拓扑网络连通1-ensp
拓扑图
实验代码
FW2<USG6000V1>dis cu
!Software Version V500R001C10
#
sysname USG6000V1
#
l2tp enable
undo l2tp sendaccm enable
l2tp domain suffix-separator @
#
undo info-center enable
#
undo telnet server enable
undo telnet ipv6 server enable
#
firewall packet-filter basic-protocol enable
#
firewall detect ftp
#
log type traffic enable
log type syslog enable
log type policy enable
#
undo dataflow enable
#
isp name "china mobile"
isp name "china mobile" set filename china-mobile.csv
isp name "china unicom"
isp name "china unicom" set filename china-unicom.csv
isp name "china telecom"
isp name "china telecom" set filename china-telecom.csv
isp name "china educationnet"
isp name "china educationnet" set filename china-educationnet.csv
#
snmp-agent session history-max-number enable
snmp-agent session trap threshold 4000
snmp-agent session-rate trap threshold 24000
#
web-manager security version tlsv1 tlsv1.1
web-manager security enable
#
firewall dataplane to manageplane application-apperceive default-action drop
#
update schedule ips-sdb daily 07:52
update schedule av-sdb daily 07:52
update schedule sa-sdb daily 07:52
update schedule cnc daily 07:52
#
ip vpn-instance default
ipv4-family
#
time-range worktime
period-range 08:00:00 to 18:00:00 working-day
#
ip pool 1
section 0 192.168.3.1 192.168.3.10
#
aaa
authentication-scheme default
authentication-scheme admin_local
authentication-scheme admin_radius_local
authentication-scheme admin_hwtacacs_local
authentication-scheme admin_ad_local
authentication-scheme admin_ldap_local
authentication-scheme admin_radius
authentication-scheme admin_hwtacacs
authentication-scheme admin_ad
authentication-scheme admin_ldap
authorization-scheme default
accounting-scheme default
domain default
service-type l2tp ike
reference user current-domain
manager-user password-modify enable
manager-user audit-admin
password cipher @%@%_2s{3z.rQ/i;6eTu:\/4KVfWJTxj'{j1rB5F;vM;f)<$VfZK@%@%
service-type web terminal
level 15
manager-user api-admin
password cipher @%@%X[fs$(._k8,`cM5+Qn[ALB=w`yCt~d0aF#hA$<Ge.X+"B=zL@%@%
service-type api
level 15
manager-user admin
password cipher @%@%L06(/w:^2A5)LVB)9x'HIjUQG("686}9S~[uo8Nk.P6IjUTI@%@%
service-type web terminal
level 15
role system-admin
dashboard read-write
monitor read-write
policy read-write
object read-write
network read-write
system read-write
role device-admin
dashboard read-only
monitor read-only log log-traffic log-threat log-policy-matching report traffi
c-map threat-map session statistic statistic-acl
monitor none diagnose
policy read-write
object read-write
network read-write
system read-write high-reliability
system none configuration vsys license update-center mail-send feedback
role device-admin(monitor)
dashboard read-only
monitor read-only log log-traffic log-threat log-policy-matching report traffi
c-map threat-map session statistic statistic-acl
monitor none diagnose
policy read-only
object read-only
network read-only
system read-only high-reliability
system none configuration vsys license update-center mail-send feedback
role audit-admin
dashboard read-only
monitor read-write log-audit
monitor read-only log log-traffic log-threat log-syslog log-policy-matching re
port traffic-map threat-map
monitor none session statistic statistic-acl diagnose
policy none
object none
network none
system none
bind manager-user audit-admin role audit-admin
#
interface GigabitEthernet0/0/0
undo shutdown
ip binding vpn-instance default
ip address 192.168.0.1 255.255.255.0
service-manage http permit
service-manage https permit
service-manage ping permit
service-manage ssh permit
service-manage snmp permit
service-manage telnet permit
service-manage netconf permit
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 61.67.1.2 255.255.255.0
service-manage ping permit
#
interface GigabitEthernet1/0/1
undo shutdown
ip address 192.168.1.1 255.255.255.0
service-manage ping permit
#
interface GigabitEthernet1/0/2
undo shutdown
#
interface GigabitEthernet1/0/3
undo shutdown
#
interface GigabitEthernet1/0/4
undo shutdown
#
interface GigabitEthernet1/0/5
undo shutdown
#
interface GigabitEthernet1/0/6
undo shutdown
#
interface Virtual-if0
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet1/0/1
#
firewall zone untrust
set priority 5
add interface GigabitEthernet1/0/0
#
firewall zone dmz
set priority 50
#
l2tp-group 1
tunnel name LNS
#
l2tp-group default-lns
#
ip route-static 0.0.0.0 0.0.0.0 61.67.1.1
#
undo ssh server compatible-ssh1x enable
#
user-interface con 0
authentication-mode password
set authentication password cipher $1a$6a,J-D6DR5$4MLT/){&w7P\1Q2eP^)'M{cY9ZB,*
4XdkW9j;m`7$
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh
user-interface vty 16 20
#
sa
#
location
#
multi-interface
mode proportion-of-weight
#
security-policy
rule name T_UN
source-zone trust
destination-zone untrust
action permit
rule name UN_LOCAL
source-zone untrust
destination-zone local
action permit
#
traffic-policy
#
policy-based-route
#
nat-policy
rule name N_W
source-zone trust
destination-zone untrust
action nat easy-ip
#
pcp-policy
#
dns-transparent-policy
#
return
FW3[USG6000V1]dis cu
!Software Version V500R001C10
#
sysname USG6000V1
#
undo l2tp sendaccm enable
l2tp domain suffix-separator @
#
undo info-center enable
#
undo telnet server enable
undo telnet ipv6 server enable
#
firewall packet-filter basic-protocol enable
#
firewall detect ftp
#
log type traffic enable
log type syslog enable
log type policy enable
#
undo dataflow enable
#
isp name "china mobile"
isp name "china mobile" set filename china-mobile.csv
isp name "china unicom"
isp name "china unicom" set filename china-unicom.csv
isp name "china telecom"
isp name "china telecom" set filename china-telecom.csv
isp name "china educationnet"
isp name "china educationnet" set filename china-educationnet.csv
#
snmp-agent session history-max-number enable
snmp-agent session trap threshold 4000
snmp-agent session-rate trap threshold 24000
#
web-manager security version tlsv1 tlsv1.1
web-manager security enable
#
firewall dataplane to manageplane application-apperceive default-action drop
#
update schedule ips-sdb daily 02:11
update schedule av-sdb daily 02:11
update schedule sa-sdb daily 02:11
update schedule cnc daily 02:11
#
ip vpn-instance default
ipv4-family
#
time-range worktime
period-range 08:00:00 to 18:00:00 working-day
#
aaa
authentication-scheme default
authentication-scheme admin_local
authentication-scheme admin_radius_local
authentication-scheme admin_hwtacacs_local
authentication-scheme admin_ad_local
authentication-scheme admin_ldap_local
authentication-scheme admin_radius
authentication-scheme admin_hwtacacs
authentication-scheme admin_ad
authentication-scheme admin_ldap
authorization-scheme default
accounting-scheme default
domain default
service-type l2tp ike
reference user current-domain
manager-user password-modify enable
manager-user audit-admin
password cipher @%@%U*eEK<|Xk6]Q[25%tt[><.u*HyBw~g7/7(fP.5B|4<JL.u-<@%@%
service-type web terminal
level 15
manager-user api-admin
password cipher @%@%rs#k=5lq5-@{PK,@SVFW=ezJ=l)B~TrT,,b&gJ*'oi:LezM=@%@%
service-type api
level 15
manager-user admin
password cipher @%@%JNJB*6zo2+Jv;3Q8d%fB!P#htp<BD`K882_`saA*B-ZLP#k!@%@%
service-type web terminal
level 15
role system-admin
dashboard read-write
monitor read-write
policy read-write
object read-write
network read-write
system read-write
role device-admin
dashboard read-only
monitor read-only log log-traffic log-threat log-policy-matching report traffi
c-map threat-map session statistic statistic-acl
monitor none diagnose
policy read-write
object read-write
network read-write
system read-write high-reliability
system none configuration vsys license update-center mail-send feedback
role device-admin(monitor)
dashboard read-only
monitor read-only log log-traffic log-threat log-policy-matching report traffi
c-map threat-map session statistic statistic-acl
monitor none diagnose
policy read-only
object read-only
network read-only
system read-only high-reliability
system none configuration vsys license update-center mail-send feedback
role audit-admin
dashboard read-only
monitor read-write log-audit
monitor read-only log log-traffic log-threat log-syslog log-policy-matching re
port traffic-map threat-map
monitor none session statistic statistic-acl diagnose
policy none
object none
network none
system none
bind manager-user audit-admin role audit-admin
#
interface GigabitEthernet0/0/0
undo shutdown
ip binding vpn-instance default
ip address 192.168.0.1 255.255.255.0
service-manage http permit
service-manage https permit
service-manage ping permit
service-manage ssh permit
service-manage snmp permit
service-manage telnet permit
service-manage netconf permit
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 192.168.2.1 255.255.255.0
service-manage ping permit
#
interface GigabitEthernet1/0/1
undo shutdown
ip address 61.67.2.3 255.255.255.0
service-manage ping permit
#
interface GigabitEthernet1/0/2
undo shutdown
#
interface GigabitEthernet1/0/3
undo shutdown
#
interface GigabitEthernet1/0/4
undo shutdown
#
interface GigabitEthernet1/0/5
undo shutdown
#
interface GigabitEthernet1/0/6
undo shutdown
#
interface Virtual-if0
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet1/0/0
#
firewall zone untrust
set priority 5
add interface GigabitEthernet1/0/1
#
firewall zone dmz
set priority 50
#
l2tp-group default-lns
#
ip route-static 0.0.0.0 0.0.0.0 61.67.2.1
#
undo ssh server compatible-ssh1x enable
#
user-interface con 0
authentication-mode password
set authentication password cipher $1a$,6;N&se_S8$4Z)_<I~}r*08_jXTcIn*0*db=Gv3z
QztnQ/b7DvC$
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh
user-interface vty 16 20
#
sa
#
location
#
multi-interface
mode proportion-of-weight
#
security-policy
default action permit
#
traffic-policy
#
policy-based-route
#
nat-policy
rule name N_W
source-zone trust
destination-zone untrust
action nat easy-ip
#
pcp-policy
#
dns-transparent-policy
#
return
<ar1>dis cu
[V200R003C00]
#
sysname ar1
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
undo info-center enable
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 61.67.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 61.67.2.1 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 61.67.1.2
ip route-static 0.0.0.0 0.0.0.0 61.67.2.3
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
拓扑网络连通1-ensp相关推荐
- 计算机网络课程实验---使用思科PT进行拓扑网络搭建并ping通
计算机网络课程实验-使用思科PT进行拓扑网络搭建并ping通 Ⅰ.实验目标 ①结果体现: 设计如图的网络,并进行IP地址和路由表的配置.最终要求路由器的每个端口对应一个子网:要求的子网地址为:xx.y ...
- python测试网络连通性_python 判断网络连通的实现方法
开发中偶尔需要判断网络的连通性,没有什么方法比 ping 更直接了当,通常检查网络情况都是运行命令ping www.baidu.com ,查看输出信息即可. C:\Users>ping www. ...
- linux检查网络是否通畅_网络基础Ping命令详解(使用Ping这命令来测试网络连通)...
相关知识点 BIOS 在计算机领域,BIOS是 "Basic Input Output System"的缩略语,译为"基本输入输出系统", 与前者读法相同.计算 ...
- Mininet--topo类型-py创建自定义拓扑网络
Mininet网络划分 Minnet可以创建多种拓扑网络,主要分为两类,一类是自动型,是指Mininet自带的拓扑类型, 通过--topo参数来指定,分别是linear.minimal.reverse ...
- Linux 实用指令 -- 网络配置(查看网络IP和网关、 ping 测试主机之间网络连通、Linux网络环境配置(指定固定ip))
文章目录 1. 网络配置 1.1 查看网络IP和网关 1.1.1 查看虚拟网络编辑器 1.1.2 这里可以修改ip地址(修改虚拟网络的ip) 1.1.3 这里可以修改网关(虚拟网络的网关) 1.1.4 ...
- Docker 网络连通
网络连通 # 测试打通tomcat01到tomcat-net-01 [root@master ~]# docker network connect mynet tomcat01 [root@maste ...
- SDN网络控制器Floodlight安装部署和结合Mininet实现多数据中心拓扑网络
系统前提 系统:Ubuntu 16.04 安装环境:安装JDK 1.8,安装编译打包工具ant 安装Floodlight 1.下载Floodlight 方法一: 到http://www.project ...
- 网络学习之eNSP使用
组网:网络组建 学习eNSP主要是为了拥有一定的网络组建能力,看得懂网络拓扑图,自己能够绘制,并且对常见的网络设备有一定的了解,可以进行一些安全配置等. https://baike.baidu.com ...
- 基于Docker的拓扑网络搭建可行性探究
基于Docker的拓扑网络搭建可行性探究 文章目录 基于Docker的拓扑网络搭建可行性探究 引入 Docker环境配置与容器选择 Image 命令 (镜像相关) Container命令(容器相关) ...
最新文章
- JavaScript初学者应注意的七个细节
- 『PPYOLO tiny尝鲜』基于PaddleDetection的人脸疲劳检测
- css hot loader,解决安装react-hot-loader后修改css/less文件不会热更新问题
- mvc html 生成图片,asp.net mvc5 cs代码中获取视图生成后的HTML
- 解决: Client does not support authentication protocol requested by server; consider upgrading MySQL
- 深入解析Node.js setTimeout方法的执行过程
- RHEL/CentOS 6.x使用EPEL6与remi的yum源安装MySQL 5.5.x
- 第 5 章 虚拟机栈
- 出现红字是电脑问题吗_婚姻出现问题,生个孩子就能解决,这是真的吗?
- 上位机与1200组态步骤_新入S7-1200系统值得注意几点(博图平台)
- charles windows版使用教程
- 【linux 学习】linux上安装Tim(linux mint)
- http文件下载c/c++ 多种方法
- python颜色识别_OpenCV(Python)学习之识别图片特定颜色
- 矩阵的特征值与特征向量 求解
- PDF Expert永久版
- thinkpade450装内存条_Thinkpad e450c我想加一个内存条,因为开机就满了百分50左右,该加什么样的内存条?低电...
- ue4游戏传送门实现
- 莫比乌斯反演小结 + 黑暗爆炸 2301
- 使用NFC模拟校园卡门禁功能 【Mac, Windows, Android, 手环】