路由器
- 0关注
- 0收藏,441浏览
问题描述:
# version 7.1.064, Release 9345P2416 # sysname H3C # context Admin id 1 # ip vpn-instance vrf_1 route-distinguisher 1:1 # address-family ipv4 vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity # ip vpn-instance vrf_301 route-distinguisher 301:301 # address-family ipv4 route-replicate from public protocol static vpn-target 301:301 import-extcommunity vpn-target 301:301 export-extcommunity # ip vpn-instance vrf_302 route-distinguisher 302:302 # address-family ipv4 route-replicate from public protocol static vpn-target 302:302 import-extcommunity vpn-target 302:302 export-extcommunity # ip vpn-instance vrf_303 route-distinguisher 303:303 # address-family ipv4 route-replicate from public protocol static vpn-target 303:303 import-extcommunity vpn-target 303:303 export-extcommunity # ip vpn-instance vrf_304 route-distinguisher 304:304 # address-family ipv4 route-replicate from public protocol static vpn-target 304:304 import-extcommunity vpn-target 304:304 export-extcommunity # ip vpn-instance vrf_305 route-distinguisher 305:305 # address-family ipv4 route-replicate from public protocol static vpn-target 305:305 import-extcommunity vpn-target 305:305 export-extcommunity # irf mac-address persistent timer irf auto-update enable undo irf link-delay irf member 1 priority 1 # security-zone intra-zone default permit # security-policy disable # nat address-group 2 address 192.168.8.141 192.168.8.141 # nat address-group 3 address 192.168.8.220 192.168.8.220 # nat address-group 4 # nat address-group 5 address 192.168.11.10 192.168.11.20 # nat address-group 6 address 192.168.12.10 192.168.12.20 # lldp global enable # password-recovery enable # vlan 1 # controller Cellular1/0/0 # interface NULL0 # interface GigabitEthernet1/0/0 port link-mode route ip address 192.0.0.2 255.255.255.0 sub # interface GigabitEthernet1/0/0.1 ip binding vpn-instance vrf_1 ip address 192.168.8.253 255.255.255.0 ip address 192.168.8.1 255.255.255.0 sub vlan-type dot1q vid 2 # interface GigabitEthernet1/0/0.301 ip binding vpn-instance vrf_301 ip address 192.0.0.2 255.255.255.0 vlan-type dot1q vid 301 # interface GigabitEthernet1/0/0.302 ip binding vpn-instance vrf_302 ip address 192.0.0.2 255.255.255.0 vlan-type dot1q vid 302 # interface GigabitEthernet1/0/0.303 ip binding vpn-instance vrf_303 ip address 192.0.0.2 255.255.255.0 vlan-type dot1q vid 303 # interface GigabitEthernet1/0/0.304 ip binding vpn-instance vrf_304 ip address 192.0.0.2 255.255.255.0 vlan-type dot1q vid 304 # interface GigabitEthernet1/0/0.305 ip binding vpn-instance vrf_305 ip address 192.0.0.2 255.255.255.0 vlan-type dot1q vid 305 # interface GigabitEthernet1/0/1 port link-mode route # interface GigabitEthernet1/0/2 port link-mode route # interface GigabitEthernet1/0/3 port link-mode route # interface GigabitEthernet1/0/4 port link-mode route # interface GigabitEthernet1/0/5 port link-mode route # interface GigabitEthernet1/0/6 port link-mode route # interface GigabitEthernet1/0/7 port link-mode route # interface GigabitEthernet1/0/8 port link-mode route # interface GigabitEthernet1/0/9 port link-mode route # interface GigabitEthernet1/0/10 port link-mode route # interface GigabitEthernet1/0/11 port link-mode route ip address 10.74.32.123 255.255.255.0 nat outbound 2000 address-group 4 nat server global 10.74.32.124 inside 172.17.1.4 vpn-instance vrf_302 reversibl e rule ServerRule_10 nat server global 10.74.32.125 inside 172.17.1.243 vpn-instance vrf_302 reversi ble rule ServerRule_11 nat server global 10.74.32.126 inside 192.168.8.240 vpn-instance vrf_1 reversib le rule ServerRule_23 nat server protocol tcp global 10.74.32.123 9101 inside 192.168.8.101 22 vpn-in stance vrf_1 reversible rule ServerRule_22 nat server protocol tcp global 10.74.32.123 9200 inside 192.168.8.252 443 vpn-i nstance vrf_1 rule ServerRule_18 nat server protocol tcp global 10.74.32.123 9201 inside 192.168.8.251 443 vpn-i nstance vrf_1 rule ServerRule_19 nat static enable # interface GigabitEthernet1/0/12 port link-mode route ip address 192.168.8.220 255.255.255.0 nat outbound 2001 address-group 3 nat server global 192.168.8.221 inside 172.16.1.248 vpn-instance vrf_301 revers ible rule ServerRule_12 nat server global 192.168.8.222 inside 172.16.1.81 vpn-instance vrf_301 reversi ble rule ServerRule_13 nat static enable # interface GigabitEthernet1/0/13 port link-mode route ip address 192.168.11.9 255.255.255.0 nat outbound 2002 address-group 5 nat static enable # interface GigabitEthernet1/0/14 port link-mode route ip address 192.168.12.9 255.255.255.0 nat outbound 2003 address-group 6 nat static enable # interface GigabitEthernet1/0/15 port link-mode route nat outbound 2005 address-group 2 nat outbound 2004 address-group 2 nat static enable # interface GigabitEthernet1/0/16 port link-mode route # interface GigabitEthernet1/0/17 port link-mode route nat outbound 2001 address-group 4 nat static enable # interface GigabitEthernet1/0/18 port link-mode route nat outbound 2002 address-group 5 nat static enable # interface GigabitEthernet1/0/19 port link-mode route # interface GigabitEthernet1/0/20 port link-mode route # interface GigabitEthernet1/0/21 port link-mode route # interface GigabitEthernet1/0/22 port link-mode route # interface GigabitEthernet1/0/23 port link-mode route # object-policy ip pass rule 0 pass # security-zone name Local # security-zone name Trust import interface GigabitEthernet1/0/0.1 import interface GigabitEthernet1/0/0.301 import interface GigabitEthernet1/0/0.302 import interface GigabitEthernet1/0/0.303 import interface GigabitEthernet1/0/0.304 import interface GigabitEthernet1/0/0.305 ip urpf loose # security-zone name DMZ # security-zone name Untrust import interface GigabitEthernet1/0/11 import interface GigabitEthernet1/0/12 import interface GigabitEthernet1/0/13 import interface GigabitEthernet1/0/14 import interface GigabitEthernet1/0/15 blacklist enable whitelist enable client-verify tcp enable mode syn-COOKIE client-verify http enable # security-zone name Management import interface GigabitEthernet1/0/0 ip urpf loose # zone-pair security source Any destination Any # zone-pair security source Local destination Trust object-policy apply ip pass # zone-pair security source Local destination Untrust object-policy apply ip pass # zone-pair security source Trust destination Local object-policy apply ip pass packet-filter 2999 # zone-pair security source Trust destination Untrust packet-filter 2000 packet-filter 2001 packet-filter 2002 packet-filter 2003 packet-filter 2004 packet-filter 2005 # zone-pair security source Untrust destination Local object-policy apply ip pass # zone-pair security source Untrust destination Trust packet-filter 3060 packet-filter 3061 # scheduler logfile size 16 # line class aux user-role network-operator # line class console authentication-mode scheme user-role network-admin # line class vty user-role network-operator # line aux 0 user-role network-admin # line con 0 user-role network-admin # line vty 0 63 authentication-mode scheme user-role network-admin # ip route-static 0.0.0.0 0 192.168.8.10 ip route-static 10.0.5.55 32 10.74.32.1 ip route-static vpn-instance vrf_301 0.0.0.0 0 GigabitEthernet1/0/12 192.168.8. 254 ip route-static vpn-instance vrf_301 172.16.0.0 16 192.0.0.1 ip route-static vpn-instance vrf_302 0.0.0.0 0 GigabitEthernet1/0/11 10.74.32.1 ip route-static vpn-instance vrf_302 172.17.0.0 16 192.0.0.1 ip route-static vpn-instance vrf_303 0.0.0.0 0 GigabitEthernet1/0/13 192.168.11 .1 ip route-static vpn-instance vrf_303 10.0.0.0 16 192.0.0.1 ip route-static vpn-instance vrf_304 0.0.0.0 0 GigabitEthernet1/0/14 192.168.12 .1 ip route-static vpn-instance vrf_304 10.0.0.0 16 192.0.0.1 ip route-static vpn-instance vrf_305 0.0.0.0 0 GigabitEthernet1/0/15 192.168.8. 1 ip route-static vpn-instance vrf_305 10.0.0.0 16 192.0.0.1 ip route-static vpn-instance vrf_1 0.0.0.0 0 GigabitEthernet1/0/11 10.74.32.1 # info-center source FILTER logfile deny # customlog format attack-defense customlog format dpi ips customlog format dpi anti-virus # ssh server enable # acl basic 2000 rule 0 permit vpn-instance vrf_302 rule 1 permit vpn-instance vrf_1 rule 5 permit vpn-instance vrf_301 # acl number 2001 rule 0 permit vpn-instance vrf_301 rule 5 permit vpn-instance vrf_302 # acl number 2002 rule 0 permit vpn-instance vrf_303 # acl number 2003 rule 0 permit vpn-instance vrf_304 # acl number 2004 rule 0 permit vpn-instance vrf_305 # acl number 2005 # acl number 2999 rule 0 permit vpn-instance vrf_1 rule 5 permit vpn-instance vrf_301 # acl number 3060 rule 0 permit ip vpn-instance vrf_303 rule 1 permit ip vpn-instance vrf_1 rule 5 permit ip vpn-instance vrf_304 rule 10 permit ip vpn-instance vrf_302 rule 15 permit ip vpn-instance vrf_301 # acl number 3061 rule 0 permit ip vpn-instance vrf_305 # domain system # domain default enable system # role name level-0 description Predefined level-0 role # role name level-1 description Predefined level-1 role # role name level-2 description Predefined level-2 role # role name level-3 description Predefined level-3 role # role name level-4 description Predefined level-4 role # role name level-5 description Predefined level-5 role # role name level-6 description Predefined level-6 role # role name level-7 description Predefined level-7 role # role name level-8 description Predefined level-8 role # role name level-9 description Predefined level-9 role # role name level-10 description Predefined level-10 role # role name level-11 description Predefined level-11 role # role name level-12 description Predefined level-12 role # role name level-13 description Predefined level-13 role # role name level-14 description Predefined level-14 role # user-group system # local-user admin class manage password hash $h$6$RBx0rQhpRlJh9EU5$kgp/2+RG2FHMYYFd3QzC4j4GyOEaNUn1IyvSxAL8FDH X3A5LmqTRd1/dzDR79QaXJWFle3uMXXgkkw9q6nspdg== service-type ssh terminal https authorization-attribute user-role level-3 authorization-attribute user-role level-15 authorization-attribute user-role network-admin authorization-attribute user-role network-operator # public-key peer 192.168.11.1 public-key-code begin 30819F300D06092A864886F70D010101050003818D0030818902818100DD6C33EA2674B42F 364740C97C29ECF6A0F0D9557E4548C6E739B85899719133F53453F3666884A58B411F03D1 1A4E44787BC238AF9B493DD6F04A2BF2B1203582E60783AF53D33EC0BA32F3143C3FF509D2 BC345B60C4834CD0E4527C7425A6E81645D96E82A02D7F688E0D3F5A67D511AA3DED9340A3 E5D2723D0AFAF4C62D0203010001 public-key-code end peer-public-key end # public-key peer 192.168.9.1 public-key-code begin 30819F300D06092A864886F70D010101050003818D0030818902818100DD6C33EA2674B42F 364740C97C29ECF6A0F0D9557E4548C6E739B85899719133F53453F3666884A58B411F03D1 1A4E44787BC238AF9B493DD6F04A2BF2B1203582E60783AF53D33EC0BA32F3143C3FF509D2 BC345B60C4834CD0E4527C7425A6E81645D96E82A02D7F688E0D3F5A67D511AA3DED9340A3 E5D2723D0AFAF4C62D0203010001 public-key-code end peer-public-key end # session statistics enable session synchronization enable session synchronization http # ipsec logging negotiation enable # ike logging negotiation enable # ip https port 9918 ip https enable # inspect block-source parameter-profile ips_block_default_parameter # inspect block-source parameter-profile url_block_default_parameter # inspect block-source parameter-profile waf_block_default_parameter # inspect capture parameter-profile ips_capture_default_parameter # inspect capture parameter-profile waf_capture_default_parameter # inspect logging parameter-profile av_logging_default_parameter # inspect logging parameter-profile ips_logging_default_parameter # loadbalance isp file flash:/lbispinfo_v1.5.tp # ips logging parameter-profile ips_logging_default_parameter # anti-virus logging parameter-profile av_logging_default_parameter # return
组网及组网描述:
1口是监控进线
11是连接内网专网
路由器上只接了0、11、12
帮忙看下配置解释一下 这几个口主要配置
- 2023-08-11提问
- 举报
-
(0)
最佳答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
网页登录账号密码不知道?怎么配置登入吗?