[Donzhi_core] dis cu !Software Version V200R010C00SPC600 # sysname Donzhi_core # FTP server enable # info-center source SECE channel 4 log state off undo info-center enable # vlan batch 2 to 3 5 to 9 11 15 18 20 30 50 60 to 65 115 to 116 vlan batch 151 155 177 200 500 to 506 600 to 602 604 611 640 to 641 650 vlan batch 664 672 # stp instance 0 root primary stp bpdu-protection stp disable # authentication-profile name default_authen_profile authentication-profile name dot1x_authen_profile authentication-profile name mac_authen_profile authentication-profile name portal_authen_profile authentication-profile name dot1xmac_authen_profile authentication-profile name multi_authen_profile # telnet server enable # lldp enable # clock timezone UTC add 08:00:00 # arp-miss speed-limit source-ip 192.168.18.0 mask 24 maximum 100 arp-miss speed-limit source-ip 192.168.0.100 mask 30 maximum 100 # observe-port 1 interface GigabitEthernet0/0/17 # dhcp enable # dhcp server ping packet 3 dhcp server ping timeout 100 # arp speed-limit source-ip maximum 50 arp-miss speed-limit source-ip maximum 5 # diffserv domain default # radius-server template default # acl number 3001 rule 3 permit ip source 192.168.10.0 0.0.0.255 destination 192.168.106.217 0 rule 4 permit ip source 192.168.10.111 0 destination 192.168.106.0 0.0.0.255 rule 5 permit icmp source 192.168.60.1 0 destination 192.168.60.2 0 rule 7 permit ip source 192.168.80.0 0.0.0.255 destination 192.168.10.111 0 rule 8 permit ip source 192.168.80.0 0.0.0.255 destination 192.168.10.18 0 rule 9 permit ip source 192.168.80.0 0.0.0.255 destination 192.168.0.103 0 rule 10 permit icmp source 192.168.60.2 0 destination 192.168.60.1 0 rule 11 permit ip source 192.168.80.0 0.0.0.255 destination 192.168.0.1 0 rule 12 permit ip source 192.168.80.0 0.0.0.255 destination 192.168.0.23 0 rule 13 permit ip source 192.168.80.0 0.0.0.255 destination 192.168.0.24 0 rule 14 permit ip source 192.168.80.0 0.0.0.255 destination 192.168.0.100 0 rule 15 permit ip source 192.168.80.0 0.0.0.255 destination 192.168.0.101 0 rule 16 permit ip source 192.168.80.0 0.0.0.255 destination 192.168.0.247 0 rule 17 permit ip source 192.168.80.0 0.0.0.255 destination 192.168.0.250 0 rule 18 permit ip source 192.168.80.0 0.0.0.255 destination 192.168.0.251 0 rule 19 permit ip source 192.168.80.0 0.0.0.255 destination 192.168.10.19 0 rule 20 permit ip source 192.168.0.102 0 destination 192.168.10.0 0.0.0.255 rule 21 permit ip source 192.168.80.96 0 destination 192.168.0.0 0.0.255.255 rule 22 permit ip source 192.168.0.3 0 destination 192.168.10.19 0 rule 23 permit ip source 192.168.0.45 0 destination 192.168.0.1 0 rule 24 permit ip source 192.168.0.102 0 destination 192.168.0.101 0 rule 25 permit ip source 192.168.80.109 0 destination 192.168.10.0 0.0.0.255 rule 26 permit ip source 192.168.80.159 0 destination 192.168.10.0 0.0.0.255 rule 27 permit ip source 192.168.80.0 0.0.0.255 destination 192.168.0.53 0 rule 28 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.0.53 0 rule 29 permit ip source 192.168.80.0 0.0.0.255 destination 192.168.198.199 0 rule 30 permit ip source 192.168.0.69 0 rule 31 permit ip source 192.168.80.0 0.0.0.255 destination 192.168.106.217 0 rule 100 deny ip source 192.168.80.0 0.0.0.255 destination 192.168.0.0 0.0.255.255 rule 101 deny ip source 192.168.0.0 0.0.0.255 destination 192.168.0.0 0.0.255.255 acl number 3002 rule 5 deny tcp destination-port range 9011 9015 rule 10 deny udp destination-port range 9011 9015 rule 15 deny tcp destination 192.168.10.19 0 destination-port eq 3389 acl number 3003 description qos nanshan office rule 10 permit ip destination 192.168.80.0 0.0.0.255 rule 20 permit ip destination 192.168.0.0 0.0.0.255 acl number 3004 rule 1 permit ip source 192.168.10.0 0.0.0.255 destination 192.168.0.0 0.0.0.255 rule 2 permit ip source 192.168.10.0 0.0.0.255 destination 192.168.177.0 0.0.0.255 rule 3 permit ip source 192.168.10.0 0.0.0.255 destination 192.168.100.0 0.0.0.255 rule 4 permit ip source 192.168.10.0 0.0.0.255 destination 192.168.106.217 0 acl number 3005 rule 95 permit ip source 192.168.0.250 0 destination 192.168.10.174 0 rule 96 permit ip source 192.168.0.250 0 destination 192.168.10.28 0 rule 97 permit tcp source 192.168.0.250 0 source-port eq 3389 rule 98 permit ip source 192.168.0.250 0 destination 192.168.106.243 0 rule 99 permit ip source 192.168.0.250 0 destination 192.168.10.155 0 rule 100 deny ip source 192.168.0.250 0 destination 192.168.0.0 0.0.0.255 rule 110 deny ip source 192.168.0.250 0 acl number 3006 rule 10 deny ip source 192.168.0.250 0 destination 192.168.0.0 0.0.0.255 acl number 3007 description Deny WIFI_TO_LAN rule 1 permit ip source 172.18.64.0 0.0.7.255 destination 192.168.0.249 0 rule 2 deny ip source 172.18.64.0 0.0.7.255 destination 172.16.0.0 0.15.255.255 rule 3 deny ip source 172.18.64.0 0.0.7.255 destination 10.0.0.0 0.255.255.255 rule 4 deny ip source 172.18.64.0 0.0.7.255 destination 192.168.0.0 0.0.255.255 acl number 3008 description test rule 5 permit ip destination 172.16.0.0 0.15.255.255 rule 6 permit ip destination 10.0.0.0 0.255.255.255 rule 7 permit ip destination 192.168.0.0 0.0.255.255 rule 8 deny ip acl number 3009 description neiwang_bu_chongdingxiang rule 20 permit ip destination 10.0.0.0 0.255.255.255 rule 21 permit ip destination 172.16.0.0 0.15.255.255 rule 22 permit ip destination 192.168.0.0 0.0.255.255 acl number 3010 rule 20 permit ip source 172.18.1.0 0.0.0.255 rule 25 permit ip source 172.18.2.0 0.0.0.255 # traffic classifier 1 operator and traffic classifier 100 operator and traffic classifier 3f3001 operator and if-match acl 3001 traffic classifier acl_3007 operator and if-match acl 3007 traffic classifier acl_3008 operator and if-match acl 3007 traffic classifier acl_3010 operator and if-match acl 3010 traffic classifier acl_3011 operator and if-match acl 3011 traffic classifier chongdingxiang_feita operator and if-match acl 3010 traffic classifier neiwang_bu_chongdingxiang operator and if-match acl 3009 traffic classifier nwt3002 operator and if-match acl 3002 traffic classifier officevlan operator and if-match acl 3004 traffic classifier ping operator and if-match acl 3001 traffic classifier qosnan operator and if-match acl 3003 traffic classifier qosvlan1 operator and if-match acl 3005 # traffic behavior 3f3001 permit traffic behavior acl_3007 deny traffic behavior acl_3008 permit traffic behavior chongdingxiang_feita redirect ip-nexthop 172.18.124.2 traffic behavior neiwang permit traffic behavior neiwang_bu_chongdingxiang traffic behavior nwt3002 permit traffic behavior ping statistic enable traffic behavior qosnanshan car cir 3072 pir 8192 cbs 384000 pbs 1024000 green pass yellow pass red discard statistic enable traffic behavior qosvlan1 permit # traffic policy 3f3001 match-order config classifier 3f3001 behavior 3f3001 traffic policy acl_3007 match-order config classifier acl_3007 behavior acl_3007 traffic policy acl_3008 match-order config classifier acl_3008 behavior acl_3008 traffic policy c_l_l_y match-order config classifier neiwang_bu_chongdingxiang behavior neiwang_bu_chongdingxiang classifier chongdingxiang_feita behavior chongdingxiang_feita traffic policy nwt3002 match-order config classifier nwt3002 behavior nwt3002 traffic policy ping match-order config classifier ping behavior ping traffic policy qosnan match-order config classifier qosnan behavior qosnanshan traffic policy qosvlan1 match-order config classifier qosvlan1 behavior qosvlan1 # free-rule-template name default_free_rule # portal-access-profile name portal_access_profile # drop-profile default # vlan 3 traffic-policy nwt3002 inbound vlan 60 description <--yidong_zhuanxian--> vlan 61 description <--VPN_LINE--> vlan 115 description to 5F-huiju vlan 151 description <--3F_BOB--> # ip pool vlan2 gateway-list 192.168.20.254 network 192.168.20.0 mask 255.255.255.0 excluded-ip-address 192.168.20.1 192.168.20.20 lease day 366 hour 0 minute 0 dns-list 192.168.0.101 202.96.134.133 # ip pool vlan30 gateway-list 192.168.30.254 network 192.168.30.0 mask 255.255.255.0 excluded-ip-address 192.168.30.1 192.168.30.20 dns-list 192.168.0.101 202.96.134.133 # ip pool vlan62 gateway-list 192.168.62.254 network 192.168.62.0 mask 255.255.255.0 excluded-ip-address 192.168.62.1 192.168.62.20 lease day 7 hour 0 minute 0 dns-list 192.168.0.101 # ip pool vlan63 gateway-list 192.168.63.254 network 192.168.63.0 mask 255.255.255.0 excluded-ip-address 192.168.63.1 192.168.63.20 lease day 999 hour 0 minute 0 dns-list 202.96.134.133 # ip pool vlan6 gateway-list 192.168.7.254 network 192.168.6.0 mask 255.255.254.0 excluded-ip-address 192.168.6.1 192.168.6.20 excluded-ip-address 192.168.7.1 192.168.7.20 lease day 7 hour 0 minute 0 dns-list 192.168.0.101 # ip pool 3f gateway-list 172.16.53.254 network 172.16.53.0 mask 255.255.255.0 excluded-ip-address 172.16.53.1 172.16.53.20 lease day 7 hour 0 minute 0 dns-list 192.168.0.101 202.96.134.133 # aaa authentication-scheme default authentication-scheme radius authentication-mode radius authorization-scheme default accounting-scheme default local-aaa-user password policy administrator password expire 0 domain default authentication-scheme radius radius-server default domain default_admin authentication-scheme default local-user admin password irreversible-cipher $1a$c>-zQ]gYGY$@L"@XM5."LB8!Y0Hx5/1_:3>Tn_BO$8t|3F9~k"$$ local-user admin privilege level 15 local-user admin ftp-directory flash local-user admin service-type telnet terminal ftp http # ntp-service server disable ntp-service ipv6 server disable ntp-service unicast-server 192.168.0.69 # interface Vlanif1 ip address 192.168.0.167 255.255.255.0 # interface Vlanif2 ip address 192.168.20.254 255.255.255.0 dhcp select global # interface Vlanif3 ip address 192.168.10.254 255.255.255.0 dhcp select global # interface Vlanif5 ip address 192.168.5.254 255.255.254.0 # interface Vlanif6 ip address 192.168.7.254 255.255.254.0 dhcp select global # interface Vlanif8 ip address 192.168.8.230 255.255.255.0 # interface Vlanif9 ip address 192.168.9.1 255.255.255.0 # interface Vlanif11 ip address 192.168.11.254 255.255.255.0 # interface Vlanif15 ip address 192.168.15.254 255.255.255.0 dhcp select interface dhcp server dns-list 192.168.0.101 202.96.134.133 # interface Vlanif18 ip address 192.168.18.254 255.255.255.0 # interface Vlanif30 ip address 192.168.30.254 255.255.255.0 dhcp select global # interface Vlanif60 ip address 192.168.60.1 255.255.255.0 # interface Vlanif61 ip address 172.16.16.2 255.255.255.0 # interface Vlanif62 ip address 192.168.62.254 255.255.255.0 dhcp select global # interface Vlanif63 ip address 192.168.63.254 255.255.255.0 dhcp select global # interface Vlanif64 ip address 192.168.64.1 255.255.255.0 # interface Vlanif65 dhcp select relay # interface Vlanif115 ip address 10.11.11.1 255.255.255.252 # interface Vlanif116 ip address 10.11.11.5 255.255.255.252 # interface Vlanif151 ip address 172.16.53.254 255.255.255.0 dhcp select global # interface Vlanif155 ip address 192.168.155.254 255.255.255.224 # interface Vlanif177 ip address 192.168.177.253 255.255.255.0 # interface Vlanif200 ip address 172.18.16.2 255.255.255.0 # interface Vlanif600 ip address 172.18.60.1 255.255.255.0 # interface Vlanif601 # interface Vlanif602 # interface Vlanif611 description 1F_cangku ip address 172.18.1.1 255.255.255.0 traffic-policy c_l_l_y inbound dhcp select interface dhcp server dns-list 192.168.0.101 114.114.114.114 # interface Vlanif612 description 2F_cangku ip address 172.18.2.1 255.255.255.0 traffic-policy c_l_l_y inbound dhcp select interface dhcp server dns-list 192.168.0.101 114.114.114.114 # interface Vlanif614 description 4F_chejian ip address 172.18.4.1 255.255.255.0 traffic-policy c_l_l_y inbound dhcp select interface dhcp server dns-list 192.168.0.101 114.114.114.114 # interface Vlanif615 description 5F_chejian ip address 172.18.15.1 255.255.255.0 traffic-policy c_l_l_y inbound dhcp select interface dhcp server dns-list 192.168.0.101 114.114.114.114 # interface Vlanif616 description 6F_chejian traffic-policy c_l_l_y inbound # interface Vlanif631 description 3F_chejian_BOB ip address 172.18.31.1 255.255.255.0 traffic-policy c_l_l_y inbound dhcp select interface dhcp server dns-list 192.168.0.101 114.114.114.114 # interface Vlanif640 # interface Vlanif664 ip address 172.18.64.1 255.255.248.0 traffic-policy acl_3007 inbound dhcp select interface dhcp server dns-list 192.168.0.101 202.96.134.133 # interface Vlanif672 ip address 172.18.72.1 255.255.248.0 dhcp select interface dhcp server dns-list 192.168.0.101 202.96.134.133 # interface MEth0/0/1 # interface Eth-Trunk1 undo portswitch ip address 172.18.124.1 255.255.255.0 mode lacp # interface Eth-Trunk2 port link-type trunk port trunk allow-pass vlan 2 to 4094 mode lacp # interface GigabitEthernet0/0/1 eth-trunk 1 # interface GigabitEthernet0/0/2 eth-trunk 1 # interface GigabitEthernet0/0/3 port link-type trunk port trunk allow-pass vlan 2 to 4094 stp edged-port enable # interface GigabitEthernet0/0/4 undo portswitch ip address 172.18.125.254 255.255.255.0 # interface GigabitEthernet0/0/5 port link-type access port default vlan 601 # interface GigabitEthernet0/0/6 undo negotiation auto port link-type access port default vlan 200 stp edged-port disable # interface GigabitEthernet0/0/7 description <--boss_line--> port link-type access port default vlan 3 stp edged-port enable # interface GigabitEthernet0/0/8 description <--3F_BOB--> port link-type trunk port trunk allow-pass vlan 2 to 4094 stp edged-port enable # interface GigabitEthernet0/0/9 port link-type access port default vlan 602 # interface GigabitEthernet0/0/10 undo portswitch ip address 172.18.122.1 255.255.255.0 # interface GigabitEthernet0/0/11 port link-type access port default vlan 177 stp edged-port enable # interface GigabitEthernet0/0/12 port link-type access port default vlan 177 # interface GigabitEthernet0/0/13 port link-type trunk port trunk pvid vlan 600 port trunk allow-pass vlan 600 664 672 # interface GigabitEthernet0/0/14 port link-type access port default vlan 177 stp edged-port enable # interface GigabitEthernet0/0/15 port link-type access port default vlan 9 stp edged-port enable # interface GigabitEthernet0/0/16 port link-type access port default vlan 8 stp edged-port enable # interface GigabitEthernet0/0/17 port link-type access port default vlan 18 # interface GigabitEthernet0/0/18 port link-type trunk port trunk allow-pass vlan 2 to 4094 traffic-filter inbound acl 3009 # interface GigabitEthernet0/0/19 description <--AC1220_line--> port link-type access stp edged-port enable # interface GigabitEthernet0/0/20 port link-type trunk port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/21 eth-trunk 2 # interface GigabitEthernet0/0/22 description <--5F_line--> port link-type trunk port trunk allow-pass vlan 2 to 4094 stp edged-port enable # interface GigabitEthernet0/0/23 port link-type trunk port trunk allow-pass vlan 2 to 4094 stp edged-port disable # interface GigabitEthernet0/0/24 eth-trunk 2 # interface GigabitEthernet0/0/25 undo negotiation auto port link-type trunk port trunk pvid vlan 64 port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/26 port link-type trunk port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/27 # interface GigabitEthernet0/0/28 # interface XGigabitEthernet0/0/1 # interface XGigabitEthernet0/0/2 # interface XGigabitEthernet0/0/3 # interface XGigabitEthernet0/0/4 undo portswitch ip address 172.18.126.1 255.255.255.0 # interface NULL0 # interface Tunnel0 # cpu-defend policy policy1 auto-defend threshold 50 auto-defend trace-type source-mac source-ip source-portvlan auto-defend protocol 8021x arp icmp dhcp igmp ttl-expired tcp telnet udp # ip route-static 0.0.0.0 0.0.0.0 192.168.0.249 ip route-static 10.8.1.0 255.255.255.0 172.18.16.1 ip route-static 10.10.0.0 255.255.0.0 172.18.125.1 ip route-static 10.10.10.0 255.255.255.0 172.16.16.1 ip route-static 10.11.13.0 255.255.255.0 192.168.60.3 ip route-static 10.100.0.0 255.255.0.0 172.18.16.1 ip route-static 10.100.4.0 255.255.255.0 172.18.16.1 ip route-static 10.100.160.0 255.255.255.0 172.18.125.1 ip route-static 10.232.37.68 255.255.255.252 192.168.0.169 ip route-static 10.232.37.68 255.255.255.252 192.168.64.2 preference 50 ip route-static 18.18.18.253 255.255.255.255 172.18.16.1 ip route-static 18.18.18.254 255.255.255.255 172.18.16.1 ip route-static 20.20.20.0 255.255.255.0 172.18.16.1 ip route-static 22.22.22.0 255.255.255.252 172.18.16.1 ip route-static 100.10.0.0 255.255.0.0 172.18.16.1 ip route-static 100.10.10.0 255.255.255.0 172.18.16.1 ip route-static 172.16.10.0 255.255.255.0 172.18.16.1 ip route-static 172.16.30.0 255.255.255.0 172.18.16.1 ip route-static 172.16.35.0 255.255.255.0 172.18.16.1 ip route-static 172.16.38.0 255.255.255.0 172.18.16.1 ip route-static 172.16.40.0 255.255.255.0 172.18.16.1 ip route-static 172.16.50.0 255.255.254.0 10.11.11.2 ip route-static 172.16.60.0 255.255.254.0 10.11.11.6 ip route-static 172.18.3.0 255.255.255.0 172.18.124.2 ip route-static 172.18.30.0 255.255.255.0 172.18.16.1 preference 30 ip route-static 172.18.32.0 255.255.240.0 172.18.125.1 ip route-static 172.18.62.0 255.255.254.0 172.18.124.2 ip route-static 172.18.128.0 255.255.255.0 172.18.126.2 ip route-static 172.18.129.0 255.255.255.0 172.18.126.2 ip route-static 172.18.130.0 255.255.255.0 172.18.126.2 ip route-static 172.19.16.0 255.255.255.0 172.18.16.1 ip route-static 172.30.44.0 255.255.255.0 192.168.64.2 preference 50 ip route-static 172.30.48.0 255.255.255.0 192.168.64.2 preference 50 ip route-static 192.168.1.0 255.255.255.0 192.168.0.109 ip route-static 192.168.1.10 255.255.255.255 172.18.16.1 ip route-static 192.168.1.248 255.255.255.255 172.18.16.1 preference 30 ip route-static 192.168.70.0 255.255.254.0 192.168.60.3 ip route-static 192.168.72.0 255.255.255.0 192.168.60.3 ip route-static 192.168.73.0 255.255.255.0 192.168.60.3 ip route-static 192.168.74.0 255.255.255.0 192.168.60.3 ip route-static 192.168.75.0 255.255.255.0 192.168.60.3 ip route-static 192.168.80.0 255.255.255.0 192.168.0.248 ip route-static 192.168.85.0 255.255.255.0 192.168.0.248 ip route-static 192.168.100.0 255.255.255.0 192.168.60.3 ip route-static 192.168.101.0 255.255.255.0 192.168.64.2 ip route-static 192.168.102.0 255.255.255.0 192.168.64.2 ip route-static 192.168.103.0 255.255.255.0 192.168.64.2 ip route-static 192.168.104.0 255.255.255.0 192.168.64.2 ip route-static 192.168.105.0 255.255.255.0 192.168.64.2 ip route-static 192.168.106.0 255.255.255.0 192.168.100.253 ip route-static 192.168.107.0 255.255.255.0 192.168.64.2 ip route-static 192.168.109.0 255.255.255.0 192.168.64.2 ip route-static 192.168.115.0 255.255.255.0 192.168.60.2 ip route-static 192.168.137.0 255.255.255.0 192.168.64.2 ip route-static 192.168.198.0 255.255.255.0 192.168.60.3 ip route-static 192.168.200.0 255.255.255.0 192.168.60.3 ip route-static 192.168.200.0 255.255.255.0 172.18.1.2 # snmp-agent snmp-agent local-engineid 800007DB03C4FF1FADDDE0 snmp-agent community read cipher %^%#pE,qJEf:X$:cp8!nbY%Y4V*gU+hbGF|DJe67KY(20xp1@sB1B:sW3NN%30;'VV{PQht9r6K$b.+9~ywU%^%# snmp-agent community read cipher %^%#'6R[@%W7+QliQk9`$Y-I)Ij'U4m)$NvVA0Y7^cS+,/^"D