S5100三层交换机配置:
<H3C>dis cu
#
sysname H3C
#
radius scheme system
#
domain system
#
local-user admin
password simple admin
service-type telnet
level 3
#
dhcp server ip-pool vlan91
network 192.168.91.0 mask 255.255.255.0
gateway-list 192.168.91.1
dns-list 119.29.29.29 114.114.114.114
#
dhcp server ip-pool vlan92
network 192.168.92.0 mask 255.255.255.0
gateway-list 192.168.92.1
dns-list 119.29.29.29 114.114.114.114
#
vlan 1
#
vlan 91 to 92
#
vlan 100
#
interface Vlan-interface91
ip address 192.168.91.1 255.255.255.0
#
interface Vlan-interface92
ip address 192.168.92.1 255.255.255.0
#
interface Vlan-interface100
ip address 192.168.90.254 255.255.255.0
#
interface Aux1/0/0
#
interface GigabitEthernet1/0/1
port access vlan 100
#
interface GigabitEthernet1/0/2
port access vlan 91
#
interface GigabitEthernet1/0/3
port access vlan 91
#
interface GigabitEthernet1/0/4
port access vlan 91
#
interface GigabitEthernet1/0/5
port access vlan 91
#
interface GigabitEthernet1/0/6
port access vlan 91
#
interface GigabitEthernet1/0/7
port access vlan 91
#
interface GigabitEthernet1/0/8
port access vlan 92
#
interface GigabitEthernet1/0/9
port access vlan 92
#
interface GigabitEthernet1/0/10
port access vlan 92
#
interface GigabitEthernet1/0/11
port access vlan 92
#
interface GigabitEthernet1/0/12
port access vlan 92
#
interface GigabitEthernet1/0/13
port access vlan 92
#
interface GigabitEthernet1/0/14
port access vlan 92
#
interface GigabitEthernet1/0/15
port access vlan 92
#
interface GigabitEthernet1/0/16
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet1/0/17
shutdown
port access vlan 92
#
interface GigabitEthernet1/0/18
port link-type trunk
port trunk permit vlan all
shutdown
#
interface GigabitEthernet1/0/19
shutdown
port access vlan 92
#
interface GigabitEthernet1/0/20
shutdown
port access vlan 92
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.90.1 preference 60
#
user-interface aux 0
user-interface vty 0 4
user privilege level 3
set authentication password simple h3c001@
#
return
S5042P-EI二层交换机配置:
一些操作备注:
取消默认管理vlan了:输入“undo interface vlan-interface 1”以及“undo management-vlan”
创建了vlan 100,将新建的VLAN设置成管理VLAN,在VLAN模式下,输入“management-vlan 100”
添加 Web 用户,用户级别设为 3(管理级用户)
[H3C] local-user admin(设置用户名为 admin)
[H3C-luser-admin] service-type telnet level 3
(设置级别 3)
[H3C-luser-admin] password simple h3c001@(设置
密码 h3c001)
<H3C>dis cu
#
Product Version S5024P-EIV100R004
#
sysname H3C
#
hardware-failure-detection board warning
#
local-user admin
service-type telnet
service-type web
#
radius scheme system
#
#
vlan 1
#
vlan 91 to 92
#
vlan 100
#
interface vlan-interface100
ip address 192.168.90.253 255.255.255.0
ip gateway 192.168.90.254
#
#
interface GigabitEthernet0/1
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet0/2
port access vlan 91
#
interface GigabitEthernet0/3
port access vlan 91
#
interface GigabitEthernet0/4
port access vlan 91
#
interface GigabitEthernet0/5
port access vlan 91
#
interface GigabitEthernet0/6
port access vlan 91
#
interface GigabitEthernet0/7
port access vlan 91
#
interface GigabitEthernet0/8
port access vlan 91
#
interface GigabitEthernet0/9
port access vlan 91
#
interface GigabitEthernet0/10
port access vlan 91
#
interface GigabitEthernet0/11
port access vlan 91
#
interface GigabitEthernet0/12
port access vlan 92
#
interface GigabitEthernet0/13
port access vlan 92
#
interface GigabitEthernet0/14
port access vlan 92
#
interface GigabitEthernet0/15
port access vlan 92
#
interface GigabitEthernet0/16
port access vlan 92
#
interface GigabitEthernet0/17
port access vlan 92
#
interface GigabitEthernet0/18
port access vlan 92
#
interface GigabitEthernet0/19
port access vlan 92
#
interface GigabitEthernet0/20
port access vlan 92
#
interface GigabitEthernet0/21
port access vlan 92
#
interface GigabitEthernet0/22
port access vlan 92
#
interface GigabitEthernet0/23
port access vlan 92
#
interface GigabitEthernet0/24
port access vlan 100
#
user-interface aux 0
user-interface vty 0
user-interface vty 1
#
主防火墙华为USG2130配置:
<USG2100>dis cu
17:30:47 2020/12/16
#
sysname USG2100
#
l2tp domain suffix-separator @
#
ip df-unreachables enable
#
undo firewall ipv6 session link-state check
firewall ipv6 statistic system enable
#
dns resolve
dns server unnumbered interface Ethernet0/0/0
#
vlan batch 1
#
firewall statistic system enable
#
pki certificate access-control-policy default permit
#
dns proxy enable
#
license-server domain lic.huawei.com
#
web-manager enable
web-manager security enable port 8443
undo web-manager config-guide enable
#
user-manage web-authentication security port 8888
#
l2fwdfast enable
#
interface Vlanif1
ip address 192.168.90.1 255.255.255.0
service-manage enable
service-manage http permit
service-manage https permit
service-manage ping permit
service-manage ssh permit
service-manage telnet permit
#
interface Cellular5/0/0
link-protocol ppp
#
interface Ethernet0/0/0
alias WAN
dhcp client enable
nat enable
detect ftp
#
interface Ethernet1/0/0
portswitch
port link-type access
#
interface Ethernet1/0/1
portswitch
port link-type access
#
interface Ethernet1/0/2
portswitch
port link-type access
#
interface Ethernet1/0/3
portswitch
port link-type access
#
interface Ethernet1/0/4
portswitch
port link-type access
#
interface Ethernet1/0/5
portswitch
port link-type access
#
interface Ethernet1/0/6
portswitch
port link-type access
#
interface Ethernet1/0/7
portswitch
port link-type access
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
set priority 85
detect ftp
detect rtsp
detect pptp
add interface Ethernet1/0/0
add interface Ethernet1/0/1
add interface Ethernet1/0/2
add interface Ethernet1/0/3
add interface Ethernet1/0/4
add interface Ethernet1/0/5
add interface Ethernet1/0/6
add interface Ethernet1/0/7
add interface Vlanif1
#
firewall zone untrust
set priority 5
detect ftp
detect rtsp
detect pptp
add interface Ethernet0/0/0
#
firewall zone dmz
set priority 50
detect ftp
detect rtsp
detect pptp
#
firewall interzone local trust
detect ftp
detect pptp
detect rtsp
#
firewall interzone local untrust
detect ftp
detect pptp
detect rtsp
#
firewall interzone local dmz
detect ftp
detect pptp
detect rtsp
#
firewall interzone trust untrust
detect ftp
detect pptp
detect rtsp
#
firewall interzone trust dmz
detect ftp
detect pptp
detect rtsp
#
firewall interzone dmz untrust
detect ftp
detect pptp
detect rtsp
#
#
aaa
local-user admin password irreversible-cipher %@%@d+LM,~(yE1zu8DBmH)@S<`WNm0PzHCEHb$(<#pK/'^(~|f]X%@%@
local-user admin service-type web terminal telnet
local-user admin level 15
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
domain dot1x
#
#
nqa-jitter tag-version 1
#
ip route-static 0.0.0.0 0.0.0.0 192.168.2.254 preference 245
ip route-static 192.168.91.0 255.255.255.0 192.168.90.254
ip route-static 192.168.92.0 255.255.255.0 192.168.90.254
#
banner enable
#
user-interface con 0
user-interface tty 2
modem both
user-interface vty 0 4
authentication-mode aaa
protocol inbound all
#
sa
#
slb
#
cwmp
#
right-manager server-group
#
return