1、 tagged ethe 1/1 router-interface ve 188vlan 13 by port untagged ethe 3/1 to 3/10 router-interface ve 13system-max ip-cache 256000system-max vlan 512system-max virtual-interface 512qos profile qosp3 57 qosp2 30 qosp1 10 qosp0 3 enable-acl-counterenable telnet password .enable super-user-password .ip
2、 access-policy 97 deny any any icmp ip access-policy 98 deny any any udp eq 5000ip access-policy 99 deny any any tcp eq 5000ip access-policy 100 deny any any tcp eq loc-srvip access-policy 101 deny any any udp eq loc-srvip access-policy 102 deny any any tcp eq profileip access-policy 103 deny any an
3、y udp eq profileip access-policy 104 deny any any tcp eq 137ip access-policy 105 deny any any udp eq netbios-nsip access-policy 106 deny any any tcp eq 138ip access-policy 107 deny any any udp eq netbios-dgmip access-policy 108 deny any any tcp eq netbios-ssnip access-policy 109 deny any any tcp eq
4、microsoft-dsip access-policy 110 deny any any udp eq microsoft-dsip access-policy 111 deny any any tcp eq http-rpc-epmapip access-policy 112 deny any any udp eq http-rpc-epmapip access-policy 113 deny any any tcp eq 4444ip access-policy 114 deny any any udp eq tftpip access-policy 115 deny any any u
5、dp eq netbios-ssnip access-policy 116 deny any any tcp eq 6556 ip access-policy 117 deny any any tcp eq 1023ip access-policy 118 permit any any ip route 0.0.0.0 0.0.0.0 192.168.1.2ip route 192.168.0.0 255.255.0.0 192.168.188.2ip icmp burst-normal 5000 burst-max 10000 lockup 300ip tcp burst-normal 10
6、 burst-max 100 lockup 300port-prioritysnmp-server community . rwinterface ethernet 1/1 gig-default neg-full-autointerface ethernet 3/16 no spanning-treeinterface ethernet 4/1 gig-default auto-gig interface ethernet 4/2 gig-default auto-giginterface ve 10 ip address 192.168.1.1 255.255.255.0interface
7、 ve 11 ip address 192.168.2.1 255.255.255.0interface ve 12 ip address 192.168.3.1 255.255.255.0 ip access-policy-g in 97 to 118 ip access-policy-g out 97 to 118 interface ve 13 ip address 192.168.5.1 255.255.255.240interface ve 30 ip address 192.168.24.1 255.255.254.0 interface ve 188 ip address 192
8、.168.188.1 255.255.255.252ip access-list extended anti deny tcp any any eq loc-srv deny tcp any any eq 137 deny tcp any any eq netbios-ssn deny tcp any any eq microsoft-ds deny udp any any eq loc-srv deny udp any any eq netbios-ns deny udp any any eq netbios-ssn deny udp any any eq microsoft-dsredun
9、dancy active-management 1endtelnetDCRS-7515# *华为8500的配置*dis cu# config-version S8500-VRP310-R1278P05 sysname WL_S8505 super password level 3 cipher 5C-2O#ENOQ=QMAF41! local-server nas-ip 127.0.0.1 key huawei Xbar load-single router route-limit 128K router VRF-limit 256 anti-attack arp enableradius s
10、cheme system server-type huawei primary authentication 127.0.0.1 1645 primary accounting 127.0.0.1 1646 user-name-format without-domaindomain system vlan-assignment-mode integer access-limit disable state active idle-cut disable self-service-url disable domain default enable systemlocal-user infowei
11、 level 3local-user wulianjiaowei service-type telnet level 1acl number 3000 rule 1 deny udp destination-port eq 135 rule 2 deny udp destination-port eq 136 rule 3 deny udp destination-port eq netbios-ns rule 4 deny udp destination-port eq netbios-dgm rule 5 deny udp destination-port eq netbios-ssn r
12、ule 7 deny udp destination-port eq 445 rule 8 deny udp destination-port eq 539 rule 9 deny udp destination-port eq 593rule 10 deny udp destination-port eq 1434 rule 11 deny tcp destination-port eq 135 rule 12 deny tcp destination-port eq 136 rule 13 deny tcp destination-port eq 137 rule 14 deny tcp
13、destination-port eq 138 rule 15 deny tcp destination-port eq 139 rule 16 deny tcp destination-port eq 445 rule 17 deny tcp destination-port eq 539 rule 18 deny tcp destination-port eq 593 rule 19 deny tcp destination-port eq 1434 rule 20 deny tcp destination-port eq 4444 rule 21 deny tcp destination
14、-port eq 5554 rule 22 deny tcp destination-port eq 9995 rule 23 deny tcp destination-port eq 9996# vlan 1 vlan 2 description TO_ERZHONG vlan 3 description TO_SANZHONG vlan 4 description TO_HONGNING vlan 5 description TO_HONGXIAO vlan 6 description TO_TEXIAO vlan 8 description TO_ZHIXIAO vlan 11 desc
15、ription TO_MOXIAO vlan 12 description TO_HEXI_FENXIAO vlan 13 description TO_ZHIJIAOZHONGXINvlan 17 description TO_SHICHANGvlan 18 description TO_TONGSUvlan 100 description TO_YIZHONGvlan 188 description TO_JIAOWEI7515vlan 2071 description TO_DONGBU_SCHOOLvlan 2076 description TO_JIETOUvlan 2178 des
16、cription TO_ZHONGZHIvlan 2181 description TO_WANGHU_CHUZHONGvlan 2183 description TO_BEIXIANvlan 2216 description TO_WANGSHITUANinterface Vlan-interface2 ip address 192.168.8.1 255.255.254.0interface Vlan-interface3 ip address 192.168.10.1 255.255.254.0 ip address 192.168.73.1 255.255.254.0 sub ip a
17、ddress 192.168.76.1 255.255.254.0 subinterface Vlan-interface4 ip address 192.168.12.1 255.255.254.0interface Vlan-interface5 ip address 192.168.14.1 255.255.254.0interface Vlan-interface6 ip address 192.168.16.1 255.255.254.0interface Vlan-interface8 ip address 192.168.20.1 255.255.254.0 interface
18、Vlan-interface11 ip address 192.168.58.1 255.255.254.0interface Vlan-interface12 ip address 192.168.22.1 255.255.254.0interface Vlan-interface13 ip address 192.168.26.1 255.255.254.0interface Vlan-interface17 ip address 192.168.36.1 255.255.254.0 ip address 192.168.98.1 255.255.254.0 subinterface Vl
19、an-interface18 ip address 192.168.38.1 255.255.254.0interface Vlan-interface100 ip address 192.168.6.1 255.255.255.248interface Vlan-interface188 ip address 192.168.188.2 255.255.255.252 interface Vlan-interface2071 ip address 192.168.18.1 255.255.254.0 ip address 192.168.60.1 255.255.254.0 sub ip a
20、ddress 192.168.74.1 255.255.254.0 sub ip address 192.168.84.1 255.255.254.0 sub ip address 192.168.92.1 255.255.254.0 sub ip address 192.168.94.1 255.255.254.0 sub ip address 192.168.96.1 255.255.254.0 sub ip address 192.168.100.1 255.255.254.0 sub ip address 192.168.116.1 255.255.254.0 sub ip addre
21、ss 192.168.118.1 255.255.254.0 sub ip address 192.168.120.1 255.255.254.0 subinterface Vlan-interface2076 ip address 192.168.34.1 255.255.254.0 ip address 192.168.68.1 255.255.254.0 sub ip address 192.168.90.1 255.255.254.0 subinterface Vlan-interface2178 ip address 192.168.32.1 255.255.254.0 ip add
22、ress 192.168.48.1 255.255.254.0 sub ip address 192.168.50.1 255.255.254.0 sub ip address 192.168.66.1 255.255.254.0 subinterface Vlan-interface2181 ip address 192.168.28.1 255.255.254.0 ip address 192.168.64.1 255.255.254.0 sub ip address 192.168.78.1 255.255.254.0 sub ip address 192.168.110.1 255.2
23、55.254.0 sub ip address 192.168.114.1 255.255.254.0 subinterface Vlan-interface2183 ip address 192.168.30.1 255.255.254.0 ip address 192.168.62.1 255.255.254.0 sub ip address 192.168.102.1 255.255.254.0 sub ip address 192.168.104.1 255.255.254.0 sub ip address 192.168.106.1 255.255.254.0 sub ip addr
24、ess 192.168.108.1 255.255.254.0 sub ip address 192.168.112.1 255.255.254.0 subinterface Vlan-interface2216 ip address 192.168.80.1 255.255.254.0 ip address 192.168.82.1 255.255.254.0 sub ip address 192.168.86.1 255.255.254.0 sub ip address 192.168.88.1 255.255.254.0 subinterface Aux0/0/1interface M-
25、Ethernet0/0/0interface Ethernet2/1/1 port access vlan 100 packet-filter inbound ip-group 3000 rule 1 system-index 45 packet-filter inbound ip-group 3000 rule 2 system-index 46 packet-filter inbound ip-group 3000 rule 3 system-index 47 packet-filter inbound ip-group 3000 rule 4 system-index 48 packet
26、-filter inbound ip-group 3000 rule 5 system-index 49 packet-filter inbound ip-group 3000 rule 7 system-index 50 packet-filter inbound ip-group 3000 rule 8 system-index 51 packet-filter inbound ip-group 3000 rule 9 system-index 52 packet-filter inbound ip-group 3000 rule 10 system-index 53 packet-fil
27、ter inbound ip-group 3000 rule 11 system-index 54 packet-filter inbound ip-group 3000 rule 12 system-index 55 packet-filter inbound ip-group 3000 rule 13 system-index 56 packet-filter inbound ip-group 3000 rule 14 system-index 57 packet-filter inbound ip-group 3000 rule 15 system-index 58 packet-filter inbound ip-group 3000 rule 16 system-index 59 packet-filter inbound ip-group 3000 rule 17 system-index 60 packet-filter inbound ip-gr
copyright@ 2008-2022 冰豆网网站版权所有
经营许可证编号:鄂ICP备2022015515号-1