h3c路由器吧 关注:21贴子:18
- 4回复贴,共1页
配置如下:麻烦高手给指点
#
version 5.20, Release 2511P02
#
sysname H3C
#
super password level 3 hash cipher $h$6$S*********$ENKYXBOEJTv/w/nqKBv2U1lSmxZVH8gGMWaDs6mWlG9BusUrPYX9jR/4YT3BbDYI8AMc26HyroTuN/uZ/S+ffA==
#
tcp syn-cookie enable
tcp anti-naptha enable
tcp state closing connection-number 500
tcp state established connection-number 500
tcp state fin-wait-1 connection-number 500
tcp state fin-wait-2 connection-number 500
tcp state last-ack connection-number 500
tcp state syn-received connection-number 500
#
info-center source default channel 2 log level errors
info-center source default channel 9 log level errors
#
domain default enable system
#
dns resolve
dns proxy enable
dns server 202.96.64.68
dns server 202.96.69.38
dns spoofing 202.96.64.68
#
bridge enable
bridge 1 enable
#
telnet server enable
#
dar p2p signature-file flash:/p2p_default.mtd
#
port-security enable
#
ip http acl 199
ip http port 8080
#
password-recovery enable
#
blacklist enable
#
acl number 199
rule 0 deny ssid ChinaNet-B180
rule 65534 permit
#
acl number 3400
rule 0 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.1.11 0 destination-port eq www
#
vlan 1
arp-snooping enable
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
dhcp server ip-pool vlan1 extended
network ip range 192.168.1.100 192.168.1.254
network mask 255.255.255.0
gateway-list 192.168.1.1
dns-list 192.168.1.1 202.96.64.68
#
user-group system
#
local-user root
password hash cipher $h$6$6juXLvHOXXydYJwC$OQgAUUWuCU/Mm9PoH8c4x0q********/Q9URymWt0WNtFcBF2m9QCdwkjX05uyveIbu0lzf3JSHd69A==
authorization-attribute level 3
service-type telnet
service-type web
local-user guest
password hash cipher $h$6$WuU4XTszyGy7yDIR$AO2x/JjNO0j8b8dempVh9Bz6MMzCSW/FmpKz8rO8Jc/85sx*********ExbsKvpyLQuEDffhVuPk7/V7Q==
authorization-attribute level 3
service-type telnet terminal
service-type ftp
service-type ppp
service-type web
#
wlan rrm
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11g mandatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54
#
wlan service-template 1 crypto
ssid family(xueer)
cipher-suite tkip
cipher-suite ccmp
security-ie rsn
security-ie wpa
service-template enable
#
cwmp
undo cwmp enable
#
attack-defense policy 1
signature-detect action drop-packet
signature-detect fraggle enable
signature-detect land enable
signature-detect winnuke enable
signature-detect tcp-flag enable
signature-detect icmp-unreachable enable
signature-detect icmp-redirect enable
signature-detect tracert enable
signature-detect smurf enable
signature-detect source-route enable
signature-detect route-record enable
signature-detect large-icmp enable
defense scan enable
defense scan add-to-blacklist
defense syn-flood enable
defense syn-flood action drop-packet
defense udp-flood enable
defense udp-flood action drop-packet
defense icmp-flood enable
defense icmp-flood action drop-packet
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Cellular0/0
async mode protocol
link-protocol ppp
attack-defense apply policy 1
#
interface Dialer10
nat outbound
link-protocol ppp
ppp chap user fs_xc12345678
ppp chap password cipher $c$3$KA07FKEQdfaS/hzRLHySlUfrnLQXg3eIeb5A
ppp pap local-user fs_xc12345678 password cipher $c$3$6z/PJS**********c6AOPOYqGojgn
ppp ipcp dns admit-any
ppp ipcp dns request
mtu 1492
ip address ppp-negotiate
tcp mss 1024
dialer user username
dialer-group 10
dialer bundle 10
#
interface Ethernet0/0
nat outbound 3400
port link-mode route
nat server 1 protocol tcp global current-interface www inside 192.168.1.11 www
pppoe-client dial-bundle-number 10
#
interface NULL0
#
interface Vlan-interface1
nat outbound
ip address 192.168.1.1 255.255.255.0
dhcp server apply ip-pool vlan1
#
interface Ethernet0/1
port link-mode bridge
#
interface Ethernet0/2
port link-mode bridge
#
interface Ethernet0/3
port link-mode bridge
#
interface Ethernet0/4
port link-mode bridge
#
interface WLAN-BSS32
port link-type hybrid
port hybrid vlan 1 untagged
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase cipher $c$3$Mw8HazhfwCVHvGWTUVoz+VQIgLdGuQSwbixItow=
#
interface WLAN-Radio2/0
radio-type dot11b
service-template 1 interface wlan-bss 32
#
#
voice-setup
#
sip
#
sip-server
#
call-rule-set
#
call-route
#
dial-program
#
aaa-client
#
gk-client
#
ip route-static 0.0.0.0 0.0.0.0 Dialer10
#
dhcp enable
#
dialer-rule 10 ip permit
#
nms primary monitor-interface Dialer10
#
load xml-configuration
#
load tr069-configuration
#
user-interface tty 12
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
#
version 5.20, Release 2511P02
#
sysname H3C
#
super password level 3 hash cipher $h$6$S*********$ENKYXBOEJTv/w/nqKBv2U1lSmxZVH8gGMWaDs6mWlG9BusUrPYX9jR/4YT3BbDYI8AMc26HyroTuN/uZ/S+ffA==
#
tcp syn-cookie enable
tcp anti-naptha enable
tcp state closing connection-number 500
tcp state established connection-number 500
tcp state fin-wait-1 connection-number 500
tcp state fin-wait-2 connection-number 500
tcp state last-ack connection-number 500
tcp state syn-received connection-number 500
#
info-center source default channel 2 log level errors
info-center source default channel 9 log level errors
#
domain default enable system
#
dns resolve
dns proxy enable
dns server 202.96.64.68
dns server 202.96.69.38
dns spoofing 202.96.64.68
#
bridge enable
bridge 1 enable
#
telnet server enable
#
dar p2p signature-file flash:/p2p_default.mtd
#
port-security enable
#
ip http acl 199
ip http port 8080
#
password-recovery enable
#
blacklist enable
#
acl number 199
rule 0 deny ssid ChinaNet-B180
rule 65534 permit
#
acl number 3400
rule 0 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.1.11 0 destination-port eq www
#
vlan 1
arp-snooping enable
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
dhcp server ip-pool vlan1 extended
network ip range 192.168.1.100 192.168.1.254
network mask 255.255.255.0
gateway-list 192.168.1.1
dns-list 192.168.1.1 202.96.64.68
#
user-group system
#
local-user root
password hash cipher $h$6$6juXLvHOXXydYJwC$OQgAUUWuCU/Mm9PoH8c4x0q********/Q9URymWt0WNtFcBF2m9QCdwkjX05uyveIbu0lzf3JSHd69A==
authorization-attribute level 3
service-type telnet
service-type web
local-user guest
password hash cipher $h$6$WuU4XTszyGy7yDIR$AO2x/JjNO0j8b8dempVh9Bz6MMzCSW/FmpKz8rO8Jc/85sx*********ExbsKvpyLQuEDffhVuPk7/V7Q==
authorization-attribute level 3
service-type telnet terminal
service-type ftp
service-type ppp
service-type web
#
wlan rrm
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11g mandatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54
#
wlan service-template 1 crypto
ssid family(xueer)
cipher-suite tkip
cipher-suite ccmp
security-ie rsn
security-ie wpa
service-template enable
#
cwmp
undo cwmp enable
#
attack-defense policy 1
signature-detect action drop-packet
signature-detect fraggle enable
signature-detect land enable
signature-detect winnuke enable
signature-detect tcp-flag enable
signature-detect icmp-unreachable enable
signature-detect icmp-redirect enable
signature-detect tracert enable
signature-detect smurf enable
signature-detect source-route enable
signature-detect route-record enable
signature-detect large-icmp enable
defense scan enable
defense scan add-to-blacklist
defense syn-flood enable
defense syn-flood action drop-packet
defense udp-flood enable
defense udp-flood action drop-packet
defense icmp-flood enable
defense icmp-flood action drop-packet
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Cellular0/0
async mode protocol
link-protocol ppp
attack-defense apply policy 1
#
interface Dialer10
nat outbound
link-protocol ppp
ppp chap user fs_xc12345678
ppp chap password cipher $c$3$KA07FKEQdfaS/hzRLHySlUfrnLQXg3eIeb5A
ppp pap local-user fs_xc12345678 password cipher $c$3$6z/PJS**********c6AOPOYqGojgn
ppp ipcp dns admit-any
ppp ipcp dns request
mtu 1492
ip address ppp-negotiate
tcp mss 1024
dialer user username
dialer-group 10
dialer bundle 10
#
interface Ethernet0/0
nat outbound 3400
port link-mode route
nat server 1 protocol tcp global current-interface www inside 192.168.1.11 www
pppoe-client dial-bundle-number 10
#
interface NULL0
#
interface Vlan-interface1
nat outbound
ip address 192.168.1.1 255.255.255.0
dhcp server apply ip-pool vlan1
#
interface Ethernet0/1
port link-mode bridge
#
interface Ethernet0/2
port link-mode bridge
#
interface Ethernet0/3
port link-mode bridge
#
interface Ethernet0/4
port link-mode bridge
#
interface WLAN-BSS32
port link-type hybrid
port hybrid vlan 1 untagged
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase cipher $c$3$Mw8HazhfwCVHvGWTUVoz+VQIgLdGuQSwbixItow=
#
interface WLAN-Radio2/0
radio-type dot11b
service-template 1 interface wlan-bss 32
#
#
voice-setup
#
sip
#
sip-server
#
call-rule-set
#
call-route
#
dial-program
#
aaa-client
#
gk-client
#
ip route-static 0.0.0.0 0.0.0.0 Dialer10
#
dhcp enable
#
dialer-rule 10 ip permit
#
nms primary monitor-interface Dialer10
#
load xml-configuration
#
load tr069-configuration
#
user-interface tty 12
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
扫二维码下载贴吧客户端
下载贴吧APP
看高清直播、视频!
看高清直播、视频!
贴吧热议榜
- 1老外凭啥玩国内软件说英文?2666850
- 2国考成绩已出2626182
- 3吧友分析俄乌不停战的原因2577848
- 4Bin在S14比赛为何频频失利2483784
- 5恋爱5年要45万彩礼多不多2114008
- 6泰国旅游局这回真急了1708525
- 7国产3A第二个大学生来了1703016
- 8海贼王主打一个对称1525912
- 9漫威争锋偷走了星鸣特攻的人生1362944
- 10卡普空是真的听劝1123794
