华为交换机策略路由替换问题
- 0关注
- 0收藏,1196浏览
问题描述:
traffic behavior deny
deny
#
traffic behavior permit
traffic policy intfaceinpolicy
classifier fangwenkongzhi-3410 behavior deny precedence 5
classifier neiwanghufang-3420 behavior permit precedence 10
classifier mianrenzhengtoline1-3470 behavior permit precedence 15
classifier mianrenzhengtoline2-3480 behavior redirecttoline2 precedence 20
classifier neiwangwangduan-3450 behavior redirecttoportal precedence 25
classifier anyiptopermit-3499 behavior permit precedence 30
traffic classifier 这个正常匹配ACL, traffic behavior 中有个deny 是拒绝流量通过的意思, traffic behavior permit 这个里面没有执行动作是默认perint么?然后如果下进行调用classifier fangwenkongzhi-3410 behavior deny precedence 5 这个是直接拒绝掉了,那classifier neiwanghufang-3420 behavior permit precedence 10 匹配到一起的话,他的流量应该是怎么转发的。还是说因为没有执行动作导致,流量被丢弃
traffic policy intfaceinpolicy
classifier fangwenkongzhi-3410 behavior deny precedence 5
classifier neiwanghufang-3420 behavior permit precedence 10
classifier mianrenzhengtoline1-3470 behavior permit precedence 15
组网及组网描述:
这个是配置文件
<CE12804>
<CE12804>dis cur
!Software Version V200R005C10SPC800
!Last configuration was updated at 2025-04-27 17:51:54+00:00 by administrator
!Last configuration was saved at 2025-04-27 17:52:21+00:00 by administrator
#
sysname CE12804
#
info-center source cfm channel 5 log level warning
info-center loghost 10.10.255.27 channel 6
#
device chassis 1 chassis-type CE12804S-FRAME
device chassis 2 chassis-type CE12804S-FRAME
#
device board 1/5 board-type CE-MPUA-S
device board 1/4 board-type CE-L24XS-EC
device board 1/3 board-type CE-L48XT-EC
device board 2/5 board-type CE-MPUA-S
device board 2/3 board-type CE-L48XT-EC
device board 2/4 board-type CE-L24XS-EC
device board 1/2 board-type CE-L48GS-EA
device board 2/2 board-type CE-L48GS-EA
#
drop-profile default
#
dcb pfc
#
dcb ets-profile default
#
vlan batch 20 to 25 27 32 68 to 83 100 107 to 111 113 to 117 121 to 126 128 132 to 135
vlan batch 153 181 200 254 1003 to 1011 1020 1040 1125 1128 1136
vlan batch 1138 1140 1142 1144 1152 1160 1168 1176 1224 to 1255 1280
vlan batch 4000 to 4001
#
stp mode rstp
stp instance 0 root primary
#
rsa peer-public-key 172.29.0.50
public-key-code begin
308189
028181
00B1E7BB 2DCEFB97 D62D4D09 4394E07E F1DC420D 8C61CC48 C5F1505C DA057E93
772498F8 4FAD7A99 CE01F1C4 9A71203A 1FAAB25D 27B39E8F 442815D1 F648B348
D1D5F590 CB327066 1D847078 05C65414 D339AF1F 3AFB42C6 97A7969D 5FED3770
9A4E1468 5050D56A 4AB63389 6503F448 059E7DB7 BAC7052A CB753C10 18F6709D
43
0203
010001
public-key-code end
peer-public-key end
#
ecc peer-public-key 172.29.0.77
public-key-code begin
045F4F5E A3A0A721 11521C1D 9A94B059 ED28D160 F69DB7C9 59BBC2BF 5DEFF769
D9F1BF89 C5735ECB 4F78CC26 17299966 FF05E90A A2651228 B0426206 52358901
52
public-key-code end
peer-public-key end
#
ecc peer-public-key 172.29.0.81
public-key-code begin
040B33B2 0C2DD5C2 694F00E6 F291C4ED 0825D0EE C9127C02 6179AFEA 5F2DE6A5
1CD966F6 CB40A5F4 8E9D14C4 1F914A73 BB8A8797 2E3682B1 FE4E5420 13E971D6
39
public-key-code end
peer-public-key end
#
ecc peer-public-key 172.29.0.118
public-key-code begin
04D92734 75D5F657 7D7B0FC4 4625FB58 08798973 24883ED1 70F94831 022EA497
38AF022A C5F28655 B60A7A38 AA859466 83200E61 A3D66311 8A669B0A E12E1E2B
65
public-key-code end
peer-public-key end
#
router id 192.168.254.2
#
telnet server disable
telnet ipv6 server disable
#
observe-port 1 interface 10GE1/4/0/19
observe-port 2 interface 10GE2/4/0/19
#
sflow collector 1 ip 192.168.20.100 udp-port 9000 description "CLI Collector"
#
diffserv domain default
#
vlan 20
description GuanLi
#
vlan 25
name yikatong
#
vlan 68
description kaoshiyuanwaiwang
#
vlan 69
description kaoshiyuanxitongzu
#
vlan 100
description Jisuanjijifang_3016
#
vlan 125
description jiaoshijiankong
#
vlan 126
description 5009jifang
#
vlan 1003
description To_SR88
#
vlan 1004
description to_IAG2000-A
#
vlan 1005
description to_F1000S
#
vlan 1006
description To_A004_OSPF
#
vlan 1009
name TO_F1020_SSL_VPN_G1/0/15
#
vlan 1010
description xinyewuguanli
#
vlan 1011
description to_xinlouyu
#
vlan 1040
description to_fuqingzhuanxian
#
acl number 3410
description fangwenkongzhi
#
acl number 3420
description neiwanghufang
rule 91 permit ip source 192.168.75.81 0 destination 192.168.76.249 0
rule 92 permit ip source 192.168.75.85 0 destination 192.168.76.249 0
rule 93 permit ip source 192.168.75.89 0 destination 192.168.76.249 0
rule 94 permit ip source 192.168.77.228 0 destination 192.168.76.249 0
rule 95 permit ip source 192.168.77.242 0 destination 192.168.76.249 0
rule 96 permit ip source 192.168.20.231 0 destination 192.168.76.249 0
rule 97 permit ip source 192.168.75.88 0 destination 192.168.76.249 0
rule 99 deny ip source 10.0.0.0 0.0.255.255 destination 192.168.76.249 0
rule 100 deny ip source 192.168.0.0 0.0.255.255 destination 192.168.76.249 0
rule 105 permit ip source 192.168.0.0 0.0.255.255 destination 192.168.0.0 0.0.255.255
rule 110 permit ip source 192.168.0.0 0.0.255.255 destination 10.0.0.0 0.255.255.255
rule 115 permit ip source 10.0.0.0 0.255.255.255 destination 192.168.0.0 0.0.255.255
rule 120 permit ip source 192.168.0.0 0.0.255.255 destination 172.29.0.0 0.0.0.255
rule 125 permit ip source 172.29.0.0 0.0.0.255 destination 192.168.0.0 0.0.255.255
rule 130 permit ip source 10.0.0.0 0.255.255.255 destination 10.0.0.0 0.255.255.255
rule 135 permit ip source 10.0.0.0 0.255.255.255 destination 172.29.0.0 0.0.0.255
rule 140 permit ip source 172.29.0.0 0.0.0.255 destination 172.29.0.0 0.0.0.255
rule 145 permit ip source 172.29.0.0 0.0.0.255 destination 10.0.0.0 0.255.255.255
rule 150 permit ip source 10.11.33.195 0 destination 192.168.22.189 0
rule 160 deny ip source 192.168.0.0 0.0.255.255 destination 192.168.22.189 0
#
acl number 3450
description neiwangwangduan
rule 100 permit ip source 192.168.0.0 0.0.255.255
rule 110 permit ip source 10.10.0.0 0.0.255.255
rule 120 permit ip source 10.11.0.0 0.0.255.255
#
acl number 3470
description mianrenzhengtoline1
rule 100 permit ip source 172.29.0.0 0.0.255.255
rule 100 description shebeihulian
rule 106 permit ip source 192.168.23.0 0.0.0.255
rule 108 permit ip source 192.168.24.0 0.0.0.255
rule 108 description bodawangzhanqun
rule 1000 permit ip source 10.10.224.0 0.0.31.255
rule 1000 description shuzihuaxiaoyuan_syswin
#
acl number 3480
rule 19 deny ip source 192.168.110.34 0
rule 19 description dianziping
rule 20 permit ip source 10.10.10.0 0.0.0.255
rule 30 permit ip source 192.168.0.0 0.0.255.255
rule 35 permit ip source 10.11.0.0 0.0.255.255
rule 84 permit udp destination 114.114.114.114 0 destination-port eq dns
rule 85 permit udp destination 114.114.114.114 0 destination-port eq dnsix
rule 86 permit tcp destination 114.114.114.114 0 destination-port eq domain
rule 91 permit ip source 192.168.75.81 0 destination 192.168.74.249 0
rule 92 permit ip source 192.168.75.85 0 destination 192.168.74.249 0
rule 93 permit ip source 192.168.75.89 0 destination 192.168.74.249 0
rule 94 permit ip source 192.168.77.228 0 destination 192.168.74.249 0
rule 95 permit ip source 192.168.76.242 0 destination 192.168.74.249 0
rule 96 permit ip source 192.168.20.231 0 destination 192.168.74.249 0
rule 97 permit ip source 192.168.75.88 0 destination 192.168.74.249 0
rule 100 permit ip source 192.168.20.0 0.0.0.127
rule 120 permit ip source 192.168.20.250 0
rule 150 permit ip source 192.168.27.0 0.0.0.255
rule 200 permit ip source 192.168.28.0 0.0.0.255
rule 330 permit ip source 192.168.77.100 0
rule 330 description 11loulubojian
rule 331 permit ip source 192.168.77.101 0
rule 331 description 11loulubojian
rule 332 permit ip source 192.168.77.102 0
rule 332 description 11loulubojian
rule 333 permit ip source 192.168.77.103 0
rule 333 description 11loulubojian
rule 340 deny ip source 192.168.76.242 0
rule 390 permit ip source 192.168.70.248 0
rule 390 description waiyuxi5003
rule 391 permit ip source 192.168.70.249 0
rule 391 description waiyuxi5004
rule 397 permit ip source 192.168.72.221 0
rule 401 permit ip source 192.168.81.160 0.0.0.15
rule 401 description yishuxi A301
rule 403 permit ip source 192.168.128.220 0
rule 403 description shixunlouqiantai
rule 410 permit ip source 192.168.116.117 0
rule 415 permit ip source 192.168.79.0 0.0.0.255
rule 450 permit ip source 10.11.32.40 0
rule 451 permit ip source 10.11.32.41 0
rule 452 permit ip source 10.11.32.42 0
rule 453 permit ip source 10.11.32.43 0
rule 454 permit ip source 10.11.32.98 0
rule 455 permit ip source 10.11.32.129 0
rule 460 permit ip source 192.168.72.29 0
rule 460 description houqinwifi
rule 525 permit ip source 192.168.20.225 0
rule 530 permit ip source 192.168.74.180 0
rule 730 permit ip source 10.11.45.240 0
rule 735 permit ip source 192.168.73.252 0
rule 735 description 1101 dianyingshi
rule 777 permit ip source 192.168.114.100 0
rule 780 permit ip source 10.11.64.167 0
rule 780 description xueshengchu yizhanshipingtai
rule 785 permit ip source 192.168.75.135 0
rule 785 description renshimianrenzheng
rule 786 permit ip source 10.11.40.0 0.0.0.255
rule 786 description chanchanglouyiloulinshi
rule 1700 permit ip source 10.10.128.0 0.0.63.255
rule 1700 description wuxian-mjtc-acrenzheng
rule 1800 permit ip source 10.11.8.0 0.0.7.255
rule 1800 description xinlou-wifirenzheng
#
acl number 3499
description anyiptopermit
rule 0 permit ip
#
acl number 3550
description kongzhifangwenhexin
rule 5 permit ip source 10.10.255.25 0
rule 10 permit ip source 192.168.20.0 0.0.0.255
rule 40 deny ip
#
acl number 23480
#
traffic classifier anyiptopermit-3499 type or
if-match acl 3499
#
traffic classifier fangwenkongzhi-3410 type or
if-match acl 3410
#
traffic classifier mianrenzhengtoline1-3470 type or
if-match acl 3470
#
traffic classifier mianrenzhengtoline2-3480 type or
if-match acl 3480
#
traffic classifier neiwanghufang-3420 type or
if-match acl 3420
#
traffic classifier neiwangwangduan-3450 type or
if-match acl 3450
#
traffic behavior deny
deny
#
traffic behavior permit
#
traffic behavior redirecttoline2
statistics enable
redirect nexthop 172.29.0.110
#
traffic behavior redirecttoportal
redirect nexthop 172.29.0.22
#
traffic policy intfaceinpolicy
classifier fangwenkongzhi-3410 behavior deny precedence 5
classifier neiwanghufang-3420 behavior permit precedence 10
classifier mianrenzhengtoline1-3470 behavior permit precedence 15
classifier mianrenzhengtoline2-3480 behavior redirecttoline2 precedence 20
classifier neiwangwangduan-3450 behavior redirecttoportal precedence 25
classifier anyiptopermit-3499 behavior permit precedence 30
#
traffic policy portalinpolicy
classifier fangwenkongzhi-3410 behavior deny precedence 5
classifier neiwanghufang-3420 behavior permit precedence 10
classifier mianrenzhengtoline1-3470 behavior permit precedence 15
classifier mianrenzhengtoline2-3480 behavior redirecttoline2 precedence 20
classifier neiwangwangduan-3450 behavior redirecttoline2 precedence 25
classifier anyiptopermit-3499 behavior permit precedence 30
#
aaa
local-user policy password min-len 8
undo local-user policy security-enhance
local-user policy password complexity-enhance
local-user policy password expire 90 prompt 10
local-user authentication lock duration 10
local-user administrator password irreversible-cipher $1c$A.QvLZ5Gx=$7/0|$OuBxCrQ"=5'#Pn2(XZx~O^aR6/7o_Da+,2S$
local-user administrator service-type terminal ssh
local-user administrator level 3
local-user administrator access-limit 5
local-user administrator password expire 90
local-user audit01 password irreversible-cipher $1c${^"BVYiyJQ$HMv$2^j3c!ASw_&M;Sa5~tx*)wDNV4d`\&8({)LT$
local-user audit01 service-type ssh
local-user audit01 level 1
local-user audit01 access-limit 5
local-user audit01 password expire 90
local-user sec password irreversible-cipher $1c$6Cu&.|8p1;$$}o}!O@kq+6yzA7%4DnT!@zgT|8Q[;|E%jKg=I|)$
local-user sec service-type ssh
local-user sec level 2
local-user sec access-limit 2
local-user sec password expire 90
#
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
domain default_admin
#
stack
#
stack mode
#
stack member 1 domain 10
stack member 1 priority 150
stack member 1 link-type linecard-direct
#
stack member 2 domain 10
stack member 2 priority 110
stack member 2 link-type linecard-direct
#
interface Vlanif1
shutdown
#
interface Vlanif20
description GuanLi
ip address 192.168.20.254 255.255.255.128
traffic-policy intfaceinpolicy inbound
#
interface Vlanif21
ip address 192.168.21.1 255.255.255.128
#
interface Vlanif22
ip address 192.168.22.1 255.255.255.128
traffic-policy intfaceinpolicy inbound
#
interface Vlanif23
ip address 192.168.23.1 255.255.255.128
traffic-policy intfaceinpolicy inbound
#
interface Vlanif24
ip address 192.168.24.1 255.255.255.128
traffic-policy intfaceinpolicy inbound
#
interface Vlanif25
description yikatong
ip address 192.168.25.1 255.255.255.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif27
ip address 192.168.27.1 255.255.255.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif68
ip address 192.168.68.1 255.255.255.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif69
ip address 192.168.69.1 255.255.255.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif70
ip address 192.168.70.1 255.255.255.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif71
ip address 192.168.71.1 255.255.255.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif72
ip address 192.168.72.1 255.255.255.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif73
ip address 192.168.73.1 255.255.255.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif74
ip address 192.168.74.1 255.255.255.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif75
ip address 192.168.75.1 255.255.255.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif76
ip address 192.168.76.1 255.255.255.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif77
ip address 192.168.77.1 255.255.255.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif78
ip address 192.168.78.1 255.255.255.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif82
ip address 192.168.82.1 255.255.255.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif83
ip address 192.168.83.1 255.255.255.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif100
description Jisuanjijifang_3016
ip address 192.168.100.1 255.255.255.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif107
ip address 192.168.107.1 255.255.255.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif108
ip address 192.168.108.1 255.255.255.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif109
ip address 192.168.109.1 255.255.255.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif110
ip address 192.168.110.1 255.255.255.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif111
ip address 192.168.111.1 255.255.255.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif113
ip address 192.168.113.1 255.255.255.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif114
ip address 192.168.114.1 255.255.255.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif115
ip address 192.168.115.1 255.255.255.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif116
ip address 192.168.116.1 255.255.255.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif117
ip address 192.168.117.1 255.255.255.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif121
ip address 192.168.121.1 255.255.255.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif122
ip address 192.168.122.1 255.255.255.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif123
ip address 192.168.123.1 255.255.255.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif124
ip address 192.168.124.1 255.255.255.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif125
description jiaoshijiankong
ip address 192.168.125.1 255.255.255.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif126
description 5009jifang
ip address 192.168.126.1 255.255.255.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif128
ip address 192.168.128.1 255.255.255.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif254
ip address 192.168.254.1 255.255.255.128
traffic-policy intfaceinpolicy inbound
#
interface Vlanif1003
description To_SR88
ip address 172.29.0.14 255.255.255.252
ospf network-type p2p
#
interface Vlanif1004
description to_IAG2000-A
ip address 172.29.0.21 255.255.255.252
ospf network-type p2p
#
interface Vlanif1005
description to_F1000S
ip address 172.29.0.29 255.255.255.252
ospf network-type p2p
#
interface Vlanif1006
description To_A004_OSPF
ip address 172.29.0.38 255.255.255.252
ospf network-type p2p
#
interface Vlanif1007
#
interface Vlanif1008
ip address 172.29.0.41 255.255.255.252
ospf cost 100
ospf network-type p2p
#
interface Vlanif1009
description TO_F1020_SSL_VPN_G1/0/15
ip address 172.29.0.49 255.255.255.252
#
interface Vlanif1010
description xinyewuguanli
ip address 10.10.10.1 255.255.255.0
ospf cost 100
ospf network-type p2p
traffic-policy intfaceinpolicy inbound
#
interface Vlanif1011
#
interface Vlanif1020
description hexinyewu
ip address 10.10.20.1 255.255.255.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif1040
ip address 172.29.0.121 255.255.255.252
#
interface Vlanif1125
#
interface Vlanif1128
description wuxianwifi
ip address 10.10.128.1 255.255.254.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif1136
description wuxianwifi
ip address 10.10.136.1 255.255.254.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif1138
description wuxianwifi
ip address 10.10.138.1 255.255.254.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif1140
description wuxianwifi
ip address 10.10.140.1 255.255.254.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif1142
description wuxianwifi
ip address 10.10.142.1 255.255.254.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif1144
description wuxianwifi
ip address 10.10.144.1 255.255.248.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif1152
description wuxianwifi
ip address 10.10.152.1 255.255.248.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif1160
description wuxianwifi
ip address 10.10.160.1 255.255.248.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif1168
description wuxianwifi
ip address 10.10.168.1 255.255.248.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif1176
description wuxianwifi
ip address 10.10.176.1 255.255.248.0
traffic-policy intfaceinpolicy inbound
#
interface Vlanif1280
description wuxianwifi
#
interface Vlanif4000
ip address 172.29.0.109 255.255.255.252
#
interface Vlanif4001
ip address 172.29.0.153 255.255.255.248
#
interface MEth0/0/0/0
ip address 1.1.1.1 255.255.255.0
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
traffic-policy intfaceinpolicy inbound
#
interface Eth-Trunk2
#
interface Eth-Trunk4
description to ZhuJiFang_S7703
port default vlan 1008
stp edged-port enable
traffic-policy intfaceinpolicy inbound
#
interface Eth-Trunk5
description BeiLouHuiJu
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
traffic-policy intfaceinpolicy inbound
#
interface Eth-Trunk6
description SHiTangHuiJu
port link-type trunk
port trunk allow-pass vlan 2 to 4094
traffic-policy intfaceinpolicy inbound
#
interface Eth-Trunk7
description ZhuSanCeng-HuiJu
port link-type trunk
port trunk allow-pass vlan 2 to 4094
traffic-policy intfaceinpolicy inbound
#
interface Eth-Trunk8
description NanLouHuiJu
port link-type trunk
port trunk allow-pass vlan 2 to 4094
mode lacp-dynamic
traffic-policy intfaceinpolicy inbound
#
interface Eth-Trunk9
description ShiXunLouHuiJu
port default vlan 254
mode lacp-dynamic
traffic-policy intfaceinpolicy inbound
#
interface Eth-Trunk10
port link-type trunk
port trunk allow-pass vlan 2 to 4094
mode lacp-dynamic
traffic-policy intfaceinpolicy inbound
#
interface Eth-Trunk11
port link-type trunk
port trunk allow-pass vlan 2 to 4094
mode lacp-dynamic
traffic-policy intfaceinpolicy inbound
#
interface Eth-Trunk12
port link-type trunk
port trunk pvid vlan 1010
port trunk allow-pass vlan 2 to 4094
#
interface Eth-Trunk26
description TO_FireWall_F1020_SSL_VPN
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 1009
#
interface Eth-Trunk27
description to_webvpn_test
port default vlan 1010
#
interface Stack-Port1/1
#
interface Stack-Port2/1
#
interface GE1/2/0/0
port link-type trunk
port trunk allow-pass vlan 2 to 4094
device transceiver 1000BASE-X
negotiation disable
#
interface GE1/2/0/1
#
interface GE1/2/0/2
#
interface GE1/2/0/3
#
interface GE1/2/0/4
#
interface GE1/2/0/5
#
interface GE1/2/0/6
#
interface GE1/2/0/7
#
interface GE1/2/0/8
#
interface GE1/2/0/9
#
interface GE1/2/0/10
#
interface GE1/2/0/11
#
interface GE1/2/0/12
#
interface GE1/2/0/13
#
interface GE1/2/0/14
#
interface GE1/2/0/15
#
interface GE1/2/0/16
#
interface GE1/2/0/17
#
interface GE1/2/0/18
#
interface GE1/2/0/19
#
interface GE1/2/0/20
#
interface GE1/2/0/21
#
interface GE1/2/0/22
#
interface GE1/2/0/23
#
interface GE1/2/0/24
#
interface GE1/2/0/25
#
interface GE1/2/0/26
#
interface GE1/2/0/27
#
interface GE1/2/0/28
#
interface GE1/2/0/29
#
interface GE1/2/0/30
#
interface GE1/2/0/31
#
interface GE1/2/0/32
#
interface GE1/2/0/33
#
interface GE1/2/0/34
#
interface GE1/2/0/35
#
interface GE1/2/0/36
#
interface GE1/2/0/37
#
interface GE1/2/0/38
#
interface GE1/2/0/39
#
interface GE1/2/0/40
#
interface GE1/2/0/41
#
interface GE1/2/0/42
#
interface GE1/2/0/43
#
interface GE1/2/0/44
#
interface GE1/2/0/45
#
interface GE1/2/0/46
#
interface GE1/2/0/47
#
interface GE2/2/0/0
#
interface GE2/2/0/1
#
interface GE2/2/0/2
#
interface GE2/2/0/3
#
interface GE2/2/0/4
#
interface GE2/2/0/5
#
interface GE2/2/0/6
#
interface GE2/2/0/7
#
interface GE2/2/0/8
#
interface GE2/2/0/9
#
interface GE2/2/0/10
#
interface GE2/2/0/11
#
interface GE2/2/0/12
#
interface GE2/2/0/13
#
interface GE2/2/0/14
#
interface GE2/2/0/15
#
interface GE2/2/0/16
#
interface GE2/2/0/17
#
interface GE2/2/0/18
#
interface GE2/2/0/19
#
interface GE2/2/0/20
#
interface GE2/2/0/21
#
interface GE2/2/0/22
#
interface GE2/2/0/23
#
interface GE2/2/0/24
#
interface GE2/2/0/25
#
interface GE2/2/0/26
#
interface GE2/2/0/27
#
interface GE2/2/0/28
#
interface GE2/2/0/29
#
interface GE2/2/0/30
#
interface GE2/2/0/31
#
interface GE2/2/0/32
#
interface GE2/2/0/33
#
interface GE2/2/0/34
#
interface GE2/2/0/35
#
interface GE2/2/0/36
#
interface GE2/2/0/37
#
interface GE2/2/0/38
#
interface GE2/2/0/39
#
interface GE2/2/0/40
#
interface GE2/2/0/41
#
interface GE2/2/0/42
#
interface GE2/2/0/43
#
interface GE2/2/0/44
#
interface GE2/2/0/45
#
interface GE2/2/0/46
#
interface GE2/2/0/47
#
interface 10GE1/3/0/0
undo portswitch
description To_AR6280_172.29.0.77
ip address 172.29.0.78 255.255.255.252
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
#
interface 10GE1/3/0/1
description To_xinrui_wifi_ac
port link-type trunk
port trunk allow-pass vlan 132 to 133 1128 1136 1138 1140 1142 1144 1152 1160 1168
port trunk allow-pass vlan 1176
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
traffic-policy intfaceinpolicy inbound
#
interface 10GE1/3/0/2
port default vlan 4000
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
#
interface 10GE1/3/0/3
port default vlan 1228
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
#
interface 10GE1/3/0/4
port default vlan 1228
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
traffic-policy intfaceinpolicy inbound
#
interface 10GE1/3/0/5
description to ZhuJiFang_S7703
eth-trunk 4
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
#
interface 10GE1/3/0/6
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
#
interface 10GE1/3/0/7
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
#
interface 10GE1/3/0/8
undo portswitch
description to xinlouyu
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
traffic-policy intfaceinpolicy inbound
#
interface 10GE1/3/0/9
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
#
interface 10GE1/3/0/10
port default vlan 132
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
#
interface 10GE1/3/0/11
port default vlan 1040
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
traffic-policy intfaceinpolicy inbound
#
interface 10GE1/3/0/12
eth-trunk 12
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
#
interface 10GE1/3/0/13
undo portswitch
ip address 172.29.0.117 255.255.255.252
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
#
interface 10GE1/3/0/14
undo portswitch
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
traffic-policy intfaceinpolicy inbound
#
interface 10GE1/3/0/15
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
#
interface 10GE1/3/0/16
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
#
interface 10GE1/3/0/17
description to SUNDRAY NMC
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
#
interface 10GE1/3/0/18
description To_huawei5700
port default vlan 125
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
#
interface 10GE1/3/0/19
port link-type trunk
port trunk pvid vlan 1010
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 1010
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
#
interface 10GE1/3/0/20
description to_webvpn_test
port default vlan 1010
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
#
interface 10GE1/3/0/21
description TO_FireWall_F1020_SSL_VPN
eth-trunk 26
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
#
interface 10GE1/3/0/22
description yikatong
port default vlan 25
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
#
interface 10GE1/3/0/23
description TO_H3C_C_83
port link-type trunk
port trunk allow-pass vlan 2 to 4094
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
#
interface 10GE1/3/0/24
description TO H3C_A_005_IMC
port default vlan 1004
stp edged-port enable
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
traffic-policy portalinpolicy inbound
#
interface 10GE1/3/0/25
#
interface 10GE1/3/0/26
#
interface 10GE1/3/0/27
#
interface 10GE1/3/0/28
#
interface 10GE1/3/0/29
#
interface 10GE1/3/0/30
#
interface 10GE1/3/0/31
#
interface 10GE1/3/0/32
#
interface 10GE1/3/0/33
#
interface 10GE1/3/0/34
#
interface 10GE1/3/0/35
#
interface 10GE1/3/0/36
#
interface 10GE1/3/0/37
#
interface 10GE1/3/0/38
#
interface 10GE1/3/0/39
#
interface 10GE1/3/0/40
port default vlan 20
#
interface 10GE1/3/0/41
#
interface 10GE1/3/0/42
#
interface 10GE1/3/0/43
#
interface 10GE1/3/0/44
#
interface 10GE1/3/0/45
#
interface 10GE1/3/0/46
#
interface 10GE1/3/0/47
port default vlan 4001
#
interface 10GE1/4/0/0
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
device transceiver 10GBASE-FIBER
#
interface 10GE1/4/0/1
description TO H3C_A_004
eth-trunk 1
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
device transceiver 10GBASE-FIBER
#
interface 10GE1/4/0/2
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
#
interface 10GE1/4/0/3
description TO H3C_A_001
port default vlan 1003
stp edged-port enable
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
sflow sampling collector 1
sflow sampling rate 2000
#
interface 10GE1/4/0/4
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
device transceiver 10GBASE-FIBER
#
interface 10GE1/4/0/5
description BeiLouHuiJu
eth-trunk 5
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
device transceiver 1000BASE-X
#
interface 10GE1/4/0/6
description SHiTangHuiJu
eth-trunk 6
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
device transceiver 1000BASE-X
#
interface 10GE1/4/0/7
description ZhuSanCeng-HuiJu
eth-trunk 7
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
device transceiver 10GBASE-FIBER
#
interface 10GE1/4/0/8
description NanLouHuiJu
eth-trunk 8
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
device transceiver 1000BASE-X
#
interface 10GE1/4/0/9
description ShiXunLouHuiJu
eth-trunk 9
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
device transceiver 1000BASE-X
#
interface 10GE1/4/0/10
description to zhaodaisuo
port link-type trunk
port trunk allow-pass vlan 2 to 4094
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
traffic-policy intfaceinpolicy inbound
device transceiver 1000BASE-X
#
interface 10GE1/4/0/11
description TO H3C_B_003_ZHIHUIJIAOSHI
port link-type trunk
port trunk allow-pass vlan 2 to 4094
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
traffic-policy intfaceinpolicy inbound
device transceiver 1000BASE-X
#
interface 10GE1/4/0/12
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
#
interface 10GE1/4/0/13
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
device transceiver 10GBASE-FIBER
#
interface 10GE1/4/0/14
undo portswitch
description to xinlouyu
ip address 172.29.0.113 255.255.255.252
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
traffic-policy intfaceinpolicy inbound
device transceiver 1000BASE-X
#
interface 10GE1/4/0/15
device transceiver 1000BASE-X
#
interface 10GE1/4/0/16
#
interface 10GE1/4/0/17
description To_SundrayWIFI_HuiJu
port link-type trunk
port trunk allow-pass vlan 132 to 133 1128 1136 1138 1140 1142 1144 1152 1160 1168
port trunk allow-pass vlan 1176
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
device transceiver 10GBASE-FIBER
#
interface 10GE1/4/0/18
port-mirroring observe-port 1 inbound
port-mirroring observe-port 1 outbound
#
interface 10GE1/4/0/19
device transceiver 1000BASE-X
#
interface 10GE1/4/0/20
port mode stack
stack-port 1/1
port crc-statistics trigger error-down
device transceiver 10GBASE-COPPER
#
interface 10GE1/4/0/21
port mode stack
stack-port 1/1
port crc-statistics trigger error-down
device transceiver 10GBASE-COPPER
#
interface 10GE1/4/0/22
port mode stack
stack-port 1/1
port crc-statistics trigger error-down
device transceiver 10GBASE-COPPER
#
interface 10GE1/4/0/23
port mode stack
stack-port 1/1
port crc-statistics trigger error-down
device transceiver 10GBASE-COPPER
#
interface 10GE2/3/0/0
undo portswitch
description To_AR6280_172.29.0.81
ip address 172.29.0.82 255.255.255.252
ospf cost 100
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
#
interface 10GE2/3/0/1
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
#
interface 10GE2/3/0/2
port default vlan 4000
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
#
interface 10GE2/3/0/3
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
#
interface 10GE2/3/0/4
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
#
interface 10GE2/3/0/5
description to ZhuJiFang_S7703
eth-trunk 4
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
#
interface 10GE2/3/0/6
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
#
interface 10GE2/3/0/7
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
#
interface 10GE2/3/0/8
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
#
interface 10GE2/3/0/9
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
#
interface 10GE2/3/0/10
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
#
interface 10GE2/3/0/11
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
#
interface 10GE2/3/0/12
eth-trunk 12
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
#
interface 10GE2/3/0/13
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
#
interface 10GE2/3/0/14
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
#
interface 10GE2/3/0/15
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
#
interface 10GE2/3/0/16
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
#
interface 10GE2/3/0/17
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
#
interface 10GE2/3/0/18
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
#
interface 10GE2/3/0/19
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
#
interface 10GE2/3/0/20
description to_webvpn_test
eth-trunk 27
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
#
interface 10GE2/3/0/21
eth-trunk 26
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
#
interface 10GE2/3/0/22
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
#
interface 10GE2/3/0/23
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
#
interface 10GE2/3/0/24
port default vlan 1004
stp edged-port enable
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
traffic-policy portalinpolicy inbound
#
interface 10GE2/3/0/25
#
interface 10GE2/3/0/26
#
interface 10GE2/3/0/27
#
interface 10GE2/3/0/28
#
interface 10GE2/3/0/29
#
interface 10GE2/3/0/30
#
interface 10GE2/3/0/31
#
interface 10GE2/3/0/32
#
interface 10GE2/3/0/33
#
interface 10GE2/3/0/34
#
interface 10GE2/3/0/35
#
interface 10GE2/3/0/36
#
interface 10GE2/3/0/37
#
interface 10GE2/3/0/38
#
interface 10GE2/3/0/39
#
interface 10GE2/3/0/40
#
interface 10GE2/3/0/41
#
interface 10GE2/3/0/42
#
interface 10GE2/3/0/43
#
interface 10GE2/3/0/44
#
interface 10GE2/3/0/45
#
interface 10GE2/3/0/46
#
interface 10GE2/3/0/47
#
interface 10GE2/4/0/0
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
#
interface 10GE2/4/0/1
description TO H3C_A_004 B
eth-trunk 1
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
#
interface 10GE2/4/0/2
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
#
interface 10GE2/4/0/3
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
#
interface 10GE2/4/0/4
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
device transceiver 10GBASE-FIBER
#
interface 10GE2/4/0/5
description BeiLouHuiJu
eth-trunk 5
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
device transceiver 1000BASE-X
#
interface 10GE2/4/0/6
description TO H3C_B_004
eth-trunk 6
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
#
interface 10GE2/4/0/7
description ZhuSanCeng-HuiJu
eth-trunk 7
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
device transceiver 10GBASE-FIBER
#
interface 10GE2/4/0/8
description NanLouHuiJu
eth-trunk 8
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
device transceiver 1000BASE-X
#
interface 10GE2/4/0/9
description ShiXunLouHuiJu
eth-trunk 9
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
device transceiver 1000BASE-X
#
interface 10GE2/4/0/10
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
#
interface 10GE2/4/0/11
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
#
interface 10GE2/4/0/12
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
#
interface 10GE2/4/0/13
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
device transceiver 10GBASE-FIBER
#
interface 10GE2/4/0/14
port-mirroring observe-port 2 inbound
port-mirroring observe-port 2 outbound
device transceiver 10GBASE-FIBER
#
interface 10GE2/4/0/15
#
interface 10GE2/4/0/16
#
interface 10GE2/4/0/17
#
interface 10GE2/4/0/18
#
interface 10GE2/4/0/19
device transceiver 1000BASE-X
#
interface 10GE2/4/0/20
port mode stack
stack-port 2/1
port crc-statistics trigger error-down
device transceiver 10GBASE-COPPER
#
interface 10GE2/4/0/21
port mode stack
stack-port 2/1
port crc-statistics trigger error-down
device transceiver 10GBASE-COPPER
#
interface 10GE2/4/0/22
port mode stack
stack-port 2/1
port crc-statistics trigger error-down
device transceiver 10GBASE-COPPER
#
interface 10GE2/4/0/23
port mode stack
stack-port 2/1
port crc-statistics trigger error-down
device transceiver 10GBASE-COPPER
#
interface LoopBack0
#
interface LoopBack255
ip address 10.10.255.3 255.255.255.255
#
interface Sip1/5/0/0
#
interface Sip1/5/0/1
#
interface Sip2/5/0/0
#
interface Sip2/5/0/1
#
interface NULL0
#
ospf 1
asbr-summary 192.168.0.0 255.255.0.0
import-route direct
import-route static
area 0.0.0.0
network 172.29.0.12 0.0.0.3
network 172.29.0.20 0.0.0.3
network 172.29.0.28 0.0.0.3
network 172.29.0.36 0.0.0.3
network 172.29.0.40 0.0.0.3
network 172.29.0.48 0.0.0.3
network 172.29.0.56 0.0.0.3
network 172.29.0.78 0.0.0.0
network 172.29.0.82 0.0.0.0
#
arp static 192.168.20.239 c8d3-ffc0-023d
#
ip route-static 10.11.0.0 255.255.0.0 172.29.0.114 description to xinlouyu
ip route-static 10.20.0.0 255.255.0.0 172.29.0.50 description TO_Firewall_IPSec_VPN
ip route-static 10.40.0.0 255.255.0.0 172.29.0.122 description TO_fuqingzhuanxian
ip route-static 10.50.0.0 255.255.0.0 172.29.0.50 description to fuxiao
ip route-static 172.16.0.0 255.255.0.0 172.29.0.50 description to fuxiao
ip route-static 172.16.1.0 255.255.255.0 172.29.0.50 description to fuxiao
ip route-static 192.168.0.0 255.255.0.0 172.29.0.50 description TO_FireWall_IPSec_VPN
ip route-static 192.168.32.0 255.255.252.0 172.29.0.50 description TO_FireWall_SSL_VPN
ip route-static 192.168.79.0 255.255.255.0 192.168.254.36
ip route-static 192.168.80.0 255.255.255.0 192.168.254.36
ip route-static 192.168.81.0 255.255.255.0 192.168.254.36
ip route-static 192.168.101.0 255.255.255.0 192.168.254.34 description jiaoxuelou4016
ip route-static 192.168.102.0 255.255.255.0 192.168.254.34 description jiaoxuelou4014
ip route-static 192.168.103.0 255.255.255.0 192.168.254.34 description jiaoxuelou4015
ip route-static 192.168.104.0 255.255.255.0 192.168.254.34 description jiaoxuelou3014caozuojian
ip route-static 192.168.105.0 255.255.255.0 192.168.254.34 description jiaoxuelou3014
ip route-static 192.168.106.0 255.255.255.0 192.168.254.34 description jiaoxuelou3015
ip route-static 192.168.112.0 255.255.255.0 192.168.254.34 description beisan
ip route-static 192.168.132.0 255.255.252.0 192.168.254.10 description zhihuijiaoshiwulianwang132to135
ip route-static 192.168.178.8 255.255.255.255 172.29.0.50 description TO_FireWall_SSL_VPN_GanZhe
ip route-static 192.168.178.250 255.255.255.255 172.29.0.50 description TO_FireWall_SSL_VPN_GanZhe
ip route-static 192.168.179.0 255.255.255.255 172.29.0.50 description TO_FireWall_SSL_VPN_cangshan
ip route-static 192.168.254.6 255.255.255.255 172.29.0.22
#
snmp-agent
snmp-agent local-engineid 800007DB03F47960948401
snmp-agent community read cipher %^%#u{dhM^.qvTRY#SJwEB7"2g98*Ek=78Jvi4;qq/wR5'%f.HLxoD1Kbi@0~kK=g]]@-f\swJ#`}74r^<zQ%^%#
snmp-agent community write cipher %^%#DrS[,R$HwRCJ6@.K#/cUAUza):B;k(j[dmCr2cy1p{=E=<u*LEwHi$AN#+IQK^=[=;5G|R,!aTH>8FD%%^%#
snmp-agent community write cipher %^%#Q7@MYh.bb@][2PR2yB6#E~dR2hNl`=5JAsH0EhM4Cj)@)G*,o0t'51Wcb~:<$$y9>NXzuGg9bU"P>c|C%^%#
#
snmp-agent sys-info version all
snmp-agent community complexity-check disable
snmp-agent target-host trap address udp-domain 192.168.20.100 params securityname cipher %^%#:@)9Dm'tcF$qa{CtiZN.&DQ|!W,j'FG76)3ccYaK%^%#
snmp-agent target-host trap address udp-domain 192.168.20.108 params securityname cipher %^%#>E;CUgTn'.(sC&Gs%Y720s1A#Q4MD:AhDK59{61-%^%# v2c
snmp-agent target-host trap address udp-domain 10.10.235.23 params securityname cipher %^%#(yYM"NBNHOp:y'6[z3zYk^Db*D@Gt=jZb>'b8WG,%^%# v2c
#
snmp-agent usm-user password complexity-check disable
#
snmp-agent trap enable
#
lldp enable
#
stelnet server enable
ssh server acl 3550
ssh authorization-type default aaa
#
ssh server cipher aes256_ctr aes128_ctr
ssh server hmac sha2_256_96 sha2_256 sha1_96
ssh server key-exchange dh_group_exchange_sha256 dh_group_exchange_sha1 ecdh_sha2_nistp256 ecdh_sha2_nistp384 ecdh_sha2_nistp521 sm2_kep
#
ssh server dh-exchange min-len 2048
#
ssh client first-time enable
ssh client peer 172.29.0.118 assign ecc-key 172.29.0.118
ssh client peer 172.29.0.50 assign rsa-key 172.29.0.50
ssh client peer 172.29.0.77 assign ecc-key 172.29.0.77
ssh client peer 172.29.0.81 assign ecc-key 172.29.0.81
#
ssh client cipher aes256_gcm aes128_gcm aes256_ctr aes192_ctr aes128_ctr aes256_cbc aes128_cbc 3des_cbc
#
user-interface con 0
authentication-mode password
set authentication password cipher $1c$H)r}P!10L1$["KHVr0-F$Q9:e;>Y${!>>kU>+[.&&Y';U8|P4SH$
#
user-interface vty 0 4
authentication-mode aaa
idle-timeout 5 0
#
vm-manager
#
return
<CE12804>
- 2025-05-11提问
- 举报
-
(0)
最佳答案
1. **traffic behavior deny**会直接丢弃匹配该分类器的流量;
2. traffic behavior permit默认允许流量通过(即使无显式动作);
3. 优先级机制:流量按分类器优先级(precedence值,数值越小优先级越高)依次匹配。当流量同时匹配fangwenkongzhi-3410(precedence 5,行为deny)和neiwanghufang-3420(precedence 10,行为permit)时:
仅执行第一个匹配的规则:高优先级fangwenkongzhi-3410会触发deny动作,流量被丢弃,后续permit行为不再生效。
4. 流量转发结论:只要流量匹配到fangwenkongzhi-3410分类器,无论其他低优先级分类器是否允许,最终结果均为丢弃。
- 2025-05-11回答
- 评论(0)
- 举报
-
(0)
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论