2022年样题5

在S5、S6的Gi0/6-Gi0/20端口上,启用端口保护功能。

interface GigabitEthernet 2/0/18

	switchport port-security

在连接PC机端口上开启Portfast和BPDUguard防护功能。

spanning-tree bpduguard enable
 spanning-tree portfast

接入交换机的连接终端的接口上检测到环路后,要求处理的方式为Shutdown-Port,实现防环保护

rldp port loop-detect shutdown-port

一旦端口检测异常事件并进入Err-Disabled状态,设置300秒自动恢复机制(基于接口部署策略)。

Rujijie(config)#errdisable  recovery interval 300

在交换机S3、S4上配置DHCP中继功能,使得网络中的终端用户通过DHCP Relay方式获取IP地址。

S3

service dhcp
ip helper-address 10.1.0.1



S4

service dhcp
ip helper-address 10.1.0.1

在S1上搭建DHCP服务器,为网络中的无线AP设备提供管理地址(具体参数见IPv4地址分配表,共3个网段:192.1.10.0/24,192.1.50.0/24,192.1.60.0/24)。无线AP的地址租约为永久。无线网络中用户设备的租约为0.5天。

service dhcp
!
ip dhcp pool pool_10
 network 192.1.10.0 255.255.255.0
 default-router 192.1.10.254
!
ip dhcp pool pool_50
 option 138 ip 192.1.100.2 192.1.100.3
 lease infinite
 network 192.1.50.0 255.255.255.0
 default-router 192.1.50.254
!
ip dhcp pool pool_60
 lease 0 12 0
 network 192.1.60.0 255.255.255.0
 default-router 192.1.60.254

在S5、S6交换机上部署DHCP 的“Snooping+DAI”功能。其中,DAI安全功能主要针对VLAN10中用户设备启用ARP防御。

VSU(config)#ip dhcp snooping

VSU(config)#int g 1/0/20

VSU(config-if-GigabitEthernet 1/0/20)#ip dhcp snooping trust

在交换机S3、S4、S5、S6上配置MSTP防止二层环路。MSTP参数要求:region-name为test。revision版本为1。实例1包含VLAN10,VLAN100。实例2包含VLAN50,VLAN60。配置S3交换机作为实例1的主根、实例2的从根。配置S4交换机作为实例2的主根、实例1的从根。其中,主根的优先级为4096。从根的优先级为8192。

**S3**

spanning-tree mst configuration
 revision 1
 name test
 instance 0 vlan 1-9, 11-49, 51-59, 61-99, 101-4094
 instance 1 vlan 10, 100
 instance 2 vlan 50, 60
!
spanning-tree mst 1 priority 4096
spanning-tree mst 2 priority 8192
spanning-tree



**S4**

spanning-tree mst configuration
 revision 1
 name test
 instance 0 vlan 1-9, 11-49, 51-59, 61-99, 101-4094
 instance 1 vlan 10, 100
 instance 2 vlan 50, 60
!
spanning-tree mst 1 priority 8192
spanning-tree mst 2 priority 4096
spanning-tree



**VSU(S5,S6)**

spanning-tree mst configuration
 revision 1
 name test
!
spanning-tree

在S3和S4上配置VRRP,所配置的参数要求如表1所示。在交换机S3、S4上设置各VRRP组中的高优先级设置为150,低优先级设置为120。

S3

interface VLAN 10
 ip address 192.1.10.252 255.255.255.0
 vrrp 10 ip 192.1.10.254
 vrrp 10 priority 150
!
interface VLAN 50
 ip address 192.1.50.252 255.255.255.0
 vrrp 50 ip 192.1.50.254
 vrrp 50 priority 120
!
interface VLAN 60
 ip address 192.1.60.252 255.255.255.0
 vrrp 60 ip 192.1.60.254
 vrrp 60 priority 120
!
interface VLAN 100
 ip address 192.1.100.252 255.255.255.0
 vrrp 100 ip 192.1.100.254
 vrrp 100 priority 150



S4

interface VLAN 10
 ip address 192.1.10.253 255.255.255.0
 vrrp 10 ip 192.1.10.254
 vrrp 10 priority 120
!
interface VLAN 50
 ip address 192.1.50.253 255.255.255.0
 vrrp 50 ip 192.1.50.254
 vrrp 50 priority 150
!
interface VLAN 60
 ip address 192.1.60.253 255.255.255.0
 vrrp 60 ip 192.1.60.254
 vrrp 60 priority 150
!
interface VLAN 100
 ip address 192.1.100.253 255.255.255.0
 vrrp 100 ip 192.1.100.254
 vrrp 100 priority 120

在S3与S4之间部署2条互联链路(Gi0/21、Gi0/22),并采取LACP动态聚合模式配置二层链路聚合。其它接口根据网络设备互联需要,进行静态链路聚合配置,生成聚合接口AG2。

interface GigabitEthernet 0/21
 port-group 2 mode active
!<br />interface GigabitEthernet 0/22
 port-group 2 mode active


interface AggregatePort 2
 switchport mode trunk
 switchport trunk native vlan 100
 switchport trunk allowed vlan only 10,50,60,100

规划交换机S5和S6之间的Gi0/22端口作为双主机检测链路,配置基于双主机检测。

switch virtual domain 1
 dual-active detection bfd
 dual-active bfd interface GigabitEthernet 1/0/22
 dual-active bfd interface GigabitEthernet 2/0/22

在省行的核心区与业务区(S1、S2、S3、S4)中,部署OSPF 100。使用单区域(区域0)部署。

S1

router ospf 100
 router-id 10.1.0.1
 graceful-restart
 redistribute ospf 200 metric-type 1 route-map 410—10 subnets
 network 10.1.0.1 0.0.0.0 area 0
 network 10.1.1.0 0.0.0.3 area 0
 network 10.1.1.4 0.0.0.3 area 0
 network 10.1.254.252 0.0.0.3 area 0
 default-information originate always metric 5 metric-type 1


S2

router ospf 100
 router-id 10.1.0.2
 graceful-restart
 network 10.1.0.2 0.0.0.0 area 0
 network 10.1.1.8 0.0.0.3 area 0
 network 10.1.1.12 0.0.0.3 area 0
 network 10.1.254.252 0.0.0.3 area 0


S3

router ospf 100
 router-id 10.1.0.3
 graceful-restart
 network 10.1.0.3 0.0.0.0 area 0
 network 10.1.1.0 0.0.0.3 area 0
 network 10.1.1.8 0.0.0.3 area 0
 network 192.1.10.0 0.0.0.255 area 0
 network 192.1.50.0 0.0.0.255 area 0
 network 192.1.60.0 0.0.0.255 area 0
 network 192.1.100.0 0.0.0.255 area 0



S4

router ospf 100
 router-id 10.1.0.4
 graceful-restart
 network 10.1.0.4 0.0.0.0 area 0
 network 10.1.1.4 0.0.0.3 area 0
 network 10.1.1.12 0.0.0.3 area 0
 network 192.1.10.0 0.0.0.255 area 0
 network 192.1.50.0 0.0.0.255 area 0
 network 192.1.60.0 0.0.0.255 area 0
 network 192.1.100.0 0.0.0.255 area 0

在省行的互联区和各支行/网点(S1、S2、R1、R2、S7)连接上,部署OSPF 200。使用多区域规划。其中,省行互联区(S1、S2、R1、R2)属于AREA 0。龙首原支行(R1、R2、S7)属于AREA 1。

S1

router ospf 200
 router-id 10.1.0.1
 graceful-restart
 redistribute ospf 100 metric-type 1 route-map 10_410 subnets
 network 10.1.2.0 0.0.0.3 area 0
 network 10.1.2.4 0.0.0.3 area 0
 default-information originate always metric 5 metric-type 1



S2

router ospf 200
 router-id 10.1.0.2
 graceful-restart
 network 10.1.2.8 0.0.0.3 area 0
 network 10.1.2.12 0.0.0.3 area 0



R1

router ospf 200
 router-id 10.1.0.7
 network 10.1.0.7 0.0.0.0 area 0
 network 10.1.2.0 0.0.0.3 area 0
 network 10.1.2.8 0.0.0.3 area 0
 network 10.1.2.20 0.0.0.3 area 1



R2

router ospf 200
 router-id 10.1.0.8
 network 10.1.0.8 0.0.0.3 area 0
 network 10.1.2.4 0.0.0.3 area 0
 network 10.1.2.12 0.0.0.3 area 0
 network 10.1.2.24 0.0.0.3 area 1



S7

router ospf 200
 router-id 10.1.0.9
 graceful-restart
 network 10.1.0.9 0.0.0.0 area 1
 network 10.1.2.20 0.0.0.3 area 1
 network 10.1.2.24 0.0.0.3 area 1
 network 194.1.10.0 0.0.0.255 area 1
 network 194.1.50.0 0.0.0.255 area 1
 network 194.1.60.0 0.0.0.255 area 1

在省行的业务区,要在交换机S3、S4的始发终端网段以及VLAN100设备管理地址段,均以重发布直连的方式注入路由。

S1

router ospf 100
 router-id 10.1.0.1
 graceful-restart
 **redistribute ospf 200 metric-type 1 route-map 410—10 subnets**
 network 10.1.0.1 0.0.0.0 area 0
 network 10.1.1.0 0.0.0.3 area 0
 network 10.1.1.4 0.0.0.3 area 0
 network 10.1.254.252 0.0.0.3 area 0
 **default-information originate always metric 5 metric-type 1**

router ospf 200
 router-id 10.1.0.1
 graceful-restart
 **redistribute ospf 100 metric-type 1 route-map 10_410 subnets**
 network 10.1.2.0 0.0.0.3 area 0
 network 10.1.2.4 0.0.0.3 area 0
 **default-information originate always metric 5 metric-type 1**

龙首原支行使用S7交换机作为无线网络中用户(VLAN 460)和无线网络中的FIT AP(VLAN 450)设备的DHCP服务器。

service dhcp
!
ip dhcp pool vlan_ap50
 option 138 ip 192.1.100.2 192.1.100.3
 network 194.1.50.0 255.255.255.0
 default-router 194.1.50.254
!
ip dhcp pool vlan_60
 network 194.1.60.0 255.255.255.0
 default-router 194.1.60.254

在无线网络中部署AC冗余,实现备份。其中,配置AC1为主用。配置AC2为备用。此外,AP与AC1、AC2之间均需要建立隧道,规划Fit AP与双AC的VLAN100设备管理地址建立隧道建立。

AC1

ac-controller
 capwap ctrl-ip 192.1.100.2

AC2

ac-controller
 capwap ctrl-ip 192.1.100.3

省行外联区出口网关EG1上进行NAT配置,实现省行业务区办公网络(VLAN 60、VLAN 460),通过NAPT方式将内网IP地址转换到互联网接口上。其中,NAT地址池的地址为200.1.1.3/29-200.1.1.5/29。生产网络(VLAN 10,VLAN 410)及其他地址均不允许访问互联网。

ip access-list standard 1
 10 permit 192.1.0.0 0.0.255.255 time-range any
 20 permit 194.1.0.0 0.0.255.255 time-range any
 30 permit any
!
ip access-list extended 103
 10 permit gre host 200.1.1.2 host 200.2.1.2


ip nat pool 1 200.1.1.3 200.1.1.5 netmask 255.255.255.248

在第三方公司的出口网关EG2上,进行NAT部署,实现其无线网络中的用户能访问Internet。其中,NAT地址池与EG2的Gi0/4接口IP相同。

ip access-list extended 103
 10 permit gre host 200.2.1.2 host 200.1.1.2

在网络安全出口设备EG1与EG2之间,启用GRE Over IPSec VPN嵌套功能。配置IPSec使用静态点对点模式。esp传输模式封装协议。isakmp策略定义加密算法采用3des。散列算法采用md5。预共享密码为test。DH使用组2。转换集myset定义加密验证方式为esp-3des esp-md5-hmac,感兴趣流ACL编号为103,加密图定义为mymap。

EG1

crypto isakmp policy 1
 encryption 3des
 authentication pre-share
 hash md5
 group 2
!
crypto isakmp key 0 test address 200.2.1.2
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto map mymap 1 ipsec-isakmp
 set peer 200.2.1.2<br /> set transform-set myset
 set autoup
 match address 103


interface GigabitEthernet 0/4
 nexthop 200.1.1.1
 reverse-path
 ip address 200.1.1.2 255.255.255.248
 crypto map mymap
 ip nat outside


interface Tunnel 0
 ip address 10.1.4.1 255.255.255.252
 tunnel source GigabitEthernet 0/4
 tunnel destination 200.2.1.2


ip route 195.1.0.0 255.255.0.0 Tunnel 0


EG2

crypto isakmp policy 1
 encryption 3des
 authentication pre-share
 hash md5
 group 2
!
crypto isakmp key 0 test address 200.1.1.2
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto map mymap 1 ipsec-isakmp
 set peer 200.1.1.2<br /> set transform-set myset
 set autoup
 match address 103


interface GigabitEthernet 0/4
 nexthop 200.2.1.1
 reverse-path
 ip address 200.2.1.2 255.255.255.248
 crypto map mymap
 ip nat outside


interface Tunnel 0
 ip address 10.1.4.2 255.255.255.252
 tunnel source GigabitEthernet 0/4
 tunnel destination 200.1.1.2


ip route 192.1.0.0 255.255.0.0 Tunnel 0
ip route 194.1.0.0 255.255.0.0 Tunnel 0

第三方公司的AP3使用胖模式进行部署,具体要求如下所示。配置AP3设备,使用透明模式传输。其中,管理地址为195.1.100.1/24。网关地址为195.1.100.254,网关部署在EG2上。在AP3设备上,创建SSID(WLAN-ID 3)为Admin-Fat_XX(备注:XX现场提供),保障内网中无线网络中的用户在关联SSID后,可自动获取 195.1.60.0/24网段地址(DHCP部署在EG2上)。

EG2

service dhcp
ip dhcp database
!
ip dhcp pool v100
 network 195.1.100.0 255.255.255.0
 default-router 195.1.100.254
!
ip dhcp pool v60
 network 195.1.60.0 255.255.255.0
 default-router 195.1.60.254


interface GigabitEthernet 0/1.60
 encapsulation dot1Q 60
 ip address 195.1.60.254 255.255.255.0
!
interface GigabitEthernet 0/1.100
 encapsulation dot1Q 100
 ip address 195.1.100.254 255.255.255.0

S1

hostname S1
!
no cwmp
!
service dhcp
!
ip dhcp pool pool_10
 network 192.1.10.0 255.255.255.0
 default-router 192.1.10.254 esc_newline_!
ip dhcp pool pool_60_esc_newline lease 0 12 0 esc_newline network 192.1.60.0 255.255.255.0
 default-router 192.1.60.254 esc_newline_!
ip dhcp pool pool_ap_esc_newline option 138 ip 192.1.100.2 192.1.100.3 esc_newline lease infinite
 network 192.1.50.0 255.255.255.0
 default-router 192.1.50.254 esc_newline_!
ip dhcp pool pool_50
!
install 0 S5760C-48GT4XS-X
!
sysmac 1082.3d95.fbfb
!
webmaster level 0 username admin secret 8 1c7eyy23uMQk2*|82&|b!hxh.>6j*&fnnvjd8nb.b,`2t.h4`:f6
enable service web-server http
enable service web-server https
!
nfpp
!
password policy printable-character-check
password policy min-size 8
password policy strong
service password-encryption
!
redundancy
!
no storage lifetime set
!
no enable service snmp-agent
ip ssh key-exchange dh_group_exchange_sha1 dh_group14_sha1 ecdh_sha2_nistp256 ecdh_sha2_nistp384 ecdh_sha2_nistp521
ip ssh cipher-mode ctr gcm
ip ssh hmac-algorithm sha2-256 sha2-512
!
login privilege log
no enable service telnet-server
!
vlan range 1,100
!
interface GigabitEthernet 0/1_esc_newline no switchport
 ip address 10.1.3.1 255.255.255.252
!
interface GigabitEthernet 0/2
 no switchport
 ip address 10.1.1.1 255.255.255.252
!
interface GigabitEthernet 0/3
 no switchport
 ip address 10.1.1.5 255.255.255.252
 ip ospf cost 5
!
interface GigabitEthernet 0/4
 no switchport
 ip address 10.1.2.1 255.255.255.252
!
interface GigabitEthernet 0/5
 no switchport
 ip address 10.1.2.5 255.255.255.252
 ip ospf cost 5
!
interface GigabitEthernet 0/6
!
interface GigabitEthernet 0/7
!
interface GigabitEthernet 0/8
!
interface GigabitEthernet 0/9
!
interface GigabitEthernet 0/10
!
interface GigabitEthernet 0/11
!
interface GigabitEthernet 0/12
!
interface GigabitEthernet 0/13
!
interface GigabitEthernet 0/14
!
interface GigabitEthernet 0/15
!
interface GigabitEthernet 0/16
!       esc_newline_interface GigabitEthernet 0/17
!
interface GigabitEthernet 0/18
!
interface GigabitEthernet 0/19
!
interface GigabitEthernet 0/20
!
interface GigabitEthernet 0/21
!
interface GigabitEthernet 0/22
!
interface GigabitEthernet 0/23
!
interface GigabitEthernet 0/24
!
interface GigabitEthernet 0/25
!
interface GigabitEthernet 0/26
!
interface GigabitEthernet 0/27
!
interface GigabitEthernet 0/28
!       esc_newline_interface GigabitEthernet 0/29
!
interface GigabitEthernet 0/30
!
interface GigabitEthernet 0/31
!
interface GigabitEthernet 0/32
!
interface GigabitEthernet 0/33
!
interface GigabitEthernet 0/34
!
interface GigabitEthernet 0/35
!
interface GigabitEthernet 0/36
!
interface GigabitEthernet 0/37
!
interface GigabitEthernet 0/38
!
interface GigabitEthernet 0/39
!
interface GigabitEthernet 0/40
!       esc_newline_interface GigabitEthernet 0/41
!
interface GigabitEthernet 0/42
!
interface GigabitEthernet 0/43
!
interface GigabitEthernet 0/44
!
interface GigabitEthernet 0/45
!
interface GigabitEthernet 0/46
!
interface GigabitEthernet 0/47_esc_newline no switchport_esc_newline shutdown
!
interface GigabitEthernet 0/48_esc_newline no switchport
 shutdown
!
interface TenGigabitEthernet 0/49
!
interface TenGigabitEthernet 0/50
!       esc_newline_interface TenGigabitEthernet 0/51
!
interface TenGigabitEthernet 0/52
!
interface AggregatePort 1_esc_newline no switchport
 ip address 10.1.254.253 255.255.255.252
 ip ospf cost 10
!
interface Loopback 0
 ip address 10.1.0.1 255.255.255.255
!
interface VLAN 1
!
interface VLAN 100
!
interface Mgmt 0
 ip address mix dhcp
 ip address mix 192.168.1.200 255.255.255.0
!
router ospf 100
 router-id 10.1.0.1
 graceful-restart
 redistribute ospf 200 metric-type 1 route-map 410_10 subnets
 bfd all-interfaces
 network 10.1.0.1 0.0.0.0 area 0
 network 10.1.1.0 0.0.0.3 area 0
 network 10.1.1.4 0.0.0.3 area 0
 network 10.1.254.252 0.0.0.3 area 0
 default-information originate metric 5 metric-type 1
!
router ospf 200
 router-id 10.1.0.1
 graceful-restart
 redistribute ospf 100 metric-type 1 route-map 10_410 subnets
 bfd all-interfaces
 network 10.1.0.1 0.0.0.0 area 0
 network 10.1.2.0 0.0.0.3 area 0
 network 10.1.2.4 0.0.0.3 area 0
 default-information originate metric 5 metric-type 1
!
ip route 0.0.0.0 0.0.0.0 10.1.3.2
!
snmp-server logging set-operation
no snmp-server enable version v1
no snmp-server enable version v2c
snmp-server enable version v3
snmp-server enable secret-dictionary-check
!
line console 0
line vty 0 4
 login
!
end

S2

hostname S2
!
no cwmp
!
install 0 S5760C-48GT4XS-X
!
sysmac 1082.3d95.fc0a
!
webmaster level 0 username admin secret 8 1c7eyy23uMQk2*|82&|b!hxh.>6j*&fnnvjd8nb.b,`2t.h4`:f6
enable service web-server http
enable service web-server https
!
nfpp
!
password policy printable-character-check
password policy min-size 8
password policy strong
service password-encryption
!
redundancy
!
no storage lifetime set
!
no enable service snmp-agent
ip ssh key-exchange dh_group_exchange_sha1 dh_group14_sha1 ecdh_sha2_nistp256 ecdh_sha2_nistp384 ecdh_sha2_nistp521
ip ssh cipher-mode ctr gcm
ip ssh hmac-algorithm sha2-256 sha2-512
!
login privilege log
no enable service telnet-server
!
vlan range 1,100
!
interface GigabitEthernet 0/1
 no switchport
 ip address 10.1.3.5 255.255.255.252
!
interface GigabitEthernet 0/2
 no switchport
 ip address 10.1.1.9 255.255.255.252
 ip ospf cost 5
!
interface GigabitEthernet 0/3
 no switchport
 ip address 10.1.1.13 255.255.255.252
!
interface GigabitEthernet 0/4
 no switchport
 ip address 10.1.2.9 255.255.255.252
 ip ospf cost 5
!
interface GigabitEthernet 0/5
 no switchport
 ip address 10.1.2.13 255.255.255.252
!
interface GigabitEthernet 0/6
!
interface GigabitEthernet 0/7
!
interface GigabitEthernet 0/8
!
interface GigabitEthernet 0/9
!
interface GigabitEthernet 0/10
!
interface GigabitEthernet 0/11
!
interface GigabitEthernet 0/12
!
interface GigabitEthernet 0/13
!
interface GigabitEthernet 0/14
!
interface GigabitEthernet 0/15
!
interface GigabitEthernet 0/16
!
interface GigabitEthernet 0/17
!
interface GigabitEthernet 0/18
!
interface GigabitEthernet 0/19
!
interface GigabitEthernet 0/20
!
interface GigabitEthernet 0/21
!
interface GigabitEthernet 0/22
!
interface GigabitEthernet 0/23
!
interface GigabitEthernet 0/24
!
interface GigabitEthernet 0/25
!
interface GigabitEthernet 0/26
!
interface GigabitEthernet 0/27
!
interface GigabitEthernet 0/28
!
interface GigabitEthernet 0/29
!
interface GigabitEthernet 0/30
!
interface GigabitEthernet 0/31
!
interface GigabitEthernet 0/32
!
interface GigabitEthernet 0/33
!
interface GigabitEthernet 0/34
!
interface GigabitEthernet 0/35
!
interface GigabitEthernet 0/36
!
interface GigabitEthernet 0/37
!
interface GigabitEthernet 0/38
!
interface GigabitEthernet 0/39
!
interface GigabitEthernet 0/40
!
interface GigabitEthernet 0/41
!
interface GigabitEthernet 0/42
!
interface GigabitEthernet 0/43
!
interface GigabitEthernet 0/44
!
interface GigabitEthernet 0/45
!
interface GigabitEthernet 0/46
!
interface GigabitEthernet 0/47
 no switchport
 shutdown
!
interface GigabitEthernet 0/48
 no switchport
 shutdown esc_newline_!
interface TenGigabitEthernet 0/49
!
interface TenGigabitEthernet 0/50
!
interface TenGigabitEthernet 0/51
!
interface TenGigabitEthernet 0/52
!
interface AggregatePort 1_esc_newline no switchport
 ip address 10.1.254.253 255.255.255.252
 ip ospf cost 10
!
interface Loopback 0
 ip address 10.1.0.2 255.255.255.255
!
interface VLAN 1
!
interface VLAN 100
!
interface Mgmt 0
 ip address mix dhcp
 ip address mix 192.168.1.200 255.255.255.0
!
router ospf 100
 router-id 10.1.0.2
 graceful-restart
 redistribute ospf 200 metric-type 1 route-map 460_60 subnets
 bfd all-interfaces
 network 10.1.0.2 0.0.0.0 area 0
 network 10.1.1.8 0.0.0.3 area 0
 network 10.1.1.12 0.0.0.3 area 0
 network 10.1.254.252 0.0.0.3 area 0
 default-information originate metric-type 1
!
router ospf 200
 router-id 10.1.0.2
 graceful-restart
 redistribute ospf 100 metric-type 1 route-map 60_460 subnets
 bfd all-interfaces
 network 10.1.0.0 0.0.0.3 area 0
 network 10.1.2.8 0.0.0.3 area 0
 network 10.1.2.12 0.0.0.3 area 0
 default-information originate metric-type 1
!
ip route 0.0.0.0 0.0.0.0 10.1.3.6
!       esc_newline_snmp-server logging set-operation
no snmp-server enable version v1
no snmp-server enable version v2c
snmp-server enable version v3
snmp-server enable secret-dictionary-check
!
line console 0
line vty 0 4_esc_newline login
!
end

S3

hostname S3
!
spanning-tree mst configuration
 revision 1
 name test
 instance 0 vlan 1-9, 11-49, 51-59, 61-99, 101-4094
 instance 1 vlan 10, 100
 instance 2 vlan 50, 60
!
spanning-tree mst 1 priority 4096
spanning-tree mst 2 priority 8192
spanning-tree
!
cwmp
 cpe inform interval 60
!
service dhcp
ip helper-address 10.1.0.1
!
install 0 S5300-24GT4XS-E
!
sysmac 4881.d4c9.67d7
!
webmaster level 0 username admin secret 8 1c7eyy23uMQk2*|82&|b!hxh.>6j*&fnnvjd8nb.b,`2t.h4`:f6
enable service web-server http
enable service web-server https
!
nfpp
!
password policy printable-character-check
password policy min-size 8
password policy strong
service password-encryption
!
redundancy
!
no storage lifetime set
!
no enable service snmp-agent
ip ssh key-exchange dh_group_exchange_sha1 dh_group14_sha1 ecdh_sha2_nistp256 ecdh_sha2_nistp384 ecdh_sha2_nistp521
ip ssh cipher-mode ctr gcm
ip ssh hmac-algorithm sha2-256 sha2-512
!
login privilege log
no enable service telnet-server
!
vlan 10
 name Production
!
vlan 50
 name APManage_YWQ
!
vlan 60
 name Wireless
!
vlan 100
 name Manage
!
vlan 1
!
interface GigabitEthernet 0/1
 switchport mode trunk
 switchport trunk native vlan 100
 switchport trunk allowed vlan only 10,50,60,100
!
interface GigabitEthernet 0/2
!
interface GigabitEthernet 0/3
 port-group 3
!
interface GigabitEthernet 0/4
 port-group 3
!
interface GigabitEthernet 0/5
!
interface GigabitEthernet 0/6
!
interface GigabitEthernet 0/7
!
interface GigabitEthernet 0/8
!
interface GigabitEthernet 0/9
!
interface GigabitEthernet 0/10
!
interface GigabitEthernet 0/11
!
interface GigabitEthernet 0/12
!
interface GigabitEthernet 0/13
!
interface GigabitEthernet 0/14
!
interface GigabitEthernet 0/15
!
interface GigabitEthernet 0/16
!
interface GigabitEthernet 0/17
!
interface GigabitEthernet 0/18
!
interface GigabitEthernet 0/19
!
interface GigabitEthernet 0/20
!
interface GigabitEthernet 0/21
 port-group 2 mode active
!
interface GigabitEthernet 0/22
 port-group 2 mode active
!
interface GigabitEthernet 0/23
 no switchport
 ip address 10.1.1.2 255.255.255.252
!
interface GigabitEthernet 0/24
 no switchport
 ip address 10.1.1.10 255.255.255.252
 ip ospf cost 5
!       esc_newline_interface TenGigabitEthernet 0/25
!
interface TenGigabitEthernet 0/26
!
interface TenGigabitEthernet 0/27
!
interface TenGigabitEthernet 0/28
!
interface AggregatePort 1
!
interface AggregatePort 2_esc_newline switchport mode trunk
 switchport trunk native vlan 100
 switchport trunk allowed vlan only 10,50,60,100
!
interface AggregatePort 3
 switchport mode trunk
 switchport trunk native vlan 100
 switchport trunk allowed vlan only 10,50,60,100
!
interface Loopback 0
 ip address 10.1.0.3 255.255.255.255
!
interface VLAN 1
!
interface VLAN 10
 ip address 192.1.10.252 255.255.255.0
 vrrp 10 ip 192.1.10.254
 vrrp 10 priority 150
!
interface VLAN 50
 ip address 192.1.50.252 255.255.255.0
 vrrp 50 ip 192.1.50.254
 vrrp 50 priority 120
!
interface VLAN 60
 ip address 192.1.60.252 255.255.255.0
 vrrp 60 ip 192.1.60.254
 vrrp 60 priority 120
!
interface VLAN 100
 ip address 192.1.100.252 255.255.255.0
 vrrp 100 ip 192.1.100.254
 vrrp 100 priority 150
!
interface Mgmt 0
 ip address mix dhcp
 ip address mix 192.168.1.200 255.255.255.0
!
router ospf 100
 router-id 10.1.0.3
 graceful-restart
 redistribute connected metric-type 1 subnets
 redistribute static metric-type 1 subnets
 network 10.1.0.3 0.0.0.0 area 0
 network 10.1.1.0 0.0.0.3 area 0
 network 10.1.1.8 0.0.0.3 area 0
 network 192.1.10.0 0.0.0.255 area 0
 network 192.1.50.0 0.0.0.255 area 0
 network 192.1.60.0 0.0.0.255 area 0
!
ip route 10.1.0.5 255.255.255.255 192.1.100.2
ip route 10.1.0.6 255.255.255.255 192.1.100.3 10
!
snmp-server logging set-operation
no snmp-server enable version v1
no snmp-server enable version v2c
snmp-server enable version v3
snmp-server enable secret-dictionary-check
!
line console 0
line vty 0 4
 login
!
end

S4

hostname S4
!
spanning-tree mst configuration
 revision 1
 name test
 instance 0 vlan 1-9, 11-49, 51-59, 61-99, 101-4094
 instance 1 vlan 10, 100
 instance 2 vlan 50, 60
!
spanning-tree mst 1 priority 4096
spanning-tree
!
cwmp
 cpe inform interval 60
!
service dhcp
ip helper-address 10.1.0.1
!
install 0 S5300-24GT4XS-E
!
sysmac 4881.d4c9.67da
!
webmaster level 0 username admin secret 8 1c7eyy23uMQk2*|82&|b!hxh.>6j*&fnnvjd8nb.b,`2t.h4`:f6
enable service web-server http
enable service web-server https
!
nfpp
!
password policy printable-character-check
password policy min-size 8
password policy strong
service password-encryption
!
redundancy
!
no storage lifetime set
!
no enable service snmp-agent
ip ssh key-exchange dh_group_exchange_sha1 dh_group14_sha1 ecdh_sha2_nistp256 ecdh_sha2_nistp384 ecdh_sha2_nistp521
ip ssh cipher-mode ctr gcm
ip ssh hmac-algorithm sha2-256 sha2-512
!
login privilege log
no enable service telnet-server
!
vlan 10
 name Production
!       esc_newline_vlan 50_esc_newline name APManage_YWQ
!
vlan 60
 name Wireless
!
vlan 100
 name Manage
!
vlan 1
!
interface GigabitEthernet 0/1
!
interface GigabitEthernet 0/2
 switchport mode trunk
 switchport trunk native vlan 100
 switchport trunk allowed vlan only 10,50,60,100
!
interface GigabitEthernet 0/3
 port-group 4
!
interface GigabitEthernet 0/4
 port-group 4
!       esc_newline_interface GigabitEthernet 0/5
!
interface GigabitEthernet 0/6
!
interface GigabitEthernet 0/7
!
interface GigabitEthernet 0/8
!
interface GigabitEthernet 0/9
!
interface GigabitEthernet 0/10
!
interface GigabitEthernet 0/11
!
interface GigabitEthernet 0/12
!
interface GigabitEthernet 0/13
!
interface GigabitEthernet 0/14
!
interface GigabitEthernet 0/15
!
interface GigabitEthernet 0/16
!       esc_newline_interface GigabitEthernet 0/17
!
interface GigabitEthernet 0/18
!
interface GigabitEthernet 0/19
!
interface GigabitEthernet 0/20
!
interface GigabitEthernet 0/21_esc_newline port-group 2 mode passive
!
interface GigabitEthernet 0/22_esc_newline port-group 2 mode passive
!
interface GigabitEthernet 0/23
 no switchport
 ip address 10.1.1.6 255.255.255.252
 ip ospf cost 5
!
interface GigabitEthernet 0/24
 no switchport
 ip address 10.1.1.14 255.255.255.252
!
interface TenGigabitEthernet 0/25
!
interface TenGigabitEthernet 0/26
!
interface TenGigabitEthernet 0/27
!
interface TenGigabitEthernet 0/28
!
interface AggregatePort 1
!
interface AggregatePort 2
 switchport mode trunk
 switchport trunk native vlan 100
 switchport trunk allowed vlan only 10,50,60,100
!
interface AggregatePort 4
 switchport mode trunk
 switchport trunk native vlan 100
 switchport trunk allowed vlan only 10,50,60,100
!
interface Loopback 0
 ip address 10.1.0.4 255.255.255.255
!
interface VLAN 1
!       esc_newline_interface VLAN 10_esc_newline ip address 192.1.10.253 255.255.255.0
 vrrp 10 ip 192.1.10.254
 vrrp 10 priority 120
!
interface VLAN 50
 ip address 192.1.50.253 255.255.255.0
 vrrp 50 ip 192.1.50.254
 vrrp 50 priority 150
!
interface VLAN 60
 ip address 192.1.60.253 255.255.255.0
 vrrp 60 ip 192.1.60.254
 vrrp 60 priority 150
!
interface VLAN 100
 ip address 192.1.100.253 255.255.255.0
 vrrp 100 ip 192.1.100.254
 vrrp 100 priority 120
!
interface Mgmt 0
 ip address mix dhcp
 ip address mix 192.168.1.200 255.255.255.0
!       esc_newline_router ospf 100_esc_newline router-id 10.1.0.4
 graceful-restart
 redistribute connected metric-type 1 subnets
 redistribute static metric-type 1 subnets
 network 10.1.0.4 0.0.0.0 area 0
 network 10.1.1.4 0.0.0.3 area 0
 network 10.1.1.12 0.0.0.3 area 0
 network 192.1.10.0 0.0.0.255 area 0
 network 192.1.50.0 0.0.0.255 area 0
 network 192.1.60.0 0.0.0.255 area 0
!
ip route 10.1.0.5 255.255.255.255 192.1.100.2 10
ip route 10.1.0.6 255.255.255.255 192.1.100.3
!
snmp-server logging set-operation
no snmp-server enable version v1
no snmp-server enable version v2c
snmp-server enable version v3
snmp-server enable secret-dictionary-check
!
line console 0
line vty 0 4
 login  
!
end

VSU

hostname VSU
!
spanning-tree mst configuration
 revision 1
 name test
!
spanning-tree
!
cwmp
 cpe inform interval 60
!
service dhcp
!
install switch 1 S5310-24GT4XS-E
install switch 2 S5310-24GT4XS-E
install 1/0 S5310-24GT4XS-E
install 2/0 S5310-24GT4XS-E
!
sysmac 7042.d39c.a16c
!
webmaster level 0 username admin secret 8 1c7eyy23uMQk2*|82&|b!hxh.>6j*&fnnvjd8nb.b,`2t.h4`:f6
enable service web-server http
enable service web-server https
!       esc_newline_nfpp
!
password policy printable-character-check
password policy min-size 8
password policy strong
service password-encryption
!
redundancy
!
no storage lifetime set
!
no enable service snmp-agent
ip ssh key-exchange dh_group_exchange_sha1 dh_group14_sha1 ecdh_sha2_nistp256 ecdh_sha2_nistp384 ecdh_sha2_nistp521
ip ssh cipher-mode ctr gcm
ip ssh hmac-algorithm sha2-256 sha2-512
!
login privilege log
no enable service telnet-server
!
vlan 10_esc_newline name Production
!
vlan 50
 name APManage_YWQ
!
vlan 100
 name Manage
!
vlan 1
!
interface GigabitEthernet 1/0/1
 switchport access vlan 50
!
interface GigabitEthernet 1/0/2
 switchport access vlan 50
!
interface GigabitEthernet 1/0/3
 switchport access vlan 50
!
interface GigabitEthernet 1/0/4
 switchport access vlan 50
!
interface GigabitEthernet 1/0/5
 switchport access vlan 50
!
interface GigabitEthernet 1/0/6
 switchport access vlan 10
!       esc_newline_interface GigabitEthernet 1/0/7_esc_newline switchport access vlan 10
!
interface GigabitEthernet 1/0/8
 switchport access vlan 10
!
interface GigabitEthernet 1/0/9
 switchport access vlan 10
!
interface GigabitEthernet 1/0/10
 switchport access vlan 10
!
interface GigabitEthernet 1/0/11
 switchport access vlan 10
!
interface GigabitEthernet 1/0/12
 switchport access vlan 10
!
interface GigabitEthernet 1/0/13
 switchport access vlan 10
!
interface GigabitEthernet 1/0/14
 switchport access vlan 10
!       esc_newline_interface GigabitEthernet 1/0/15_esc_newline switchport access vlan 10
!
interface GigabitEthernet 1/0/16
 switchport access vlan 10
!
interface GigabitEthernet 1/0/17
 switchport access vlan 10
!
interface GigabitEthernet 1/0/18
 switchport access vlan 10
!
interface GigabitEthernet 1/0/19
 switchport access vlan 10
!
interface GigabitEthernet 1/0/20
 switchport access vlan 10
!
interface GigabitEthernet 1/0/21
!
interface GigabitEthernet 1/0/22
 no switchport
 no lldp enable
!       esc_newline_interface GigabitEthernet 1/0/23_esc_newline port-group 3
!
interface GigabitEthernet 1/0/24
 port-group 4
!
interface GigabitEthernet 2/0/1
 switchport access vlan 50
!
interface GigabitEthernet 2/0/2
 switchport access vlan 50
!
interface GigabitEthernet 2/0/3
 switchport access vlan 50
!
interface GigabitEthernet 2/0/4
 switchport access vlan 50
!
interface GigabitEthernet 2/0/5
 switchport access vlan 50
!
interface GigabitEthernet 2/0/6
 switchport access vlan 10
!       esc_newline_interface GigabitEthernet 2/0/7_esc_newline switchport access vlan 10
!
interface GigabitEthernet 2/0/8
 switchport access vlan 10
!
interface GigabitEthernet 2/0/9
 switchport access vlan 10
!
interface GigabitEthernet 2/0/10
 switchport access vlan 10
!
interface GigabitEthernet 2/0/11
 switchport access vlan 10
!
interface GigabitEthernet 2/0/12
 switchport access vlan 10
!
interface GigabitEthernet 2/0/13
 switchport access vlan 10
!
interface GigabitEthernet 2/0/14
 switchport access vlan 10
!       esc_newline_interface GigabitEthernet 2/0/15_esc_newline switchport access vlan 10
!
interface GigabitEthernet 2/0/16
 switchport access vlan 10
!
interface GigabitEthernet 2/0/17
 switchport access vlan 10
!
interface GigabitEthernet 2/0/18
 switchport access vlan 10
!
interface GigabitEthernet 2/0/19
 switchport access vlan 10
!
interface GigabitEthernet 2/0/20
 switchport access vlan 10
!
interface GigabitEthernet 2/0/21
!
interface GigabitEthernet 2/0/22
 no switchport
 no lldp enable
!       esc_newline_interface GigabitEthernet 2/0/23_esc_newline port-group 3
!
interface GigabitEthernet 2/0/24
 port-group 4
!
interface TenGigabitEthernet 1/0/25
!
interface TenGigabitEthernet 1/0/26
!
interface TenGigabitEthernet 1/0/27
!
interface TenGigabitEthernet 1/0/28
!
interface TenGigabitEthernet 2/0/25
!
interface TenGigabitEthernet 2/0/26
!
interface TenGigabitEthernet 2/0/27
!
interface TenGigabitEthernet 2/0/28
!
interface AggregatePort 3
 switchport mode trunk
 switchport trunk native vlan 100
 switchport trunk allowed vlan only 10,50,60,100
!
interface AggregatePort 4
 switchport mode trunk
 switchport trunk native vlan 100
 switchport trunk allowed vlan only 10,50,60,100
!
interface VLAN 1
!
interface VLAN 50
!
interface VLAN 100
 ip address 192.1.100.1 255.255.255.0
!
interface Mgmt 1/0
 ip address mix dhcp
 ip address mix 192.168.1.200 255.255.255.0
!
interface Mgmt 2/0
 ip address mix dhcp
 ip address mix 192.168.1.200 255.255.255.0
!
switch virtual domain 1
 dual-active detection bfd
 dual-active bfd interface GigabitEthernet 1/0/22
 dual-active bfd interface GigabitEthernet 2/0/22
!
ip route 0.0.0.0 0.0.0.0 192.1.100.254
!
snmp-server logging set-operation
no snmp-server enable version v1
no snmp-server enable version v2c
snmp-server enable version v3
snmp-server enable secret-dictionary-check
!
line console 0
line vty 0 4
 login
!
end

S7

hostname S7
!
cwmp
 cpe inform interval 60
!
service dhcp
!
ip dhcp pool vl450
 option 138 ip 192.1.100.2 192.1.100.3 esc_newline network 194.1.50.0 255.255.255.0
 default-router 194.1.50.254 esc_newline_!
ip dhcp pool vl460_esc_newline network 194.1.60.0 255.255.255.0
 default-router 194.1.60.254 esc_newline_!
install 0 S5310-24GT4XS-E
!
sysmac 7042.d39c.a1c0
!
webmaster level 0 username admin secret 8 1c7eyy23uMQk2*|82&|b!hxh.>6j*&fnnvjd8nb.b,`2t.h4`:f6
enable service web-server http
enable service web-server https
!       esc_newline_nfpp
!
password policy printable-character-check
password policy min-size 8
password policy strong
service password-encryption
!
redundancy
!
no storage lifetime set
!
no enable service snmp-agent
ip ssh key-exchange dh_group_exchange_sha1 dh_group14_sha1 ecdh_sha2_nistp256 ecdh_sha2_nistp384 ecdh_sha2_nistp521
ip ssh cipher-mode ctr gcm
ip ssh hmac-algorithm sha2-256 sha2-512
!
login privilege log
no enable service telnet-server
!
vlan 410_esc_newline name Production
!
vlan 450_esc_newline name APManage_YWQ
!
vlan 460
 name Wireless
!
vlan 1
!
interface GigabitEthernet 0/1
 switchport mode trunk
 switchport trunk native vlan 450
 switchport trunk allowed vlan only 450,460
!
interface GigabitEthernet 0/2
!
interface GigabitEthernet 0/3
!
interface GigabitEthernet 0/4
!
interface GigabitEthernet 0/5
!
interface GigabitEthernet 0/6
!
interface GigabitEthernet 0/7
!
interface GigabitEthernet 0/8
!
interface GigabitEthernet 0/9
!
interface GigabitEthernet 0/10
!
interface GigabitEthernet 0/11
 switchport access vlan 410
!
interface GigabitEthernet 0/12
 switchport access vlan 410
!
interface GigabitEthernet 0/13
 switchport access vlan 410
!
interface GigabitEthernet 0/14
 switchport access vlan 410
!
interface GigabitEthernet 0/15
 switchport access vlan 410
!
interface GigabitEthernet 0/16
 switchport access vlan 410
!
interface GigabitEthernet 0/17
 switchport access vlan 410
!
interface GigabitEthernet 0/18
 switchport access vlan 410
!
interface GigabitEthernet 0/19
 switchport access vlan 410
!
interface GigabitEthernet 0/20
 switchport access vlan 410
!
interface GigabitEthernet 0/21
!
interface GigabitEthernet 0/22
!
interface GigabitEthernet 0/23
 no switchport
 ip address 10.1.2.22 255.255.255.252
!
interface GigabitEthernet 0/24
 no switchport
 ip address 10.1.2.26 255.255.255.252
!
interface TenGigabitEthernet 0/25
!
interface TenGigabitEthernet 0/26
!
interface TenGigabitEthernet 0/27
!
interface TenGigabitEthernet 0/28
!
interface Loopback 0
 ip address 10.1.0.9 255.255.255.255
!
interface VLAN 1
!
interface VLAN 410
 ip address 194.1.10.254 255.255.255.0
!
interface VLAN 450
 ip address 194.1.50.254 255.255.255.0
!
interface VLAN 460
 ip address 194.1.60.254 255.255.255.0
!
interface Mgmt 0
 ip address mix dhcp
 ip address mix 192.168.1.200 255.255.255.0
!
router ospf 200
 router-id 10.1.0.9
 graceful-restart
 network 10.1.0.9 0.0.0.0 area 1
 network 10.1.2.20 0.0.0.3 area 1
 network 10.1.2.24 0.0.0.3 area 1
 network 194.1.10.0 0.0.0.255 area 1
 network 194.1.50.0 0.0.0.255 area 1
 network 194.1.60.0 0.0.0.255 area 1
!
snmp-server logging set-operation
no snmp-server enable version v1
no snmp-server enable version v2c
snmp-server enable version v3
snmp-server enable secret-dictionary-check
!
line console 0
line vty 0 4
 login
!
end

R1

hostname R1
webmaster level 0 username admin password 7 004b244e4a39
!
!
!
no cwmp
!
!
diffserv domain default
!
!
!
vlan 1
!
install 3 HSIC-2HS
!
no service password-encryption
!
!
!
!       esc_newline_ip ref tcp adjust-mss
!
!
!
!
!
control-plane
!
control-plane protocol_esc_newline acpp bw-rate 1750 bw-burst-rate 3500
!
control-plane manage
 port-filter
 arp-car 5
 acpp bw-rate 1750 bw-burst-rate 3500
!
control-plane data
 glean-car 5
 acpp bw-rate 875 bw-burst-rate 1750
!
!
!
!
wan-ta cong-algorithm fec
!
!
web-auth mac-check enable
!
enable service web-server http
enable service web-server https
!
interface Serial 3/0
 clock rate 64000
!
interface Serial 3/1
 clock rate 64000
!
interface GigabitEthernet 0/0
 ip address 10.1.2.2 255.255.255.252
 duplex auto
 speed auto
!
interface GigabitEthernet 0/1
 ip ospf cost 5
 ip address 10.1.2.10 255.255.255.252
 duplex auto
 speed auto
!
interface GigabitEthernet 0/2
 ip address 10.1.2.253 255.255.255.252
 duplex auto
 speed auto
!
interface GigabitEthernet 0/3
 ip ospf cost 10
 ip address 10.1.2.21 255.255.255.252
 duplex auto
 speed auto
!
interface GigabitEthernet 1/0
!
interface GigabitEthernet 1/1
!
interface GigabitEthernet 1/2
!
interface GigabitEthernet 1/3
!
interface GigabitEthernet 1/4
!
interface GigabitEthernet 1/5
!       esc_newline_interface GigabitEthernet 1/6
!
interface GigabitEthernet 1/7
!
interface GigabitEthernet 1/8
!
interface GigabitEthernet 1/9
!
interface GigabitEthernet 1/10
!
interface GigabitEthernet 1/11
!
interface GigabitEthernet 1/12
!
interface GigabitEthernet 1/13
!
interface GigabitEthernet 1/14
!
interface GigabitEthernet 1/15
!
interface GigabitEthernet 1/16
!
interface GigabitEthernet 1/17
!       esc_newline_interface GigabitEthernet 1/18
!
interface GigabitEthernet 1/19
!
interface GigabitEthernet 1/20
!
interface GigabitEthernet 1/21
!
interface GigabitEthernet 1/22
!
interface GigabitEthernet 1/23
!
interface Loopback 0_esc_newline ip address 10.1.0.7 255.255.255.255
!
interface VLAN 1
!
!
!
router ospf 200_esc_newline router-id 10.1.0.7
 network 10.1.0.7 0.0.0.0 area 0
 network 10.1.2.0 0.0.0.3 area 0
 network 10.1.2.8 0.0.0.3 area 0
 network 10.1.2.20 0.0.0.3 area 1
 network 10.1.2.252 0.0.0.3 area 1
!
!
!
ref parameter 75 100
line con 0
line vty 0 4
 login
!
!
end

R2

hostname R2
webmaster level 0 username admin password 7 13041647042f
!
!
!
no cwmp
!
!
diffserv domain default
!
!
!
vlan 1
!
install 2 HSIC-2HS
install 3 HSIC-2HS
!
no service password-encryption
!
!
! esc_newline_!
ip ref tcp adjust-mss
!
!
!
!
!
control-plane
!
control-plane protocol_esc_newline acpp bw-rate 1750 bw-burst-rate 3500
!
control-plane manage
 port-filter
 arp-car 5
 acpp bw-rate 1750 bw-burst-rate 3500
!
control-plane data
 glean-car 5
 acpp bw-rate 875 bw-burst-rate 1750
!
!
!
!       esc_newline_wan-ta cong-algorithm fec
!
!
!
!
web-auth mac-check enable
!
!
!
!
!
enable service web-server http
enable service web-server https
!
!
!
!
!
interface Serial 2/0_esc_newline clock rate 64000
!
interface Serial 2/1
 clock rate 64000
!
interface Serial 3/0
 clock rate 64000
!
interface Serial 3/1
!
interface GigabitEthernet 0/0
 ip ospf cost 5
 ip address 10.1.2.6 255.255.255.252
 duplex auto
 speed auto
!
interface GigabitEthernet 0/1
 ip address 10.1.2.14 255.255.255.252
 duplex auto
 speed auto
!
interface GigabitEthernet 0/2
 ip address 10.1.2.254 255.255.255.252
 duplex auto
 speed auto
!
interface GigabitEthernet 0/3
 ip ospf cost 10
 ip address 10.1.2.25 255.255.255.252
 duplex auto
 speed auto
!
interface GigabitEthernet 1/0
!
interface GigabitEthernet 1/1
!
interface GigabitEthernet 1/2
!       esc_newline_interface GigabitEthernet 1/3
!
interface GigabitEthernet 1/4
!
interface GigabitEthernet 1/5
!
interface GigabitEthernet 1/6
!
interface GigabitEthernet 1/7
!
interface GigabitEthernet 1/8
!
interface GigabitEthernet 1/9
!
interface GigabitEthernet 1/10
!
interface GigabitEthernet 1/11
!
interface GigabitEthernet 1/12
!
interface GigabitEthernet 1/13
!
interface GigabitEthernet 1/14
!       esc_newline_interface GigabitEthernet 1/15
!
interface GigabitEthernet 1/16
!
interface GigabitEthernet 1/17
!
interface GigabitEthernet 1/18
!
interface GigabitEthernet 1/19
!
interface GigabitEthernet 1/20
!
interface GigabitEthernet 1/21
!
interface GigabitEthernet 1/22
!
interface GigabitEthernet 1/23
!
interface Loopback 0_esc_newline ip address 10.1.0.8 255.255.255.255
!
interface VLAN 1
!
!       esc_newline_router ospf 200_esc_newline router-id 10.1.0.8_esc_newline network 10.1.0.8 0.0.0.0 area 0
 network 10.1.2.4 0.0.0.3 area 0
 network 10.1.2.12 0.0.0.3 area 0
 network 10.1.2.24 0.0.0.3 area 1
 network 10.1.2.252 0.0.0.3 area 1
!
router ospf 2000
!       esc_newline_!
ref parameter 75 100
line con 0
line vty 0 4_esc_newline login
!
!
end

R3

hostname R3
webmaster level 0 username admin password 7 073f07221c1c
!
!
!
!
!
!
no cwmp
!
!
diffserv domain default
!
!
vlan 1
!
!
no service password-encryption
!
!
!
ip ref tcp adjust-mss
!
!
!
!
!
control-plane
!
control-plane protocol
 acpp bw-rate 1750 bw-burst-rate 3500
!
control-plane manage
 port-filter
 arp-car 5
 acpp bw-rate 1750 bw-burst-rate 3500
!
control-plane data
 glean-car 5
 acpp bw-rate 875 bw-burst-rate 1750
!
!
!
!
wan-ta cong-algorithm fec
!       esc_newline_!
!
web-auth mac-check enable
!
!
!
!
!
enable service web-server http
enable service web-server https
!
!
!
interface GigabitEthernet 0/0_esc_newline ip address 200.2.1.1 255.255.255.248
 duplex auto
 speed auto
!
interface GigabitEthernet 0/1
 ip address 200.1.1.1 255.255.255.248
 duplex auto
 speed auto
!
interface GigabitEthernet 0/2
 duplex auto
 speed auto
!
interface GigabitEthernet 0/3
 duplex auto
 speed auto
!
interface GigabitEthernet 1/0
!
interface GigabitEthernet 1/1
!
interface GigabitEthernet 1/2
!
interface GigabitEthernet 1/3
!
interface GigabitEthernet 1/4
!
interface GigabitEthernet 1/5
!
interface GigabitEthernet 1/6
!
interface GigabitEthernet 1/7
!
interface GigabitEthernet 1/8
!
interface GigabitEthernet 1/9
!
interface GigabitEthernet 1/10
!
interface GigabitEthernet 1/11
!
interface GigabitEthernet 1/12
!
interface GigabitEthernet 1/13
!
interface GigabitEthernet 1/14
!
interface GigabitEthernet 1/15
!
interface GigabitEthernet 1/16
!
interface GigabitEthernet 1/17
!
interface GigabitEthernet 1/18
!
interface GigabitEthernet 1/19
!
interface GigabitEthernet 1/20
!
interface GigabitEthernet 1/21
!
interface GigabitEthernet 1/22
!
interface GigabitEthernet 1/23
!
interface Loopback 0
 ip address 195.1.1.1 255.255.255.255
!       esc_newline_interface VLAN 1
!
!
router ospf 200
!
!
ref parameter 75 100
line con 0
line vty 0 4_esc_newline login
!
!
end

AC1

hostname AC1
!
ap-group default
!
ap-config all
!
ac-controller
 capwap ctrl-ip 192.1.100.2
 country CN
 802.11g network rate 1 disabled
 802.11g network rate 2 disabled
 802.11g network rate 5 disabled
 802.11g network rate 6 supported
 802.11g network rate 9 supported
 802.11g network rate 11 mandatory
 802.11g network rate 12 supported
 802.11g network rate 18 supported
 802.11g network rate 24 supported
 802.11g network rate 36 supported
 802.11g network rate 48 supported
 802.11g network rate 54 supported
 802.11b network rate 1 disabled
 802.11b network rate 2 disabled
 802.11b network rate 5 disabled
 802.11b network rate 11 mandatory
 802.11a network rate 6 mandatory
 802.11a network rate 9 supported
 802.11a network rate 12 mandatory
 802.11a network rate 18 supported
 802.11a network rate 24 mandatory
 802.11a network rate 36 supported
 802.11a network rate 48 supported
 802.11a network rate 54 supported
!
no identify-application enable
!
no cwmp
!
install 0 WS6008
!
sysmac 4881.d4c4.2297
!
enable service web-server http
enable service web-server https
webmaster level 0 username admin password 7 14134e00281c
no service password-encryption
!
redundancy
!       esc_newline_link-check disable
!
nfpp
!
wids
!
frn
!
vlan 1
!
vlan 100_esc_newline name Manage
!
interface GigabitEthernet 0/1
!
interface GigabitEthernet 0/2
!
interface GigabitEthernet 0/3
 switchport mode trunk
 switchport trunk native vlan 100
 switchport trunk allowed vlan only 10,50,60,100
!
interface GigabitEthernet 0/4
!       esc_newline_interface GigabitEthernet 0/5
!
interface GigabitEthernet 0/6
!
interface GigabitEthernet 0/7
!
interface GigabitEthernet 0/8
!
interface Loopback 0_esc_newline ip address 10.1.0.5 255.255.255.255
!
interface VLAN 1
!
interface VLAN 100
 ip address 192.1.100.2 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 192.1.100.254
!
line console 0
line vty 0 4
 login
!
end

AC2

hostname AC2
!
ap-group default
!
ap-config all
!
ac-controller
 capwap ctrl-ip 192.1.100.3
 tunnel-mode local
 country CN
 802.11g network rate 1 disabled
 802.11g network rate 2 disabled
 802.11g network rate 5 disabled
 802.11g network rate 6 supported
 802.11g network rate 9 supported
 802.11g network rate 11 mandatory
 802.11g network rate 12 supported
 802.11g network rate 18 supported
 802.11g network rate 24 supported
 802.11g network rate 36 supported
 802.11g network rate 48 supported
 802.11g network rate 54 supported
 802.11b network rate 1 disabled
 802.11b network rate 2 disabled
 802.11b network rate 5 disabled
 802.11b network rate 11 mandatory
 802.11a network rate 6 mandatory
 802.11a network rate 9 supported
 802.11a network rate 12 mandatory
 802.11a network rate 18 supported
 802.11a network rate 24 mandatory
 802.11a network rate 36 supported
 802.11a network rate 48 supported
 802.11a network rate 54 supported
!
no identify-application enable
!
no cwmp
!
install 0 WS6008
!
sysmac 4881.d4c4.21b9
!
enable service web-server http
enable service web-server https
webmaster level 0 username admin password 7 0121474e3e16
no service password-encryption
!       esc_newline_redundancy
!
link-check disable
!
nfpp
!
wids
!
frn
!
vlan 1
!
vlan 100_esc_newline name Manage
!
interface GigabitEthernet 0/1
!
interface GigabitEthernet 0/2
!
interface GigabitEthernet 0/3
!
interface GigabitEthernet 0/4
 switchport mode trunk
 switchport trunk native vlan 100
 switchport trunk allowed vlan only 10,50,60,100
!
interface GigabitEthernet 0/5
!
interface GigabitEthernet 0/6
!
interface GigabitEthernet 0/7
!
interface GigabitEthernet 0/8
!
interface Loopback 0
 ip address 10.1.0.6 255.255.255.255
!
interface VLAN 1
!
interface VLAN 100
 ip address 192.1.100.3 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 192.1.100.254
!
line console 0
line vty 0 4
 login
!       
end

EG1

hostname EG1
!
ap-group default
!
ap-config all
!
ac-controller
 ac-control disable
 country CN
 802.11g network rate 1 disabled
 802.11g network rate 2 disabled
 802.11g network rate 5 disabled
 802.11g network rate 6 supported
 802.11g network rate 9 supported
 802.11g network rate 11 mandatory
 802.11g network rate 12 supported
 802.11g network rate 18 supported
 802.11g network rate 24 supported
 802.11g network rate 36 supported
 802.11g network rate 48 supported
 802.11g network rate 54 supported
 802.11b network rate 1 disabled
 802.11b network rate 2 disabled
 802.11b network rate 5 disabled
 802.11b network rate 11 mandatory
 802.11a network rate 6 mandatory
 802.11a network rate 9 supported
 802.11a network rate 12 mandatory
 802.11a network rate 18 supported
 802.11a network rate 24 mandatory
 802.11a network rate 36 supported
 802.11a network rate 48 supported
 802.11a network rate 54 supported
!
webservice mgmt-listen enable
webservice mgmt-send enable
!
app-auth offline-detect
!
app-auth cfg-opt id-mac
app-auth cfg-opt syn-proxy
app-auth cfg-opt tup-pass
!
app-auth set-mode business
!
app-auth local-auth subscriber mac-limit 0
!
app-auth wx-state direct
ip session filter 0
flow-pre-mgr enable
flow-pre-mgr protocol-enable
!
flow-pre-mgr upload-pps-limit 0
!
flow-pre-mgr new-session-limit start-up limit 0
flow-pre-mgr new-session-limit virtual-host limit 0
flow-pre-mgr new-session-limit real-host limit 0
!
flow-pre-mgr total-limit 0
!
ip access-list standard 1
 20 deny 194.1.10.0 0.0.0.255 time-range any esc_newline 30 deny 192.1.10.0 0.0.0.255 time-range any esc_newline 40 permit any esc_newline_!
ip access-list extended 103_esc_newline 10 permit gre host 200.1.1.2 host 200.2.1.2 esc_newline_!
ip access-list extended 2397_esc_newline 10 deny ospf any any esc_newline 20 deny 112 any any esc_newline 30 deny icmp any any esc_newline 40 deny udp any eq domain any esc_newline 50 deny tcp any any eq www esc_newline 60 deny tcp any any eq 443 esc_newline 1000 permit ip any any esc_newline list-remark 本地防攻击专用
!
servctl service npm off
servctl service apm off
servctl service rlog off
servctl service was off
servctl service police_log off
servctl service sslvpn off
sntp interval 7200
sntp server ntp1.aliyun.com
sntp server ntp.ntsc.ac.cn
sntp enable
wids
!
ip tcp keepalive
!
time-range any
 periodic Daily 0:00 to 23:59 esc_newline_!
time-range day_time_esc_newline periodic Daily 6:00 to 18:00 esc_newline_!
time-range night_time_esc_newline periodic Weekdays 0:00 to 5:59 esc_newline periodic Daily 18:01 to 23:59 esc_newline_!
time-range unwork_time_esc_newline periodic Weekdays 0:00 to 7:59 esc_newline periodic Weekdays 12:00 to 13:00 esc_newline periodic Weekdays 18:01 to 23:59 esc_newline_!
time-range weekend_esc_newline periodic Weekend 0:00 to 23:59 esc_newline_!
time-range work_time_esc_newline periodic Weekdays 8:00 to 12:00 esc_newline periodic Weekdays 13:00 to 18:00 esc_newline_!
time-range working_time_esc_newline periodic Weekdays 0:00 to 23:59 esc_newline_!
no vwan loss-recover access-list
no vwan loss-recover enable
no vwan loss-recover loss-rate-min
vwan loss-recover mss 1360
no vwan loss-recover interface
no vwan loss-recover app
!
identify-application enable
!
identify-application custom-group 常见网页应用~route_esc_newline app-add WEB应用
 app-add 移动WEB应用
 app-add 论坛PC
 app-add HTTP网络购物
 app-add HTTP游戏
 app-add WEB邮箱
 app-add 腾讯网游WEB
 app-add 普通网页浏览明细
 app-add 腾讯游戏平台
 app-add 腾讯游戏安全器
 app-add 游戏更新
 app-add 即时通讯软件
 app-add 互联网文件传输
 app-add 远程访问协议
 app-add 网银
 app-add 即时通讯_MOBILE
 app-add 社交_MOBILE
 app-add WEB_MOBILE
 app-add 其他_MOBILE
!
identify-application custom-group 常见大流量应用route
 app-add 视频流媒体软件
 app-add P2P应用软件
!
identify-application custom-group 常见视频应用route
 app-add HTTP视频
 app-add 视频|影音_MOBILE
!
identify-application custom-group 常见下载应用route
 app-add HTTP下载
 app-add HTTP上传
 app-add 软件更新
 app-add 网络硬盘
 app-add 下载工具_MOBILE
 app-add 网盘_MOBILE
!
identify-application custom-group 常见网络游戏route
 app-add 腾讯网游
 app-add 网易网游
 app-add 搜狐游戏
!       esc_newline_identify-application custom-group QQ网吧特权相关应用~route_esc_newline app-add 英雄联盟相关
 app-add 英雄联盟登录
!
app-proxy expect enable
no ssl-audit mode
!
anti-pap set-node 0
url-filter-notice display 你被禁止访问这个网站,请联系网站管理员!
no url-audit exact-filter
!
no report-function enable
!
no cwmp
!
dev-audit enable
service dhcp
ip dhcp database
!
ip dhcp pool pool_Gi0/0
 lease 0 8 0 esc_newline network 192.168.1.0 255.255.255.0
 dns-server 114.114.114.114 esc_newline default-router 192.168.1.1 esc_newline_!
ip dhcp pool pool_Gi0/1_esc_newline lease 0 8 0 esc_newline network 10.1.3.0 255.255.255.252
 dns-server 114.114.114.114 esc_newline default-router 10.1.3.2 esc_newline_!
ip dhcp pool pool_Gi0/2_esc_newline lease 0 8 0 esc_newline network 10.1.3.4 255.255.255.252
 dns-server 114.114.114.114 esc_newline default-router 10.1.3.6 esc_newline_!
ip name-server 114.114.114.114
!
dns-proxy
!
mail-service enable
feedback frequency 60
flow-audit enable
flow-audit intf-rt refresh 1
flow-audit intf-rt storage 10 max
!
crypto isakmp policy 1_esc_newline encryption 3des
 authentication pre-share
 hash md5
 group 2
!
crypto isakmp key 7 04231d152a address 200.2.1.2 esc_newline_crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto map mymap 1 ipsec-isakmp_esc_newline set peer 200.2.1.2  esc_newline set transform-set myset
 set autoup
 match address 103
!
layer23 classify enable
!
layer23 scc-attention enable
!
network-group name "Out_Server" parent "/"
!
line-quality enable
!
sys-mode gateway
!       esc_newline_specify interface GigabitEthernet 0/0 lan
specify interface GigabitEthernet 0/1 lan
specify interface GigabitEthernet 0/2 lan
specify interface GigabitEthernet 0/3 lan
specify interface GigabitEthernet 0/4 wan
specify interface GigabitEthernet 0/5 lan
specify interface GigabitEthernet 0/6 wan
specify interface GigabitEthernet 0/7 wan
specify interface GigabitEthernet 0/8 wan
specify interface GigabitEthernet 0/9 wan
!
no nat-log enable
no ip nat-log on
!
password policy strong
no service password-encryption
!
ip http port 80
ip http secure-port 4430
enable service web-server all
enable service web-server http
enable service web-server https
no rnfp-ping-reply enable
!       esc_newline_control-plane_esc_newline ef-rnfp enable_esc_newline security deny wan-web
 security deny wan-telnet
 security deny wan-ssh
!
control-plane protocol
 scpp list 2397 bw-rate 3600 bw-burst-rate 3600
 no acpp
!
control-plane manage
 port-filter esc_newline arp-car 20 log
 scpp list 2397 bw-rate 3600 bw-burst-rate 3600
 no acpp
!
control-plane data
 no glean-car
 scpp list 2397 bw-rate 3600 bw-burst-rate 3600
 no acpp
!
ip ssh key-exchange dh_group_exchange_sha1 dh_group14_sha1
ip ssh cipher-mode ctr
ip ssh hmac-algorithm sha1
ip ssh version 2
sftp-client speed 0
logging filter rule exact-match module LOGIN mnemonic LOGIN_FAIL level 5
logging userinfo command-log
logging buffered 65535
logging file sata0:syslog/syslog 1048576
clock timezone UTC +8 0
!
no upnp-proxy offline-detect
upnp-proxy md5-cipher-string h71*Ayqzct#219qzt
upnp-proxy url-cipher-string !%*sm&aq
no defend-zone global
!
no seczone enable
no seczone syslog enable
!
vpdn limit_rate 15
!
link-check disable
!
web quick-set
macc start-set
webmaster username admin password 7 135440191c361767624a
frn     esc_newline_!
interface GigabitEthernet 0/0_esc_newline reverse-path
 no ip unreachables
 no ip redirects
 no ip mask-reply
 ip address 192.168.1.1 255.255.255.0
 arp gratuitous-send interval 10
 ip nat inside
!
interface GigabitEthernet 0/1
 reverse-path
 no ip unreachables
 no ip redirects
 no ip mask-reply
 ip address 10.1.3.2 255.255.255.252
 arp gratuitous-send interval 10
 ip nat inside
!
interface GigabitEthernet 0/2
 reverse-path
 no ip unreachables
 no ip redirects
 no ip mask-reply
 ip address 10.1.3.6 255.255.255.252
 arp gratuitous-send interval 10
 ip nat inside
!
interface GigabitEthernet 0/3
!
interface GigabitEthernet 0/4
 nexthop 200.1.1.1
 reverse-path
 ip address 200.1.1.2 255.255.255.248
 crypto map mymap
 ip nat outside
!
interface GigabitEthernet 0/5
!
interface GigabitEthernet 0/6
!
interface GigabitEthernet 0/7
!
interface GigabitEthernet 0/8
!
interface GigabitEthernet 0/9
!
interface Loopback 0
 ip address 10.1.0.10 255.255.255.255
!
interface Tunnel 0
 ip address 10.1.4.1 255.255.255.252
 tunnel source GigabitEthernet 0/4
 tunnel destination 200.2.1.2
!
interface Tunnel 10
!
interface SSLVPN 0
!
interface SSLVPN 1
!
app route switch
app route mode new-flow
!
grpc
 sensor-group 1
  sensor-path /rg-sysmon:Sysmon/DeviceInfo/Slot
  sensor-path /rg-fsui:fsui/flash-information
  sensor-path /rg-eg-monitor:device-monitor/device-info
  sensor-path /rg-eg-storage:storage
  sensor-path /rg-eg-dev-audit:da
  sensor-path /rg-grpc:grpc/client-instance/device-ip
  exit-sensor-group
 sensor-group 2
  sensor-path /rg-eg-flow-audit:fa/fa-user-data
  sensor-path /rg-eg-sla:sla-state
  sensor-path /rg-interfaces:interfaces-state
  sensor-path /rg-interfaces:interfaces/interface
  sensor-path /rg-eg-appauth:appauth-users
  sensor-path /rg-webauth:webauth-users
  exit-sensor-group
 sensor-group 3
  sensor-path /rg-eg-flow-audit:fa/fa-ip-app
  exit-sensor-group
 sensor-group 4
  sensor-path /rg-vpn-ipsec:ipsec/crypto-states
  exit-sensor-group
 sensor-group 5
  sensor-path /rg-eg-vwan-rs:vwan-rs-report
  exit-sensor-group
 destination-group 1
  exit-destination-group
 subscription 1
  sensor-group 1 sample-interval 120000
  sensor-group 2 sample-interval 120000
  sensor-group 3 sample-interval 600000
  sensor-group 4 sample-interval 120000
  sensor-group 5 sample-interval 120000
  destination-group 1
  exit-grpc-subscription
!
ip nat pool nat_pool prefix-length 24
 address interface GigabitEthernet 0/4 match interface GigabitEthernet 0/4
!
ip nat pool 1 200.1.1.3 200.1.1.5 netmask 255.255.255.248
ip nat inside source list 1 pool NAPT overload
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet 0/4 200.1.1.1
ip route 192.1.0.0 255.255.0.0 10.1.3.5
ip route 192.1.0.0 255.255.0.0 10.1.3.1 130
ip route 194.1.0.0 255.255.0.0 10.1.3.1 130
ip route 194.1.0.0 255.255.0.0 10.1.3.5
ip route 195.1.0.0 255.255.0.0 Tunnel 0
!
line console 0
line vty 0 4
 login
!
end

EG2

hostname EG2
!
ap-group default
!
ap-config all
!
ac-controller
 ac-control disable
 country CN
 802.11g network rate 1 disabled
 802.11g network rate 2 disabled
 802.11g network rate 5 disabled
 802.11g network rate 6 supported
 802.11g network rate 9 supported
 802.11g network rate 11 mandatory
 802.11g network rate 12 supported
 802.11g network rate 18 supported
 802.11g network rate 24 supported
 802.11g network rate 36 supported
 802.11g network rate 48 supported
 802.11g network rate 54 supported
 802.11b network rate 1 disabled
 802.11b network rate 2 disabled
 802.11b network rate 5 disabled
 802.11b network rate 11 mandatory
 802.11a network rate 6 mandatory
 802.11a network rate 9 supported
 802.11a network rate 12 mandatory
 802.11a network rate 18 supported
 802.11a network rate 24 mandatory
 802.11a network rate 36 supported
 802.11a network rate 48 supported
 802.11a network rate 54 supported
!
webservice mgmt-listen enable
webservice mgmt-send enable
!
app-auth offline-detect
!
app-auth cfg-opt id-mac
app-auth cfg-opt syn-proxy
app-auth cfg-opt tup-pass
!
app-auth set-mode business
!
app-auth local-auth subscriber mac-limit 0
!
app-auth wx-state direct
ip session filter 0
flow-pre-mgr enable
flow-pre-mgr protocol-enable
!
flow-pre-mgr upload-pps-limit 0
!
flow-pre-mgr new-session-limit start-up limit 0
flow-pre-mgr new-session-limit virtual-host limit 0
flow-pre-mgr new-session-limit real-host limit 0
!
flow-pre-mgr total-limit 0
!
ip access-list standard 1
 10 permit any esc_newline_!
ip access-list extended 103_esc_newline 10 permit gre host 200.2.1.2 host 200.1.1.2 esc_newline_!
ip access-list extended 2397_esc_newline 10 deny ospf any any esc_newline 20 deny 112 any any esc_newline 30 deny icmp any any esc_newline 40 deny udp any eq domain any esc_newline 50 deny tcp any any eq www esc_newline 60 deny tcp any any eq 443 esc_newline 1000 permit ip any any esc_newline list-remark esc_newline_!
servctl service police_log off
servctl service npm off
servctl service sslvpn off
servctl service apm off
servctl service rlog off
servctl service was off
sntp interval 7200
sntp server ntp1.aliyun.com
sntp server ntp.ntsc.ac.cn
sntp enable
wids
!
ip tcp keepalive
!
time-range any_esc_newline periodic Daily 0:00 to 23:59 esc_newline_!
time-range day_time_esc_newline periodic Daily 6:00 to 18:00 esc_newline_!       esc_newline_time-range night_time_esc_newline periodic Weekdays 0:00 to 5:59 esc_newline periodic Daily 18:01 to 23:59 esc_newline_!
time-range unwork_time_esc_newline periodic Weekdays 0:00 to 7:59 esc_newline periodic Weekdays 12:00 to 13:00 esc_newline periodic Weekdays 18:01 to 23:59 esc_newline_!
time-range weekend_esc_newline periodic Weekend 0:00 to 23:59 esc_newline_!
time-range work_time_esc_newline periodic Weekdays 8:00 to 12:00 esc_newline periodic Weekdays 13:00 to 18:00 esc_newline_!
time-range working_time_esc_newline periodic Weekdays 0:00 to 23:59 esc_newline_!
no vwan loss-recover access-list
no vwan loss-recover enable
no vwan loss-recover loss-rate-min
vwan loss-recover mss 1360
no vwan loss-recover interface
no vwan loss-recover app
!
identify-application enable
!
identify-application custom-group Ӧoute_esc_newline app-add WEBӦ_esc_newline app-add WEBӦ
 app-add PC
 app-add HTTP
 app-add HTTP
 app-add WEB
 app-add WEB
 app-add esc_newline app-add ƽ
 app-add esc_newline app-add esc_newline app-add ͨѶ
 app-add esc_newline app-add Զ
 app-add esc_newline app-add ͨѶ_MOBILE
 app-add MOBILE_esc_newline app-add WEB_MOBILE
 app-add MOBILE
!
identify-application custom-group oute_esc_newline app-add esc_newline app-add P2PӦ
!
identify-application custom-group Ӧoute
 app-add HTTP
 app-add |ӰOBILE
!
identify-application custom-group Ӧoute
 app-add HTTP
 app-add HTTP
 app-add esc_newline app-add Ӳ
 app-add MOBILE_esc_newline app-add MOBILE
!
identify-application custom-group ~route_esc_newline app-add esc_newline app-add esc_newline app-add esc_newline_!
identify-application custom-group QQӦoute_esc_newline app-add Ӣ
 app-add Ӣ¼
!
app-proxy expect enable
no ssl-audit mode
!
anti-pap set-node 0
url-filter-notice display Ա
no url-audit exact-filter
!
no report-function enable
!
no cwmp
!
dev-audit enable
service dhcp
ip dhcp database
!
ip dhcp pool pool_Gi0/0
 lease 0 8 0 esc_newline network 192.168.1.0 255.255.255.0
 dns-server 114.114.114.114 esc_newline default-router 192.168.1.1 esc_newline_!
ip dhcp pool vlan_100_esc_newline network 195.1.100.0 255.255.255.0
 default-router 195.1.100.254 esc_newline_!
ip dhcp pool vlan_60_esc_newline network 195.1.60.0 255.255.255.0
 default-router 195.1.60.254 esc_newline_!
ip name-server 114.114.114.114
!
dns-proxy
!
mail-service enable
feedback frequency 60
flow-audit enable
flow-audit intf-rt refresh 1
flow-audit intf-rt storage 10 max
!
crypto isakmp policy 1_esc_newline encryption 3des
 authentication pre-share
 hash md5
 group 2
!
crypto isakmp key 7 08172a0606 address 200.1.1.2 esc_newline_crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto map mymap 1 ipsec-isakmp_esc_newline set peer 200.1.1.2  esc_newline set transform-set myset
 set autoup
 match address 103
!
layer23 classify enable
!
layer23 scc-attention enable
!
network-group name "Out_Server" parent "/"
!
line-quality enable
!
sys-mode gateway
!
specify interface GigabitEthernet 0/0 lan
specify interface GigabitEthernet 0/1 lan
specify interface GigabitEthernet 0/2 lan
specify interface GigabitEthernet 0/3 lan
specify interface GigabitEthernet 0/4 wan
specify interface GigabitEthernet 0/5 lan
specify interface GigabitEthernet 0/6 wan
specify interface GigabitEthernet 0/7 wan
specify interface GigabitEthernet 0/8 wan
specify interface GigabitEthernet 0/9 wan
!
no nat-log enable
no ip nat-log on
!
password policy strong
no service password-encryption
!
ip http port 80
ip http secure-port 4430
enable service web-server all
enable service web-server http
enable service web-server https
no rnfp-ping-reply enable
!
control-plane
 ef-rnfp enable
 security deny wan-web
 security deny wan-telnet
 security deny wan-ssh
!       esc_newline_control-plane protocol_esc_newline scpp list 2397 bw-rate 3600 bw-burst-rate 3600
 no acpp
!
control-plane manage
 port-filter esc_newline arp-car 20 log
 scpp list 2397 bw-rate 3600 bw-burst-rate 3600
 no acpp
!
control-plane data
 no glean-car
 scpp list 2397 bw-rate 3600 bw-burst-rate 3600
 no acpp
!
ip ssh key-exchange dh_group_exchange_sha1 dh_group14_sha1
ip ssh cipher-mode ctr
ip ssh hmac-algorithm sha1
ip ssh version 2
sftp-client speed 0
logging filter rule exact-match module LOGIN mnemonic LOGIN_FAIL level 5
logging userinfo command-log
logging buffered 65535
logging file sata0:syslog/syslog 1048576
clock timezone UTC +8 0
!
no upnp-proxy offline-detect
upnp-proxy md5-cipher-string h71*Ayqzct#219qzt
upnp-proxy url-cipher-string !%*sm&aq
no defend-zone global
!
no seczone enable
no seczone syslog enable
!
vpdn limit_rate 15
!
link-check disable
!
web quick-set
macc start-set
webmaster username admin password 7 135440191c361767624a
frn
!
interface GigabitEthernet 0/0
 reverse-path
 no ip unreachables
 no ip redirects
 no ip mask-reply
 ip address 192.168.1.1 255.255.255.0
 arp gratuitous-send interval 10
 ip nat inside
!
interface GigabitEthernet 0/1
!
interface GigabitEthernet 0/1.60
 encapsulation dot1Q 60
 ip address 195.1.60.254 255.255.255.0
!
interface GigabitEthernet 0/1.100
 encapsulation dot1Q 100
 ip address 195.1.100.254 255.255.255.0
!
interface GigabitEthernet 0/2
!
interface GigabitEthernet 0/3
!
interface GigabitEthernet 0/4
 nexthop 200.2.1.1
 reverse-path
 ip address 200.2.1.2 255.255.255.248
 crypto map mymap
 ip nat outside
!
interface GigabitEthernet 0/5
!
interface GigabitEthernet 0/6
!
interface GigabitEthernet 0/7
!
interface GigabitEthernet 0/8
!
interface GigabitEthernet 0/9
!
interface Loopback 0
 ip address 10.1.0.11 255.255.255.255
!
interface Tunnel 0
 ip address 10.1.4.2 255.255.255.252
 tunnel source GigabitEthernet 0/4
 tunnel destination 200.1.1.2
!
interface Tunnel 10
!
interface SSLVPN 0
!
interface SSLVPN 1
!
app route switch
app route mode new-flow
!
grpc
 sensor-group 1
  sensor-path /rg-sysmon:Sysmon/DeviceInfo/Slot
  sensor-path /rg-fsui:fsui/flash-information
  sensor-path /rg-eg-monitor:device-monitor/device-info
  sensor-path /rg-eg-storage:storage
  sensor-path /rg-eg-dev-audit:da
  sensor-path /rg-grpc:grpc/client-instance/device-ip
  exit-sensor-group
 sensor-group 2
  sensor-path /rg-eg-flow-audit:fa/fa-user-data
  sensor-path /rg-eg-sla:sla-state
  sensor-path /rg-interfaces:interfaces-state
  sensor-path /rg-interfaces:interfaces/interface
  sensor-path /rg-eg-appauth:appauth-users
  sensor-path /rg-webauth:webauth-users
  exit-sensor-group
 sensor-group 3
  sensor-path /rg-eg-flow-audit:fa/fa-ip-app
  exit-sensor-group
 sensor-group 4
  sensor-path /rg-vpn-ipsec:ipsec/crypto-states
  exit-sensor-group
 sensor-group 5
  sensor-path /rg-eg-vwan-rs:vwan-rs-report
  exit-sensor-group
 destination-group 1
  exit-destination-group
 subscription 1
  sensor-group 1 sample-interval 120000
  sensor-group 2 sample-interval 120000
  sensor-group 3 sample-interval 600000
  sensor-group 4 sample-interval 120000
  sensor-group 5 sample-interval 120000
  destination-group 1
  exit-grpc-subscription
!
ip nat pool nat_pool prefix-length 24
 address interface GigabitEthernet 0/4 match interface GigabitEthernet 0/4
!
ip nat inside source list 1 pool nat_pool overload
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet 0/4 200.2.1.1
ip route 192.1.0.0 255.255.0.0 Tunnel 0
ip route 194.1.0.0 255.255.0.0 Tunnel 0
!
line console 0
line vty 0 4
 login
!
end

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

无花无酒锄作田1

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值