网科上网行为管理操作文档

山石网科上网行为管理操作文档一:登录

上网行为管理登录地址:https://192.168.5.2/

用户名:guest

密码:guest@123

图 1 登录页面

二:用户组织结构管理

依次选择“用户管理”—“用户组织结构”,可进入用户组织结构页面,通过使用“新建”功能来新增加用户或组。

图 2 用户组织结构

三:控制策略

依次选择“策略配置”—“IPV4控制策略”,可设置控制策略。管理策略依次从上往下匹配,对允许访问网络的用户放行,对禁止访问网络的用户拒绝。通过使用“应用”功能,可配置该策略组能使用的网络应用。

图 3 控制策略

图 4 应用配置

四:数据分析查看

依次选择“数据中心”—“用户流量统计”或“数据中心”—“应用流量统计”,可分别查看用户流量统计及详细信息与应用流量统计及详细信息。通过点击“用户名”或“应用名”,可进入详细信息查看。

图 5 用户流量统计

图 6 应用流量统计

5.1 负载均衡# Generated by at 202104300856# Size is 64653 bytes# Software Version 5.5 SG6000-AX-5.5R6-2.7.12 2021/03/19 16:06:21
# PREVIOUS CONFIGERATION START# END OF PREVIOUS CONFIGERATION
!Version 5.5R6-AX2.7
ip vrouter “mgt-vr”exitip vrouter “trust-vr”exitip vrouter “proxy-vr”exitvswitch “vswitch1″exitzone “mgt”exitzone “trust”exitzone “untrust”exitzone “l2-trust” l2exitzone “l2-untrust” l2exitzone “HA”exitzone “proxy”exitinterface vswitchif1exitinterface MGTexitinterface HAexitinterface ethernet0/0exitinterface ethernet0/1exitinterface ethernet0/2exitinterface ethernet0/3exitinterface aggregate1exitinterface aggregate2exitinterface aggregate1.2exitinterface aggregate1.3exitaddress “private_network”exitaddress “124.134.196.83/32″exitaddress “10.0.50.12”exitisp-network ChinaMobileexitisp-network ChinaUnicomexitisp-network ChinaTelcomexithost-book “predef-domain-geo”exitaaa-server “local” type localexittrack “Track-Unicom”exittrack “Track-Mobile”exitlogging nat content hostnameservice “4433” tcp dst-port 4433 udp dst-port 4433 exitservice “TCP-7700” tcp dst-port 7700 exittrack “Track-Unicom” icmp 124.134.196.65 interface aggregate1.3 src-interface aggregate1.3 exittrack “Track-Mobile” icmp 10.0.50.1 interface aggregate1.2 src-interface aggregate1.2 exitadmin user “hillstone” password EKNrBGhAcUI9ckdHnKHAFe2Q40 password-expiration 1618282555 role “admin” access console access telnet access ssh access http access https access restful-api access restful-api-httpsexitadmin user “admin” password Jlbl3qIXKGAzPnwpnE7GEJKAcu password-expiration 1618560724 role “admin” access console access telnet access ssh access http access https access restful-api access restful-api-httpsexitlogging event to syslog severity informationalno logging traffic session to bufferlogging traffic nat onlogging syslog 10.0.2.2 vrouter “trust-vr” udp 514 type eventlogging syslog 10.0.2.2 vrouter “trust-vr” udp 514 type configlogging syslog 10.0.2.2 vrouter “trust-vr” udp 514 type networklogging syslog 10.0.2.2 vrouter “trust-vr” udp 514 type threatlogging syslog 10.0.2.2 vrouter “trust-vr” udp 514 type health-checklogging syslog 10.0.2.2 vrouter “trust-vr” udp 514 type traffic sessionlogging syslog 10.0.2.2 vrouter “trust-vr” udp 514 type traffic natlogging syslog 10.0.2.2 vrouter “trust-vr” udp 514 type traffic pbrlogging syslog 10.0.2.2 vrouter “trust-vr” udp 514 type traffic slblogging syslog 10.0.2.2 vrouter “trust-vr” udp 514 type traffic ssl-inspectionpki trust-domain “trust_domain_default” keypair “Default-Key” enrollment self subject commonName “SG-6000” subject organization “Hillstone Networks”exitpki trust-domain “trust_domain_ssl_proxy_2048” keypair “Default-Key-2048” enrollment self subject commonName “SG-6000” subject organization “Hillstone Networks”exitpki trust-domain “network_manager_ca” enrollment terminalexitpki cert-chain “default-rsa2048-cert-chain”exitpki cert-chain “default-sm2-cert-chain”exitaddress “private_network” ip 10.0.0.0/8 ip 172.16.0.0/12 ip 192.168.0.0/16exitaddress “124.134.196.83/32” description “China-Unicom” ip 124.134.196.83/32exitaddress “10.0.50.12” ip 10.0.50.0/24exitzone “mgt” vrouter “mgt-vr”exitzone “proxy” vrouter “proxy-vr”exithostname “XinLong-AX500″admin host any anyisakmp proposal “psk-sha256-aes128-g2” hash sha256 encryption aesexit
isakmp proposal “psk-sha256-aes256-g2” hash sha256 encryption aes-256exit
isakmp proposal “psk-sha256-3des-g2” hash sha256exit
isakmp proposal “psk-md5-aes128-g2” hash md5 encryption aesexit
isakmp proposal “psk-md5-aes256-g2” hash md5 encryption aes-256exit
isakmp proposal “psk-md5-3des-g2” hash md5exit
isakmp proposal “rsa-sha256-aes128-g2” authentication rsa-sig hash sha256 encryption aesexit
isakmp proposal “rsa-sha256-aes256-g2” authentication rsa-sig hash sha256 encryption aes-256exit
isakmp proposal “rsa-sha256-3des-g2” authentication rsa-sig hash sha256exit
isakmp proposal “rsa-md5-aes128-g2” authentication rsa-sig hash md5 encryption aesexit
isakmp proposal “rsa-md5-aes256-g2” authentication rsa-sig hash md5 encryption aes-256exit
isakmp proposal “rsa-md5-3des-g2” authentication rsa-sig hash md5exit
isakmp proposal “dsa-sha-aes128-g2” authentication dsa-sig encryption aesexit
isakmp proposal “dsa-sha-aes256-g2” authentication dsa-sig encryption aes-256exit
isakmp proposal “dsa-sha-3des-g2” authentication dsa-sigexit
ipsec proposal “esp-sha256-aes128-g2” hash sha256 encryption aes group 2exit
ipsec proposal “esp-sha256-aes128-g0” hash sha256 encryption aesexit
ipsec proposal “esp-sha256-aes256-g2” hash sha256 encryption aes-256 group 2exit
ipsec proposal “esp-sha256-aes256-g0” hash sha256 encryption aes-256exit
ipsec proposal “esp-sha256-3des-g2” hash sha256 encryption 3des group 2exit
ipsec proposal “esp-sha256-3des-g0” hash sha256 encryption 3desexit
ipsec proposal “esp-md5-aes128-g2” hash md5 encryption aes group 2exit
ipsec proposal “esp-md5-aes128-g0” hash md5 encryption aesexit
ipsec proposal “esp-md5-aes256-g2” hash md5 encryption aes-256 group 2exit
ipsec proposal “esp-md5-aes256-g0” hash md5 encryption aes-256exit
ipsec proposal “esp-md5-3des-g2” hash md5 encryption 3des group 2exit
ipsec proposal “esp-md5-3des-g0” hash md5 encryption 3desexit
interface MGT zone “mgt” ip address 192.168.1.1 255.255.255.0 manage ssh manage ping manage snmp manage httpsexitinterface ethernet0/0 aggregate aggregate1exitinterface ethernet0/1 aggregate aggregate1exitinterface ethernet0/2 aggregate aggregate2exitinterface ethernet0/3 aggregate aggregate2exitinterface aggregate1 zone “untrust” description “Link-To-Internet-SW” manage ping lacp enableexitinterface aggregate2 zone “trust” ip address 10.0.7.254 255.255.255.0 bandwidth downstream 2000000000 bandwidth upstream 2000000000 description “Link-To-XinLong-FW” manage ssh manage ping manage https lacp enableexitinterface aggregate1.2 zone “untrust” ip address 10.0.50.12 255.255.255.0 bandwidth downstream 1000000000 bandwidth upstream 1000000000 monitor track “Track-Mobile” description “China-Mobile” manage pingexitinterface aggregate1.3 zone “untrust” ip address 124.134.196.83 255.255.255.192 bandwidth downstream 1000000000 bandwidth upstream 1000000000 description “China-Unicom” manage pingexitip vrouter “trust-vr” snatrule id 1 from address-book “Any” to address-book “Any” service “Any” eif aggregate1.2 trans-to eif-ip mode dynamicport log snatrule id 2 from address-book “Any” to address-book “Any” service “Any” eif aggregate1.3 trans-to eif-ip mode dynamicport dnatrule id 1 from address-book “Any” to address-book “124.134.196.83/32” service “4433” trans-to ip 10.0.7.1 port 4433 dnatrule id 2 from address-book “Any” to address-book “124.134.196.83/32” service “TCP-7700” trans-to ip 192.168.101.21/32 port 443 ip route 0.0.0.0/0 10.0.50.1 ip route 0.0.0.0/0 124.134.196.65 ip route 10.0.0.0/8 10.0.7.1 ip route 192.168.0.0/16 10.0.7.1 ip route “ChinaMobile” 10.0.50.1 ip route “ChinaUnicom” 124.134.196.65 ip route source 192.168.0.0/22 124.134.196.65 ip route source 192.168.4.0/23 124.134.196.65 ip route source 192.168.6.0/23 10.0.50.1 ip route source 192.168.101.0/24 124.134.196.65exithealth-check “ping” type icmp id 1exithealth-check “tcp” type tcp id 2exithealth-check “http-200ok” type http id 3 status-code “200”exithealth-check “https-200ok” type https id 4 status-code “200”exitslb app-profile “default-http-app-profile” type httpexitslb app-profile “default-https-app-profile” type httpsexitslb app-profile “default-http-proxy-app-profile” type http-proxyexitslb app-profile “default-ssl-stream-proxy-app-profile” type ssl-stream-proxyexitqos-engine first root-pipe “default” id 1 qos-mode “stat” exitexitqos-engine second disable root-pipe “default” id 2 qos-mode “stat” exitexitclock zone chinaip name-server 223.5.5.5 vrouter “trust-vr”ip name-server 114.114.114.114 vrouter “trust-vr”policy-global default-action permitexitrule id 1 action permit src-zone “Any” dst-zone “Any” src-addr “Any” dst-addr “Any” service “Any”exittcp-syn-bit-check droptcp-seq-check-disablel2-nonip-action dropno tcp-mss alltcp-mss tunnel 1380ecmp-route-select by-src-and-dstflow icmp-unreachable-session-keepexitno app cache pbr-check-strictstrict-tunnel-checkgeolocation-IP-signature update schedule daily 02:18domain-geo update schedule daily 03:00isp-information update schedule daily 01:00llb profile “Internet”exitllb rule “Internet” id 0 dbr vrouter “trust-vr” 0.0.0.0/0 profile “Internet”link-perf-monitor interface “aggregate1.2” description “移动” monitor on no application onexitlink-perf-monitor interface “aggregate1.3” description “联通” monitor on no application onexitstatistics-filter address “private_network”no sms disableha transmit udp
End5.2 外网防火墙# Generated by at # Size is 11349 bytes# Software Version 5.5 SG6000-M-3-5.5R7P9.bin 2021/01/27 10:18:43
# PREVIOUS CONFIGERATION START# END OF PREVIOUS CONFIGERATION
!Version 5.5R7
ip vrouter “mgt-vr”exitip vrouter “twin-mode-vr”exitip vrouter “trust-vr”exitvswitch “vswitch1″exitzone “mgt”exitzone “trust”exitzone “untrust”exitzone “dmz”exitzone “l2-trust” l2exitzone “l2-untrust” l2exitzone “l2-dmz” l2exitzone “VPNHub”exitzone “HA”exitzone “twin-mode”exitinterface vswitchif1exitinterface MGT0exitinterface HA0exitinterface ethernet0/0exitinterface ethernet0/1exitinterface ethernet0/2exitinterface ethernet0/3exitinterface ethernet0/4exitinterface ethernet0/5exitinterface ethernet0/6exitinterface ethernet0/7exitinterface ethernet0/8exitinterface ethernet0/9exitinterface aggregate1exitinterface aggregate2exitinterface tunnel1exitaddress “private_network”exitaaa-server “local” type localexitlogging session content hostnamelogging session content usernameips profile “predef_critical” filter-class 32 severity “High” issue-date 2010 issue-date 2011 issue-date 2012 issue-date 2013 issue-date 2014 issue-date 2015 issue-date 2016 issue-date 2017 issue-date 2018 issue-date 2019 issue-date 2020 exitexitcontentfilter-profile “no-contentfilter”exitbehavior-profile “no-behavior”exiturl-profile “no-url”exitwebpost-profile “no-webpost”exitmail-profile “no-mail”exitdlp-profile “no-dlp”exitnbr-profile “no-nbr”exitepp-profile “no-epp”exitepp-profile “predef_epp” status uninstall log-only status unhealthy log-only status infected block status abnormal blockexitaaa-server “local” type local user “liuchao” password “$010102Xg$eV4725yi371NZOxpRN8yOGuLRWc=” create-time “2021-4-14” exit user “wfxl001” password “$010102O1$XhE+IYgLuOJfw01GXySi7DJ7I8Y=” create-time “2021-4-15” exit user “wfxl002” password “$0101025m$o06Hli8LDwXzOnNxHUdqtmQ8mGk=” create-time “2021-4-15” exit user “helon” password “$010102F9$61jgC0aZTvKRm5TV7mawJ2YzSHM=” create-time “2021-4-16” exit user “wfxl” password “$010102QC$B0MLrCkVPHQ/KdLRE2rBz3Sw3FE=” create-time “2021-4-16” exit user “xxzx” password “$010102Cw$LSwggdXZ5CV+LEMRMrgk6BlJXP8=” create-time “2021-4-16” exit user “helon01” password “$0101029/$k6AxUGpIorMaBY4xpDWrPCrolEo=” create-time “2021-4-16” exitexitadmin user “hillstone” password qR0jVWITWmVcKz9mONvvTlzgSw password-expiration 1617952853 role “admin” access console access telnet access ssh access http access httpsexitadmin user “admin” password vJZtuRLuWAGY44BB3M9KP59QsM password-expiration 1618548233 role “admin” access console access telnet access ssh access http access httpsexituser-sso server ad-scripting defaultexituser-sso server sso-radius defaultexitlogging event to localdblogging event to syslog severity informationallogging threat to localdblogging network to localdblogging traffic session onno logging traffic nat to bufferlogging configuration to localdblogging syslog 10.0.2.2 vrouter “trust-vr” udp 514 type eventlogging syslog 10.0.2.2 vrouter “trust-vr” udp 514 type configlogging syslog 10.0.2.2 vrouter “trust-vr” udp 514 type networklogging syslog 10.0.2.2 vrouter “trust-vr” udp 514 type threatlogging syslog 10.0.2.2 vrouter “trust-vr” udp 514 type traffic sessionlogging syslog 10.0.2.2 vrouter “trust-vr” udp 514 type traffic natlogging syslog 10.0.2.2 vrouter “trust-vr” udp 514 type traffic urlfilterlogging syslog 10.0.2.2 vrouter “trust-vr” udp 514 type traffic pbrlogging syslog 10.0.2.2 vrouter “trust-vr” udp 514 type debuglogging syslog 10.0.2.2 vrouter “trust-vr” udp 514 type data-security dlplogging syslog 10.0.2.2 vrouter “trust-vr” udp 514 type data-security cflogging syslog 10.0.2.2 vrouter “trust-vr” udp 514 type data-security nbrlogging syslog 10.0.2.2 vrouter “trust-vr” udp 514 type share-access-detectlogging syslog 10.0.2.2 vrouter “trust-vr” udp 514 type iot-monitorpki trust-domain “trust_domain_default” keypair “Default-Key” enrollment self subject commonName “SG-6000” subject organization “Hillstone Networks”exitpki trust-domain “trust_domain_ssl_proxy” keypair “Default-Key” enrollment self subject commonName “SG-6000” subject organization “Hillstone Networks”exitpki trust-domain “trust_domain_ssl_proxy_2048” keypair “Default-Key-2048” enrollment self subject commonName “SG-6000” subject organization “Hillstone Networks”exitpki trust-domain “network_manager_ca” enrollment terminalexitaddress “private_network” ip 10.0.0.0/8 ip 172.16.0.0/12 ip 192.168.0.0/16exitzone “mgt” vrouter “mgt-vr”exitzone “untrust” type wan ad icmp-flood ad ip-spoofing ad ip-sweep ad land-attack ad port-scan ad syn-flood ad tear-drop ad winnuke ad ping-of-death ad udp-flood ad ip-fragment ad ip-option ad ip-directed-broadcastexitzone “l2-untrust” l2 type wanexitzone “twin-mode” vrouter “twin-mode-vr”exithostname “XinLong-FW”admin host any anyisakmp proposal “psk-sha256-aes128-g2” hash sha256 encryption aesexit
isakmp proposal “psk-sha256-aes256-g2” hash sha256 encryption aes-256exit
isakmp proposal “psk-sha256-3des-g2” hash sha256exit
isakmp proposal “psk-md5-aes128-g2” hash md5 encryption aesexit
isakmp proposal “psk-md5-aes256-g2” hash md5 encryption aes-256exit
isakmp proposal “psk-md5-3des-g2” hash md5exit
isakmp proposal “rsa-sha256-aes128-g2” authentication rsa-sig hash sha256 encryption aesexit
isakmp proposal “rsa-sha256-aes256-g2” authentication rsa-sig hash sha256 encryption aes-256exit
isakmp proposal “rsa-sha256-3des-g2” authentication rsa-sig hash sha256exit
isakmp proposal “rsa-md5-aes128-g2” authentication rsa-sig hash md5 encryption aesexit
isakmp proposal “rsa-md5-aes256-g2” authentication rsa-sig hash md5 encryption aes-256exit
isakmp proposal “rsa-md5-3des-g2” authentication rsa-sig hash md5exit
isakmp proposal “dsa-sha-aes128-g2” authentication dsa-sig encryption aesexit
isakmp proposal “dsa-sha-aes256-g2” authentication dsa-sig encryption aes-256exit
isakmp proposal “dsa-sha-3des-g2” authentication dsa-sigexit
ipsec proposal “esp-sha256-aes128-g2” hash sha256 encryption aes group 2exit
ipsec proposal “esp-sha256-aes128-g0” hash sha256 encryption aesexit
ipsec proposal “esp-sha256-aes256-g2” hash sha256 encryption aes-256 group 2exit
ipsec proposal “esp-sha256-aes256-g0” hash sha256 encryption aes-256exit
ipsec proposal “esp-sha256-3des-g2” hash sha256 encryption 3des group 2exit
ipsec proposal “esp-sha256-3des-g0” hash sha256 encryption 3desexit
ipsec proposal “esp-md5-aes128-g2” hash md5 encryption aes group 2exit
ipsec proposal “esp-md5-aes128-g0” hash md5 encryption aesexit
ipsec proposal “esp-md5-aes256-g2” hash md5 encryption aes-256 group 2exit
ipsec proposal “esp-md5-aes256-g0” hash md5 encryption aes-256exit
ipsec proposal “esp-md5-3des-g2” hash md5 encryption 3des group 2exit
ipsec proposal “esp-md5-3des-g0” hash md5 encryption 3desexit
scvpn pool “ssl” address 11.11.11.1 11.11.11.254 netmask 255.255.255.0exittunnel scvpn “ssl” pool “ssl” anti-replay 32 tunnel-cipher encryption 3des hash sha split-tunnel-route 192.168.0.0/24 metric 30 split-tunnel-route 10.0.7.0/24 metric 35 split-tunnel-route 10.0.6.0/24 metric 35 split-tunnel-route 10.0.4.0/24 metric 35 split-tunnel-route 10.0.3.0/24 metric 35 split-tunnel-route 10.0.5.0/24 metric 35 split-tunnel-route 10.0.2.0/24 metric 35 split-tunnel-route 192.168.101.0/24 metric 35 aaa-server “local” interface aggregate2exitstrict-tunnel-checkinterface MGT0 zone “mgt” ip address 192.168.1.1 255.255.255.0 manage ssh manage ping manage snmp manage httpsexitinterface ethernet0/2 aggregate aggregate2exitinterface ethernet0/4 aggregate aggregate2exitinterface ethernet0/7 aggregate aggregate1 bandwidth downstream 1000000000 bandwidth upstream 1000000000 description “Link-To-Router-SFP0″exitinterface ethernet0/9 aggregate aggregate1 bandwidth downstream 1000000000 bandwidth upstream 1000000000 description “Link-To-Router-SFP1″exitinterface aggregate1 zone “trust” ip address 10.0.6.254 255.255.255.0 bandwidth downstream 2000000000 bandwidth upstream 2000000000 description “Link-To-ICM” manage ssh manage ping manage https no reverse-routeexitinterface aggregate2 zone “untrust” ip address 10.0.7.1 255.255.255.0 manage ssh manage ping manage https lacp enable no reverse-routeexitinterface tunnel1 zone “VPNHub” ip address 11.11.11.1 255.255.255.0 bandwidth downstream 1000000000 bandwidth upstream 1000000000 manage ssh manage ping manage https tunnel scvpn “ssl” no reverse-routeexitip vrouter “trust-vr” ip route 192.168.0.0/16 10.0.6.1 ip route 0.0.0.0/0 10.0.7.254 ip route 10.0.0.0/16 10.0.6.1 ip route 10.0.50.0/24 10.0.7.254exitqos-engine first root-pipe “default” id 1 qos-mode “stat” exitexitqos-engine second disable root-pipe “default” id 2 qos-mode “stat” exitexitclock zone chinaip name-server 223.5.5.5 vrouter “trust-vr”ip name-server 114.114.114.114 vrouter “trust-vr”rule id 3 action permit src-zone “Any” dst-zone “Any” src-addr “Any” dst-addr “Any” service “ICMP”exitrule id 1 action permit log policy-deny log session-start log session-end src-zone “trust” dst-zone “untrust” src-addr “Any” dst-addr “Any” service “Any”exitrule id 2 action permit src-zone “VPNHub” dst-zone “Any” src-addr “Any” dst-addr “Any” service “Any”exitrule id 4 action permit src-zone “untrust” dst-zone “trust” src-ip 10.0.7.0/24 dst-addr “Any” service “Any”exitrule id 5 action permit log policy-deny log session-start log session-end src-zone “untrust” dst-zone “trust” src-addr “Any” dst-addr “Any” service “HTTPS”exitl2-nonip-action dropno tcp-mss alltcp-mss tunnel 1380ecmp-route-select by-src-and-dst url-db-query server1 “url1.hillstonenet.com” port 8866 vrouter trust-vr url-db-query server2 “url2.hillstonenet.com” port 8866 vrouter trust-vrflow icmp-unreachable-session-keepexitstatistics-set “predef_if_bw” target-data bandwidth id 0 record-history group-by interface directional vsysexitstatistics-set “predef_user_bw” target-data bandwidth id 1 record-history group-by user directional vsysexitstatistics-set “predef_app_bw” target-data bandwidth id 2 record-history group-by application vsysexitstatistics-set “predef_user_app_bw” target-data bandwidth id 3 group-by user directional interface zone application vsysexitstatistics-set “predef_zone_if_app_bw” target-data bandwidth id 4 group-by interface zone directional application vsysexitquery-groups dashboard-query-group “hillstone-1618547757380-dashboard-query-group” user “hillstone” rule “license” create-time 1618547757 id 1 query-string “%7B%22time%22%3A1619073368101%2C%22ignore%22%3Atrue%7D” exit dashboard-query-group “admin-1618555600897-dashboard-query-group” user “admin” rule “license” create-time 1618555600 id 2 query-string “%7B%22time%22%3A1618991283039%2C%22ignore%22%3Atrue%7D” exitexitno sms disable
End5.3 华三路由器# version 7.1.064, Release 0821P10# sysname HT_XL_MSR56-60# system-working-mode standard password-recovery enable#vlan 1#controller Cellular2/0/0#interface Route-Aggregation10 description TO_SWXWGuanLi ip address 10.0.6.1 255.255.255.0#interface Route-Aggregation20 description To_HX_S10506X ip address 10.0.5.254 255.255.255.0 link-aggregation mode dynamic#interface NULL0#interface GigabitEthernet2/0/0 port link-mode route description To_SWXWGuanLi combo enable fiber port link-aggregation group 10#interface GigabitEthernet2/0/1 port link-mode route description To_SWXWGuanLi combo enable fiber port link-aggregation group 10#interface GigabitEthernet2/0/2 port link-mode route description To_HX_S10506X combo enable fiber port link-aggregation group 20#interface GigabitEthernet2/0/3 port link-mode route description To_HX_S10506X combo enable fiber port link-aggregation group 20# interface GigabitEthernet2/0/4 port link-mode route combo enable copper#interface GigabitEthernet2/0/5 port link-mode route description To-Hillstone-HSA combo enable copper ip address 10.0.2.1 255.255.255.0#interface GigabitEthernet2/0/6 port link-mode route description To_XXZXBeiYong combo enable copper ip address 192.168.200.254 255.255.255.0#interface GigabitEthernet2/0/7 port link-mode route combo enable copper#interface GigabitEthernet2/0/8 port link-mode route combo enable copper#interface GigabitEthernet2/0/9 port link-mode route combo enable copper#interface M-GigabitEthernet0#interface Ten-GigabitEthernet2/0/10 port link-mode route#interface Ten-GigabitEthernet2/0/11 port link-mode route# scheduler logfile size 16#line class console user-role network-admin#line class tty user-role network-operator#line class vty user-role network-operator#line con 0 1 user-role network-admin#line vty 0 4 authentication-mode scheme user-role network-operator#line vty 5 63 user-role network-operator# ip route-static 0.0.0.0 0 10.0.6.254 ip route-static 10.0.3.0 24 10.0.5.1 ip route-static 10.0.4.0 24 10.0.5.1 ip route-static 172.16.1.0 24 10.0.5.1 ip route-static 192.168.0.0 16 10.0.5.1#performance-management# ssh server enable#domain system# domain default enable system#role name level-0 description Predefined level-0 role#role name level-1 description Predefined level-1 role#role name level-2 description Predefined level-2 role#role name level-3 description Predefined level-3 role#role name level-4 description Predefined level-4 role#role name level-5 description Predefined level-5 role#role name level-6 description Predefined level-6 role# role name level-7 description Predefined level-7 role#role name level-8 description Predefined level-8 role#role name level-9 description Predefined level-9 role#role name level-10 description Predefined level-10 role#role name level-11 description Predefined level-11 role#role name level-12 description Predefined level-12 role#role name level-13 description Predefined level-13 role#role name level-14 description Predefined level-14 role#user-group system#local-user wfxl class manage password hash $h$6$Z3/1PjjCCm99torJ$jztYNzcPnsfI8gVUsmTmpVf5OfeaGiPbFOr+cfNKhrr4SdXviNXXa6pOQsTYBFEOy5sSPHwOCmvW2LYZfPoljA== service-type ssh https authorization-attribute user-role network-admin authorization-attribute user-role network-operator password-control length 6# ip https port 8110 ip https enable# undo autodeploy url enable#Return5.4 核心交换机# version 7.1.070, Release 7596P05#mdc Admin id 1# sysname HT_XL_Core_S10506X#tcsm# telnet server enable# forward-path-detection enable# irf mac-address persistent always irf auto-update enable irf auto-merge enable undo irf link-delay irf member 1 priority 30 irf member 2 priority 1 irf mode normal# dhcp enable# lldp global enable# system-working-mode standard password-recovery enable#vlan 1#vlan 2 to 26#vlan 42#vlan 103 description To_XXZXBeiYong#vlan 1023#vlan 4090 description To_IRF_Check#irf-port 1/1 port group interface Ten-GigabitEthernet1/0/0/47 mode enhanced port group interface Ten-GigabitEthernet1/0/0/48 mode enhanced#irf-port 2/2 port group interface Ten-GigabitEthernet2/0/0/47 mode enhanced port group interface Ten-GigabitEthernet2/0/0/48 mode enhanced# stp instance 0 root primary stp global enable#dhcp server ip-pool vlan5 gateway-list 192.168.3.254 network 192.168.3.0 mask 255.255.255.0 dns-list 114.114.114.114 8.8.8.8#dhcp server ip-pool vlan103 gateway-list 192.168.101.254 network 192.168.101.0 mask 255.255.255.0 dns-list 114.114.114.114 8.8.8.8#interface Bridge-Aggregation26 description To_FangLianCheJian port link-type trunk port trunk permit vlan 1 14#interface Bridge-Aggregation27 description To_SuanZhanCheJian port link-type trunk port trunk permit vlan 1 15#interface Bridge-Aggregation28 description To_HuanBaoCheJian port link-type trunk port trunk permit vlan 1 16#interface Bridge-Aggregation29 description To_DongLiCheJian port link-type trunk port trunk permit vlan 1 17#interface Bridge-Aggregation30 description To_KongLengCheJian port link-type trunk port trunk permit vlan 1 18#interface Bridge-Aggregation31 description To_ZhongShiCheJian port link-type trunk port trunk permit vlan 1 19# interface Bridge-Aggregation32 description To_WuLiuGongSi port link-type trunk port trunk permit vlan 1 20#interface Bridge-Aggregation33 description To_CangChuChu port link-type trunk port trunk permit vlan 1 21#interface Bridge-Aggregation34 description To_HouQinChu port link-type trunk port trunk permit vlan 1 22#interface Bridge-Aggregation35 description To_XiaoFangLou port link-type trunk port trunk permit vlan 1 23#interface Bridge-Aggregation36 description To_BaoWei port link-type trunk port trunk permit vlan 1 24#interface Bridge-Aggregation37 description To_ErLiuHuaTan port link-type trunk port trunk permit vlan 1 25#interface Bridge-Aggregation38 description To_YanJiuSuo port link-type trunk port trunk permit vlan 1 10#interface Bridge-Aggregation39 description To_YuanYeCheJian port link-type trunk port trunk permit vlan 1 13#interface Bridge-Aggregation40 description To_BinHengReDian port link-type trunk port trunk permit vlan 1 42#interface Bridge-Aggregation41 description To_huaweihexin port link-type trunk port trunk permit vlan 1 to 26 42 103 1023#interface Bridge-Aggregation43 description To_HuaWei_Core_Switch port link-type trunk port trunk permit vlan 1 to 26 42 103 1023#interface Bridge-Aggregation44 description To_ShengChanGuanLi port link-type trunk port trunk permit vlan 1 12#interface Route-Aggregation20 description To_Router ip address 10.0.5.1 255.255.255.0 link-aggregation mode dynamic#interface Route-Aggregation30 description To_SJZX_FW ip address 10.0.4.254 255.255.255.0 link-aggregation mode dynamic#interface NULL0#interface Vlan-interface1 description To_GuanLi ip address 172.16.1.254 255.255.255.0#interface Vlan-interface3 description To_bgl01 ip address 192.168.1.254 255.255.255.0#interface Vlan-interface4 description To_bgl02 ip address 192.168.2.254 255.255.255.0#interface Vlan-interface5 description To_bgl03 ip address 192.168.3.254 255.255.255.0#interface Vlan-interface6 description To_bgl04 ip address 192.168.4.254 255.255.255.0# interface Vlan-interface7 description To_bgl05 ip address 192.168.5.254 255.255.255.0#interface Vlan-interface8 description To_6 ip address 192.168.6.254 255.255.255.0#interface Vlan-interface9 description To_7 ip address 192.168.7.254 255.255.255.0#interface Vlan-interface10 description To_8 ip address 192.168.8.254 255.255.255.0#interface Vlan-interface11 description To_9 ip address 192.168.9.254 255.255.255.0#interface Vlan-interface12 description To_shegnchanguanli ip address 192.168.10.254 255.255.255.0#interface Vlan-interface13 description To_yuanye ip address 192.168.11.254 255.255.255.0#interface Vlan-interface14 description To_fanglian ip address 192.168.12.254 255.255.255.0#interface Vlan-interface15 description To_suanzhan ip address 192.168.13.254 255.255.255.0#interface Vlan-interface16 description To_huanbao ip address 192.168.14.254 255.255.255.0#interface Vlan-interface17 description To_dongli ip address 192.168.15.254 255.255.255.0#interface Vlan-interface18 description To_kongleng ip address 192.168.16.254 255.255.255.0#interface Vlan-interface19 description To_zhongshi ip address 192.168.17.254 255.255.255.0#interface Vlan-interface20 description To_wuliu ip address 192.168.18.254 255.255.255.0#interface Vlan-interface21 description To_cangchu ip address 192.168.19.254 255.255.255.0#interface Vlan-interface22 description To_houqin ip address 192.168.20.254 255.255.255.0#interface Vlan-interface23 description To_21 ip address 192.168.21.254 255.255.255.0#interface Vlan-interface24 description To_22 ip address 192.168.22.254 255.255.255.0#interface Vlan-interface25 description To_CS2 ip address 192.168.23.254 255.255.255.0#interface Vlan-interface42 description To_binhengredian ip address 192.168.40.254 255.255.255.0#interface Vlan-interface103 description To_XXZXBeiYong ip address 192.168.101.254 255.255.255.0#interface Vlan-interface4090 description To_IRF_Check mad bfd enable mad ip address 2.2.2.1 255.255.255.0 member 1 mad ip address 2.2.2.2 255.255.255.0 member 2#interface GigabitEthernet1/0/0/25 port link-mode route description To_Router port link-aggregation group 20#interface GigabitEthernet2/0/0/25 port link-mode route description To_Router port link-aggregation group 20#interface GigabitEthernet1/0/0/1 port link-mode bridge port access vlan 4090 undo stp enable#interface GigabitEthernet1/0/0/2 port link-mode bridge port access vlan 103 duplex full#interface GigabitEthernet1/0/0/3 port link-mode bridge port access vlan 103#interface GigabitEthernet1/0/0/4 port link-mode bridge#interface GigabitEthernet1/0/0/5 port link-mode bridge#interface GigabitEthernet1/0/0/6 port link-mode bridge#interface GigabitEthernet1/0/0/7 port link-mode bridge#interface GigabitEthernet1/0/0/8 port link-mode bridge#interface GigabitEthernet1/0/0/9 port link-mode bridge#interface GigabitEthernet1/0/0/10 port link-mode bridge#interface GigabitEthernet1/0/0/11 port link-mode bridge# interface GigabitEthernet1/0/0/12 port link-mode bridge#interface GigabitEthernet1/0/0/13 port link-mode bridge port access vlan 103#interface GigabitEthernet1/0/0/14 port link-mode bridge#interface GigabitEthernet1/0/0/15 port link-mode bridge#interface GigabitEthernet1/0/0/16 port link-mode bridge#interface GigabitEthernet1/0/0/17 port link-mode bridge#interface GigabitEthernet1/0/0/18 port link-mode bridge#interface GigabitEthernet1/0/0/19 port link-mode bridge#interface GigabitEthernet1/0/0/20 port link-mode bridge#interface GigabitEthernet1/0/0/21 port link-mode bridge#interface GigabitEthernet1/0/0/22 port link-mode bridge#interface GigabitEthernet1/0/0/23 port link-mode bridge#interface GigabitEthernet1/0/0/24 port link-mode bridge#interface GigabitEthernet1/0/0/26 port link-mode bridge port link-type trunk port trunk permit vlan 1 14 port link-aggregation group 26# interface GigabitEthernet1/0/0/27 port link-mode bridge port link-type trunk port trunk permit vlan 1 15 port link-aggregation group 27#interface GigabitEthernet1/0/0/28 port link-mode bridge port link-type trunk port trunk permit vlan 1 16 port link-aggregation group 28#interface GigabitEthernet1/0/0/29 port link-mode bridge port link-type trunk port trunk permit vlan 1 17 port link-aggregation group 29#interface GigabitEthernet1/0/0/30 port link-mode bridge port link-type trunk port trunk permit vlan 1 18 port link-aggregation group 30#interface GigabitEthernet1/0/0/31 port link-mode bridge port link-type trunk port trunk permit vlan 1 19 port link-aggregation group 31#interface GigabitEthernet1/0/0/32 port link-mode bridge port link-type trunk port trunk permit vlan 1 20 port link-aggregation group 32#interface GigabitEthernet1/0/0/33 port link-mode bridge port link-type trunk port trunk permit vlan 1 21 port link-aggregation group 33#interface GigabitEthernet1/0/0/34 port link-mode bridge port link-type trunk port trunk permit vlan 1 22 port link-aggregation group 34#interface

版权声明