• 全部
  • 经验案例
  • 典型配置
  • 技术公告
  • FAQ
  • 漏洞说明
  • 全部
  • 全部
  • 大数据引擎
  • 知了引擎
产品线
搜索
取消
案例类型
发布者
是否解决
是否官方
时间
搜索引擎
匹配模式
高级搜索

华为交换机策略路由替换问题

2025-05-11提问
  • 0关注
  • 0收藏,956浏览
粉丝:0人 关注:0人

问题描述:

traffic behavior deny

 deny

#

traffic behavior permit

 

 

 

traffic policy intfaceinpolicy

 classifier fangwenkongzhi-3410 behavior deny precedence 5

 classifier neiwanghufang-3420 behavior permit precedence 10

 classifier mianrenzhengtoline1-3470 behavior permit precedence 15

 classifier mianrenzhengtoline2-3480 behavior redirecttoline2 precedence 20

 classifier neiwangwangduan-3450 behavior redirecttoportal precedence 25

 classifier anyiptopermit-3499 behavior permit precedence 30

 

 

traffic classifier 这个正常匹配ACL, traffic behavior  中有个deny 是拒绝流量通过的意思, traffic behavior permit 这个里面没有执行动作是默认perint么?然后如果下进行调用classifier fangwenkongzhi-3410 behavior deny precedence 5 这个是直接拒绝掉了,那classifier neiwanghufang-3420 behavior permit precedence 10 匹配到一起的话,他的流量应该是怎么转发的。还是说因为没有执行动作导致,流量被丢弃

traffic policy intfaceinpolicy

classifier fangwenkongzhi-3410 behavior deny precedence 5

 classifier neiwanghufang-3420 behavior permit precedence 10

 classifier mianrenzhengtoline1-3470 behavior permit precedence 15

 

组网及组网描述:

这个是配置文件

<CE12804>

<CE12804>dis cur                    

!Software Version V200R005C10SPC800

!Last configuration was updated at 2025-04-27 17:51:54+00:00 by administrator

!Last configuration was saved at 2025-04-27 17:52:21+00:00 by administrator

#

sysname CE12804

#

info-center source cfm channel 5 log level warning

info-center loghost 10.10.255.27 channel 6

#

device chassis 1 chassis-type CE12804S-FRAME

device chassis 2 chassis-type CE12804S-FRAME

#

device board 1/5 board-type CE-MPUA-S

device board 1/4 board-type CE-L24XS-EC

device board 1/3 board-type CE-L48XT-EC

device board 2/5 board-type CE-MPUA-S

device board 2/3 board-type CE-L48XT-EC

device board 2/4 board-type CE-L24XS-EC

device board 1/2 board-type CE-L48GS-EA

device board 2/2 board-type CE-L48GS-EA

#

drop-profile default

#

dcb pfc         

#

dcb ets-profile default

#

vlan batch 20 to 25 27 32 68 to 83 100 107 to 111 113 to 117 121 to 126 128 132 to 135

vlan batch 153 181 200 254 1003 to 1011 1020 1040 1125 1128 1136

vlan batch 1138 1140 1142 1144 1152 1160 1168 1176 1224 to 1255 1280

vlan batch 4000 to 4001

#

stp mode rstp

stp instance 0 root primary

#

rsa peer-public-key 172.29.0.50

 public-key-code begin

 308189

  028181

    00B1E7BB 2DCEFB97 D62D4D09 4394E07E F1DC420D 8C61CC48 C5F1505C DA057E93

    772498F8 4FAD7A99 CE01F1C4 9A71203A 1FAAB25D 27B39E8F 442815D1 F648B348

    D1D5F590 CB327066 1D847078 05C65414 D339AF1F 3AFB42C6 97A7969D 5FED3770

    9A4E1468 5050D56A 4AB63389 6503F448 059E7DB7 BAC7052A CB753C10 18F6709D

    43

  0203

    010001

 public-key-code end

 peer-public-key end

#

ecc peer-public-key 172.29.0.77

 public-key-code begin

  045F4F5E A3A0A721 11521C1D 9A94B059 ED28D160 F69DB7C9 59BBC2BF 5DEFF769

  D9F1BF89 C5735ECB 4F78CC26 17299966 FF05E90A A2651228 B0426206 52358901

  52

 public-key-code end

 peer-public-key end

#

ecc peer-public-key 172.29.0.81

 public-key-code begin

  040B33B2 0C2DD5C2 694F00E6 F291C4ED 0825D0EE C9127C02 6179AFEA 5F2DE6A5

  1CD966F6 CB40A5F4 8E9D14C4 1F914A73 BB8A8797 2E3682B1 FE4E5420 13E971D6

  39

 public-key-code end

 peer-public-key end

#

ecc peer-public-key 172.29.0.118

 public-key-code begin

  04D92734 75D5F657 7D7B0FC4 4625FB58 08798973 24883ED1 70F94831 022EA497

  38AF022A C5F28655 B60A7A38 AA859466 83200E61 A3D66311 8A669B0A E12E1E2B

  65            

 public-key-code end

 peer-public-key end

#

router id 192.168.254.2

#

telnet server disable

telnet ipv6 server disable

#

observe-port 1 interface 10GE1/4/0/19  

observe-port 2 interface 10GE2/4/0/19  

#

sflow collector 1 ip 192.168.20.100 udp-port 9000 description "CLI Collector"

#

diffserv domain default

#

vlan 20

 description GuanLi

#

vlan 25

 name yikatong

#

vlan 68

 description kaoshiyuanwaiwang

#

vlan 69

 description kaoshiyuanxitongzu

#

vlan 100

 description Jisuanjijifang_3016

#

vlan 125

 description jiaoshijiankong

#

vlan 126

 description 5009jifang

#

vlan 1003

 description To_SR88

#

vlan 1004

 description to_IAG2000-A

#

vlan 1005

 description to_F1000S

#

vlan 1006       

 description To_A004_OSPF

#

vlan 1009

 name TO_F1020_SSL_VPN_G1/0/15

#

vlan 1010

 description xinyewuguanli

#

vlan 1011

 description to_xinlouyu

#

vlan 1040

 description to_fuqingzhuanxian

#

acl number 3410

 description fangwenkongzhi

#

acl number 3420

 description neiwanghufang

 rule 91 permit ip source 192.168.75.81 0 destination 192.168.76.249 0

 rule 92 permit ip source 192.168.75.85 0 destination 192.168.76.249 0

 rule 93 permit ip source 192.168.75.89 0 destination 192.168.76.249 0

 rule 94 permit ip source 192.168.77.228 0 destination 192.168.76.249 0

 rule 95 permit ip source 192.168.77.242 0 destination 192.168.76.249 0

 rule 96 permit ip source 192.168.20.231 0 destination 192.168.76.249 0

 rule 97 permit ip source 192.168.75.88 0 destination 192.168.76.249 0

 rule 99 deny ip source 10.0.0.0 0.0.255.255 destination 192.168.76.249 0

 rule 100 deny ip source 192.168.0.0 0.0.255.255 destination 192.168.76.249 0

 rule 105 permit ip source 192.168.0.0 0.0.255.255 destination 192.168.0.0 0.0.255.255

 rule 110 permit ip source 192.168.0.0 0.0.255.255 destination 10.0.0.0 0.255.255.255

 rule 115 permit ip source 10.0.0.0 0.255.255.255 destination 192.168.0.0 0.0.255.255

 rule 120 permit ip source 192.168.0.0 0.0.255.255 destination 172.29.0.0 0.0.0.255

 rule 125 permit ip source 172.29.0.0 0.0.0.255 destination 192.168.0.0 0.0.255.255

 rule 130 permit ip source 10.0.0.0 0.255.255.255 destination 10.0.0.0 0.255.255.255

 rule 135 permit ip source 10.0.0.0 0.255.255.255 destination 172.29.0.0 0.0.0.255

 rule 140 permit ip source 172.29.0.0 0.0.0.255 destination 172.29.0.0 0.0.0.255

 rule 145 permit ip source 172.29.0.0 0.0.0.255 destination 10.0.0.0 0.255.255.255

 rule 150 permit ip source 10.11.33.195 0 destination 192.168.22.189 0

 rule 160 deny ip source 192.168.0.0 0.0.255.255 destination 192.168.22.189 0

#

acl number 3450

 description neiwangwangduan

 rule 100 permit ip source 192.168.0.0 0.0.255.255

 rule 110 permit ip source 10.10.0.0 0.0.255.255

 rule 120 permit ip source 10.11.0.0 0.0.255.255

#               

acl number 3470

 description mianrenzhengtoline1

 rule 100 permit ip source 172.29.0.0 0.0.255.255

 rule 100 description shebeihulian

 rule 106 permit ip source 192.168.23.0 0.0.0.255

 rule 108 permit ip source 192.168.24.0 0.0.0.255

 rule 108 description bodawangzhanqun

 rule 1000 permit ip source 10.10.224.0 0.0.31.255

 rule 1000 description shuzihuaxiaoyuan_syswin

#

acl number 3480

 rule 19 deny ip source 192.168.110.34 0

 rule 19 description dianziping

 rule 20 permit ip source 10.10.10.0 0.0.0.255

 rule 30 permit ip source 192.168.0.0 0.0.255.255

 rule 35 permit ip source 10.11.0.0 0.0.255.255

 rule 84 permit udp destination 114.114.114.114 0 destination-port eq dns

 rule 85 permit udp destination 114.114.114.114 0 destination-port eq dnsix

 rule 86 permit tcp destination 114.114.114.114 0 destination-port eq domain

 rule 91 permit ip source 192.168.75.81 0 destination 192.168.74.249 0

 rule 92 permit ip source 192.168.75.85 0 destination 192.168.74.249 0

 rule 93 permit ip source 192.168.75.89 0 destination 192.168.74.249 0

 rule 94 permit ip source 192.168.77.228 0 destination 192.168.74.249 0

 rule 95 permit ip source 192.168.76.242 0 destination 192.168.74.249 0

 rule 96 permit ip source 192.168.20.231 0 destination 192.168.74.249 0

 rule 97 permit ip source 192.168.75.88 0 destination 192.168.74.249 0

 rule 100 permit ip source 192.168.20.0 0.0.0.127

 rule 120 permit ip source 192.168.20.250 0

 rule 150 permit ip source 192.168.27.0 0.0.0.255

 rule 200 permit ip source 192.168.28.0 0.0.0.255

 rule 330 permit ip source 192.168.77.100 0

 rule 330 description 11loulubojian

 rule 331 permit ip source 192.168.77.101 0

 rule 331 description 11loulubojian

 rule 332 permit ip source 192.168.77.102 0

 rule 332 description 11loulubojian

 rule 333 permit ip source 192.168.77.103 0

 rule 333 description 11loulubojian

 rule 340 deny ip source 192.168.76.242 0

 rule 390 permit ip source 192.168.70.248 0

 rule 390 description waiyuxi5003

 rule 391 permit ip source 192.168.70.249 0

 rule 391 description waiyuxi5004

 rule 397 permit ip source 192.168.72.221 0

 rule 401 permit ip source 192.168.81.160 0.0.0.15

 rule 401 description yishuxi A301

 rule 403 permit ip source 192.168.128.220 0

 rule 403 description shixunlouqiantai

 rule 410 permit ip source 192.168.116.117 0

 rule 415 permit ip source 192.168.79.0 0.0.0.255

 rule 450 permit ip source 10.11.32.40 0

 rule 451 permit ip source 10.11.32.41 0

 rule 452 permit ip source 10.11.32.42 0

 rule 453 permit ip source 10.11.32.43 0

 rule 454 permit ip source 10.11.32.98 0

 rule 455 permit ip source 10.11.32.129 0

 rule 460 permit ip source 192.168.72.29 0

 rule 460 description houqinwifi

 rule 525 permit ip source 192.168.20.225 0

 rule 530 permit ip source 192.168.74.180 0

 rule 730 permit ip source 10.11.45.240 0

 rule 735 permit ip source 192.168.73.252 0

 rule 735 description 1101 dianyingshi

 rule 777 permit ip source 192.168.114.100 0

 rule 780 permit ip source 10.11.64.167 0

 rule 780 description xueshengchu yizhanshipingtai

 rule 785 permit ip source 192.168.75.135 0

 rule 785 description renshimianrenzheng

 rule 786 permit ip source 10.11.40.0 0.0.0.255

 rule 786 description chanchanglouyiloulinshi

 rule 1700 permit ip source 10.10.128.0 0.0.63.255

 rule 1700 description wuxian-mjtc-acrenzheng

 rule 1800 permit ip source 10.11.8.0 0.0.7.255

 rule 1800 description xinlou-wifirenzheng

#

acl number 3499

 description anyiptopermit

 rule 0 permit ip

#

acl number 3550

 description kongzhifangwenhexin

 rule 5 permit ip source 10.10.255.25 0

 rule 10 permit ip source 192.168.20.0 0.0.0.255

 rule 40 deny ip

#

acl number 23480

#

traffic classifier anyiptopermit-3499 type or

 if-match acl 3499

#

traffic classifier fangwenkongzhi-3410 type or

 if-match acl 3410

#

traffic classifier mianrenzhengtoline1-3470 type or

 if-match acl 3470

#

traffic classifier mianrenzhengtoline2-3480 type or

 if-match acl 3480

#

traffic classifier neiwanghufang-3420 type or

 if-match acl 3420

#

traffic classifier neiwangwangduan-3450 type or

 if-match acl 3450

#

traffic behavior deny

 deny

#

traffic behavior permit

#

traffic behavior redirecttoline2

 statistics enable

 redirect nexthop 172.29.0.110

#

traffic behavior redirecttoportal

 redirect nexthop 172.29.0.22

#

traffic policy intfaceinpolicy

 classifier fangwenkongzhi-3410 behavior deny precedence 5

 classifier neiwanghufang-3420 behavior permit precedence 10

 classifier mianrenzhengtoline1-3470 behavior permit precedence 15

 classifier mianrenzhengtoline2-3480 behavior redirecttoline2 precedence 20

 classifier neiwangwangduan-3450 behavior redirecttoportal precedence 25

 classifier anyiptopermit-3499 behavior permit precedence 30

#

traffic policy portalinpolicy

 classifier fangwenkongzhi-3410 behavior deny precedence 5

 classifier neiwanghufang-3420 behavior permit precedence 10

 classifier mianrenzhengtoline1-3470 behavior permit precedence 15

 classifier mianrenzhengtoline2-3480 behavior redirecttoline2 precedence 20

 classifier neiwangwangduan-3450 behavior redirecttoline2 precedence 25

 classifier anyiptopermit-3499 behavior permit precedence 30

#

aaa

 local-user policy password min-len 8

 undo local-user policy security-enhance

 local-user policy password complexity-enhance

 local-user policy password expire 90 prompt 10

 local-user authentication lock duration 10

 local-user administrator password irreversible-cipher $1c$A.QvLZ5Gx=$7/0|$OuBxCrQ"=5'#Pn2(XZx~O^aR6/7o_Da+,2S$

 local-user administrator service-type terminal ssh

 local-user administrator level 3

 local-user administrator access-limit 5

 local-user administrator password expire 90

 local-user audit01 password irreversible-cipher $1c${^"BVYiyJQ$HMv$2^j3c!ASw_&M;Sa5~tx*)wDNV4d`\&8({)LT$

 local-user audit01 service-type ssh

 local-user audit01 level 1

 local-user audit01 access-limit 5

 local-user audit01 password expire 90

 local-user sec password irreversible-cipher $1c$6Cu&.|8p1;$$}o}!O@kq+6yzA7%4DnT!@zgT|8Q[;|E%jKg=I|)$

 local-user sec service-type ssh

 local-user sec level 2

 local-user sec access-limit 2

 local-user sec password expire 90

 #

 authentication-scheme default

 #

 authorization-scheme default

 #

 accounting-scheme default

 #              

 domain default

 #

 domain default_admin

#

stack

 #

 stack mode

 #

 stack member 1 domain 10

 stack member 1 priority 150

 stack member 1 link-type linecard-direct

 #

 stack member 2 domain 10

 stack member 2 priority 110

 stack member 2 link-type linecard-direct

#

interface Vlanif1

 shutdown

#

interface Vlanif20

 description GuanLi

 ip address 192.168.20.254 255.255.255.128

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif21

 ip address 192.168.21.1 255.255.255.128

#

interface Vlanif22

 ip address 192.168.22.1 255.255.255.128

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif23

 ip address 192.168.23.1 255.255.255.128

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif24

 ip address 192.168.24.1 255.255.255.128

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif25

 description yikatong

 ip address 192.168.25.1 255.255.255.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif27

 ip address 192.168.27.1 255.255.255.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif68

 ip address 192.168.68.1 255.255.255.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif69

 ip address 192.168.69.1 255.255.255.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif70

 ip address 192.168.70.1 255.255.255.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif71

 ip address 192.168.71.1 255.255.255.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif72

 ip address 192.168.72.1 255.255.255.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif73

 ip address 192.168.73.1 255.255.255.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif74

 ip address 192.168.74.1 255.255.255.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif75

 ip address 192.168.75.1 255.255.255.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif76

 ip address 192.168.76.1 255.255.255.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif77

 ip address 192.168.77.1 255.255.255.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif78

 ip address 192.168.78.1 255.255.255.0

 traffic-policy intfaceinpolicy inbound 

#               

interface Vlanif82

 ip address 192.168.82.1 255.255.255.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif83

 ip address 192.168.83.1 255.255.255.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif100

 description Jisuanjijifang_3016

 ip address 192.168.100.1 255.255.255.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif107

 ip address 192.168.107.1 255.255.255.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif108

 ip address 192.168.108.1 255.255.255.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif109

 ip address 192.168.109.1 255.255.255.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif110

 ip address 192.168.110.1 255.255.255.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif111

 ip address 192.168.111.1 255.255.255.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif113

 ip address 192.168.113.1 255.255.255.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif114

 ip address 192.168.114.1 255.255.255.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif115

 ip address 192.168.115.1 255.255.255.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif116

 ip address 192.168.116.1 255.255.255.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif117

 ip address 192.168.117.1 255.255.255.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif121

 ip address 192.168.121.1 255.255.255.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif122

 ip address 192.168.122.1 255.255.255.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif123

 ip address 192.168.123.1 255.255.255.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif124

 ip address 192.168.124.1 255.255.255.0

 traffic-policy intfaceinpolicy inbound 

#               

interface Vlanif125

 description jiaoshijiankong

 ip address 192.168.125.1 255.255.255.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif126

 description 5009jifang

 ip address 192.168.126.1 255.255.255.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif128

 ip address 192.168.128.1 255.255.255.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif254

 ip address 192.168.254.1 255.255.255.128

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif1003

 description To_SR88

 ip address 172.29.0.14 255.255.255.252

 ospf network-type p2p

#               

interface Vlanif1004

 description to_IAG2000-A

 ip address 172.29.0.21 255.255.255.252

 ospf network-type p2p

#

interface Vlanif1005

 description to_F1000S

 ip address 172.29.0.29 255.255.255.252

 ospf network-type p2p

#

interface Vlanif1006

 description To_A004_OSPF

 ip address 172.29.0.38 255.255.255.252

 ospf network-type p2p

#

interface Vlanif1007

#

interface Vlanif1008

 ip address 172.29.0.41 255.255.255.252

 ospf cost 100

 ospf network-type p2p

#

interface Vlanif1009

 description TO_F1020_SSL_VPN_G1/0/15

 ip address 172.29.0.49 255.255.255.252

#

interface Vlanif1010

 description xinyewuguanli

 ip address 10.10.10.1 255.255.255.0

 ospf cost 100

 ospf network-type p2p

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif1011

#

interface Vlanif1020

 description hexinyewu

 ip address 10.10.20.1 255.255.255.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif1040

 ip address 172.29.0.121 255.255.255.252

#

interface Vlanif1125

#

interface Vlanif1128

 description wuxianwifi

 ip address 10.10.128.1 255.255.254.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif1136

 description wuxianwifi

 ip address 10.10.136.1 255.255.254.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif1138

 description wuxianwifi

 ip address 10.10.138.1 255.255.254.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif1140

 description wuxianwifi

 ip address 10.10.140.1 255.255.254.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif1142

 description wuxianwifi

 ip address 10.10.142.1 255.255.254.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif1144

 description wuxianwifi

 ip address 10.10.144.1 255.255.248.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif1152

 description wuxianwifi

 ip address 10.10.152.1 255.255.248.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif1160

 description wuxianwifi

 ip address 10.10.160.1 255.255.248.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif1168

 description wuxianwifi

 ip address 10.10.168.1 255.255.248.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif1176

 description wuxianwifi

 ip address 10.10.176.1 255.255.248.0

 traffic-policy intfaceinpolicy inbound 

#

interface Vlanif1280

 description wuxianwifi

#

interface Vlanif4000

 ip address 172.29.0.109 255.255.255.252

#

interface Vlanif4001

 ip address 172.29.0.153 255.255.255.248

#

interface MEth0/0/0/0

 ip address 1.1.1.1 255.255.255.0

#

interface Eth-Trunk1

 port link-type trunk

 port trunk allow-pass vlan 2 to 4094

 traffic-policy intfaceinpolicy inbound 

#

interface Eth-Trunk2

#

interface Eth-Trunk4

 description to ZhuJiFang_S7703

 port default vlan 1008

 stp edged-port enable

 traffic-policy intfaceinpolicy inbound 

#

interface Eth-Trunk5

 description BeiLouHuiJu

 port link-type trunk

 undo port trunk allow-pass vlan 1

 port trunk allow-pass vlan 2 to 4094

 traffic-policy intfaceinpolicy inbound 

#

interface Eth-Trunk6

 description SHiTangHuiJu

 port link-type trunk

 port trunk allow-pass vlan 2 to 4094

 traffic-policy intfaceinpolicy inbound 

#

interface Eth-Trunk7

 description ZhuSanCeng-HuiJu

 port link-type trunk

 port trunk allow-pass vlan 2 to 4094

 traffic-policy intfaceinpolicy inbound 

#

interface Eth-Trunk8

 description NanLouHuiJu

 port link-type trunk

 port trunk allow-pass vlan 2 to 4094

 mode lacp-dynamic

 traffic-policy intfaceinpolicy inbound 

#

interface Eth-Trunk9

 description ShiXunLouHuiJu

 port default vlan 254

 mode lacp-dynamic

 traffic-policy intfaceinpolicy inbound 

#

interface Eth-Trunk10

 port link-type trunk

 port trunk allow-pass vlan 2 to 4094

 mode lacp-dynamic

 traffic-policy intfaceinpolicy inbound 

#

interface Eth-Trunk11

 port link-type trunk

 port trunk allow-pass vlan 2 to 4094

 mode lacp-dynamic

 traffic-policy intfaceinpolicy inbound 

#

interface Eth-Trunk12

 port link-type trunk

 port trunk pvid vlan 1010

 port trunk allow-pass vlan 2 to 4094

#

interface Eth-Trunk26

 description TO_FireWall_F1020_SSL_VPN

 port link-type trunk

 undo port trunk allow-pass vlan 1

 port trunk allow-pass vlan 1009

#

interface Eth-Trunk27

 description to_webvpn_test

 port default vlan 1010

#

interface Stack-Port1/1

#

interface Stack-Port2/1

#

interface GE1/2/0/0

 port link-type trunk

 port trunk allow-pass vlan 2 to 4094

 device transceiver 1000BASE-X

 negotiation disable

#

interface GE1/2/0/1

#

interface GE1/2/0/2

#

interface GE1/2/0/3

#

interface GE1/2/0/4

#

interface GE1/2/0/5

#

interface GE1/2/0/6

#

interface GE1/2/0/7

#

interface GE1/2/0/8

#

interface GE1/2/0/9

#               

interface GE1/2/0/10

#

interface GE1/2/0/11

#

interface GE1/2/0/12

#

interface GE1/2/0/13

#

interface GE1/2/0/14

#

interface GE1/2/0/15

#

interface GE1/2/0/16

#

interface GE1/2/0/17

#

interface GE1/2/0/18

#

interface GE1/2/0/19

#

interface GE1/2/0/20

#

interface GE1/2/0/21

#

interface GE1/2/0/22

#

interface GE1/2/0/23

#

interface GE1/2/0/24

#

interface GE1/2/0/25

#

interface GE1/2/0/26

#

interface GE1/2/0/27

#

interface GE1/2/0/28

#

interface GE1/2/0/29

#

interface GE1/2/0/30

#

interface GE1/2/0/31

#

interface GE1/2/0/32

#               

interface GE1/2/0/33

#

interface GE1/2/0/34

#

interface GE1/2/0/35

#

interface GE1/2/0/36

#

interface GE1/2/0/37

#

interface GE1/2/0/38

#

interface GE1/2/0/39

#

interface GE1/2/0/40

#

interface GE1/2/0/41

#

interface GE1/2/0/42

#

interface GE1/2/0/43

#

interface GE1/2/0/44

#

interface GE1/2/0/45

#

interface GE1/2/0/46

#

interface GE1/2/0/47

#

interface GE2/2/0/0

#

interface GE2/2/0/1

#

interface GE2/2/0/2

#

interface GE2/2/0/3

#

interface GE2/2/0/4

#

interface GE2/2/0/5

#

interface GE2/2/0/6

#

interface GE2/2/0/7

#               

interface GE2/2/0/8

#

interface GE2/2/0/9

#

interface GE2/2/0/10

#

interface GE2/2/0/11

#

interface GE2/2/0/12

#

interface GE2/2/0/13

#

interface GE2/2/0/14

#

interface GE2/2/0/15

#

interface GE2/2/0/16

#

interface GE2/2/0/17

#

interface GE2/2/0/18

#

interface GE2/2/0/19

#

interface GE2/2/0/20

#

interface GE2/2/0/21

#

interface GE2/2/0/22

#

interface GE2/2/0/23

#

interface GE2/2/0/24

#

interface GE2/2/0/25

#

interface GE2/2/0/26

#

interface GE2/2/0/27

#

interface GE2/2/0/28

#

interface GE2/2/0/29

#

interface GE2/2/0/30

#               

interface GE2/2/0/31

#

interface GE2/2/0/32

#

interface GE2/2/0/33

#

interface GE2/2/0/34

#

interface GE2/2/0/35

#

interface GE2/2/0/36

#

interface GE2/2/0/37

#

interface GE2/2/0/38

#

interface GE2/2/0/39

#

interface GE2/2/0/40

#

interface GE2/2/0/41

#

interface GE2/2/0/42

#

interface GE2/2/0/43

#

interface GE2/2/0/44

#

interface GE2/2/0/45

#

interface GE2/2/0/46

#

interface GE2/2/0/47

#

interface 10GE1/3/0/0

 undo portswitch

 description To_AR6280_172.29.0.77

 ip address 172.29.0.78 255.255.255.252

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

#

interface 10GE1/3/0/1

 description To_xinrui_wifi_ac

 port link-type trunk

 port trunk allow-pass vlan 132 to 133 1128 1136 1138 1140 1142 1144 1152 1160 1168

 port trunk allow-pass vlan 1176

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

 traffic-policy intfaceinpolicy inbound 

#

interface 10GE1/3/0/2

 port default vlan 4000

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

#

interface 10GE1/3/0/3

 port default vlan 1228

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

#

interface 10GE1/3/0/4

 port default vlan 1228

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

 traffic-policy intfaceinpolicy inbound 

#

interface 10GE1/3/0/5

 description to ZhuJiFang_S7703

 eth-trunk 4    

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

#

interface 10GE1/3/0/6

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

#

interface 10GE1/3/0/7

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

#

interface 10GE1/3/0/8

 undo portswitch

 description to xinlouyu

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

 traffic-policy intfaceinpolicy inbound 

#

interface 10GE1/3/0/9

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

#

interface 10GE1/3/0/10

 port default vlan 132

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

#

interface 10GE1/3/0/11

 port default vlan 1040

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

 traffic-policy intfaceinpolicy inbound 

#

interface 10GE1/3/0/12

 eth-trunk 12

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

#

interface 10GE1/3/0/13

 undo portswitch

 ip address 172.29.0.117 255.255.255.252

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

#

interface 10GE1/3/0/14

 undo portswitch

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

 traffic-policy intfaceinpolicy inbound 

#

interface 10GE1/3/0/15

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

#

interface 10GE1/3/0/16

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

#

interface 10GE1/3/0/17

 description to SUNDRAY NMC

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

#

interface 10GE1/3/0/18

 description To_huawei5700

 port default vlan 125

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

#               

interface 10GE1/3/0/19

 port link-type trunk

 port trunk pvid vlan 1010

 undo port trunk allow-pass vlan 1

 port trunk allow-pass vlan 1010

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

#

interface 10GE1/3/0/20

 description to_webvpn_test

 port default vlan 1010

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

#

interface 10GE1/3/0/21

 description TO_FireWall_F1020_SSL_VPN

 eth-trunk 26

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

#

interface 10GE1/3/0/22

 description yikatong

 port default vlan 25

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

#

interface 10GE1/3/0/23

 description TO_H3C_C_83

 port link-type trunk

 port trunk allow-pass vlan 2 to 4094

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

#

interface 10GE1/3/0/24

 description TO H3C_A_005_IMC

 port default vlan 1004

 stp edged-port enable

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

 traffic-policy portalinpolicy inbound 

#

interface 10GE1/3/0/25

#

interface 10GE1/3/0/26

#

interface 10GE1/3/0/27

#

interface 10GE1/3/0/28

#

interface 10GE1/3/0/29

#

interface 10GE1/3/0/30

#

interface 10GE1/3/0/31

#

interface 10GE1/3/0/32

#

interface 10GE1/3/0/33

#

interface 10GE1/3/0/34

#

interface 10GE1/3/0/35

#

interface 10GE1/3/0/36

#

interface 10GE1/3/0/37

#

interface 10GE1/3/0/38

#               

interface 10GE1/3/0/39

#

interface 10GE1/3/0/40

 port default vlan 20

#

interface 10GE1/3/0/41

#

interface 10GE1/3/0/42

#

interface 10GE1/3/0/43

#

interface 10GE1/3/0/44

#

interface 10GE1/3/0/45

#

interface 10GE1/3/0/46

#

interface 10GE1/3/0/47

 port default vlan 4001

#

interface 10GE1/4/0/0

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

 device transceiver 10GBASE-FIBER

#

interface 10GE1/4/0/1

 description TO H3C_A_004

 eth-trunk 1

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

 device transceiver 10GBASE-FIBER

#

interface 10GE1/4/0/2

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

#

interface 10GE1/4/0/3

 description TO H3C_A_001

 port default vlan 1003

 stp edged-port enable

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

 sflow sampling collector 1 

 sflow sampling rate 2000

#

interface 10GE1/4/0/4

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

 device transceiver 10GBASE-FIBER

#

interface 10GE1/4/0/5

 description BeiLouHuiJu

 eth-trunk 5

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

 device transceiver 1000BASE-X

#

interface 10GE1/4/0/6

 description SHiTangHuiJu

 eth-trunk 6

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

 device transceiver 1000BASE-X

#

interface 10GE1/4/0/7

 description ZhuSanCeng-HuiJu

 eth-trunk 7

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

 device transceiver 10GBASE-FIBER

#

interface 10GE1/4/0/8

 description NanLouHuiJu

 eth-trunk 8

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

 device transceiver 1000BASE-X

#

interface 10GE1/4/0/9

 description ShiXunLouHuiJu

 eth-trunk 9

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

 device transceiver 1000BASE-X

#

interface 10GE1/4/0/10

 description to zhaodaisuo

 port link-type trunk

 port trunk allow-pass vlan 2 to 4094

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

 traffic-policy intfaceinpolicy inbound 

 device transceiver 1000BASE-X

#

interface 10GE1/4/0/11

 description TO H3C_B_003_ZHIHUIJIAOSHI

 port link-type trunk

 port trunk allow-pass vlan 2 to 4094

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

 traffic-policy intfaceinpolicy inbound 

 device transceiver 1000BASE-X

#

interface 10GE1/4/0/12

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

#

interface 10GE1/4/0/13

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

 device transceiver 10GBASE-FIBER

#

interface 10GE1/4/0/14

 undo portswitch

 description to xinlouyu

 ip address 172.29.0.113 255.255.255.252

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

 traffic-policy intfaceinpolicy inbound 

 device transceiver 1000BASE-X

#

interface 10GE1/4/0/15

 device transceiver 1000BASE-X

#

interface 10GE1/4/0/16

#

interface 10GE1/4/0/17

 description To_SundrayWIFI_HuiJu

 port link-type trunk

 port trunk allow-pass vlan 132 to 133 1128 1136 1138 1140 1142 1144 1152 1160 1168

 port trunk allow-pass vlan 1176

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

 device transceiver 10GBASE-FIBER

#

interface 10GE1/4/0/18

 port-mirroring observe-port 1 inbound

 port-mirroring observe-port 1 outbound

#

interface 10GE1/4/0/19

 device transceiver 1000BASE-X

#

interface 10GE1/4/0/20

 port mode stack 

 stack-port 1/1

 port crc-statistics trigger error-down

 device transceiver 10GBASE-COPPER

#

interface 10GE1/4/0/21

 port mode stack 

 stack-port 1/1

 port crc-statistics trigger error-down

 device transceiver 10GBASE-COPPER

#

interface 10GE1/4/0/22

 port mode stack 

 stack-port 1/1

 port crc-statistics trigger error-down

 device transceiver 10GBASE-COPPER

#

interface 10GE1/4/0/23

 port mode stack 

 stack-port 1/1

 port crc-statistics trigger error-down

 device transceiver 10GBASE-COPPER

#

interface 10GE2/3/0/0

 undo portswitch

 description To_AR6280_172.29.0.81

 ip address 172.29.0.82 255.255.255.252

 ospf cost 100

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

#

interface 10GE2/3/0/1

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

#

interface 10GE2/3/0/2

 port default vlan 4000

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

#

interface 10GE2/3/0/3

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

#

interface 10GE2/3/0/4

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

#

interface 10GE2/3/0/5

 description to ZhuJiFang_S7703

 eth-trunk 4

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

#

interface 10GE2/3/0/6

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

#

interface 10GE2/3/0/7

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

#

interface 10GE2/3/0/8

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

#

interface 10GE2/3/0/9

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

#

interface 10GE2/3/0/10

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

#

interface 10GE2/3/0/11

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

#

interface 10GE2/3/0/12

 eth-trunk 12

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

#

interface 10GE2/3/0/13

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

#               

interface 10GE2/3/0/14

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

#

interface 10GE2/3/0/15

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

#

interface 10GE2/3/0/16

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

#

interface 10GE2/3/0/17

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

#

interface 10GE2/3/0/18

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

#

interface 10GE2/3/0/19

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

#

interface 10GE2/3/0/20

 description to_webvpn_test

 eth-trunk 27

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

#

interface 10GE2/3/0/21

 eth-trunk 26

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

#

interface 10GE2/3/0/22

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

#

interface 10GE2/3/0/23

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

#

interface 10GE2/3/0/24

 port default vlan 1004

 stp edged-port enable

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

 traffic-policy portalinpolicy inbound 

#

interface 10GE2/3/0/25

#

interface 10GE2/3/0/26

#

interface 10GE2/3/0/27

#

interface 10GE2/3/0/28

#

interface 10GE2/3/0/29

#

interface 10GE2/3/0/30

#

interface 10GE2/3/0/31

#

interface 10GE2/3/0/32

#

interface 10GE2/3/0/33

#

interface 10GE2/3/0/34

#

interface 10GE2/3/0/35

#

interface 10GE2/3/0/36

#

interface 10GE2/3/0/37

#

interface 10GE2/3/0/38

#

interface 10GE2/3/0/39

#

interface 10GE2/3/0/40

#

interface 10GE2/3/0/41

#

interface 10GE2/3/0/42

#

interface 10GE2/3/0/43

#

interface 10GE2/3/0/44

#

interface 10GE2/3/0/45

#               

interface 10GE2/3/0/46

#

interface 10GE2/3/0/47

#

interface 10GE2/4/0/0

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

#

interface 10GE2/4/0/1

 description TO H3C_A_004 B

 eth-trunk 1

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

#

interface 10GE2/4/0/2

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

#

interface 10GE2/4/0/3

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

#

interface 10GE2/4/0/4

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

 device transceiver 10GBASE-FIBER

#

interface 10GE2/4/0/5

 description BeiLouHuiJu

 eth-trunk 5

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

 device transceiver 1000BASE-X

#

interface 10GE2/4/0/6

 description TO H3C_B_004

 eth-trunk 6

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

#

interface 10GE2/4/0/7

 description ZhuSanCeng-HuiJu

 eth-trunk 7

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

 device transceiver 10GBASE-FIBER

#

interface 10GE2/4/0/8

 description NanLouHuiJu

 eth-trunk 8

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

 device transceiver 1000BASE-X

#

interface 10GE2/4/0/9

 description ShiXunLouHuiJu

 eth-trunk 9

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

 device transceiver 1000BASE-X

#

interface 10GE2/4/0/10

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

#

interface 10GE2/4/0/11

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

#               

interface 10GE2/4/0/12

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

#

interface 10GE2/4/0/13

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

 device transceiver 10GBASE-FIBER

#

interface 10GE2/4/0/14

 port-mirroring observe-port 2 inbound

 port-mirroring observe-port 2 outbound

 device transceiver 10GBASE-FIBER

#

interface 10GE2/4/0/15

#

interface 10GE2/4/0/16

#

interface 10GE2/4/0/17

#

interface 10GE2/4/0/18

#

interface 10GE2/4/0/19

 device transceiver 1000BASE-X

#

interface 10GE2/4/0/20

 port mode stack 

 stack-port 2/1

 port crc-statistics trigger error-down

 device transceiver 10GBASE-COPPER

#

interface 10GE2/4/0/21

 port mode stack 

 stack-port 2/1

 port crc-statistics trigger error-down

 device transceiver 10GBASE-COPPER

#

interface 10GE2/4/0/22

 port mode stack 

 stack-port 2/1

 port crc-statistics trigger error-down

 device transceiver 10GBASE-COPPER

#

interface 10GE2/4/0/23

 port mode stack 

 stack-port 2/1 

 port crc-statistics trigger error-down

 device transceiver 10GBASE-COPPER

#

interface LoopBack0

#

interface LoopBack255

 ip address 10.10.255.3 255.255.255.255

#

interface Sip1/5/0/0

#

interface Sip1/5/0/1

#

interface Sip2/5/0/0

#

interface Sip2/5/0/1

#

interface NULL0

#

ospf 1

 asbr-summary 192.168.0.0 255.255.0.0

 import-route direct

 import-route static

 area 0.0.0.0   

  network 172.29.0.12 0.0.0.3

  network 172.29.0.20 0.0.0.3

  network 172.29.0.28 0.0.0.3

  network 172.29.0.36 0.0.0.3

  network 172.29.0.40 0.0.0.3

  network 172.29.0.48 0.0.0.3

  network 172.29.0.56 0.0.0.3

  network 172.29.0.78 0.0.0.0

  network 172.29.0.82 0.0.0.0

#

arp static 192.168.20.239 c8d3-ffc0-023d

#

ip route-static 10.11.0.0 255.255.0.0 172.29.0.114 description to xinlouyu

ip route-static 10.20.0.0 255.255.0.0 172.29.0.50 description TO_Firewall_IPSec_VPN

ip route-static 10.40.0.0 255.255.0.0 172.29.0.122 description TO_fuqingzhuanxian

ip route-static 10.50.0.0 255.255.0.0 172.29.0.50 description to fuxiao

ip route-static 172.16.0.0 255.255.0.0 172.29.0.50 description to fuxiao

ip route-static 172.16.1.0 255.255.255.0 172.29.0.50 description to fuxiao

ip route-static 192.168.0.0 255.255.0.0 172.29.0.50 description TO_FireWall_IPSec_VPN

ip route-static 192.168.32.0 255.255.252.0 172.29.0.50 description TO_FireWall_SSL_VPN

ip route-static 192.168.79.0 255.255.255.0 192.168.254.36

ip route-static 192.168.80.0 255.255.255.0 192.168.254.36

ip route-static 192.168.81.0 255.255.255.0 192.168.254.36

ip route-static 192.168.101.0 255.255.255.0 192.168.254.34 description jiaoxuelou4016

ip route-static 192.168.102.0 255.255.255.0 192.168.254.34 description jiaoxuelou4014

ip route-static 192.168.103.0 255.255.255.0 192.168.254.34 description jiaoxuelou4015

ip route-static 192.168.104.0 255.255.255.0 192.168.254.34 description jiaoxuelou3014caozuojian

ip route-static 192.168.105.0 255.255.255.0 192.168.254.34 description jiaoxuelou3014

ip route-static 192.168.106.0 255.255.255.0 192.168.254.34 description jiaoxuelou3015

ip route-static 192.168.112.0 255.255.255.0 192.168.254.34 description beisan

ip route-static 192.168.132.0 255.255.252.0 192.168.254.10 description zhihuijiaoshiwulianwang132to135

ip route-static 192.168.178.8 255.255.255.255 172.29.0.50 description TO_FireWall_SSL_VPN_GanZhe

ip route-static 192.168.178.250 255.255.255.255 172.29.0.50 description TO_FireWall_SSL_VPN_GanZhe

ip route-static 192.168.179.0 255.255.255.255 172.29.0.50 description TO_FireWall_SSL_VPN_cangshan

ip route-static 192.168.254.6 255.255.255.255 172.29.0.22

#

snmp-agent

snmp-agent local-engineid 800007DB03F47960948401

snmp-agent community read cipher %^%#u{dhM^.qvTRY#SJwEB7"2g98*Ek=78Jvi4;qq/wR5'%f.HLxoD1Kbi@0~kK=g]]@-f\swJ#`}74r^<zQ%^%#

snmp-agent community write cipher %^%#DrS[,R$HwRCJ6@.K#/cUAUza):B;k(j[dmCr2cy1p{=E=<u*LEwHi$AN#+IQK^=[=;5G|R,!aTH>8FD%%^%#

snmp-agent community write cipher %^%#Q7@MYh.bb@][2PR2yB6#E~dR2hNl`=5JAsH0EhM4Cj)@)G*,o0t'51Wcb~:<$$y9>NXzuGg9bU"P>c|C%^%#

#

snmp-agent sys-info version all

snmp-agent community complexity-check disable

snmp-agent target-host trap address udp-domain 192.168.20.100 params securityname cipher %^%#:@)9Dm'tcF$qa{CtiZN.&DQ|!W,j'FG76)3ccYaK%^%#

snmp-agent target-host trap address udp-domain 192.168.20.108 params securityname cipher %^%#>E;CUgTn'.(sC&Gs%Y720s1A#Q4MD:AhDK59{61-%^%# v2c

snmp-agent target-host trap address udp-domain 10.10.235.23 params securityname cipher %^%#(yYM"NBNHOp:y'6[z3zYk^Db*D@Gt=jZb>'b8WG,%^%# v2c

#

snmp-agent usm-user password complexity-check disable

#

snmp-agent trap enable

#

lldp enable

#

stelnet server enable

ssh server acl 3550

ssh authorization-type default aaa

#

ssh server cipher aes256_ctr aes128_ctr

ssh server hmac sha2_256_96 sha2_256 sha1_96

ssh server key-exchange dh_group_exchange_sha256 dh_group_exchange_sha1 ecdh_sha2_nistp256 ecdh_sha2_nistp384 ecdh_sha2_nistp521 sm2_kep

#

ssh server dh-exchange min-len 2048

#

ssh client first-time enable

ssh client peer 172.29.0.118 assign ecc-key 172.29.0.118

ssh client peer 172.29.0.50 assign rsa-key 172.29.0.50

ssh client peer 172.29.0.77 assign ecc-key 172.29.0.77

ssh client peer 172.29.0.81 assign ecc-key 172.29.0.81

#

ssh client cipher aes256_gcm aes128_gcm aes256_ctr aes192_ctr aes128_ctr aes256_cbc aes128_cbc 3des_cbc

#

user-interface con 0

 authentication-mode password

 set authentication password cipher $1c$H)r}P!10L1$["KHVr0-F$Q9:e;>Y${!>>kU>+[.&&Y';U8|P4SH$

#

user-interface vty 0 4

 authentication-mode aaa

 idle-timeout 5 0

#

vm-manager

#

return

<CE12804>           

最佳答案

已采纳
粉丝:0人 关注:0人

1. **traffic behavior deny**会直接丢弃匹配该分类器的流量;
2. traffic behavior permit默认允许流量通过(即使无显式动作);
3. 优先级机制:流量按分类器优先级(precedence值,数值越小优先级越高)依次匹配。当流量同时匹配fangwenkongzhi-3410(precedence 5,行为deny)和neiwanghufang-3420(precedence 10,行为permit)时:
仅执行第一个匹配的规则:高优先级fangwenkongzhi-3410会触发deny动作,流量被丢弃,后续permit行为不再生效。
4. 流量转发结论:只要流量匹配到fangwenkongzhi-3410分类器,无论其他低优先级分类器是否允许,最终结果均为
丢弃

暂无评论

1 个回答
Xcheng 九段
粉丝:132人 关注:3人

摇人吧


都128这种最高规格设备替换了,万一出事没人保障够呛。

暂无评论

编辑答案

你正在编辑答案

如果你要对问题或其他回答进行点评或询问,请使用评论功能。

分享扩散:

提出建议

    +

亲~登录后才可以操作哦!

确定

亲~检测到您登陆的账号未在http://hclhub.h3c.com进行注册

注册后可访问此模块

跳转hclhub

你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作

举报

×

侵犯我的权益 >
对根叔社区有害的内容 >
辱骂、歧视、挑衅等(不友善)

侵犯我的权益

×

泄露了我的隐私 >
侵犯了我企业的权益 >
抄袭了我的内容 >
诽谤我 >
辱骂、歧视、挑衅等(不友善)
骚扰我

泄露了我的隐私

×

您好,当您发现根叔知了上有泄漏您隐私的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您认为哪些内容泄露了您的隐私?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)

侵犯了我企业的权益

×

您好,当您发现根叔知了上有关于您企业的造谣与诽谤、商业侵权等内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到 pub.zhiliao@h3c.com 邮箱,我们会在审核后尽快给您答复。
  • 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
  • 3. 是哪家企业?(营业执照,单位登记证明等证件)
  • 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

抄袭了我的内容

×

原文链接或出处

诽谤我

×

您好,当您发现根叔知了上有诽谤您的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

对根叔社区有害的内容

×

垃圾广告信息
色情、暴力、血腥等违反法律法规的内容
政治敏感
不规范转载 >
辱骂、歧视、挑衅等(不友善)
骚扰我
诱导投票

不规范转载

×

举报说明