基础网络

标签：10.1 admin 基础 GigabitEthernet0 网络 default user interface

1、网络拓扑图

基础网络_防火墙配置

2、核心知识点

1）vlan配置

2）dhcp 配置

3）防火墙配置

4）静态路由配置

3、详细配置

交换机配置：

[sw1]display current-configuration

sysname sw1

vlan batch 10 20 30

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

dhcp enable

diffserv domain default

drop-profile default

ip pool dhcpvlan10

gateway-list 10.1.3.1

network 10.1.3.0 mask 255.255.255.0

excluded-ip-address 10.1.3.10 10.1.3.100

lease day 10 hour 0 minute 0

dns-list 8.8.8.8

ip pool dhcpvlan20

gateway-list 10.1.4.1

network 10.1.4.0 mask 255.255.255.0

lease day 10 hour 0 minute 0

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password simple admin

local-user admin service-type http

interface Vlanif1

interface Vlanif10

ip address 10.1.3.1 255.255.255.0

dhcp select global

interface Vlanif20

ip address 10.1.4.1 255.255.255.0

dhcp select global

interface Vlanif30

ip address 10.1.2.2 255.255.255.0

interface MEth0/0/1

interface GigabitEthernet0/0/1

port link-type access

port default vlan 10

interface GigabitEthernet0/0/2

port link-type access

port default vlan 20

interface GigabitEthernet0/0/3

port link-type access

port default vlan 30

interface GigabitEthernet0/0/4

interface GigabitEthernet0/0/5

interface GigabitEthernet0/0/6

interface GigabitEthernet0/0/7

interface GigabitEthernet0/0/8

interface GigabitEthernet0/0/9

interface GigabitEthernet0/0/10

interface GigabitEthernet0/0/11

interface GigabitEthernet0/0/12

interface GigabitEthernet0/0/13

interface GigabitEthernet0/0/14

interface GigabitEthernet0/0/15

interface GigabitEthernet0/0/16

interface GigabitEthernet0/0/17

interface GigabitEthernet0/0/18

interface GigabitEthernet0/0/19

interface GigabitEthernet0/0/20

interface GigabitEthernet0/0/21

interface GigabitEthernet0/0/22

interface GigabitEthernet0/0/23

interface GigabitEthernet0/0/24

interface NULL0

ip route-static 0.0.0.0 0.0.0.0 10.1.2.1

user-interface con 0

idle-timeout 0 0

user-interface vty 0 4

return

[sw1]

防火墙配置：

[firewall]display current-configuration

2024-09-15 14:33:15.890

!Software Version V500R005C10SPC300

sysname firewall

l2tp domain suffix-separator @

ipsec sha2 compatible enable

undo telnet server enable

undo telnet ipv6 server enable

update schedule location-sdb weekly Sun 05:58

firewall defend action discard

banner enable

user-manage web-authentication security port 8887

undo privacy-statement english

undo privacy-statement chinese

page-setting

user-manage security version tlsv1.1 tlsv1.2

password-policy

level high

user-manage single-sign-on ad

user-manage single-sign-on tsm

user-manage single-sign-on radius

user-manage auto-sync online-user

web-manager security version tlsv1.1 tlsv1.2

web-manager enable

web-manager security enable

firewall dataplane to manageplane application-apperceive default-action drop

undo ips log merge enable

decoding uri-cache disable

update schedule ips-sdb daily 04:06

update schedule av-sdb daily 04:06

update schedule sa-sdb daily 04:06

update schedule cnc daily 04:06

update schedule file-reputation daily 04:06

ip vpn-instance default

ipv4-family

time-range worktime

period-range 08:00:00 to 18:00:00 working-day

ike proposal default

encryption-algorithm aes-256 aes-192 aes-128

dh group14

authentication-algorithm sha2-512 sha2-384 sha2-256

authentication-method pre-share

integrity-algorithm hmac-sha2-256

prf hmac-sha2-256

aaa

authentication-scheme default

authentication-scheme admin_local

authentication-scheme admin_radius_local

authentication-scheme admin_hwtacacs_local

authentication-scheme admin_ad_local

authentication-scheme admin_ldap_local

authentication-scheme admin_radius

authentication-scheme admin_hwtacacs

authentication-scheme admin_ad

authorization-scheme default

accounting-scheme default

domain default

service-type internetaccess ssl-vpn l2tp ike

internet-access mode password

reference user current-domain

manager-user audit-admin

password cipher @%@%2Z=w$"m8i4)yDd,x*,;@>a/V!)TBL({h/%yp{>OO{&ZCa/Y>@%@%

service-type web terminal

level 15

manager-user api-admin

password cipher @%@%[A@X.\3[&IAJ@T4a_3}!Y.F;~[f#>P#X&LuVo1+t2:>/.F>Y@%@%

level 15

manager-user admin

password cipher @%@%9R<6O,2e;;9opORp;8kM0~*YmoW;<2D3h"ou^G${]8FB~*\0@%@%

service-type web terminal

level 15

role system-admin

role device-admin

role device-admin(monitor)

role audit-admin

bind manager-user audit-admin role audit-admin

bind manager-user admin role system-admin

l2tp-group default-lns

interface GigabitEthernet0/0/0

undo shutdown

ip address 10.1.2.1 255.255.255.0

alias GE0/METH

interface GigabitEthernet1/0/0

undo shutdown

ip address 10.1.1.2 255.255.255.0

interface GigabitEthernet1/0/1

undo shutdown

interface GigabitEthernet1/0/2

undo shutdown

interface GigabitEthernet1/0/3

undo shutdown

interface GigabitEthernet1/0/4

undo shutdown

interface GigabitEthernet1/0/5

undo shutdown

interface GigabitEthernet1/0/6

undo shutdown

interface Virtual-if0

interface NULL0

firewall zone local

set priority 100

firewall zone trust

set priority 85

add interface GigabitEthernet0/0/0

firewall zone untrust

set priority 5

add interface GigabitEthernet1/0/0

firewall zone dmz

set priority 50

ip route-static 0.0.0.0 0.0.0.0 10.1.1.1

ip route-static 10.1.3.0 255.255.255.0 10.1.2.2

ip route-static 10.1.4.0 255.255.255.0 10.1.2.2

undo ssh server compatible-ssh1x enable

ssh authentication-type default password

ssh server cipher aes256_ctr aes128_ctr

ssh server hmac sha2_256 sha1

ssh client cipher aes256_ctr aes128_ctr

ssh client hmac sha2_256 sha1

firewall detect ftp

user-interface con 0

authentication-mode aaa

idle-timeout 0 0

user-interface vty 0 4

authentication-mode aaa

protocol inbound ssh

user-interface vty 16 20

pki realm default

location

multi-linkif

mode proportion-of-weight

right-manager server-group

device-classification

device-group pc

device-group mobile-terminal

device-group undefined-group

user-manage server-sync tsm

security-policy

rule name intoout

source-zone trust

destination-zone untrust

service ftp

service http

service https

service icmp

service ssh

service telnet

action permit

rule name outtoin

source-zone untrust

destination-zone trust

service ftp

service http

service https

service icmp

service ssh

service telnet

action permit

auth-policy

traffic-policy

policy-based-route

nat-policy

quota-policy

pcp-policy

dns-transparent-policy

rightm-policy

return

[firewall]

路由器配置：

[r2]display current-configuration

[V200R003C00]

sysname r2

snmp-agent local-engineid 800007DB03000000000000

snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load portalpage.zip

drop illegal-mac alarm

set cpu-usage threshold 80 restore 75

acl number 2000

rule 5 permit

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$

local-user admin service-type http

firewall zone Local

priority 15

nat address-group 1 100.1.1.10 100.1.1.200

interface GigabitEthernet0/0/0

ip address 10.1.1.1 255.255.255.0

interface GigabitEthernet0/0/1

ip address 100.1.1.2 255.255.255.0

nat outbound 2000 address-group 1

interface GigabitEthernet0/0/2

interface NULL0

ip route-static 0.0.0.0 0.0.0.0 100.1.1.1

ip route-static 10.1.2.0 255.255.255.0 10.1.1.2

ip route-static 10.1.3.0 255.255.255.0 10.1.1.2

ip route-static 10.1.4.0 255.255.255.0 10.1.1.2

user-interface con 0

authentication-mode password

user-interface vty 0 4

user-interface vty 16 20

wlan ac

return

[r2]

标签：10.1,admin,基础,GigabitEthernet0,网络,default,user,interface
From： https://blog.51cto.com/u_13560030/12025978

1、网络拓扑图

2、核心知识点

3、详细配置

交换机配置：

防火墙配置：

路由器配置：

相关文章

赞助商

阅读排行