!Software Version V200R008C00SPC500
#
sysname jiangxianlengkou5720EI
#
vlan batch 2 70 100 190 1000 to 1001 1942 to 1943
#
stp timer forward-delay 700
stp timer max-age 1000
stp instance 0 root primary
stp bpdu-protection
stp tc-protection
#
lldp enable
#
clock timezone Beijing,Chongqing,Hongkon,Urumqi add 08:00:00
#
dhcp enable
#
dhcp snooping enable
#
radius-server template radius
radius-server shared-key cipher %^%#B{dP-3MyDLnj radius-server authentication 10.72.225.35 1812 weight 80 radius-server authorization 10.72.225.35 shared-key cipher %^%#U>z[NCDF[9*krt2w]H,P1Syr;25LZB*;QX~DGTnK%^%# server-group radius # rsa peer-public-key 10.72.225.80 public-key-code begin 308188 028180 DB76AC3A 86D0E776 5E92FA56 C53A6D54 95B7C2F1 A3474456 00BD6D45 825A7B97 30500E42 655323 493F377B 7F675711 FEA107DA 344081 2909A462 59590BFD 4EC8BA39 2A981BF0 9B122A85 2CE300C6 61B0C523 2465D8 DA8FDE7F 6EF28B11 505C9159 86718108 8510EC78 6C2E488D CD7E439D B68A0B1F E228B341 7DB9FC79 0203 010001 public-key-code end peer-public-key end # acl number 3001 description guest2office rule 10 deny ip source 192.168.100.0 0.255.255.255 destination 10.0.0.0 0.255.255.255 rule 11 deny ip source 192.168.100.0 0.255.255.255 destination 172.16.0.0 0.15.255.255 rule 12 deny ip source 192.168.100.0 0.255.255.255 destination 192.168.0.0 0.0.255.255 rule 13 deny ip source 192.168.200.0 0.255.255.255 destination 10.0.0.0 0.255.255.255 rule 14 deny ip source 192.168.200.0 0.255.255.255 destination 172.16.0.0 0.15.255.255 rule 15 deny ip source 192.168.200.0 0.255.255.255 destination 192.168.0.0 0.0.255.255 rule 20 permit ip acl number 3002 description office2guest rule 15 deny ip source 10.0.0.0 0.255.255.255 destination 192.168.0.0 0.0.255.255 rule 20 permit ip # traffic-filter vlan 1942 inbound acl 3001 traffic-filter vlan 190 inbound acl 3002 traffic-filter vlan 1943 inbound acl 3001 # vlan 1 dhcp snooping enable dhcp snooping trusted interface GigabitEthernet0/0/1 vlan 190 dhcp snooping enable vlan 1942 dhcp snooping enable vlan 1943 dhcp snooping enable # ip pool guest gateway-list 192.168.200.1 network 192.168.200.0 mask 255.255.255.0 excluded-ip-address 192.168.200.2 192.168.200.9 excluded-ip-address 192.168.200.201 192.168.200.254 dns-list 114.114.114.114 8.8.8.8 # ip pool otherserver gateway-list 192.168.100.1 network 192.168.100.0 mask 255.255.255.0 excluded-ip-address 192.168.100.2 192.168.100.9 excluded-ip-address 192.168.100.201 192.168.100.254 lease day 30 hour 0 minute 0 dns-list 114.114.114.114 8.8.8.8 # aaa authentication-scheme default authentication-scheme radius authentication-mode radius authorization-scheme default authorization-scheme radius authorization-mode if-authenticated accounting-scheme default domain default domain default_admin l ocal-user admin password irreversible-cipher %^%#yuUV~_|w.*xpE`*"i;\\BQax}10\\G)P4M-\\:3[{\\#T:BL"o]/9BMbIM~d+)n=%^%# local-user admin service-type http local-user tianrun password irreversible-cipher %^%#_X&>,rfXl2nr~VD=k&XAEf:;N}L2z;WkD7)fRy#KJj&xDu>Gn'sWCR/91-_2%^%# local-user tianrun privilege level 15 local-user tianrun service-type telnet ssh http # ntp-service server disable ntp-service ipv6 server disable ntp-service unicast-server 10.1.0.1 # interface Vlanif1 description manage-vlan ip address 10.72.225.65 255.255.255.224 # interface Vlanif2 description to-ser-eth1 ip address 10.72.225.33 255.255.255.224 # interface Vlanif70 description to-ip-phone ip address 10.72.225.17 255.255.255.240 dhcp select interface dhcp server dns-list 114.114.114.114 8.8.8.8 # interface Vlanif190 description to-office ip address 10.72.225.129 255.255.255.192 dhcp select relay dhcp relay server-ip 10.72.225.35 dhcp relay information enable # interface Vlanif1000 description to-ASG ip address 10.72.225.1 255.255.255.240 # interface Vlanif1001 ip address 172.16.100.58 255.255.255.252 # interface Vlanif1942 description guest ip address 192.168.200.1 255.255.255.0 dhcp select global # interface Vlanif1943 description to-others ip address 192.168.100.1 255.255.255.0 dhcp select global # interface MEth0/0/1 ip address 192.168.0.1 255.255.255.0 # interface GigabitEthernet0/0/1 description to-ASG2050 port link-type access port default vlan 1000 # interface GigabitEthernet0/0/2 description to-ser-eth1 port link-type access port default vlan 2 stp edged-port enable dhcp snooping enable dhcp snooping trusted # interface GigabitEthernet0/0/3 description to-AC port link-type trunk port trunk allow-pass vlan 2 to 4094 dhcp snooping enable dhcp snooping trusted # interface GigabitEthernet0/0/4 port link-type access port default vlan 2 stp edged-port enable # interface GigabitEthernet0/0/5 description to-shineiAP port link-type trunk port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/6 description to-shineiAP port link-type trunk port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/7 description to-shineiAP port link-type trunk port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/8 description to-shineiAP port link-type trunk port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/9 description to-shineiAP port link-type trunk port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/10 description to-shineiAP port link-type trunk port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/11 description to-shiwaiAP port link-type trunk port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/12 description to-shiwaiAP port link-type trunk port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/1 3 # interface GigabitEthernet0/0/14 # interface GigabitEthernet0/0/15 description to-office port default vlan 190 stp edged-port enable # interface GigabitEthernet0/0/16 description to-office port default vlan 190 stp edged-port enable # interface GigabitEthernet0/0/17 description to-office port default vlan 190 stp edged-port enable # interface GigabitEthernet0/0/18 description to-office port default vlan 190 stp edged-port enable # interface GigabitEthernet0/0/19 description to-office port default vlan 190 stp edged-port enable # interface GigabitEthernet0/0/20 description to-office port default vlan 190 stp edged-port enable # interface GigabitEthernet0/0/21 description to-office port default vlan 190 stp edged-port enable # interface GigabitEthernet0/0/22 description to-office port default vlan 190 stp edged-port enable # interface GigabitEthernet0/0/23 description to-office port default vlan 190 stp edged-port enable # interface GigabitEthernet0/0/24 description to-office port default vlan 190 stp edged-port enable # interface GigabitEthernet0/0/25 description to-guest port link-type access port default vlan 1942 stp edged-port enable # interface GigabitEthernet0/0/26 description to-guest port link-type access port default vlan 1942 stp edged-port enable # interface GigabitEthernet0/0/27 description to-guest port link-type access port default vlan 1942 stp edged-port enable # interface GigabitEthernet0/0/28 description to-guest port link-type access port default vlan 1942 stp edged-port enable # interface GigabitEthernet0/0/29 description to-guest port link-type access port default vlan 1942 stp edged-port enable # interface GigabitEthernet0/0/30 description to-guest port link-type access port default vlan 1942 stp edged-port enable # interface GigabitEthernet0/0/31 description to-guest port link-type access port default vlan 1942 stp edged-port enable # interface GigabitEthernet0/0/32 description to-guest port link-type access port default vlan 1942 stp edged-port enable # interface GigabitEthernet0/0/33 description to-guest port link-type access port default vlan 1942 stp edged-port enable # interface GigabitEthernet0/0/34 description to-guest port link-type access port default vlan 1942 stp edged-port enable # interface GigabitEthernet0/0/35 description to-guest port link-type access port default vlan 1942 stp edged-port enable # interface GigabitEthernet0/0/36 description to-guest port link-type access port default vlan 1942 stp edged-port enable # interface GigabitEthernet0/0/37 description to-other port link-type access port default vlan 1943 stp edged-port enable # interface GigabitEthernet0/0/38 description to-other port link-type access port default vlan 1943 stp edged-port enable # interface GigabitEthernet0/0/3 9 description to-other port link-type access port default vlan 1943 stp edged-port enable # interface GigabitEthernet0/0/40 description to-other port link-type access port default vlan 1943 stp edged-port enable # interface GigabitEthernet0/0/41 description to-other port link-type access port default vlan 1943 stp edged-port enable # interface GigabitEthernet0/0/42 description to-other port link-type access port default vlan 1943 stp edged-port enable # interface GigabitEthernet0/0/43 description to-other port link-type access port default vlan 1943 stp edged-port enable # interface GigabitEthernet0/0/44 description to-other port link-type access port default vlan 1943 stp edged-port enable # interface GigabitEthernet0/0/45 description to-other port link-type access port default vlan 1943 stp edged-port enable # interface GigabitEthernet0/0/46 description to-other port link-type access port default vlan 1943 stp edged-port enable # interface GigabitEthernet0/0/47 description to-other port link-type access port default vlan 1943 stp edged-port enable # interface GigabitEthernet0/0/48 description to-datacenter port link-type access port default vlan 1001 # interface GigabitEthernet0/0/49 # interface GigabitEthernet0/0/50 # interface GigabitEthernet0/0/51 # interface GigabitEthernet0/0/52 # interface NULL0 # ip route-static 0.0.0.0 0.0.0.0 10.72.225.3 ip route-static 10.0.0.0 255.0.0.0 10.72.225.3 track nqa admin test_FW ip route-static 10.0.0.0 255.0.0.0 172.16.100.57 preference 100 # traffic-filter vlan 1942 inbound acl 3001 traffic-filter vlan 190 inbound acl name office2guest traffic-filter vlan 1943 inbound acl 3001 # snmp-agent snmp-agent local-engineid 800007DB0394DBDA33D4C0 snmp-agent community read cipher %^%#[in7$5@Dr+8GOhA>:|DKq{mrR5fT:PG)6,-iXd:.GCso$%>k"C>iGF$.N[z.VZa{~lbO:E1a.PO-s}~-%^%# snmp-agent sys-info version v2c undo snmp-agent sys-info version v3 snmp-agent target-host trap address udp-domain 10.1.0.50 params securityname cipher %^%#D ssh server rekey-interval 20 stelnet server enable ssh user tianrun ssh user tianrun authentication-type password ssh client first-time enable ssh client 10.72.225.80 assign rsa-key 10.72.225.80 # nqa test-instance admin test_FW test-type icmp destination-address ipv4 10.72.225.3 frequency 10 start now # user-interface con 0 user-interface vty 0 user-interface vty 1 authentication-mode aaa user-interface vty 2 4 user-interface vty 16 20 # return
Copyright © 2019-2025 51dongshi.net 版权所有
违法及侵权请联系:TEL:177 7030 7066 E-MAIL:11247931@qq.com 本站由北京市万商天勤律师事务所王兴未律师提供法律服务
