首页 > 其他分享 >基础网络

基础网络

时间:2024-09-15 22:51:49浏览次数:6  
标签:10.1 admin 基础 GigabitEthernet0 网络 default user interface

1、网络拓扑图

基础网络_防火墙配置

2、核心知识点

1)vlan配置

2)dhcp 配置

3)防火墙配置

4)静态路由配置

3、详细配置

交换机配置:

[sw1]display current-configuration  

#

sysname sw1

#

vlan batch 10 20 30

#

cluster enable

ntdp enable

ndp enable

#

drop illegal-mac alarm

#

dhcp enable

#

diffserv domain default

#

drop-profile default

#

ip pool dhcpvlan10

gateway-list 10.1.3.1

network 10.1.3.0 mask 255.255.255.0

excluded-ip-address 10.1.3.10 10.1.3.100

lease day 10 hour 0 minute 0

dns-list 8.8.8.8

#

ip pool dhcpvlan20

gateway-list 10.1.4.1

network 10.1.4.0 mask 255.255.255.0

lease day 10 hour 0 minute 0

#

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password simple admin

local-user admin service-type http

#

interface Vlanif1

#

interface Vlanif10

ip address 10.1.3.1 255.255.255.0

dhcp select global

#

interface Vlanif20

ip address 10.1.4.1 255.255.255.0

dhcp select global

#

interface Vlanif30

ip address 10.1.2.2 255.255.255.0

#

interface MEth0/0/1

#

interface GigabitEthernet0/0/1

port link-type access

port default vlan 10

#

interface GigabitEthernet0/0/2

port link-type access

port default vlan 20

#

interface GigabitEthernet0/0/3

port link-type access

port default vlan 30

#

interface GigabitEthernet0/0/4

#

interface GigabitEthernet0/0/5

#

interface GigabitEthernet0/0/6

#

interface GigabitEthernet0/0/7

#

interface GigabitEthernet0/0/8

#

interface GigabitEthernet0/0/9

#

interface GigabitEthernet0/0/10

#

interface GigabitEthernet0/0/11

#

interface GigabitEthernet0/0/12

#

interface GigabitEthernet0/0/13

#

interface GigabitEthernet0/0/14

#

interface GigabitEthernet0/0/15

#

interface GigabitEthernet0/0/16

#

interface GigabitEthernet0/0/17

#

interface GigabitEthernet0/0/18

#

interface GigabitEthernet0/0/19

#

interface GigabitEthernet0/0/20

#

interface GigabitEthernet0/0/21

#

interface GigabitEthernet0/0/22

#

interface GigabitEthernet0/0/23

#

interface GigabitEthernet0/0/24

#

interface NULL0

#

ip route-static 0.0.0.0 0.0.0.0 10.1.2.1

#

user-interface con 0

idle-timeout 0 0

user-interface vty 0 4

#

return

[sw1]

防火墙配置:

[firewall]display current-configuration  

2024-09-15 14:33:15.890  

!Software Version V500R005C10SPC300

#

sysname firewall

#

l2tp domain suffix-separator @

#

ipsec sha2 compatible enable

#

undo telnet server enable

undo telnet ipv6 server enable

#

update schedule location-sdb weekly Sun 05:58

#

firewall defend action discard

#

banner enable

#

user-manage web-authentication security port 8887

undo privacy-statement english

undo privacy-statement chinese

page-setting

user-manage security version tlsv1.1 tlsv1.2

password-policy

level high

user-manage single-sign-on ad

user-manage single-sign-on tsm

user-manage single-sign-on radius

user-manage auto-sync online-user

#

web-manager security version tlsv1.1 tlsv1.2

web-manager enable

web-manager security enable

#

firewall dataplane to manageplane application-apperceive default-action drop

#

undo ips log merge enable

#

decoding uri-cache disable

#

update schedule ips-sdb daily 04:06

update schedule av-sdb daily 04:06

update schedule sa-sdb daily 04:06

update schedule cnc daily 04:06

update schedule file-reputation daily 04:06

#

ip vpn-instance default

ipv4-family

#

time-range worktime

 period-range 08:00:00 to 18:00:00 working-day

#

ike proposal default

encryption-algorithm aes-256 aes-192 aes-128

dh group14

authentication-algorithm sha2-512 sha2-384 sha2-256

authentication-method pre-share

integrity-algorithm hmac-sha2-256

prf hmac-sha2-256

#

aaa

authentication-scheme default

authentication-scheme admin_local

authentication-scheme admin_radius_local

authentication-scheme admin_hwtacacs_local

authentication-scheme admin_ad_local

authentication-scheme admin_ldap_local

authentication-scheme admin_radius

authentication-scheme admin_hwtacacs

authentication-scheme admin_ad

authorization-scheme default

accounting-scheme default

domain default

 service-type internetaccess ssl-vpn l2tp ike

 internet-access mode password

 reference user current-domain

manager-user audit-admin

 password cipher @%@%2Z=w$"m8i4)yDd,x*,;@>a/V!)TBL({h/%yp{>OO{&ZCa/Y>@%@%

 service-type web terminal

 level 15


manager-user api-admin

 password cipher @%@%[A@X.\3[&IAJ@T4a_3}!Y.F;~[f#>P#X&LuVo1+t2:>/.F>Y@%@%

 level 15


manager-user admin

 password cipher @%@%9R<6O,2e;;9opORp;8kM0~*YmoW;<2D3h"ou^G${]8FB~*\0@%@%

 service-type web terminal

 level 15


role system-admin

role device-admin

role device-admin(monitor)

role audit-admin

bind manager-user audit-admin role audit-admin

bind manager-user admin role system-admin

#

l2tp-group default-lns

#

interface GigabitEthernet0/0/0

undo shutdown

ip address 10.1.2.1 255.255.255.0

alias GE0/METH

#

interface GigabitEthernet1/0/0

undo shutdown

ip address 10.1.1.2 255.255.255.0

#

interface GigabitEthernet1/0/1

undo shutdown

#

interface GigabitEthernet1/0/2

undo shutdown

#

interface GigabitEthernet1/0/3

undo shutdown

#

interface GigabitEthernet1/0/4

undo shutdown

#

interface GigabitEthernet1/0/5

undo shutdown

#

interface GigabitEthernet1/0/6

undo shutdown

#

interface Virtual-if0

#

interface NULL0

#

firewall zone local

set priority 100

#

firewall zone trust

set priority 85

add interface GigabitEthernet0/0/0

#

firewall zone untrust

set priority 5

add interface GigabitEthernet1/0/0

#

firewall zone dmz

set priority 50

#

ip route-static 0.0.0.0 0.0.0.0 10.1.1.1

ip route-static 10.1.3.0 255.255.255.0 10.1.2.2

ip route-static 10.1.4.0 255.255.255.0 10.1.2.2

#

undo ssh server compatible-ssh1x enable

ssh authentication-type default password

ssh server cipher aes256_ctr aes128_ctr

ssh server hmac sha2_256 sha1

ssh client cipher aes256_ctr aes128_ctr

ssh client hmac sha2_256 sha1

#

firewall detect ftp

#

user-interface con 0

authentication-mode aaa

idle-timeout 0 0

user-interface vty 0 4

authentication-mode aaa

protocol inbound ssh

user-interface vty 16 20

#

pki realm default

#

sa

#

location

#

multi-linkif

mode proportion-of-weight

#

right-manager server-group

#

device-classification

device-group pc

device-group mobile-terminal

device-group undefined-group

#

user-manage server-sync tsm

#

security-policy

rule name intoout

 source-zone trust

 destination-zone untrust

 service ftp

 service http

 service https

 service icmp

 service ssh

 service telnet

 action permit

rule name outtoin

 source-zone untrust

 destination-zone trust

 service ftp

 service http

 service https

 service icmp

 service ssh

 service telnet

 action permit

#

auth-policy

#

traffic-policy

#

policy-based-route

#

nat-policy

#

quota-policy

#

pcp-policy

#

dns-transparent-policy

#

rightm-policy

#

return

[firewall]

路由器配置:

[r2]display current-configuration  

[V200R003C00]

#

sysname r2

#

snmp-agent local-engineid 800007DB03000000000000

snmp-agent  

#

clock timezone China-Standard-Time minus 08:00:00

#

portal local-server load portalpage.zip

#

drop illegal-mac alarm

#

set cpu-usage threshold 80 restore 75

#

acl number 2000  

rule 5 permit  

#

aaa  

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default  

domain default_admin  

local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$

local-user admin service-type http

#

firewall zone Local

priority 15

#

nat address-group 1 100.1.1.10 100.1.1.200

#

interface GigabitEthernet0/0/0

ip address 10.1.1.1 255.255.255.0  

#

interface GigabitEthernet0/0/1

ip address 100.1.1.2 255.255.255.0  

nat outbound 2000 address-group 1  

#

interface GigabitEthernet0/0/2

#

interface NULL0

#

ip route-static 0.0.0.0 0.0.0.0 100.1.1.1

ip route-static 10.1.2.0 255.255.255.0 10.1.1.2

ip route-static 10.1.3.0 255.255.255.0 10.1.1.2

ip route-static 10.1.4.0 255.255.255.0 10.1.1.2

#

user-interface con 0

authentication-mode password

user-interface vty 0 4

user-interface vty 16 20

#

wlan ac

#

return

[r2]


标签:10.1,admin,基础,GigabitEthernet0,网络,default,user,interface
From: https://blog.51cto.com/u_13560030/12025978

相关文章

  • Java零基础-replace(CharSequence target, CharSequence replacement)详解
    哈喽,各位小伙伴们,你们好呀,我是喵手。运营社区:C站/掘金/腾讯云/阿里云/华为云/51CTO;欢迎大家常来逛逛  今天我要给大家分享一些自己日常学习到的一些知识点,并以文字的形式跟大家一起交流,互相学习,一个人虽可以走的更快,但一群人可以走的更远。  我是一名后端开发爱好者......
  • 信息学奥赛初赛天天练-90-CSP-S2023基础题2-离散数学、染色、完全三叉树、平面图、边
    PDF文档公众号回复关键字:202409152023CSP-S选择题1单项选择题(共15题,每题2分,共计30分:每题有且仅有一个正确选项)6以下连通无向图中,()一定可以用不超过两种颜色进行染色A完全三叉树B平面图C边双连通图D欧拉图7最长公共子序列长度常常用来衡量两个序列的相......
  • 神经网络-损失函数
    文章目录一、回归问题的损失函数1.均方误差(MeanSquaredError,MSE)2.平均绝对误差(MeanAbsoluteError,MAE)二、分类问题的损失函数1.0-1损失函数(Zero-OneLossFunction)2.交叉熵损失(Cross-EntropyLoss)3.合页损失(HingeLoss)三、总结在神经网络中,损失函数(LossFunc......
  • C++入门基础知识69(高级)——【关于C++ 动态内存】
    成长路上不孤单......
  • C++入门基础知识68(高级)——【关于C++ 异常处理】
    成长路上不孤单......
  • 攻击者如何在日常网络资源中隐藏恶意软件
    近二十年来,安全Web网关(SWG)一直在监控网络流量,以检测恶意软件、阻止恶意网站并保护企业免受基于Web的威胁。然而,攻击者已经找到了许多绕过这些防御措施的方法,SquareX的安全研究人员对此进行了记录。最危险的策略之一是将恶意软件隐藏在显眼的地方,使用图像、WebAssem......
  • 2024ICPC网络赛第一场题解(部分)
    这一场基本纯挂件,给队友翻译翻译题面,帮队友打打板子了,可惜最后40sL题冲了一个\(O(\frac{n^3}{w})\)的bitset最后wa了,所以下面的题解我也只能看着队友代码说说大概,主要参考一下代码吧。A题意给出32个队伍的能力值,和比赛的规则,其中中国队是第一个队伍,问所有分组的情况下,中国队......
  • 数学基础讲解-05
        三角形面积公式 海伦公式 公式三应用: ......
  • 网络安全攻击相关笔记(一)
    目录常见攻击方式零日漏洞(0day)零日漏洞是什么?有广泛影响的零日漏洞零日漏洞典型利用方式参考文章:常见攻击方式1.网络钓鱼:网络钓鱼,是发送非法电子邮件引诱终端用户做出响应的一种操作——无论用户的响应是点击可致恶意软件感染的链接,还是拱手交出平时不太可能告诉......
  • 人机交互(基础篇)
    1.基本概念随着硬件的发展和分时系统的出现,开始了人机交互。交互式产品借计算机系统完成特定任务,软件是计算机系统得以正确运作的基础。定义:研究人、计算机以及他们之间相互作用的学科;使计算机技术更好地为人类服务;构建用户乐于使用且易于使用的软件;有关可用性的学习......