查看: 8590|回复: 5

[我要提问] [求助][原创]请H3C的高手解释一下下面这些icg2000命令的作用 [复制链接]

tdliuridong

军衔等级：

中将

注册：2007-12-17

电梯直达

1^# 大中小

发表于 2008-11-24 23:02:54 |只看该作者 |倒序浏览

#
version 5.20, ESS 1710
#
sysname rou
---------------------
l2tp enable 必须配置
----------------------
#
tcp syn-cookie enable
tcp anti-naptha enable
tcp state closing connection-number 500
tcp state established connection-number 500
tcp state fin-wait-1 connection-number 500
tcp state fin-wait-2 connection-number 500
tcp state last-ack connection-number 500
tcp state syn-received connection-number 500
#
ipsec cpu-backup enable
#
domain default enable system
#
dns resolve
dns proxy enable
#
telnet server enable
#
————————————————————————————————————————————————————————————————————
acl number 3000 必须配置
rule 0 deny ip source 192.168.0.0 0.0.0.255 destination 192.168.2.0 0.0.0.255
rule 1 deny ip source 192.168.2.0 0.0.0.255 destination 192.168.0.0 0.0.0.255
rule 2 permit ip source 192.168.3.0 0.0.0.255
#
————————————————————————————————————————————————————————————————
vlan 1
#
——————————————————————————————————————————————————————————————
domain dxyb.gx                            必须配置
access-limit disable
state active
idle-cut disable
self-service-url disable
ip pool 1 192.168.2.2 192.168.2.90
————————————————————————————---——————————————————————————————————————
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
pki domain navigator
  crl check disable
#
ike proposal 1
encryption-algorithm 3des-cbc
dh group5
#
ike peer navigator
pre-shared-key cipher N1b928EnSbF+fm/IZ8dDKw==
#
ipsec proposal navigator
encapsulation-mode transport
esp authentication-algorithm sha1
esp encryption-algorithm 3des
#
ipsec proposal navigator1
esp authentication-algorithm sha1
esp encryption-algorithm 3des
#
ipsec policy-template gateway 1
ike-peer navigator
proposal navigator navigator1
#
ipsec policy navigator 1 isakmp template gateway
#
dhcp server ip-pool vlan1 extended
network ip range 192.168.1.2 192.168.1.254
network mask 255.255.255.0
gateway-list 192.168.1.1
dns-list 192.168.1.1
#
user-group system
#
————————————————————
以下部分是用户账号
local-user xxxx1137284
password simple 11111111
service-type ppp
local-user xxxx1137434
password simple 11111111
service-type ppp
local-user xxxx1137452
password simple 11111111
service-type ppp
local-user xxxx1137474
password simple 11111111
service-type ppp
local-user xxxx1137476
password simple 11111111
service-type ppp
local-user xxxx1137484
password simple 11111111
service-type ppp
local-user xxxx1137499
password simple 11111111
service-type ppp
local-user xxxx1148121
password simple 11111111
service-type ppp
local-user xxxx1148155
password simple 11111111
service-type ppp
local-user xxxx1152802
password simple 11111111
service-type ppp
local-user xxxx1158525
password simple 11111111
service-type ppp
local-user xxxx137452
local-user xxxx3621098
password simple 11111111
service-type ppp
local-user xxxx3621566
password simple 89870605
service-type ppp
local-user xxxx3621759
password simple 11111111
service-type ppp
local-user xxxx3622163
password simple 27848420
service-type ppp
local-user xxxx3624546
password simple 11111111
service-type ppp
local-user xxxx3627433
password simple 11111111
service-type ppp
local-user xxxx3629258
password simple 94093399
service-type ppp
local-user xxxx3632727
password simple 11111111
service-type ppp
local-user xxxx3632810
password simple 11111111
service-type ppp
local-user xxxx3633328
password simple 11111111
service-type ppp
local-user xxxx3650025
password simple 11111111
service-type ppp
local-user xxxx3696051
password simple 11111111
service-type ppp
local-user xxxx3710027
password simple 11111111
service-type ppp
local-user xxxx3723185
password simple 11111111
service-type ppp
local-user xxxx3724170
password simple 003724170
service-type ppp
local-user xxxx3724214
password simple 003724214
service-type ppp
local-user xxxx3750006
password simple 12345678
service-type ppp
local-user xxxx3750102
password simple 11111111
service-type ppp
local-user xxxx3750611
password simple 11111111
service-type ppp
local-user xxxx3760118
password simple 11111111
service-type ppp
local-user xxxx3773333
password simple 123456
service-type ppp
local-user xxxx3783333
password simple 11111111
service-type ppp
local-user xxxx3783433
password simple 11111111
service-type ppp
local-user xxxx3784349
password simple 11111111
service-type ppp
local-user xxxx3784839
password simple 123456
service-type ppp
local-user TelecomAdmin
authorization-attribute level 3
service-type telnet
local-user bcxx1043109
password simple 11111111
access-limit 1
service-type ppp
local-user bcxx1043122
password simple 11111111
access-limit 1
service-type ppp
local-user bcxx1043128
password simple 11111111
access-limit 1
service-type ppp
local-user test
password simple test
authorization-attribute level 3
service-type telnet
local-user useradmin
password cipher (@KW6^>_R%UH;C/!R%=1I!!!
authorization-attribute level 3
service-type telnet
#
————————————————————————
wlan rrm
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11g mandatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54
#
wlan service-template 1 crypto
ssid ChinaNet-3280
cipher-suite wep40
wep default-key 1 wep40 raw-key 0FE2CE3280
service-template enable
#
ssl server-policy chinanet
pki-domain navigator
#
cwmp
cwmp acs username navigator password navigator
cwmp cpe inform interval enable
cwmp cpe inform interval 43200
cwmp cpe username bbms password bbms
#
----------------------------------------------------------
l2tp-group 1                必须配置
mandatory-lcp
allow l2tp virtual-template 1 remote dxybvpn（申请的l2tp名字）
tunnel password simple dxybvpn666（申请的l2tp密码）
tunnel name dxybvpn
--------------------------------------------------------------
#
interface Aux0
async mode flow
link-protocol ppp
#
-------------------------------------------------------
interface Ethernet0/0 这是WAN
port link-mode route
description To_ISP
nat outbound 3000
ip address 222.216.106.218 255.255.255.192
-----------------------------------------------------------------------------------
#
----------------------------------------------------------------------------------
interface Ethernet0/1 这是服务器IP段在LAN1
port link-mode route
description To_DXYBLANSwitch
ip address 192.168.0.1 255.255.255.0
----------------------------------------------------------------------------
#
--------------------------------------------------------------------------------
interface Ethernet0/2 这个是外网的IP段在LAN2
port link-mode route
description DXYBLANNAT
ip address 192.168.3.1 255.255.255.0
-----------------------------------------------------------------------------------
#
---------------------------------------------------------------
interface Virtual-Template1
ppp authentication-mode pap domain dxyb.gx
remote address pool 1
mtu 1400
ip address 192.168.2.1 255.255.255.0
-------------------------------------------------------------------------------------
#
interface Virtual-Ethernet1
#
interface Virtual-Ethernet2
#
interface Virtual-Ethernet3
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.1.1 255.255.255.0
dhcp server apply ip-pool vlan1
#
interface Ethernet0/3
port link-mode bridge
#
interface Ethernet0/4
port link-mode bridge
#
interface WLAN-BSS0
#
interface WLAN-Radio2/0
service-template 1 interface wlan-bss 0
#
policy-based-route Ethernet0/0 permit node 0
if-match acl 2000
apply output-interface Ethernet0/0
#
policy-based-route Ethernet0/1 permit node 0
if-match acl 2000
apply output-interface Ethernet0/1
#
policy-based-route Ethernet0/2 permit node 0
if-match acl 2000
apply output-interface Ethernet0/2
#
-----------------------------------------------------------------------
ip route-static 0.0.0.0 0.0.0.0 222.216.106.193
--------------------------------------------------------------------------
#
snmp-agent
snmp-agent local-engineid 800063A203000FE207F2E0
snmp-agent sys-info version all
snmp-agent group v3 crypto privacy read-view admin write-view admin notify-view admin
snmp-agent group v3 initialtrap read-view initialtrap write-view initialtrap notify-view initialtrap
snmp-agent target-host trap address udp-domain 202.1.1.1 params securityname navigator v3  privacy
snmp-agent target-host trap address udp-domain 202.1.1.1 params securityname telecom v3
snmp-agent mib-view included admin iso
snmp-agent mib-view included initialtrap hh3cNetMan
snmp-agent usm-user v3 telecom initialtrap
snmp-agent usm-user v3 navigator crypto authentication-mode md5 F_T=2;9CD(VZ\]0@VUFA1Q!! privacy-mode des56 F_T=2;9CD(VZ\]0@VUFA1Q!!
#
dhcp enable
#
ip https ssl-server-policy chinanet
ip https enable
#
nms primary monitor-interface Ethernet0/0
#
load xml-configuration
#
------------------------------------------------
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
----------------------------------------------------
#
return
<router>

0 举报本楼

本帖有 5 个回帖，您需要登录后才能浏览登录 | 注册

返回列表

版规|手机版|C114 ( 沪ICP备12002291号-1 )|联系我们 |网站地图

GMT+8, 2025-8-2 15:15 , Processed in 0.256248 second(s), 17 queries , Gzip On.

Discuz Licensed

[我要提问] [求助][原创]请H3C的高手解释一下下面这些icg2000命令的作用 [复制链接]

浏览过的帖子

浏览过的版块

		自动登录	找回密码
密码			注册