[1_channg_core]dis cu !Software Version V200R010C00SPC600 # sysname 1_channg_core # FTP server enable # info-center source SECE channel 4 log state off # vlan batch 2 to 3 5 to 9 11 15 18 20 26 30 50 60 to 65 vlan batch 115 to 116 120 151 155 177 200 500 to 506 600 to 651 653 661 vlan batch 663 to 664 669 672 930 # stp instance 0 root primary stp bpdu-protection stp disable # authentication-profile name default_authen_profile authentication-profile name dot1x_authen_profile authentication-profile name mac_authen_profile authentication-profile name portal_authen_profile authentication-profile name dot1xmac_authen_profile authentication-profile name multi_authen_profile # telnet server enable # lldp enable # clock timezone UTC add 08:00:00 # undo mac-address flapping detection # arp-miss speed-limit source-ip 192.168.18.0 mask 24 maximum 100 arp-miss speed-limit source-ip 192.168.0.100 mask 30 maximum 100 # observe-port 1 interface GigabitEthernet0/0/17 # dhcp enable # dhcp server ping packet 3 dhcp server ping timeout 100 # dhcp server database enable dhcp server database recover # arp speed-limit source-ip maximum 50 arp-miss speed-limit source-ip maximum 5 # diffserv domain default # radius-server template default # acl number 3007 description Deny WIFI_TO_LAN rule 1 permit ip source 172.18.64.0 0.0.7.255 destination 192.168.0.249 0 rule 2 deny ip source 172.18.64.0 0.0.7.255 destination 172.16.0.0 0.15.255.255 rule 3 deny ip source 172.18.64.0 0.0.7.255 destination 10.0.0.0 0.255.255.255 rule 4 deny ip source 172.18.64.0 0.0.7.255 destination 192.168.0.0 0.0.255.255 acl number 3008 description test rule 5 permit ip destination 172.16.0.0 0.15.255.255 rule 6 permit ip destination 10.0.0.0 0.255.255.255 rule 7 permit ip destination 192.168.0.0 0.0.255.255 rule 8 deny ip acl number 3009 description neiwang_bu_chongdingxiang rule 20 permit ip destination 10.0.0.0 0.255.255.255 rule 21 permit ip destination 172.16.0.0 0.15.255.255 rule 22 permit ip destination 192.168.0.0 0.0.255.255 acl number 3010 rule 20 permit ip source 172.18.1.0 0.0.0.255 rule 25 permit ip source 172.18.2.0 0.0.0.255 rule 30 permit ip source 172.18.48.0 0.0.0.255 rule 31 permit ip source 172.18.49.0 0.0.0.255 rule 35 permit ip source 172.18.4.0 0.0.0.255 rule 45 permit ip source 172.18.7.0 0.0.0.255 rule 50 permit ip source 172.18.8.0 0.0.0.255 rule 55 permit ip source 172.18.9.0 0.0.0.255 rule 60 permit ip source 172.18.31.0 0.0.0.255 acl number 3011 description laohuafnag_deny_LAN rule 20 deny ip source 172.18.49.0 0.0.0.255 destination 172.16.0.0 0.15.255.25 5 rule 30 deny ip source 172.18.49.0 0.0.0.255 destination 10.0.0.0 0.255.255.255 rule 40 deny ip source 172.18.49.0 0.0.0.255 destination 192.168.0.0 0.0.255.25 5 rule 50 permit ip acl number 3012 rule 31 permit ip source 172.18.49.0 0.0.0.255 # traffic classifier acl_3007 operator and if-match acl 3007 traffic classifier acl_3008 operator and traffic classifier acl_3010 operator and if-match acl 3010 traffic classifier acl_3011 operator and traffic classifier acl_3012 operator and if-match acl 3012 traffic classifier chongdingxiang_feita operator and if-match acl 3010 traffic classifier laohuafnag_deny_LAN operator and if-match acl 3011 traffic classifier neiwang_bu_chongdingxiang operator and if-match acl 3009 # traffic behavior acl_3007 deny traffic behavior acl_3008 permit traffic behavior acl_3012 redirect ip-nexthop 172.18.124.2 traffic behavior chongdingxiang_feita redirect ip-nexthop 172.18.124.2 traffic behavior laohuafnag_deny_LAN deny traffic behavior neiwang permit traffic behavior neiwang_bu_chongdingxiang traffic behavior qosnanshan car cir 3072 pir 8192 cbs 384000 pbs 1024000 green pass yellow pass red discard statistic enable # traffic policy PBR_172.18.124.2 match-order config classifier acl_3012 behavior acl_3012 traffic policy acl_3007 match-order config classifier acl_3007 behavior acl_3007 traffic policy acl_3008 match-order config classifier acl_3008 behavior acl_3008 traffic policy c_l_l_y match-order config classifier neiwang_bu_chongdingxiang behavior neiwang_bu_chongdingxiang classifier chongdingxiang_feita behavior chongdingxiang_feita traffic policy laohuafnag_deny_LAN match-order config classifier laohuafnag_deny_LAN behavior laohuafnag_deny_LAN # free-rule-template name default_free_rule # portal-access-profile name portal_access_profile # drop-profile default # aaa authentication-scheme default authentication-scheme radius authentication-mode radius authorization-scheme default accounting-scheme default local-aaa-user password policy administrator password expire 0 domain default authentication-scheme radius radius-server default domain default_admin authentication-scheme default local-user admin password irreversible-cipher $1a$c>-zQ]gYGY$@L"@XM5."LB8!Y0Hx5/1_:3>Tn_BO$8t|3F9~k"$$ local-user admin privilege level 15 local-user admin ftp-directory flash local-user admin service-type telnet terminal ftp http # ntp-service server disable ntp-service ipv6 server disable ntp-service unicast-server 172.18.66.1 # interface Vlanif1 description 默认 ip address 192.168.0.167 255.255.255.0 # interface Vlanif2 ip address 192.168.20.254 255.255.255.0 dhcp select global # interface Vlanif3 ip address 192.168.10.254 255.255.255.0 dhcp select global # interface Vlanif5 ip address 192.168.5.254 255.255.254.0 # interface Vlanif6 ip address 192.168.7.254 255.255.254.0 dhcp select global # interface Vlanif8 ip address 192.168.8.230 255.255.255.0 # interface Vlanif9 ip address 192.168.9.1 255.255.255.0 # interface Vlanif11 ip address 192.168.11.254 255.255.255.0 # interface Vlanif15 ip address 192.168.15.254 255.255.255.0 dhcp select interface dhcp server dns-list 192.168.0.101 202.96.134.133 # interface Vlanif18 ip address 192.168.18.254 255.255.255.0 # interface Vlanif26 description hulian_ke_hu_yong_5700_172.18.26.2 ip address 172.18.26.1 255.255.255.0 traffic-policy c_l_l_y inbound # interface Vlanif30 ip address 192.168.30.254 255.255.255.0 dhcp select global # interface Vlanif60 ip address 192.168.60.1 255.255.255.0 traffic-policy c_l_l_y inbound # interface Vlanif61 ip address 172.16.16.2 255.255.255.0 # interface Vlanif62 ip address 192.168.62.254 255.255.255.0 dhcp select global # interface Vlanif63 ip address 192.168.63.254 255.255.255.0 dhcp select global # interface Vlanif64 # interface Vlanif65 dhcp select relay # interface Vlanif115 ip address 10.11.11.1 255.255.255.252 # interface Vlanif116 ip address 10.11.11.5 255.255.255.252 # interface Vlanif120 description 3chang_hu_lian_h3c_172.18.120.2 ip address 172.18.120.1 255.255.255.0 # interface Vlanif151 ip address 172.16.53.254 255.255.255.0 dhcp select global # interface Vlanif155 ip address 192.168.155.254 255.255.255.224 dhcp select interface # interface Vlanif177 ip address 192.168.177.253 255.255.255.0 # interface Vlanif200 ip address 172.18.16.2 255.255.255.0 # interface Vlanif600 ip address 172.18.60.1 255.255.255.0 # interface Vlanif601 # interface Vlanif602 # interface Vlanif610 description 3F_dabangongqu shutdown ip address 172.18.0.1 255.255.255.0 dhcp select interface dhcp server dns-list 192.168.0.101 # interface Vlanif611 description 1F_cangku ip address 172.18.1.1 255.255.255.0 dhcp select interface dhcp server static-bind ip-address 172.18.1.131 mac-address 0024-1db1-974a description 1F_iqc_zhou_tian_xing dhcp server static-bind ip-address 172.18.1.108 mac-address f0de-f181-1ff2 description 1f_cangku_cui_jin_li dhcp server dns-list 192.168.0.101 114.114.114.114 # interface Vlanif612 description 2F_cangku ip address 172.18.2.1 255.255.255.0 dhcp select interface dhcp server dns-list 192.168.0.101 114.114.114.114 # interface Vlanif613 description 3F_gongchengbu shutdown ip address 172.18.3.1 255.255.255.0 dhcp select interface dhcp server dns-list 192.168.0.101 # interface Vlanif614 description 4F_room ip address 172.18.4.1 255.255.255.0 dhcp select interface dhcp server excluded-ip-address 172.18.4.1 dhcp server static-bind ip-address 172.18.4.177 mac-address 0c4b-5414-ac08 description 4F_weixiufang dhcp server static-bind ip-address 172.18.4.27 mac-address 7844-fd08-dff3 description 4F_baoanbangongshi dhcp server dns-list 192.168.0.101 114.114.114.114 # interface Vlanif615 description 5F_chejian ip address 172.18.5.1 255.255.255.0 dhcp select interface dhcp server static-bind ip-address 172.18.5.199 mac-address 00e0-4c51-0045 description 5f_chanxainbgq dhcp server static-bind ip-address 172.18.5.62 mac-address b8ae-edae-8ce6 description 5f_bgq dhcp server dns-list 192.168.0.101 114.114.114.114 # interface Vlanif616 description 6F_chejian ip address 172.18.6.1 255.255.255.0 dhcp select interface dhcp server static-bind ip-address 172.18.6.246 mac-address 3497-f629-303a description 6f_chanxian_wenyuan dhcp server static-bind ip-address 172.18.6.124 mac-address 408d-5c2e-1b5f description 6f_bgq dhcp server static-bind ip-address 172.18.6.13 mac-address e0d5-5ea3-16ba description 6f_bgq dhcp server dns-list 192.168.0.101 114.114.114.114 # interface Vlanif631 description 3F_chejian_BOB ip address 172.18.31.1 255.255.255.0 dhcp select interface dhcp server static-bind ip-address 172.18.31.128 mac-address 8c68-c8b3-3676 description 3f_chejian_fqc dhcp server dns-list 192.168.0.101 114.114.114.114 # interface Vlanif640 # interface Vlanif641 description test # interface Vlanif648 description 4F_chejian_chanxian ip address 172.18.48.1 255.255.255.0 dhcp select interface dhcp server dns-list 192.168.0.101 114.114.114.114 # interface Vlanif649 description 4F_laohuafang_ke_shangwang ip address 172.18.49.1 255.255.255.0 traffic-policy PBR_172.18.124.2 inbound dhcp select interface dhcp server dns-list 114.114.114.114 # interface Vlanif651 description 5F_chejian_bangongqu ip address 172.18.51.1 255.255.255.0 dhcp select interface dhcp server static-bind ip-address 172.18.51.243 mac-address d4ee-0713-2293 description 5f_fan_qiang_router dhcp server dns-list 192.168.0.101 114.114.114.114 # interface Vlanif652 description 5F_chejian_chanxian ip address 172.18.52.1 255.255.255.0 dhcp select interface dhcp server dns-list 192.168.0.101 114.114.114.114 # interface Vlanif653 description 6F_chejian_ke_shangwang ip address 172.18.53.1 255.255.255.0 dhcp select interface dhcp server dns-list 192.168.0.101 114.114.114.114 # interface Vlanif661 description 6F_chejian_bangongqu ip address 172.18.61.1 255.255.255.0 dhcp select interface dhcp server dns-list 192.168.0.101 114.114.114.114 # interface Vlanif662 description 6F_chejian_chanxian ip address 172.18.62.1 255.255.255.0 dhcp select interface dhcp server dns-list 192.168.0.101 114.114.114.114 # interface Vlanif663 description 6F_chejian_ke_shangwang ip address 172.18.63.1 255.255.255.0 dhcp select interface dhcp server dns-list 192.168.0.101 114.114.114.114 # interface Vlanif669 description Guest_Wifi_Not_Delete # interface Vlanif930 description test ip address 192.168.1.251 255.255.255.0 # interface MEth0/0/1 # interface Eth-Trunk1 undo portswitch ip address 172.18.124.1 255.255.255.0 mode lacp # interface Eth-Trunk2 port link-type trunk port trunk allow-pass vlan 2 to 4094 mode lacp # interface Eth-Trunk3 port link-type trunk port trunk allow-pass vlan 2 to 4094 mode lacp # interface Eth-Trunk4 description to huiju port link-type trunk port trunk allow-pass vlan 2 to 4094 mode lacp # interface GigabitEthernet0/0/1 eth-trunk 1 # interface GigabitEthernet0/0/2 eth-trunk 1 # interface GigabitEthernet0/0/3 port link-type trunk port trunk allow-pass vlan 2 to 4094 stp edged-port enable # interface GigabitEthernet0/0/4 undo portswitch ip address 172.18.125.254 255.255.255.0 # interface GigabitEthernet0/0/5 port link-type access port default vlan 601 # interface GigabitEthernet0/0/6 undo negotiation auto port link-type access port default vlan 200 stp edged-port disable # interface GigabitEthernet0/0/7 description <--boss_line--> port link-type access port default vlan 610 stp edged-port enable # interface GigabitEthernet0/0/8 description <--3F_BOB--> port link-type trunk port trunk allow-pass vlan 2 to 4094 stp edged-port enable # interface GigabitEthernet0/0/9 port link-type access port default vlan 610 # interface GigabitEthernet0/0/10 undo portswitch ip address 172.18.122.1 255.255.255.0 # interface GigabitEthernet0/0/11 eth-trunk 4 # interface GigabitEthernet0/0/12 eth-trunk 4 # interface GigabitEthernet0/0/13 eth-trunk 3 # interface GigabitEthernet0/0/14 eth-trunk 3 # interface GigabitEthernet0/0/15 port link-type access stp edged-port enable # interface GigabitEthernet0/0/16 port link-type trunk port trunk allow-pass vlan 2 to 4094 stp edged-port enable # interface GigabitEthernet0/0/17 port link-type trunk port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/18 port link-type trunk port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/19 description <--AC1220_line--> port link-type access port default vlan 930 stp edged-port enable # interface GigabitEthernet0/0/20 port link-type trunk port trunk pvid vlan 18 port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/21 eth-trunk 2 # interface GigabitEthernet0/0/22 description <--5F_line--> port link-type trunk port trunk allow-pass vlan 2 to 4094 stp edged-port enable # interface GigabitEthernet0/0/23 eth-trunk 2 # interface GigabitEthernet0/0/24 eth-trunk 2 # interface GigabitEthernet0/0/25 undo negotiation auto port link-type trunk port trunk pvid vlan 64 port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/26 port link-type trunk port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/27 # interface GigabitEthernet0/0/28 # interface XGigabitEthernet0/0/1 # interface XGigabitEthernet0/0/2 # interface XGigabitEthernet0/0/3 # interface XGigabitEthernet0/0/4 undo portswitch ip address 172.18.126.1 255.255.255.0 # interface NULL0 # interface Tunnel0 # cpu-defend policy policy1 auto-defend threshold 50 auto-defend trace-type source-mac source-ip source-portvlan auto-defend protocol 8021x arp icmp dhcp igmp ttl-expired tcp telnet udp # ip route-static 0.0.0.0 0.0.0.0 172.18.124.2 preference 5 ip route-static 10.10.0.0 255.255.0.0 172.18.125.1 ip route-static 10.100.160.0 255.255.255.0 172.18.125.1 ip route-static 18.18.18.253 255.255.255.255 172.18.16.1 ip route-static 18.18.18.254 255.255.255.255 172.18.16.1 ip route-static 20.20.20.0 255.255.255.0 172.18.16.1 ip route-static 22.22.22.0 255.255.255.252 172.18.16.1 ip route-static 172.18.7.0 255.255.255.0 172.18.60.3 ip route-static 172.18.8.0 255.255.255.0 172.18.60.3 ip route-static 172.18.9.0 255.255.255.0 172.18.60.3 ip route-static 172.18.28.0 255.255.255.0 172.18.26.2 ip route-static 172.18.30.0 255.255.255.0 172.18.16.1 ip route-static 172.18.32.0 255.255.240.0 172.18.125.1 ip route-static 172.18.128.0 255.255.255.0 172.18.126.2 ip route-static 172.18.129.0 255.255.255.0 172.18.126.2 ip route-static 172.18.130.0 255.255.255.0 172.18.126.2 ip route-static 192.168.100.0 255.255.255.0 172.18.60.3 # snmp-agent snmp-agent local-engineid 800007DB03C4FF1FADDDE0 snmp-agent community read cipher %^%#pE,qJEf:X$:cp8!nbY%Y4V*gU+hbGF|DJe67KY(20xp1@sB1B:sW3NN%30;'VV{PQht9r6K$b.+9~ywU%^%# snmp-agent community read cipher %^%#'6R[@%W7+QliQk9`$Y-I)Ij'U4m)$NvVA0Y7^cS+,/^"D