 820
dif emall1 isp2 800
dif emall1 isp4 820

# DIF emall2
dif emall2 cpe13 130
dif emall2 cpe23 230
dif emall2 cpe32 320
dif emall2 cpe33 330
dif emall2 ar1 130 service
dif emall2 ar2 230 service
dif emall2 ar3 320 330 service
dif emall2 edge1 service 810
dif emall2 edge2 service 830
dif emall2 isp3 810
dif emall2 isp5 830

#policies
policy emall1 * security-manager.auth.default PSOC_authentication-ssh2 keyExchangeAlg=EDH keystore=/creds/ssh2 keystorePass=test
policy emall1 * security-manager.encrypt.default default encryptAlg=AES128 macAlg=SHA256 compressAlg=deflate 
policy emall1 ar1,ar2,ar3,edge1,edge2 security-manager.auth.service PSOC_authentication-none
policy emall2 * security-manager.auth.default PSOC_authentication-ssh2 keyExchangeAlg=EDH keystore=/creds/ssh2 keystorePass=test
policy emall2 * security-manager.encrypt.default default encryptAlg=AES128 macAlg=SHA256 compressAlg=deflate
policy emall2 ar1,ar2,ar3,edge1,edge2 security-manager.auth.service PSOC_authentication-none

#Enrollments
enroll access ar1 manpe1 100
enroll access ar2 manpe1 200
enroll access ar3 manpe2 300
enroll access ser1 manpe3 510
enroll access ser2 manpe4 520
enroll access manpe1 manpe2 410
enroll access manpe1 manpe3 411
enroll access manpe1 manpe4 412
enroll access manpe2 manpe3 420
enroll access manpe2 manpe4 421
enroll access manpe3 manpe4 430

enroll core core1 core2 700
enroll core core1 core3 710
enroll core core2 core4 720
enroll core core3 core4 730
enroll core ser1 core1 600
enroll core ser1 core2 610
enroll core ser2 core1 620
enroll core ser2 core2 630
enroll core edge1 core3 640
enroll core edge1 core4 650
enroll core edge2 core3 660
enroll core edge2 core4 670

enroll service edge1 edge2 core
enroll service edge1 ser1 core
enroll service edge1 ser2 core
enroll service edge2 ser1 core
enroll service edge2 ser2 core
enroll service ser1 ser2 core
enroll service ar1 ser1 access
enroll service ar1 ser2 access
enroll service ar2 ser1 access
enroll service ar2 ser2 access
enroll service ar3 ser1 access
enroll service ar3 ser2 access

enroll emall1 cpe11 ar1 110
enroll emall1 cpe12 ar1 120
enroll emall1 cpe21 ar2 210
enroll emall1 cpe22 ar2 220
enroll emall1 cpe31 ar3 310
enroll emall1 ar1 edge1 service
enroll emall1 ar1 edge2 service
enroll emall1 ar2 edge1 service
enroll emall1 ar2 edge2 service
enroll emall1 ar3 edge1 service
enroll emall1 ar3 edge2 service
enroll emall1 edge1 edge2 service
enroll emall1 isp2 edge1 800
enroll emall1 isp4 edge2 820

enroll emall2 cpe13 ar1 130
enroll emall2 cpe23 ar2 230
enroll emall2 cpe32 ar3 320
enroll emall2 cpe33 ar3 330
enroll emall2 ar1 edge1 service
enroll emall2 ar1 edge2 service
enroll emall2 ar2 edge1 service
enroll emall2 ar2 edge2 service
enroll emall2 ar3 edge1 service
enroll emall2 ar3 edge2 service
enroll emall2 edge1 edge2 service
enroll emall2 isp3 edge1 810
enroll emall2 isp5 edge2 830

#Overlays
overlay ar1 overlays/ispsec/ar1
overlay ar2 overlays/ispsec/ar2
overlay ar3 overlays/ispsec/ar3
overlay cpe11 overlays/ispsec/cpe11
overlay cpe12 overlays/ispsec/cpe12
overlay cpe13 overlays/ispsec/cpe13
overlay cpe21 overlays/ispsec/cpe21
overlay cpe22 overlays/ispsec/cpe22
overlay cpe23 overlays/ispsec/cpe23
overlay cpe31 overlays/ispsec/cpe31
overlay cpe32 overlays/ispsec/cpe32
overlay cpe33 overlays/ispsec/cpe33
overlay edge1 overlays/ispsec/edge1
overlay edge2 overlays/ispsec/edge2
overlay isp2 overlays/ispsec/isp2
overlay isp3 overlays/ispsec/isp3
overlay isp4 overlays/ispsec/isp4
overlay isp5 overlays/ispsec/isp5