总部核心交换机03
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
#
sysname cs-ty-h3c-hj-S5700-03
#
firewall enable slot 0
#
vlan batch 2 1000 3000
#
acl number 3001
rule 5 deny ip source 192.168.40.0 0.0.0.255 destination 192.168.10.88 0.0.0.7
rule 6 deny ip source 192.168.50.0 0.0.0.255 destination 192.168.10.88 0.0.0.7
rule 10 permit ip
#
acl number 3002
rule 5 permit ip source 192.168.10.32 0.0.0.15 destination 192.168.10.88 0.0.0.7
rule 6 permit ip source 192.168.10.88 0.0.0.7 destination 224.0.0.18 0
rule 20 deny ip
#
interface Vlanif2
description guanli vlan
ip address 192.168.10.11 255.255.255.248
#
interface Vlanif1000
description hulian vlan to cs-ty-h3c-hj-S5700-02 e0/1
ip address 172.16.1.10 255.255.255.252
ospf authentication-mode md5 1 cipher N`C55QK<`=/Q=^Q`MAF4<1!!
#
interface Vlanif3000
description hulian vlan to cs-ty-h3c-hl-AR2811-01 e0/3
ip address 172.16.1.6 255.255.255.252
ospf authentication-mode md5 1 cipher N`C55QK<`=/Q=^Q`MAF4<1!!
#
interface Ethernet0/0/0
description TO_cs-ty-h3c-jr-S2700-10_E0/0
portswitch
port link-type trunk
port trunk allow-pass vlan 2 1000
#
interface Ethernet0/0/0.60
vlan-type dot1q 60
ip address 192.168.20.125 255.255.255.192
vrrp vrid 60 virtual-ip 192.168.20.126
#
interface Ethernet0/0/0.70
vlan-type dot1q 70
ip address 192.168.20.189 255.255.255.192
vrrp vrid 70 virtual-ip 192.168.20.190
#
interface Ethernet0/0/0.700
vlan-type dot1q 700
ip address 192.168.10.81 255.255.255.248
vrrp vrid 77 virtual-ip 192.168.10.86
#
interface Ethernet0/0/0.800
vlan-type dot1q 800
ip address 192.168.10.89 255.255.255.248
firewall packet-filter 3002 outbound
vrrp vrid 88 virtual-ip 192.168.10.94
vrrp vrid 88 priority 120
#
interface Ethernet0/0/0.900
vlan-type dot1q 900
ip address 192.168.10.97 255.255.255.248
vrrp vrid 99 virtual-ip 192.168.10.102
#
interface Ethernet0/0/1
description TO_cs-ty-h3c-hj-s9600-02_E0/1
portswitch
port default vlan 1000
port trunk allow-pass vlan 2 1000
#
interface Ethernet0/0/2
description TO_cs-ty-h3c-jr-S2700-09_E0/2
portswitch
port link-type trunk
#
interface Ethernet0/0/2.10
vlan-type dot1q 10
ip address 192.168.10.29 255.255.255.240
vrrp vrid 10 virtual-ip 192.168.10.30
#
interface Ethernet0/0/2.20
vlan-type dot1q 20
ip address 192.168.20.29 255.255.255.224
vrrp vrid 20 virtual-ip 192.168.20.30
#
interface Ethernet0/0/2.30
vlan-type dot1q 30
ip address 192.168.10.45 255.255.255.240
vrrp vrid 30 virtual-ip 192.168.10.46
#
interface Ethernet0/0/2.40
vlan-type dot1q 40
ip address 192.168.10.61 255.255.255.240
vrrp vrid 40 virtual-ip 192.168.10.62
#
interface Ethernet0/0/3
description TO_cs-ty-h3c-hl-AR2811-01_E0/3
portswitch
port link-type access
port default vlan 3000
#
interface NULL0
#
aaa
local-user huawei password cipher N`C55QK<`=/Q=^Q`MAF4<1!!
local-user huawei service-type telnet
local-
user huawei level 3
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
#
ospf 1 router-id 192.168.10.3
area 0.0.0.0
network 172.16.1.8 0.0.0.3
network 172.16.1.4 0.0.0.3
network 192.168.20.64 0.0.0.63
network 192.168.20.128 0.0.0.63
network 192.168.10.80 0.0.0.7
network 192.168.10.88 0.0.0.7
network 192.168.10.96 0.0.0.7
network 192.168.10.8 0.0.0.7
network 192.168.10.48 0.0.0.15
#
ip route-static 100.0.0.0 255.255.255.252 172.16.1.5
ip route-static 100.0.0.8 255.255.255.252 172.16.1.5
#
user-interface con 0
user-interface vty 0 4
authentication-mode aaa
user-interface vty 16 20
#
return