神州数码AC快速配置手册v2.0
神州数码多核防火墙快速配置手册V1[1].0
多核防火墙快速配置手册防火墙配置一:SNAT配置 (2)防火墙配置二:DNAT配置 (5)防火墙配置三:透明模式配置 (11)防火墙配置四:混合模式配置 (14)防火墙配置五:DHCP配置 (17)防火墙配置六:DNS代理配置 (19)防火墙配置七:DDNS配置 (21)防火墙配置八:负载均衡配置 (24)防火墙配置九:源路由配置 (26)防火墙配置十:双机热备配置 (28)防火墙配置十一:QoS配置 (32)防火墙配置十二:Web认证配置 (36)防火墙配置十三:会话统计和会话控制配置 (44)防火墙配置十四:IP-MAC绑定配置 (46)防火墙配置十五:禁用IM配置 (48)防火墙配置十六:URL过滤配置 (50)防火墙配置十七:网页内容过滤配置 (54)防火墙配置十八:IPSEC VPN配置 (58)防火墙配置十九:SSL VPN配置 (65)防火墙配置二十:日志服务器配置 (74)防火墙配置二十一:记录上网URL配置 (76)防火墙配置二十二:配置管理及恢复出厂 (79)防火墙配置二十三:软件版本升级 (82)防火墙配置一:SNAT配置一、网络拓扑网络拓扑二、需求描述配置防火墙使内网192.168.1.0/24网段可以访问internet三、配置步骤第一步:配置接口首先通过防火墙默认eth0接口地址192.168.1.1登录到防火墙界面进行接口的配置通过Webui登录防火墙界面输入缺省用户名admin,密码admin后点击登录,配置外网接口地址内口网地址使用缺省192.168.1.1第二步:添加路由添加到外网的缺省路由,在目的路由中新建路由条目添加下一条地址这里的子网掩码既可以写成0也可以写成0.0.0.0,防火墙会自动识别第三步:添加SNAT策略在网络/NAT/SNAT中添加源NAT策略第四步:添加安全策略在安全/策略中,选择好源安全域和目的安全域后,新建策略关于SNAT ,我们只需要建立一条内网口安全域到外网口安全域放行的一条策略就可以保证内网能够访问到外网。
SMARC 2.0 载板用户指南说明书
SMARC 2.0 Carrier CTIM-00154 Revision 0.04 2021-06-18TABLE OF CONTENTSTable of Contents (2)Preface (3)Disclaimer (3)Customer Support Overview (3)Contact Information (3)Limited Product Warranty (4)Copyright Notice (4)Trademark Acknowledgment (4)ESD Warning (5)Revision History (5)Introduction (6)Product Features and Specifications (6)Part Numbers / Ordering Information (6)Product Overview (7)Block Diagram (7)Connector Summary & Locations (8)Figure 1 Top view (8)Figure 2 Bottom view (8)Jumper/Switch Summary & Locations (9)Detailed Feature Description (10)SMARC 2.0 Connector (10)Fan Connector (11)Video Output (11)MIPI CSI Video Input (12)MIPI CSI x4/x2 Connector (12)MIPI CSI x2 Connector (13)Network (14)USB (14)Mini-PCIe/mSATA Slots (15)Carrier Control DIP Switch (17)HDMI0 DDC Level Translation Select Jumper (17)I2C Connector (18)RS-232 Serial Connector (18)microSD Card Slot (19)GPIO Connector (19)Power Input (20)External RTC Input (20)System Control Connector (21)Typical Installation (22)Cables (22)PREFACEDisclaimerThe information contained within this user’s guide, including but not limited to any product specification, is subject to change without notice.Connect Tech assumes no liability for any damages incurred directly or indirectly from any technical or typographical errors or omissions contained herein or for discrepancies between the product and the user’s guide.Customer Support OverviewIf you experience difficulties after reading the manual and/or using the product, contact the Connect Tech reseller from which you purchased the product. In most cases the reseller can help you with product installation and difficulties.In the event that the reseller is unable to resolve your problem, our highly qualified support staff can assist you. Our support section is available 24 hours a day, 7 days a week on our website at:/support/resource-center/. See the contact information section below for more information on how to contact us directly. Our technical support is always free.Contact InformationLimited Product WarrantyConnect Tech Inc. provides a two-year Warranty for this product. Should this product, in Connect Tech Inc.'s opinion, fail to be in good working order during the warranty period, Connect Tech Inc. will, at its option, repair or replace this product at no charge, provided that the product has not been subjected to abuse, misuse, accident, disaster or non-Connect Tech Inc. authorized modification or repair.You may obtain warranty service by delivering this product to an authorized Connect Tech Inc. business partner or to Connect Tech Inc. along with proof of purchase. Product returned to Connect Tech Inc. must be pre-authorized by Connect Tech Inc. with an RMA (Return Material Authorization) number marked on the outside of the package and sent prepaid, insured and packaged for safe shipment. Connect Tech Inc. will return this product by prepaid ground shipment service.The Connect Tech Inc. Limited Warranty is only valid over the serviceable life of the product. This is defined as the period during which all components are available. Should the product prove to be irreparable, Connect Tech Inc. reserves the right to substitute an equivalent product if available or to retract the Warranty if no replacement is available.The above warranty is the only warranty authorized by Connect Tech Inc. Under no circumstances will Connect Tech Inc. be liable in any way for any damages, including any lost profits, lost savings or other incidental or consequential damages arising out of the use of, or inability to use, such product.Copyright NoticeThe information contained in this document is subject to change without notice. Connect Tech Inc. shall not be liable for errors contained herein or for incidental consequential damages in connection with the furnishing, performance, or use of this material. This document contains proprietary information that is protected by copyright. All rights are reserved. No part of this document may be photocopied, reproduced, or translated to another language without the prior written consent of Connect Tech, Inc. Copyright © 2021 by Connect Tech, Inc.Trademark AcknowledgmentConnect Tech, Inc. acknowledges all trademarks, registered trademarks and/or copyrights referred to in this document as the property of their respective owners. Not listing all possible trademarks or copyright acknowledgments does not constitute a lack of acknowledgment to the rightful owners of the trademarks and copyrights mentioned in this document.ESD WarningElectroStatic Discharge (ESD). When handling anycircuit board assemblies including Connect TechCOM Express carrier assemblies, it is recommendedthat ESD safety precautions be observed. ESD safebest practices include, but are not limited to:•Leaving circuit boards in their antistaticpackaging until they are ready to be installed.•Using a grounded wrist strap when handlingcircuit boards, at a minimum you should touch agrounded metal object to dissipate any staticcharge that may be present on you.•Only handling circuit boards in ESD safe areas,which may include ESD floor and table mats,wrist strap stations and ESD safe lab coats.•Avoiding handling circuit boards in carpetedareas.•Try to handle the board by the edges, avoidingcontact with components.REVISION HISTORYINTRODUCTIONConnect Tech’s SMARC 2.0 carrier is an extremely small SMARC carrier board ideal for low power IoT applications as users can take advantage of the integrated on-board wireless capabilities found on the SMARC 2.0 modules. The carrier has USB 3.0, USB 2.0, 2x MIPI CSI-2 camera interfaces, HDMI outputs, microSD, and expansion via two mini PCIe Full size slots.Connect Tech’s SMARC 2.0 carrier board supports the latest generation Apollo Lake x86 low-powered processors and exposes next-generation interconnect (USB 3.0, DDI, MIPI-CSI-2).SMARC 2.0 supports an extended temperature range of -40°C to +85°C and offers a very small footprint; ideal for mobile or stationary applications.Product Features and SpecificationsPart Numbers / Ordering InformationPRODUCT OVERVIEW Block DiagramConnector Summary & LocationsFigure 1 Top viewFigure 2 Bottom viewJumper/Switch Summary & LocationsDETAILED FEATURE DESCRIPTIONSMARC 2.0 ConnectorThe processor and chipset are implemented on the SMARC 2.0 Module, which connects to the SMARC 2.0 Carrier via an MXM 3.0 fine pitch connector.Fan ConnectorThe SMARC 2.0 Carrier implements a 4 pin header for the connection of a +5V fan. No PWM control is available from this header.Video OutputThe SMARC 2.0 Carrier implements two HDMI outputs. Both ports are from the SMARC 2.0 module. All connectors are industry standard HDMI Type A upright right angle.MIPI CSI Video InputThe SMARC 2.0 Carrier implements two MIPI CSI camera inputs through 28 pin Hirose ZIF connectors compatible with Basler BCON cables. The pinout of this connector is compatible with Basler MIPI BCON *********************************************************************************. MIPI CSI x4/x2 ConnectorMIPI CSI x2 ConnectorNetworkThe SMARC 2.0 Carrier implements two 10/100/1000 Ethernet interfaces.USBThe SMARC 2.0 Carrier implements a Dual USB3.0 connector and a Dual USB2.0 connector. All ports are direct from the SMARC 2.0 module. All connectors are industry standard USB3.0/USB2.0 Type A right angle.Mini-PCIe/mSATA SlotsThe SMARC 2.0 Carrier implements two expansion slots. One is Mini PCIe only and the other is a dual function Mini PCIe/mSATA socket.The dual purpose functional Mini-PCIe/mSATA socket located at P8 can accept either a Mini PCIe module or an mSATA module. The slot has circuitry that allows for the selection between connecting PCIe lanes or SATA lanes to the connector. This slot also contains a USB 2.0 link as per the Mini PCIe specification.Carrier Control DIP SwitchHDMI0 DDC Level Translation Select JumperSome SMARC module manufacturers do not use 1.8V signal levels for the HDMI DDC interface, for the best and most reliable performance it is required the correct voltage level is used.Note that prolonged use at the incorrect voltage level may cause damage. If you are unsure what logic *****************************************************************************. Customers using the Congatec conga-SA5 will need to set this jumper to 3.3V (position 1-2).I2C ConnectorThe SMARC 2.0 Carrier implements a 3 pin header that connects to the I2C interface from the SMARC 2.0 module.RS-232 Serial ConnectorThe SMARC 2.0 Carrier implements a 9 pin header that connects to the UART0 interface via an RS232 transceiver from the SMARC 2.0 module.microSD Card SlotThe SMARC 2.0 Carrier implements a microSD card connector.GPIO ConnectorThe SMARC 2.0 Carrier implements a 10 pin header that connects to a MaxLinear XRA1200 I2C GPIO expander at address 0x40.Power InputThe SMARC 2.0 Carrier accepts a single power input to power all onboard devices.A single +5V DC (± 5%) input is required for operation.External RTC InputThe SMARC 2.0 Carrier has an optional external RTC input header.System Control ConnectorThe SMARC 2.0 Carrier implements a 10 pin header that connects to several system control signals from the SMARC module.TYPICAL INSTALLATION1.Ensure all external system power supplies are off.2.Install the SMARC module into the MXM connector. Be sure to follow the manufacturer’s directionfor proper heatsink/heat spreader installation and any other cooling instructions from themanufacturer.3.Install the necessary cables for the application. For the relevant cables, see the Cables andAccessories section of this manual.4.Connect the power cable to the SMARC 2.0 Carrier then to the power supply.5.Switch on the power supply. DO NOT power up your SMARC system by plugging in live power. CABLES*******************************************************************************.。
神州数码路由交换配置命令(全)
路由sshaaa authentication login ssh localaaa authentication enable default enableenable password 0 123456username admin password 0 123456ip sshd enableip sshd auth-method sship sshd auth-retries 5ip sshd timeout 60TELNETR1_config#aaa authentication login default local R1_config#aaa authentication enable default enable R1_config#enable password 0 ruijieR1_config#line vty 0 4R1_config_line#login authentication defaultR1_config_line#password 0 cisco方法2,不需要经过3A认证R1_config#aaa authentication login default noneR1_config#aaa authentication enable default enable R1_config#enable password 0 ciscoR1_config#line vty 0 4R1_config_line#login authentication defaultCHAP认证单向认证,密码可以不一致R2_config#aaa authentication ppp test localR2_config#username R2 password 0 123456R2_config_s0/2#enc pppR2_config_s0/2#ppp authentication chap testR2_config_s0/2#ppp chap hostname R1R1_config#aaa authentication ppp test localR1_config#username R1 password 0 123456R1_config_s0/1#enc pppR1_config_s0/1#ppp authentication chap testR1_config_s0/1#ppp chap hostname R2pap认证双向认证,密码要求一致R2_config#aaa authentication ppp test localR2_config#username R2 password 0 123456R2_config_s0/2#enc pppR2_config_s0/2#ppp authentication pap testR2_config_s0/2#ppp pap sent-username R1 password 123456R1_config#aaa authentication ppp test localR1_config#username R1 password 0 123456R1_config_s0/1#enc pppR1_config_s0/1#ppp authentication pap testR1_config_s0/1#ppp pap sent-username R2 password 123456FRRouter-A_config_s1/1#encapsulation frame-relay !封装帧中继协议Router-A_config_s1/1#frame-relay local-dlci 17 !设置本地DLCI 号Router-A_config_s1/1# frame-relay intf-type dce !配置FR的DCERouter-A_config_s1/1# frame-relay map 192.168.1.2 pvc 17 broadcast !配置DLCI 与对端IP的映射VrrpInt g0/4vrrp 1 associate 192.168.20.254 255.255.255.0vrrp 1 priority 120 设置优先级,为主vrrp 1 preempt 开启抢占vrrp 1 track interface Serial0/1 30 追踪上行接口,防止上行接口DOWN了,自动降低优先级Int g0/6vrrp 1 associate 192.168.20.254 255.255.255.0vrrp 1 priority 100 设置优先级,为备,默认为100vrrp 1 preempt 开启抢占vrrp 1 track interface Serial0/2 30 追踪上行接口,防止上行接口DOWN了,自动降低优先级RIP 验证,只有V2支持验证interface Serial0/2 接口起验证和配密码ip rip authentication simpleip rip password 123456RIP改单播router ripnei 192.168.1.1RIP定时器router riptimers update 10 更新时间timers exipire 30 失效时间timers hosddown 50 抑制时间ospfrouter os 1net 192.168.1.0 255.255.255.0 ar 0 不能写32位掩码OSPF 虚链路ROUTER OS 2 进程起用AR 1 VI 2.2.2.2 对方ROUTER-IDOSPF 汇总ROUTER OS 2 进程起用ar 0 range 192.168.0.0 255.255.252.0OSPF 验证ROUTER OS 2 明文AR 0 AUTHEN SP 进程给需要验证的区域启用验证INT S0/1IP OS passw 123456 接口配置密码密文router os 2ar 0 authen meint s0/1ip os me 1 md5 123456bgprouter bgp 100no synchronization bgp全互联必须要关闭同步检查nei 192.168.12.1 remot 200 与AS外部路由建立邻居nei 2.2.2.2 remot 100 与AS内部路由建立邻居nei 2.2.2.2 up lo0 改更新接口为环回接口nei 2.2.2.2 next-hop-self 改下一跳为自己net 2.2.2.0 通告路由表里面有的路由ACL路由上面的ACL要写子网掩码,不能写反掩码!!!!!基于时间的ACLtime-range acl 定义一个时间范围periodic weekdays 09:00 to 12:00periodic weekdays 14:00 to 17:00IP access-list extended time 写一个基于时间的acl,调用时间段deny ip 192.168.10.0 255.255.255.0 any time-range aclpermit ip any anyint g0/4 应用到接口ip access-group time inint g0/6ip access-group time in静态NATip route 0.0.0.0 0.0.0.0 192.168.12.2ip nat inside source static 192.168.10.10 192.168.12.1int g0/6ip nat inints0/1ip nat outNAPTip access-list standard NAT 定义要转换的IP网段permit 192.168.10.0 255.255.255.0ip nat pool NAT 192.168.23.10 192.168.23.20 255.255.255.0 创建转换的IP地址池ip nat inside source list NAT pool NAT overload 关联要转换的IP网段和地址池ip route default 192.168.23.3 写一条缺省路由,下一跳为出口网关的下一跳router rip 如果跑路由协议,要把缺省重分发到动态路由redistribute staticinterface Serial0/1 运用到内网接口ip nat insideinterface Serial0/2 运用到外网接口ip nat outsideroute-mapip acce sta acl 定义要匹配的流量per 192.168.20.0 255.255.255.0route-map SHENMA 10 permitma ip add acl 调用ACLset ip next-hop 192.168.12.1 改下一跳int g0/3ip po route-map SHENMA 定义到原接口DHCP给路由接口分配IP,不能是S口!!!R1ip dhcpd enableip dhcpd pool 1network 192.168.12.0 255.255.255.0range 192.168.12.10 192.168.12.20R2interface GigaEthernet0/6ip address dhcp给PC分配IP,底层网络要起路由互通!!!!实验全网起了RIP协议R1ip dhcpd enableip dhcpd pool 2network 192.168.1.0 255.255.255.0range 192.168.1.10 192.168.1.20default-router 192.168.1.1R2ip dhcpd enable 要开启DHCP服务!interface GigaEthernet0/4ip address 192.168.1.1 255.255.255.0ip helper-address 192.168.12.2 设置DHCP服务器IPVPN (GRE)int t0ip add 172.168.10.1 255.255.255.0 给T0配IPt so s0/2 源,路由的出接口t de 192.168.23.3 目的,对端的出接口IP,注意,要可达t key 123456 T0口密码,两端要一致exitip route 192.168.20.0 255.255.255.0 t0 用T0口写一条要到达网段的静态路由int t0ip add 172.168.10.3 255.255.255.0t so s0/1t de 192.168.12.1t key 123456exitip route 192.168.10.0 255.255.255.0 t0VPN (IPSEC)R1crypto ipsec transform-set SHENMA 设置转换集transform-type esp-des esp-md5-hmac 转换集的加密方式ip access-list extended 100 匹配感兴趣流permit ip 192.168.10.0 255.255.255.0 192.168.20.0 255.255.255.0crypto map HAN 10 ipsec-isakmpset peer 192.168.23.3 设置对等体set transform-set SHENMA 关联转换集match address 100 关联感兴趣流interface Serial0/2 进接口调用crypto map HANR3crypto ipsec transform-set SHENMA 设置转换集transform-type esp-des esp-md5-hmac 转换集的加密方式,两端要一致ip access-list extended 100 匹配感兴趣流permit ip 192.168.20.0 255.255.255.0 192.168.10.0 255.255.255.0crypto map HAN 10 ipsec-isakmpset peer 192.168.12.1 设置对等体set transform-set SHENMA 关联转换集match address 100 关联感兴趣流interface Serial0/1 进接口调用crypto map HANVPN (IKE)crypto isakmp key SHENMA 192.168.23.3 255.255.255.0 设置公共用密钥crypto isakmp policy 10 设置IKE策略hash md5au preenc desgroup 1lifetime 86400crypto ipsec transform-set SHENMA 设置转换集transform-type esp-Des esp-Md5-hmacip access-list extended 100 匹配感兴趣流permit ip 192.168.10.0 255.255.255.0 192.168.30.0 255.255.255.0crypto map SHENMA 10 ipsec-isakmp 设置IPSEC加密映射set peer 192.168.23.3set transform-set SHENMAmatch address 100int s0/2 调用到接口crypto map SHENMAQOSint g0/4ip add 192.168.10.1 255.255.255.0no shutip add 192.168.20.1 255.255.255.0no shutint s0/1ip add 192.168.12.1 255.255.255.0phy spe 64000no shutip route 0.0.0.0 0.0.0.0 192.168.12.2ip access-list ex 1 定义ACL抓取流量permit ip 192.168.10.0 255.255.255.0 2.2.2.0 255.255.255.0ip access-list ex 2permit ip 192.168.20.0 255.255.255.0 2.2.2.0 255.255.255.0priority 1 protocol ip high list 1 写一个IP协议的优先列表,调用ACL 1里面的地址,级别为HIGHpriority 1 protocol ip low list 2 写一个IP协议的优先列表,调用ACL 2里面的地址,级别为LOWint s0/1 进接口调用priority 1交换banner motd 系统登录标题telnettelnet-server enable 开启TELNETtelnet-server max-connection 16 最大连接数sshusername ssh password 0 123456ssh-server enable 开启SSHssh-server timeout 60 连接超时时间ssh-server max-connection 16 最大连接数ssh-server authentication-retries 5 重连次数ssh-server host-key create rsa 创建新的主机密钥1,首先要给所有的VLAN配上IPINT VLAN 10IP ADD 192.168.10.1 255.255.255.0NO SHUT2,创建一个VRRP组ROUTER VRRP 10VIRTUAL-IP 192.168.10.254 给虚拟IPINT VLAN 10 关联VLANPRIORITY 120 给优先级(默认100)ENABLE 激活STPSW1spanning-tree 开启STPspanning-tree mode mstp 改为MSTP模式spanning-tree mst configurtaion 配置域name shenma域名revision-level 3 修正级别instance 1 vlan10;20 在实例里面关联VLANinstance2 vlan30;40exitspanning-tree mst 1priority 4096 给实例配置优先级,越小的级别越高spanning-tree mst 2 priority 8192SW2spanning-tree 开启STPspanning-tree mode mstp 改为MSTP模式spanning-tree mst configurtaion 配置域name shenma域名revision-level 3 修正级别instance 1 vlan10;20 在实例里面关联VLANinstance2 vlan30;40exitspanning-tree mst 1priority 8192 给实例配置优先级,越小的级别越高spanning-tree mst 2 priority 4096SW21spanning-tree 开启STPspanning-tree mode mstp 改为MSTP模式spanning-tree mst configurtaion 配置域name shenma域名revision-level 3 修正级别instance 1 vlan10;20 在实例里面关联VLANinstance2 vlan30;40AM端口安全am enableint e1/0/1am portam mac-ip-pool 0000.1111.2222 192.168.10.1端口镜像monitor session 1 source int e1/0/1 bothmonitor session 1 destination int e1/0/15RIPRouter ripNet 192.168.1.0/24Router os 1Net 192.168.1.0 0.0.0.255 ar 0AclFirewall enableIp access-list ex 100Per ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255单臂路由R1int g0/5no shutinterface GigaEthernet0/5.1encapsulation dot1Q 100ip address 192.168.10.1 255.255.255.0interface GigaEthernet0/5.2encapsulation dot1Q 200ip address 192.168.20.1 255.255.255.0interface GigaEthernet0/5.3encapsulation dot1Q 300ip address 192.168.30.1 255.255.255.0SW1vlan 100\sw int e1/0/1-2vlan 200sw int e1/0/3-4vlan 300sw int e1/0/5-6int e1/0/20sw mo trsw tr all vlan all端口聚合PORT-GROUP 1 创建一个组INT E1/0/17-18 聚合端口要设置为TRUNKSW MO TRSW TR ALL VLAN ALLPORT-GROUP 1 MO ON 设置聚合端口的模式为自动匹配EXITINT PORT-CHANNAL 1 进入聚合端口配置模式,也要设置为TRUNK SW MO TRSW TR ALL VLAN ALLEXITdhcpSERV DHCP 开启DHCP服务IP DHCP POOL VLAN10 创建地址池NETW 192.168.10.0 255.255.255.0def 192.168.10.1le 2dns 8.8.8.8ip dhcp ex 192.168.10.1 192.168.10.10 排除地址范围dhcp 中继serv dhcpip for udp bootint vlan 10ip he 192.168.12.2dhcp snoopingserv dhcp 开启DHCP服务ip dhcp snooping enable 开启DHCP SNOOPING 功能ip dhcp snooping binding enable 开启SNOOPING 绑定功能int e1/0/20ip dhcp snooping trust 设置接口为信任接口,一般是与服务器相连的接口int e1/0/1ip dhcp snooping binding user-control 设置端口自动绑定获取DHCP的地址设置端口手动绑定MAC,VLAN,IP,端口信息(全局模式)ip dhcp snooping binding user 00-11-22-33-44-55 address 192.168.22.22 vlan 1 int e1/0/5ipv66 to 4greipv6 unicast-routing 允许单播路由interface Tunnel0ipv6 enable 开启IPV6ipv6 address 2001:23::1/64tunnel source 192.168.12.1 本端接口地址tunnel destination 192.168.12.2 对端接口地址tunnel mode gre ip 隧道模式改为GREtunnel key 123456 隧道密码,两端一致ipv6 route 3::/64 Tunnel0 写一条下一跳为TUNNEL 0的IPV6静态,不能写默认静态natInternet(config)#ip route 0.0.0.0 0.0.0.0 fa0/1 ipv4网络要可达NA T-PT(config)#ip route 0.0.0.0 0.0.0.0 fa0/1NA T-PT(config)#ipv6 nat prefix 2001:db8:feed::/96 设置一个全局NAT前缀,掩码必须96位NA T-PT(config)#ipv6 nat v4v6 source 10.10.10.2 2001:db8:feed::2 写4 TO 6 地址转换,需要到达的地址都要写, 不需要与本地同一网段NA T-PT(config)#ipv6 nat v4v6 source 192.168.1.10 2001:db8:feed::3NA T-PT(config)#ipv6 nat v6v4 source 2001:db8:cafe:ffff::2 10.10.20.5 写6 to 4 地址转换,需要到达的地址都要写,不需要与本地同一网段int g0/4 调用到接口,进出都要调用ipv6 natint g0/4ipv6 natpatipv4 网络要可达NA T-PT(config)#ipv6 nat prefix 2001:db8:feed::/96 设置一个全局NAT 前缀,掩码必须96位NA T-PT(config)#ipv6 nat v4v6 source 10.10.10.2 2001:db8:feed::2 写4 TO 6 地址转换,需要到达的地址都要写NA T-PT(config)#ipv6 nat v4v6 source 192.168.1.10 2001:db8:feed::3 不需要与本地同一网段NA T-PT(config)#ipv6 access-list cafe 把IPV6要转换的网段匹配出来NA T-PT(config-ipv6-acl)#permit ipv6 2001:db8:cafe::/48 anyNA T-PT(config-ipv6-acl)#exitNA T-PT(config)#ipv6 nat v6v4 pool ipv4 10.10.20.5 10.10.20.6 prefix-length 24 写一个6 TO 4 的NAT地址池,不需要已知网段NA T-PT(config)#ipv6 nat v6v4 source list cafe pool ipv4 overload 把要转换的网段与地址池关联int g0/4ipv6 natint g0/4ipv6 natripingipv6 router rip 100 全局创建RIP实例,名字为100exitinterface GigaEthernet0/4ipv6 enable 开启IPV6ipv6 address 2001::1/64ipv6 rip 100 enable 启动为100的实例需要宣告的接口要设置ospfv3ipv6 router ospf 1 全局创建ospf,进程为1 int g0/6ipv6 enableipv6 address 2001::1/64ipv6 ospf 1 area 0 宣告本接口为area 0 需要宣告的接口要设置。
神州数码无线产品配置指导5
建议项目实施时采用静态指定无线IP地址的方式,防止动态选取时IP地址变化导致 无线网络中断
• AP工作在瘦模式时需要注册到AC上,成功注册后才能接受AC的统一管理。 • 有两种注册方式:AC发现AP、AP发现AC • AC发现AP有两种模式:二层发现模式、三层发现模式 • AP发现AC有两种方式:AP上静态指定AC列表、AP通过DHCP方式获取AC列表
❖ 注意:
❖ 1、AP必须使用动态获取地址的方式。 ❖ 2、Option43并不影响AP自身正常获取地址。如果Option60与
服务器匹配失败,AP本身是可以获取IP地址的,只是服务器 回应的报文不包含Option43。 ❖ 3、DCN的交换机支持下发Option43,客户自己的服务器需要 确认是否支持该功能。
(利用option 43选项) • 项目实施时建议采用AC二层发现AP方式(AC、ቤተ መጻሕፍቲ ባይዱP二层连通)或者利用DHCP
Option 43方式让AP发现AC(AC、AP三层连通)。
❖ 不论使用何种注册方式,AP要成功注册到AC上的前提是: AC的无线IP地址和AP的IP地址三层可达。
❖ 即:AP的IP地址和AC的无线地址能够ping通。
• 查看AC选取的无线IP地址 AC#show wireless WS IP Address.................................. 192.168.1.254 WS Auto IP Assign Mode ........................ Disable WS Switch Static IP ........................... 192.168.1.254
02-神州数码无线产品配置指导
2016/5/5
AC对AP下发配置的逻辑
2016/5/5
配置架构说明
• 每个AP关联一个profile,默认关联到profile 1上。 • network 1-1024为全局公共配置。对于AP而言,每个VAP都唯一对 应一个network,AC上面默认有16个network(1-16),与vap的0-15 对应。 • radio 1对应AP上2.4Ghz工作频段,radio 2对应AP上5Ghz工作频段。
神州数码无线产品配置指导
(售前、售后工程师技术培训)
培训目标
通过本次培训,使工程师掌握DCN自研无线产品的基本配
置方法和注意事项,能够进行一般项目的实施、调试与维
护。
2
Part 1 AP基本配置命令
AP登陆用户名和密码均为admin。
默认IP地址为192.168.1.10
默认情况下DHCP开启。 静态地址设置: set management static-ip 192.168.10.1 开/关DHCP:
SSID
vap 0
network 1
加密
VLAN SSID 加密 VLAN SSID
vap 15
network 16
AP-N
hwtype
vap 0
radio 2
network 1
加密
VLAN SSID 加密 VLAN
AP-X profile 16 AP-Y
vap 15
network 16
AC对AP下发配置的逻辑
9
AP注册方式 -- 报文分类
报文类型 协议类型 UDP 管理报文 TCP 集中式隧道报文 UDP 57777 Keepalive、AP配置下发等(加密) 集中转发时所有用户数据报文 协议端口号 57776 举例 自动发现报文、AP注册报文等
神州交换机、路由器、AC和AP基本配置
神州交换机、路由器、AC和AP基本配置交换机部分两层和三层交换机清除所有配置的命令#Set default 清除配置#Write 保存#Reload 重启交换机打开⽹站管理 http两层 (config)#ip http server(config)#Web-user xxx password 0-7 xxx三层 (config)#ip http server 打开http服务(config)#username xxx privilege 0-7 xxx 新建⽤户(config)#authentication line web login local 验证交换机打开telnet ssh两层 (config)#telnet-server enable 打开telnet服务(config)#telnet-user xxx password 0-7 xxx 设置帐号密码(config)#ssh-ser-server enable 打开ssh服务(config)#Ssh-user xxx password 0-7 xxx 设置帐号和密码三层 (config)#telnet-server enable(config)#username xxx privilege 0-7 xxx(config)#authentication line vty login local开启enable密码两层 (config)#enable password xxx 直接开启enable密码端⼝汇聚两层 (config)#port-group 1-32 创建汇聚端⼝的名字(Config-If-Port-Range)#port-group 1-32 mode acctive/on/passiv在端⼝⾥⾯选择主被动(config-if-port-channel1)#interface port-channel 1 进⼊组合端⼝1(config-if-port-channel1)#switchport mode trunk 设置为trunk负载分担两层(config)#port-group 1-32 load-balance dst-ip/mac/src-ip/ 选择⽅式三层(config)#load-balance dst-src-ip 分开配置端⼝限速两层(Config-If-Ethernet1/22)#bandwith control (xxx)K端⼝镜像两层config)#monitor session 1-4 destination/source interface ethernet x/x选择被镜像的端⼝和接受的端⼝Vlan之间的访问控制私有vlan之间的区别Primary vlan 能被⼈访问也能访问别⼈,前提是必须绑定需要访问或者被访问的vlanIsolate vlan 互相之间不能访问,能访问别⼈,也能被访问Community vlan 能访问,能互相访问但是不能被访问(config)#vlan x(config-vlanx)#private-vlan primary/isolate/connunity 绑定私有vlan(config-vlanx)#private-vlan association (VLAN) 只有primary需要团体也就是associationMstp的设置另外⼀个交换机在设置mstp时优先级相反,汇集层交换机需要⽣成树,但是不需要绑定优先级(config)#spanning-tree 打开⽣成树(config)#spanning-tree mst configurtaion 进⼊mstp⽣成树配置(config-mstp-region)#name xxxx 命名(config-mstp-region)#instance 0 vlan xx;xx 绑定vlan(config-mstp-region)#instance 1 vlan xx;xx(config-mstp-region)#exit(config)#spanning-tree mst 0 priority 4096 设置这个vlan在交换机的主根(config)#spanning-tree mst 1 priority 8192 设置这组vlan在交换机的备份根Vrrp协议的设置这就是两条路,⼀条断了⾛另外⼀条,所以⼀条要设置成⼀个vlan的优先路,当优先的断了,还有⼀条可以⾛,下⾯是优先的设置,优先级改动priority(config)#vlan 10 创建vlan(config-vlan10)#switchport interface ethernet 1/1 加⼊端⼝(config-if-vlan10)#ip address 192.168.10.2 255.255.255.0 设置ip(config-if-vlan10)#exit(config)#vlan 20(config-vlan20)#interface vlan 20Config(-if-vlan20)#ip address 192.168.20.2 255.255.255.0(config)#router vrrp 10 进⼊虚拟标识(config-router)#virtual-ip 192.168.10.254 设置虚拟ip(config-router)#interface vlan 10 进⼊vlan10(config-router)#priority 120 设置优先级(config-router)#enable 开启(config)#router vrrp 20(config-router)#virtual-ip 192.168.20.254(config-router)#interface vlan 20(config-router)#priority 120(config-router)#enableDhcp服务器switch(config)#vlan 10switch(config-Vlan10)#ip address 10.1.1.1 255.255.255.0 vlan的地址switch(config-Vlan10)#exitswitch(config)#vlan 20switch(config-Vlan20)#ip address 192.168.20.1 255.255.255.0 vlan的地址switch(config-Vlan20)#exitswitch(config)#service dhcp 开启dhcpswitch(config)#ip dhcp pool xxx 建⽴⼀个地址池switch(dhcp-xxx-config)#network 10.1.1.1 24 定义地址池内的地址switch(dhcp-xxx-config)#default-router 10.1.1.1 对应⽹关switch(dhcp-xxx-config)#exitswitch(config)#ip dhcp pool lllswitch(dhcp-lll-config)#network 192.168.20.1 24switch(dhcp-lll-config)#default-router 192.168.20.1switch(dhcp-lll-config)#exit(config)#ip dhcp excluded-address 10.1.1.1 10.1.1.10 保留ipDhcp中继服务器(config)#service dhcp 开启dhcp(config)#ip forward-protocol udp bootps 开启中继服务(config)#vlan 10 设置vlan10(config-if-vlan10)#ip address 10.1.1.2 255.255.255.0 设置vlan10 ip 和 dhcp服务器⽹段相同(config)#interface vlan 20 进⼊vlan20(config-if-vlan20)#ip address 10.1.2.1 255.255.255.0 定义ip 但是必须和dhcp定义的ip在同⼀⽹段(config-if-vlan20)#ip helper-address 10.1.1.1Dhcp侦听,防⽌⼲扰(config)#ip dhcp snooping enable 开启snooping(config)#interface ethernet 1/24(Config-Ethernet1/24)#ip dhcp snooping trust 添加与dhcp服务器相连的端⼝为信任端⼝绑定snmp服务(config)#snmp-server community ro public 只读字符串为pubilc(config)#snmp-server community rw private 读写字符串为private(config)#snmp-server securityip enable 开启安全ip模式(config)#snmp-server securityip xx.xx.xx.xx 设置安全ippim-dm⽅式开启组播(config)#ip pim multicast-routing 开启pim转发(config)#ip pim rp-candidate vlan xx 定义组播服务器所在的vlan(config)#ip pim bsr-candidate vlan xx 候选⾃举路由器(config)#interface vlan xx 进⼊vlan中(config-if-vlanxx)#ip pim sparse-mode 开启组播(config-if-vlanyy)#ip pim sparse-mode(config-if-vlanzz)#ip pim sparse-mode登录标题(config)#banner motd biaoti 直接就可以定义标题超时时间(config)#exec-timeout 10 直接定义10分钟Arp的防范(config)#interface ethernet 0/1/1(config-if-ethernet0/1/1)#arp-guard ip 192.168.10.1 绑定⽹关(config)#anti-arpscan enable 防ip扫描开启(config)#anti-arpscan recovery time 3600 设置⾃动恢复之间,防⽌pc发送⼤量报⽂(config-if-ethernet1/0/24)#anti-arpscan trust supertrust-port 设置超级信任端⼝Mac地址控制,防⽌⼀个主机访问另外⼀个主机(config)#firewall enable 开启防⽕墙(config)#mac-access-list extended xx 设置mac地址访问表(config-mac-ext-nacl-mac)#deny host-source-mac 00-FF-51-FD-AE-15 host-destination-mac E0-94-67-05-5D-84 拒绝主机到另外⼀个主机(config-mac-ext-nacl-mac)#permit any-source-mac any-destination-mac 允许所有(config)#int ethernet 0/0/4(config-if-ethernet0/0/4)#mac access-group xx in 绑定访问表xx(config)#int ethernet 0/0/10config-if-ethernet0/0/10)#switchport port-security 端⼝安全开启(config-if-ethernet0/0/10)#switchport port-security mac-address 44-37-E6-7B-69-AC 绑定安全macAcl控制列表控制端⼝(config)#firewall enable 打开防⽕墙(config)#ip access-list extended xx 创建访问控制列表xx(config-ip-ext-nacl-xx)#deny tcp 0.0.0.0 255.255.255.255 s-p range 6881 6890 host-destination 10.1.1.1 禁⽌所有⽹段的端⼝6881-6890 通过10.1.1.1(config-ip-ext-nacl-dk)#exit(config)#interface ethernet 1/0/4(config-if-ethernet1/0/4)#ip access-group xx in 绑定xx到端⼝上⽣成树SW B的配置(config)#spanning-tree 开启⽣成树(config)#spanning-tree mode stp ⽣成树(config)#spanning-tree priority 4096 优先级SW B的配置#配置STP(config)#spanning-tree(config)#spanning-tree mode stp(config)#spanning-tree priority 8192SW C的配置#配置STP(config)#spanning-tree(config)#spanning-tree mode stp设置端⼝为portfast(config-if-ethernet1/0/1)#spanning-tree portfast路由器部分端⼝描述#description xxx 端⼝描述配置回环接⼝S1_config# interface Loopback0S1_config_l0# ip address 101.0.0.1 255.255.255.255S1_config_l0# exit被动端⼝config_f0/0#ip ospf passive单臂路由交换机⽅⾯将vlan划分好,将连接路由器的端⼝设置为trunk,然后pc⽹关为路由器的虚拟⽹关。
神州数码路由器的基本配置
神州数码路由器的基本配置神州数码路由器的基本配置⒈硬件准备在进行神州数码路由器的基本配置之前,请确保您已经完成以下硬件准备:●神州数码路由器设备●电源适配器●网络电缆(Ethernet cable)●电脑或其他设备⒉连接路由器将神州数码路由器与电脑或其他设备连接起来,按照以下步骤进行操作:⑴将电源适配器插入神州数码路由器的电源口。
⑵使用网络电缆将一端插入神州数码路由器的LAN口(标有LAN或Ethernet的端口)。
⑶使用另一端将网络电缆插入电脑或其他设备的网卡接口。
⒊访问路由器管理界面通过以下步骤,访问神州数码路由器的管理界面:⑴打开您的浏览器(如Chrome、Firefox等)。
⑵在浏览器的地址栏中,输入默认的神州数码路由器IP地址(例如19⑴6⒏⑴)。
⑶按下Enter键,访问路由器管理界面。
⒋登录路由器登录神州数码路由器的管理界面,您需要进行以下操作:⑴在登录页面中输入默认的用户名和密码。
您可以在路由器的说明书或官方网站上找到这些信息。
⑵登录按钮,确认您的用户名和密码是否正确。
⑶如果登录成功,您将进入路由器的管理界面。
⒌基本设置在路由器的管理界面中,您可以进行路由器的基本配置。
以下是一些常见的基本设置:⑴更改路由器的名称(SSID):在Wireless设置中,您可以修改路由器的名称,使其更容易识别。
⑵设置无线密码:在Security设置中,您可以设置一个强密码以保护您的无线网络。
⑶ DHCP设置:在DHCP设置中,您可以启用或禁用DHCP服务,并设置IP地址范围。
⑷ WAN设置:在WAN设置中,您可以配置路由器连接到互联网的方式,例如ADSL、动态IP或静态IP等。
⒍保存配置完成基本设置后,确保保存或应用按钮来保存所做的更改。
附件:无法律名词及注释:●IP地址:网络中设备的唯一标识符,用来进行网络通信。
●LAN:Local Area Network,局域网的简称,是指一定范围内的局部网络。
AC简明手册
目录一、无线基础配置 (1)1.1. 网络接口信息配置 (1)1.2. 开启无线功能 (1)1.3. AP上线自动发现方式 (1)1.3.1 二层发现 (1)1.3.2 三层发现 (1)1.4. 配置SSID (2)1.5. 设置用户vlan (2)1.5.1. 常用无线用户vlan配置 (2)1.5.2. 墙面AP面板LAN口vlan配置 (2)1.6. 配置native vlan (2)1.7. AP上线认证方式 (2)1.8. 配置硬件类型 (3)1.9. 配置加密方式 (3)1.9.1. 不加密 (3)1.9.2. WPA加密方式 (3)1.9.3. WEP加密方式 (4)1.10. Portal认证 (4)1.10.1. AC内置Portal功能 (4)1.10.2. 外置Portal (5)1.11. AP加入profile (5)1.12. AP位置描述 (5)1.13. 下发配置 (5)二、转发方式 (6)2.1. 集中转发 (6)2.2. 分布式转发 (6)三、射频参数 (6)3.1. 设置国家代码 (6)3.2. 设置射频工作模式 (6)3.3. 设置AP信道 (6)3.3.1. 自动调整 (6)3.3.2. 固定信道 (6)3.4. 设置AP功率 (7)3.4.1. 自动调整 (7)3.4.2. 固定功率 (7)3.5. 自动信道调整 (7)3.5.1. 手动触发方式 (7)3.5.2. 周期性触发方式 (7)3.5.3. 固定时间触发方式 (7)3.6. 自动功率调整 (7)3.6.1. 手动触发方式 (7)3.6.2. 周期性触发方式 (8)四、黑白名单与用户隔离 (8)4.1. 黑白名单 (8)4.1.1. 只允许已添加MAC的终端连接AP (8)4.1.2. 阻止已添加MAC的终端连接AP (8)4.2. 用户隔离 (8)五、QOS限速 (9)六、限时策略 (9)七、AP软件升级 (9)7.1. AP上升级 (9)7.2. AC上自动升级AP (9)7.3. AC上手动升级AP (9)7.4. AP上uboot文件升级 (10)八、恢复出厂 (10)8.1. AC恢复出厂 (10)8.2. AP恢复出厂 (10)九、AP配置 (10)9.1. AP配置 (10)9.1.1. 设置AP的IP地址 (10)9.1.2. 设置AP的子网掩码 (10)9.1.3. 设置AP的是否优先使用DHCP获取的地址 (11)9.1.4. 设置AP的网关地址 (11)9.1.5. 设置AP自动发现AC (11)9.1.6. 设置AP的国家代码为中国或美国 (11)9.1.7. 设置AP的管理vlan (11)9.1.8. 设置AP的主机名 (11)9.1.9. 保存配置 (11)9.2. 查看状态 (12)9.2.1. 查看AP与AC相关的配置 (12)9.2.2. 查看AP上的管理接口配置 (12)9.2.3. 查看AP上的射频接口配置参数 (12)9.2.4. 查看AP上关联的客户端 (12)9.2.5. 查看系统版本硬件类型等 (12)9.2.6. 查看硬件类型 (12)一、无线基础配置1.1.网络接口信息配置DCWS-6028(config)#vlan 10DCWS-6028(config)#interface vlan 10DCWS-6028(config-if-vlan10)#ip address 192.168.10.253 255.255.255.0DCWS-6028(config)#ip route 0.0.0.0/0 192.168.10.2541.2.开启无线功能DCWS-6028(config)#wirelessDCWS-6028(config-wireless)#enableDCWS-6028(config-wireless)#no auto-ip-assignDCWS-6028(config-wireless)#static-ip 192.168.1.2541.3.AP上线自动发现方式1.3.1二层发现DCWS-6028(config-wireless)# discovery vlan-list 1//AP所在vlan1.3.2三层发现1.3.2.1.AC上配置AP地址来发现APDCWS-6028(config-wireless)#discovery ip-list 192.168.2.10 //AP的IP1.3.2.2.DHCP Server上配置Option参数为AP下发AC地址DCWS-6028(config)#ip dhcp pool ap //进入DHCP Pool模式DCWS-6028(dhcp-ap-config)#option 43 hex 0104C0A8010A //配置option 43携带AC地址DCWS-6028(dhcp-ap-config)#option 60 ascii udhcp 1.18.2 //配置option 60对应版本属性号注:1) hex 01040A0A0A0A 为固定格式:0104固定字符,C0A8010A代表AC的IP地址(16进制),例子IP地址是:192.168.1.102) ascii udhcp 1.18.2 为固定格式:udhcp固定字符,1.18.2代表对应AP硬件版本的属性号,例子AP版本为:1000WAP3) 1.18.2 为R4和R5所有AP对应的版本属性;墙面AP为1.12.1;R3的AP为1.6.1。
神州数码DCVP-1000S_V2_用户手册-200810
2.1.2 用户............................................................................................................... 2-1
2.1.3 人工话务员................................................................................................... 2-2
4.6
活跃呼叫............................................................................................................... 4-8
2.1.8 直接拨入(DID)........................................................................................ 2-2
2.1.9 路由............................................................................................................... 2-2
4.2
系统信息............................................................................................................... 4-2
4.2.1 系统信息....................................................................................................... 4-2
深信服AC 2.0版本界面改动说明
AC 2.0
版本界面改动说明级别描述: 深信服,公开
提交人工号提交日期审阅人工号审阅日期一、改动列表
模块/组件和上个版本的不同修改目
的
网关运行状态页面1.新增磁盘空间告警和流量异常告警提示信息。
2.如果启用了多机同步功能,如果配置发生改变,网关会有提示。
1.新增功
能
网关模式配置1.在网桥配置模式下新增加对多网桥模式的支持。
1.新增功
能
1.合入双机1.3版本,可通过UI对双机进行管理。
1.把原先在网页过滤里设置的白名单对象放置到对象设置组里进行设置。
1.网页过滤中心增加插件过滤和脚本过滤两项功能。
3.应用审计功能增加对飞信,Gtalk软件的监控审计。
2.认证通过后页面跳转设置新增两项。
3.其他认证选项设置新增支持POST方式提交用户名密码。
1.新增加实时行为监控功能。
1.增加排除IP地址列表,和改变了直通IP地址的输入方式。
1.新增磁盘空间告警和流量超限告警。
神州数码说明书
delete 文件名 删除文件
dir 文件名 显示文件和目录名
download c0 文件名 监控状态下使用本命令可以从console口下载文件
more 文件名 显示文件内容
upload c0 文件名 通过串口通信协议zmodem从系统的闪存上载到主机上
date 可以设定系统绝对时间
md 目录名 建立一个目录
pwd 显示当前目录
reboot 重启路由器
boot system flash 文件名 可以指定系统启动时执行的系统镜像文件
history - 5 在特权执行模式下 从尾到头显示最近5条历史命令
service dhcp
配置acl时,需要打开防火墙,要允许默认的防火墙
firewall enable
firewall default permit
要求实现192.168.1.20可以访问192.168.1.10的http服务,但不能访问192.168.1.10的ftp服务。在192.168.1.10架设http服务和ftp服务,交换机配置指令如下:
pap default !设置 PPP 认证方式为pap认证
CHAPRouter(config)#username me password 0 123456 !建立本地用户和口令
Router_config_s0/2#ppp chap hostname me !设置chap交换主机名Router_config#aaa authentication ppp default local !使用本地用户信息进行认证
证,这就定义了Console 用console 口的密码验证,Telnet 用户使用line Vty 下定义的
神州数码DCME快速配置指导手册-20081208
神州数码DCME多核引擎快速配置指导手册(DCME 300)V1.0撰写人吕凯审核人张向东校对人产品名称DCME路由器(DCME 300)产品版本DCME 300 3.0R2DCME路由器典型应用及快速配置文档描述限制范围无撰写时间2008.12.4目录产品简介 (3)DCME 300 (3)产品属性 (3)产品定位 (4)典型应用方式 (4)典型应用一:网吧互联网接入 (4)典型应用二:分支IPSec VPN互联 (5)快速配置向导 (6)1 计算机本地配置 (6)2 PC与路由器连接、连通性测试 (8)3 WEB页面配置 (10)典型应用配置向导 (14)单线路ADSL动态IP接入向导 (14)示意拓扑 (14)配置向导 (14)双线路电信、网通双运营商接入 (16)示意拓扑 (16)配置向导 (17)产品简介DCME 300产品属性DCME-300多核引擎产品型号DCME-300参考并发带机数300台设备吞吐率300Mbps每秒新建连接数8000最大并发连接数100,000IPSec连接数3003DES+SHA-1 VPN吞吐率100Mbps处理器多核64位DRAM内存256MBFlash闪存256MB 广域网WAN连接端口(10/100/1000M) 2×GEDMZ端口/镜像端口( 1000M),包含于LAN中1/1局域网LAN连接端口(10/100/1000M) 3外形尺寸(W×D×H) 1U(442×240×44)电源100-240V, 50/60Hz额定功率20W工作环境温度0-45℃环境相对湿度10-95%(不结露)重量3kg产品定位⏹大中型网吧/连锁型酒店、超市等/中小学/区县医院/政府等作为高性能安全互联网接入设备;⏹高性能VPN网关;⏹行业纵向网区县级多业务综合网关,如独创的ARP病毒彻底解决方案,出众的流量管理和监控、高性能防火墙等高性价比一揽子接入解决方案;典型应用方式典型应用一:网吧互联网接入图1 DCME助力打造高效、稳定、高体验网吧一站式解决方案神州数码网络多核引擎DCME-300标配5个千兆口,其中3个LAN接口,可将网吧网络规划出聊天上网区、游戏区、视频区和VIP区. 不同区域设置不同的带宽分配和安全防护策略.DMZ口设计,网络服务器将得到防火墙一样的高安全性保护,镜像端口专为网吧设计,便于上级主管部门如公安的流量监控和内容审计,此外,该端口可设置任意IP 地址,方便带外管理和监控.多核引擎针对网吧开发的游戏优化和加速功能,如联众世界、魔兽世界、天下II、穿越火线、特种部队、超级舞者、大话西游、巨人、魔域、天龙八部、街头篮球、跑跑卡丁车等,支持游戏特征码的升级更新,此功能能够保证对延时、抖动敏感的游戏业务获得极佳的用户体验。
AC简单使用说明手册
目录1. 管理计算机设置 (2)2. 设备状态管理。
(3)2.1. 应用流量排名: (3)2.2. 用户流量排名: (3)2.3. 资源信息: (4)3. 用户与策略管理 (5)3.1. 上网策略 (5)3.2. 用户管理 (6)3.2.1. 组/用户 (6)3.2.2. 用户导入 (7)4. 流量管理 (8)5. 数据中心管理 (8)5.1. 日志查询 (9)5.1.1. 上网行为查询 (9)5.1.2. 上网流量 (11)5.1.3. 上网时长 (12)5.2. 系统管理 (12)5.2.1. 日志库查询 (12)5.2.2. 磁盘空间使用情况 (13)6. 系统配置 (14)6.1. 管理员账号 (14)6.2. 配置备份与恢复 (15)1.管理计算机设置1、“本地连接”设置。
本地连接地址需采用手工配置,在已经分配好地址的TCP/IP属性界面,点击“高级”按钮。
添加一个IP地址,与设备管理地址在同一网段即可。
如能ping同设备管理地址即说明可以登录设备。
2.设备状态管理。
打开浏览器输入:https://10.252.252.252,打开登录界面,输入用户名和密码,进入系统内。
在本界面可以查看流量排名、W AN速率以及内置数据中心记录汇总情况等信息。
2.1. 应用流量排名:点击其中一个应用类型,可以实时显示有多少个用户使用应用产生流量。
2.2. 用户流量排名:点击其中一个用户,可以实时显示该用户有哪些类型应用产生流量2.3. 资源信息:可以查看在线用户情况和当天日志情况,点击对应的链接可以查看详细信息。
上网行为监控可以实时查看在线用户的各种上网行为。
在线用户管理可以对在线用户进行上网控制,通过冻结和解冻操作,限制该用户是否允许上网。
3.用户与策略管理此项一般不用修改3.1. 上网策略目前仅对用户的行为进行监控审计,但不做任何限制,下图所示的上网审计策略生效。
点击蓝色的链接可以查看详细的审计项。
神州数码-配置
Hostname: HaiNanZFXYS9303:sysname HaiNanZFXY(1)全局配置密码:admingyS9303:super password admingy123(2)用户:zfxygf admingyzfxy adminS9303:aaaLocal-user zfxy password cipher admingyLocal-user zfxy level 3(3)远程登录认证:Radius + Local (Radius server ip 查看?)Authentication Security ip :125.217.112.230192.168.7.248125.217.113.254125.217.112.235125.217.112.227192.168.99.248S9303:radius-server template renzhengradius-serverradius-server shared-keyradius-server retransmit 2aaaauthentication-scheme defaultauthentication-mode radius localauthorization-scheme defaultaccounting-scheme defaultdomain defaultuser-interface vty 0 4authentication-mode aaauser privilege level 3acl 3001rule 0 permit ip source 125.217.112.230 0 destination anyrule 1 permit ip source 192.168.7.248 0 destination anyrule 2 permit ip source 125.217.113.254 0 destination anyrule 3 permit ip source 125.217.112.235 0 destination anyrule 4 permit ip source 125.217.112.227 0 destination anyrule 5 permit ip source 192.168.99.248 0 destination anyrule 6 deny ip source any destination anyuser-interface vty 0 4acl 3001 inboundacl 3001 outbound(4)dhcp server:转发udp bootp 协议Help ip 125.217.112.235S9303:Dhcp enabledhcp server group dhcprelaydhcp-server 125.217.112.235(5)Firewall:启用(6)VLAN:Vlan 1Vlan 10Vlan 13Vlan 16Vlan 17Vlan 18Vlan 19Vlan 20Vlan 22Vlan 25Vlan 26Vlan 27Vlan 28Vlan 48Vlan 49Vlan 70Vlan 200Vlan 222Vlan 254Vlan 2000Vlan 6Description zonghelouVlan 8Description1jiaoxuelouVlan 11Description2jiao6louVlan 12Description peixunlouVlan 21Vlan 23Description8jifang Vlan 24Description9jifang Vlan 30Description internet Vlan 33Description servers Vlan 34Description DMZVlan 38Description15#(1-2)new Vlan 40Description jiaoyuwang Vlan 41Description girlhouse-4 Vlan 42Description girlhouse11 Vlan 43Description boyhouse5 Vlan 44Description boyhouse15 Vlan 45Description15_1-3 Vlan 46Description15_5Vlan 47Description15_6Vlan 50Description shitang Vlan 51Description safeVlan 52Description11#(1-3) Vlan 53Description15#(1-2) Vlan 54Description tushuguan Vlan 55Description16#-1Vlan 56Description16#-2Vlan 57Vlan 58Description16#-4Vlan 59:Description16#-5Vlan 60Description16#-6Vlan 71Description shixunlou-1louVlan 72Description shixunlou-2louVlan 73Description shixunlou-3louVlan 74Description shixunlou-4louVlan 75Description shixunlou-5louVlan 76Description shixunlou-6louVlan 77Description shixunlou-4lou-dianjin Vlan 78Description shixunlou-4lou-zhongxin Vlan 79Description shixunlou-401Vlan 80Description shixunlou-403Vlan 81Description shixunlou-405Vlan 82Description shixunlou-406Vlan 83Description shixunlou-407Vlan 100Description guanlivlanVlan 300Description to16#beiVlan 301Description to15#nanVlan 302Description to11#Vlan 303Description to5#Vlan 304Vlan 500Description jinlongkaVlan 1000Description CRPcuncuVlan 3000Description hnzfwifi(7)ACL:Deny ip any-source 192.168.(21-28,31-38).0 0.0.0.255S9303:rule 5001 deny ip source 10.1.7.0 0.0.0.255 destination 10.1.2.0 0.0.0.255进入端口模式Acl 5001 inboundAcl 5001 outound(8)Port interface:9个千兆口1/1 UP/UP a-100M a-FULL 33 FE netlogguanli 1/2 UP/UP a-100M a-FULL 40 FE jiaoyuwang 1/3 A-DOWN/DOWN auto auto 1 FE1/4 UP/UP a-100M a-FULL 34 FE1/5 UP/UP a-100M a-FULL 34 FE bgwOAserver 1/6 UP/UP a-100M a-FULL 33 FE1/7 DOWN/DOWN auto auto 40 FE1/8 UP/UP a-100M a-FULL 34 FE1/9 UP/UP a-100M a-FULL 34 FE1/10 UP/UP a-100M a-FULL 33 FE1/11 UP/UP a-100M a-FULL 33 FE1/12 UP/UP a-100M a-FULL 33 FE DHCP-SERVER 1/13 UP/UP a-100M a-FULL 33 FE1/14 UP/UP a-100M a-FULL 500 FE1/15 DOWN/DOWN auto auto 500 FE1/16 UP/UP a-100M a-FULL 33 FE1/17 UP/UP a-100M a-FULL 34 FE1/18 UP/UP a-100M a-FULL 33 FE1/19 UP/UP a-100M a-FULL trunk FE1/20 UP/UP a-100M a-FULL 34 FE1/21 UP/UP a-100M a-FULL 33 FE1/22 DOWN/DOWN auto auto 33 FE1/23 UP/UP a-100M a-FULL 33 FE1/24 DOWN/DOWN auto auto 54 FE1/25 UP/UP a-1G a-FULL 30 G-Combo:Copper dianxin 1/26 UP/UP a-100M a-FULL trunk G-Combo:Copper1/27 UP/UP a-1G a-FULL 33 G-Combo:Copper1/28 DOWN/DOWN auto auto trunk G-Combo2/1 UP/UP a-1G a-FULL 1000 G-TX CRPchunchu 2/2 UP/UP a-1G a-FULL 1000 G-TX CRP-chunchu 2/3 UP/UP a-1G a-FULL 1000 G-TX CRP-chunchu 2/4 UP/UP a-1G a-FULL 1000 G-TX CRP-chunchu 2/5 UP/UP a-1G a-FULL 1000 G-TX CRP-chunchu 2/6 UP/UP a-1G a-FULL 1000 G-TX CRP-chunchu 2/7 UP/UP a-100M a-FULL trunk G-TX2/8 DOWN/DOWN auto auto 34 G-TX huangbingwen 2/9 DOWN/DOWN auto auto 34 G-TX guoyi2/10 DOWN/DOWN auto auto 34 G-TX liuyun 2/11 DOWN/DOWN auto auto 2000 G-TX2/12 UP/UP a-1G a-FULL trunk G-TX guoyitrunk 2/13 DOWN/DOWN auto auto 33 G-Combo2/14 DOWN/DOWN auto auto 51 G-Combo2/15 DOWN/DOWN auto auto 1 G-Combo2/16 DOWN/DOWN auto auto 1 G-Combo2/17 DOWN/DOWN auto auto 1 G-Combo2/18 DOWN/DOWN auto auto 1 G-Combo2/19 DOWN/DOWN auto auto 1 G-Combo2/20 UP/UP a-100M a-FULL 3000 G-Combo:Copper2/21 DOWN/DOWN auto auto 1 G-Combo2/22 DOWN/DOWN auto auto 1 G-Combo2/23 DOWN/DOWN auto auto 1 G-Combo2/24 DOWN/DOWN auto auto 1 G-Combo2/25 DOWN/DOWN auto auto 1 XFP3/1 UP/UP a-1G a-FULL trunk SFP zonghelou 3/2 UP/UP a-1G a-FULL trunk SFP peixunlou 3/3 UP/UP a-1G a-FULL trunk SFP 15#3/4 UP/UP a-1G a-FULL trunk SFP 11#3/5 UP/UP a-1G a-FULL trunk SFP 5#3/6 UP/UP a-1G a-FULL trunk SFP 4#3/7 UP/UP a-1G a-FULL trunk SFP xijing3/8 DOWN/DOWN auto auto 54 SFP tushuguan 3/9 UP/UP a-1G a-FULL trunk SFP 35523/10 UP/UP a-1G a-FULL trunk SFP 16#3/11 UP/UP a-1G a-FULL trunk SFP jiashu9#3/12 UP/UP a-1G a-FULL trunk SFP sushe-10# E1/1:guanli access vlan 33E1/2:jiaoyuwang access vlan 40E1/4:access vlan 34E1/5:access vlan 34E1/6:access vlan 33E1/7:access vlan 40E1/8:access vlan 34E1/9:access vlan 34E1/10:access vlan 33E1/11:access vlan 33E1/12:access vlan 33E1/13:access vlan 33E1/14:access vlan 500E1/15:access vlan 500E1/16:access vlan 33E1/17:access vlan 34E1/18:access vlan 33E1/19:trunk allow vlan 51,71-83,254,500E1/20:access vlan 34E1/21:access vlan 33E1/22:access vlan 33E1/23:access vlan 33E1/24:access vlan 54E1/25:dianxin access vlan 30E1/26:trunkE1/27:access vlan 33E1/28:trunk allow vlan 1,28E2/1:CRPcuncu access vlan 1000E2/2:CRPcuncu access vlan 1000E2/3:CRPcuncu access vlan 1000E2/4:CRPcuncu access vlan 1000E2/5:CRPcuncu access vlan 1000E2/6:CRPcuncu access vlan 1000E2/7:trunkE2/8:huangbingwen access vlan 34E2/9:guoyi access vlan 34E2/10:liuyan access vlan 34E2/11:access vlan 2000E2/12:guoyitrunk trunk vlan 8;10-11;13;30;33-34;40;51 E2/13:access vlan 33E2/14:access vlan 51E2/15:E2/16:E2/17:E2/18:E2/19:E2/20:access vlan 3000E2/21:E2/22:E2/23:E2/24:E2/25:E3/1:description zonghelou trunk allowed vlan 1;6;40;48-49;51E3/2:description peixunlou trunk allowed vlan 1;12;16;30;33;40;50;500 E3/3:description 15# trunk allowed vlan 1;301;500E3/4:description 11# trunk allowed vlan 1;302;500E3/5:description 5# trunk allowed vlan 1;43;303;500E3/6:description 4# trunk allowed vlan 1;8;41;304;500E3/7:description xijingswitchport mode trunkswitchport trunk allowed vlan 1;10-11;13;21-22;24;30;33-34;40switchport trunk allowed vlan add 51E3/8:description tushuguan switchport access vlan 54E3/9:description 3552switchport mode trunkswitchport trunk allowed vlan 1;8;10-11;13;16-20;23;25-28;30switchport trunk allowed vlan add 33-34;40;50-51;76;500E3/10:description 16# trunk allowed vlan 1;30;33-34;55-60;300;500E3/11:description jiashu9# trunk allowed vlan 26-27;500E3/12:description sushe-10# trunk allowed vlan 1;28S9303:interface GigabitEthernet 2/0/0undo port hybrid vlan 1023description guanliport link-type accessport default vlan 33undo shutdowninterface GigabitEthernet 2/0/1undo port hybrid vlan 1023description jiaoyuwangport link-type accessport default vlan 40undo shutdowninterface GigabitEthernet 2/0/3undo port hybrid vlan 1023port link-type accessport default vlan 34undo shutdowninterface GigabitEthernet 2/0/4undo port hybrid vlan 1023port link-type accessport default vlan 34undo shutdowninterface GigabitEthernet 2/0/5 undo port hybrid vlan 1023 port link-type accessport default vlan 33undo shutdowninterface GigabitEthernet 2/0/7 undo port hybrid vlan 1023 port link-type accessport default vlan 34undo shutdowninterface GigabitEthernet 2/0/8 undo port hybrid vlan 1023 port link-type accessport default vlan 34undo shutdowninterface GigabitEthernet 2/0/9 undo port hybrid vlan 1023 port link-type accessport default vlan 33undo shutdowninterface GigabitEthernet 2/0/10 undo port hybrid vlan 1023 port link-type accessport default vlan 33undo shutdowninterface GigabitEthernet 2/0/11 undo port hybrid vlan 1023 port link-type accessport default vlan 33undo shutdowninterface GigabitEthernet 2/0/12 undo port hybrid vlan 1023 port link-type accessport default vlan 33undo shutdowninterface GigabitEthernet 2/0/13undo port hybrid vlan 1023port link-type accessport default vlan 500undo shutdowninterface GigabitEthernet 2/0/15undo port hybrid vlan 1023port link-type accessport default vlan 33undo shutdowninterface GigabitEthernet 2/0/16undo port hybrid vlan 1023port link-type accessport default vlan 34undo shutdowninterface GigabitEthernet 2/0/17undo port hybrid vlan 1023port link-type accessport default vlan 33undo shutdowninterface GigabitEthernet 2/0/18undo port hybrid vlan 1023port link-type trunkport trunk allow-pass vlan 51 71 to 83 254 500 undo shutdowninterface GigabitEthernet 2/0/19undo port hybrid vlan 1023port link-type accessport default vlan 34undo shutdowninterface GigabitEthernet 2/0/20undo port hybrid vlan 1023port link-type accessport default vlan 33undo shutdowninterface GigabitEthernet 2/0/22undo port hybrid vlan 1023 port link-type accessport default vlan 33undo shutdowninterface GigabitEthernet 2/0/24 undo port hybrid vlan 1023 description dianxinport link-type accessport default vlan 30undo shutdowninterface GigabitEthernet 2/0/25 undo port hybrid vlan 1023 port link-type trunkundo shutdowninterface GigabitEthernet 2/0/26 undo port hybrid vlan 1023 port link-type accessport default vlan 33undo shutdowninterface GigabitEthernet 2/0/28 undo port hybrid vlan 1023 description CRPcuncuport link-type accessport default vlan 1000undo shutdowninterface GigabitEthernet 2/0/29 undo port hybrid vlan 1023 description CRPcuncuport link-type accessport default vlan 1000undo shutdowninterface GigabitEthernet 2/0/30 undo port hybrid vlan 1023 description CRPcuncuport link-type accessport default vlan 1000undo shutdowninterface GigabitEthernet 2/0/31undo port hybrid vlan 1023description CRPcuncuport link-type accessport default vlan 1000undo shutdowninterface GigabitEthernet 2/0/32undo port hybrid vlan 1023description CRPcuncuport link-type accessport default vlan 1000undo shutdowninterface GigabitEthernet 2/0/33undo port hybrid vlan 1023description CRPcuncuport link-type accessport default vlan 1000undo shutdowninterface GigabitEthernet 2/0/34undo port hybrid vlan 1023port link-type trunkundo shutdowninterface GigabitEthernet 2/0/39undo port hybrid vlan 1023description guoyitrunkport link-type trunkport trunk allow-pass vlan 8 10 to 11 13 30 33 to 34 40 to 51 undo shutdowninterface GigabitEthernet 2/0/47undo port hybrid vlan 1023port link-type accesseport default vlan 3000undo shutdowninterface GigabitEthernet 5/1/0undo port hybrid vlan 1023combo-port fiberdescription zonghelouport link-type trunkport trunk allow-pass vlan 1 6 40 48 to 49 51 undo shutdowninterface GigabitEthernet 5/1/1undo port hybrid vlan 1023combo-port fiberdescription peixunlouport link-type trunkport trunk allow-pass vlan 1 12 16 30 33 40 50 500 undo shutdowninterface GigabitEthernet 5/1/2undo port hybrid vlan 1023combo-port fiberdescription 15#port link-type trunkport trunk allow-pass vlan 1 301 500undo shutdowninterface GigabitEthernet 5/1/3undo port hybrid vlan 1023combo-port fiberdescription 11#port link-type trunkport trunk allow-pass vlan 1 302 500undo shutdowninterface GigabitEthernet 5/1/4undo port hybrid vlan 1023combo-port fiberdescription 5#port link-type trunkport trunk allow-pass vlan 1 43 303 500undo shutdowninterface GigabitEthernet 5/1/5undo port hybrid vlan 1023combo-port fiberdescription 4#port link-type trunkport trunk allow-pass vlan 1 8 41 304 500undo shutdowninterface GigabitEthernet 5/1/6undo port hybrid vlan 1023combo-port fiberdescription xijingport link-type trunkport trunk allow-pass vlan 1 10 11 13 21 22 24 30 33 34 40 51undo shutdowninterface GigabitEthernet 5/1/8undo port hybrid vlan 1023combo-port fiberdescription 3552port link-type trunkport trunk allow-pass vlan 1 8 10 11 13 16 to 20 23 25 to 28 30 33 34 40 50 51 76 500undo shutdowninterface GigabitEthernet 5/1/9undo port hybrid vlan 1023combo-port fiberdescription 16#port link-type trunkport trunk allow-pass vlan 1 30 33 34 55 to 60 300 500undo shutdowninterface GigabitEthernet 5/1/10undo port hybrid vlan 1023combo-port fiberdescription jiashu9#port link-type trunkport trunk allow-pass vlan 26 27 500undo shutdowninterface GigabitEthernet 5/1/11undo port hybrid vlan 1023combo-port fiberdescription sushe-10#port link-type trunkport trunk allow-pass vlan 1 28undo shutdown(9)vlan interface:interface Vlan 1ip address 192.168.200.1 255.255.255.0interface Vlan 6ip address 125.217.113.1 255.255.255.128interface Vlan 8ip address 192.168.30.1 255.255.255.0 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 10ip address 192.168.6.1 255.255.255.0dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 11ip address 125.217.112.1 255.255.255.128 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 12ip address 192.168.9.1 255.255.255.0dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 13ip address 125.217.112.129 255.255.255.192 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 16ip address 192.168.10.1 255.255.255.0 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 17ip address 192.168.11.1 255.255.255.0 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 18ip address 192.168.12.1 255.255.255.0 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 19ip address 192.168.13.1 255.255.255.0 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 20ip address 192.168.14.1 255.255.255.0 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 21ip address 192.168.15.1 255.255.255.0 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 22ip address 192.168.16.1 255.255.255.0 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 23ip address 192.168.17.1 255.255.255.0 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 24ip address 192.168.18.1 255.255.255.0 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 25ip address 125.217.113.129 255.255.255.224interface Vlan 26ip address 125.217.113.161 255.255.255.224interface Vlan 27ip address 125.217.113.193 255.255.255.224interface Vlan 28ip address 125.217.113.225 255.255.255.224interface Vlan 30ip address 192.168.100.1 255.255.255.0 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 33ip address 125.217.112.225 255.255.255.224interface Vlan 34ip address 192.168.99.1 255.255.255.0 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 38dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 40ip address 210.37.29.50 255.255.255.240interface Vlan 41dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 42dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 43dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 44dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 45dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 46dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 47dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 48ip address 192.168.27.1 255.255.255.0 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 49ip address 192.168.28.1 255.255.255.0 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 50ip address 192.168.8.1 255.255.255.0dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 51ip address 192.168.7.1 255.255.255.0dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 52dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 53dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 54ip address 125.217.115.254 255.255.255.224interface Vlan 55dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 56dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 57dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 58dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 59dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 60dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 70ip address 192.168.19.1 255.255.255.192 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 71ip address 192.168.71.1 255.255.255.0interface Vlan 72ip address 192.168.72.1 255.255.255.0interface Vlan 73ip address 192.168.73.1 255.255.255.0 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 74ip address 192.168.74.1 255.255.255.0interface Vlan 75ip address 192.168.75.1 255.255.255.0 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 76ip address 192.168.76.1 255.255.255.0interface Vlan 77ip address 192.168.77.1 255.255.255.0interface Vlan 78ip address 192.168.78.1 255.255.255.0interface Vlan 79ip address 192.168.79.1 255.255.255.0interface Vlan 80ip address 192.168.80.1 255.255.255.0interface Vlan 81ip address 192.168.81.1 255.255.255.0interface Vlan 82ip address 192.168.82.1 255.255.255.0interface Vlan 83ip address 192.168.83.1 255.255.255.0 interface Vlan 100interface Vlan 222ip address 172.16.222.1 255.255.255.0 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 254ip address 192.168.254.1 255.255.255.0interface Vlan 300ip address 192.168.201.254 255.255.255.252interface Vlan 301ip address 192.168.201.250 255.255.255.252interface Vlan 302ip address 192.168.201.246 255.255.255.252interface Vlan 303ip address 192.168.201.242 255.255.255.252interface Vlan 304ip address 192.168.201.238 255.255.255.252interface Vlan 500ip address 192.168.50.1 255.255.255.0interface Vlan 2000ip address 192.168.202.1 255.255.255.0interface Vlan 3000description HNZF-WIFIip address 172.17.0.1 255.255.240.0dhcp select relaydhcp relay server-select dhcprelay(10)no mac-address-learning cpu-control:S9303:mac-address learning disable(11)IP route-static:ip route-static 0.0.0.0/0 192.168.100.3ip route-static 58.154.0.0 15 210.37.29.49ip route-static 58.192.0.0 12 210.37.29.49ip route-static 59.50.76.0 24 192.168.100.3ip route-static 116.13.0.0 16 210.37.29.49ip route-static 116.56.0.0 15 210.37.29.49ip route-static 118.202.0.0 15 210.37.29.49ip route-static 118.228.0.0 15 210.37.29.49ip route-static 118.230.0.0 16 210.37.29.49ip route-static 121.48.0.0 15 210.37.29.49ip route-static 121.52.160.0 19 210.37.29.49ip route-static 121.192.0.0 14 210.37.29.49ip route-static 121.248.0.0 14 210.37.29.49ip route-static 122.204.0.0 14 210.37.29.49ip route-static 125.216.0.0 13 210.37.29.49ip route-static 125.217.115.0 24 125.217.115.253 ip route-static 162.105.0.0 16 210.37.29.49ip route-static 166.111.0.0 16 210.37.29.49ip route-static 192.168.20.0 24 192.168.201.237ip route-static 192.168.21.0 24 192.168.201.245ip route-static 192.168.22.0 24 192.168.201.241ip route-static 192.168.23.0 24 192.168.201.249ip route-static 192.168.24.0 24 192.168.201.249ip route-static 192.168.25.0 24 192.168.201.249ip route-static 192.168.26.0 24 192.168.201.249ip route-static 192.168.29.0 24 192.168.201.249ip route-static 192.168.31.0 24 192.168.201.245ip route-static 192.168.32.0 24 192.168.201.253ip route-static 192.168.33.0 24 192.168.201.253ip route-static 192.168.34.0 24 192.168.201.253ip route-static 192.168.35.0 24 192.168.201.253ip route-static 192.168.36.0 24 192.168.201.253ip route-static 192.168.37.0 24 192.168.201.253ip route-static 192.168.38.0 24 192.168.201.249ip route-static 202.4.128.0 19 210.37.29.49ip route-static 202.38.64.0 19 210.37.29.49ip route-static 202.38.96.0 19 210.37.29.49ip route-static 202.38.140.0 23 210.37.29.49ip route-static 202.38.184.0 21 210.37.29.49ip route-static 202.38.192.0 18 210.37.29.49ip route-static 202.112.0.0 13 210.37.29.49ip route-static 202.120.0.0 15 210.37.29.49ip route-static 202.127.216.0 21 210.37.29.49ip route-static 202.127.224.0 19 210.37.29.49ip route-static 202.179.240.0 20 210.37.29.49ip route-static 202.192.0.0 12 210.37.29.49ip route-static 203.91.120.0 21 210.37.29.49ip route-static 210.24.0.0 13 210.37.29.49ip route-static 210.24.0.0 16 192.168.100.3ip route-static 210.25.0.0 18 192.168.100.3ip route-static 210.32.0.0 12 210.37.29.49ip route-static 211.64.0.0 13 210.37.29.49ip route-static 211.80.0.0 13 210.37.29.49ip route-static 218.192.0.0 13 210.37.29.49ip route-static 219.216.0.0 13 210.37.29.49ip route-static 219.224.0.0 13 210.37.29.49ip route-static 219.240.0.0 13 210.37.29.49ip route-static 222.16.0.0 12 210.37.29.49ip route-static 222.192.0.0 12 210.37.29.49(12)ntp enableS9303:ntp-service unicast-server x.x.x.xundo ntp-service disable(13)no login(14) monitor session 1 source interface Ethernet1/25 txmonitor session 1 destination interface Ethernet1/26 S9303:observe-port 1 interface GigabitEthernet 2/0/25Interface GigabitEthernet 5/1/22port-mirroring to observe-port 1 bothdis mac-add ge x/x/xdis inter bdis arp | incl x.x.x.x。
神州数码ACL原理和配置
ACL原理和配置 ACL原理和配置
适用于DCS DCS-适用于DCS-3926S,5526S,5512GC
配置任务列表: 配置任务列表:
创建一个命名标准IP 访问列表(最后隐含默认是允许): 创建一个命名标准IP 访问列表(最后隐含默认是允许): 配置包过滤功能: 配置包过滤功能: (1)全局打开包过滤功能 配置默认动作( (2)配置默认动作(default action) accessl绑定到特定端口的特定方向; 将accessl-list 绑定到特定端口的特定方向;
ACL原理和配置 ACL原理和配置
适用于DCRS 7200、 DCRS-适用于DCRS-7200、7600 配置访问控制列表通常有下列步骤: 配置访问控制列表通常有下列步骤:
设置global 配置: 配置: 1. 设置 默认状态下,不和任何策略匹配的数据流在交换机上允许。 Global 命令包括: qos default bridged disposition qos default routed disposition qos default multicast disposition 改变global 默认配置,使用相应的命令,并在disposition 后面加上accept, drop 或deny。
ACL原理和配置 ACL原理和配置
适用于DCRS 7200、 DCRS-适用于DCRS-7200、7600 4. 创建联合策略条件和策略行为的策略规则(续): 创建联合策略条件和策略行为的策略规则(
反身规则(Reflexive Rules)--单向访问(只支持UDP和TCP端口) 反身策略允许反向的数据流通过交换机返回,而通常这些数据流是被拒绝的。 例如:配置了2 条策略规则,规则Rule2 丢弃掉所有目的地址是192.68.82.0 子网 的流量,而规则Rule2 则配置成反身规则,所以反向的数据流不会被丢弃。 -> policy condition Source1 source ip 192.68.82.0 mask 255.255.255.0 -> policy condition Dest1 destination ip 192.68.82.0 mask 255.255.255.0 -> policy action Permit disposition accept -> policy action Prevent disposition deny -> policy rule Rule1 condition Source1 action Permit reflexive -> policy rule Rule2 condition Dest1 action Prevent
神州数码路由器及交换机配置命令
神州数码路由器及交换机配置命令简介神州数码是一个中国的网络设备制造商。
它提供了多种路由器和交换机产品,包括SOHO、企业和运营商级别的产品。
在这篇文档中,我们将介绍对神州数码路由器及交换机进行配置的基本命令。
这些命令可用于启用和禁用端口、配置具有VLAN的端口以及管理路由和静态路由等。
命令列表所有设备通用命令以下是在所有神州数码路由器和交换机上都可以执行的通用命令。
1. 基本配置enable // 进入特权模式configure terminal // 进入全局配置模式hostname <name> // 配置设备名称banner motd #<message># // 设置登录提示信息interface <interface> // 进入具体端口的配置界面no shutdown // 开启端口shutdown // 关闭端口exit // 退出当前模式show running-config // 显示当前配置write memory // 将当前配置保存到FLASH文件系统中,以便重启后仍然存在2. VLAN 配置vlan <id> // 进入 VLAN 配置模式name <name> // 配置 VLAN 名称exit // 退出 VLAN 配置模式interface <interface> // 进入具体端口的配置界面switchport access vlan <id> // 配置端口所在VLAN号,使端口成为 ACCESS 端口switchport mode trunk // 配置端口为 TRUNK 端口,可同时传输多个 VLA N3. 静态路由ip route <destination_network> <destination_subnet_mask> <next_hop_a ddress> // 添加静态路由show ip route // 显示当前路由表某些设备具有的高级命令以下命令在某些神州数码路由器和交换机上可用。
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
网络创造价值
神州数码网络(北京)有限公司
版权所有 © 神州数码网络(北京)有限公司,保留一切权利。
非经本公司书面许可,任何单位和个人不得擅自摘抄、复制本文档的部分或全部内容,不得以任 何形式传播。
商标声明
和其他神州数码商标均为神州数码网络(北京)有限公司的商标。 本文档提及的其他所有商标或注册商标,由各自的所有人拥有。
网络创造价值
神州数码网络(北京)有限公司
AC 快速配置手册
神州数码网络(北京)有限公司 Digital China Networks(BeiJing)LTD All Rights Reserved.
文档版本 发布日期
02 2014-2-10
文档版本 02 (2014-2-10)
版权所有 © 神州数码网络(北京)有限公司
目
录
概述 ...................................................................................................................................................... 3 产品版本 .............................................................................................................................................. 3 读者对象 .............................................................................................................................................. 3 修改记录 .............................................................................................................................................. 3 1 无线地址选取、无线功能开关 ................................................................................................. 9 1.1 1.2 1.3 2 3 动态无线 IP 地址选取: ........................................................................................................ 9 静态无线 IP 地址选取: ........................................................................................................ 9 AC 上无线功能开关: ............................................................................................................ 9
现场维护工程师 调测工程师 系统维护工程师
修改记录
文档版本 01 (2013-6-25)
第一次正式发布。
文档版本 02 (2014-2-10)
增加 FY3 Q2~Q3 编写的内容。
文档版本 02 (2014-2-10)
版权所有 © 神州数码网络(北京)有限公司
网络创造价值
神州数码网络(北京)有限公司 Nhomakorabea神州数码网络(北京)有限公司
地址: 中国北京海淀区上地 9 街 9 号数码科技广场 邮编:100085 网址: 客户服务邮箱: 客户服务电话: / dcn_support@ 400-810-9119
文档版本 02 (2014-2-10)
二层、三层自动发现 .............................................................................................................. 10 AP 注册管理、认证方法 ......................................................................................................... 10 3.1 3.2 AP 注册:二层模式 .............................................................................................................. 11 AP 注册:三层模式 .............................................................................................................. 12
版权所有 © 神州数码网络(北京)有限公司
网络创造价值
神州数码网络有限公司
前 言
概述
本文档介绍无线控制器 DCWS-6028 的基本设置。
产品版本
与本文档相对应的产品版本如下所示。 产品名称 DCWS-6028 产品版本 7.0.3.0(R0011.0025)
读者对象
本文档(本指南)主要适用于以下工程师:
注意
您购买的产品、服务或特性等应受神州数码网络(北京)有限公司商业合同和条款的约束,本文 档中描述的全部或部分产品、 服务或特性可能不在您的购买或使用范围之内。 除非合同另有约定, 神州数码网络(北京)有限公司对本文档内容不做任何明示或默示的声明或保证。 由于产品版本升级或其他原因,本文档内容会不定期进行更新。除非另有约定,本文档仅作为使 用指导,本文档中的所有陈述、信息和建议不构成任何明示或暗示的担保。
8
安全接入认证方式 ................................................................................................................. 8-1 8.1 8.2 8.3 8.4 8.5 需求描述 ..............................................................................................................................8-1 拓扑图 ..................................................................................................................................8-1 配置步骤 ..............................................................................................................................8-1 配置验证 ..............................................................................................................................8-2 注意事项 ..............................................................................................................................8-2
4
AP 配置管理(绑定配置文件、配置下发、硬件类型设置) ................................................ 13 4.1 4.2 4.3 4.4 配置原则: ........................................................................................................................... 13 配置原则说明: ................................................................................................................... 14 下发 PROFILE 配置: ............................................................................................................... 14 硬件类型设置: ................................................................................................................... 14
5 6 7
AC 统一升级 AP:使用外置 TFTP 服务器升级 ....................................................................... 14 AC 统一升级 AP:集成升级方式 ............................................................................................ 14 SSID 配置 ................................................................................................................................. 15 7.1 7.2 7.3 7.4 7.5 需求描述 ............................................................................................................................... 15 拓扑图 ................................................................................................................................... 16 配置步骤 ............................................................................................................................... 16 配置验证 ............................................................................................................................... 17 注意事项 ............................................................................................................................... 18