!Software Version V200R008C00SPC500
#
sysname jiangxianlengkou5720EI
#
vlan batch 2 70 100 190 1000 to 1001 1942 to 1943
#
stp timer forward-delay 700
stp timer max-age 1000
stp instance 0 root primary
stp bpdu-protection
stp tc-protection
#
lldp enable
#
clock timezone Beijing,Chongqing,Hongkon,Urumqi add 08:00:00
#
dhcp enable
#
dhcp snooping enable
#
radius-rver template radius
radius-rver shared-key cipher %^%#B{dP-3MyDLnj<L9~+w$~A__{KBu_`5x+fqWRJ>8N%^%#
radius-rver authentication 10.72.225.35 1812 weight 80
radius-rver authorization 10.72.225.35 shared-key cipher %^%#U>z[NCDF[9*krt2w]H,P1Syr;25LZB*;QX~DGTnK%^%# rver-group radius
#
rsa peer-public-key 10.72.225.80
public-key-code begin
308188
028180
DB76AC3A 86D0E776 5E92FA56 C53A6D54 95B7C2F1 A3474456 00BD6D45 825A7B97
30500E42 65645323 493F377B 7F675711 FEA107DA 34464081 2909A462 59590BFD
4EC8BA39 2A981BF0 9B122A85 2CE300C6 61B0C523 246465D8 DA8FDE7F 6EF28B11
505C9159 86718108 8510EC78 6C2E488D CD7E439D B68A0B1F E228B341 7DB9FC79
0203
010001
public-key-code end
peer-public-key end
#
acl number 3001
description guest2office
rule 10 deny ip source 192.168.100.0 0.255.255.255 destination 10.0.0.0 0.255.255.255
rule 11 deny ip source 192.168.100.0 0.255.255.255 destination 172.16.0.0 0.15.255.255
rule 12 deny ip source 192.168.100.0 0.255.255.255 destination 192.168.0.0 0.0.255.255
rule 13 deny ip source 192.168.200.0 0.255.255.255 destination 10.0.0.0 0.255.255.255
rule 14 deny ip source 192.168.200.0 0.255.255.255 destination 172.16.0.0 0.15.255.255
rule 15 deny ip source 192.168.200.0 0.255.255.255 destination 192.168.0.0 0.0.255.255
rule 20 permit ip
acl number 3002
description office2guest
rule 15 deny ip source 10.0.0.0 0.255.255.255 destination 192.168.0.0 0.0.255.255
rule 20 permit ip
#
traffic-filter vlan 1942 inbound acl 3001
traffic-filter vlan 190 inbound acl 3002
traffic-filter vlan 1943 inbound acl 3001
#
vlan 1
dhcp snooping enable
dhcp snooping trusted interface GigabitEthernet0/0/1
vlan 190
dhcp snooping enable
vlan 1942
dhcp snooping enable
vlan 1943
dhcp snooping enable
#
ip pool guest
gateway-list 192.168.200.1
network 192.168.200.0 mask 255.255.255.0
excluded-ip-address 192.168.200.2 192.168.200.9
excluded-ip-address 192.168.200.201 192.168.200.254
dns-list 114.114.114.114 8.8.8.8
#
ip pool otherrver
gateway-list 192.168.100.1
network 192.168.100.0 mask 255.255.255.0
excluded-ip-address 192.168.100.2 192.168.100.9
excluded-ip-address 192.168.100.201 192.168.100.254
lea day 30 hour 0 minute 0
dns-list 114.114.114.114 8.8.8.8
#
aaa
authentication-scheme default
authentication-scheme radius
authentication-mode radius
authorization-scheme default
authorization-scheme radius
authorization-mode if-authenticated
accounting-scheme default
domain default
domain default_admin
l
ocal-ur admin password irreversible-cipher %^%#yuUV~_|w.*xpE`*"i;\BQax}10\G)P4M-\:3[{\#T:BL"o]/9BMbIM~d+)n=%^%#
local-ur admin rvice-type http
local-ur tianrun password irreversible-cipher %^%#_X&>,rfXl2nr~VD=k&XAEf:;N}L2z;WkD7)fRy#KJj&xDu>Gn'sWCR/91-_2%^%#
local-ur tianrun privilege level 15
local-ur tianrun rvice-type telnet ssh http
#
ntp-rvice rver disable
ntp-rvice ipv6 rver disable
ntp-rvice unicast-rver 10.1.0.1
#
interface Vlanif1
description manage-vlan
ip address 10.72.225.65 255.255.255.224
#
interface Vlanif2
description to-r-eth1
ip address 10.72.225.33 255.255.255.224
#
interface Vlanif70
description to-ip-phone
ip address 10.72.225.17 255.255.255.240
dhcp lect interface
dhcp rver dns-list 114.114.114.114 8.8.8.8
#
interface Vlanif190
description to-office
ip address 10.72.225.129 255.255.255.192
dhcp lect relay
dhcp relay rver-ip 10.72.225.35
dhcp relay information enable
#
interface Vlanif1000
description to-ASG
ip address 10.72.225.1 255.255.255.240
#
interface Vlanif1001
ip address 172.16.100.58 255.255.255.252
#
interface Vlanif1942
description guest
ip address 192.168.200.1 255.255.255.0
dhcp lect global
#
interface Vlanif1943
description to-others
ip address 192.168.100.1 255.255.255.0
dhcp lect global
#
interface MEth0/0/1
ip address 192.168.0.1 255.255.255.0
#
interface GigabitEthernet0/0/1
description to-ASG2050
port link-type access
port default vlan 1000
#
interface GigabitEthernet0/0/2
description to-r-eth1
port link-type access
port default vlan 2
stp edged-port enable
dhcp snooping enable
dhcp snooping trusted
#
interface GigabitEthernet0/0/3
description to-AC
port link-type trunk
port trunk allow-pass vlan 2 to 4094
dhcp snooping enable
dhcp snooping trusted
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 2
stp edged-port enable
#
interface GigabitEthernet0/0/5
description to-shineiAP
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/6
description to-shineiAP
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/7
description to-shineiAP
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/8
description to-shineiAP
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/9
description to-shineiAP
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/10
description to-shineiAP
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/11
description to-shiwaiAP
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/12
description to-shiwaiAP
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/1
3
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
description to-office
port default vlan 190
stp edged-port enable
#
interface GigabitEthernet0/0/16
description to-office
port default vlan 190
stp edged-port enable
#
interface GigabitEthernet0/0/17
description to-office
port default vlan 190
stp edged-port enable
#
interface GigabitEthernet0/0/18
description to-office
port default vlan 190
stp edged-port enable
#
interface GigabitEthernet0/0/19
description to-office
port default vlan 190
stp edged-port enable
#
interface GigabitEthernet0/0/20
description to-office
port default vlan 190
stp edged-port enable
#
interface GigabitEthernet0/0/21
description to-office
port default vlan 190
stp edged-port enable
#
interface GigabitEthernet0/0/22
description to-office
port default vlan 190
stp edged-port enable
#
interface GigabitEthernet0/0/23
description to-office
port default vlan 190
stp edged-port enable
#
interface GigabitEthernet0/0/24
description to-office
port default vlan 190
stp edged-port enable
#
interface GigabitEthernet0/0/25
description to-guest
port link-type access
port default vlan 1942
stp edged-port enable
#
interface GigabitEthernet0/0/26
description to-guest
port link-type access
port default vlan 1942
stp edged-port enable
#
interface GigabitEthernet0/0/27
description to-guest
port link-type access
port default vlan 1942
stp edged-port enable
#
interface GigabitEthernet0/0/28
description to-guest
port link-type access
port default vlan 1942
stp edged-port enable
#
interface GigabitEthernet0/0/29
description to-guest
port link-type access
port default vlan 1942
stp edged-port enable
#
interface GigabitEthernet0/0/30
description to-guest
port link-type access
port default vlan 1942
stp edged-port enable
#
interface GigabitEthernet0/0/31
description to-guest
port link-type access
port default vlan 1942
stp edged-port enable
#
interface GigabitEthernet0/0/32
description to-guest
port link-type access
port default vlan 1942
stp edged-port enable
#
interface GigabitEthernet0/0/33
description to-guest
port link-type access
port default vlan 1942
stp edged-port enable
#
interface GigabitEthernet0/0/34
description to-guest
port link-type access
port default vlan 1942
stp edged-port enable
#
interface GigabitEthernet0/0/35
description to-guest
port link-type access
port default vlan 1942
stp edged-port enable
#
interface GigabitEthernet0/0/36
description to-guest
port link-type access
port default vlan 1942
stp edged-port enable
#
interface GigabitEthernet0/0/37
description to-other
port link-type access
port default vlan 1943
stp edged-port enable
#
interface GigabitEthernet0/0/38
description to-other
port link-type access
port default vlan 1943
stp edged-port enable
#
interface GigabitEthernet0/0/3
9
description to-other
port link-type access
port default vlan 1943
stp edged-port enable
#
interface GigabitEthernet0/0/40
description to-other
port link-type access
port default vlan 1943
stp edged-port enable
#
interface GigabitEthernet0/0/41
description to-other
port link-type access
port default vlan 1943
stp edged-port enable
#
interface GigabitEthernet0/0/42
description to-other
port link-type access
port default vlan 1943
stp edged-port enable
#
interface GigabitEthernet0/0/43
description to-other
port link-type access
port default vlan 1943
stp edged-port enable
#
interface GigabitEthernet0/0/44
description to-other
port link-type access
port default vlan 1943
stp edged-port enable
#
interface GigabitEthernet0/0/45
description to-other
port link-type access
port default vlan 1943
stp edged-port enable
#
interface GigabitEthernet0/0/46
description to-other
port link-type access
port default vlan 1943
stp edged-port enable
#
interface GigabitEthernet0/0/47
description to-other
port link-type access
port default vlan 1943
stp edged-port enable
#
interface GigabitEthernet0/0/48
description to-datacenter
port link-type access
port default vlan 1001
#
interface GigabitEthernet0/0/49
#
interface GigabitEthernet0/0/50
#
interface GigabitEthernet0/0/51
#
interface GigabitEthernet0/0/52
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 10.72.225.3
ip route-static 10.0.0.0 255.0.0.0 10.72.225.3 track nqa admin test_FW
ip route-static 10.0.0.0 255.0.0.0 172.16.100.57 preference 100
#
traffic-filter vlan 1942 inbound acl 3001
traffic-filter vlan 190 inbound acl name office2guest
traffic-filter vlan 1943 inbound acl 3001
#
snmp-agent
snmp-agent local-engineid 800007DB0394DBDA33D4C0
snmp-agent community read cipher %^%#[in7$5@Dr+8GOhA>:|DKq{mrR5fT:PG)6,-iXd:.GCso$%>k"C>iGF$.N[z.VZa{~lbO:E1a.PO-s}~-%^%#
snmp-agent sys-info version v2c
undo snmp-agent sys-info version v3
snmp-agent target-host trap address udp-domain 10.1.0.50 params curityname cipher %^%#D<HJ1E's[VibS^(O38;/Cm){J~msRV*+hP']KxFD%^%#
#
ssh rver rekey-interval 20
stelnet rver enable
ssh ur tianrun
ssh ur tianrun authentication-type password
ssh client first-time enable
ssh client 10.72.225.80 assign rsa-key 10.72.225.80
#
nqa test-instance admin test_FW
test-type icmp
destination-address ipv4 10.72.225.3
frequency 10
start now
#
ur-interface con 0
ur-interface vty 0
ur-interface vty 1
authentication-mode aaa
ur-interface vty 2 4
ur-interface vty 16 20
#
return
