dis cu
#
sysname H3C
#
l2tp enable //開啓動L2TP協議
#
nat address-group 20 xx.xx.xx.xx xx.xx.xx.xx
nat static 192.168.1.1 211.99.10.148
nat static 192.168.1.5 211.99.10.158
nat static 192.168.1.4 211.99.10.157
nat static 192.168.1.3 211.99.10.156
nat static 192.168.1.2 211.99.10.155
#
DNS resolve
DNS-proxy enable
#
web set-package force flash:/http.zip
#
radius scheme system
#
domain system
ip pool 1 192.168.250.2 192.168.250.3 //設置***的地址池
#
local-user admin
password simple huawei
service-type telnet terminal
level 3
service-type ftp
local-user caolei
password simple caolei
service-type ppp ///設置***的用戶名字與密碼,然後開啓動PPP協議
local-user huawei
password simple huawei
service-type telnet
level 3
local-user pppoe
password cipher (Z9S*/B*+TOQ=^Q`MAF4<1!!
service-type ppp
#
dhcp server ip-pool jingliren
network 192.168.1.0 mask 255.255.255.224
gateway-list 192.168.1.1
dns-list 202.106.196.115 202.106.0.20
#
acl number 2000
rule 0 permit source 192.168.1.0 0.0.0.31
rule 2 permit source 192.168.250.0 0.0.0.31
rule 3 deny
#
acl number 3000
rule 0 deny tcp destination-port eq 6667
rule 1 deny tcp destination-port eq 1434
rule 2 deny udp destination-port eq 4444
rule 3 deny tcp destination-port eq 135
rule 4 deny udp destination-port eq 135
rule 5 deny udp destination-port eq netbios-ssn
rule 6 deny tcp destination-port eq 139
rule 7 permit ip
#
interface Virtual-Template0
ppp authentication-mode pap
ip address 192.168.250.1 255.255.255.0 //在虛擬摸塊設置ppp驗證,然後設置網關
#
interface Ethernet1/0
ip address 192.168.1.1 255.255.255.224
ip address 211.xx.xx.xx 255.255.255.128 sub
qos car inbound any cir 4096000 cbs 204800 ebs 1000 gree
qos car outbound any cir 4096000 cbs 204800 ebs 1000 gre ///QOS設置帶寬限制
#
interface Ethernet1/1
#
interface Ethernet1/2
#
interface Ethernet1/3
#
interface Ethernet1/4
#
interface Ethernet3/0
ip address 192.168.xx.xx 255.255.255.252
firewall packet-filter 3000 inbound
nat outbound static
nat outbound 2000 address-group 20
#
interface Atm2/0
#
interface Virtual-Ethernet0
#
interface NULL0
#
l2tp-group 1
undo tunnel authentication //不進行TUNNEL認證
mandatory-lcp /////LCP再協商/
allow l2tp virtual-template 0 /接受任何LAC的l2tp請求,並綁定到VT0/
#
FTP server enable
#
dhcp server forbidden-ip 192.168.1.2 192.168.1.6
#
ip route-static 0.0.0.0 0.0.0.0 192.168.xx.xx preferenc
#
snmp-agent
snmp-agent local-engineid 7F00000100002893
snmp-agent community read jingliren
snmp-agent sys-info version all
#
user-interface con 0
user-interface vty 0 4
authentication-mode scheme
user privilege level 3
#
return
<H3C>
華爲基本配置
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.