Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Troubleshooting
Research
Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

HPE MSR 930 Lockdown

Avatar of YaYangTeah
YaYangTeahFlag for Malaysia asked on
RoutersNetworkingNetworking Hardware-Other
19 Comments1 Solution500 ViewsLast Modified:
My superior request me to lock the the IP Address from our HPE MSR 930 Router:
•       Lock down management from Internet to FirstTech IPs only. eg.116.12.xxx.xxx/255.255.255.240
•       Lock down printer ports (NATed from external IPs to Internet ones) to Australia IPs only.  
      eg.These are 3 subnets: 59.167.xx.xx/27  59.167.xx.xx/29  203.5.xx.xx/24

Existing Configuration

#
 version 5.20.106, Release 2516P10
#

#
 clock timezone "Kuala Lumpur" add 08:00:00
#
 firewall enable
#
 domain default enable system
#
 dar p2p signature-file flash:/p2p_default.mtd
#
 port-security enable
#
 ip http acl 2783
 undo ip http enable
#
 password-recovery enable
#
acl number 2000
 rule 1 permit source 192.168.100.0 0.0.0.255
acl number 2783 match-order auto
 rule 0 permit
#
acl number 3000
#
vlan 1
#
domain system
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
#
dhcp server ip-pool 1
 network 192.168.100.0 mask 255.255.255.0
 gateway-list 192.168.100.1
 dns-list 165.21.83.88 165.21.100.88
#
user-group system
 group-attribute allow-guest
#
local-user netata
 password cipher $c$3$CfYylcGcCTrPs9Eh+VXwpt3DQTBBX+OtrmXWs4RltQ==
 authorization-attribute level 3
 service-type ssh telnet terminal
 service-type web
#
cwmp
 undo cwmp enable
#
interface Aux0
 async mode flow
 link-protocol ppp
#
interface Cellular0/0
 async mode protocol
 link-protocol ppp
#
interface NULL0
#
interface Vlan-interface1
 ip address 192.168.100.1 255.255.255.0
 firewall packet-filter 3000 outbound
#
interface GigabitEthernet0/0
 port link-mode route
 nat outbound static
 nat outbound 2000
 nat server protocol tcp global 116.12.203.55 www inside 192.168.100.229 www
 nat server protocol tcp global 116.12.203.55 lpd inside 192.168.100.229 lpd
 nat server protocol tcp global 116.12.203.55 631 inside 192.168.100.229 631
 nat server protocol tcp global 116.12.203.55 9100 inside 192.168.100.229 9100
 nat server protocol tcp global 116.12.203.66 www inside 192.168.100.232 www
 nat server protocol tcp global 116.12.203.66 lpd inside 192.168.100.232 lpd
 nat server protocol tcp global 116.12.203.66 631 inside 192.168.100.232 631
 nat server protocol tcp global 116.12.203.66 9100 inside 192.168.100.232 9100
 duplex full
 speed 100
 ip address 124.66.xxx.xxx 255.255.255.252
#
interface GigabitEthernet0/1
 port link-mode bridge
#
interface GigabitEthernet0/2
 port link-mode bridge
#
interface GigabitEthernet0/3
 port link-mode bridge
#
interface GigabitEthernet0/4
 port link-mode bridge
#
 ip route-static 0.0.0.0 0.0.0.0 124.66.xxx.xxx
#
 dhcp server forbidden-ip 192.168.100.1 192.168.100.9
 dhcp server forbidden-ip 192.168.100.101 192.168.100.254
#
 dhcp enable
#
 ssh server enable
 ssh user netata service-type stelnet authentication-type password
#
 ip https acl 2000
 ip https enable
#
 load xml-configuration
#
 load tr069-configuration
#
user-interface tty 12
user-interface aux 0
 authentication-mode scheme
user-interface vty 0 4
 authentication-mode scheme
 protocol inbound ssh
ASKER CERTIFIED SOLUTION
Avatar of Predrag Jovic
Commented:
This problem has been solved!
Unlock 1 Answer and 19 Comments.
See Answers