拓撲網路連通1-ensp
拓撲圖
實驗程式碼
FW2<USG6000V1>dis cu
!Software Version V500R001C10
#
sysname USG6000V1
#
l2tp enable
undo l2tp sendaccm enable
l2tp domain suffix-separator @
#
undo info-center enable
#
undo telnet server enable
undo telnet ipv6 server enable
#
firewall packet-filter basic-protocol enable
#
firewall detect ftp
#
log type traffic enable
log type syslog enable
log type policy enable
#
undo dataflow enable
#
isp name "china mobile"
isp name "china mobile" set filename china-mobile.csv
isp name "china unicom"
isp name "china unicom" set filename china-unicom.csv
isp name "china telecom"
isp name "china telecom" set filename china-telecom.csv
isp name "china educationnet"
isp name "china educationnet" set filename china-educationnet.csv
#
snmp-agent session history-max-number enable
snmp-agent session trap threshold 4000
snmp-agent session-rate trap threshold 24000
#
web-manager security version tlsv1 tlsv1.1
web-manager security enable
#
firewall dataplane to manageplane application-apperceive default-action drop
#
update schedule ips-sdb daily 07:52
update schedule av-sdb daily 07:52
update schedule sa-sdb daily 07:52
update schedule cnc daily 07:52
#
ip vpn-instance default
ipv4-family
#
time-range worktime
period-range 08:00:00 to 18:00:00 working-day
#
ip pool 1
section 0 192.168.3.1 192.168.3.10
#
aaa
authentication-scheme default
authentication-scheme admin_local
authentication-scheme admin_radius_local
authentication-scheme admin_hwtacacs_local
authentication-scheme admin_ad_local
authentication-scheme admin_ldap_local
authentication-scheme admin_radius
authentication-scheme admin_hwtacacs
authentication-scheme admin_ad
authentication-scheme admin_ldap
authorization-scheme default
accounting-scheme default
domain default
service-type l2tp ike
reference user current-domain
manager-user password-modify enable
manager-user audit-admin
password cipher @%@%_2s{3z.rQ/i;6eTu:\/4KVfWJTxj'{j1rB5F;vM;f)<
manager-user api-admin password cipher @%@%X[fs$(._k8,`cM5+Qn[ALB=w`yCt~d0aF#hA$<Ge.X+"[email protected]%@% service-type api level 15
manager-user admin password cipher @%@%L06(/w:^2A5)LVB)9x'HIjUQG("686}9S~[[email protected]
role system-admin dashboard read-write monitor read-write policy read-write object read-write network read-write system read-write role device-admin dashboard read-only monitor read-only log log-traffic log-threat log-policy-matching report traffi c-map threat-map session statistic statistic-acl monitor none diagnose policy read-write object read-write network read-write system read-write high-reliability system none configuration vsys license update-center mail-send feedback role device-admin(monitor) dashboard read-only monitor read-only log log-traffic log-threat log-policy-matching report traffi c-map threat-map session statistic statistic-acl monitor none diagnose policy read-only object read-only network read-only system read-only high-reliability system none configuration vsys license update-center mail-send feedback role audit-admin dashboard read-only monitor read-write log-audit monitor read-only log log-traffic log-threat log-syslog log-policy-matching re port traffic-map threat-map monitor none session statistic statistic-acl diagnose policy none object none network none system none bind manager-user audit-admin role audit-admin # interface GigabitEthernet0/0/0 undo shutdown ip binding vpn-instance default ip address 192.168.0.1 255.255.255.0 service-manage http permit service-manage https permit service-manage ping permit service-manage ssh permit service-manage snmp permit service-manage telnet permit service-manage netconf permit # interface GigabitEthernet1/0/0 undo shutdown ip address 61.67.1.2 255.255.255.0 service-manage ping permit # interface GigabitEthernet1/0/1 undo shutdown ip address 192.168.1.1 255.255.255.0 service-manage ping permit # interface GigabitEthernet1/0/2 undo shutdown # interface GigabitEthernet1/0/3 undo shutdown # interface GigabitEthernet1/0/4 undo shutdown # interface GigabitEthernet1/0/5 undo shutdown # interface GigabitEthernet1/0/6 undo shutdown # interface Virtual-if0 # interface NULL0 # firewall zone local set priority 100 # firewall zone trust set priority 85 add interface GigabitEthernet0/0/0 add interface GigabitEthernet1/0/1 # firewall zone untrust set priority 5 add interface GigabitEthernet1/0/0 # firewall zone dmz set priority 50 # l2tp-group 1 tunnel name LNS # l2tp-group default-lns # ip route-static 0.0.0.0 0.0.0.0 61.67.1.1 # undo ssh server compatible-ssh1x enable # user-interface con 0 authentication-mode password set authentication password cipher $1a$6a,J-D6DR5$4MLT/){&w7P\1Q2eP^)'M{cY9ZB,* 4XdkW9j;m`7$ user-interface vty 0 4 authentication-mode aaa protocol inbound ssh user-interface vty 16 20 # sa # location # multi-interface mode proportion-of-weight # security-policy rule name T_UN source-zone trust destination-zone untrust action permit rule name UN_LOCAL source-zone untrust destination-zone local action permit # traffic-policy # policy-based-route # nat-policy rule name N_W source-zone trust destination-zone untrust action nat easy-ip # pcp-policy # dns-transparent-policy # return
FW3[USG6000V1]dis cu
!Software Version V500R001C10 # sysname USG6000V1 # undo l2tp sendaccm enable l2tp domain suffix-separator @ # undo info-center enable # undo telnet server enable undo telnet ipv6 server enable # firewall packet-filter basic-protocol enable # firewall detect ftp # log type traffic enable log type syslog enable log type policy enable # undo dataflow enable # isp name "china mobile" isp name "china mobile" set filename china-mobile.csv isp name "china unicom" isp name "china unicom" set filename china-unicom.csv isp name "china telecom" isp name "china telecom" set filename china-telecom.csv isp name "china educationnet" isp name "china educationnet" set filename china-educationnet.csv # snmp-agent session history-max-number enable snmp-agent session trap threshold 4000 snmp-agent session-rate trap threshold 24000 # web-manager security version tlsv1 tlsv1.1 web-manager security enable # firewall dataplane to manageplane application-apperceive default-action drop # update schedule ips-sdb daily 02:11 update schedule av-sdb daily 02:11 update schedule sa-sdb daily 02:11 update schedule cnc daily 02:11 # ip vpn-instance default ipv4-family # time-range worktime period-range 08:00:00 to 18:00:00 working-day # aaa authentication-scheme default authentication-scheme admin_local authentication-scheme admin_radius_local authentication-scheme admin_hwtacacs_local authentication-scheme admin_ad_local authentication-scheme admin_ldap_local authentication-scheme admin_radius authentication-scheme admin_hwtacacs authentication-scheme admin_ad authentication-scheme admin_ldap authorization-scheme default accounting-scheme default domain default service-type l2tp ike reference user current-domain manager-user password-modify enable manager-user audit-admin password cipher @%@%U*eEK<|Xk6]Q[25%tt[><.u*HyBw~g7/7(fP.5B|4<JL.u-<@%@% service-type web terminal level 15
manager-user api-admin password cipher @%@%rs#[email protected]{PK,@SVFW=ezJ=l)B~TrT,,b&gJ*'oi:[email protected]%@% service-type api level 15
manager-user admin password cipher @%@%JNJB*6zo2+Jv;3Q8d%fB!P#htp<BD`K882_`saA*B-ZLP#[email protected]%@% service-type web terminal level 15
role system-admin dashboard read-write monitor read-write policy read-write object read-write network read-write system read-write role device-admin dashboard read-only monitor read-only log log-traffic log-threat log-policy-matching report traffi c-map threat-map session statistic statistic-acl monitor none diagnose policy read-write object read-write network read-write system read-write high-reliability system none configuration vsys license update-center mail-send feedback role device-admin(monitor) dashboard read-only monitor read-only log log-traffic log-threat log-policy-matching report traffi c-map threat-map session statistic statistic-acl monitor none diagnose policy read-only object read-only network read-only system read-only high-reliability system none configuration vsys license update-center mail-send feedback role audit-admin dashboard read-only monitor read-write log-audit monitor read-only log log-traffic log-threat log-syslog log-policy-matching re port traffic-map threat-map monitor none session statistic statistic-acl diagnose policy none object none network none system none bind manager-user audit-admin role audit-admin # interface GigabitEthernet0/0/0 undo shutdown ip binding vpn-instance default ip address 192.168.0.1 255.255.255.0 service-manage http permit service-manage https permit service-manage ping permit service-manage ssh permit service-manage snmp permit service-manage telnet permit service-manage netconf permit # interface GigabitEthernet1/0/0 undo shutdown ip address 192.168.2.1 255.255.255.0 service-manage ping permit # interface GigabitEthernet1/0/1 undo shutdown ip address 61.67.2.3 255.255.255.0 service-manage ping permit # interface GigabitEthernet1/0/2 undo shutdown # interface GigabitEthernet1/0/3 undo shutdown # interface GigabitEthernet1/0/4 undo shutdown # interface GigabitEthernet1/0/5 undo shutdown # interface GigabitEthernet1/0/6 undo shutdown # interface Virtual-if0 # interface NULL0 # firewall zone local set priority 100 # firewall zone trust set priority 85 add interface GigabitEthernet0/0/0 add interface GigabitEthernet1/0/0 # firewall zone untrust set priority 5 add interface GigabitEthernet1/0/1 # firewall zone dmz set priority 50 # l2tp-group default-lns # ip route-static 0.0.0.0 0.0.0.0 61.67.2.1 # undo ssh server compatible-ssh1x enable # user-interface con 0 authentication-mode password set authentication password cipher $1a$,6;N&se_S8$4Z)_<I~}r*08_jXTcIn*0*db=Gv3z QztnQ/b7DvC$ user-interface vty 0 4 authentication-mode aaa protocol inbound ssh user-interface vty 16 20 # sa # location # multi-interface mode proportion-of-weight # security-policy default action permit # traffic-policy # policy-based-route # nat-policy rule name N_W source-zone trust destination-zone untrust action nat easy-ip # pcp-policy # dns-transparent-policy # return
<ar1>dis cu
[V200R003C00] # sysname ar1 # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00 # portal local-server load portalpage.zip # drop illegal-mac alarm # undo info-center enable # set cpu-usage threshold 80 restore 75 # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http # firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 61.67.1.1 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 61.67.2.1 255.255.255.0 # interface GigabitEthernet0/0/2 # interface NULL0 # ip route-static 0.0.0.0 0.0.0.0 61.67.1.2 ip route-static 0.0.0.0 0.0.0.0 61.67.2.3 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return