|
|
R1的配置
-----------------------------------------------------------------------------
sysname RT1
#
super password level 3 simple h3c
#
domain default enable system
#
telnet server enable
#
acl number 2000
rule 0 permit source 192.168.200.0 0.0.0.255
acl number 2030
rule 0 permit source 192.168.200.1 0
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
group-attribute allow-guest
#
local-user rt1
password simple rt1
authorization-attribute level 2
service-type telnet
local-user useradmin
authorization-attribute level 2
#
wlan rrm
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11g mandatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54
#
attack-defense policy 1
#
bgp 65000
undo synchronization
peer 172.16.1.2 as-number 65001
peer 2.2.2.2 as-number 65000
peer 6.6.6.6 as-number 65000
peer 7.7.7.7 as-number 65000
peer 172.16.1.2 route-policy fk export
peer 172.16.1.2 route-policy fa import
peer 2.2.2.2 next-hop-local
peer 2.2.2.2 connect-interface LoopBack0
peer 6.6.6.6 next-hop-local
peer 6.6.6.6 connect-interface LoopBack0
peer 7.7.7.7 next-hop-local
peer 7.7.7.7 connect-interface LoopBack0
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 172.16.0.2 0.0.0.0
network 172.16.0.9 0.0.0.0
network 1.1.1.1 0.0.0.0
#
route-policy fa permit node 10
if-match acl 2000
apply as-path 400 600
route-policy fa permit node 20
route-policy fk permit node 10
if-match as-path 1
#
ip as-path 1 permit ^$
#
snmp-agent
snmp-agent local-engineid 800063A203000FE2D06060
snmp-agent community read h3c-read
snmp-agent sys-info version v2c v3
snmp-agent target-host trap address udp-domain 192.168.200.1 params securityname h3c-read
undo snmp-agent trap enable voice dial
snmp-agent trap source LoopBack0
#
load xml-configuration
#
load tr069-configuration
#
user-interface tty 12
user-interface aux 0
user-interface vty 0 4
acl 2030 inbound
authentication-mode scheme
idle-timeout 0 0
protocol inbound telnet
#
return
R2的配置
--------------------------------------------------------------------------
sysname RT2
#
super password level 3 simple h3c
#
domain default enable system
#
telnet server enable
#
acl number 2000
rule 0 permit source 192.168.100.0 0.0.0.255
acl number 2030
rule 0 permit source 192.168.200.1 0
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
ike proposal 1
#
ike peer rt4
pre-shared-key simple h3c
remote-address 172.16.1.6
#
ipsec proposal 1
#
ipsec policy-template huawei 1
ike-peer rt4
proposal 1
#
ipsec policy h3c 1 isakmp template huawei
#
user-group system
group-attribute allow-guest
#
local-user rt2
password simple rt2
authorization-attribute level 2
service-type telnet
local-user useradmin
authorization-attribute level 2
#
wlan rrm
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11g mandatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54
#
attack-defense policy 1
#
bgp 65000
undo synchronization
peer 1.1.1.1 as-number 65000
peer 172.16.1.6 as-number 65001
peer 6.6.6.6 as-number 65000
peer 7.7.7.7 as-number 65000
peer 1.1.1.1 next-hop-local
peer 1.1.1.1 connect-interface LoopBack0
peer 172.16.1.6 route-policy fk export
peer 172.16.1.6 route-policy fa import
peer 6.6.6.6 next-hop-local
peer 6.6.6.6 connect-interface LoopBack0
peer 7.7.7.7 next-hop-local
peer 7.7.7.7 connect-interface LoopBack0
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 172.16.0.6 0.0.0.0
network 172.16.0.10 0.0.0.0
#
route-policy fa permit node 10
if-match acl 2000
apply as-path 400 600
route-policy fa permit node 20
route-policy fk permit node 10
if-match as-path 1
#
ip as-path 1 permit ^$
#
ip route-static 0.0.0.0 0.0.0.0 100.0.0.2
#
snmp-agent
snmp-agent local-engineid 800063A203000FE2E62FC0
snmp-agent community read h3c-read
snmp-agent sys-info version v2c v3
snmp-agent target-host trap address udp-domain 192.168.200.1 params securityname h3c-read
undo snmp-agent trap enable voice dial
snmp-agent trap source LoopBack0
#
load xml-configuration
#
load tr069-configuration
#
user-interface tty 12
user-interface aux 0
user-interface vty 0 4
acl 2030 inbound
authentication-mode scheme
idle-timeout 0 0
protocol inbound telnet
#
return
R3的配置
--------------------------------------------------------------------
sysname RT3
#
super password level 3 simple 123
#
domain default enable system
#
ip ttl-expires enable
ip unreachables enable
#
dar p2p signature-file flash:/p2p_default.mtd
#
port-security enable
#
acl number 2000
rule 0 permit source 192.168.20.0 0.0.0.255
acl number 2008
rule 0 deny source 0.0.0.0 0
rule 5 permit
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
authorization-attribute level 3
service-type telnet
#
wlan rrm
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11g mandatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54
#
cwmp
undo cwmp enable
#
bgp 65001
undo synchronization
peer 4.4.4.4 as-number 65001
peer 172.16.1.1 as-number 65000
peer 5.5.5.5 as-number 65001
peer 4.4.4.4 next-hop-local
peer 4.4.4.4 connect-interface LoopBack0
peer 172.16.1.1 filter-policy 2008 export
peer 172.16.1.1 route-policy fa import
peer 5.5.5.5 next-hop-local
peer 5.5.5.5 connect-interface LoopBack0
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 172.16.2.1 0.0.0.0
network 172.16.2.5 0.0.0.0
#
route-policy fa permit node 10
if-match acl 2000
apply as-path 400 600
route-policy fa permit node 20
#
#
voice-setup
#
sip
#
sip-server
#
call-rule-set
#
call-route
#
dial-program
default entity fax protocol standard-t38
default entity fax protocol standard-t38 hb-redundancy 0
default entity fax protocol standard-t38 lb-redundancy 0
#
aaa-client
#
gk-client
#
load xml-configuration
#
load tr069-configuration
#
user-interface tty 12
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
R4的配置
------------------------------------------------------------------------
sysname RT4
#
ipsec cpu-backup enable
#
undo cryptoengine enable
#
domain default enable system
#
acl number 2000
rule 0 permit source 192.168.10.0 0.0.0.255
acl number 2030
rule 0 permit source 192.168.200.0 0.0.0.255
#
acl number 3000
rule 0 permit ip source 192.168.200.0 0.0.0.255 destination 192.168.20.0 0.0.0.255
acl number 3030
rule 0 permit ip source 192.168.20.0 0.0.0.255 destination 192.168.200.0 0.0.0.255
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
ike proposal 1
#
ike peer rt2
pre-shared-key simple h3c
remote-address 172.16.1.5
#
ipsec proposal 1
#
ipsec policy h3c 1 isakmp
security acl 3000
ike-peer rt2
proposal 1
#
traffic classifier oa operator and
if-match acl 3030
#
traffic behavior oa
queue af bandwidth pct 50
#
qos policy h3c
classifier oa behavior oa
#
local-user rt4
password simple h3c
service-type ppp
#
bgp 65001
undo synchronization
peer 5.5.5.5 as-number 65001
peer 172.16.1.5 as-number 65000
peer 3.3.3.3 as-number 65001
peer 5.5.5.5 next-hop-local
peer 5.5.5.5 default-route-advertise
peer 5.5.5.5 connect-interface LoopBack0
peer 172.16.1.5 route-policy fa import
peer 3.3.3.3 next-hop-local
peer 3.3.3.3 default-route-advertise
peer 3.3.3.3 connect-interface LoopBack0
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 172.16.2.2 0.0.0.0
network 172.16.2.9 0.0.0.0
#
route-policy fa permit node 10
if-match acl 2000
apply as-path 400 600
route-policy fa permit node 20
#
ip route-static 0.0.0.0 0.0.0.0 200.0.0.2
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
#
return
R5的配置
-------------------------------------------------------------------
sysname RT5
#
ipsec cpu-backup enable
#
undo cryptoengine enable
#
domain default enable system
#
acl number 2000
rule 0 permit source 192.168.20.0 0.0.0.255
acl number 2001
rule 0 permit source 192.168.10.0 0.0.0.255
#
acl number 3030
rule 5 permit ip source 192.168.200.0 0.0.0.255 destination 192.168.20.0 0.0.0.255
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
traffic classifier oa operator and
if-match acl 3030
#
traffic behavior oa
queue af bandwidth pct 50
#
qos policy h3c
classifier oa behavior oa
#
local-user rt5
password simple h3c
service-type ppp
#
bgp 65001
network 192.168.100.1 255.255.255.255
network 192.168.200.1 255.255.255.255
undo synchronization
peer 4.4.4.4 as-number 65001
peer 3.3.3.3 as-number 65001
peer 4.4.4.4 route-policy fk import
peer 4.4.4.4 connect-interface LoopBack0
peer 3.3.3.3 route-policy fk import
peer 3.3.3.3 connect-interface LoopBack0
#
ospf 1 router-id 5.5.5.5
area 0.0.0.0
network 5.5.5.5 0.0.0.0
network 172.16.2.6 0.0.0.0
network 172.16.2.10 0.0.0.0
#
route-policy fa permit node 10
if-match acl 2000
apply local-preference 400
route-policy fa permit node 20
route-policy fk permit node 10
if-match acl 2001
apply local-preference 400
route-policy fk permit node 20
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
#
return
SW1的配置
----------------------------------------------------------------------
sysname SW1
#
domain default enable system
#
burst-mode enable
#
undo ip http enable
#
password-recovery enable
#
acl number 2000
rule 0 permit source 192.168.10.0 0.0.0.255
#
vlan 1
#
vlan 10
#
vlan 20
#
vlan 30
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
#
stp region-configuration
region-name h3c
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
#
stp instance 0 root primary
stp instance 1 root primary
stp instance 2 root secondary
stp enable
#
bgp 65000
network 192.168.10.0 route-policy fa
network 192.168.20.0
undo synchronization
peer 1.1.1.1 as-number 65000
peer 2.2.2.2 as-number 65000
peer 1.1.1.1 connect-interface LoopBack0
peer 2.2.2.2 connect-interface LoopBack0
#
ospf 1 router-id 6.6.6.6
area 0.0.0.0
network 6.6.6.6 0.0.0.0
network 172.16.0.1 0.0.0.0
#
route-policy fa permit node 10
if-match acl 2000
apply local-preference 400
#
user-interface aux 0
user-interface vty 0 4
#
return
SW2 的配置
--------------------------------------------------------------------------
version 5.20, Release 5319P04
#
sysname SW2
#
super password level 3 cipher $c$3$nbNypWi5fBQG/0cezZ0kQlLgfhZBVkx+anDhOHBaSwsLC8U=
#
domain default enable system
#
burst-mode enable
#
undo ip http enable
#
password-recovery enable
#
acl number 2000
rule 0 permit source 192.168.20.0 0.0.0.255
#
vlan 1
#
vlan 10
#
vlan 20
#
vlan 30
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
#
stp region-configuration
region-name h3c
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
#
stp instance 0 root secondary
stp instance 1 root secondary
stp instance 2 root primary
stp enable
#
interface Bridge-Aggregation1
port link-type trunk
port trunk permit vlan 1 10 20
stp instance 1 cost 1000
#
interface NULL0
#
interface LoopBack0
ip address 7.7.7.7 255.255.255.255
#
interface Vlan-interface10
ip address 192.168.10.252 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.10.254
vrrp vrid 1 authentication-mode simple cipher $c$3$Bad9sQ7oGU1f3WXX6oCbS+4r///6ZA==
#
interface Vlan-interface20
ip address 192.168.20.252 255.255.255.0
vrrp vrid 2 virtual-ip 192.168.20.254
vrrp vrid 2 priority 110
vrrp vrid 2 track interface Vlan-interface30 reduced 30
vrrp vrid 2 authentication-mode simple cipher $c$3$7y7634QLWJTLfcyELBMFVKnhZ5l8PQ==
#
interface Vlan-interface30
ip address 172.16.0.5 255.255.255.252
#
interface Ethernet1/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 10 20
port link-aggregation group 1
#
interface Ethernet1/0/2
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 10 20
port link-aggregation group 1
#
interface Ethernet1/0/3
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 10 20
#
interface Ethernet1/0/4
port link-mode bridge
port access vlan 30
#
interface Ethernet1/0/5
port link-mode bridge
#
interface Ethernet1/0/6
port link-mode bridge
#
interface Ethernet1/0/7
port link-mode bridge
#
interface Ethernet1/0/8
port link-mode bridge
#
interface Ethernet1/0/9
port link-mode bridge
#
interface Ethernet1/0/10
port link-mode bridge
#
interface Ethernet1/0/11
port link-mode bridge
#
interface Ethernet1/0/12
port link-mode bridge
#
interface Ethernet1/0/13
port link-mode bridge
#
interface Ethernet1/0/14
port link-mode bridge
#
interface Ethernet1/0/15
port link-mode bridge
#
interface Ethernet1/0/16
port link-mode bridge
#
interface Ethernet1/0/17
port link-mode bridge
#
interface Ethernet1/0/18
port link-mode bridge
#
interface Ethernet1/0/19
port link-mode bridge
#
interface Ethernet1/0/20
port link-mode bridge
#
interface Ethernet1/0/21
port link-mode bridge
#
interface Ethernet1/0/22
port link-mode bridge
#
interface Ethernet1/0/23
port link-mode bridge
#
interface Ethernet1/0/24
port link-mode bridge
#
interface GigabitEthernet1/1/1
port link-mode bridge
#
interface GigabitEthernet1/1/2
port link-mode bridge
#
interface GigabitEthernet1/1/3
port link-mode bridge
#
interface GigabitEthernet1/1/4
port link-mode bridge
#
bgp 65000
network 192.168.10.0
network 192.168.20.0 route-policy fa
undo synchronization
peer 1.1.1.1 as-number 65000
peer 2.2.2.2 as-number 65000
peer 1.1.1.1 connect-interface LoopBack0
peer 2.2.2.2 connect-interface LoopBack0
#
ospf 1 router-id 7.7.7.7
area 0.0.0.0
network 7.7.7.7 0.0.0.0
network 172.16.0.5 0.0.0.0
#
route-policy fa permit node 10
if-match acl 2000
apply local-preference 400
#
user-interface aux 0
user privilege level 2
user-interface vty 0 4
#
return
SW3的配置
-----------------------------------------------------------------------
sysname SW3
#
super password level 3 cipher *\Y0``CC]'I.BI/aC,8H/Q!!
#
radius scheme system
#
domain system
#
stp bpdu-protection
stp enable
stp region-configuration
region-name h3c
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
#
vlan 1
#
vlan 10
#
vlan 20
#
user-interface aux 0
user privilege level 2
idle-timeout 0 0
user-interface vty 0 4
#
return
|
|
|
|
|
|
|
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2015-7-13 08:54:48
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡