icg配置和解释.docx-资源下载

icg配置和解释.docx

1、icg配置和解释# version 5.20, Test 1705# sysname yichang-wangba# tcp syn-cookie enable tcp anti-naptha enable tcp state closing connection-number 500 tcp state established connection-number 500 tcp state fin-wait-1 connection-number 500 tcp state fin-wait-2 connection-number 500 tcp state last-ack connect

2、ion-number 500 tcp state syn-received connection-number 500# ipsec cpu-backup enable# firewall enable# nat aging-time tcp 300 nat aging-time udp 180 nat aging-time pptp 300 nat aging-time ftp-ctrl 300# domain default enable system# telnet server enable# qos carl 1 source-ip-address range 192.168.0.1

3、 to 192.168.0.62 per-address qos carl 2 destination-ip-address range 192.168.0.1 to 192.168.0.62 per-address qos carl 3 source-ip-address range 192.168.0.64 to 192.168.0.220 per-address qos carl 4 destination-ip-address range 192.168.0.64 to 192.168.0.220 per-address# mirroring-group 1 local#acl num

4、ber 2000 rule 5 permit source 192.0.0.0 0.255.255.255 rule 10 deny#acl number 3100 rule 10 deny tcp destination-port eq 445 rule 11 deny udp destination-port eq 445 rule 20 deny tcp destination-port eq 135 rule 21 deny udp destination-port eq 135 rule 30 deny tcp destination-port eq 137 rule 31 deny

5、 udp destination-port eq netbios-ns rule 40 deny tcp destination-port eq 138 rule 41 deny udp destination-port eq netbios-dgm rule 50 deny tcp destination-port eq 139 rule 51 deny udp destination-port eq netbios-ssn rule 61 deny udp destination-port eq tftp rule 70 deny tcp destination-port eq 593 r

6、ule 80 deny tcp destination-port eq 4444 rule 90 deny tcp destination-port eq 707 rule 100 deny tcp destination-port eq 1433 rule 101 deny udp destination-port eq 1433 rule 110 deny tcp destination-port eq 1434 rule 111 deny udp destination-port eq 1434 rule 120 deny tcp destination-port eq 5554 rul

7、e 130 deny tcp destination-port eq 9996 rule 141 deny udp source-port eq bootps rule 160 permit icmp icmp-type echo rule 161 permit icmp icmp-type echo-reply rule 162 permit icmp icmp-type ttl-exceeded rule 165 deny icmp rule 200 deny tcp destination-port eq www rule 202 deny tcp destination-port eq

8、 ftp rule 203 deny tcp destination-port eq 22 rule 204 permit tcp destination-port eq telnet rule 2001 permit ip destination 192.0.0.0 0.255.255.255 rule 2002 deny ip#vlan 1#domain system access-limit disable state active idle-cut disable self-service-url disable#user-group system#local-user admin p

9、assword cipher Da4.B2FTUP61DKDQR.FQ! authorization-attribute level 3 service-type telnet#wlan rrm dot11b mandatory-rate 1 2 dot11b supported-rate 5.5 11 dot11g mandatory-rate 1 2 5.5 11 dot11g supported-rate 6 9 12 18 24 36 48 54#cwmp undo cwmp enable#interface Aux0 async mode flow link-protocol ppp

10、#interface Ethernet0/0 port link-mode route firewall packet-filter 3100 inbound nat outbound 2000 nat server protocol tcp global 61.136.223.169 10086 inside 192.168.0.251 10086 nat server protocol tcp global 61.136.223.169 10087 inside 192.168.0.63 10087 nat server protocol tcp global 61.136.223.169

11、 11469 inside 192.168.0.230 11469 nat server protocol tcp global 61.136.223.169 11470 inside 192.168.0.230 11470 ip address 61.136.223.169 255.255.255.224#interface NULL0#interface Vlan-interface1 ip address 192.168.0.254 255.255.255.0 qos car inbound carl 1 cir 2000 cbs 64000 ebs 0 green pass red d

12、iscard qos car inbound carl 3 cir 2000 cbs 64000 ebs 0 green pass red discard qos car outbound carl 2 cir 3500 cbs 64000 ebs 0 green pass red discard qos car outbound carl 4 cir 3500 cbs 64000 ebs 0 green pass red discard#interface Ethernet0/1 port link-mode bridge mirroring-group 1 mirroring-port b

13、oth#interface Ethernet0/2 port link-mode bridge#interface Ethernet0/3 port link-mode bridge#interface Ethernet0/4 port link-mode bridge mirroring-group 1 monitor-port#interface WLAN-Radio2/0 shutdown# ip route-static 0.0.0.0 0.0.0.0 61.136.223.161# arp anti-attack active-ack enable arp static 61.136

14、.223.161 0030-8803-673e arp static 192.168.0.171 0019-2159-4361 1 Ethernet0/1 arp static 192.168.0.27 0019-db8c-68ef 1 Ethernet0/1 arp static 192.168.0.41 0019-db8c-5eaa 1 Ethernet0/1 arp static 192.168.0.4 0019-db8c-68e1 1 Ethernet0/1 arp static 192.168.0.203 00e0-4cc1-7756 1 Ethernet0/1 arp static

15、 192.168.0.26 0019-db8c-5db2 1 Ethernet0/1 arp static 192.168.0.251 00f0-4c83-4cc2 1 Ethernet0/1 arp static 192.168.0.43 0019-db8c-6e06 1 Ethernet0/1 arp static 192.168.0.253 00f0-4c84-be2e 1 Ethernet0/1 arp static 192.168.0.3 0019-db83-3481 1 Ethernet0/1 arp static 192.168.0.2 0019-db8c-6931 1 Ethe

16、rnet0/1 arp static 192.168.0.103 00f0-4c88-6ed6 1 Ethernet0/1 arp static 192.168.0.8 0019-db8c-6437 1 Ethernet0/1 arp static 192.168.0.105 0019-2159-a8db 1 Ethernet0/1 arp static 192.168.0.7 0019-db8c-5eb2 1 Ethernet0/1 arp static 192.168.0.160 0019-2159-4391 1 Ethernet0/1 arp static 192.168.0.28 00

17、19-db8c-648d 1 Ethernet0/1 arp static 192.168.0.104 00f0-4c88-6eca 1 Ethernet0/1 arp static 192.168.0.106 0019-2159-a115 1 Ethernet0/1 arp static 192.168.0.13 0019-db8c-5d4f 1 Ethernet0/1 arp static 192.168.0.108 00f0-4c88-6ec8 1 Ethernet0/1 arp static 192.168.0.109 0019-2154-c3d4 1 Ethernet0/1 arp

18、static 192.168.0.16 0019-db8c-62d8 1 Ethernet0/1 arp static 192.168.0.111 0019-2159-45ed 1 Ethernet0/1 arp static 192.168.0.159 0019-2159-ab66 1 Ethernet0/1 arp static 192.168.0.112 0019-2159-47b9 1 Ethernet0/1 arp static 192.168.0.1 0019-db8c-62a1 1 Ethernet0/1 arp static 192.168.0.20 0019-db8c-5ec

19、3 1 Ethernet0/1 arp static 192.168.0.110 0019-2159-a6fa 1 Ethernet0/1 arp static 192.168.0.5 0019-db8c-5f24 1 Ethernet0/1 arp static 192.168.0.158 0019-2159-483f 1 Ethernet0/1 arp static 192.168.0.6 0019-db8c-5c2a 1 Ethernet0/1 arp static 192.168.0.15 0019-db8c-68df 1 Ethernet0/1 arp static 192.168.

20、0.19 0019-db8c-6e09 1 Ethernet0/1 arp static 192.168.0.114 0019-2159-4876 1 Ethernet0/1 arp static 192.168.0.115 00f0-4c88-7413 1 Ethernet0/1 arp static 192.168.0.22 0019-db83-3b4b 1 Ethernet0/1 arp static 192.168.0.11 0019-db8c-68f4 1 Ethernet0/1 arp static 192.168.0.31 0019-db8c-6f6a 1 Ethernet0/1

21、 arp static 192.168.0.18 0019-db8c-5d52 1 Ethernet0/1 arp static 192.168.0.10 0019-db8c-692c 1 Ethernet0/1 arp static 192.168.0.157 0019-2159-53b4 1 Ethernet0/1 arp static 192.168.0.9 0019-db8c-5e7f 1 Ethernet0/1 arp static 192.168.0.156 0019-214b-a834 1 Ethernet0/1 arp static 192.168.0.36 0019-db8c

22、-5c06 1 Ethernet0/1 arp static 192.168.0.29 0019-db8c-6364 1 Ethernet0/1 arp static 192.168.0.37 0019-db8c-5fbb 1 Ethernet0/1 arp static 192.168.0.113 0019-2159-a6fc 1 Ethernet0/1 arp static 192.168.0.49 0019-db8c-5eb6 1 Ethernet0/1 arp static 192.168.0.25 0019-db8c-5c35 1 Ethernet0/1 arp static 192

23、.168.0.14 0019-db8c-5e6f 1 Ethernet0/1 arp static 192.168.0.50 0019-db8c-5ea3 1 Ethernet0/1 arp static 192.168.0.17 0019-db8c-6108 1 Ethernet0/1 arp static 192.168.0.117 0019-2159-4389 1 Ethernet0/1 arp static 192.168.0.48 0019-db8c-5c77 1 Ethernet0/1 arp static 192.168.0.116 00f0-4c88-6ed2 1 Ethern

24、et0/1 arp static 192.168.0.51 0019-db8c-6d1c 1 Ethernet0/1 arp static 192.168.0.32 0019-db8c-6142 1 Ethernet0/1 arp static 192.168.0.118 0019-2154-c215 1 Ethernet0/1 arp static 192.168.0.155 0019-2159-4819 1 Ethernet0/1 arp static 192.168.0.163 0019-214f-df03 1 Ethernet0/1 arp static 192.168.0.30 00

25、19-db8c-6907 1 Ethernet0/1 arp static 192.168.0.24 0019-db8c-5c37 1 Ethernet0/1 arp static 192.168.0.164 0019-2159-44d2 1 Ethernet0/1 arp static 192.168.0.23 0019-db8c-6e2b 1 Ethernet0/1 arp static 192.168.0.33 0019-db8c-5e93 1 Ethernet0/1 arp static 192.168.0.35 0019-db8c-5c7d 1 Ethernet0/1 arp sta

26、tic 192.168.0.121 0019-2159-50e3 1 Ethernet0/1 arp static 192.168.0.21 0019-db8c-6302 1 Ethernet0/1 arp static 192.168.0.165 0019-2159-51b3 1 Ethernet0/1 arp static 192.168.0.34 0019-db8c-6303 1 Ethernet0/1 arp static 192.168.0.55 0019-db8c-5e87 1 Ethernet0/1 arp static 192.168.0.119 0019-212f-a6b3

27、1 Ethernet0/1 arp static 192.168.0.161 0019-2154-a9a2 1 Ethernet0/1 arp static 192.168.0.120 0019-2159-50dc 1 Ethernet0/1 arp static 192.168.0.45 0019-db8c-64fa 1 Ethernet0/1 arp static 192.168.0.162 0019-2159-aa15 1 Ethernet0/1 arp static 192.168.0.38 0019-db8c-6d07 1 Ethernet0/1 arp static 192.168

28、.0.52 0019-db8c-6434 1 Ethernet0/1 arp static 192.168.0.40 0019-db8c-5e78 1 Ethernet0/1 arp static 192.168.0.54 0019-db8c-632c 1 Ethernet0/1 arp static 192.168.0.122 0019-214f-d426 1 Ethernet0/1 arp static 192.168.0.170 0019-2159-4ad6 1 Ethernet0/1 arp static 192.168.0.166 0019-2154-b761 1 Ethernet0

29、/1 arp static 192.168.0.56 0019-db8c-63ea 1 Ethernet0/1 arp static 192.168.0.179 0019-2159-52b4 1 Ethernet0/1 arp static 192.168.0.169 00f0-4c88-6ed4 1 Ethernet0/1 arp static 192.168.0.124 00f0-4c88-6ed8 1 Ethernet0/1 arp static 192.168.0.67 00f0-4c88-6ecc 1 Ethernet0/1 arp static 192.168.0.44 0019-

30、db8c-5d50 1 Ethernet0/1 arp static 192.168.0.178 0019-214f-d938 1 Ethernet0/1 arp static 192.168.0.168 0019-214b-9113 1 Ethernet0/1 arp static 192.168.0.57 0019-db8c-6910 1 Ethernet0/1 arp static 192.168.0.173 0019-2159-ab71 1 Ethernet0/1 arp static 192.168.0.65 00e0-3903-061d 1 Ethernet0/1 arp stat

31、ic 192.168.0.167 0019-214f-c9de 1 Ethernet0/1 arp static 192.168.0.176 0019-2159-a771 1 Ethernet0/1 arp static 192.168.0.123 00f0-4c88-6ed3 1 Ethernet0/1 arp static 192.168.0.175 0019-2159-d8f4 1 Ethernet0/1 arp static 192.168.0.174 0019-2154-a994 1 Ethernet0/1 arp static 192.168.0.154 0019-212f-a6c4 1 Ethernet0/1 arp static 192.168.0.39 0019-db8c-6528 1 Ethernet0/1 arp static 192.168.0.180 0019-2159-47da 1 Ethernet0/1 arp static 192.168.0.185 0019-2150-18e7 1 Ethernet0/1 arp static 192.168.0.126 0019-2

邮箱/手机：
温馨提示：	快捷下载时，用户名和密码都是您填写的邮箱或者手机号，方便查询和重复下载（系统自动生成）。如填写123，账号就是123，密码也是123。
特别说明：	请自助下载，系统不会自动发送文件的哦；如果您已付费，想二次下载，请登录后访问：我的下载记录
支付方式：
验证码：	换一换

账号：
密码：
验证码：	换一换
当日自动登录忘记密码？