华为Eudemon1000E配置实例

sysname Eudemon1000E
#
 l2tp enable
 l2tp domain suffix-separator @
#
 firewall packet-filter default permit interzone local trust direction inbound
 firewall packet-filter default permit interzone local trust direction outbound
 firewall packet-filter default permit interzone local untrust direction inbound
 firewall packet-filter default permit interzone local untrust direction outbound
 firewall packet-filter default permit interzone local dmz direction inbound
 firewall packet-filter default permit interzone local dmz direction outbound
 firewall packet-filter default permit interzone trust untrust direction inbound
 firewall packet-filter default permit interzone trust untrust direction outbound
 firewall packet-filter default permit interzone trust dmz direction inbound
 firewall packet-filter default permit interzone trust dmz direction outbound
 firewall packet-filter default permit interzone dmz untrust direction inbound
 firewall packet-filter default permit interzone dmz untrust direction outbound
#
 nat address-group 1 202.100.25.166 202.100.25.166
#
 ip df-unreachables enable
#
 firewall ipv6 session link-state check   
 firewall ipv6 statistic system enable
#
 dns resolve
 dns server 114.114.114.114
#
 vlan batch 1 10
#
 firewall statistic system enable
#
 dns proxy enable
#
 license-server domain lic.huawei.com
#
 web-manager enable
#
 user-manage web-authentication port 8888
#
interface Vlanif10
 description To_YongHu
 ip address 10.8.2.1 255.255.254.0
#
interface Cellular0/1/0
 link-protocol ppp                        
#
interface Virtual-Template1
 ppp authentication-mode chap
 ip address 10.1.1.1 255.255.255.0
 remote address pool 1
#
interface GigabitEthernet0/0/0
 alias GE0/MGMT
 ip address 192.168.0.1 255.255.255.0
 dhcp select interface
 dhcp server gateway-list 192.168.0.1
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
 description to  To_YongHu
 portswitch
 port link-type access
 port access vlan 10
#
interface GigabitEthernet0/0/3
 description to  To_YongHu
 portswitch                               
 port link-type access
 port access vlan 10
#
interface GigabitEthernet0/0/4
 description to  To_YongHu
 portswitch
 port link-type trunk
 port trunk pvid 10
 port trunk permit vlan 1 10
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
 combo enable fiber
 portswitch
 port link-type trunk
 port trunk permit vlan 1 10
#
interface GigabitEthernet0/0/8
 combo enable fiber
 ip address 202.100.25.166 255.255.255.192
 nat enable                               
 detect ftp
#
interface NULL0
#
firewall zone local
 set priority 100
#
firewall zone trust
 set priority 85
 add interface GigabitEthernet0/0/0
 add interface GigabitEthernet0/0/4
 add interface GigabitEthernet0/0/7
 add interface Virtual-Template1
 add interface Vlanif10
#
firewall zone untrust
 set priority 5
 add interface GigabitEthernet0/0/8
#
firewall zone dmz
 set priority 50
#
l2tp-group 1
 allow l2tp virtual-template 1 remote client1
 tunnel password cipher %$%$1BY!/0`C,9O>,,W$Lak)/ZQH%$%$
 tunnel name LNS
#
aaa
 local-user gzgl001 password cipher %$%$*[email protected]~IB^}[email protected]]ALE0NE<%$%$
 local-user hz password cipher %$%$q|IO*7I^M&%+/Z"oo1120C:1%$%$
 local-user aa password cipher %$%$[[email protected];QMj:;~j4kV_9.f301(|%$%$
 local-user admin password cipher %$%$a2ogP<;QB8R/,[email protected]{8$N^}tk%$%$
 local-user admin service-type web terminal telnet
 local-user admin level 15
 local-user vpdnuser password cipher %$%$R{u5NI=v"3vjvr9~:gjG/h_V%$%$
 local-user vpdnuser service-type ppp
 local-user vpdnuser level 15
 local-user huawei password cipher %$%$)}w=-M#{<:!o+|‘Mb}O5_D;2%$%$
 local-user huawei service-type telnet
 local-user huawei level 3
 local-user hzgl001 password cipher %$%$0(2c0~v<M1$6b:G‘/!O4/}tk%$%$
 local-user hzgl001 service-type ppp
 ip pool 1 10.1.1.2 10.1.1.100
 #
 authentication-scheme default
 authentication-scheme defauth
 #                                        
 authorization-scheme default
 #
 accounting-scheme default
 #
 domain default
 #
#
nqa-jitter tag-version 1

#
 ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0/8 202.100.25.165
#
 banner enable
#
user-interface con 0
user-interface tty 2
 authentication-mode password
 modem both
user-interface vty 0 4
 authentication-mode aaa
 protocol inbound all
#
 slb                                      
#
right-manager server-group
#
car-class yonghu_1m type per-ip
 car max 2000 guaranteed 1000
#
traffic-policy interzone trust untrust outbound per-ip
 policy 0
  action car
  policy source 10.8.2.0 mask 255.255.254.0
  policy destination 202.100.25.166 mask 32
  policy car-type source-ip
  policy car-class yonghu_1m
#
policy interzone trust untrust outbound
 policy 0
  action permit
#
nat-policy interzone trust untrust outbound
 policy 1
  action source-nat
  policy source 10.8.2.0 mask 255.255.254.0
  policy destination 202.100.25.166 mask 32
  easy-ip GigabitEthernet0/0/8

policy 0
 policy 0 disable
#
return
[Eudemon1000E]        
#
 l2tp enable
 l2tp domain suffix-separator @
#
 firewall packet-filter default permit interzone local trust direction inbound
 firewall packet-filter default permit interzone local trust direction outbound
 firewall packet-filter default permit interzone local untrust direction inbound
 firewall packet-filter default permit interzone local untrust direction outbound
 firewall packet-filter default permit interzone local dmz direction inbound
 firewall packet-filter default permit interzone local dmz direction outbound
 firewall packet-filter default permit interzone trust untrust direction inbound
 firewall packet-filter default permit interzone trust untrust direction outbound
 firewall packet-filter default permit interzone trust dmz direction inbound
 firewall packet-filter default permit interzone trust dmz direction outbound
 firewall packet-filter default permit interzone dmz untrust direction inbound
 firewall packet-filter default permit interzone dmz untrust direction outbound
#
 nat address-group 1 208.100.25.167 202.100.25.168
#
 ip df-unreachables enable
#
 firewall ipv6 session link-state check   
 firewall ipv6 statistic system enable
#
 dns resolve
 dns server 114.114.114.114
#
 vlan batch 1 10
#
 firewall statistic system enable
#
 dns proxy enable
#
 license-server domain lic.huawei.com
#
 web-manager enable
#
 user-manage web-authentication port 8888
#
interface Vlanif10
 description To_YongHu
 ip address 10.8.2.1 255.255.254.0
#
interface Cellular0/1/0
 link-protocol ppp                        
#
interface Virtual-Template1
 ppp authentication-mode chap
 ip address 10.1.1.1 255.255.255.0
 remote address pool 1
#
interface GigabitEthernet0/0/0
 alias GE0/MGMT
 ip address 192.168.0.1 255.255.255.0
 dhcp select interface
 dhcp server gateway-list 192.168.0.1
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
 description to  To_YongHu
 portswitch
 port link-type access
 port access vlan 10
#
interface GigabitEthernet0/0/3
 description to  To_YongHu
 portswitch                               
 port link-type access
 port access vlan 10
#
interface GigabitEthernet0/0/4
 description to  To_YongHu
 portswitch
 port link-type trunk
 port trunk pvid 10
 port trunk permit vlan 1 10
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
 combo enable fiber
 portswitch
 port link-type trunk
 port trunk permit vlan 1 10
#
interface GigabitEthernet0/0/8
 combo enable fiber
 ip address 208.100.25.167 255.255.255.192
 nat enable                               
 detect ftp
#
interface NULL0
#
firewall zone local
 set priority 100
#
firewall zone trust
 set priority 85
 add interface GigabitEthernet0/0/0
 add interface GigabitEthernet0/0/4
 add interface GigabitEthernet0/0/7
 add interface Virtual-Template1
 add interface Vlanif10
#
firewall zone untrust
 set priority 5
 add interface GigabitEthernet0/0/8
#
firewall zone dmz
 set priority 50
#
l2tp-group 1
 allow l2tp virtual-template 1 remote client1
 tunnel password cipher %$%$1BY!/0`C,9O>,,W$Lak)/ZQH%$%$
 tunnel name LNS
#
aaa
 local-user gzgl001 password cipher %$%$*[email protected]~IB^}[email protected]]ALE0NE<%$%$
 local-user hz password cipher %$%$q|IO*7I^M&%+/Z"oo1120C:1%$%$
 local-user aa password cipher %$%$[[email protected];QMj:;~j4kV_9.f301(|%$%$
 local-user admin password cipher %$%$a2ogP<;QB8R/,[email protected]{8$N^}tk%$%$
 local-user admin service-type web terminal telnet
 local-user admin level 15
 local-user vpdnuser password cipher %$%$R{u5NI=v"3vjvr9~:gjG/h_V%$%$
 local-user vpdnuser service-type ppp
 local-user vpdnuser level 15
 local-user huawei password cipher %$%$)}w=-M#{<:!o+|‘Mb}O5_D;2%$%$
 local-user huawei service-type telnet
 local-user huawei level 3
 local-user hzgl001 password cipher %$%$0(2c0~v<M1$6b:G‘/!O4/}tk%$%$
 local-user hzgl001 service-type ppp
 ip pool 1 10.1.1.2 10.1.1.100
 #
 authentication-scheme default
 authentication-scheme defauth
 #                                        
 authorization-scheme default
 #
 accounting-scheme default
 #
 domain default
 #
#
nqa-jitter tag-version 1

#
 ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0/8 208.100.25.169
#
 banner enable
#
user-interface con 0
user-interface tty 2
 authentication-mode password
 modem both
user-interface vty 0 4
 authentication-mode aaa
 protocol inbound all
#
 slb                                      
#
right-manager server-group
#
car-class yonghu_1m type per-ip
 car max 2000 guaranteed 1000
#
traffic-policy interzone trust untrust outbound per-ip
 policy 0
  action car
  policy source 10.8.2.0 mask 255.255.254.0
  policy destination 202.100.25.166 mask 32
  policy car-type source-ip
  policy car-class yonghu_1m
#
policy interzone trust untrust outbound
 policy 0
  action permit
#
nat-policy interzone trust untrust outbound
 policy 1
  action source-nat
  policy source 10.8.2.0 mask 255.255.254.0
  policy destination 202.100.25.166 mask 32
  easy-ip GigabitEthernet0/0/8

policy 0
 policy 0 disable
#
return