这是华为的配置:
: h! k* e/ _+ U! @9 p#
8 A- F+ t) C D, l9 f' Lacl number 2000
' x, d. H/ g6 w5 {$ y' ? rule 0 permit source 172.16.14.1 0
5 C- c/ ?8 E. H% w2 ? rule 1 permit source 172.16.1.0 0.0.0.255& E5 [& y. W% ]5 u' H1 Z
rule 3 permit source 172.16.2.1 0, I% d6 H# n9 r. V: v3 ~
rule 4 permit source 172.16.2.13 0* C9 C4 x w Q
rule 5 permit source 172.16.10.0 0.0.0.255
. [# g/ f' K5 Q# M4 z. H0 ~$ B! v Q rule 6 permit source 172.16.16.2 0) o: M5 B# b8 A" Y3 C. D
rule 7 permit source 172.16.2.2 0
$ X7 q: i9 C, b3 L+ i rule 8 permit source 172.16.14.50 0
# W: K( K$ F6 j, |1 Q7 z/ D rule 10 deny5 O0 v# _, ^; L+ t% d
acl number 2001
) h0 V* y% v# U; e2 _7 `! c rule 0 permit source 172.16.12.51 0
6 h% {( `( w1 V( G2 {8 L rule 5 deny0 y$ K6 y) o: ^7 _! s
acl number 2002
* ~; K8 s r4 L$ B0 v rule 0 permit source 172.16.12.61 0
6 b$ {: x3 C6 U- {! @$ j4 B rule 5 deny
$ `* Q8 q# X N& L T* h. Facl number 2003+ T0 ~5 W0 i9 l, A. Y6 n$ v
rule 0 permit source 172.15.10.4 0
" Y* _/ m% i2 L' _, `6 m2 k$ r rule 5 deny2 R. ^2 U5 l {! z' y* X2 s5 [" Y
#
" n. Z7 [/ v0 n* [& f# }" ^acl number 3000
4 }) a$ l5 L- p/ z% E0 w description dmz-trust. {( b% b1 O# J$ L4 U# Y
rule 0 permit tcp source 172.16.12.61 0 destination 172.16.10.71 0 destination-port eq 40088 C$ M2 A5 ~+ H- }8 o) S
rule 1 permit tcp source 172.16.12.61 0 destination 172.16.10.71 0 destination-port eq 8898* H& W- [ X4 }. L b) o" C+ l
rule 2 permit tcp source 172.16.12.61 0 destination 172.16.10.71 0 destination-port eq 8868
& S2 v% ]" J4 b rule 3 permit tcp source 172.16.12.61 0 destination 172.16.10.71 0 destination-port eq 8858
. {1 ~* Q$ e8 z. v0 G. X; Y8 _ rule 4 permit tcp source 172.16.12.61 0 destination 172.16.14.155 0 destination-port eq 40082 G# N: M p( v* R2 |1 X
rule 5 permit tcp source 172.16.12.61 0 destination 172.16.14.155 0 destination-port eq 8898
6 J( H: C: ` H- H0 K rule 6 permit tcp source 172.16.12.61 0 destination 172.16.14.155 0 destination-port eq 8868' ]) U4 h& O: ?5 X: A( ]
rule 7 permit tcp source 172.16.12.61 0 destination 172.16.14.155 0 destination-port eq 8858
( D0 o+ B# a! I2 F rule 8 permit tcp source 172.16.12.51 0 destination 172.16.10.71 0 destination-port eq 4003
3 @( g( X, N1 P& U e" K; I rule 9 permit tcp source 172.16.12.61 0 destination 172.16.10.71 0 destination-port eq ftp" N2 F, g5 P' g1 L
rule 10 permit tcp source 172.16.12.61 0 destination 172.16.10.51 0 destination-port eq ftp
5 ~' l4 q J5 ]) V4 x9 O4 B! _' ~7 X rule 11 permit tcp source 172.16.12.61 0 destination 172.16.14.155 0 destination-port eq ftp
. Q$ |( h! J1 ^2 M. Q# q rule 12 permit tcp source 172.16.12.51 0 destination 172.16.14.155 0 destination-port eq ftp1 S' Y" ], n5 H$ U
rule 13 permit tcp source 172.16.12.51 0 destination 172.16.10.71 0 destination-port eq ftp
$ J H6 b0 D" l- y$ k rule 14 permit tcp source 172.16.12.51 0 destination 172.16.10.51 0 destination-port eq ftp6 w" F8 S) j9 j4 G% `- Z" T: h' N
rule 15 permit tcp source 172.16.12.51 0 destination 172.16.14.155 0 destination-port eq 4003
: V C4 w5 _* T& v8 L5 A8 t rule 16 permit ospf
* Y9 J. a8 |% y rule 17 permit tcp source 172.16.12.51 0 destination 172.16.10.101 0 destination-port eq 8$ D' M' b: Q" t! F5 ~( `
rule 18 deny tcp
! I( F+ U$ G7 I0 `2 h5 Macl number 3001
+ ~( i+ \$ r. d* q( b0 x description For Untrust-dmz
+ E8 |8 B& g3 Y3 G rule 0 permit tcp source 172.16.20.0 0.0.0.255 destination 172.16.12.51 0 destination-port eq 5000
v+ }& m" A; n- ]2 ]' G7 B: H rule 5 permit icmp. h" B- E* a4 v/ n* ` h& k
rule 10 permit ospf 7 p+ f7 P% V# j# v/ X" [5 w
rule 15 deny tcp source 172.16.20.0 0.0.0.255
0 _# d. ?/ S( W2 {: y8 Z3 \% }3 J9 Hacl number 3002! E0 V) ^# y3 y' @: f, Q/ u8 K! l
description To_Yinlian
7 T$ E% U9 c. @ v rule 0 permit ip source 9.234.21.63 0 destination 144.234.97.33 06 a1 T+ c" a1 ^* X4 K( _
rule 5 permit ip source 9.234.21.64 0 destination 144.234.97.33 0, ?/ P9 W3 N3 `0 V t
rule 10 permit ip source 9.234.21.66 0 destination 144.234.97.33 0
: p1 w- B( @& m4 ] rule 15 deny ip
3 {; n7 z7 e% z$ g. \# P: Dacl number 3003
0 F& ?) S( P5 J% E) K5 f3 W2 L description for Untrust-Trust" T7 A: l: v4 U& r9 K, I8 h
rule 0 permit ip source 10.78.72.70 0 destination 172.15.10.4 0
3 B, |8 b( a `) x rule 1 permit ip source 172.16.2.26 0 destination 172.16.10.111 0
& Z; p1 N, j0 n! s' ] rule 2 permit ip source 172.16.2.26 0 destination 172.16.14.1 0
# f! A1 t" g5 g) e" X9 ^ rule 3 permit ip source 10.78.72.153 0 destination 172.15.10.4 0
; }; B& E- }7 ]" t# ], ~ rule 4 permit ip source 10.78.72.157 0 destination 172.15.10.4 01 ?, D; s& B, h' Q
rule 5 permit ip source 192.168.100.43 0 destination 172.15.10.4 06 ^/ p; S( j( P7 E1 Q7 w
rule 6 permit ip source 10.16.2.7 0 destination 172.15.10.4 0& p7 [: Y0 z& F$ g2 a2 z. w
rule 7 permit ip source 10.16.2.5 0 destination 172.15.10.4 00 T2 D1 A: F9 l+ b8 _. ^8 a$ R! P" }
rule 8 permit ip source 10.16.2.6 0 destination 172.15.10.4 0; ?" ]- L4 \0 b9 s( c% }$ }
rule 9 permit ip source 10.16.2.8 0 destination 172.15.10.4 0% h: S d" P9 z3 O
rule 11 permit ip source 10.139.25.26 0 destination 172.15.10.4 0, x, A" w) Z7 N
rule 13 permit ip source 10.143.10.183 0 destination 172.15.10.4 05 L0 V" [1 w* D j f7 b
rule 50 deny ip
3 Y1 i8 E) n7 H* Jacl number 3004
; G8 \1 `2 n* U5 i8 W3 q9 d rule 0 permit ip source 172.16.1.7 0 destination 172.16.10.111 08 R) F0 j$ E; {1 f5 m
acl number 3005! p9 B4 T' f# Y$ c% F
description TO_dudubao5 |' f; p+ _2 H2 }# r. Z
rule 0 permit tcp destination 172.15.10.4 0 destination-port eq 6868# V* Z: W7 F$ N0 m& \- w
rule 1 permit tcp destination 172.15.10.4 0 destination-port eq ftp-data- }& R: L+ H% k; x
rule 2 permit tcp destination 172.15.10.4 0 destination-port eq ftp
9 \2 w6 R+ p( p6 f: Q4 Cacl number 3006! c( `6 ?" S6 k8 t* A, x* A4 E
rule 0 permit ip source 172.16.12.0 0.0.0.255 destination 10.0.1.0 0.0.0.255
7 O5 A. B E( N3 X$ wacl number 3007
: G, A/ \' \6 \/ ]) F, x rule 0 deny ip source 172.16.12.0 0.0.0.255 destination 10.0.1.0 0.0.0.255
7 P* W/ i Q- {6 | rule 1 permit ip source 172.16.12.0 0.0.0.255
' ~ ]. Z7 X) j! W) S#
8 Z. x1 M1 [& ~6 R, [, c6 m sysname NB_Eudemon300-A" n- D* b O" L9 A8 g* |
#
2 a4 g, j6 h, r) ? super password level 3 cipher '._1D9P1YCQ=^Q`MAF4<1!!
& ]; q( h" ~6 r( F L, {) p#
3 g% v1 o' }; r: D info-center loghost 172.16.10.192# b, F5 P A4 s0 a0 P
info-center loghost 172.16.10.111
: U6 {: B e' T! r6 N#
* Y# i) G/ t" i hrp enable
- z+ U$ n i. _0 l hrp interface Ethernet2/0/7/ Z$ u5 i0 U7 U& O
#
# |7 R# z: @: ~- E router id 172.16.1.3 7 n5 h3 Z$ b$ [, Z+ g
#
8 ?$ |. {4 o V9 k7 z5 V firewall packet-filter default permit interzone local trust direction inbound2 z; T2 @4 f: O7 o l9 c6 E
firewall packet-filter default permit interzone local trust direction outbound4 c8 A' B; \/ E# v. e
firewall packet-filter default permit interzone local untrust direction inbound
f+ R/ m7 r$ m firewall packet-filter default permit interzone local untrust direction outbound5 j: R* ?3 ^4 l- P
firewall packet-filter default permit interzone local dmz direction inbound
8 p8 w7 V C/ r. K+ O firewall packet-filter default permit interzone local dmz direction outbound
4 Z! O# C8 p' k5 ]: m7 S" q firewall packet-filter default permit interzone local hrp direction inbound' l: O2 x- X* E w
firewall packet-filter default permit interzone local hrp direction outbound
6 ?( c/ Q% N4 P; {( o firewall packet-filter default permit interzone local gprs direction inbound
6 ]( ^5 B. S2 `9 a0 Q firewall packet-filter default permit interzone local gprs direction outbound; r: f8 ^" B9 U* l) i1 d7 D# z
firewall packet-filter default permit interzone local dudubao direction inbound
' M7 d3 e& q& S3 {- _, T) P firewall packet-filter default permit interzone local dudubao direction outbound
; ]5 S) a" [' J% _ ^7 u" l4 s firewall packet-filter default permit interzone trust untrust direction outbound! X* r6 z- @8 m8 D
firewall packet-filter default permit interzone trust dmz direction inbound9 ^! f' g/ u! `. F( d, L
firewall packet-filter default permit interzone trust dmz direction outbound* I# K _$ g C! P
firewall packet-filter default permit interzone trust gprs direction inbound0 c+ G, p% T. n8 a5 E; V
firewall packet-filter default permit interzone trust gprs direction outbound
$ m! e. O! C. ^+ z. D5 Y firewall packet-filter default permit interzone trust dudubao direction inbound2 X( Q; q* m+ E
firewall packet-filter default permit interzone trust dudubao direction outbound0 H! J8 q5 o4 G0 L2 G" a
firewall packet-filter default permit interzone dmz untrust direction inbound {& q, c* y, {% T! K- o" L
firewall packet-filter default permit interzone dmz untrust direction outbound
% r* T: E+ p0 F firewall packet-filter default permit interzone dmz gprs direction inbound
@3 D" O4 h4 x+ ~- r firewall packet-filter default permit interzone dmz gprs direction outbound/ M# x( J3 a4 r! a! G
firewall packet-filter default permit interzone dmz dudubao direction inbound) Z, Y) }+ G- U$ |$ _% o. d
firewall packet-filter default permit interzone dmz dudubao direction outbound+ M$ ?8 e, [8 z5 j9 P
#
' B2 y$ w* Z) f2 p' L+ l! z+ P2 K nat address-group 3 145.234.97.33 145.234.97.33% R9 l4 T' J* S+ l6 Z! f- D/ }4 I1 w
nat address-group 5 144.234.97.33 144.234.97.33
7 q/ f( [, C. L' J+ T* | nat server zone gprs global 144.234.97.33 inside 172.16.12.61
$ n( w& J5 g+ j#- N8 C3 u7 ^- p5 Y
bypass switch-back auto
# Z9 R& F$ U7 v P( b, F! X/ Q#
m# m2 d0 Q" O3 f firewall mode route( s3 p$ Y$ Q0 b3 i# j' Z
#3 i& r `9 X. T1 t8 e
firewall defend ip-spoofing enable
0 ^ S: {" I7 ~- i, l8 @ firewall defend land enable6 [; W9 O- {7 _- M
firewall defend smurf enable
7 A+ t( E. t7 | firewall defend fraggle enable, Y3 N+ {$ m; D! p& p
firewall defend winnuke enable
+ J9 r: H3 M" w; Y S firewall defend syn-flood enable
9 g/ U. d/ Y; C8 p. J& Y firewall defend udp-flood enable& T' x; ^/ x; ]/ u7 I. O V8 N6 {
firewall defend icmp-redirect enable
/ r( r; J) o8 P% X% J7 j9 j1 y c firewall defend icmp-unreachable enable
5 |' V7 `$ }% ]6 T: N- X! A firewall defend ip-sweep enable . V: Y3 X; {3 r+ y& X
firewall defend port-scan enable5 C5 c1 E) v8 j- a& J
firewall defend route-record enable
3 U8 K- c; e# P1 h1 M" s) k firewall defend ping-of-death enable
0 i, d( E# }7 N firewall defend teardrop enable
4 O# {( c4 A/ H3 J% W firewall defend tcp-flag enable
. {* S" y& X, S4 j0 L firewall defend large-icmp enable$ z' {- }" A8 p1 b
#
- F2 J4 {/ I ], ^ firewall statistic system enable/ F4 m; S6 z; E
#
; g- k2 y3 ]% l* d% t: X4 Xike proposal 1
# G0 k# V8 l+ ^ b# ~: v7 d* `#
5 r5 s1 F3 O7 I/ m. ^ike peer a
4 j9 G: |1 @; g pre-shared-key cnnbtk/ x2 m5 a* C+ s$ i M! b
ike-proposal 11 K' T; `( J* m s" u. p$ P( a
remote-address 119.57.5.5
( s2 g" Q7 ~) d) `2 E#8 ~+ |# I Y& Q5 T" b$ g1 w1 q
ipsec proposal tran11 p* D+ A6 L5 p0 y+ B
#
: {; ^6 N/ y) f/ Nipsec policy map1 1 isakmp3 E: s. ]& a D( l% `
security acl 3006
2 j& I- i9 R/ L' d) } pfs dh-group2) A; w& C0 R8 l2 W* Y" A+ Y
ike-peer a
, M0 S. H i; q5 I% g( d/ w8 t6 {; d proposal tran1
( D' p% E6 S! B' i/ z local-address 60.12.194.14
( o: i" Z7 q0 E7 k#; Z, y: E0 J3 N6 ?0 [8 l1 a' I
interface Aux05 z& L7 {% O8 O' t# U
async mode flow
$ o$ _0 p2 d6 R' C7 y+ n5 W link-protocol ppp
g/ M# `- Q8 i3 B0 A# c9 }#$ e7 f/ |. p* E2 v/ |
interface Ethernet0/0/0
- N+ l* d1 ^7 x#' G9 h) {8 X' r2 ^# H
interface Ethernet0/0/1
4 f/ p/ B9 w, W" O#" m6 h( \1 ^3 S; P3 n- y) l
interface Ethernet2/0/0
. E1 c. I0 i; }3 R5 p* L: Z9 K, U% g description To_S5624-A(1/0/24)* D. T) p4 L; [3 C
ip address 172.16.2.9 255.255.255.252
' v$ G2 A! C! |1 ^5 B7 p ospf cost 100
1 B' N6 w; E1 D8 s. q. h" O% H#
6 s a ]* o' S6 }; Y" ]: einterface Ethernet2/0/1& _& i/ j4 j0 o, a( e+ Y
description To_Yinlian) }& z) N( p7 t( P/ U9 c
ip address 145.234.132.154 255.255.255.252
! [# h% Q& g0 T1 v9 W- v#2 ~0 E4 R9 j/ o9 D( u
interface Ethernet2/0/2
; j& M% X4 |. }, K% K3 m1 \2 w3 u, [ description To_S6506R_A(7/0/48)4 y5 g3 f, b8 t5 }/ D
ip address 172.16.2.2 255.255.255.252
( l8 b4 {! ?- D0 b N9 Y" L ospf cost 100 . Y* X$ [8 V8 M% d3 A
#
) e: K# g7 W Minterface Ethernet2/0/3
0 Q i5 t3 [/ z0 V$ e description To-dudubao3 T8 f7 D2 E! }* Z& @8 p/ e# C
ip address 60.12.194.14 255.255.255.2405 l8 T" E# J& A! [4 m9 e
ipsec policy map17 B' O# K1 M% w6 F" o1 D: O
#$ G& E$ k7 C2 D8 p2 s1 `& k
interface Ethernet2/0/4! B( a; o. P9 E/ e/ T* A. E9 s
#
+ |: Q$ ~' W- y! e/ d* Ointerface Ethernet2/0/5
2 E9 J9 Z& O6 |7 x! C+ \, c#
2 T' Y6 {. C! e0 L3 F6 [* E* {" u" rinterface Ethernet2/0/68 k. E( j: Q5 b- y* i$ U2 C: `
#
% g- P* q8 ]9 i5 l, T9 U7 U$ Ginterface Ethernet2/0/7( J7 [' ]7 W; q! U: A
description To_Eudemon300-B_E2/0/7
& g5 V! A" N/ b \( l: O3 ~ ip address 172.16.2.201 255.255.255.248
( c" ~& X4 x8 J) F# u vrrp vrid 1 virtual-ip 172.16.2.203
+ G' h$ M; J- d4 D2 J vrrp vrid 1 priority 150) }+ D+ G. N4 o% x X" ]6 f
vrrp vrid 1 preempt-mode timer delay 60. ]( p+ D! X8 h" a
vrrp vrid 2 virtual-ip 172.16.2.204
9 i% p" t n0 h) i8 D# R## `) v ]' ?9 C, `: [
interface GigabitEthernet1/0/0% l! S! U. P! g0 u2 C
shutdown
' b! {: v: i: M) Y#
/ Q9 J( m5 \+ k- _' l, [) e" Ainterface GigabitEthernet1/0/1
' ~: u4 [ \+ e' s+ s3 _0 a description To_S5624-B(1/0/25)
' E0 { b+ d2 z* V ip address 172.16.2.25 255.255.255.252
6 e7 F, r! d- M i2 E; r ospf cost 500
6 R+ E, N; i7 a) c#
$ K1 r2 G7 m. j# |2 j+ A- n0 A# ]( ~interface NULL0$ K; [' z9 W, L
#
+ _5 E; d1 v6 \% winterface LoopBack0
; }$ w) w3 m* x! o2 o* ?$ B ip address 172.16.1.3 255.255.255.255 W. B1 t' H# W( x* }/ C' U4 N4 _
#
# e' T9 s) G2 ^; vfirewall zone local. `- c$ z- Y' v( `2 m$ J
set priority 100
/ t7 S* N3 W* Y; V6 ~#. `& N5 J4 a! B4 K$ M4 M: V
firewall zone trust) G6 \: Z$ M& n: _+ N
set priority 85
( v# d2 z; }+ C* {, }: m detect ftp6 H- [7 J0 R& l4 Q+ l
add interface Ethernet2/0/2& w5 Y) T. p* A
#
6 F" x, B/ X* ^! A" |5 s5 `% yfirewall zone untrust& _1 }/ w) p; x/ f) t0 M0 p* X
set priority 5; ?" ], f4 [3 S: C2 Z" H4 k
detect ftp 9 Z9 v( K [& ~3 a5 j6 [
add interface GigabitEthernet1/0/1
2 k* ^( m g9 u' r$ i3 j4 {#
2 l2 i" Z$ d( c6 @0 Pfirewall zone dmz) _' D1 k9 r% Q3 _1 J2 E
set priority 50
% r w; J8 g* X$ |1 R add interface Ethernet2/0/04 R! ~9 ]0 N6 `8 b
#
5 f& Q; F$ W/ p* l5 l9 rfirewall zone name hrp9 E! c' B7 `0 c
set priority 40% G3 E) ~1 {0 D) {8 d" x7 m
add interface Ethernet2/0/7
3 |5 B6 r+ O( H; o# |2 M& y#
/ M6 |( q# V" b! X0 X2 Y, U% Ifirewall zone name gprs
2 O% b2 P2 ~! Z [) {# m set priority 4 ^: M6 b0 `/ _4 O j/ J
detect ftp
' Y" R6 g) l: F n g- h add interface Ethernet2/0/1- q4 I( b2 c9 Y3 j% a( f( _
## a2 r9 i* v, W' f
firewall zone name dudubao: u& u# `7 G* L* O9 ?# E
set priority 3
! b8 A6 r2 ?! t1 d! Q) e$ g0 W* | detect ftp6 U, J8 E4 M+ P
add interface Ethernet2/0/3
, O, L1 D" o9 X6 z5 K5 ?3 |#
( w& d3 v& P1 b& M! p% t- ~& ~0 ofirewall interzone local trust
+ o/ ^9 s$ _" }: n0 N: i#; T! @8 o! }" V3 B+ ] v. S
firewall interzone local untrust
0 |8 f$ r# m" t9 M" n8 ^* X$ A#/ B$ O0 O% l! ~2 d2 {- @
firewall interzone local dmz
9 W n$ O" ?" q# _#
" m) x- o9 w- O1 F( N7 G) d" r9 }firewall interzone local hrp
" B7 V+ E# M0 ]#1 F; g/ x5 G% _% K; h- `% g
firewall interzone local gprs
+ q- c# D% k9 O1 X, P/ ]#
$ v7 ^+ G) _, ~; r4 V- ~. p; Sfirewall interzone local dudubao
/ |! C7 R/ y# q. ]7 ^& G## v8 v O7 I% Z
firewall interzone trust untrust" U7 \# S0 Q3 {8 }4 K/ Q
packet-filter 3003 inbound$ m, W6 i! J A
detect ftp
0 {* @# Q" q% J$ i5 Q) f#
* z2 g! T' |- R5 t5 |firewall interzone trust dmz
: y# _- k* p( Z8 Z! }#
% z9 v' ~4 F6 \firewall interzone trust hrp
0 A6 o/ K+ A, X8 j, G$ d2 N#
, V+ P, p% G, `" Q. u/ Xfirewall interzone trust gprs
3 C# u, E) J1 R$ M+ ~ @" y nat outbound 2003 address-group 35 d- ?: y- o! a9 Z: K( v
detect ftp9 L+ W# o4 b: ]; c. ~. Z
#
7 A' |& M, M! c3 W( ?firewall interzone trust dudubao
G4 B9 j5 ~$ |, x- Z" T packet-filter 3005 inbound 9 p3 y2 h2 j: R' O; c$ l, R" K! B f
detect ftp& W) P! I0 l5 i! ?
#
: S+ b. @: m. Dfirewall interzone dmz untrust% Y$ B: L& x, ~
#0 j4 d' p' }* q2 {4 T0 K
firewall interzone hrp untrust- a' d7 _, a3 T
#( ~7 M& v7 i- I; A: z
firewall interzone untrust gprs
4 C3 Z4 Q: U4 [#! a4 O% x. O; U
firewall interzone untrust dudubao7 M! X2 D6 A, B- Y
#6 Y1 d9 u# f/ w2 i- e
firewall interzone dmz hrp
+ ~ {0 j V2 q" g- V ]) m#5 z$ b. j( [5 R+ ^0 f
firewall interzone dmz gprs# F& m, [" j F8 Z+ t" y+ C. F' R
packet-filter 3002 inbound3 |9 x( y0 @- ?" v: {
nat outbound 2002 address-group 56 H. p0 o6 X& L& A0 a5 c
detect ftp
) q5 c2 y0 o+ Y( L0 a#
$ \6 z' L7 x; A' E/ Q; r$ Nfirewall interzone dmz dudubao
, @; B& u" ~6 c! x: R: A: d" p packet-filter 3006 outbound
4 U" G/ ]4 H# c J% a {#: O# [4 d5 o: Z) ]7 u# o
firewall interzone hrp gprs4 R' j' r; B. [" h6 B: ?: A
#( h0 _% c5 g% z( B6 A i* F
firewall interzone hrp dudubao
g& X4 y3 t: ?5 e) q" ?#/ X! Y4 w' i" D7 {
firewall interzone gprs dudubao
/ G9 V+ T2 g& l+ O#: w9 A- h: k7 _: f- b
vrrp group 1) u5 m) C* r" A5 ^: B3 k' j1 x
add interface Ethernet2/0/7 vrrp vrid 1 data
- s( @/ {5 `) p vrrp-group enable& X ^1 N5 N: H& H' j4 U. I8 c$ J
vrrp-group priority 1053 S5 B* ^- A- b2 C
vrrp-group preempt delay 604 x7 ^8 Z. m8 Y: U0 P
undo vrrp-group group-send, H$ B2 c9 v+ D- G3 z# z1 c Q5 f
vrrp group 2
; c" H! d8 d. _9 ^% {! e1 F9 x add interface Ethernet2/0/7 vrrp vrid 2 data5 R) T( w7 Q; `4 O f5 I% g8 I7 w3 @
vrrp-group enable
( E; D# a1 D# [7 q& d undo vrrp-group preempt
- s% A+ H4 P b: j3 X undo vrrp-group group-send3 T7 n0 M9 Q0 t- W4 A) V
#
* R7 F7 o7 k8 q% M* f. Saaa
5 k5 r" k5 Y9 X local-user huawei password cipher 1_`%CO&$8@7"+C5`;6XL!!!
5 N9 {8 {# v* h9 Z$ b local-user huawei service-type terminal telnet ssh) x _* Z3 Z7 E" ~& w; ^8 S
local-user huawei level 1
* n3 @; O2 R& J authentication-scheme default
^( Z' W3 Y* O5 K" e+ T#
+ x$ Q& O% p: V b3 C" F) P0 {1 { authorization-scheme default' A* L8 W M1 V& I
#
# [. P0 `+ X- q5 l' f7 g$ u accounting-scheme default
/ |2 O6 m% ?# Y7 l. u! I, q5 t* x#
& d$ N/ L6 r% Z _1 k/ [2 } [/ f domain default
: K+ B% X4 r0 ]) r6 T+ U# _* I#
- c4 f8 n+ e) e- K% F- T: x# j$ E1 n( a' x7 f% Q
ospf 1
7 b' P U4 f$ O" i$ A; | import-route static
& E, G0 f, R. f& J5 ~ area 0.0.0.0
3 Y5 A8 x5 L- R5 l4 H/ G4 y# F# C network 172.16.1.3 0.0.0.01 f7 K) _ A) v8 e! D
network 172.16.2.0 0.0.0.38 k) U4 G( g# o# H
network 172.16.2.8 0.0.0.36 @6 }, W, p3 {& z$ L! H
network 172.16.2.24 0.0.0.32 q" w6 A+ s, h B' ^9 J; h
#
$ T# P0 F: x8 u; q2 V3 F ip route-static 9.234.21.0 255.255.255.0 145.234.132.153
/ Q1 ?5 {4 u: Y, o/ h8 M ip route-static 10.0.1.0 255.255.255.0 60.12.194.1296 e5 a8 i5 G5 n& d* W7 J, R; O
ip route-static 61.14.10.218 255.255.255.255 60.12.194.129: J: S8 L5 u* a& B7 A4 O2 L
ip route-static 119.57.5.0 255.255.255.0 60.12.194.129
7 O0 T! D9 Y0 _ ip route-static 172.15.10.4 255.255.255.255 172.16.2.16 ^$ S8 ]" J1 r
ip route-static 221.136.75.25 255.255.255.255 60.12.194.129% U7 | g3 d$ L9 W* J; w- {$ h; _
#! k! L0 {1 x' y+ c& E/ q8 \) Q
snmp-agent) W0 v1 {) c3 h+ d' p
snmp-agent local-engineid 000007DB7F00000100001BEE
- t; V- W3 Z" z5 ~' L5 T" D snmp-agent community read nbcardro 0 f) \& |* d7 P& L4 a
snmp-agent sys-info version all
8 X ^" O" Q; d9 x2 P#
* r- R* E8 Q0 b( d/ R, T0 l) H ssh server timeout 301 M2 q$ T, e+ x7 W
ssh server rekey-interval 24
) [5 Q6 {; F2 ~4 ^1 A( r ssh user huawei authentication-type password7 r6 R f' _7 @. a3 G* p
#
/ |3 k- J$ P4 m0 auser-interface con 0
$ ]1 a: v, `: ?- t) V& K authentication-mode aaa
U- d% Q# C7 {4 Z0 i& D7 \5 auser-interface aux 01 V( [1 B# G+ I% a2 F1 o& x
authentication-mode none
" j, }( N. ]8 p8 f) Fuser-interface vty 0 4) N+ v! _; l* h& H6 i
acl 2000 inbound! Y; m7 }$ F6 N8 S1 ^5 `* A6 u
authentication-mode aaa* t0 s0 H3 N$ g, T1 L
idle-timeout 5 0' j- U) h/ t, _$ K& g2 o
#
; J3 A" m; ~! d. j1 r! treturn |
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
[复制链接]
