问题描述:
1.以下是网络配置,这两个各设备哪个更好
2.求网络配置文档
display current-configuration
#
version 5.20, Release 3733
#
sysname JSLH-F1000
#
l2tp enable
l2tpmoreexam enable
#
undo voice vlan mac-address 00e0-bb00-0000
#
interzone policy default by-priority
#
nat address-group 1
#
domain default enable system
#
telnet server enable
#
qos carl 1 source-ip-address range
qos carl 2 destination-ip-address range
qos carl 3 source-ip-address range per-address
qos carl 4 destination-ip-address range per-address
qos carl 5 source-ip-address range per-address
qos carl 6 destination-ip-address range per-address
qos carl 7 source-ip-address range xx
qos carl 8 destination-ip-address range xx
#
ip http port 81
#
undo alg dns
undo alg rtsp
undo alg h323
undo alg sip
undo alg sqlnet
undo alg pptp
undo alg ils
undo alg nbt
undo alg msn
undo alg qq
undo alg tftp
undo alg sccp
undo alg gtp
#
session synchronization enable
#
password-recovery enable
#
acl number 3000
rule 1 deny ip sourcexxxxxxdestination xxxxxxx
acl number 3100
rule 5 permit ip sourcexxxxdestination xxxxxxxx
vlan 1
#
vlan 100
#
domain sxjr
authentication ppp local
access-limit disable
state active
idle-cut disable
self-service-url disable
ip pool 1 xxxxxxx
domain system
authentication ppp local
access-limit disable
state active
idle-cut disable
self-service-url disable
ip pool 1 xxxxxxxx
pki domain default
crl check disable
#
ike peer peer
pre-shared-key cipher $c$3$v7AqYdm2h+fjCSJgSqVE8V6u7avrg3F9EUI=
remote-address xxxxx
#
ipsec transform-set 1
encapsulation-mode tunnel
transform esp
esp authentication-algorithm sha1
esp encryption-algorithm des
#
ipsec policy 1 10 isakmp
security acl 3100
ike-peer peer
transform-set 1
sa duration traffic-based 1843200
sa duration time-based 3600
#
traffic classifier suidao operator and
if-match acl 3100
#
traffic behavior suidao
remark ip-precedence 7
filter permit
#
qos policy suidao
classifier suidao behavior suidao
#
user-group system
group-attribute allow-guest
#
local-user JSLH08
password cipher $c$3$glgq+XspbZFN/Y329PClU6rZ8idnAEvyqWkWYA==
service-type ppp
local-user JSLH09
password cipher $c$3$7jKGhMfteeUH3osXNVfUscHkmgD0ULhMx+Rr/Q==
service-type ppp
local-user JSLH10
password cipher $c$3$vcoxyGRHUU8XUkTO/jO+aoA/x2XO9pm3QpJGgg==
service-type ppp
local-user admin
password cipher $c$3$kLm3gLYIU4QcIkPLZR2k9Vm3bmrVR9w6ce6fuFI=
authorization-attribute level 3
service-type telnet
service-type web
local-user dtjslh
password cipher $c$3$JBCOgWEdBIGzYDYiAYieEPD15pqp6SEDYg==
service-type ppp
#
l2tp-group 1
allow l2tp virtual-template 1
tunnel name LNS
#
l2tp-group 2
allow l2tp virtual-template 2 remote TP-LINK_Router_TL-WVR300 domain sxjr
#
interface Virtual-Template1
ppp authentication-mode chap domain system
remote address pool 1
ip address 192.168.10.1 255.255.255.0
#
interface Virtual-Template2
ppp authentication-mode chap domain sxjr
remote address pool 1
ip address 192.168.20.1 255.255.255.0
#
interface NULL0
#
interface GigabitEthernet0/0
port link-mode route
ip address 192.168.0.1 255.255.255.0
qos car inbound carl 7 cir 4000 cbs 250000 ebs 0 green pass red discard
qos car inbound carl 5 cir 2000 cbs 125000 ebs 0 green pass red discard
qos car outbound carl 8 cir 4000 cbs 250000 ebs 0 green pass red discard
qos car outbound carl 6 cir 2000 cbs 125000 ebs 0 green pass red discard
#
interface GigabitEthernet0/1
port link-mode route
description TO-hexin5700
nat outbound 3000 address-group 1
nat server protocol tcp global xxxxxxx
ip address xxxxxxxxxxxx
ip address xxxxxxxxxxxxxxxxxxxsub
ip address xxxxxxxxxxxxxsub
ip address xxxxxxxxxxxxxxxxxsub
ip address xxxxxxxxxxxxxxxxxsub
qos apply policy suidao inbound
ipsec policy 1
#
interface GigabitEthernet0/11
port link-mode route
#
interface GigabitEthernet0/2
port link-mode bridge
port access vlan 100
#
interface GigabitEthernet0/3
port link-mode bridge
port access vlan 100
#
interface GigabitEthernet0/4
port link-mode bridge
port access vlan 100
#
interface GigabitEthernet0/5
port link-mode bridge
port access vlan 100
#
vd Root id 1
#
zone name Management id 0
priority 100
import interface GigabitEthernet0/0
zone name Local id 1
priority 100
zone name Trust id 2
priority 85
import interface GigabitEthernet0/1
import interface GigabitEthernet0/2 vlan 100
import interface GigabitEthernet0/3 vlan 100
import interface GigabitEthernet0/4 vlan 100
import interface GigabitEthernet0/5 vlan 100
zone name DMZ id 3
priority 50
zone name Untrust id 4
priority 5
import interface GigabitEthernet0/10
import interface GigabitEthernet0/11
import interface Virtual-Template1
import interface Virtual-Template2
switchto vd Root
zone name Management id 0
ip virtual-reassembly
zone name Local id 1
ip virtual-reassembly
zone name Trust id 2
ip virtual-reassembly
zone name DMZ id 3
ip virtual-reassembly
zone name Untrust id 4
ip virtual-reassembly
interzone source Trust destination Untrust
rule 0 permit
source-ip any_address
destination-ip any_address
service any_service
rule enable
interzone source Untrust destination Trust
rule 0 permit
source-ip any_address
destination-ip any_address
service any_service
rule enable
#
ip route-static 0.0.0.0 0.0.0.0 121.30.233.105
#
- 2019-03-26提问
- 举报
-
(0)
最佳答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论