troubleshooting Question

HPE MSR 930 Lockdown

Avatar of YaYangTeah
YaYangTeahFlag for Malaysia asked on
RoutersNetworking Hardware-OtherNetworking
19 Comments1 Solution500 ViewsLast Modified:
My superior request me to lock the the IP Address from our HPE MSR 930 Router:
•       Lock down management from Internet to FirstTech IPs only. eg.116.12.xxx.xxx/255.255.255.240
•       Lock down printer ports (NATed from external IPs to Internet ones) to Australia IPs only.  
      eg.These are 3 subnets: 59.167.xx.xx/27  59.167.xx.xx/29  203.5.xx.xx/24

Existing Configuration

#
 version 5.20.106, Release 2516P10
#

#
 clock timezone "Kuala Lumpur" add 08:00:00
#
 firewall enable
#
 domain default enable system
#
 dar p2p signature-file flash:/p2p_default.mtd
#
 port-security enable
#
 ip http acl 2783
 undo ip http enable
#
 password-recovery enable
#
acl number 2000
 rule 1 permit source 192.168.100.0 0.0.0.255
acl number 2783 match-order auto
 rule 0 permit
#
acl number 3000
#
vlan 1
#
domain system
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
#
dhcp server ip-pool 1
 network 192.168.100.0 mask 255.255.255.0
 gateway-list 192.168.100.1
 dns-list 165.21.83.88 165.21.100.88
#
user-group system
 group-attribute allow-guest
#
local-user netata
 password cipher $c$3$CfYylcGcCTrPs9Eh+VXwpt3DQTBBX+OtrmXWs4RltQ==
 authorization-attribute level 3
 service-type ssh telnet terminal
 service-type web
#
cwmp
 undo cwmp enable
#
interface Aux0
 async mode flow
 link-protocol ppp
#
interface Cellular0/0
 async mode protocol
 link-protocol ppp
#
interface NULL0
#
interface Vlan-interface1
 ip address 192.168.100.1 255.255.255.0
 firewall packet-filter 3000 outbound
#
interface GigabitEthernet0/0
 port link-mode route
 nat outbound static
 nat outbound 2000
 nat server protocol tcp global 116.12.203.55 www inside 192.168.100.229 www
 nat server protocol tcp global 116.12.203.55 lpd inside 192.168.100.229 lpd
 nat server protocol tcp global 116.12.203.55 631 inside 192.168.100.229 631
 nat server protocol tcp global 116.12.203.55 9100 inside 192.168.100.229 9100
 nat server protocol tcp global 116.12.203.66 www inside 192.168.100.232 www
 nat server protocol tcp global 116.12.203.66 lpd inside 192.168.100.232 lpd
 nat server protocol tcp global 116.12.203.66 631 inside 192.168.100.232 631
 nat server protocol tcp global 116.12.203.66 9100 inside 192.168.100.232 9100
 duplex full
 speed 100
 ip address 124.66.xxx.xxx 255.255.255.252
#
interface GigabitEthernet0/1
 port link-mode bridge
#
interface GigabitEthernet0/2
 port link-mode bridge
#
interface GigabitEthernet0/3
 port link-mode bridge
#
interface GigabitEthernet0/4
 port link-mode bridge
#
 ip route-static 0.0.0.0 0.0.0.0 124.66.xxx.xxx
#
 dhcp server forbidden-ip 192.168.100.1 192.168.100.9
 dhcp server forbidden-ip 192.168.100.101 192.168.100.254
#
 dhcp enable
#
 ssh server enable
 ssh user netata service-type stelnet authentication-type password
#
 ip https acl 2000
 ip https enable
#
 load xml-configuration
#
 load tr069-configuration
#
user-interface tty 12
user-interface aux 0
 authentication-mode scheme
user-interface vty 0 4
 authentication-mode scheme
 protocol inbound ssh
ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 1 Answer and 19 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 19 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros