==== router ==== Konfiguracija se nahaja na gecko:/storage/raid/podatki/podatki/tine/router/. Delujoca konfiguracija: You can directly paste anything in 'set' notation in config mode. You can copy hundreds of lines in set notation if you first use 'load set terminal'. 'load set terminal' switches off JunOS' command parser and doesn't check if what you're pasting makes sense (for the most part. You'll be told if there are errors. While pasting you will be told about issues but JunOS won't barf and stop processing.). It allows you to quickly paste hundreds of lines and then at the end Ctrl-D will parse it all and drop back into config mode. -------------------------------------------------------------- To override a candidate configuration: Make sure that you are at the top level of the configuration mode hierarchy. If you are below the top level, enter exit to return to the top level. From the top level of the configuration hierarchy, enter the load override terminal command: user@host# load override terminal [Type ^D at a new line to end input] Copy the section of the configuration from a file or an application window. Paste the copied text into the CLI of the terminal window that you are using to configure a device. Press Enter once. Make sure that you perform this step before proceeding. Press Ctrl+d to indicate the end of the pasted text. To verify the configuration but not activate it, use the show command. user@host# show ## Last changed: 2010-02-02 20:49:24 UTC version 10.0R2.10; system { host-name SRX; ... ... To verity the syntax for the commands that were entered, use the commit check command. user@host# commit check --------------------------------------------------------------- root@router# show | display set set version 15.1X49-D70.3 set system host-name router set system domain-name rtvslo.si set system domain-search rtvslo.si set system time-zone Europe/Ljubljana set system location country-code SI set system location building ===KUMP=== set system ports console log-out-on-disconnect set system root-authentication encrypted-password "$5$CP6UfxXK$mu0py9rF0MPIpc9wgQhCaBxHI7HASm6GyadCZK.5Z07" set system name-server 8.8.8.8 set system name-server 8.8.4.4 set system login announcement "===You are now logged into KUMP SRX300 router===" set system login message "===All attempts are logged.===" set system services ssh protocol-version v2 set system services telnet set system services xnm-clear-text set system services netconf ssh set system services web-management https port 443 set system services web-management https system-generated-certificate set system services web-management https interface ge-0/0/0.0 set system services web-management https interface irb.0 set system services web-management session idle-timeout 60 set system services web-management session session-limit 5 set system syslog archive size 100k set system syslog archive files 3 set system syslog user * any emergency set system syslog file messages any critical set system syslog file messages authorization info set system syslog file interactive-commands any critical set system syslog file interactive-commands interactive-commands any set system max-configurations-on-flash 49 set system max-configuration-rollbacks 49 set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval set system processes utmd disable set system ntp server 193.2.4.6 set security log mode event set security log event-rate 1000 set security alg dns disable set security alg ftp disable set security alg msrpc disable set security alg sunrpc disable set security alg rsh disable set security alg rtsp disable set security alg sql disable set security alg talk disable set security alg tftp disable set security alg pptp disable set security flow syn-flood-protection-mode syn-cookie set security flow tcp-mss all-tcp mss 1300 set security flow tcp-mss ipsec-vpn mss 1350 set security screen ids-option Untrust-screen icmp ping-death set security screen ids-option Untrust-screen ip source-route-option set security screen ids-option Untrust-screen ip tear-drop set security screen ids-option Untrust-screen tcp syn-flood alarm-threshold 1024 set security screen ids-option Untrust-screen tcp syn-flood attack-threshold 200 set security screen ids-option Untrust-screen tcp syn-flood source-threshold 1024 set security screen ids-option Untrust-screen tcp syn-flood destination-threshold 2048 set security screen ids-option Untrust-screen tcp syn-flood timeout 20 set security screen ids-option Untrust-screen tcp land set security nat source rule-set lan-to-Untrust from zone LAN set security nat source rule-set lan-to-Untrust from zone WIFI-GOSTI set security nat source rule-set lan-to-Untrust from zone WIFI-LAN set security nat source rule-set lan-to-Untrust to zone Untrust set security nat source rule-set lan-to-Untrust rule source-nat-rule match source-address 0.0.0.0/0 set security nat source rule-set lan-to-Untrust rule source-nat-rule then source-nat interface set security nat destination pool dnat_pi_wireguard routing-instance LAN-VR set security nat destination pool dnat_pi_wireguard address 192.168.100.11/32 set security nat destination pool dnat_pi_wireguard address port 1607 set security nat destination pool dnat_loxone routing-instance LAN-VR set security nat destination pool dnat_loxone address 192.168.100.3/32 set security nat destination pool dnat_loxone address port 80 set security nat destination pool dnat_kump-nb address 192.168.100.225/32 set security nat destination pool dnat_kump-nb address port 22 set security nat destination pool dnat_gecko_ssh routing-instance LAN-VR set security nat destination pool dnat_gecko_ssh address 192.168.100.200/32 set security nat destination pool dnat_gecko_ssh address port 22 set security nat destination pool dnat_backup-dimenzija_ssh routing-instance LAN-VR set security nat destination pool dnat_backup-dimenzija_ssh address 192.168.100.101/32 set security nat destination pool dnat_backup-dimenzija_ssh address port 22 set security nat destination rule-set dst-nat from zone Untrust set security nat destination rule-set dst-nat rule pi-wireguard match destination-address 89.212.182.116/32 set security nat destination rule-set dst-nat rule pi-wireguard match destination-port 1607 set security nat destination rule-set dst-nat rule pi-wireguard then destination-nat pool dnat_pi_wireguard set security nat destination rule-set dst-nat rule loxone_inbound match destination-address 89.212.182.116/16 set security nat destination rule-set dst-nat rule loxone_inbound match destination-port 53000 set security nat destination rule-set dst-nat rule loxone_inbound then destination-nat pool dnat_loxone set security nat destination rule-set dst-nat rule kump-nb_inbound match destination-address 89.212.182.116/16 set security nat destination rule-set dst-nat rule kump-nb_inbound match destination-port 54321 set security nat destination rule-set dst-nat rule kump-nb_inbound then destination-nat pool dnat_kump-nb set security nat destination rule-set dst-nat rule gecko_inbound match destination-address 89.212.182.116/16 set security nat destination rule-set dst-nat rule gecko_inbound match destination-port 1755 set security nat destination rule-set dst-nat rule gecko_inbound then destination-nat pool dnat_gecko_ssh set security nat destination rule-set dst-nat rule backup-dimenzija_inbound match destination-address 89.212.182.116/16 set security nat destination rule-set dst-nat rule backup-dimenzija_inbound match destination-port 22 set security nat destination rule-set dst-nat rule backup-dimenzija_inbound then destination-nat pool dnat_backup-dimenzija_ssh set security policies from-zone LAN to-zone Untrust policy lan-to-untrust match source-address any set security policies from-zone LAN to-zone Untrust policy lan-to-untrust match destination-address any set security policies from-zone LAN to-zone Untrust policy lan-to-untrust match application any set security policies from-zone LAN to-zone Untrust policy lan-to-untrust then permit set security policies from-zone LAN to-zone LAN policy lan-to-lan match source-address any set security policies from-zone LAN to-zone LAN policy lan-to-lan match destination-address any set security policies from-zone LAN to-zone LAN policy lan-to-lan match application any set security policies from-zone LAN to-zone LAN policy lan-to-lan then permit set security policies from-zone LAN to-zone WIFI-GOSTI policy lan-to-wifi-gosti match source-address any set security policies from-zone LAN to-zone WIFI-GOSTI policy lan-to-wifi-gosti match destination-address any set security policies from-zone LAN to-zone WIFI-GOSTI policy lan-to-wifi-gosti match application any set security policies from-zone LAN to-zone WIFI-GOSTI policy lan-to-wifi-gosti then permit set security policies from-zone LAN to-zone WIFI-LAN policy lan-to-wifi-lan match source-address any set security policies from-zone LAN to-zone WIFI-LAN policy lan-to-wifi-lan match destination-address any set security policies from-zone LAN to-zone WIFI-LAN policy lan-to-wifi-lan match application any set security policies from-zone LAN to-zone WIFI-LAN policy lan-to-wifi-lan then permit set security policies from-zone WIFI-LAN to-zone LAN policy wifi-lan-to-lan match source-address any set security policies from-zone WIFI-LAN to-zone LAN policy wifi-lan-to-lan match destination-address any set security policies from-zone WIFI-LAN to-zone LAN policy wifi-lan-to-lan match application any set security policies from-zone WIFI-LAN to-zone LAN policy wifi-lan-to-lan then permit set security policies from-zone WIFI-LAN to-zone Untrust policy wifi-lan-to-untrust match source-address any set security policies from-zone WIFI-LAN to-zone Untrust policy wifi-lan-to-untrust match destination-address any set security policies from-zone WIFI-LAN to-zone Untrust policy wifi-lan-to-untrust match application any set security policies from-zone WIFI-LAN to-zone Untrust policy wifi-lan-to-untrust then permit set security policies from-zone WIFI-GOSTI to-zone Untrust policy wifi-gosti-to-untrust match source-address any set security policies from-zone WIFI-GOSTI to-zone Untrust policy wifi-gosti-to-untrust match destination-address any set security policies from-zone WIFI-GOSTI to-zone Untrust policy wifi-gosti-to-untrust match application any set security policies from-zone WIFI-GOSTI to-zone Untrust policy wifi-gosti-to-untrust then permit set security policies from-zone Untrust to-zone LAN policy inbound_pi match source-address any set security policies from-zone Untrust to-zone LAN policy inbound_pi match destination-address lan.pi set security policies from-zone Untrust to-zone LAN policy inbound_pi match application pi-wireguard set security policies from-zone Untrust to-zone LAN policy inbound_pi then permit set security policies from-zone Untrust to-zone LAN policy inbound_pi then log session-close set security policies from-zone Untrust to-zone LAN policy inbound_kump_nb match source-address any set security policies from-zone Untrust to-zone LAN policy inbound_kump_nb match destination-address lan.kump-nb set security policies from-zone Untrust to-zone LAN policy inbound_kump_nb match application junos-ssh set security policies from-zone Untrust to-zone LAN policy inbound_kump_nb then permit set security policies from-zone Untrust to-zone LAN policy inbound_gecko match source-address any set security policies from-zone Untrust to-zone LAN policy inbound_gecko match destination-address lan.gecko set security policies from-zone Untrust to-zone LAN policy inbound_gecko match application junos-ssh set security policies from-zone Untrust to-zone LAN policy inbound_gecko then permit set security policies from-zone Untrust to-zone LAN policy inbound_loxone match source-address any set security policies from-zone Untrust to-zone LAN policy inbound_loxone match destination-address lan.loxone set security policies from-zone Untrust to-zone LAN policy inbound_loxone match application junos-http set security policies from-zone Untrust to-zone LAN policy inbound_loxone then permit set security policies from-zone Untrust to-zone LAN policy inbound_backup-dimenzija match source-address inet.mmlj set security policies from-zone Untrust to-zone LAN policy inbound_backup-dimenzija match source-address inet.dmnm set security policies from-zone Untrust to-zone LAN policy inbound_backup-dimenzija match source-address inet.mao set security policies from-zone Untrust to-zone LAN policy inbound_backup-dimenzija match source-address inet.tms set security policies from-zone Untrust to-zone LAN policy inbound_backup-dimenzija match source-address inet.modg set security policies from-zone Untrust to-zone LAN policy inbound_backup-dimenzija match destination-address lan.backup-dimenzija set security policies from-zone Untrust to-zone LAN policy inbound_backup-dimenzija match application junos-ssh set security policies from-zone Untrust to-zone LAN policy inbound_backup-dimenzija then permit set security policies global policy Permit-ANY match source-address any set security policies global policy Permit-ANY match destination-address any set security policies global policy Permit-ANY match application any set security policies global policy Permit-ANY then permit set security policies global policy Permit-ANY then log session-init deactivate security policies global policy Permit-ANY set security zones security-zone LAN address-book address lan.pi 192.168.100.11/32 set security zones security-zone LAN address-book address lan.dmserver 192.168.100.20/32 set security zones security-zone LAN address-book address lan.gecko 192.168.100.200/32 set security zones security-zone LAN address-book address lan.loxone 192.168.100.3/32 set security zones security-zone LAN address-book address lan.kump-nb 192.168.100.225/32 set security zones security-zone LAN address-book address lan.tina-nb 192.168.100.103/32 set security zones security-zone LAN address-book address lan.tina-tel 192.168.100.104/32 set security zones security-zone LAN address-book address lan.tine-tab 192.168.100.102/32 set security zones security-zone LAN address-book address lan.tine-tel 192.168.100.101/32 set security zones security-zone LAN address-book address lan.monitor 192.168.100.30/32 set security zones security-zone LAN address-book address lan.ae 192.168.100.10/32 set security zones security-zone LAN address-book address lan.wf.gosti 192.168.10.0/24 set security zones security-zone LAN address-book address lan.kump 192.168.100.0/24 set security zones security-zone LAN address-book address lan.wf_home 192.168.20.0/24 set security zones security-zone LAN address-book address lan.backup-dimenzija 192.168.100.101/32 set security zones security-zone LAN interfaces lo0.0 host-inbound-traffic system-services all set security zones security-zone LAN interfaces irb.0 host-inbound-traffic system-services all set security zones security-zone LAN interfaces irb.1 host-inbound-traffic system-services all set security zones security-zone Untrust address-book address inet.mmlj 194.249.200.16/32 set security zones security-zone Untrust address-book address inet.dmnm 193.2.186.210/32 set security zones security-zone Untrust address-book address inet.mao 193.2.211.202/32 set security zones security-zone Untrust address-book address inet.tms 194.249.87.226/32 set security zones security-zone Untrust address-book address inet.modg 149.62.86.75/32 set security zones security-zone Untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ping set security zones security-zone Untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh set security zones security-zone Untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services https set security zones security-zone Untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ike set security zones security-zone Untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services dhcp set security zones security-zone WIFI-GOSTI interfaces irb.10 host-inbound-traffic system-services all set security zones security-zone WIFI-LAN interfaces irb.20 host-inbound-traffic system-services all set interfaces ge-0/0/0 description ===Untrust-Internet=== set interfaces ge-0/0/0 unit 0 family inet dhcp-client set interfaces ge-0/0/1 description ===WIFI-AP=== set interfaces ge-0/0/1 native-vlan-id 3 set interfaces ge-0/0/1 unit 0 family ethernet-switching interface-mode trunk set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members vlan-lan set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members wifi-gosti set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members wifi-lan set interfaces ge-0/0/2 description ===LAN=== set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members vlan-lan set interfaces ge-0/0/3 description ===LAN=== set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members vlan-lan set interfaces ge-0/0/4 description ===LAN=== set interfaces ge-0/0/4 unit 0 family ethernet-switching vlan members vlan-lan set interfaces ge-0/0/5 description ===LAN=== set interfaces ge-0/0/5 unit 0 family ethernet-switching vlan members vlan-lan set interfaces ge-0/0/6 description ===LAN=== set interfaces ge-0/0/6 unit 0 family ethernet-switching vlan members vlan-lan set interfaces ge-0/0/7 description ===LAN=== set interfaces ge-0/0/7 unit 0 family ethernet-switching vlan members vlan-lan set interfaces irb unit 0 description ===LAN=== set interfaces irb unit 0 family inet address 192.168.100.1/24 set interfaces irb unit 1 description ===test=== set interfaces irb unit 1 family inet address 192.168.111.1/24 set interfaces irb unit 10 description ===WIFI-GOSTI=== set interfaces irb unit 10 family inet address 192.168.10.1/24 set interfaces irb unit 20 description ===WIFI-LAN=== set interfaces irb unit 20 family inet address 192.168.20.1/24 set interfaces lo0 unit 0 description ===Loopback-Interface=== set interfaces lo0 unit 0 family inet filter input ALLOWED-MGMT-TRAFFIC set interfaces lo0 unit 0 family inet address 10.10.10.1/32 set routing-options graceful-restart set routing-options router-id 10.10.10.1 set protocols l2-learning global-mode switching set policy-options prefix-list Allowed-MGMT-IPs-UNTRUST 94.103.64.0/20 set policy-options prefix-list Allowed-MGMT-IPs-UNTRUST 192.168.253.2/32 set policy-options prefix-list Allowed-MGMT-IPs-LAN 192.168.20.0/24 set policy-options prefix-list Allowed-MGMT-IPs-LAN 192.168.100.0/24 set policy-options prefix-list Allowed-MGMT-IPs-LAN 192.168.111.0/24 set policy-options prefix-list Allowed-MGMT-IPs-LAN 192.168.253.0/24 set policy-options prefix-list Allowed-MGMT-IPs-LAN 192.168.253.2/32 set firewall family inet filter ALLOWED-MGMT-TRAFFIC term NotPERMITED from source-address 0.0.0.0/0 set firewall family inet filter ALLOWED-MGMT-TRAFFIC term NotPERMITED from source-prefix-list Allowed-MGMT-IPs-UNTRUST except set firewall family inet filter ALLOWED-MGMT-TRAFFIC term NotPERMITED from source-prefix-list Allowed-MGMT-IPs-LAN except set firewall family inet filter ALLOWED-MGMT-TRAFFIC term NotPERMITED from protocol tcp set firewall family inet filter ALLOWED-MGMT-TRAFFIC term NotPERMITED from destination-port ssh set firewall family inet filter ALLOWED-MGMT-TRAFFIC term NotPERMITED from destination-port https set firewall family inet filter ALLOWED-MGMT-TRAFFIC term NotPERMITED then count NotPERMITED set firewall family inet filter ALLOWED-MGMT-TRAFFIC term NotPERMITED then log set firewall family inet filter ALLOWED-MGMT-TRAFFIC term NotPERMITED then discard set firewall family inet filter ALLOWED-MGMT-TRAFFIC term ICMP from protocol icmp set firewall family inet filter ALLOWED-MGMT-TRAFFIC term ICMP from icmp-type echo-request set firewall family inet filter ALLOWED-MGMT-TRAFFIC term ICMP from icmp-type echo-reply set firewall family inet filter ALLOWED-MGMT-TRAFFIC term ICMP then count ICMP set firewall family inet filter ALLOWED-MGMT-TRAFFIC term ICMP then accept set firewall family inet filter ALLOWED-MGMT-TRAFFIC term Allow-ALL then count Allow-ALL set firewall family inet filter ALLOWED-MGMT-TRAFFIC term Allow-ALL then log set firewall family inet filter ALLOWED-MGMT-TRAFFIC term Allow-ALL then accept set routing-instances LAN-VR description ===LAN-VR=== set routing-instances LAN-VR instance-type virtual-router set routing-instances LAN-VR system services dhcp-local-server group test interface irb.1 set routing-instances LAN-VR system services dhcp-local-server group LAN interface irb.0 set routing-instances LAN-VR system services dhcp-local-server group WIFI-GOSTI interface irb.10 set routing-instances LAN-VR system services dhcp-local-server group WIFI-LAN interface irb.20 set routing-instances LAN-VR access address-assignment pool LAN family inet network 192.168.100.0/24 set routing-instances LAN-VR access address-assignment pool LAN family inet range Range low 192.168.100.2 set routing-instances LAN-VR access address-assignment pool LAN family inet range Range high 192.168.100.254 set routing-instances LAN-VR access address-assignment pool LAN family inet dhcp-attributes maximum-lease-time 1440 set routing-instances LAN-VR access address-assignment pool LAN family inet dhcp-attributes domain-name tine.net set routing-instances LAN-VR access address-assignment pool LAN family inet dhcp-attributes name-server 192.168.100.11 set routing-instances LAN-VR access address-assignment pool LAN family inet dhcp-attributes router 192.168.100.1 set routing-instances LAN-VR access address-assignment pool LAN family inet host ae hardware-address 08:00:27:f8:b6:b9 set routing-instances LAN-VR access address-assignment pool LAN family inet host ae ip-address 192.168.100.10 set routing-instances LAN-VR access address-assignment pool LAN family inet host boshi hardware-address b8:27:eb:a6:d5:ea set routing-instances LAN-VR access address-assignment pool LAN family inet host boshi ip-address 192.168.100.11 set routing-instances LAN-VR access address-assignment pool LAN family inet host kodi hardware-address 08:00:27:43:f7:0a set routing-instances LAN-VR access address-assignment pool LAN family inet host kodi ip-address 192.168.100.12 set routing-instances LAN-VR access address-assignment pool LAN family inet host tine hardware-address 08:00:27:b1:10:90 set routing-instances LAN-VR access address-assignment pool LAN family inet host tine ip-address 192.168.100.150 set routing-instances LAN-VR access address-assignment pool LAN family inet host printer hardware-address 00:1b:a9:f8:ae:8c set routing-instances LAN-VR access address-assignment pool LAN family inet host printer ip-address 192.168.100.2 set routing-instances LAN-VR access address-assignment pool LAN family inet host dmserver hardware-address 08:00:27:26:ba:c8 set routing-instances LAN-VR access address-assignment pool LAN family inet host dmserver ip-address 192.168.100.20 set routing-instances LAN-VR access address-assignment pool LAN family inet host gecko hardware-address 14:da:e9:29:99:0b set routing-instances LAN-VR access address-assignment pool LAN family inet host gecko ip-address 192.168.100.200 set routing-instances LAN-VR access address-assignment pool LAN family inet host security hardware-address 08:00:27:93:53:97 set routing-instances LAN-VR access address-assignment pool LAN family inet host security ip-address 192.168.100.201 set routing-instances LAN-VR access address-assignment pool LAN family inet host cam-vhod hardware-address 38:af:29:b5:43:52 set routing-instances LAN-VR access address-assignment pool LAN family inet host cam-vhod ip-address 192.168.100.21 set routing-instances LAN-VR access address-assignment pool LAN family inet host cam-zadaj hardware-address 38:af:29:b5:43:28 set routing-instances LAN-VR access address-assignment pool LAN family inet host cam-zadaj ip-address 192.168.100.22 set routing-instances LAN-VR access address-assignment pool LAN family inet host cam-dnevna hardware-address 38:af:29:e4:ef:24 set routing-instances LAN-VR access address-assignment pool LAN family inet host cam-dnevna ip-address 192.168.100.23 set routing-instances LAN-VR access address-assignment pool LAN family inet host cam-parking hardware-address 38:af:29:e4:ef:49 set routing-instances LAN-VR access address-assignment pool LAN family inet host cam-parking ip-address 192.168.100.24 set routing-instances LAN-VR access address-assignment pool LAN family inet host cam-vrt hardware-address 38:af:29:b5:45:ed set routing-instances LAN-VR access address-assignment pool LAN family inet host cam-vrt ip-address 192.168.100.25 set routing-instances LAN-VR access address-assignment pool LAN family inet host pi-hole hardware-address 08:00:27:18:72:b3 set routing-instances LAN-VR access address-assignment pool LAN family inet host pi-hole ip-address 192.168.100.254 set routing-instances LAN-VR access address-assignment pool LAN family inet host loxone hardware-address ee:e0:00:08:00:ee set routing-instances LAN-VR access address-assignment pool LAN family inet host loxone ip-address 192.168.100.3 set routing-instances LAN-VR access address-assignment pool LAN family inet host monitor hardware-address 08:00:27:8a:ea:61 set routing-instances LAN-VR access address-assignment pool LAN family inet host monitor ip-address 192.168.100.30 set routing-instances LAN-VR access address-assignment pool LAN family inet host wifi hardware-address 00:03:7f:e0:00:2a set routing-instances LAN-VR access address-assignment pool LAN family inet host wifi ip-address 192.168.100.4 set routing-instances LAN-VR access address-assignment pool LAN family inet host zabbix hardware-address 08:00:27:e6:93:52 set routing-instances LAN-VR access address-assignment pool LAN family inet host zabbix ip-address 192.168.100.40 set routing-instances LAN-VR access address-assignment pool LAN family inet host arlo hardware-address dc:ef:09:b0:50:0f set routing-instances LAN-VR access address-assignment pool LAN family inet host arlo ip-address 192.168.100.5 set routing-instances LAN-VR access address-assignment pool LAN family inet host wf-ap hardware-address f0:9f:c2:73:28:24 set routing-instances LAN-VR access address-assignment pool LAN family inet host wf-ap ip-address 192.168.100.6 set routing-instances LAN-VR access address-assignment pool LAN family inet host wf-controller hardware-address 08:00:27:3f:91:c7 set routing-instances LAN-VR access address-assignment pool LAN family inet host wf-controller ip-address 192.168.100.7 set routing-instances LAN-VR access address-assignment pool LAN family inet host loxberry hardware-address 08:00:27:22:50:f5 set routing-instances LAN-VR access address-assignment pool LAN family inet host loxberry ip-address 192.168.100.9 set routing-instances LAN-VR access address-assignment pool LAN family inet host backup-dimenzija hardware-address b8:27:eb:a6:a9:27 set routing-instances LAN-VR access address-assignment pool LAN family inet host backup-dimenzija ip-address 192.168.100.101 set routing-instances LAN-VR access address-assignment pool LAN family inet host kump-nb hardware-address 98:fa:9b:22:af:ed set routing-instances LAN-VR access address-assignment pool LAN family inet host kump-nb ip-address 192.168.100.226 set routing-instances LAN-VR access address-assignment pool LAN family inet host kump-nb-dock hardware-address 48:2a:e3:4f:e0:65 set routing-instances LAN-VR access address-assignment pool LAN family inet host kump-nb-dock ip-address 192.168.100.227 set routing-instances LAN-VR access address-assignment pool WIFI-LAN family inet network 192.168.20.0/24 set routing-instances LAN-VR access address-assignment pool WIFI-LAN family inet range Range low 192.168.20.2 set routing-instances LAN-VR access address-assignment pool WIFI-LAN family inet range Range high 192.168.20.254 set routing-instances LAN-VR access address-assignment pool WIFI-LAN family inet dhcp-attributes maximum-lease-time 1440 set routing-instances LAN-VR access address-assignment pool WIFI-LAN family inet dhcp-attributes domain-name tine.net set routing-instances LAN-VR access address-assignment pool WIFI-LAN family inet dhcp-attributes name-server 192.168.100.11 set routing-instances LAN-VR access address-assignment pool WIFI-LAN family inet dhcp-attributes router 192.168.20.1 set routing-instances LAN-VR access address-assignment pool WIFI-LAN family inet host tine-tel hardware-address c0:ee:fb:9a:6b:aa set routing-instances LAN-VR access address-assignment pool WIFI-LAN family inet host tine-tel ip-address 192.168.20.101 set routing-instances LAN-VR access address-assignment pool WIFI-LAN family inet host tine-tab hardware-address 1c:b7:2c:f4:86:9c set routing-instances LAN-VR access address-assignment pool WIFI-LAN family inet host tine-tab ip-address 192.168.20.102 set routing-instances LAN-VR access address-assignment pool WIFI-LAN family inet host tina-nb hardware-address 00:1d:e0:12:e0:ab set routing-instances LAN-VR access address-assignment pool WIFI-LAN family inet host tina-nb ip-address 192.168.20.103 set routing-instances LAN-VR access address-assignment pool WIFI-LAN family inet host tina-tel hardware-address 70:28:8b:00:37:02 set routing-instances LAN-VR access address-assignment pool WIFI-LAN family inet host tina-tel ip-address 192.168.20.104 set routing-instances LAN-VR access address-assignment pool WIFI-LAN family inet host gecko-wifi hardware-address 00:c0:ca:58:4a:8b set routing-instances LAN-VR access address-assignment pool WIFI-LAN family inet host gecko-wifi ip-address 192.168.20.200 set routing-instances LAN-VR access address-assignment pool WIFI-LAN family inet host orbsmart hardware-address 58:63:56:54:0c:c0 set routing-instances LAN-VR access address-assignment pool WIFI-LAN family inet host orbsmart ip-address 192.168.20.6 set routing-instances LAN-VR access address-assignment pool WIFI-LAN family inet host harmony hardware-address 00:04:20:f9:58:2a set routing-instances LAN-VR access address-assignment pool WIFI-LAN family inet host harmony ip-address 192.168.20.7 set routing-instances LAN-VR access address-assignment pool WIFI-LAN family inet host android-tv hardware-address 94:a1:a2:f7:b5:17 set routing-instances LAN-VR access address-assignment pool WIFI-LAN family inet host android-tv ip-address 192.168.20.8 set routing-instances LAN-VR access address-assignment pool WIFI-LAN family inet host kump-nb-wifi hardware-address 38:00:25:8b:fa:b5 set routing-instances LAN-VR access address-assignment pool WIFI-LAN family inet host kump-nb-wifi ip-address 192.168.20.226 set routing-instances LAN-VR access address-assignment pool WIFI-GOSTI family inet network 192.168.10.0/24 set routing-instances LAN-VR access address-assignment pool WIFI-GOSTI family inet range Range low 192.168.10.2 set routing-instances LAN-VR access address-assignment pool WIFI-GOSTI family inet range Range high 192.168.10.254 set routing-instances LAN-VR access address-assignment pool WIFI-GOSTI family inet dhcp-attributes maximum-lease-time 1440 set routing-instances LAN-VR access address-assignment pool WIFI-GOSTI family inet dhcp-attributes name-server 1.1.1.1 set routing-instances LAN-VR access address-assignment pool WIFI-GOSTI family inet dhcp-attributes router 192.168.10.1 set routing-instances LAN-VR access address-assignment pool WIFI-GOSTI family inet host rockrobo hardware-address 7c:49:eb:9c:ac:cc set routing-instances LAN-VR access address-assignment pool WIFI-GOSTI family inet host rockrobo ip-address 192.168.10.9 set routing-instances LAN-VR access address-assignment pool test family inet network 192.168.111.0/24 set routing-instances LAN-VR access address-assignment pool test family inet range Range low 192.168.111.2 set routing-instances LAN-VR access address-assignment pool test family inet range Range high 192.168.111.254 set routing-instances LAN-VR access address-assignment pool test family inet dhcp-attributes router 192.168.111.1 set routing-instances LAN-VR interface irb.0 set routing-instances LAN-VR interface irb.1 set routing-instances LAN-VR interface irb.10 set routing-instances LAN-VR interface irb.20 set routing-instances LAN-VR interface lo0.0 set routing-instances LAN-VR routing-options static route 0.0.0.0/0 next-table Untrust-VR.inet.0 set routing-instances LAN-VR routing-options router-id 192.168.100.1 set routing-instances Untrust-VR instance-type virtual-router set routing-instances Untrust-VR interface ge-0/0/0.0 set routing-instances Untrust-VR routing-options static route 0.0.0.0/0 next-hop 89.212.0.1 deactivate routing-instances Untrust-VR routing-options static route 0.0.0.0/0 set applications application pi-wireguard protocol udp set applications application pi-wireguard destination-port 1607 set vlans test vlan-id 111 set vlans test l3-interface irb.1 set vlans vlan-lan vlan-id 3 set vlans vlan-lan l3-interface irb.0 set vlans wifi-gosti vlan-id 10 set vlans wifi-gosti l3-interface irb.10 set vlans wifi-lan vlan-id 20 set vlans wifi-lan l3-interface irb.20