dis cu !Software Version V200R010C00SPC600 # sysname jifanghexin # undo info-center enable # vlan batch 3 10 20 30 32 to 41 43 to 44 50 80 99 to 100 200 vlan batch 600 # authentication-profile name default_authen_profile authentication-profile name dot1x_authen_profile authentication-profile name mac_authen_profile authentication-profile name portal_authen_profile authentication-profile name dot1xmac_authen_profile authentication-profile name multi_authen_profile # telnet server enable # lldp enable # clock timezone UTC add 00:00:00 # dhcp enable # diffserv domain default # radius-server template default # acl number 3001 rule 1 permit ip source 10.100.0.0 0.0.1.255 destination 192.168.0.0 0.0.255.255 rule 2 permit ip source 10.100.0.0 0.0.1.255 destination 10.100.0.0 0.0.255.255 rule 100 deny ip source 10.100.0.0 0.0.1.255 acl number 3002 rule 1 permit ip source 10.100.2.0 0.0.1.255 destination 192.168.0.0 0.0.255.255 rule 2 permit ip source 10.100.2.0 0.0.1.255 destination 10.100.0.0 0.0.255.255 rule 3 permit ip source 10.100.2.0 0.0.1.255 destination 100.10.10.0 0.0.0.255 rule 4 permit ip source 10.100.3.218 0 rule 100 deny ip source 10.100.2.0 0.0.1.255 acl number 3005 rule 1 permit ip source 10.100.5.0 0.0.0.255 destination 192.168.0.0 0.0.255.255 rule 2 permit ip source 10.100.5.0 0.0.0.255 destination 10.100.4.10 0 rule 3 permit ip source 10.100.5.0 0.0.0.255 destination 10.100.0.0 0.0.255.255 rule 4 permit ip source 10.100.5.0 0.0.0.255 destination 100.10.10.0 0.0.0.255 rule 100 deny ip source 10.100.5.0 0.0.0.255 acl number 3008 description Deny_to_Internet rule 5 permit ip source 10.100.0.0 0.0.255.255 destination 172.16.0.0 0.15.255.255 rule 6 permit ip source 10.100.0.0 0.0.255.255 destination 10.0.0.0 0.255.255.255 rule 7 permit ip source 10.100.0.0 0.0.255.255 destination 192.168.0.0 0.0.255.255 rule 8 permit ip source 10.100.4.0 0.0.0.255 rule 9 permit ip source 10.100.8.0 0.0.0.255 rule 11 deny ip rule 12 permit ip source 100.10.10.0 0.0.0.255 destination 172.16.0.0 0.15.255.255 rule 13 permit ip source 100.10.10.0 0.0.0.255 destination 10.0.0.0 0.255.255.255 rule 14 permit ip source 100.10.10.0 0.0.0.255 destination 192.168.0.0 0.0.255.255 # traffic classifier ac1 operator and if-match acl 3001 traffic classifier ac2 operator and if-match acl 3002 traffic classifier ac5 operator and if-match acl 3005 traffic classifier ac8 operator and if-match acl 3008 traffic classifier acl_3008 operator and if-match acl 3008 # traffic behavior ac2 permit traffic behavior acl_3008 permit # traffic policy ac1 match-order config classifier ac1 behavior ac2 traffic policy ac2 match-order config classifier ac2 behavior ac2 traffic policy ac5 match-order config traffic policy ac8 match-order config classifier ac8 behavior ac2 traffic policy acl_3008 match-order config classifier acl_3008 behavior acl_3008 # free-rule-template name default_free_rule # portal-access-profile name portal_access_profile # drop-profile default # vlan 30 description permit_to_Internet vlan 80 description permit_to_Internet # ip pool vlan10 gateway-list 10.100.0.1 network 10.100.0.0 mask 255.255.254.0 excluded-ip-address 10.100.0.2 10.100.0.30 lease day 999 hour 0 minute 0 dns-list 202.96.134.133 # ip pool vlan20 gateway-list 10.100.2.1 network 10.100.2.0 mask 255.255.254.0 excluded-ip-address 10.100.2.2 10.100.2.30 lease day 999 hour 0 minute 0 dns-list 202.96.134.133 # ip pool vlan30 gateway-list 10.100.4.1 network 10.100.4.0 mask 255.255.255.0 excluded-ip-address 10.100.4.2 10.100.4.21 excluded-ip-address 10.100.4.23 10.100.4.27 excluded-ip-address 10.100.4.29 10.100.4.50 lease day 999 hour 0 minute 0 dns-list 114.114.114.114 # ip pool 50 gateway-list 10.100.5.1 network 10.100.5.0 mask 255.255.255.0 excluded-ip-address 10.100.5.2 10.100.5.100 lease day 999 hour 0 minute 0 dns-list 202.96.128.86 # ip pool vlan80 gateway-list 10.100.8.1 network 10.100.8.0 mask 255.255.255.0 lease day 999 hour 0 minute 0 dns-list 202.96.134.133 # aaa authentication-scheme default authentication-scheme radius authentication-mode radius authorization-scheme default accounting-scheme default local-aaa-user password policy administrator password expire 0 domain default authentication-scheme radius radius-server default domain default_admin authentication-scheme default local-user admin password irreversible-cipher $1a$/}jXRGbA',$C*(-)#-i(9AhHs0I+*]%JAnr6h+]%CI)w^6E3|_O$ local-user admin privilege level 15 local-user admin service-type telnet terminal http # interface Vlanif1 # interface Vlanif3 ip address 192.168.3.100 255.255.255.0 # interface Vlanif10 ip address 10.100.0.1 255.255.254.0 traffic-policy acl_3008 inbound dhcp select global # interface Vlanif20 ip address 10.100.2.1 255.255.254.0 traffic-policy acl_3008 inbound dhcp select global # interface Vlanif30 ip address 10.100.4.1 255.255.255.0 dhcp select global # interface Vlanif40 ip address 172.18.40.1 255.255.255.0 # interface Vlanif41 ip address 172.18.41.1 255.255.255.0 dhcp select interface # interface Vlanif50 ip address 10.100.5.1 255.255.255.0 traffic-policy acl_3008 inbound dhcp select global # interface Vlanif80 ip address 10.100.8.1 255.255.255.0 dhcp select global # interface Vlanif100 ip address 100.10.10.1 255.255.255.0 traffic-policy acl_3008 inbound # interface Vlanif200 ip address 172.19.16.2 255.255.255.0 # interface Vlanif600 ip address 10.100.60.1 255.255.255.0 # interface MEth0/0/1 # interface Eth-Trunk1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 2 to 4094 mode lacp # interface GigabitEthernet0/0/1 port link-type access port default vlan 32 # interface GigabitEthernet0/0/2 port link-type access port default vlan 32 # interface GigabitEthernet0/0/3 port link-type access port default vlan 33 # interface GigabitEthernet0/0/4 port link-type access port default vlan 30 # interface GigabitEthernet0/0/5 port link-type access port default vlan 34 # interface GigabitEthernet0/0/6 description messvr port link-type access port default vlan 30 # interface GigabitEthernet0/0/7 port link-type access port default vlan 35 # interface GigabitEthernet0/0/8 port link-type access port default vlan 30 # interface GigabitEthernet0/0/9 port link-type access port default vlan 36 # interface GigabitEthernet0/0/10 port link-type access port default vlan 32 # interface GigabitEthernet0/0/11 port link-type access port default vlan 37 # interface GigabitEthernet0/0/12 port link-type access port default vlan 44 # interface GigabitEthernet0/0/13 port link-type access port default vlan 38 # interface GigabitEthernet0/0/14 undo portswitch ip address 172.18.43.2 255.255.255.0 # interface GigabitEthernet0/0/15 port link-type access port default vlan 41 # interface GigabitEthernet0/0/16 port link-type access port default vlan 38 # interface GigabitEthernet0/0/17 port link-type access port default vlan 41 # interface GigabitEthernet0/0/18 port link-type trunk port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/19 port link-type trunk port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/20 port link-type trunk port trunk pvid vlan 43 port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/21 port link-type trunk port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/22 description to office port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/23 eth-trunk 1 # interface GigabitEthernet0/0/24 eth-trunk 1 # interface GigabitEthernet0/0/25 # interface GigabitEthernet0/0/26 # interface GigabitEthernet0/0/27 # interface GigabitEthernet0/0/28 # interface GigabitEthernet0/0/29 # interface GigabitEthernet0/0/30 # interface GigabitEthernet0/0/31 # interface GigabitEthernet0/0/32 # interface NULL0 # ip route-static 0.0.0.0 0.0.0.0 172.18.43.1 ip route-static 172.18.16.0 255.255.255.0 172.19.16.1 ip route-static 172.18.32.0 255.255.240.0 172.18.43.1 ip route-static 172.18.39.0 255.255.255.0 172.18.40.17 ip route-static 192.168.0.0 255.255.0.0 172.19.16.1 # user-interface con 0 authentication-mode none user-interface vty 0 4 authentication-mode aaa protocol inbound all user-interface vty 16 20 # dot1x-access-profile name dot1x_access_profile # mac-access-profile name mac_access_profile # return