温馨提示×

温馨提示×

您好,登录后才能下订单哦!

密码登录×
登录注册×
其他方式登录
点击 登录注册 即表示同意《亿速云用户服务条款》

华三F1020防火墙作LNS设备配置脚本

发布时间:2020-06-20 23:17:46 来源:网络 阅读:3023 作者:耿小布 栏目:网络安全

华三F1020防火墙作为LNS设备连接用户内网和互联网,用户通过手机APN拨号连接运营商LAC设备,LAC与LNS建立隧道进行认证,从而让用户可以通过手机访问内网资源。


<H3C>display cu

#

 version 7.1.064, Release 9313P07

#

 sysname H3C

#

context Admin id 1

#

ip ***-instance management

 route-distinguisher 1000000000:1

 ***-target 1000000000:1 import-extcommunity

 ***-target 1000000000:1 export-extcommunity

#

 telnet server enable

#

 irf mac-address persistent timer

 irf auto-update enable

 undo irf link-delay

 irf member 1 priority 1

#

 ip pool 1 10.60.8.2 10.60.8.254

 ip pool 1 gateway 10.60.8.1

#

nat address-group 0

 address XXXX XXXX

#

 password-recovery enable

#

vlan 1

#

vlan 10

#

vlan 20

#

vlan 2946

#

vlan 2949

#

interface Virtual-Template1

 ppp authentication-mode chap pap domain XXXX.vpdn.sd

 remote address pool 1

 ip address 10.60.8.1 255.255.255.0

#

interface NULL0

#

interface Vlan-interface10

#

interface Vlan-interface20

 ip address 192.168.5.1 255.255.255.0

#

interface Vlan-interface2946

#

interface Vlan-interface2949

#

interface GigabitEthernet1/0/0

 port link-mode route

 ip binding ***-instance management

 ip address 192.168.0.1 255.255.255.0

#

interface GigabitEthernet1/0/1

 port link-mode route

 ip address XXXX 255.255.255.248

 nat outbound address-group 0

#

interface GigabitEthernet1/0/3

 port link-mode route

#

interface GigabitEthernet1/0/4

 port link-mode route

#

interface GigabitEthernet1/0/5

 port link-mode route

#

interface GigabitEthernet1/0/6

 port link-mode route

#

interface GigabitEthernet1/0/7

 port link-mode route

#

interface GigabitEthernet1/0/8

 port link-mode route

#

interface GigabitEthernet1/0/9

 port link-mode route

#

interface GigabitEthernet1/0/10

 port link-mode route

#

interface GigabitEthernet1/0/11

 port link-mode route

#

interface GigabitEthernet1/0/12

 port link-mode route

#

interface GigabitEthernet1/0/13

 port link-mode route

#

interface GigabitEthernet1/0/14

 port link-mode route

#

interface GigabitEthernet1/0/15

 port link-mode route

#

interface GigabitEthernet1/0/16

 port link-mode route

#

interface GigabitEthernet1/0/17

 port link-mode route

#

interface GigabitEthernet1/0/18

 port link-mode route

#

interface GigabitEthernet1/0/19

 port link-mode route

#

interface GigabitEthernet1/0/20

 port link-mode route

#

interface GigabitEthernet1/0/21

 port link-mode route

#

interface GigabitEthernet1/0/22

 port link-mode route

#

interface GigabitEthernet1/0/23

 port link-mode route

#

interface GigabitEthernet1/0/2

 port link-mode bridge

 port access vlan 20

#

object-policy ip Any-Any

 rule 0 pass

#

object-policy ip Trust-Trust

 rule 0 pass

#

object-policy ip Untrust-Untrust

 rule 0 pass

#

security-zone name Local

#

security-zone name Trust

 import interface Virtual-Template1

 import interface Vlan-interface20

 import interface GigabitEthernet1/0/2 vlan 20

#

security-zone name DMZ

#

security-zone name Untrust

 import interface GigabitEthernet1/0/1

#

security-zone name Management

 import interface GigabitEthernet1/0/0

#

security-zone name 1

#

zone-pair security source Any destination Any

 object-policy apply ip Any-Any

#

zone-pair security source Trust destination Trust

 object-policy apply ip Trust-Trust

#

zone-pair security source Untrust destination Untrust

 object-policy apply ip Untrust-Untrust

#

 scheduler logfile size 16

#

line class aux

 user-role network-operator

#

line class console

 user-role network-admin

#

line class vty

 user-role network-operator

#

line aux 0

 user-role network-admin

#

line con 0

 authentication-mode scheme

 user-role network-admin

#

line vty 0 63

 authentication-mode scheme

 user-role network-admin

#

 ip route-static 0.0.0.0 0 XXXX

 ip route-static 10.60.1.0 24 XXXX

 ip route-static 10.60.2.0 24 XXXX

 

#

 ssh server enable

#

radius scheme XXXX

 primary authentication XXXX 1645

 primary accounting XXXX 1646

 key authentication cipher $c$3$I/xuHLKFRh2Ix1jeKdyjzzpOJcdhdOKRYpo=

 key accounting cipher $c$3$oLHfHlz5Faj9pQf/TWOUPxyw0b1etDICO3M=

#

domain XXXX.vpdn.sd

 authentication login radius-scheme XXXX

 accounting login radius-scheme XXXX

 authentication ppp radius-scheme XXXX

 authorization ppp radius-scheme XXXX

 accounting ppp radius-scheme XXXX

 authentication default radius-scheme XXXX

 accounting default radius-scheme XXXX

#

domain system

#

 aaa session-limit ftp 16

 aaa session-limit telnet 16

 aaa session-limit ssh 16

 domain default enable system

#

role name level-0

 description Predefined level-0 role

#

role name level-1

 description Predefined level-1 role

#

role name level-2

 description Predefined level-2 role

#

role name level-3

 description Predefined level-3 role

#

role name level-4

 description Predefined level-4 role

#

role name level-5

 description Predefined level-5 role

#

role name level-6

 description Predefined level-6 role

#

role name level-7

 description Predefined level-7 role

#

role name level-8

 description Predefined level-8 role

#

role name level-9

 description Predefined level-9 role

#

role name level-10

 description Predefined level-10 role

#

role name level-11

 description Predefined level-11 role

#

role name level-12

 description Predefined level-12 role

#

role name level-13

 description Predefined level-13 role

#

role name level-14

 description Predefined level-14 role

#

user-group system

#

local-user admin class manage

 password hash $h$6$8lPZCAvgBiKoLT5y$ivx6NKLL1FHF440QABdKIhvrfMcVjU79eYMJf88TLoD

a675FTa/IiCV85b434xgFh9+KSPrHDh6SmeksfcM1nA==

 service-type ssh telnet terminal https

 authorization-attribute user-role level-3

 authorization-attribute user-role network-admin

 authorization-attribute user-role network-operator

#

l2tp-group 1 mode lns

 allow l2tp virtual-template 1

 tunnel name XXXX

 tunnel password cipher $c$3$7amv4SHMA/Vy1kQnhxqMwM9QoAjyJjWnCg==

#

 l2tp enable

#

 ip https enable

#

ips policy default

#

anti-virus policy default

#

return

<H3C>


向AI问一下细节

免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。

AI