Blocking Telegram

Telegram is like WhatsApp that can be downloaded here

https://telegram.org

Cisco ASA:
interface Ethernet0
 nameif outside
 security-level 0
 ip address dhcp
!
interface Ethernet1
 nameif inside
 security-level 100
 ip address 12.12.12.1 255.255.255.0
clock timezone gmt 7
dns domain-lookup outside
dns domain-lookup inside
dns server-group DefaultDNS
 name-server 8.8.8.8
 name-server 8.8.4.4
object network PAT
 subnet 12.12.12.0 255.255.255.0
object network telegram1
 subnet 91.108.4.0 255.255.252.0
object network telegram2
 subnet 91.108.56.0 255.255.252.0
object network telegram3
 subnet 149.154.160.0 255.255.252.0
object network telegram4
 subnet 149.154.164.0 255.255.252.0
object network telegram5
 subnet 149.154.168.0 255.255.252.0
object network telegram6
 subnet 149.154.172.0 255.255.252.0
object-group network objgrp-telegram
 network-object object telegram1
 network-object object telegram2
 network-object object telegram3
 network-object object telegram4
 network-object object telegram5
 network-object object telegram6
access-list LAN extended permit ip any any
access-list acl-telegram extended deny ip any object-group objgrp-telegram
access-list ping extended permit icmp any interface outside
access-list ping extended permit icmp any interface inside
access-list outside_access_out extended deny ip any object-group objgrp-telegram
access-list outside_access_out extended permit ip any any
object network PAT
 nat (inside,outside) dynamic interface
access-group outside_access_out out interface outside
access-group LAN in interface inside
route outside 0.0.0.0 0.0.0.0 10.0.10.1 1
user-identity default-domain LOCAL
http server enable
http 10.0.10.0 255.255.255.0 outside
http 12.12.12.0 255.255.255.0 inside
ntp server 180.211.88.211
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect ip-options
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
  inspect icmp
  inspect icmp error

 

FortiGate:
config system interface
    edit “port1”
        set vdom “root”
        set mode dhcp
        set allowaccess ping https ssh http fgfm
        set type physical
        set snmp-index 1
    next
    edit “port2”
        set vdom “root”
        set ip 12.12.12.1 255.255.255.0
        set allowaccess ping https ssh fgfm
        set type physical
        set snmp-index 2
    next
end
config firewall policy
    edit 1
        set name “PAT”
        set uuid 170d4c60-0d49-51e6-102b-cc84e02a9dfb
        set srcintf “port2”
        set dstintf “port1”
        set srcaddr “all”
        set dstaddr “all”
        set action accept
        set schedule “always”
        set service “ALL”
        set nat enable
    next
    edit 2
        set name “telegram”
        set uuid 0b2d9320-0d5b-51e6-ce90-307685813f39
        set srcintf “port2”
        set dstintf “port1”
        set srcaddr “all”
        set dstaddr “telegramgroup”
        set schedule “always”
        set service “HTTP” “HTTPS”
        set logtraffic all
    next
end
config firewall address
    edit “telegram”
        set uuid 532c2ac0-0d5a-51e6-754f-62c1c2f11af6
        set subnet 91.108.4.0 255.255.252.0
    next
    edit “telegram2”
        set uuid a0149520-0d5a-51e6-b083-9fda96570787
        set subnet 91.108.56.0 255.255.252.0
    next
    edit “telegram3”
        set uuid a0149520-0d5a-51e6-b083-9fda96570787
        set subnet 149.154.160.0 255.255.252.0
    next
    edit “telegram4”
        set uuid a0149520-0d5a-51e6-b083-9fda96570787
        set subnet 149.154.164.0 255.255.252.0
    next
    edit “telegram5”
        set uuid a0149520-0d5a-51e6-b083-9fda96570787
        set subnet 149.154.168.0 255.255.252.0
    next
    edit “telegram6”
        set uuid a0149520-0d5a-51e6-b083-9fda96570787
        set subnet 149.154.172.0 255.255.252.0
    next
end
config firewall addrgrp
    edit “telegramgroup”
        set uuid 72081cc0-0d5e-51e6-f4e3-e05511d7c552
        set member “telegram” “telegram2” “telegram3” “telegram4” “telegram5” “telegram6”
    next

end

Juniper:

Mikrotik:
/ip firewall address-list
add address=12.12.12.0/24 list=LAN
add address=149.154.160.0/22 list=telegram
add address=149.154.164.0 /22 list=telegram
add address=149.154.168.0 /22 list=telegram
add address=149.154.172.0 /22 list=telegram
add address=91.108.4.0/22 list=telegram
add address=91.108.56.0/22 list=telegram
/ip firewall filter
add action=drop chain=forward dst-address-list=telegram src-address-list=LAN

Inject Driver into ESXi ISO

If you encounter can’t continue installing ESXi because lack of driver then follow these steps.
Example below is using HPE ESXi iso but you can use any ESXi iso

Download
-required driver from https://vibsdepot.v-front.de/wiki/index.php/List_of_currently_available_ESXi_packages
put all above into c:\download
click 2x ESXi-Customizer-v2.7.2.exe and extract into c:\download
click 2x c:\download\ESXi-Customizer-v2.7.2\ESXi-Customizer.cmd
Image.png
You can now burn iso into cd or into usb using https://rufus.akeo.ie/

Policy Routing based on Client IP Address

Image.png

WAN
# export

/queue simple
add max-limit=128k/128k name=128k target=ether2
add max-limit=256k/256k name=256k target=ether3
/ip address
add address=13.13.13.1/30 interface=ether2 network=13.13.13.0
add address=23.23.23.1/30 interface=ether3 network=23.23.23.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat src-address=13.13.13.0/30
add action=masquerade chain=srcnat src-address=23.23.23.0/30

R1
# export
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool1 ranges=192.168.0.21-192.168.0.125
add name=dhcp_pool2 ranges=192.168.0.131-192.168.0.235
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=ether3 name=dhcp1
add address-pool=dhcp_pool2 disabled=no interface=ether4 name=dhcp2
/ip address
add address=13.13.13.2/30 interface=ether1 network=13.13.13.0
add address=23.23.23.2/30 interface=ether2 network=23.23.23.0
add address=192.168.0.1/25 interface=ether3 network=192.168.0.0
add address=192.168.0.129/25 interface=ether4 network=192.168.0.128
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.0.0/25 dns-server=8.8.8.8 gateway=192.168.0.1
add address=192.168.0.128/25 dns-server=8.8.8.8 gateway=192.168.0.129
/ip firewall mangle
add action=mark-routing chain=prerouting in-interface=ether3 new-routing-mark=ISP1
add action=mark-routing chain=prerouting in-interface=ether4 new-routing-mark=ISP2
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat out-interface=ether2
/ip route
add check-gateway=ping distance=11 gateway=13.13.13.1 routing-mark=ISP1
add check-gateway=ping distance=12 gateway=23.23.23.1 routing-mark=ISP1
add check-gateway=ping distance=11 gateway=23.23.23.1 routing-mark=ISP2
add check-gateway=ping distance=12 gateway=13.13.13.1 routing-mark=ISP2
add distance=11 gateway=13.13.13.1
add distance=11 gateway=23.23.23.1
/ip route rule
add action=lookup-only-in-table dst-address=192.168.0.0/24 table=main
/system identity
set name=R1

PC1
# export

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether3
/system identity

set name=PC1

PC2
# export
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether3
/system identity

set name=PC2

-to add interface into vlan
/interface bridge add name=vlan_bridge
/interface bridge port add bridge=vlan_bridge interface=ether1
/interface bridge port add bridge=vlan_bridge interface=ether2

/interface vlan add disabled=no name=vlan1 interface=vlan_bridge vlan-id=1

-to delete port in a bridge
admin@R1] > interface bridge port print
Flags: X – disabled, I – inactive, D – dynamic
 #    INTERFACE              BRIDGE              PRIORITY  PATH-COST    HORIZON
 0    ether3                 LAN_bridge              0x80         10       none
 1    ether4                 LAN_bridge              0x80         10       none
[admin@R1] > interface bridge port remove 0
[admin@R1] > interface bridge port remove 1

 

OSPF Labs

Cisco-Cisco

19-Apr 05.23.44
R1#sh run
hostname R1
interface Loopback0
 ip address 1.0.0.1 255.255.255.255
interface FastEthernet0/0
 no ip address
 shutdown
 duplex full
interface Ethernet1/0
 ip address 10.0.10.61 255.255.255.0
 ip nat outside
 duplex full
interface Ethernet1/1
 ip address 12.12.12.1 255.255.255.252
 ip nat inside
 duplex full
interface Ethernet1/2
 ip address 31.31.31.2 255.255.255.252
 ip nat inside
 duplex full
interface Ethernet1/3
 no ip address
 duplex full
router ospf 1
 redistribute static subnets
 network 1.0.0.0 0.0.0.0 area 0
 network 12.12.12.0 0.0.0.3 area 0
 network 31.31.31.0 0.0.0.3 area 0
 default-information originate
ip nat inside source list LAN interface Ethernet1/0 overload
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.0.10.1
ip access-list standard LAN
 permit 12.12.12.0 0.0.0.3
 permit 23.23.23.0 0.0.0.3
 permit 31.31.31.0 0.0.0.3
 permit 1.0.0.0 0.0.0.7
R2#sh run
hostname R2
interface Loopback0
 ip address 1.0.0.2 255.255.255.255
interface FastEthernet0/0
 no ip address
 shutdown
 duplex full
interface Ethernet1/0
 no ip address
 duplex full
interface Ethernet1/1
 ip address 12.12.12.2 255.255.255.252
 duplex full
interface Ethernet1/2
 ip address 23.23.23.1 255.255.255.252
 duplex full
interface Ethernet1/3
 no ip address
 shutdown
 duplex full
router ospf 1
 network 1.0.0.0 0.0.0.0 area 0
 network 12.12.12.0 0.0.0.3 area 0
 network 23.23.23.0 0.0.0.3 area 0
ip forward-protocol nd
R3#sh run
hostname R3
interface Loopback0
 ip address 1.0.0.3 255.255.255.255
interface FastEthernet0/0
 no ip address
 shutdown
 duplex full
interface Ethernet1/0
 no ip address
 duplex full
interface Ethernet1/1
 ip address 23.23.23.2 255.255.255.252
 duplex full
interface Ethernet1/2
 ip address 31.31.31.1 255.255.255.252
 duplex full
interface Ethernet1/3
 no ip address
 shutdown
 duplex full
router ospf 1
 network 1.0.0.0 0.0.0.0 area 0
 network 23.23.23.0 0.0.0.3 area 0
 network 31.31.31.0 0.0.0.3 area 0

ip forward-protocol nd

FortiGate-FortiGate
20-Apr 00.51.19
FGT1
config system interface
    edit “port1”
        set vdom “root”
        set ip 10.0.10.61 255.255.255.0
        set allowaccess ping https ssh http fgfm
        set type physical
        set snmp-index 1
    next
    edit “port2”
        set vdom “root”
        set ip 12.12.12.1 255.255.255.252
        set allowaccess ping https ssh http fgfm
        set type physical
        set snmp-index 2
    next
    edit “port3”
        set vdom “root”
        set ip 31.31.31.2 255.255.255.252
        set allowaccess ping https ssh http fgfm
        set type physical
        set snmp-index 3
    next
    edit “port4”
        set vdom “root”
        set type physical
        set snmp-index 4
    next
    edit “ssl.root”
        set vdom “root”
        set type tunnel
        set alias “SSL VPN interface”
        set snmp-index 5
    next
    edit “loopback”
        set vdom “root”
        set ip 1.0.0.1 255.255.255.255
        set type loopback
        set snmp-index 6
    next
end
config firewall policy
    edit 1
        set uuid ef6c951c-0627-51e6-739a-6ddf25cfc795
        set srcintf “port2”
        set dstintf “port3”
        set srcaddr “all”
        set dstaddr “all”
        set action accept
        set schedule “always”
        set service “ALL”
    next
    edit 2
        set uuid 6e9d6c2c-0708-51e6-17f6-3c373c555f2b
        set srcintf “port3”
        set dstintf “port2”
        set srcaddr “all”
        set dstaddr “all”
        set action accept
        set schedule “always”
        set service “ALL”
    next
    edit 3
        set uuid 0d34fb4c-070a-51e6-439a-725742a0b680
        set srcintf “port2” “port3”
        set dstintf “port1”
        set srcaddr “all”
        set dstaddr “all”
        set action accept
        set schedule “always”
        set service “ALL”
        set nat enable
    next
end
config router static
    edit 1
        set gateway 10.0.10.1
        set device “port1”
    next
end
config router ospf
    set default-information-originate enable
    set router-id 1.0.0.1
    config area
        edit 0.0.0.0
        next
    end
    config ospf-interface
        edit “loopback”
            set interface “loopback”
            set ip 1.0.0.1
        next
    end
    config network
        edit 1
            set prefix 12.12.12.0 255.255.255.252
        next
        edit 2
            set prefix 31.31.31.0 255.255.255.252
        next
        edit 3
            set prefix 1.0.0.1 255.255.255.255
        next
    end
    config redistribute “connected”
    end
    config redistribute “static”
        set status enable
    end
    config redistribute “rip”
    end
    config redistribute “bgp”
    end
    config redistribute “isis”
    end

end

FGT2
config system interface
    edit “port1”
        set vdom “root”
        set allowaccess ping https ssh http fgfm
        set type physical
        set snmp-index 1
    next
    edit “port2”
        set vdom “root”
        set ip 12.12.12.2 255.255.255.252
        set allowaccess ping https ssh http fgfm
        set type physical
        set snmp-index 2
    next
    edit “port3”
        set vdom “root”
        set ip 23.23.23.1 255.255.255.252
        set allowaccess ping https ssh http fgfm
        set type physical
        set snmp-index 3
    next
    edit “port4”
        set vdom “root”
        set type physical
        set snmp-index 4
    next
    edit “ssl.root”
        set vdom “root”
        set type tunnel
        set alias “SSL VPN interface”
        set snmp-index 5
    next
    edit “loopback”
        set vdom “root”
        set ip 1.0.0.2 255.255.255.255
        set type loopback
        set snmp-index 6
    next
end
config router ospf
    set router-id 1.0.0.2
    config area
        edit 0.0.0.0
        next
    end
    config ospf-interface
        edit “loopback”
            set interface “loopback”
            set ip 1.0.0.2
        next
    end
    config network
        edit 1
            set prefix 12.12.12.0 255.255.255.252
        next
        edit 2
            set    prefix 23.23.23.0 255.255.255.252
        next
        edit 3
             set prefix 1.0.0.2 255.255.255.255
        next
    end
    config redistribute “connected”
    end
    config redistribute “static”
    end
     config redistribute “rip”
    end
    config redistribute “bgp”
    end
    config redistribute “isis”
    end
end
config firewall policy
    edit 1
        set uuid 5a630c00-071f-51e6-e8ae-2344f9e5a0e6
        set srcintf “port2”
        set dstintf “port3”
        set srcaddr “all”
        set dstaddr “all”
        set action accept
        set schedule “always”
        set service “ALL”
        set nat enable
    next
    edit 2
        set uuid 5db36f80-071f-51e6-623f-42be7d156fd5
        set srcintf “port3”
        set dstintf “port2”
        set srcaddr “all”
        set dstaddr “all”
        set action accept
        set schedule “always”
        set service “ALL”
    next

end

FGT3
config system interface
    edit “port1”
        set vdom “root”
        set allowaccess ping https ssh http fgfm
        set type physical
        set snmp-index 1
    next
    edit “port2”
        set vdom “root”
        set ip 23.23.23.2 255.255.255.252
        set allowaccess ping https ssh http fgfm
        set type physical
        set snmp-index 2
    next
    edit “port3”
        set vdom “root”
        set ip 31.31.31.1 255.255.255.252
        set allowaccess ping https ssh http fgfm
        set type physical
        set snmp-index 3
    next
    edit “port4”
        set vdom “root”
        set type physical
        set snmp-index 4
    next
    edit “ssl.root”
        set vdom “root”
        set type tunnel
        set alias “SSL VPN interface”
        set snmp-index 5
    next
    edit “loopback”
        set vdom “root”
        set ip 1.0.0.3 255.255.255.255
        set type loopback
        set snmp-index 6
    next
end
config router ospf
    set router-id 1.0.0.3
    config area
        edit 0.0.0.0
        next
    end
    config ospf-interface
        edit “loopback”
            set interface “loopback”
            set ip 1.0.0.3
        next
    end
    config network
        edit 1
            set prefix 23.23.23.0 255.255.255.252
        next
        edit 2
            set prefix 31.31.31.0 255.255.255.252
        next
        edit 3
            set prefix 1.0.0.3 255.255.255.255
        next
    end
    config redistribute “connected”
    end
    config redistribute “static”
    end
    config redistribute “rip”
    end
    config redistribute “bgp”
    end
    config redistribute “isis”
    end
end
config firewall policy
    edit 1
        set uuid 41d5f3a0-071f-51e6-df0e-727622495609
        set srcintf “port2”
        set dstintf “port3”
        set srcaddr “all”
        set dstaddr “all”
        set action accept
        set schedule “always”
        set service “ALL”
        set nat enable
    next
    edit 2
        set uuid 46ddcb20-071f-51e6-0dc2-22dfea80d1d2
        set srcintf “port3”
        set dstintf “port2”
        set srcaddr “all”
        set dstaddr “all”
        set action accept
        set schedule “always”
        set service “ALL”
    next
end
NOTE:
-to refresh ospf db
# exe router clear ospf process
-to show route db

# get router info routing-table all

Juniper-Juniper
22-Apr 16.13.05.jpg

 

NOTE:

-With current config, I have problem ping to Internet from R1. I don’t know yet that is because in Unetlab or because I reduce the RAM in each router to 1GB

R1

# show
system {
    host-name R1;
    root-authentication {
        encrypted-password “$1$7VWGeJRn$iG.WRousX9Fi5BKcaZGV7/”; ## SECRET-DATA
    }
    services {
        ssh;
        web-management {
            http {
                interface ge-0/0/0.0;
            }
        }
    }
    syslog {
        file messages {
            any any;
        }
    }
    license {
        autoupdate {
        }
    }
}
interfaces {
    ge-0/0/0 {
        unit 0 {
            family inet {
                address 10.0.10.61/24;
            }
        }
    }
    ge-0/0/1 {
        unit 0 {
            family inet {
                address 12.12.12.1/30;
            }
        }
    }
    ge-0/0/2 {
        unit 0 {
            family inet {
                address 31.31.31.2/30;
            }
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 1.0.0.1/32;
            }
        }
    }
}
routing-options {
    static {
        route 0.0.0.0/0 {
            next-hop 10.0.10.1;
            no-install;
        }
    }
}
protocols {
    ospf {
        export ospf-default;
        area 0.0.0.0 {
            interface ge-0/0/1.0;
            interface ge-0/0/2.0;
            interface lo0.0;
        }
    }
}
policy-options {
    policy-statement ospf-default {
        from {
            protocol static;
          route-filter 0.0.0.0/0 exact;
        }
        then accept;
    }
}
security {
    screen {
        ids-option untrust-screen {
            icmp {
                ping-death;
            }
            ip {
                source-route-option;
                tear-drop;
            }
            tcp {
                syn-flood {
                    alarm-threshold 1024;
                    attack-threshold 200;
                    source-threshold 1024;
                    destination-threshold 2048;
                    queue-size 2000; ## Warning: ‘queue-size’ is deprecated
                    timeout 20;
                }
                land;
            }
        }
    }
    nat {
        source {
            rule-set trust-to-untrust {
                from zone trust;
                to zone untrust;
                rule source-nat-rule {
                    match {
                        source-address 0.0.0.0/0;
                    }
                    then {
                        source-nat {
                            interface;
                        }
                    }
                }
            }
        }
    }
    policies {
        from-zone trust to-zone trust {
            policy default-permit {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
        from-zone trust to-zone untrust {
            policy default-permit {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
        from-zone untrust to-zone trust {
            policy default-deny {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    deny;
                }
            }
        }
    }
    zones {
        security-zone trust {
            tcp-rst;
            host-inbound-traffic {
                system-services {
                    all;
                }
                protocols {
                    all;
                }
            }
            interfaces {
                system-services {
                    all;
                }
                protocols {
                    all;
                }
            }
            interfaces {
                ge-0/0/1.0;
                ge-0/0/2.0;
                lo0.0;
            }
        }
        security-zone untrust {
            screen untrust-screen;
            interfaces {
                ge-0/0/0.0;
            }
        }
    }
}
# run show ospf neighbor
Address          Interface              State     ID               Pri  Dead
12.12.12.2       ge-0/0/1.0             Full      1.0.0.2          128    32
31.31.31.1       ge-0/0/2.0             Full      1.0.0.3          128    39
# run show route
inet.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden)
+ = Active Route, – = Last Active, * = Both
0.0.0.0/0          *[Static/5] 01:24:39
                    > to 10.0.10.1 via ge-0/0/0.0
1.0.0.1/32         *[Direct/0] 00:55:05
                    > via lo0.0
1.0.0.2/32         *[OSPF/10] 00:54:19, metric 1
                    > to 12.12.12.2 via ge-0/0/1.0
1.0.0.3/32         *[OSPF/10] 00:54:57, metric 1
                    > to 31.31.31.1 via ge-0/0/2.0
10.0.10.0/24       *[Direct/0] 01:09:05
                    > via ge-0/0/0.0
10.0.10.61/32      *[Local/0] 01:09:05
                      Local via ge-0/0/0.0
12.12.12.0/30      *[Direct/0] 01:09:05
                    > via ge-0/0/1.0
12.12.12.1/32      *[Local/0] 01:09:05
                      Local via ge-0/0/1.0
23.23.23.0/30      *[OSPF/10] 00:54:19, metric 2
                    > to 12.12.12.2 via ge-0/0/1.0
                      to 31.31.31.1 via ge-0/0/2.0
31.31.31.0/30      *[Direct/0] 01:09:05
                    > via ge-0/0/2.0
31.31.31.2/32      *[Local/0] 01:09:05
                      Local via ge-0/0/2.0
224.0.0.5/32       *[OSPF/10] 00:55:07, metric 1

                      MultiRecv

R2

# show
system {
    host-name R2;
    root-authentication {
        encrypted-password “$1$ucm0iauC$pA0/LpyHYtln36Hmw12Gj0”; ## SECRET-DATA
    }
    services {
        ssh;
        web-management {
            http {
                interface ge-0/0/0.0;
            }
        }
    }
    syslog {
        file messages {
            any any;
        }
    }
    license {
        autoupdate {
        }
    }
}
interfaces {
    ge-0/0/0 {
        unit 0 {
            family inet;
        }
    }
    ge-0/0/1 {
        unit 0 {
            family inet {
                address 12.12.12.2/30;
            }
        }
    }
    ge-0/0/2 {
        unit 0 {
            family inet {
                address 23.23.23.1/30;
            }
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 1.0.0.2/32;
            }
        }
    }
}
protocols {
    ospf {
        area 0.0.0.0 {
            interface ge-0/0/1.0;
            interface ge-0/0/2.0;
            interface lo0.0;
        }
    }
}
security {
    zones {
        security-zone trust {
            host-inbound-traffic {
                system-services {
                    all;
                }
                protocols {
                    all;
                }
            }
            interfaces {
                ge-0/0/1.0;
                ge-0/0/2.0;
                lo0.0;
            }
        }
    }

}

R3

# show
system {
    host-name R3;
    root-authentication {
        encrypted-password “$1$jYOE9h1/$8E0Rfv77QNRFiAEItVkTZ.”; ## SECRET-DATA
    }
    services {
        ssh;
        web-management {
            http {
                interface ge-0/0/0.0;
            }
        }
    }
    syslog {
        file messages {
            any any;
        }
    }
    license {
        autoupdate {
        }
    }
}
interfaces {
    ge-0/0/0 {
        unit 0 {
            family inet;
        }
    }
    ge-0/0/1 {
        unit 0 {
            family inet {
                address 23.23.23.2/30;
            }
        }
    }
    ge-0/0/2 {
        unit 0 {
            family inet {
                address 31.31.31.1/30;
            }
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 1.0.0.3/32;
            }
        }
    }
}
protocols {
    ospf {
        area 0.0.0.0 {
            interface ge-0/0/1.0;
            interface ge-0/0/2.0;
            interface lo0.0;
        }
    }
}
security {
    screen {
        ids-option untrust-screen {
            icmp {
                ping-death;
            }
            ip {
                source-route-option;
                tear-drop;
            }
            tcp {
                syn-flood {
                    alarm-threshold 1024;
                    attack-threshold 200;
                    source-threshold 1024;
                    destination-threshold 2048;
                    queue-size 2000; ## Warning: ‘queue-size’ is deprecated
                    timeout 20;
                }
                land;
            }
        }
    }
    policies {
        from-zone trust to-zone trust {
            policy default-permit {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
        from-zone trust to-zone untrust {
            policy default-permit {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
        from-zone untrust to-zone trust {
            policy default-deny {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    deny;
                }
            }
        }
    }
    zones {
        security-zone trust {
            tcp-rst;
            host-inbound-traffic {
                system-services {
                    all;
                }
                protocols {
                    all;
                }
            }
            interfaces {
                ge-0/0/1.0;
                ge-0/0/2.0;
                lo0.0;
            }
        }
        security-zone untrust {
            screen untrust-screen;
        }
    }
}
Mikrotik-Mikrotik
19-Apr 10.06.22
R1] > export
/interface bridge
add name=loopback
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/routing ospf instance
set [ find default=yes ] distribute-default=always-as-type-1 \
    redistribute-static=as-type-1 router-id=1.0.0.1
/ip address
add address=10.0.10.61/24 interface=ether1 network=10.0.10.0
add address=12.12.12.1/30 interface=ether2 network=12.12.12.0
add address=31.31.31.2/30 interface=ether3 network=31.31.31.0
add address=1.0.0.1 interface=loopback network=1.0.0.1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip route
add distance=1 gateway=10.0.10.1
/routing ospf network
add area=backbone network=1.0.0.1/32
add area=backbone network=12.12.12.0/30
add area=backbone network=31.31.31.0/30
/system identity

set name=R1

[admin@R2] > export
/interface bridge
add name=loopback
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/routing ospf instance
set [ find default=yes ] router-id=1.0.0.2
/ip address
add address=12.12.12.2/30 interface=ether2 network=12.12.12.0
add address=1.0.0.2 interface=loopback network=1.0.0.2
add address=23.23.23.1/30 interface=ether3 network=23.23.23.0
/routing ospf network
add area=backbone network=1.0.0.2/32
add area=backbone network=12.12.12.0/30
add area=backbone network=23.23.23.0/30
/system identity

set name=R2

[admin@R3] > export
/interface bridge
add name=loopback
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/routing ospf instance
set [ find default=yes ] router-id=1.0.0.3
/ip address
add address=23.23.23.2/30 interface=ether2 network=23.23.23.0
add address=31.31.31.1/30 interface=ether3 network=31.31.31.0
/routing ospf network
add area=backbone network=1.0.0.3/32
add area=backbone network=31.31.31.0/30
add area=backbone network=23.23.23.0/30
/system identity

set name=R3

Cisco-FortiGate-Juniper-Mikrotik
 20-Apr 22.27.42.jpg

1 nic Multiple vlans

WINDOWS:
SOURCE: http://www.intel.com/content/www/us/en/support/network-and-i-o/ethernet-products/000005677.html
This can be done using Intel or Broadcom (BACS) driver, but not from Windows itself

Configuring VLANs
– Go to Windows Device Manager
– Open the properties of the port where you want to configure the VLAN
– Go to the VLAN tab
– Click the New button
– Type the VLAN ID number into the VLAN ID box. The IDs configured on the port must also be configured on the switch.
– Accept the VLAN name entered by default or type in a new name.
– Click OK.

LINUX:
SOURCE: http://www.cyberciti.biz/tips/howto-configure-linux-virtual-local-area-network-vlan.html

RHEL/CentOS
Method1
-example we want to create vlan 5
# cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.5
# cat /etc/sysconfig/network-scripts/ifcfg-eth0.5
DEVICE=eth0.5
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.168.1.5
NETMASK=255.255.255.0
USERCTL=no
NETWORK=192.168.1.0
VLAN=yes

# /etc/init.d/network restart
OR
# service network restart

Method2 vconfig
# vconfig add eth0 5
# ifconfig eth0.5 192.168.1.100 netmask 255.255.255.0 broadcast 192.168.1.255 up

To get detailed information about VLAN interface, type:
# cat /proc/net/vlan/eth0.5

If you wish to delete VLAN interface use delete command as follows:
# ifconfig eth0.5 down
# vconfig rem eth0.5

Method #3: Create the VLAN device using the ip command
# ip link add link eth0 name eth0.5 type vlan id 5
# ip link
# ip -d link show eth0.5

You need to activate and add an IP address to vlan link, type:
# ip addr add 192.168.1.200/24 brd 192.168.1.255 dev eth0.5
# ip link set dev eth0.5 up

How can I remove VLAN ID 5?
# ip link set dev eth0.5 down
# ip link delete eth0.5

Debian/Ubuntu
# cat /etc/network/interfaces
auto eth0.5
iface eth0.5 inet static
address 192.168.1.200
netmask 255.255.255.0
vlan-raw-device eth0

# /etc/init.d/networking restart