#
sysname SECPATH1000
#
firewall packet-filter enable
firewall packet-filter default permit
#
bridge enable
bridge routing-enable
bridge 7 enable
bridge 7 firewall unknown-mac flood
bridge 8 enable
bridge 8 firewall unknown-mac flood
bridge 9 enable
bridge 9 firewall unknown-mac flood
bridge 10 enable
bridge 10 firewall unknown-mac flood
bridge 11 enable
bridge 11 firewall unknown-mac flood
bridge 14 enable
bridge 14 firewall unknown-mac flood
bridge 25 enable
bridge 25 firewall unknown-mac flood
bridge 28 enable
bridge 28 firewall unknown-mac flood
bridge 100 enable
bridge 100 routing ip
#
firewall statistic system enable
#
radius scheme system
#
domain system
#
local-user bys
password cipher +0K2VW<:\'3Q=^Q`MAF4<1!!
service-type telnet
level 3
#
interface Aux0
async mode flow
#
interface GigabitEthernet0/0
speed 1000
duplex full
promiscuous
#
interface GigabitEthernet0/0.100
bridge-set 100
vlan-type dot1q vid 100
#
interface GigabitEthernet0/0.211
bridge-set 11
vlan-type dot1q vid 211
#
interface GigabitEthernet0/0.307
bridge-set 7
vlan-type dot1q vid 307
#
interface GigabitEthernet0/0.309
bridge-set 9
vlan-type dot1q vid 309
#
interface GigabitEthernet0/0.310
bridge-set 10
vlan-type dot1q vid 310
#
interface GigabitEthernet0/0.325
bridge-set 25
vlan-type dot1q vid 325
#
interface GigabitEthernet0/0.328
bridge-set 28
vlan-type dot1q vid 328
#
interface GigabitEthernet0/0.508
bridge-set 8
vlan-type dot1q vid 508
#
interface GigabitEthernet0/0.514
bridge-set 14
vlan-type dot1q vid 514
#
interface GigabitEthernet0/1
speed 1000
duplex full
promiscuous
description UP_TO_NE40
#
interface GigabitEthernet0/1.100
bridge-set 100
vlan-type dot1q vid 100
#
interface GigabitEthernet0/1.211
bridge-set 11
vlan-type dot1q vid 211
firewall packet-filter 3200 outbound
#
interface GigabitEthernet0/1.307
bridge-set 7
vlan-type dot1q vid 307
#
interface GigabitEthernet0/1.309
bridge-set 9
vlan-type dot1q vid 309
firewall packet-filter 3300 outbound
#
interface GigabitEthernet0/1.310
bridge-set 10
vlan-type dot1q vid 310
firewall packet-filter 3200 outbound
#
interface GigabitEthernet0/1.325
bridge-set 25
vlan-type dot1q vid 325
firewall packet-filter 3200 outbound
#
interface GigabitEthernet0/1.328
bridge-set 28
vlan-type dot1q vid 328
firewall packet-filter 3200 outbound
#
interface GigabitEthernet0/1.508
bridge-set 8
interface GigabitEthernet0/1.514
bridge-set 14
vlan-type dot1q vid 514
#
interface Encrypt2/0
#
interface Bridge-template100
ip address *.*.*.* *.*.*.*
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
add interface GigabitEthernet0/0
add interface GigabitEthernet0/0.211
add interface GigabitEthernet0/0.307
add interface GigabitEthernet0/0.309
add interface GigabitEthernet0/0.310
add interface GigabitEthernet0/0.325
add interface GigabitEthernet0/0.328
add interface GigabitEthernet0/0.508
add interface GigabitEthernet0/0.514
add interface GigabitEthernet0/0.100
add interface Bridge-template100
set priority 85
#
firewall zone untrust
add interface GigabitEthernet0/1
add interface GigabitEthernet0/1.100
add interface GigabitEthernet0/1.211
add interface GigabitEthernet0/1.307
add interface GigabitEthernet0/1.309
add interface GigabitEthernet0/1.310
add interface GigabitEthernet0/1.325
add interface GigabitEthernet0/1.328
add interface GigabitEthernet0/1.508
add interface GigabitEthernet0/1.514
set priority 5
#
firewall zone DMZ
set priority 50
#
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
ip route-static 0.0.0.0 0.0.0.0 *.*.*.* preference 60
#
snmp-agent
snmp-agent local-engineid 800007DB00E0FC20BC796877
snmp-agent community read nortel
snmp-agent community write private
snmp-agent community read quidview
snmp-agent sys-info location
snmp-agent sys-info version all
snmp-agent target-host trap address udp-domain *.*.*.* params securityname quidview
#
user-interface con 0
user-interface aux 0
authentication-mode none
user-interface vty 0 4
authentication-mode scheme
#
return
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作