华为SRG2200配置
10:19:59 2014/08/12
Trying 223.100.233.186 ...
Press CTRL+T to abort
Connected to 223.100.233.186 ...
***********************************************************
* All rights reserved 2008-2012 *
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
* Notice: *
* This is a private communication system. *
* Unauthorized access or use may lead to prosecution. *
***********************************************************
Login authentication
Username:admin
Password:
Note: The max number of VTY users is 5, and the current number
of VTY users on line is 1.
NOTICE:This is a private communication system.
Unauthorized access or use may lead to prosecution.
09:59:59 2014/08/12
#
sysname YKO- YKGQXCC -RT-A01
#
l2tp domain suffix-separator @
#
ip local policy-based-route D-X-HL
#
nat address-group 0 223.100.233.186 223.100.233.186
#
undo firewall ipv6 session link-state check
#
dns resolve
#
vlan batch 1 10
#
undo firewall session link-state check
#
#
dns proxy enable
#
license-server domain https://www.360docs.net/doc/3a1616078.html,
#
web-manager enable
#
acl number 3000
rule 5 permit ip source 192.168.4.0 0.0.0.255 destination 192.168.3.0 0.0.0.255
#
acl number 3001
rule 5 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.0.0 0.0.0.255
rule 10 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.2.0 0.0.0.255
#
dhcp server ip-pool dhcp
network 192.168.4.0 mask 255.255.255.0
gateway-list 192.168.4.1
dns-list 211.137.32.178 211.140.197.58
#
dhcp server ip-pool dhcp\
#
interface Vlanif10
ip address 192.168.1.254 255.255.255.0
#
interface Cellular0/1/0
link-protocol ppp
#
interface Ethernet3/0/0
speed 10
portswitch
port link-type access
port access vlan 10
#
interface Ethernet3/0/1
speed 10
portswitch
port link-type access
port access vlan 10
#
interface Ethernet3/0/2
portswitch
port link-type access
#
interface Ethernet3/0/3
portswitch
port link-type access
#
interface Ethernet3/0/4
portswitch
port link-type access
#
interface GigabitEthernet0/0/0
description to dong che chang
ip address 223.100.233.186 255.255.255.128
#
interface GigabitEthernet0/0/1
ip address 192.168.4.1 255.255.255.0
ip policy-based-route D-X-HL
#
interface NULL0
#
interface Tunnel0
ip address 10.1.1.2 255.255.255.252
tunnel-protocol gre
source 223.100.233.186
destination 223.100.233.185
#
interface Tunnel1
ip address 10.1.1.10 255.255.255.248
tunnel-protocol gre
source 223.100.233.186
destination 223.100.233.245
#
firewall zone local
set priority 100
#
firewall zone trust
set priority 85
detect ftp
add interface Ethernet3/0/0
add interface Ethernet3/0/1
add interface GigabitEthernet0/0/1
add interface Vlanif10
#
firewall zone untrust
set priority 5
detect ftp
add interface GigabitEthernet0/0/0
#
firewall zone dmz
set priority 50
detect ftp
#
firewall zone name dxhl
set priority 10
detect ftp
add interface Tunnel0
#
firewall interzone local trust
detect ftp
#
firewall interzone local untrust
detect ftp
#
firewall interzone local dmz
detect ftp
#
firewall interzone local dxhl
detect ftp
#
firewall interzone trust untrust
detect ftp
#
firewall interzone trust dmz
detect ftp
#
firewall interzone trust dxhl
detect ftp
#
firewall interzone dmz untrust
detect ftp
#
firewall interzone dxhl untrust
detect ftp
#
firewall interzone dmz dxhl
detect ftp
#
#
aaa
local-user admin password cipher ]MQ;4\]B+4Z,YWX*NZ55OA!!
local-user admin service-type web terminal telnet
local-user admin level 15
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
domain dot1x
#
#
nqa-jitter tag-version 1
#
load-balance flow source
#
ip route-static 0.0.0.0 0.0.0.0 223.100.233.129
ip route-static 192.168.3.0 255.255.255.0 Tunnel0 preference 50
#
snmp-agent
snmp-agent local-engineid 000007DB7F0000010000745F
snmp-agent community read LNJk2011
snmp-agent sys-info contact R&D Huawei Technologies Co.,Ltd.
snmp-agent sys-info version all
snmp-agent target-host trap address udp-domain 211.137.32.212 params securityname LNJk2011
snmp-agent trap enable bgp
snmp-agent trap enable lsp
snmp-agent trap enable ldp
snmp-agent trap enable configuration
snmp-agent trap enable system
snmp-agent trap enable standard
snmp-agent trap enable mstp
snmp-agent trap enable vrrp
snmp-agent trap enable ssh
snmp-agent trap enable flash
snmp-agent trap enable srm
snmp-agent trap source GigabitEthernet0/0/0
#
banner enable
#
user-interface con 0
user-interface tty 2
authentication-mode none
modem both
user-interface vty 0 4
authentication-mode aaa
user privilege level 3
set authentication password cipher ]MQ;4\]B+4Z,YWX*NZ55OA!!
protocol inbound all
#
policy-based-route D-X-HL permit node 10
if-match acl 3000
apply output-interface Tunnel0
#
ip address-set hl type object
description 192.168.3.0
address 0 192.168.3.0 mask 24
#
ip address-set hl2 type object
description 192.168.4.0
address 0 192.168.4.0 mask 24
#
slb
#
cwmp
#
right-manager server-group
#
policy interzone trust dxhl outbound
policy 0
action permit
policy source address-set hl2
policy destination address-set hl
#
nat-policy interzone trust untrust outbound
policy 0
action source-nat
policy sour
ce 192.168.4.0 0.0.0.255
policy source 192.168.1.0 0.0.0.255
address-group 0
#
return