versa@Site-D-mpls-cli> show configuration | display set set alias ^details expansion "show system details" set alias ^pkg expansion "show system package-info" set alias ^top expansion "show processes cpu" set alias ^uptime expansion "show system uptime" set confdConfig notifications set confdConfig notifications eventStreams stream oam description "Versa notifications" set confdConfig notifications eventStreams stream oam replaySupport false set confdConfig hideGroup debug password $1$F8/rcfNO$b5AULD3NDiutp/.8bMifu. set confdConfig hideGroup full set confdConfig hideGroup hidemib-group set confdConfig logs set confdConfig logs syslogConfig set confdConfig logs syslogConfig facility daemon set confdConfig logs syslogConfig udp set confdConfig logs syslogConfig udp disabled set confdConfig logs syslogConfig udp host syslogsrv.example.com set confdConfig logs syslogConfig udp port 514 set confdConfig logs confdLog set confdConfig logs confdLog enabled set confdConfig logs confdLog file set confdConfig logs confdLog file enabled set confdConfig logs confdLog file name /var/log/versa/confd/confd.log set confdConfig logs developerLog set confdConfig logs developerLog enabled set confdConfig logs developerLog file set confdConfig logs developerLog file enabled set confdConfig logs developerLog file name /var/log/versa/confd/devel.log set confdConfig logs auditLog set confdConfig logs auditLog enabled set confdConfig logs auditLog file set confdConfig logs auditLog file enabled set confdConfig logs auditLog file name /var/log/versa/confd/audit.log set confdConfig logs netconfLog set confdConfig logs netconfLog enabled set confdConfig logs netconfLog file set confdConfig logs netconfLog file enabled set confdConfig logs netconfLog file name /var/log/versa/confd/netconf.log set confdConfig logs snmpLog set confdConfig logs snmpLog enabled set confdConfig logs snmpLog file set confdConfig logs snmpLog file enabled set confdConfig logs snmpLog file name /var/log/versa/confd/snmp.log set confdConfig logs webuiAccessLog set confdConfig logs webuiAccessLog enabled set confdConfig logs webuiAccessLog dir /var/log/versa/confd set confdConfig logs netconfTraceLog set confdConfig logs netconfTraceLog disabled set confdConfig logs netconfTraceLog filename /var/log/versa/confd/netconf.trace.log set confdConfig logs errorLog set confdConfig logs errorLog enabled set confdConfig logs errorLog filename /var/log/versa/confd/confderr.log set confdConfig logs errorLog maxSize S10M set confdConfig ssh set confdConfig ssh algorithms set confdConfig ssh algorithms kex diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256 set confdConfig ssh algorithms mac hmac-sha2-256,hmac-sha2-512 set confdConfig ssh algorithms encryption aes128-ctr,aes192-ctr,aes256-ctr set confdConfig ssh clientAliveInterval 30s set confdConfig ssh clientAliveCountMax 3 set confdConfig cli set confdConfig cli bannerFile /opt/versa/etc/cbanner set confdConfig cli prompt1 "\u@\h-cli\M> " set confdConfig cli prompt2 "\u@\h-cli\M% " set confdConfig cli cStylePromptInJStyle true set confdConfig cli autoWizard set confdConfig cli autoWizard disabled set confdConfig cli historyRemoveDuplicates true set confdConfig cli quoteStyle quote set confdConfig webui set confdConfig webui disabled set confdConfig webui docroot /opt/versa/confd/src/confd/webui_ng/docroot set confdConfig webui transport set confdConfig webui transport tcp set confdConfig webui transport tcp disabled set confdConfig webui transport ssl set confdConfig webui transport ssl enabled set confdConfig webui transport ssl ip 0.0.0.0 set confdConfig webui transport ssl port 8443 set confdConfig webui transport ssl extraIpPorts [ :::8443 ] set confdConfig webui transport ssl keyFile /opt/versa/var/cert/vshost.key set confdConfig webui transport ssl certFile /opt/versa/var/cert/vshost.crt set confdConfig webui transport ssl caCertFile /opt/versa/var/cert/ca.crt set confdConfig webui transport ssl verify 2 set confdConfig webui transport ssl ciphers DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256 set confdConfig webui transport ssl protocols "tlsv1.1 tlsv1.2" set confdConfig webui cgi set confdConfig webui cgi disabled set confdConfig rest set confdConfig rest enabled set confdConfig netconf set confdConfig netconf enabled set confdConfig netconf transport set confdConfig netconf transport ssh set confdConfig netconf transport ssh enabled set confdConfig netconf transport ssh ip 0.0.0.0 set confdConfig netconf transport ssh port 2022 set confdConfig netconf transport ssh extraIpPorts [ :::2022 ] set confdConfig netconf idleTimeout 30s set confdConfig netconf writeTimeout 60s set snmp agent disabled set snmp agent ip 127.0.0.1 set snmp agent udp-port 161 set snmp agent extra-listen ::1 161 set snmp agent version v1 set snmp agent version v2c set snmp agent max-message-size 50000 set snmp system name Site-D-mpls set snmp system location delhi set snmp notify std_v1_trap tag std_v1_trap set snmp notify std_v1_trap type trap set snmp notify std_v2_inform tag std_v2_inform set snmp notify std_v2_inform type inform set snmp notify std_v2_trap tag std_v2_trap set snmp notify std_v2_trap type trap set snmp notify std_v3_inform tag std_v3_inform set snmp notify std_v3_inform type inform set snmp notify std_v3_trap tag std_v3_trap set snmp notify std_v3_trap type trap set snmp vacm view internet subtree 1.2 included set snmp vacm view internet subtree 1.3 included set snmp vacm view internet subtree 1.3.6.1 included set interfaces vni-0/1 enable true set interfaces vni-0/1 unit 0 description "WAN interface: MPLS" set interfaces vni-0/1 unit 0 vlan-id 0 set interfaces vni-0/1 unit 0 enable true set interfaces vni-0/1 unit 0 family set interfaces vni-0/1 unit 0 family inet set interfaces vni-0/1 unit 0 family inet address 57.57.4.2/24 set interfaces vni-0/3 enable true set interfaces vni-0/3 unit 0 description "LAN interface: LAN1" set interfaces vni-0/3 unit 0 vlan-id 0 set interfaces vni-0/3 unit 0 enable true set interfaces vni-0/3 unit 0 family set interfaces vni-0/3 unit 0 family inet set interfaces vni-0/3 unit 0 family inet address 192.168.4.1/24 vrrp-group 1 fast-interval 1000 set interfaces vni-0/3 unit 0 family inet address 192.168.4.1/24 vrrp-group 1 virtual-address [ 192.168.4.3 ] set interfaces vni-0/3 unit 0 family inet address 192.168.4.1/24 vrrp-group 1 priority 200 set interfaces vni-0/3 unit 0 family inet address 192.168.4.1/24 vrrp-group 1 preempt-mode preempt set interfaces vni-0/3 unit 0 family inet address 192.168.4.1/24 vrrp-group 1 warmup-interval 30 set interfaces vni-0/3 unit 0 family inet address 192.168.4.1/24 vrrp-group 1 advertisements-threshold 3 set interfaces vni-0/4 enable true set interfaces vni-0/4 unit 1 description "WAN interface - Failover: MPLS" set interfaces vni-0/4 unit 1 vlan-id 1 set interfaces vni-0/4 unit 1 enable true set interfaces vni-0/4 unit 1 family set interfaces vni-0/4 unit 1 family inet set interfaces vni-0/4 unit 1 family inet address 172.16.255.1/30 set interfaces vni-0/4 unit 2 description "WAN interface - Failover: INT" set interfaces vni-0/4 unit 2 vlan-id 2 set interfaces vni-0/4 unit 2 enable true set interfaces vni-0/4 unit 2 family set interfaces vni-0/4 unit 2 family inet set interfaces vni-0/4 unit 2 family inet address 172.16.255.1/30 set interfaces tvi-0/4 description "VXLAN Tunnel Interface for IPC10 Control VR" set interfaces tvi-0/4 enable true set interfaces tvi-0/4 mode ipsec set interfaces tvi-0/4 type p2mp-vxlan set interfaces tvi-0/4 unit 0 enable true set interfaces tvi-0/4 unit 0 family set interfaces tvi-0/4 unit 0 family inet set interfaces tvi-0/4 unit 0 family inet address 10.0.0.5/32 set interfaces tvi-0/5 description "ESP Tunnel Interface for IPC10 Control VR" set interfaces tvi-0/5 enable true set interfaces tvi-0/5 mode ipsec set interfaces tvi-0/5 type p2mp-esp set interfaces tvi-0/5 unit 0 enable true set interfaces tvi-0/5 unit 0 family set interfaces tvi-0/5 unit 0 family inet set interfaces tvi-0/5 unit 0 family inet address 10.0.0.4/32 set interfaces ptvi514 remote-address 10.0.0.2 set interfaces ptvi514 parent-interface tvi-0/5.0 set networks INT interfaces [ vni-0/4.2 ] set networks INT-2 set networks LAN1 interfaces [ vni-0/3.0 ] set networks MPLS interfaces [ vni-0/1.0 ] set networks MPLS-2 set networks MPLS-Failover interfaces [ vni-0/4.1 ] set dhcp-profiles dhcp-limits description "DHCP profile" set dhcp-profiles dhcp-limits dhcp-options max-servers 100 set dhcp-profiles dhcp-limits dhcp-options max-relays 100 set dhcp-profiles dhcp-limits dhcp-options max-clients 8192 set orgs org IPC10 appliance-owner set orgs org IPC10 services [ cgnat sdwan ] set orgs org IPC10 available-routing-instances [ INT-Transport-VR IPC10-Control-VR LAN1 MPLS-Transport-VR ] set orgs org IPC10 owned-routing-instances [ INT-Transport-VR IPC10-Control-VR LAN1 MPLS-Transport-VR ] set orgs org IPC10 available-networks [ INT INT-2 LAN1 MPLS MPLS-2 ] set orgs org IPC10 dhcp-profile dhcp-limits set orgs org IPC10 traffic-identification using [ ptvi514 tvi-0/4.0 tvi-0/5.0 ] set orgs org IPC10 traffic-identification using-networks [ INT LAN1 MPLS MPLS-Failover ] set orgs org IPC10 sd-wan site set orgs org IPC10 sd-wan site global-tenant-id 2 set orgs org IPC10 sd-wan site site-name Site-D-mpls set orgs org IPC10 sd-wan site management-routing-instance IPC10-Control-VR set orgs org IPC10 sd-wan site wan-interfaces vni-0/1.0 sla-monitoring-policy SLAM_Policy_vni-0/1.0 set orgs org IPC10 sd-wan site wan-interfaces vni-0/4.2 sla-monitoring-policy SLAM_Policy_vni-0/4.2 set orgs org IPC10 sd-wan site path-policy SLAM_Policy_vni-0/1.0 term To_Controller match remote-site-type [ controller ] set orgs org IPC10 sd-wan site path-policy SLAM_Policy_vni-0/1.0 term To_Controller action specific-config fc_nc set orgs org IPC10 sd-wan site path-policy SLAM_Policy_vni-0/1.0 term To_Branches match remote-site-type [ branch ] set orgs org IPC10 sd-wan site path-policy SLAM_Policy_vni-0/1.0 term To_Branches action specific-config fc_ef sla-monitoring interval 2000 set orgs org IPC10 sd-wan site path-policy SLAM_Policy_vni-0/1.0 term To_Branches action specific-config fc_ef sla-monitoring adaptive set orgs org IPC10 sd-wan site path-policy SLAM_Policy_vni-0/4.2 term To_Controller match remote-site-type [ controller ] set orgs org IPC10 sd-wan site path-policy SLAM_Policy_vni-0/4.2 term To_Controller action specific-config fc_nc set orgs org IPC10 sd-wan site path-policy SLAM_Policy_vni-0/4.2 term To_Branches match remote-site-type [ branch ] set orgs org IPC10 sd-wan site path-policy SLAM_Policy_vni-0/4.2 term To_Branches action specific-config fc_ef sla-monitoring interval 2000 set orgs org IPC10 sd-wan site path-policy SLAM_Policy_vni-0/4.2 term To_Branches action specific-config fc_ef sla-monitoring adaptive set orgs org IPC10 sd-wan controllers vController management-addresses IKE ip-address 10.0.0.3 set orgs org IPC10 sd-wan controllers vController management-addresses IKE routing-instance IPC10-Control-VR set orgs org IPC10 sd-wan controllers vController management-addresses secure ip-address 10.0.0.2 set orgs org IPC10 sd-wan controllers vController management-addresses secure routing-instance IPC10-Control-VR set orgs org IPC10 available-service-node-groups [ default-sng ] set orgs org-services IPC10 cgnat pools Failover-Pool-MPLS routing-instance MPLS-Transport-VR set orgs org-services IPC10 cgnat pools Failover-Pool-MPLS egress-network [ MPLS ] set orgs org-services IPC10 cgnat pools Failover-Pool-MPLS address-allocation round-robin set orgs org-services IPC10 cgnat pools Failover-Pool-MPLS source-port set orgs org-services IPC10 cgnat pools Failover-Pool-MPLS source-port allocation-scheme range-based set orgs org-services IPC10 cgnat pools Failover-Pool-MPLS source-port random-allocation set orgs org-services IPC10 cgnat pools Failover-Pool-MPLS source-port range set orgs org-services IPC10 cgnat pools Failover-Pool-MPLS source-port range low 1024 set orgs org-services IPC10 cgnat pools Failover-Pool-MPLS source-port range high 32000 set orgs org-services IPC10 cgnat rules From_Redundant_To_MPLS_Traffic precedence 101 set orgs org-services IPC10 cgnat rules From_Redundant_To_MPLS_Traffic paired-site true set orgs org-services IPC10 cgnat rules From_Redundant_To_MPLS_Traffic from set orgs org-services IPC10 cgnat rules From_Redundant_To_MPLS_Traffic from source-zone [ Intf-MPLS-Failover-Zone ] set orgs org-services IPC10 cgnat rules From_Redundant_To_MPLS_Traffic from destination-zone [ Intf-MPLS-Zone ] set orgs org-services IPC10 cgnat rules From_Redundant_To_MPLS_Traffic from routing-instance MPLS-Transport-VR set orgs org-services IPC10 cgnat rules From_Redundant_To_MPLS_Traffic from source-address [ 172.16.255.2/32 ] set orgs org-services IPC10 cgnat rules From_Redundant_To_MPLS_Traffic then translated set orgs org-services IPC10 cgnat rules From_Redundant_To_MPLS_Traffic then translated translation-type napt-44 set orgs org-services IPC10 cgnat rules From_Redundant_To_MPLS_Traffic then translated source-pool Failover-Pool-MPLS set orgs org-services IPC10 cgnat rules From_Redundant_To_MPLS_Traffic then translated filtering-type endpoint-independent set orgs org-services IPC10 cgnat rules From_Redundant_To_MPLS_Traffic then translated mapping-type endpoint-independent set orgs org-services IPC10 cgnat rules RFC_1918_NoTranslate precedence 100 set orgs org-services IPC10 cgnat rules RFC_1918_NoTranslate from set orgs org-services IPC10 cgnat rules RFC_1918_NoTranslate from source-address [ 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 ] set orgs org-services IPC10 cgnat rules RFC_1918_NoTranslate from destination-address [ 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 ] set orgs org-services IPC10 cgnat rules RFC_1918_NoTranslate then no-translation set orgs org-services IPC10 class-of-service qos-policies Default-Policy set orgs org-services IPC10 class-of-service app-qos-policies Default-Policy set orgs org-services IPC10 ipsec vpn-profile vController-Profile vpn-type branch-sdwan set orgs org-services IPC10 ipsec vpn-profile vController-Profile branch-sdwan-profile b2b-sdwan set orgs org-services IPC10 ipsec vpn-profile vController-Profile local-auth-info set orgs org-services IPC10 ipsec vpn-profile vController-Profile local-auth-info auth-type psk set orgs org-services IPC10 ipsec vpn-profile vController-Profile local-auth-info id-type email set orgs org-services IPC10 ipsec vpn-profile vController-Profile local-auth-info key jR/9nWMu5Y3zVoEL4SumQW5eJeI7cT9leKgYDcH/muh/ixGY1p5yblQ/ibtLIxFG4UGqTTAXwDwncFB2PKIY67k4GOsp3LAYbzw+YQBUm9spyIncl4HN072Blwsgb8lK4cJkOgY9GTfbsS7t1lk+JYzzPpB5HupM7Z47bSBNG/3QesbpyOwavOLS1r9lfEI1t5qxzrW8/Q8e79zRtorVxaqA1YHjWp2NxGbqkkwKlO/mo0oiQJkNc3Pg033MXKmsV1Fb6qGH1OE17Rd4jOBaSCTEvoYlgZGalcKuu/NHfK85XAY0SiVeupVtVYOozWHRhjWk7BR0BHBdhOEYRKNfbg== set orgs org-services IPC10 ipsec vpn-profile vController-Profile local-auth-info id-string Site-D-mpls@IPC10.com set orgs org-services IPC10 ipsec vpn-profile vController-Profile local set orgs org-services IPC10 ipsec vpn-profile vController-Profile local interface-name tvi-0/4.0 set orgs org-services IPC10 ipsec vpn-profile vController-Profile routing-instance IPC10-Control-VR set orgs org-services IPC10 ipsec vpn-profile vController-Profile tunnel-routing-instance IPC10-Control-VR set orgs org-services IPC10 ipsec vpn-profile vController-Profile tunnel-initiate automatic set orgs org-services IPC10 ipsec vpn-profile vController-Profile ipsec transform esp-aes128-gcm set orgs org-services IPC10 ipsec vpn-profile vController-Profile ipsec life duration 28000 set orgs org-services IPC10 ipsec vpn-profile vController-Profile ike group mod19 set orgs org-services IPC10 ipsec vpn-profile vController-Profile ike transform aes256-sha256 set orgs org-services IPC10 ipsec vpn-profile vController-Profile ike lifetime 28800 set orgs org-services IPC10 ipsec vpn-profile vController-Profile ike dpd-timeout 10 set orgs org-services IPC10 ipsec vpn-profile vController-Profile peer-auth-info set orgs org-services IPC10 ipsec vpn-profile vController-Profile peer-auth-info auth-type psk set orgs org-services IPC10 ipsec vpn-profile vController-Profile peer-auth-info id-type email set orgs org-services IPC10 ipsec vpn-profile vController-Profile peer-auth-info key RWH+zpIe+fk1N5kKcGpX128a/sA2psALMpMp9Ku1jiB4M401g+U2UW6MVPcQavBZrIuHhXxTk3FlFRE0keU1kZEn3SqGj7wnUvZ7pxF1dLaN7X5YXD5TxAz1PW9pI0BhWHLS/lESmbC3MCdZMxQPLTmXkIWNRqEFflbnsm2+MDRy1xAlB4sJFob3+Y1mDD46WLYiqDg3YrI20Yn23g7huVqJ8UMS3KxFVQFalzrC9iF2+fzF/2l5USp3za3dQ1UEnF0m71WN2GyVCvUj9pVsL1SfU6PSsM5ynE8tsjHev15/kvfpD5zNROFImyDP980qWhmXoZmWm6R0YSum46f+QQ== set orgs org-services IPC10 ipsec vpn-profile vController-Profile peer-auth-info id-string vController@IPC10.com set orgs org-services IPC10 ipsec vpn-profile vController-Profile peer set orgs org-services IPC10 ipsec vpn-profile vController-Profile peer address [ 10.0.0.3 ] set orgs org-services IPC10 ipsec vpn-profile vController-Profile tunnel-interface ptvi514 set orgs org-services IPC10 ipsec branch-sdwan-profile b2b-sdwan life-time 28800 set orgs org-services IPC10 ipsec branch-sdwan-profile b2b-sdwan rekey-time 6300 set orgs org-services IPC10 lef collectors LEF-Collector-log_collector1 destination-address 10.0.0.0 set orgs org-services IPC10 lef collectors LEF-Collector-log_collector1 destination-port 1234 set orgs org-services IPC10 lef collectors LEF-Collector-log_collector1 routing-instance IPC10-Control-VR set orgs org-services IPC10 lef collectors LEF-Collector-log_collector1 transport tcp set orgs org-services IPC10 lef collectors LEF-Collector-log_collector1 template Default-LEF-Template set orgs org-services IPC10 lef collector-groups Default-Collector-Group collectors [ LEF-Collector-log_collector1 ] set orgs org-services IPC10 lef collector-groups Default-Collector-Group suspend-backup-collectors set orgs org-services IPC10 lef templates Default-LEF-Template type ipfix set orgs org-services IPC10 lef profiles Default-Logging-Profile collector-group Default-Collector-Group set orgs org-services IPC10 lef default-profile Default-Logging-Profile set orgs org-services IPC10 sd-wan forwarding-profiles Default-FP evaluate-continuously enable set orgs org-services IPC10 sd-wan forwarding-profiles Default-FP symmetric-forwarding enable set orgs org-services IPC10 sd-wan forwarding-profiles Default-FP reorder enable set orgs org-services IPC10 sd-wan policies Default-Policy set orgs org-services IPC10 objects zones Intf-INT-2-Zone set orgs org-services IPC10 objects zones Intf-INT-Zone networks [ INT ] set orgs org-services IPC10 objects zones Intf-LAN1-Zone networks [ LAN1 ] set orgs org-services IPC10 objects zones Intf-MPLS-2-Zone set orgs org-services IPC10 objects zones Intf-MPLS-Failover-Zone networks [ MPLS-Failover ] set orgs org-services IPC10 objects zones Intf-MPLS-Zone networks [ MPLS ] set orgs org-services IPC10 objects zones L-ST-LAN1-INT set orgs org-services IPC10 objects zones L-ST-LAN1-INT-2 set orgs org-services IPC10 objects zones L-ST-LAN1-MPLS set orgs org-services IPC10 objects zones L-ST-LAN1-MPLS-2 set orgs org-services IPC10 objects zones RTI-INT-2-Zone set orgs org-services IPC10 objects zones RTI-INT-Zone routing-instance INT-Transport-VR set orgs org-services IPC10 objects zones RTI-MPLS-2-Zone set orgs org-services IPC10 objects zones RTI-MPLS-Zone routing-instance MPLS-Transport-VR set orgs org-services IPC10 objects zones W-ST-LAN1-INT set orgs org-services IPC10 objects zones W-ST-LAN1-INT-2 set orgs org-services IPC10 objects zones W-ST-LAN1-MPLS set orgs org-services IPC10 objects zones W-ST-LAN1-MPLS-2 set orgs org-services IPC10 objects zones host set orgs org-services IPC10 objects zones ptvi set orgs org-services IPC10 traffic-monitoring logging-control Default-Logging-Control profile Default-Logging-Profile set orgs org-services IPC10 traffic-monitoring logging-control Default-Logging-Control options set orgs org-services IPC10 traffic-monitoring logging-control Default-Logging-Control options stats set orgs org-services IPC10 traffic-monitoring logging-control Default-Logging-Control options stats all set protocols lldp set protocols lldp enable true set routing-instances INT-Transport-VR instance-type virtual-router set routing-instances INT-Transport-VR networks [ INT ] set routing-instances INT-Transport-VR routing-options static route 0.0.0.0/0 172.16.255.2 none tag 0 set routing-instances INT-Transport-VR routing-options static route 0.0.0.0/0 172.16.255.2 none icmp set routing-instances INT-Transport-VR routing-options static route 0.0.0.0/0 172.16.255.2 none icmp interval 5 set routing-instances INT-Transport-VR routing-options static route 0.0.0.0/0 172.16.255.2 none icmp threshold 6 set routing-instances IPC10-Control-VR instance-type virtual-router set routing-instances IPC10-Control-VR policy-options redistribution-policy Control-VR-Policy term Paired-TVI-Reject match address 169.254.0.0/16 set routing-instances IPC10-Control-VR policy-options redistribution-policy Control-VR-Policy term Paired-TVI-Reject action reject set routing-instances IPC10-Control-VR policy-options redistribution-policy Control-VR-Policy term SDWAN-TVI1-Reject match address 10.0.0.5/32 set routing-instances IPC10-Control-VR policy-options redistribution-policy Control-VR-Policy term SDWAN-TVI1-Reject action reject set routing-instances IPC10-Control-VR policy-options redistribution-policy Control-VR-Policy term SDWAN-TVI2-Reject match address 10.0.0.4/32 set routing-instances IPC10-Control-VR policy-options redistribution-policy Control-VR-Policy term SDWAN-TVI2-Reject action reject set routing-instances IPC10-Control-VR policy-options redistribution-policy Control-VR-Policy term DIRECT match protocol direct set routing-instances IPC10-Control-VR policy-options redistribution-policy Control-VR-Policy term DIRECT action accept set routing-instances IPC10-Control-VR policy-options redistribution-policy Control-VR-Policy term DIRECT action set-origin igp set routing-instances IPC10-Control-VR policy-options redistribute-to-bgp Control-VR-Policy set routing-instances IPC10-Control-VR mpls-vpn-core set routing-instances IPC10-Control-VR interfaces [ ptvi514 tvi-0/4.0 tvi-0/5.0 ] set routing-instances IPC10-Control-VR routing-options mpls-vpn-local-router-interface family inet set routing-instances IPC10-Control-VR routing-options mpls-vpn-local-router-interface interface tvi-0/5.0 set routing-instances IPC10-Control-VR protocols bgp 2 local-address 10.0.0.4 set routing-instances IPC10-Control-VR protocols bgp 2 graceful-restart enable set routing-instances IPC10-Control-VR protocols bgp 2 graceful-restart maximum-restart-time 3600 set routing-instances IPC10-Control-VR protocols bgp 2 graceful-restart recovery-time 3600 set routing-instances IPC10-Control-VR protocols bgp 2 graceful-restart select-defer-time 30 set routing-instances IPC10-Control-VR protocols bgp 2 graceful-restart stalepath-time 3600 set routing-instances IPC10-Control-VR protocols bgp 2 graceful-restart multiplier 8 set routing-instances IPC10-Control-VR protocols bgp 2 routing-peer-policy Import-From-SDWAN-Policy term Allow-All action accept set routing-instances IPC10-Control-VR protocols bgp 2 routing-peer-policy Import-From-SDWAN-Policy term Allow-All action community 8009:8009 set routing-instances IPC10-Control-VR protocols bgp 2 routing-peer-policy Import-From-SDWAN-Policy term Allow-All action community-action set-specific set routing-instances IPC10-Control-VR protocols bgp 2 routing-peer-policy Import-From-SDWAN-Policy term Allow-All action next-term Allow-Comm set routing-instances IPC10-Control-VR protocols bgp 2 routing-peer-policy Import-From-SDWAN-Policy term Allow-Comm action accept set routing-instances IPC10-Control-VR protocols bgp 2 routing-peer-policy Import-From-SDWAN-Policy term Allow-Comm action community 8015:0 set routing-instances IPC10-Control-VR protocols bgp 2 routing-peer-policy Import-From-SDWAN-Policy term Allow-Comm action community-action set-specific set routing-instances IPC10-Control-VR protocols bgp 2 routing-peer-policy Import-From-SDWAN-Policy term Allow-VersaPvt-All match family versa-private set routing-instances IPC10-Control-VR protocols bgp 2 routing-peer-policy Import-From-SDWAN-Policy term Allow-VersaPvt-All action accept set routing-instances IPC10-Control-VR protocols bgp 2 router-id 10.0.0.4 set routing-instances IPC10-Control-VR protocols bgp 2 local-as as-number 64512 set routing-instances IPC10-Control-VR protocols bgp 2 group Controllers-Group type internal set routing-instances IPC10-Control-VR protocols bgp 2 group Controllers-Group family inet unicast set routing-instances IPC10-Control-VR protocols bgp 2 group Controllers-Group family inet unicast prefix-limit-control threshold 75 set routing-instances IPC10-Control-VR protocols bgp 2 group Controllers-Group family inet versa-private set routing-instances IPC10-Control-VR protocols bgp 2 group Controllers-Group family inet versa-private prefix-limit-control threshold 75 set routing-instances IPC10-Control-VR protocols bgp 2 group Controllers-Group family inet-vpn unicast set routing-instances IPC10-Control-VR protocols bgp 2 group Controllers-Group family inet-vpn unicast prefix-limit-control threshold 75 set routing-instances IPC10-Control-VR protocols bgp 2 group Controllers-Group family inet6-vpn unicast set routing-instances IPC10-Control-VR protocols bgp 2 group Controllers-Group family inet6-vpn unicast prefix-limit-control threshold 75 set routing-instances IPC10-Control-VR protocols bgp 2 group Controllers-Group import Import-From-SDWAN-Policy set routing-instances IPC10-Control-VR protocols bgp 2 group Controllers-Group peer-as 64512 set routing-instances IPC10-Control-VR protocols bgp 2 group Controllers-Group neighbor 10.0.0.2 set routing-instances LAN1 instance-type vrf set routing-instances LAN1 policy-options redistribution-policy Default-Policy-To-BGP term T1-Paired-TVI-Direct match protocol direct set routing-instances LAN1 policy-options redistribution-policy Default-Policy-To-BGP term T1-Paired-TVI-Direct match address 169.254.0.0/16 set routing-instances LAN1 policy-options redistribution-policy Default-Policy-To-BGP term T1-Paired-TVI-Direct action reject set routing-instances LAN1 policy-options redistribution-policy Default-Policy-To-BGP term T2-DIRECT match protocol direct set routing-instances LAN1 policy-options redistribution-policy Default-Policy-To-BGP term T2-DIRECT action accept set routing-instances LAN1 policy-options redistribution-policy Default-Policy-To-BGP term T2-DIRECT action set-origin igp set routing-instances LAN1 policy-options redistribution-policy Default-Policy-To-BGP term T2-DIRECT action set-local-preference 110 set routing-instances LAN1 policy-options redistribute-to-bgp Default-Policy-To-BGP set routing-instances LAN1 global-vrf-id 3 set routing-instances LAN1 networks [ LAN1 ] set routing-instances LAN1 mpls-vpn-core-instance IPC10-Control-VR set routing-instances LAN1 description Lan1 set routing-instances LAN1 route-distinguisher 3L:101 set routing-instances LAN1 vrf-both-target target:3L:3 set routing-instances MPLS-Transport-VR instance-type virtual-router set routing-instances MPLS-Transport-VR networks [ MPLS MPLS-Failover ] set routing-instances MPLS-Transport-VR routing-options static route 0.0.0.0/0 57.57.4.1 none tag 0 set service-node-groups default-sng id 0 set service-node-groups default-sng type internal set service-node-groups default-sng services [ cgnat sdwan ] set system vnf-manager ip-addresses [ 10.10.10.111/32 ] set system vnf-manager vnf-mgmt-interfaces [ tvi-0/5.0 ] set system identification name Site-D-mpls set system identification location delhi set system identification latitude 28.704059 set system identification longitude 77.10249 set system session check-tcp-syn false set system session reevaluate-reverse-flow false set system session tcp-send-reset false set system session tcp-secure-reset false set system session tcp-adjust-mss enable true set system session tcp-adjust-mss interface-types all set system services ssh enabled set system services sftp disabled set system services www enabled set system subjugate enabled set system subjugate allow-cli true set system time-zone America/Los_Angeles set system users admin login shell set system users admin role admin set system users versa login shell set system users versa role admin set system users webuser password $6$DmeAmy8njZr2uH9a$nMXdFHuK8nMHidmHYLUGR4a8s1neMRBX0rLELEkOizCxA.lp7DA2l10PHt5pmTjcdlCTEtFHEjdwOHJqGphSb/ set system users webuser login none set system users webuser role oper set system ssh client-alive-interval 300 set system sd-wan set system sd-wan site site-type branch set system sd-wan site chassis-id SP101 set system sd-wan site site-id 101 set system sd-wan site paired-site location-id site-D set system sd-wan site provider-org IPC10 set system sd-wan site wan-interfaces vni-0/1.0 transport-domains [ MPLS ] set system sd-wan site wan-interfaces vni-0/1.0 inet set system sd-wan site wan-interfaces vni-0/1.0 inet circuit-name MPLS set system sd-wan site wan-interfaces vni-0/4.2 transport-domains [ Internet ] set system sd-wan site wan-interfaces vni-0/4.2 inter-chassis-link active-active set system sd-wan site wan-interfaces vni-0/4.2 inet set system sd-wan site wan-interfaces vni-0/4.2 inet circuit-name INT set system sd-wan transport-domains Internet id 20 set system sd-wan transport-domains Internet description "Public internet routing domain" set system sd-wan transport-domains MPLS id 10 set system sd-wan transport-domains MPLS description "Private MPLS routing domain" set system sd-wan controllers vController site-name vController set system sd-wan controllers vController site-id 1 set system sd-wan controllers vController transport-addresses vController-Transport-INT ip-address 216.1.100.1 set system sd-wan controllers vController transport-addresses vController-Transport-INT transport-domains [ Internet ] set system sd-wan controllers vController transport-addresses vController-Transport-INT-2 ip-address 216.1.200.1 set system sd-wan controllers vController transport-addresses vController-Transport-INT-2 transport-domains [ Internet ] set system sd-wan controllers vController transport-addresses vController-Transport-MPLS ip-address 57.57.100.1 set system sd-wan controllers vController transport-addresses vController-Transport-MPLS transport-domains [ MPLS ] set system sd-wan controllers vController transport-addresses vController-Transport-MPLS-2 ip-address 57.57.200.1 set system sd-wan controllers vController transport-addresses vController-Transport-MPLS-2 transport-domains [ MPLS ] set nacm write-default permit set nacm groups group IPC10-adc-admin-group set nacm groups group IPC10-cgnat-admin-group set nacm groups group IPC10-network-admin-group set nacm groups group IPC10-oper-group set nacm groups group IPC10-sdwan-admin-group set nacm groups group IPC10-security-admin-group set nacm groups group IPC10-tenant-admin-group set nacm groups group admin user-name [ admin versa ] set nacm groups group oper user-name [ restuser webuser ] set nacm rule-list snmp-ro group [ * ] set nacm rule-list snmp-ro rule deny-write access-operations create,update,delete set nacm rule-list snmp-ro rule deny-write action deny set nacm rule-list snmp-ro rule deny-write context snmp set nacm rule-list admin group [ admin ] set nacm rule-list admin rule any-access action permit set nacm rule-list admin cmdrule all_cmds command * set nacm rule-list admin cmdrule all_cmds access-operations * set nacm rule-list admin cmdrule all_cmds action permit set nacm rule-list any-group group [ * ] set nacm rule-list any-group rule tailf-aaa-authentication module-name tailf-aaa set nacm rule-list any-group rule tailf-aaa-authentication path /aaa/authentication/users/user[name='$USER'] set nacm rule-list any-group rule tailf-aaa-authentication access-operations read,update set nacm rule-list any-group rule tailf-aaa-authentication action permit set nacm rule-list any-group rule tailf-aaa-user module-name tailf-aaa set nacm rule-list any-group rule tailf-aaa-user path /user[name='$USER'] set nacm rule-list any-group rule tailf-aaa-user access-operations create,read,update,delete set nacm rule-list any-group rule tailf-aaa-user action permit set nacm rule-list any-group rule tailf-webui-user module-name tailf-webui set nacm rule-list any-group rule tailf-webui-user path /webui/data-stores/user-profile[username='$USER'] set nacm rule-list any-group rule tailf-webui-user access-operations create,read,update,delete set nacm rule-list any-group rule tailf-webui-user action permit set nacm rule-list oper group [ oper ] set nacm rule-list oper rule allow access-operations read set nacm rule-list oper rule allow action permit set nacm rule-list oper rule allowsvcrestart path /system:system/restart set nacm rule-list oper rule allowsvcrestart access-operations exec set nacm rule-list oper rule allowsvcrestart action permit set nacm rule-list oper rule allowsvcrestart context rest set nacm rule-list oper rule allowfltradd path /orgs/org/filter-add set nacm rule-list oper rule allowfltradd access-operations exec set nacm rule-list oper rule allowfltradd action permit set nacm rule-list oper rule allowfltradd context rest set nacm rule-list oper rule allowfltrdel path /orgs/org/filter-delete set nacm rule-list oper rule allowfltrdel access-operations exec set nacm rule-list oper rule allowfltrdel action permit set nacm rule-list oper rule allowfltrdel context rest set nacm rule-list oper rule allowcert path /orgs/org-services/crypto/pki/certificate/preview set nacm rule-list oper rule allowcert access-operations exec set nacm rule-list oper rule allowcert action permit set nacm rule-list oper rule allowcert context rest set nacm rule-list oper rule allowcachain path /orgs/org-services/crypto/pki/ca-chain/preview set nacm rule-list oper rule allowcachain access-operations exec set nacm rule-list oper rule allowcachain action permit set nacm rule-list oper rule allowcachain context rest set nacm rule-list oper rule allowpvtkey path /orgs/org-services/crypto/pki/private-key/preview set nacm rule-list oper rule allowpvtkey access-operations exec set nacm rule-list oper rule allowpvtkey action permit set nacm rule-list oper rule allowpvtkey context rest set nacm rule-list oper rule allowvnfactions path /guest-vnfs/virtual-machines/virtual-machine/* set nacm rule-list oper rule allowvnfactions access-operations exec set nacm rule-list oper rule allowvnfactions action permit set nacm rule-list oper rule allowvnfactions context rest set nacm rule-list oper rule rest action deny set nacm rule-list oper cmdrule denyshell command shell set nacm rule-list oper cmdrule denyshell action deny set nacm rule-list oper cmdrule denysystem command "request system" set nacm rule-list oper cmdrule denysystem action deny set nacm rule-list oper cmdrule denyclear command "request clear" set nacm rule-list oper cmdrule denyclear action deny set nacm rule-list oper cmdrule denyrbk command rollback set nacm rule-list oper cmdrule denyrbk action deny set nacm rule-list oper cmdrule allowrtdfilter command nomore set nacm rule-list oper cmdrule allowrtdfilter action permit set nacm rule-list oper cmdrule denwget command wget set nacm rule-list oper cmdrule denwget action deny set nacm rule-list oper cmdrule read_only command * set nacm rule-list oper cmdrule read_only access-operations read,exec set nacm rule-list oper cmdrule read_only action permit set nacm rule-list IPC10-adc-admin-rules group [ IPC10-adc-admin-group ] set nacm rule-list IPC10-adc-admin-rules rule r1 path /orgs/org-services[name='IPC10']/adc set nacm rule-list IPC10-adc-admin-rules rule r1 access-operations * set nacm rule-list IPC10-adc-admin-rules rule r1 action permit set nacm rule-list IPC10-adc-admin-rules rule r2 path / set nacm rule-list IPC10-adc-admin-rules rule r2 access-operations * set nacm rule-list IPC10-adc-admin-rules rule r2 action deny set nacm rule-list IPC10-adc-admin-rules cmdrule r3 command request set nacm rule-list IPC10-adc-admin-rules cmdrule r3 access-operations * set nacm rule-list IPC10-adc-admin-rules cmdrule r3 action deny set nacm rule-list IPC10-adc-admin-rules cmdrule r4 command shell set nacm rule-list IPC10-adc-admin-rules cmdrule r4 access-operations * set nacm rule-list IPC10-adc-admin-rules cmdrule r4 action deny set nacm rule-list IPC10-adc-admin-rules cmdrule r5 command rollback set nacm rule-list IPC10-adc-admin-rules cmdrule r5 access-operations * set nacm rule-list IPC10-adc-admin-rules cmdrule r5 action deny set nacm rule-list IPC10-adc-admin-rules cmdrule r6 command "show alarms" set nacm rule-list IPC10-adc-admin-rules cmdrule r6 access-operations * set nacm rule-list IPC10-adc-admin-rules cmdrule r6 action deny set nacm rule-list IPC10-adc-admin-rules cmdrule r7 command "show log" set nacm rule-list IPC10-adc-admin-rules cmdrule r7 access-operations * set nacm rule-list IPC10-adc-admin-rules cmdrule r7 action deny set nacm rule-list IPC10-adc-admin-rules cmdrule r8 command * set nacm rule-list IPC10-adc-admin-rules cmdrule r8 action permit set nacm rule-list IPC10-cgnat-admin-rules group [ IPC10-cgnat-admin-group ] set nacm rule-list IPC10-cgnat-admin-rules rule r1 path /orgs/org-services[name='IPC10']/cgnat set nacm rule-list IPC10-cgnat-admin-rules rule r1 access-operations * set nacm rule-list IPC10-cgnat-admin-rules rule r1 action permit set nacm rule-list IPC10-cgnat-admin-rules rule r2 path / set nacm rule-list IPC10-cgnat-admin-rules rule r2 access-operations * set nacm rule-list IPC10-cgnat-admin-rules rule r2 action deny set nacm rule-list IPC10-cgnat-admin-rules cmdrule r3 command request set nacm rule-list IPC10-cgnat-admin-rules cmdrule r3 access-operations * set nacm rule-list IPC10-cgnat-admin-rules cmdrule r3 action deny set nacm rule-list IPC10-cgnat-admin-rules cmdrule r4 command shell set nacm rule-list IPC10-cgnat-admin-rules cmdrule r4 access-operations * set nacm rule-list IPC10-cgnat-admin-rules cmdrule r4 action deny set nacm rule-list IPC10-cgnat-admin-rules cmdrule r5 command rollback set nacm rule-list IPC10-cgnat-admin-rules cmdrule r5 access-operations * set nacm rule-list IPC10-cgnat-admin-rules cmdrule r5 action deny set nacm rule-list IPC10-cgnat-admin-rules cmdrule r6 command "show alarms" set nacm rule-list IPC10-cgnat-admin-rules cmdrule r6 access-operations * set nacm rule-list IPC10-cgnat-admin-rules cmdrule r6 action deny set nacm rule-list IPC10-cgnat-admin-rules cmdrule r7 command "show log" set nacm rule-list IPC10-cgnat-admin-rules cmdrule r7 access-operations * set nacm rule-list IPC10-cgnat-admin-rules cmdrule r7 action deny set nacm rule-list IPC10-cgnat-admin-rules cmdrule r8 command * set nacm rule-list IPC10-cgnat-admin-rules cmdrule r8 action permit set nacm rule-list IPC10-network-admin-rules group [ IPC10-network-admin-group ] set nacm rule-list IPC10-network-admin-rules rule r1 path /interfaces set nacm rule-list IPC10-network-admin-rules rule r1 access-operations * set nacm rule-list IPC10-network-admin-rules rule r1 action permit set nacm rule-list IPC10-network-admin-rules rule r2 path /routing-instances set nacm rule-list IPC10-network-admin-rules rule r2 access-operations * set nacm rule-list IPC10-network-admin-rules rule r2 action permit set nacm rule-list IPC10-network-admin-rules rule r3 path /networks set nacm rule-list IPC10-network-admin-rules rule r3 access-operations * set nacm rule-list IPC10-network-admin-rules rule r3 action permit set nacm rule-list IPC10-network-admin-rules cmdrule r4 command request set nacm rule-list IPC10-network-admin-rules cmdrule r4 access-operations * set nacm rule-list IPC10-network-admin-rules cmdrule r4 action deny set nacm rule-list IPC10-network-admin-rules cmdrule r5 command shell set nacm rule-list IPC10-network-admin-rules cmdrule r5 access-operations * set nacm rule-list IPC10-network-admin-rules cmdrule r5 action deny set nacm rule-list IPC10-network-admin-rules cmdrule r6 command rollback set nacm rule-list IPC10-network-admin-rules cmdrule r6 access-operations * set nacm rule-list IPC10-network-admin-rules cmdrule r6 action deny set nacm rule-list IPC10-network-admin-rules cmdrule r7 command "show alarms" set nacm rule-list IPC10-network-admin-rules cmdrule r7 access-operations * set nacm rule-list IPC10-network-admin-rules cmdrule r7 action deny set nacm rule-list IPC10-network-admin-rules cmdrule r8 command "show log" set nacm rule-list IPC10-network-admin-rules cmdrule r8 access-operations * set nacm rule-list IPC10-network-admin-rules cmdrule r8 action deny set nacm rule-list IPC10-network-admin-rules cmdrule r9 command * set nacm rule-list IPC10-network-admin-rules cmdrule r9 action permit set nacm rule-list IPC10-oper-rules group [ IPC10-oper-group ] set nacm rule-list IPC10-oper-rules rule r1 path /orgs/org-services[name='IPC10'] set nacm rule-list IPC10-oper-rules rule r1 access-operations read set nacm rule-list IPC10-oper-rules rule r1 action permit set nacm rule-list IPC10-oper-rules rule r2 path / set nacm rule-list IPC10-oper-rules rule r2 access-operations * set nacm rule-list IPC10-oper-rules rule r2 action deny set nacm rule-list IPC10-oper-rules cmdrule r3 command "request clear" set nacm rule-list IPC10-oper-rules cmdrule r3 access-operations * set nacm rule-list IPC10-oper-rules cmdrule r3 action deny set nacm rule-list IPC10-oper-rules cmdrule r4 command "request system" set nacm rule-list IPC10-oper-rules cmdrule r4 access-operations * set nacm rule-list IPC10-oper-rules cmdrule r4 action deny set nacm rule-list IPC10-oper-rules cmdrule r5 command shell set nacm rule-list IPC10-oper-rules cmdrule r5 access-operations * set nacm rule-list IPC10-oper-rules cmdrule r5 action deny set nacm rule-list IPC10-oper-rules cmdrule r6 command rollback set nacm rule-list IPC10-oper-rules cmdrule r6 access-operations * set nacm rule-list IPC10-oper-rules cmdrule r6 action deny set nacm rule-list IPC10-oper-rules cmdrule r7 command * set nacm rule-list IPC10-oper-rules cmdrule r7 action permit set nacm rule-list IPC10-sdwan-admin-rules group [ IPC10-sdwan-admin-group ] set nacm rule-list IPC10-sdwan-admin-rules rule r1 path /system/sd-wan set nacm rule-list IPC10-sdwan-admin-rules rule r1 access-operations * set nacm rule-list IPC10-sdwan-admin-rules rule r1 action permit set nacm rule-list IPC10-sdwan-admin-rules rule r2 path /routing-instances set nacm rule-list IPC10-sdwan-admin-rules rule r2 access-operations * set nacm rule-list IPC10-sdwan-admin-rules rule r2 action permit set nacm rule-list IPC10-sdwan-admin-rules rule r3 path /orgs/org[name='IPC10']/sd-wan set nacm rule-list IPC10-sdwan-admin-rules rule r3 access-operations * set nacm rule-list IPC10-sdwan-admin-rules rule r3 action permit set nacm rule-list IPC10-sdwan-admin-rules rule r4 path /orgs/org-services[name='IPC10']/lef set nacm rule-list IPC10-sdwan-admin-rules rule r4 access-operations * set nacm rule-list IPC10-sdwan-admin-rules rule r4 action permit set nacm rule-list IPC10-sdwan-admin-rules rule r5 path /orgs/org-services[name='IPC10']/ipsec set nacm rule-list IPC10-sdwan-admin-rules rule r5 access-operations * set nacm rule-list IPC10-sdwan-admin-rules rule r5 action permit set nacm rule-list IPC10-sdwan-admin-rules rule r6 path /orgs/org-services[name='IPC10']/cgnat set nacm rule-list IPC10-sdwan-admin-rules rule r6 access-operations * set nacm rule-list IPC10-sdwan-admin-rules rule r6 action permit set nacm rule-list IPC10-sdwan-admin-rules rule r7 path /orgs/org-services[name='IPC10']/sd-wan set nacm rule-list IPC10-sdwan-admin-rules rule r7 access-operations * set nacm rule-list IPC10-sdwan-admin-rules rule r7 action permit set nacm rule-list IPC10-sdwan-admin-rules rule r8 path / set nacm rule-list IPC10-sdwan-admin-rules rule r8 access-operations * set nacm rule-list IPC10-sdwan-admin-rules rule r8 action deny set nacm rule-list IPC10-sdwan-admin-rules cmdrule r9 command request set nacm rule-list IPC10-sdwan-admin-rules cmdrule r9 access-operations * set nacm rule-list IPC10-sdwan-admin-rules cmdrule r9 action deny set nacm rule-list IPC10-sdwan-admin-rules cmdrule r10 command shell set nacm rule-list IPC10-sdwan-admin-rules cmdrule r10 access-operations * set nacm rule-list IPC10-sdwan-admin-rules cmdrule r10 action deny set nacm rule-list IPC10-sdwan-admin-rules cmdrule r11 command rollback set nacm rule-list IPC10-sdwan-admin-rules cmdrule r11 access-operations * set nacm rule-list IPC10-sdwan-admin-rules cmdrule r11 action deny set nacm rule-list IPC10-sdwan-admin-rules cmdrule r12 command "show alarms" set nacm rule-list IPC10-sdwan-admin-rules cmdrule r12 access-operations * set nacm rule-list IPC10-sdwan-admin-rules cmdrule r12 action deny set nacm rule-list IPC10-sdwan-admin-rules cmdrule r13 command "show log" set nacm rule-list IPC10-sdwan-admin-rules cmdrule r13 access-operations * set nacm rule-list IPC10-sdwan-admin-rules cmdrule r13 action deny set nacm rule-list IPC10-sdwan-admin-rules cmdrule r14 command * set nacm rule-list IPC10-sdwan-admin-rules cmdrule r14 action permit set nacm rule-list IPC10-security-admin-rules group [ IPC10-security-admin-group ] set nacm rule-list IPC10-security-admin-rules rule r1 path /predefineded-actions set nacm rule-list IPC10-security-admin-rules rule r1 access-operations read set nacm rule-list IPC10-security-admin-rules rule r1 action permit set nacm rule-list IPC10-security-admin-rules rule r2 path /predefineded-appid set nacm rule-list IPC10-security-admin-rules rule r2 access-operations read set nacm rule-list IPC10-security-admin-rules rule r2 action permit set nacm rule-list IPC10-security-admin-rules rule r3 path /predefined-file-extract-apps set nacm rule-list IPC10-security-admin-rules rule r3 access-operations read set nacm rule-list IPC10-security-admin-rules rule r3 action permit set nacm rule-list IPC10-security-admin-rules rule r4 path /predefined-file-extract-apps set nacm rule-list IPC10-security-admin-rules rule r4 access-operations read set nacm rule-list IPC10-security-admin-rules rule r4 action permit set nacm rule-list IPC10-security-admin-rules rule r5 path /predefined-file-types set nacm rule-list IPC10-security-admin-rules rule r5 access-operations read set nacm rule-list IPC10-security-admin-rules rule r5 action permit set nacm rule-list IPC10-security-admin-rules rule r6 path /predefined-filefilter set nacm rule-list IPC10-security-admin-rules rule r6 access-operations read set nacm rule-list IPC10-security-admin-rules rule r6 action permit set nacm rule-list IPC10-security-admin-rules rule r7 path /predefined-geoip set nacm rule-list IPC10-security-admin-rules rule r7 access-operations read set nacm rule-list IPC10-security-admin-rules rule r7 action permit set nacm rule-list IPC10-security-admin-rules rule r8 path /predefined-iprep set nacm rule-list IPC10-security-admin-rules rule r8 access-operations read set nacm rule-list IPC10-security-admin-rules rule r8 action permit set nacm rule-list IPC10-security-admin-rules rule r9 path /predefined-ips-scanner-parameters set nacm rule-list IPC10-security-admin-rules rule r9 access-operations read set nacm rule-list IPC10-security-admin-rules rule r9 action permit set nacm rule-list IPC10-security-admin-rules rule r10 path /predefined-ips-scanners set nacm rule-list IPC10-security-admin-rules rule r10 access-operations read set nacm rule-list IPC10-security-admin-rules rule r10 action permit set nacm rule-list IPC10-security-admin-rules rule r11 path /predefined-ips set nacm rule-list IPC10-security-admin-rules rule r11 access-operations read set nacm rule-list IPC10-security-admin-rules rule r11 action permit set nacm rule-list IPC10-security-admin-rules rule r12 path /predefined-services set nacm rule-list IPC10-security-admin-rules rule r12 access-operations read set nacm rule-list IPC10-security-admin-rules rule r12 action permit set nacm rule-list IPC10-security-admin-rules rule r13 path /predefined-url-categories set nacm rule-list IPC10-security-admin-rules rule r13 access-operations read set nacm rule-list IPC10-security-admin-rules rule r13 action permit set nacm rule-list IPC10-security-admin-rules rule r14 path /predefined-url-reputations set nacm rule-list IPC10-security-admin-rules rule r14 access-operations read set nacm rule-list IPC10-security-admin-rules rule r14 action permit set nacm rule-list IPC10-security-admin-rules rule r15 path /networks set nacm rule-list IPC10-security-admin-rules rule r15 access-operations read set nacm rule-list IPC10-security-admin-rules rule r15 action permit set nacm rule-list IPC10-security-admin-rules rule r16 path /orgs/org-services[name='IPC10']/lef set nacm rule-list IPC10-security-admin-rules rule r16 access-operations read set nacm rule-list IPC10-security-admin-rules rule r16 action permit set nacm rule-list IPC10-security-admin-rules rule r17 path /orgs/org-services[name='IPC10']/security set nacm rule-list IPC10-security-admin-rules rule r17 access-operations * set nacm rule-list IPC10-security-admin-rules rule r17 action permit set nacm rule-list IPC10-security-admin-rules rule r18 path /orgs/org-services[name='IPC10']/objects set nacm rule-list IPC10-security-admin-rules rule r18 access-operations * set nacm rule-list IPC10-security-admin-rules rule r18 action permit set nacm rule-list IPC10-security-admin-rules rule r19 path / set nacm rule-list IPC10-security-admin-rules rule r19 access-operations * set nacm rule-list IPC10-security-admin-rules rule r19 action deny set nacm rule-list IPC10-security-admin-rules cmdrule r20 command request set nacm rule-list IPC10-security-admin-rules cmdrule r20 access-operations * set nacm rule-list IPC10-security-admin-rules cmdrule r20 action deny set nacm rule-list IPC10-security-admin-rules cmdrule r21 command shell set nacm rule-list IPC10-security-admin-rules cmdrule r21 access-operations * set nacm rule-list IPC10-security-admin-rules cmdrule r21 action deny set nacm rule-list IPC10-security-admin-rules cmdrule r22 command "show alarms" set nacm rule-list IPC10-security-admin-rules cmdrule r22 access-operations * set nacm rule-list IPC10-security-admin-rules cmdrule r22 action deny set nacm rule-list IPC10-security-admin-rules cmdrule r23 command "show log" set nacm rule-list IPC10-security-admin-rules cmdrule r23 access-operations * set nacm rule-list IPC10-security-admin-rules cmdrule r23 action deny set nacm rule-list IPC10-security-admin-rules cmdrule r24 command * set nacm rule-list IPC10-security-admin-rules cmdrule r24 action permit set nacm rule-list IPC10-tenant-admin-rules group [ IPC10-tenant-admin-group ] set nacm rule-list IPC10-tenant-admin-rules rule r1 path /orgs/org-services[name='IPC10'] set nacm rule-list IPC10-tenant-admin-rules rule r1 access-operations * set nacm rule-list IPC10-tenant-admin-rules rule r1 action permit set nacm rule-list IPC10-tenant-admin-rules rule r2 path / set nacm rule-list IPC10-tenant-admin-rules rule r2 access-operations * set nacm rule-list IPC10-tenant-admin-rules rule r2 action deny set nacm rule-list IPC10-tenant-admin-rules cmdrule r3 command shell set nacm rule-list IPC10-tenant-admin-rules cmdrule r3 access-operations * set nacm rule-list IPC10-tenant-admin-rules cmdrule r3 action deny set nacm rule-list IPC10-tenant-admin-rules cmdrule r4 command rollback set nacm rule-list IPC10-tenant-admin-rules cmdrule r4 access-operations * set nacm rule-list IPC10-tenant-admin-rules cmdrule r4 action deny set nacm rule-list IPC10-tenant-admin-rules cmdrule r5 command "show alarms" set nacm rule-list IPC10-tenant-admin-rules cmdrule r5 access-operations * set nacm rule-list IPC10-tenant-admin-rules cmdrule r5 action deny set nacm rule-list IPC10-tenant-admin-rules cmdrule r6 command "show log" set nacm rule-list IPC10-tenant-admin-rules cmdrule r6 access-operations * set nacm rule-list IPC10-tenant-admin-rules cmdrule r6 action deny set nacm rule-list IPC10-tenant-admin-rules cmdrule r7 command * set nacm rule-list IPC10-tenant-admin-rules cmdrule r7 action permit set nacm cmd-read-default deny set nacm cmd-exec-default deny [ok][2024-05-27 12:55:40] versa@Site-D-mpls-cli>