首页 > 其他分享 >简单网络

简单网络

时间:2024-09-24 22:21:15浏览次数:6  
标签:10.1 admin GigabitEthernet0 default 简单网络 user interface

1、网络拓扑图

简单网络_sed

2、核心配置

1)vlan配置

2)dhcp配置

3)防火墙配置

trust区域85

untrust区域5

4)路由器配置:路由器需要整个路径都能到达

3、详细配置

交换机:

[sw1]display current-configuration  

#

sysname sw1

#

vlan batch 10 20 30

#

cluster enable

ntdp enable

ndp enable

#

drop illegal-mac alarm

#

dhcp enable

#

diffserv domain default

#

drop-profile default

#

ip pool dhcpvlan10

gateway-list 10.1.1.1

network 10.1.1.0 mask 255.255.255.0

excluded-ip-address 10.1.1.2 10.1.1.10

lease day 10 hour 0 minute 0

dns-list 8.8.8.8

#

ip pool dhcpvlan20

gateway-list 10.1.2.1

network 10.1.2.0 mask 255.255.255.0

lease day 10 hour 0 minute 0

dns-list 8.8.8.8

#

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password simple admin

local-user admin service-type http

#

interface Vlanif1

#

interface Vlanif10

ip address 10.1.1.1 255.255.255.0

dhcp select global

#

interface Vlanif20

ip address 10.1.2.1 255.255.255.0

dhcp select global

#

interface Vlanif30

ip address 10.1.3.1 255.255.255.0

#

interface MEth0/0/1

#

interface GigabitEthernet0/0/1

port link-type access

port default vlan 10

#

interface GigabitEthernet0/0/2

port link-type access

port default vlan 20

#

interface GigabitEthernet0/0/3

port link-type access

port default vlan 30

#

interface GigabitEthernet0/0/4

#

interface GigabitEthernet0/0/5

#

interface GigabitEthernet0/0/6

#

interface GigabitEthernet0/0/7

#

interface GigabitEthernet0/0/8

#

interface GigabitEthernet0/0/9

#

interface GigabitEthernet0/0/10

#

interface GigabitEthernet0/0/11

#

interface GigabitEthernet0/0/12

#

interface GigabitEthernet0/0/13

#

interface GigabitEthernet0/0/14

#

interface GigabitEthernet0/0/15

#

interface GigabitEthernet0/0/16

#

interface GigabitEthernet0/0/17

#

interface GigabitEthernet0/0/18

#

interface GigabitEthernet0/0/19

#

interface GigabitEthernet0/0/20

#

interface GigabitEthernet0/0/21

#

interface GigabitEthernet0/0/22

#

interface GigabitEthernet0/0/23

#

interface GigabitEthernet0/0/24

#

interface NULL0

#

ip route-static 0.0.0.0 0.0.0.0 10.1.3.2

#

user-interface con 0

idle-timeout 0 0

user-interface vty 0 4

#

return

[sw1]

防火墙:

[USG6000V1]display current-configuration  

2024-09-24 14:21:14.520  

!Software Version V500R005C10SPC300

#

sysname USG6000V1

#

l2tp domain suffix-separator @

#

ipsec sha2 compatible enable

#

undo telnet server enable

undo telnet ipv6 server enable

#

update schedule location-sdb weekly Sun 06:56

#

firewall defend action discard

#

banner enable

#

user-manage web-authentication security port 8887

undo privacy-statement english

undo privacy-statement chinese

page-setting

user-manage security version tlsv1.1 tlsv1.2

password-policy

level high

user-manage single-sign-on ad

user-manage single-sign-on tsm

user-manage single-sign-on radius

user-manage auto-sync online-user

#

web-manager security version tlsv1.1 tlsv1.2

web-manager enable

web-manager security enable

#

firewall dataplane to manageplane application-apperceive default-action drop

#

undo ips log merge enable

#

decoding uri-cache disable

#

update schedule ips-sdb daily 04:26

update schedule av-sdb daily 04:26

update schedule sa-sdb daily 04:26

update schedule cnc daily 04:26

update schedule file-reputation daily 04:26

#

ip vpn-instance default

ipv4-family

#

time-range worktime

 period-range 08:00:00 to 18:00:00 working-day

#

ike proposal default

encryption-algorithm aes-256 aes-192 aes-128

dh group14

authentication-algorithm sha2-512 sha2-384 sha2-256

authentication-method pre-share

integrity-algorithm hmac-sha2-256

prf hmac-sha2-256

#

aaa

authentication-scheme default

authentication-scheme admin_local

authentication-scheme admin_radius_local

authentication-scheme admin_hwtacacs_local

authentication-scheme admin_ad_local

authentication-scheme admin_ldap_local

authentication-scheme admin_radius

authentication-scheme admin_hwtacacs

authentication-scheme admin_ad

authorization-scheme default

accounting-scheme default

domain default

 service-type internetaccess ssl-vpn l2tp ike

 internet-access mode password

 reference user current-domain

manager-user audit-admin

 password cipher @%@%XFP@J&J/eQA'_D1qp3NVh-{z#OUVK)v%@6X_1UGs17YR-{}h@%@%

 service-type web terminal

 level 15


manager-user api-admin

 password cipher @%@%_b{:Yigr</W).6Q$=qbU=$[h5g^^X(h0UDJq%]9M^+[9$[k=@%@%

 level 15


manager-user admin

 password cipher @%@%-;6wI*LSs9*BnmKSk/k+HY1<B*!T5G)zoQm+&a%^#CkOY1~H@%@%

 service-type web terminal

 level 15


role system-admin

role device-admin

role device-admin(monitor)

role audit-admin

bind manager-user audit-admin role audit-admin

bind manager-user admin role system-admin

#

l2tp-group default-lns

#

interface GigabitEthernet0/0/0

undo shutdown

ip address 10.1.3.2 255.255.255.0

alias GE0/METH

#

interface GigabitEthernet1/0/0

undo shutdown

ip address 10.1.4.1 255.255.255.0

#

interface GigabitEthernet1/0/1

undo shutdown

#

interface GigabitEthernet1/0/2

undo shutdown

#

interface GigabitEthernet1/0/3

undo shutdown

#

interface GigabitEthernet1/0/4

undo shutdown

#

interface GigabitEthernet1/0/5

undo shutdown

#

interface GigabitEthernet1/0/6

undo shutdown

#

interface Virtual-if0

#

interface NULL0

#

firewall zone local

set priority 100

#

firewall zone trust

set priority 85

add interface GigabitEthernet0/0/0

#

firewall zone untrust

set priority 5

add interface GigabitEthernet1/0/0

#

firewall zone dmz

set priority 50

#

ip route-static 0.0.0.0 0.0.0.0 10.1.4.2

ip route-static 10.1.1.0 255.255.255.0 10.1.3.1

ip route-static 10.1.2.0 255.255.255.0 10.1.3.1

#

undo ssh server compatible-ssh1x enable

ssh authentication-type default password

ssh server cipher aes256_ctr aes128_ctr

ssh server hmac sha2_256 sha1

ssh client cipher aes256_ctr aes128_ctr

ssh client hmac sha2_256 sha1

#

firewall detect ftp

#

user-interface con 0

authentication-mode aaa

idle-timeout 0 0

user-interface vty 0 4

authentication-mode aaa

protocol inbound ssh

user-interface vty 16 20

#

pki realm default

#

sa

#

location

#

multi-linkif

mode proportion-of-weight

#

right-manager server-group

#

device-classification

device-group pc

device-group mobile-terminal

device-group undefined-group

#

user-manage server-sync tsm

#

security-policy

rule name intoout

 source-zone trust

 destination-zone untrust

 service ftp

 service http

 service https

 service icmp

 service ssh

 service telnet

 action permit

rule name outtoin

 source-zone untrust

 destination-zone trust

 service ftp

 service http

 service https

 service icmp

 service ssh

 service telnet

 action permit

#

auth-policy

#

traffic-policy

#

policy-based-route

#

nat-policy

#

quota-policy

#

pcp-policy

#

dns-transparent-policy

#

rightm-policy

#

return

[USG6000V1]

路由器:

[r2]display current-configuration  

[V200R003C00]

#

sysname r2

#

snmp-agent local-engineid 800007DB03000000000000

snmp-agent  

#

clock timezone China-Standard-Time minus 08:00:00

#

portal local-server load portalpage.zip

#

drop illegal-mac alarm

#

set cpu-usage threshold 80 restore 75

#

acl number 2000  

rule 5 permit  

#

aaa  

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default  

domain default_admin  

local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$

local-user admin service-type http

#

firewall zone Local

priority 15

#

nat address-group 1 20.1.1.10 20.1.1.100

#

interface GigabitEthernet0/0/0

ip address 10.1.4.2 255.255.255.0  

#

interface GigabitEthernet0/0/1

ip address 20.1.1.1 255.255.255.0  

nat outbound 2000 address-group 1  

#

interface GigabitEthernet0/0/2

#

interface NULL0

#

ip route-static 0.0.0.0 0.0.0.0 20.1.1.2

ip route-static 10.1.1.0 255.255.255.0 10.1.4.1

ip route-static 10.1.2.0 255.255.255.0 10.1.4.1

ip route-static 10.1.3.0 255.255.255.0 10.1.4.1

#

user-interface con 0

authentication-mode password

idle-timeout 0 0

user-interface vty 0 4

user-interface vty 16 20

#

wlan ac

#

return

[r2]

标签:10.1,admin,GigabitEthernet0,default,简单网络,user,interface
From: https://blog.51cto.com/u_13560030/12102353

相关文章

  • SNMP(简单网络管理协议)学习
    SNMP是英文"SimpleNetworkManagementProtocol"的缩写,中文意思是"简单网络管理协议"。SNMP是一种简单网络管理协议,它属于TCP/IP五层协议中的应用层协议,用于网络管理的协议。SNMP主要用于网络设备的管理。由于SNMP协议简单可靠,受到了众多厂商的欢迎,成为了目前最为广泛的网管协议......
  • 简单网络
    交换机和路由器有什么区别?网关和路由又是什么意思交换机:把数据发送到正确的位置路由器:LAN口WAN口之间的数据转发  UDP:数据的完整性,数据的发送顺序,数据是否发送到达TCP:电话接通,互相通话,结束挂断三个关键步骤:三次握手,传输确认,四次挥手 三次握手:客户端SYN SYN+ACK  ......
  • 基于Go语言的简单网络爬虫示例:获取智联招聘网页内容
    发起HTTP请求:使用Go的net/http包发起HTTP请求以获取网页内容。解析HTML内容:使用HTML解析器(如Go的golang.org/x/net/html包)来解析网页内容,找到你感兴趣的信息。提取目标数据:通过使用正则表达式或者更好的选择是HTML解析库来提取所需信息。存储或处理信息:将提取的信息存储到文件、数......
  • 简单网络
    importnumpyasnpimporttensorflowastfimportmatplotlib.pyplotasplt#X-DataN=200X=np.random.random(N)print(X)[0.870438330.343525610.813629020.438004590.693279970.63234330.450087380.114168580.972508950.796739290.115412410.8661......
  • 简单网络编程--TCP SERVER 端
     一个服务器,接受客户连接,返回客户IP地址,并关闭连接。一个服务器程序的基本步骤:1.winsocklibrary的初始化2.创建socket3.服务器地址4.bind->listen5.等待客户连接accept6.处理客户接入7.关闭socket8.释放资源:winsocklibrary//SimpleTcpServe......
  • 通过redis学网络(1)-用go基于epoll实现最简单网络通信框架
    本系列主要是为了对redis的网络模型进行学习,我会用golang实现一个reactor网络模型,并实现对redis协议的解析。系列源码已经上传githubhttps://github.com/HobbyBear/tinyredis/tree/chapter1redis的网络模型是基于epoll实现的,所以这一节让我们先基于epoll,实现一个最简单的服......
  • SNMP(Simple Network Management Protocol)——简单网络管理协议
    SNMP(SimpleNetworkManagementProtocol)——简单网络管理协议 目录一、SNMP简介1.背景2.SNMP管理的网络架构二、SNMPMIB1.SNMPMIB简介2.MIB分类(1)公有MIB(2)私有MIB3.被管理设备的基本属性(1)对象表示符(2)对象的状态(3)对象的访问权限(4)对象的数据类型三、SNMPv1工作......
  • Kibana7.17.3创建简单网络数据的Dashboard and visualizations
    Kibana7.17.3创建简单网络数据的Dashboardandvisualizations1.创建溯源数据,所有会话统计2.创建溯源数据,访问域名统计Top403.创建溯源数据,访问协议统计Top404.......