这是华为的配置:5 W% J, f5 W1 f c: P# S1 _
#& W6 P1 c3 o* k- V3 J5 m/ q
acl number 2000& f7 g8 e4 K9 ~0 h
rule 0 permit source 172.16.14.1 0: K# W2 Q0 ?- w h( ^% B( B
rule 1 permit source 172.16.1.0 0.0.0.2553 _# W) z/ a+ q% e. F D2 k
rule 3 permit source 172.16.2.1 0
, c I6 y4 E8 v rule 4 permit source 172.16.2.13 07 b1 t/ U, _8 X) B
rule 5 permit source 172.16.10.0 0.0.0.255
) X v4 m& ^* N$ {7 d$ R rule 6 permit source 172.16.16.2 0. ^1 S: l1 o& V+ c$ [7 m
rule 7 permit source 172.16.2.2 0# w& p" ]: U3 g+ m/ E1 b, B
rule 8 permit source 172.16.14.50 0
1 o" p1 A7 X( Z Z# U' h1 A8 e3 Z9 H rule 10 deny( M" Z1 T" I. u. A0 m% \& `; p X
acl number 20014 T, f5 P0 V# n& ~2 ~
rule 0 permit source 172.16.12.51 0" \; c* x1 [$ X% `* x& S3 k2 C
rule 5 deny3 v4 L3 C, {6 q; `7 ?# J3 {( r. v3 ~. B
acl number 2002
0 s& X1 O3 z% R! [ rule 0 permit source 172.16.12.61 0
" l1 M: h5 K$ E% m5 E# B9 [ rule 5 deny2 G/ [5 m1 t8 @
acl number 2003
$ s5 S7 Z; }4 Y; }; O G) P7 \7 P rule 0 permit source 172.15.10.4 0! p# t0 u3 K: i* m: k& C' q
rule 5 deny
7 x! f& E8 Y m. V" c#
5 Y: ?- U# p4 j" g) Y. cacl number 3000
3 o. J) q: z$ }, F ~* W+ z description dmz-trust
7 L+ v' T" N8 I: Q9 ? rule 0 permit tcp source 172.16.12.61 0 destination 172.16.10.71 0 destination-port eq 4008- Y* e& s F9 `- X, D
rule 1 permit tcp source 172.16.12.61 0 destination 172.16.10.71 0 destination-port eq 8898" s _& d& V4 b6 J) X
rule 2 permit tcp source 172.16.12.61 0 destination 172.16.10.71 0 destination-port eq 88689 @/ l* T2 Q! m# d4 E1 M
rule 3 permit tcp source 172.16.12.61 0 destination 172.16.10.71 0 destination-port eq 8858
0 o; W7 n' X( V7 Y3 ] rule 4 permit tcp source 172.16.12.61 0 destination 172.16.14.155 0 destination-port eq 4008: U: r" ]" {1 m
rule 5 permit tcp source 172.16.12.61 0 destination 172.16.14.155 0 destination-port eq 88983 C) Q# W! l$ R7 ?. O
rule 6 permit tcp source 172.16.12.61 0 destination 172.16.14.155 0 destination-port eq 8868
7 E( T* z1 D( \; e; s8 L! x- M rule 7 permit tcp source 172.16.12.61 0 destination 172.16.14.155 0 destination-port eq 8858! `' |' X* I1 `0 @
rule 8 permit tcp source 172.16.12.51 0 destination 172.16.10.71 0 destination-port eq 4003
: z0 F9 k2 S: x @5 ?7 @! E1 M rule 9 permit tcp source 172.16.12.61 0 destination 172.16.10.71 0 destination-port eq ftp
1 ]( S* A! A; A" U \; [: D rule 10 permit tcp source 172.16.12.61 0 destination 172.16.10.51 0 destination-port eq ftp
$ n8 `4 r7 I3 l& ^ ^ rule 11 permit tcp source 172.16.12.61 0 destination 172.16.14.155 0 destination-port eq ftp- E F$ i- ~; g$ L, \
rule 12 permit tcp source 172.16.12.51 0 destination 172.16.14.155 0 destination-port eq ftp( B+ O2 T7 O) I7 L6 a/ F7 p2 A
rule 13 permit tcp source 172.16.12.51 0 destination 172.16.10.71 0 destination-port eq ftp# W; v7 y+ t2 E
rule 14 permit tcp source 172.16.12.51 0 destination 172.16.10.51 0 destination-port eq ftp8 f, _! Q+ F2 {& l
rule 15 permit tcp source 172.16.12.51 0 destination 172.16.14.155 0 destination-port eq 40033 A" f* i' y6 h2 C5 ^5 ` B
rule 16 permit ospf8 K7 t, t& j# l4 _$ s F
rule 17 permit tcp source 172.16.12.51 0 destination 172.16.10.101 0 destination-port eq 8# `6 ~" ^% l# d4 j' J6 w4 Q; d
rule 18 deny tcp" Y4 v+ E% E1 E0 z% }7 k! [1 G
acl number 30018 D( G \9 E0 z& f1 f8 a. p. r
description For Untrust-dmz+ \6 C/ E! o D7 s! q# R+ |
rule 0 permit tcp source 172.16.20.0 0.0.0.255 destination 172.16.12.51 0 destination-port eq 5000: |1 ^* y- u* J/ Z$ K
rule 5 permit icmp/ m5 h5 H/ N% p/ v+ N
rule 10 permit ospf
+ f! X: y: c P+ N3 Z, @7 O rule 15 deny tcp source 172.16.20.0 0.0.0.2554 }: X7 R8 v/ v9 Z/ v& X
acl number 3002 k0 y' V: L2 L, `# y
description To_Yinlian
: ^. d# s, \$ }# y/ f8 d% q( H rule 0 permit ip source 9.234.21.63 0 destination 144.234.97.33 0
1 J# v- n* O' [& q rule 5 permit ip source 9.234.21.64 0 destination 144.234.97.33 03 g. e3 {! F. l! A
rule 10 permit ip source 9.234.21.66 0 destination 144.234.97.33 0
5 u& w. _! _+ R rule 15 deny ip
r2 y, v% `( M/ q- ?* racl number 3003& c- N/ J+ | j
description for Untrust-Trust- g a1 Z$ y5 K8 m8 D3 G( N: R
rule 0 permit ip source 10.78.72.70 0 destination 172.15.10.4 0
7 Q" g4 a% ?: V3 a( T4 k rule 1 permit ip source 172.16.2.26 0 destination 172.16.10.111 0
7 c6 u8 t* Q* G0 T rule 2 permit ip source 172.16.2.26 0 destination 172.16.14.1 0& S' k/ k+ Y4 }/ ?
rule 3 permit ip source 10.78.72.153 0 destination 172.15.10.4 05 C* E9 x6 g# G% F+ |5 V
rule 4 permit ip source 10.78.72.157 0 destination 172.15.10.4 0/ d5 C, I* A# U0 w3 U) k" Q
rule 5 permit ip source 192.168.100.43 0 destination 172.15.10.4 05 ^5 ^. _2 {6 M
rule 6 permit ip source 10.16.2.7 0 destination 172.15.10.4 0! M4 N2 ^6 L& E
rule 7 permit ip source 10.16.2.5 0 destination 172.15.10.4 0
" L! q m' Z9 K1 {2 ^8 b8 c rule 8 permit ip source 10.16.2.6 0 destination 172.15.10.4 0/ z7 D# v: h2 h1 \8 \5 j
rule 9 permit ip source 10.16.2.8 0 destination 172.15.10.4 07 o$ p3 B1 s. i7 U
rule 11 permit ip source 10.139.25.26 0 destination 172.15.10.4 0
8 K, N3 f- i1 B9 z y2 Y$ G rule 13 permit ip source 10.143.10.183 0 destination 172.15.10.4 0$ u6 z/ ?% `( l+ O$ Q- I% v9 K
rule 50 deny ip
2 J/ P0 t# a6 n8 O) \. m. Eacl number 3004 # a j- o% U7 Y* p
rule 0 permit ip source 172.16.1.7 0 destination 172.16.10.111 0
! W# x% p4 c: ]3 P; gacl number 30054 T7 V& |$ m, q. n, v7 j
description TO_dudubao
4 L% I( w$ c- z$ ~( D9 ?5 ` rule 0 permit tcp destination 172.15.10.4 0 destination-port eq 6868
( X& A) R: E) \9 o. w rule 1 permit tcp destination 172.15.10.4 0 destination-port eq ftp-data
1 N9 O2 K1 D$ T rule 2 permit tcp destination 172.15.10.4 0 destination-port eq ftp7 n Y% W+ H3 G3 i! L6 q
acl number 3006
0 K& ]! s5 Y9 a- [ rule 0 permit ip source 172.16.12.0 0.0.0.255 destination 10.0.1.0 0.0.0.255
4 a0 T+ M1 r: \$ [acl number 3007
. ^) @- {9 z( ^; _1 G% m; T& d rule 0 deny ip source 172.16.12.0 0.0.0.255 destination 10.0.1.0 0.0.0.255
% J, u6 W1 A9 q rule 1 permit ip source 172.16.12.0 0.0.0.255
6 |8 E* ~; E+ p$ M/ ^. p9 E, C" O#
7 q3 x* {, h5 }0 _2 z sysname NB_Eudemon300-A
& t4 Z. f; y) o* \#0 _% o' \; {: g$ x
super password level 3 cipher '._1D9P1YCQ=^Q`MAF4<1!!: @# u1 u% j- a" G' R, ~/ r0 s
#) ^1 g+ M/ q0 }* t& C
info-center loghost 172.16.10.1925 x1 ?2 k" p) [- N* w
info-center loghost 172.16.10.111
1 q4 M8 T+ l9 \- p# M* v7 E#
& W: y2 `' C6 V hrp enable
1 ^4 x0 m7 M7 P% E1 m+ e$ N hrp interface Ethernet2/0/7, n4 `5 k) P; O' i
#
9 p& D5 |9 e/ d* b: @2 v; ~" R router id 172.16.1.3 # d. b @4 j' a" J, m
#/ A6 ?( A0 O& @9 {
firewall packet-filter default permit interzone local trust direction inbound
& j, `, G1 r0 a3 ]' Q firewall packet-filter default permit interzone local trust direction outbound
2 ^% Z0 _# L3 Q9 O8 X( c' a firewall packet-filter default permit interzone local untrust direction inbound9 z# K) A3 {/ p( Q, W
firewall packet-filter default permit interzone local untrust direction outbound7 \8 y- m4 F( c( Z5 S& W2 d
firewall packet-filter default permit interzone local dmz direction inbound4 r( @2 R! F4 x- @. C: T
firewall packet-filter default permit interzone local dmz direction outbound, s+ j7 S: I" t" q
firewall packet-filter default permit interzone local hrp direction inbound
5 D/ f0 A9 E3 k, p firewall packet-filter default permit interzone local hrp direction outbound
1 q# b7 U" g) t5 X' o% t firewall packet-filter default permit interzone local gprs direction inbound
& X% R# _/ _* [8 _" X firewall packet-filter default permit interzone local gprs direction outbound9 i0 G$ y5 [. }2 _! ~
firewall packet-filter default permit interzone local dudubao direction inbound P. P6 J L o& n5 W2 Z
firewall packet-filter default permit interzone local dudubao direction outbound% n' w$ V8 D5 M! Z) D' _; [1 p
firewall packet-filter default permit interzone trust untrust direction outbound
+ R, q+ X+ I* h6 F! _7 \ firewall packet-filter default permit interzone trust dmz direction inbound
/ X8 B. q4 b Y! w: { a, \: ? firewall packet-filter default permit interzone trust dmz direction outbound
7 p2 I" y( y. y* Z# ^8 v- A5 Y firewall packet-filter default permit interzone trust gprs direction inbound
7 \2 T8 M! Z4 ? ^ firewall packet-filter default permit interzone trust gprs direction outbound
$ ^7 P( |, G; J+ i% H) U% { firewall packet-filter default permit interzone trust dudubao direction inbound
7 t) ?. q( ?* d' K- r5 }- O firewall packet-filter default permit interzone trust dudubao direction outbound
; t; M' W+ w- R; |5 G8 s firewall packet-filter default permit interzone dmz untrust direction inbound+ l# f5 h. W3 \6 u
firewall packet-filter default permit interzone dmz untrust direction outbound, x1 ^; X+ v0 ], l
firewall packet-filter default permit interzone dmz gprs direction inbound- Z+ K! c! _3 e! F5 e
firewall packet-filter default permit interzone dmz gprs direction outbound
& ^$ Q; \& s6 k. Q firewall packet-filter default permit interzone dmz dudubao direction inbound9 H6 A7 c6 y. m: N) o( g
firewall packet-filter default permit interzone dmz dudubao direction outbound
/ J0 c' r+ O {, c+ S#
/ R) x9 e, H/ G: _9 G nat address-group 3 145.234.97.33 145.234.97.33
% ?2 {5 d! c' f nat address-group 5 144.234.97.33 144.234.97.33
% x2 P& I/ z5 e+ |+ s6 v nat server zone gprs global 144.234.97.33 inside 172.16.12.61
1 p- Q* [& `: L; X* ?/ ]" Z, d#
2 K( [( \9 O6 W- d: e6 S- j bypass switch-back auto
s+ I" `9 s2 c" R! ?7 a#
3 T. p N2 r2 h1 p& q, z, R5 O8 }6 _5 x firewall mode route3 V+ S* i5 I5 H. p$ x$ g' C/ a9 \% y
#8 E$ g) O; W r# f* `
firewall defend ip-spoofing enable, L& A0 I% i3 R; P; ]3 Z1 t
firewall defend land enable8 M0 x' r4 u6 }% l; M
firewall defend smurf enable/ P+ ^3 T7 Y$ V7 Y! F b/ e9 B% M
firewall defend fraggle enable
3 P3 j$ z( ?; l9 t: J firewall defend winnuke enable
/ t) q! |# I/ B/ ] firewall defend syn-flood enable
3 V1 y7 E; l+ A' `8 p7 E- D firewall defend udp-flood enable
- }: Y, W' E1 b0 x# B& f firewall defend icmp-redirect enable
~% _5 P9 ^ C/ D. X9 n- V. `3 x firewall defend icmp-unreachable enable4 `1 h: z- G( ?( H& c4 V; b
firewall defend ip-sweep enable
% [) b8 I8 v8 N% @ firewall defend port-scan enable2 y$ C2 T0 `/ ]
firewall defend route-record enable
! [/ c, {7 E3 @# ~ firewall defend ping-of-death enable
7 p! ]' J& o3 d' H firewall defend teardrop enable/ g* e8 ~! D" w% Z$ Z
firewall defend tcp-flag enable
. k. M5 \) f: c! Q$ a4 D: C firewall defend large-icmp enable$ M: J3 V: _0 r- J3 S, b" E
#
: C# a8 p" ~$ c% n6 D: } firewall statistic system enable
. X( C9 F4 P6 v, L$ v& i9 J#
3 }+ n' q' S9 y" K* _ike proposal 13 D7 _& [$ N& n5 C- J
#
$ C4 @3 s# w2 Xike peer a
+ M4 b* ]3 n2 I4 f( Y pre-shared-key cnnbtk
/ H) N' s0 w# F+ Q1 e6 x3 F) k ike-proposal 11 g( t, f: \5 c/ r: r- ~
remote-address 119.57.5.5
8 g4 L. z$ T5 [( }9 G#* E( ?5 C3 U; c1 S/ f8 w4 R) c/ W
ipsec proposal tran18 [9 c4 u3 X+ i
#1 @0 i+ w2 t5 H3 r* `
ipsec policy map1 1 isakmp' N# q- j; j/ p5 p" x
security acl 30060 a# B* B: I/ _1 d; ~
pfs dh-group2
+ t4 V# F4 M, G; E; Q* x6 h6 [) P" T ike-peer a
- y, w) l# D5 W- |' J7 R4 ] proposal tran1 3 {1 {" b$ e+ {9 a0 q
local-address 60.12.194.14
2 m3 b! A) D% |#7 ?$ E: d/ b: a/ W: W
interface Aux0
5 ?' N1 b$ P" ] async mode flow) l" E% I/ S1 t) K% |4 l) o7 N
link-protocol ppp
! i( F* t) n6 Y! }7 f# b3 Z#& l. O7 @4 ^ X
interface Ethernet0/0/0% b7 V. }; k4 _3 f
#- A6 r" p" b* Y/ f
interface Ethernet0/0/11 ?7 H4 h5 h1 O. z
#" z- y4 j5 }: l
interface Ethernet2/0/0
$ S+ ?! l3 P6 }" F: S5 k5 E description To_S5624-A(1/0/24)
( k5 A4 ^ ?7 a$ C* G. w: j) f ip address 172.16.2.9 255.255.255.252
& o) W6 e6 g) }* { ospf cost 100+ `+ g: w- C/ e( Q/ y
#. H& f) e7 \5 L& w1 ]
interface Ethernet2/0/12 i, d& D) S/ h3 V# e8 z
description To_Yinlian
' e4 ]0 J, B; c ip address 145.234.132.154 255.255.255.252, c5 P+ m+ b+ N& G( E* |6 p
#
& \- |& a( h T T8 ninterface Ethernet2/0/2- v9 {# Q+ }# I; a- K0 V& q/ y
description To_S6506R_A(7/0/48); h8 B* c& h& V$ B1 M" m; d! ]$ t
ip address 172.16.2.2 255.255.255.252
% R, _9 o" S* C' b- e8 T ospf cost 100
1 K% C# R$ G) _& M, I; z#2 s% \, d' ^# h/ t7 m' }. l6 P
interface Ethernet2/0/3. b3 ]/ s W! z5 Q8 M$ ]" m
description To-dudubao
0 M: X# S# P+ `( u ip address 60.12.194.14 255.255.255.2408 V6 E& H! C. M6 N
ipsec policy map1% T' L+ s6 r9 L* @( a- m
#
3 N9 p* P: o x$ }. Q( ~7 jinterface Ethernet2/0/49 I( w9 K6 _7 ~) h8 h Q. c
#
0 j- L5 ]3 v" X6 l; |interface Ethernet2/0/5
$ c+ h0 e% h9 G8 U3 F2 E#* e( ~6 [6 A; b) Q! u
interface Ethernet2/0/6
1 D' |, c* b7 N) d) P#+ k- H, P* i, ~- c$ a/ I
interface Ethernet2/0/7
, D Q% V! |( U/ K' W4 @" t- U description To_Eudemon300-B_E2/0/7
4 I- G5 ~ O; F2 r ip address 172.16.2.201 255.255.255.248
) j8 \+ R' R7 `2 |# H3 B vrrp vrid 1 virtual-ip 172.16.2.203
* E0 W( f( u7 d! j vrrp vrid 1 priority 150
, V8 ?8 a/ W# N' c vrrp vrid 1 preempt-mode timer delay 60
+ o; x) `' f% Q: [ vrrp vrid 2 virtual-ip 172.16.2.204
- T1 S! Z; T( \" @. A#
- R3 N( ]8 X( K6 R6 n! F/ Sinterface GigabitEthernet1/0/01 z2 G: z# Z- L" `1 i0 w
shutdown & \" K' I, `# @1 e4 ?8 W
## _+ q! |7 k0 h9 z0 g! n6 N
interface GigabitEthernet1/0/1& A. u# S0 ~; _5 m9 O
description To_S5624-B(1/0/25)$ i- Y, W" v; J. N5 H3 z' m% U0 D
ip address 172.16.2.25 255.255.255.252
! `2 A T- \# x* W2 ^/ ] ospf cost 500
) N' @/ P& a/ Z |% L#
- A" s5 a: [3 ]2 [+ _4 Dinterface NULL0, y4 D+ l) N) @7 R; k8 n
#
3 i0 C" V- o! x8 X# rinterface LoopBack0- ~3 G& U& Y8 ` \
ip address 172.16.1.3 255.255.255.255
! N/ G3 n* I$ S; Z1 ]" C# Q6 S# \0 a( I
firewall zone local
5 B& c& d. }9 j6 K set priority 100
6 W# Q2 U) @4 d) T% o. U# u% p2 `#
/ c! T- B. c6 m" N- {firewall zone trust+ F# a6 N3 ]# ^4 V- M8 M9 R
set priority 85( Z8 q7 g$ S, H5 V& e" y+ k& U* p
detect ftp
2 I1 L5 [4 p$ u3 Y add interface Ethernet2/0/2
3 I s) [. f, [) F, c#
2 E' ^/ T1 m7 }9 u5 Y4 ?/ U% ]" B& x# t: Kfirewall zone untrust
9 n4 D: T8 ^4 l* t set priority 5
" Z+ k- @* }. [$ Z5 W! ] detect ftp
: k, n* S* O) d6 E# N: N* i- @ add interface GigabitEthernet1/0/16 x8 A& y( ]8 T$ s+ U7 _ A- C# V
#% l7 A/ x5 S, A9 u) y3 O4 i, j
firewall zone dmz
! Z3 ?( _8 ?& t) j set priority 50+ V' ^2 r& P2 V* V5 [) T) T5 N
add interface Ethernet2/0/0' u6 |( y* L8 T- z/ ~- Q
#
( h `$ }/ \$ @2 C0 d+ a3 L- Nfirewall zone name hrp1 }0 J4 y* _+ S9 C2 }+ [
set priority 40
4 J2 i8 z! y5 x! g$ d" M1 _ add interface Ethernet2/0/76 {4 Y4 z% ~+ S+ i. ]
#
7 a5 n2 C8 Z5 J) a% R" e! [- Wfirewall zone name gprs& ~4 Q- ^% c9 q- U: Q9 t
set priority 4
J% u* I4 n0 a3 m$ ?$ l detect ftp
. q2 S4 n5 E/ I' L {9 I add interface Ethernet2/0/1" L; I1 w/ A! X. M2 t0 p
#9 O; N8 b$ c0 O, W/ n( d4 `
firewall zone name dudubao
" ~# f9 a9 C M' H, W. x2 ]+ D6 @8 h: r# W set priority 3
+ T& j& f6 B3 @, w4 P detect ftp
5 r) x+ K) l7 [ x add interface Ethernet2/0/3: _2 n9 d( O3 |
#* i5 t& I% [; m' x" @# \2 O" a
firewall interzone local trust
0 O3 f# e) i& B; D#
0 @9 V4 X6 Y8 w" ]7 ofirewall interzone local untrust ; ?/ P h, J) Z7 l
#
- o+ ^- u4 m0 mfirewall interzone local dmz
. n4 c |. k3 P, Y8 V#
8 i* [6 [) x4 d- ufirewall interzone local hrp
% m& F# O9 Z7 {7 v0 G9 @#
3 @! p6 m2 |( [( V7 wfirewall interzone local gprs( g/ A+ P+ c' g
#
0 e4 J; U+ w5 I' U: B; N$ Cfirewall interzone local dudubao
( v0 A. q% A# T! w5 l5 Q#
7 Z3 g/ Z8 O; K" ~! _( E% Tfirewall interzone trust untrust7 S: T M" @# b) B% `- S) Y+ h
packet-filter 3003 inbound$ ~: @, v& B, ~( t1 i
detect ftp( [& n6 o% R* R
#" g% Y; {! {: H( y5 o4 B1 g1 r' a
firewall interzone trust dmz7 X, S& t/ h, w6 O9 a. |
#
8 B! w. h! S5 z0 Efirewall interzone trust hrp7 _# f. b3 \+ N9 o
#
9 q* K; I- m( ?% {, J) k; T* k. n+ ufirewall interzone trust gprs
# y/ f0 }8 S) z8 ^* _7 `) j: y) l nat outbound 2003 address-group 3
. c8 P; T1 V% J5 s' v* x( ` detect ftp
, n7 ~1 _$ {- ~) B* j+ E5 V: y#
* y, R+ C: d* Q/ F: @3 Efirewall interzone trust dudubao8 i* H; u1 a v3 ]" U6 x) _* T
packet-filter 3005 inbound ( ^" x5 B& p6 k9 p" w
detect ftp: h% S* l7 Q! Y4 B
#
9 U# V; j3 b* A# ^. W: Dfirewall interzone dmz untrust% c0 V' D- p- B9 m/ }" T- j! X' @ ` N
#
% c$ u* E2 B6 n; |9 ]* Z: X. w- Afirewall interzone hrp untrust! O* j9 j- W+ U! N, Y. c( i3 H
#
' m+ n3 [# \1 Q) M: ^$ }firewall interzone untrust gprs- d, c) z6 G8 Y) ?- W
#
. m% K& e! g1 V3 ^firewall interzone untrust dudubao
& [9 H" A' V6 u7 N/ Z# E* S#. V- m! h9 s% C3 H# P
firewall interzone dmz hrp j2 W W/ L1 G* k* ~. ^
#& S9 `0 y/ {% p' h3 F! b
firewall interzone dmz gprs
- w! b+ s3 Y$ w/ z" ?. c packet-filter 3002 inbound
$ G Y3 I. m: ?( z) M nat outbound 2002 address-group 5
& A& A, G2 M/ d2 S6 {4 H detect ftp
# z! t# n0 U* |# Z: e/ i+ t2 T5 f0 V$ U% X
firewall interzone dmz dudubao
) g' X: S2 {5 q" E; T( ` packet-filter 3006 outbound4 D' n7 r$ h! P0 y) ~8 G
# J& b9 P/ S( D' W
firewall interzone hrp gprs
9 `+ q; J3 H1 |. u* M+ p! Z#0 |8 [% J& M c& U! E
firewall interzone hrp dudubao
4 [/ d/ U( m) i#
$ G/ N' T a- C- ?firewall interzone gprs dudubao G% x2 O" c/ g6 `) t
#( f- M( h1 x8 T/ f, A7 R# B
vrrp group 1; {+ _- l- l! Q0 B% j
add interface Ethernet2/0/7 vrrp vrid 1 data7 V2 A7 L! Q% V0 j0 K1 H3 e$ }
vrrp-group enable. s2 r" j2 O+ O3 P2 F2 T
vrrp-group priority 1052 J- f6 C# i1 l( ~6 x
vrrp-group preempt delay 601 A6 F. l6 ]) w+ Z& J- w
undo vrrp-group group-send
i0 V' U! ^2 c* C, ovrrp group 2( W P- M. p$ D% }
add interface Ethernet2/0/7 vrrp vrid 2 data& i% \3 d9 [! t6 |9 ?
vrrp-group enable; E/ Y5 n' A) `' v
undo vrrp-group preempt
3 t" A3 U5 D; u' X! T# } undo vrrp-group group-send* F L$ n+ I- P7 p$ @) Q
#! F( u1 ^3 M% ?) ^* q# \
aaa
) _4 U. n: m2 c& x% v, {* f+ @ local-user huawei password cipher 1_`%CO&$8@7"+C5`;6XL!!!3 X8 v2 e1 L( w! g
local-user huawei service-type terminal telnet ssh8 G$ b) k. |6 k$ T H
local-user huawei level 1+ h/ m' s p/ ^; W
authentication-scheme default
8 N+ c }2 \& u' i/ A. S) {8 P1 u( G#
6 \& ^9 J4 b3 }8 M& l authorization-scheme default5 m$ {# S i7 M1 D2 ]( B5 t& q
#
' {& e: \; v% T& A# O, H4 i7 t6 t; t accounting-scheme default
" \2 C3 D* C% e#
2 U3 k1 v" n# l I domain default5 l8 i) N, m F3 l
#
4 B: f, N6 j/ C# d* j( \) M#% N& S" y( Z6 l& D3 S( w
ospf 19 r; P3 Y$ m" O! F1 S& m6 O
import-route static
7 V+ B" U6 f/ s6 ] |* w6 |" [ area 0.0.0.0
& b0 g1 ^8 {; o! I9 W9 J% B network 172.16.1.3 0.0.0.0
6 ? h5 v o- ~ network 172.16.2.0 0.0.0.3
' @. M8 q) t9 Z# X8 H network 172.16.2.8 0.0.0.3
+ ]4 D. B: n0 k9 } @ network 172.16.2.24 0.0.0.3' `6 Q( k2 R' \' K6 n6 H
#
$ m7 D# m6 o; L) y! h4 j0 J ip route-static 9.234.21.0 255.255.255.0 145.234.132.153, H5 C) r V. P" v
ip route-static 10.0.1.0 255.255.255.0 60.12.194.129% n7 f: b& V, Z: T
ip route-static 61.14.10.218 255.255.255.255 60.12.194.129 b- k# d" V+ Z( S0 s% [7 C
ip route-static 119.57.5.0 255.255.255.0 60.12.194.1294 U0 R# i$ V/ d9 k8 F! f; A
ip route-static 172.15.10.4 255.255.255.255 172.16.2.18 w; b! t1 S. X8 [! g+ r
ip route-static 221.136.75.25 255.255.255.255 60.12.194.129
, I D# B$ }9 h, I#$ Z. E$ [2 Y3 F" Q' @) ^& a
snmp-agent
' @. I9 S% I) ?+ g( c& @/ W- `1 H snmp-agent local-engineid 000007DB7F00000100001BEE" O5 n, [3 R, ?! K% I
snmp-agent community read nbcardro P; `6 g1 W% @9 G1 }
snmp-agent sys-info version all" ?1 a* W5 v, n& u0 Y/ W' a- v7 @
#* _7 }+ E; T- ]$ |
ssh server timeout 30
' t& b) c- f8 g+ A0 ` ssh server rekey-interval 24
, [2 i- k3 E1 c ssh user huawei authentication-type password
- ]" j4 {' F2 u$ V( u#" k. t# A- z* u7 u3 T3 i
user-interface con 0
+ ~! G, J8 l4 Q0 H% d authentication-mode aaa
) \9 K6 k6 e, ^7 ^3 i! E! Juser-interface aux 0* s& g; ~$ p+ l( n7 `5 Q) e
authentication-mode none
& t5 H7 b( o- N6 luser-interface vty 0 42 \# f$ T& W( ?( Z2 y/ @* z4 ?
acl 2000 inbound
# Y& Z7 [4 c4 p1 C9 N authentication-mode aaa
: u+ n! ~/ @3 {6 S9 ^9 \8 X: A idle-timeout 5 0* O7 K6 x, |+ J4 q3 ^
#
* `1 i5 T0 N$ Y+ O3 N6 z+ oreturn |
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
[复制链接]
