双出口网络

标签：admin ip GigabitEthernet0 网络出口 default user interface

1、网络拓扑图

双出口网络_sed

2、核心配置

1）定义感应兴趣流

acl number 3000

rule 5 permit ip source 192.168.1.0 0.0.0.255

acl number 3001

rule 5 permit ip source 192.168.2.0 0.0.0.255

2）流分类

traffic classifier c2 operator or

if-match acl 3001

traffic classifier c1 operator or

if-match acl 3000

3）流行为

traffic behavior b2

redirect ip-nexthop 200.1.1.1

traffic behavior b1

redirect ip-nexthop 100.1.1.1

4）流策略

traffic policy p1

classifier c1 behavior b1

classifier c2 behavior b2

5）接口应用

interface GigabitEthernet0/0/0

ip address 100.1.1.2 255.255.255.0

nat outbound 2000

3、详细配置

R4:

<r1>display current-configuration

[V200R003C00]

sysname r1

snmp-agent local-engineid 800007DB03000000000000

snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load portalpage.zip

drop illegal-mac alarm

set cpu-usage threshold 80 restore 75

acl number 2000

rule 5 permit

acl number 2001

rule 5 permit

acl number 3000

rule 5 permit ip source 192.168.1.0 0.0.0.255

acl number 3001

rule 5 permit ip source 192.168.2.0 0.0.0.255

traffic classifier c2 operator or

if-match acl 3001

traffic classifier c1 operator or

if-match acl 3000

traffic behavior b2

redirect ip-nexthop 200.1.1.1

traffic behavior b1

redirect ip-nexthop 100.1.1.1

traffic policy p1

classifier c1 behavior b1

classifier c2 behavior b2

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$

local-user admin service-type http

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 100.1.1.2 255.255.255.0

nat outbound 2000

interface GigabitEthernet0/0/1

ip address 200.1.1.2 255.255.255.0

nat outbound 2001

interface GigabitEthernet0/0/2

ip address 10.1.1.2 255.255.255.0

traffic-policy p1 inbound

interface NULL0

ip route-static 0.0.0.0 0.0.0.0 100.1.1.1

ip route-static 0.0.0.0 0.0.0.0 200.1.1.1

ip route-static 192.168.1.0 255.255.255.0 10.1.1.1

ip route-static 192.168.2.0 255.255.255.0 10.1.1.1

user-interface con 0

authentication-mode password

user-interface vty 0 4

user-interface vty 16 20

wlan ac

return

<r1>

FW1:

[USG6000V1]display current-configuration

2024-10-23 09:29:01.590

!Software Version V500R005C10SPC300

sysname USG6000V1

l2tp domain suffix-separator @

ipsec sha2 compatible enable

undo telnet server enable

undo telnet ipv6 server enable

update schedule location-sdb weekly Sun 03:42

firewall defend action discard

banner enable

user-manage web-authentication security port 8887

undo privacy-statement english

undo privacy-statement chinese

page-setting

user-manage security version tlsv1.1 tlsv1.2

password-policy

level high

user-manage single-sign-on ad

user-manage single-sign-on tsm

user-manage single-sign-on radius

user-manage auto-sync online-user

web-manager security version tlsv1.1 tlsv1.2

web-manager enable

web-manager security enable

firewall dataplane to manageplane application-apperceive default-action drop

undo ips log merge enable

decoding uri-cache disable

update schedule ips-sdb daily 01:13

update schedule av-sdb daily 01:13

update schedule sa-sdb daily 01:13

update schedule cnc daily 01:13

update schedule file-reputation daily 01:13

ip vpn-instance default

ipv4-family

time-range worktime

period-range 08:00:00 to 18:00:00 working-day

ike proposal default

encryption-algorithm aes-256 aes-192 aes-128

dh group14

authentication-algorithm sha2-512 sha2-384 sha2-256

authentication-method pre-share

integrity-algorithm hmac-sha2-256

prf hmac-sha2-256

aaa

authentication-scheme default

authentication-scheme admin_local

authentication-scheme admin_radius_local

authentication-scheme admin_hwtacacs_local

authentication-scheme admin_ad_local

authentication-scheme admin_ldap_local

authentication-scheme admin_radius

authentication-scheme admin_hwtacacs

authentication-scheme admin_ad

authorization-scheme default

accounting-scheme default

domain default

service-type internetaccess ssl-vpn l2tp ike

internet-access mode password

reference user current-domain

manager-user audit-admin

password cipher @%@%afIVP2\$W$1y@3HkgM#WZSZ#K52'6U9M!M$>1:AO)Ys:SZ&Z@%@%

service-type web terminal

level 15

manager-user api-admin

password cipher @%@%Ts-^M~V8'+^BCRWr214H\]Tvw1<':Q~D#2sz={~~o9PB]Ty\@%@%

level 15

manager-user admin

password cipher @%@%s*KmUfKtiF'*e%6rn<SBDwrO#,jJ)]WF/M)i4t6C't4,wrRD@%@%

service-type web terminal

level 15

role system-admin

role device-admin

role device-admin(monitor)

role audit-admin

bind manager-user audit-admin role audit-admin

bind manager-user admin role system-admin

l2tp-group default-lns

interface GigabitEthernet0/0/0

undo shutdown

ip address 192.168.3.2 255.255.255.0

alias GE0/METH

interface GigabitEthernet1/0/0

undo shutdown

ip address 10.1.1.1 255.255.255.0

interface GigabitEthernet1/0/1

undo shutdown

interface GigabitEthernet1/0/2

undo shutdown

interface GigabitEthernet1/0/3

undo shutdown

interface GigabitEthernet1/0/4

undo shutdown

interface GigabitEthernet1/0/5

undo shutdown

interface GigabitEthernet1/0/6

undo shutdown

interface Virtual-if0

interface NULL0

firewall zone local

set priority 100

firewall zone trust

set priority 85

add interface GigabitEthernet0/0/0

firewall zone untrust

set priority 5

add interface GigabitEthernet1/0/0

firewall zone dmz

set priority 50

ip route-static 0.0.0.0 0.0.0.0 10.1.1.2

ip route-static 192.168.1.0 255.255.255.0 192.168.3.1

ip route-static 192.168.2.0 255.255.255.0 192.168.3.1

undo ssh server compatible-ssh1x enable

ssh authentication-type default password

ssh server cipher aes256_ctr aes128_ctr

ssh server hmac sha2_256 sha1

ssh client cipher aes256_ctr aes128_ctr

ssh client hmac sha2_256 sha1

firewall detect ftp

user-interface con 0

authentication-mode aaa

idle-timeout 0 0

user-interface vty 0 4

authentication-mode aaa

protocol inbound ssh

user-interface vty 16 20

pki realm default

location

multi-linkif

mode proportion-of-weight

right-manager server-group

device-classification

device-group pc

device-group mobile-terminal

device-group undefined-group

user-manage server-sync tsm

security-policy

rule name intoout

source-zone trust

destination-zone untrust

service ftp

service http

service icmp

service ssh

service telnet

service tftp

action permit

rule name outtoin

source-zone untrust

destination-zone trust

service ftp

service http

service https

service icmp

service ssh

service telnet

action permit

auth-policy

traffic-policy

policy-based-route

nat-policy

quota-policy

pcp-policy

dns-transparent-policy

rightm-policy

return

[USG6000V1]

SW1:

<sw1>display current-configuration

sysname sw1

vlan batch 10 20 30

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password simple admin

local-user admin service-type http

interface Vlanif1

interface Vlanif10

ip address 192.168.1.1 255.255.255.0

interface Vlanif20

ip address 192.168.2.1 255.255.255.0

interface Vlanif30

ip address 192.168.3.1 255.255.255.0

interface MEth0/0/1

interface GigabitEthernet0/0/1

port link-type access

port default vlan 30

interface GigabitEthernet0/0/2

port link-type access

port default vlan 10

interface GigabitEthernet0/0/3

port link-type access

port default vlan 20

interface GigabitEthernet0/0/4

interface GigabitEthernet0/0/5

interface GigabitEthernet0/0/6

interface GigabitEthernet0/0/7

interface GigabitEthernet0/0/8

interface GigabitEthernet0/0/9

interface GigabitEthernet0/0/10

interface GigabitEthernet0/0/11

interface GigabitEthernet0/0/12

interface GigabitEthernet0/0/13

interface GigabitEthernet0/0/14

interface GigabitEthernet0/0/15

interface GigabitEthernet0/0/16

interface GigabitEthernet0/0/17

interface GigabitEthernet0/0/18

interface GigabitEthernet0/0/19

interface GigabitEthernet0/0/20

interface GigabitEthernet0/0/21

interface GigabitEthernet0/0/22

interface GigabitEthernet0/0/23

interface GigabitEthernet0/0/24

interface NULL0

ip route-static 0.0.0.0 0.0.0.0 192.168.3.2

user-interface con 0

user-interface vty 0 4

return

<sw1>

标签：admin,ip,GigabitEthernet0,网络,出口,default,user,interface
From： https://blog.51cto.com/u_13560030/12340994

1、网络拓扑图

2、核心配置

3、详细配置

相关文章

赞助商

阅读排行