Chinaunix首页 | 论坛 | 博客

华为技术cisco3550.blog.chinaunix.net

首页 |  博文目录 |  关于我

wfeng520

  • 博客访问: 1287210
  • 博文数量: 464
  • 博客积分: 9399
  • 博客等级: 中将
  • 技术积分: 6364
  • 用 户 组: 普通用户
  • 注册时间: 2011-02-19 09:15
文章分类

全部博文(464)

文章存档

2014年(12)

2013年(123)

2012年(173)

2011年(156)

我的朋友
最近访客
推荐博文
华为 S3900之802.1x配置实例

分类:

2012-08-23 11:02:59

dis cu
#
sysname T_S3928TP_04_D
#
super password level 3 cipher DW";-P:^4$CZ-TSW(NE2OQ!!
#
dot1x
dot1x quiet-period
dot1x dhcp-launch
dot1x supp-proxy-check logoff
#
radius scheme system
radius scheme radius1
server-type huawei
primary authentication 192.169.2.1
primary accounting 192.169.2.1
key authentication cams
key accounting cams
timer realtime-accounting 15
timer response-timeout 5
retry 5
user-name-format without-domain
#
domain system
scheme radius-scheme radius1
#                                         
local-user aaa
password cipher 05L"1R.\&=_Z-TSW(NE2OQ!!
service-type lan-access
service-type telnet
#
stp enable
stp region-configuration
region-name ligongdx
instance 1 vlan 2 to 17
instance 2 vlan 18 to 400
active region-configuration
#
acl number 3000
rule 0 deny tcp destination-port eq 10080
rule 1 deny tcp destination-port eq 9996
rule 2 deny tcp destination-port eq 9995
rule 3 deny tcp destination-port eq 8998
rule 4 deny tcp destination-port eq 6667
rule 5 deny tcp destination-port eq 6129
rule 6 deny tcp destination-port eq 5900
rule 7 deny tcp destination-port eq 5800
rule 8 deny tcp destination-port eq 5554
rule 9 deny tcp destination-port eq 4557
rule 10 deny tcp destination-port eq 4510
rule 11 deny tcp source-port eq 4444
rule 12 deny tcp destination-port eq 4444
rule 13 deny tcp destination-port eq 4334
rule 14 deny tcp destination-port eq 4331
rule 15 deny tcp destination-port eq 3127
rule 16 deny tcp destination-port eq 3208
rule 17 deny tcp destination-port eq 2745
rule 18 deny tcp destination-port eq 1871
rule 19 deny udp destination-port eq 1434
rule 20 deny tcp destination-port eq 1433
rule 21 deny tcp destination-port eq 1068
rule 22 deny tcp source-port eq 1034 destination-port eq www
rule 23 deny tcp destination-port eq 1025
rule 24 deny tcp destination-port eq 1023
rule 25 deny tcp destination-port eq 1022
rule 26 deny tcp destination-port eq 593
rule 27 deny udp destination-port eq 593
rule 28 deny tcp destination-port eq 445
rule 29 deny udp destination-port eq 445
rule 30 deny tcp destination-port eq 135
rule 31 deny udp destination-port eq 135
rule 32 deny udp destination-port eq tftp
rule 33 deny tcp destination-port eq 138
rule 34 deny tcp destination-port eq 137
rule 35 deny udp destination-port eq netbios-dgm
rule 36 deny udp destination-port eq netbios-ns
rule 37 deny udp source-port eq bootps
#
acl number 5000
rule 0 deny 0806 ffff 24 3ac0cffe ffffffff 40
rule 1 permit 0806 ffff 24 00005e000137 ffffffffffff 34
#
vlan 1
description switch_manager_network
#
vlan 16
#
vlan 54
description dhcp_ip_pool_for_notebook
#
vlan 55
description teacher_office_network
#
interface Vlan-interface1
ip address 192.168.1.14 255.255.255.0
#
interface Aux1/0/0
#                                         
interface Ethernet1/0/1
stp edged-port enable
port access vlan 54
packet-filter inbound user-group 5000 rule 0
packet-filter inbound user-group 5000 rule 1
dot1x supp-proxy-check logoff
dot1x version-check
#
interface Ethernet1/0/2
stp edged-port enable
port access vlan 54
packet-filter inbound user-group 5000 rule 0
packet-filter inbound user-group 5000 rule 1
dot1x
dot1x supp-proxy-check logoff
dot1x version-check
#
interface Ethernet1/0/3
stp edged-port enable
port access vlan 55
dot1x
dot1x supp-proxy-check logoff
dot1x version-check
line-rate inbound 2048                   
line-rate outbound 2048
#
interface Ethernet1/0/4
stp edged-port enable
port access vlan 55
dot1x
dot1x supp-proxy-check logoff
dot1x version-check
line-rate inbound 2048
line-rate outbound 2048
#
interface Ethernet1/0/5
stp edged-port enable
port access vlan 55
dot1x
dot1x supp-proxy-check logoff
dot1x version-check
line-rate inbound 2048
line-rate outbound 2048
#
interface Ethernet1/0/6
stp edged-port enable
port access vlan 55
dot1x                                    
dot1x supp-proxy-check logoff
dot1x version-check
line-rate inbound 2048
line-rate outbound 2048
#
interface Ethernet1/0/7
stp edged-port enable
port access vlan 55
dot1x
dot1x supp-proxy-check logoff
dot1x version-check
line-rate inbound 2048
line-rate outbound 2048
#
interface Ethernet1/0/8
stp edged-port enable
port access vlan 55
dot1x
dot1x supp-proxy-check logoff
dot1x version-check
line-rate inbound 2048
line-rate outbound 2048
#
interface Ethernet1/0/9                   
stp edged-port enable
port access vlan 55
dot1x
dot1x supp-proxy-check logoff
dot1x version-check
line-rate inbound 2048
line-rate outbound 2048
#
interface Ethernet1/0/10
stp edged-port enable
port access vlan 55
dot1x
dot1x supp-proxy-check logoff
dot1x version-check
line-rate inbound 2048
line-rate outbound 2048
#
interface Ethernet1/0/11
stp edged-port enable
port access vlan 55
dot1x supp-proxy-check logoff
dot1x version-check
line-rate inbound 2048
line-rate outbound 2048                  
#
interface Ethernet1/0/12
stp edged-port enable
port access vlan 55
dot1x
dot1x supp-proxy-check logoff
dot1x version-check
line-rate inbound 2048
line-rate outbound 2048
#
interface Ethernet1/0/13
stp edged-port enable
port access vlan 55
dot1x
dot1x supp-proxy-check logoff
dot1x version-check
line-rate inbound 2048
line-rate outbound 2048
#
interface Ethernet1/0/14
stp edged-port enable
port access vlan 55
dot1x
dot1x supp-proxy-check logoff            
dot1x version-check
line-rate inbound 2048
line-rate outbound 2048
#
interface Ethernet1/0/15
stp edged-port enable
port access vlan 55
dot1x
dot1x supp-proxy-check logoff
dot1x version-check
line-rate inbound 2048
line-rate outbound 2048
#
interface Ethernet1/0/16
stp edged-port enable
port access vlan 55
dot1x
dot1x supp-proxy-check logoff
dot1x version-check
line-rate inbound 2048
line-rate outbound 2048
#
interface Ethernet1/0/17
stp edged-port enable                    
port access vlan 55
dot1x
dot1x supp-proxy-check logoff
dot1x version-check
line-rate inbound 2048
line-rate outbound 2048
#
interface Ethernet1/0/18
stp edged-port enable
port access vlan 55
dot1x
dot1x supp-proxy-check logoff
dot1x version-check
line-rate inbound 2048
line-rate outbound 2048
#
interface Ethernet1/0/19
stp edged-port enable
port access vlan 55
dot1x
dot1x supp-proxy-check logoff
dot1x version-check
line-rate inbound 2048
line-rate outbound 2048                  
#
interface Ethernet1/0/20
stp edged-port enable
port access vlan 55
dot1x
dot1x supp-proxy-check logoff
dot1x version-check
line-rate inbound 2048
line-rate outbound 2048
#
interface Ethernet1/0/21
stp edged-port enable
port access vlan 55
dot1x
dot1x supp-proxy-check logoff
dot1x version-check
line-rate inbound 2048
line-rate outbound 2048
#
interface Ethernet1/0/22
stp edged-port enable
port access vlan 55
dot1x
dot1x supp-proxy-check logoff            
dot1x version-check
line-rate inbound 2048
line-rate outbound 2048
#
interface Ethernet1/0/23
stp edged-port enable
port access vlan 16
#
interface Ethernet1/0/24
stp edged-port enable
port access vlan 16
#
interface GigabitEthernet1/1/1
port link-type trunk
port trunk permit vlan 1 16 54 to 55
packet-filter inbound ip-group 3000 rule 0
packet-filter inbound ip-group 3000 rule 1
packet-filter inbound ip-group 3000 rule 2
packet-filter inbound ip-group 3000 rule 3
packet-filter inbound ip-group 3000 rule 4
packet-filter inbound ip-group 3000 rule 5
packet-filter inbound ip-group 3000 rule 6
packet-filter inbound ip-group 3000 rule 7
packet-filter inbound ip-group 3000 rule 8
packet-filter inbound ip-group 3000 rule 9
packet-filter inbound ip-group 3000 rule 10
packet-filter inbound ip-group 3000 rule 11
packet-filter inbound ip-group 3000 rule 12
packet-filter inbound ip-group 3000 rule 13
packet-filter inbound ip-group 3000 rule 14
packet-filter inbound ip-group 3000 rule 15
packet-filter inbound ip-group 3000 rule 16
packet-filter inbound ip-group 3000 rule 17
packet-filter inbound ip-group 3000 rule 18
packet-filter inbound ip-group 3000 rule 19
packet-filter inbound ip-group 3000 rule 20
packet-filter inbound ip-group 3000 rule 21
packet-filter inbound ip-group 3000 rule 22
packet-filter inbound ip-group 3000 rule 23
packet-filter inbound ip-group 3000 rule 24
packet-filter inbound ip-group 3000 rule 25
packet-filter inbound ip-group 3000 rule 26
packet-filter inbound ip-group 3000 rule 27
packet-filter inbound ip-group 3000 rule 28
packet-filter inbound ip-group 3000 rule 29
packet-filter inbound ip-group 3000 rule 30
packet-filter inbound ip-group 3000 rule 31
packet-filter inbound ip-group 3000 rule 32
packet-filter inbound ip-group 3000 rule 33
packet-filter inbound ip-group 3000 rule 34
packet-filter inbound ip-group 3000 rule 35
packet-filter inbound ip-group 3000 rule 36
packet-filter inbound ip-group 3000 rule 37
#
interface GigabitEthernet1/1/2
port link-type trunk
port trunk permit vlan 1 16 54 to 55
packet-filter inbound ip-group 3000 rule 0
packet-filter inbound ip-group 3000 rule 1
packet-filter inbound ip-group 3000 rule 2
packet-filter inbound ip-group 3000 rule 3
packet-filter inbound ip-group 3000 rule 4
packet-filter inbound ip-group 3000 rule 5
packet-filter inbound ip-group 3000 rule 6
packet-filter inbound ip-group 3000 rule 7
packet-filter inbound ip-group 3000 rule 8
packet-filter inbound ip-group 3000 rule 9
packet-filter inbound ip-group 3000 rule 10
packet-filter inbound ip-group 3000 rule 11
packet-filter inbound ip-group 3000 rule 12
packet-filter inbound ip-group 3000 rule 13
packet-filter inbound ip-group 3000 rule 14
packet-filter inbound ip-group 3000 rule 15
packet-filter inbound ip-group 3000 rule 16
packet-filter inbound ip-group 3000 rule 17
packet-filter inbound ip-group 3000 rule 18
packet-filter inbound ip-group 3000 rule 19
packet-filter inbound ip-group 3000 rule 20
packet-filter inbound ip-group 3000 rule 21
packet-filter inbound ip-group 3000 rule 22
packet-filter inbound ip-group 3000 rule 23
packet-filter inbound ip-group 3000 rule 24
packet-filter inbound ip-group 3000 rule 25
packet-filter inbound ip-group 3000 rule 26
packet-filter inbound ip-group 3000 rule 27
packet-filter inbound ip-group 3000 rule 28
packet-filter inbound ip-group 3000 rule 29
packet-filter inbound ip-group 3000 rule 30
packet-filter inbound ip-group 3000 rule 31
packet-filter inbound ip-group 3000 rule 32
packet-filter inbound ip-group 3000 rule 33
packet-filter inbound ip-group 3000 rule 34
packet-filter inbound ip-group 3000 rule 35
packet-filter inbound ip-group 3000 rule 36
packet-filter inbound ip-group 3000 rule 37
#                                         
interface GigabitEthernet1/1/3
#
interface GigabitEthernet1/1/4
#
irf-fabric authentication-mode simple huawei
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.1.254 preference 60
#
snmp-agent
snmp-agent local-engineid 800007DB000FE2261B3B6877
snmp-agent community read lg
snmp-agent community write lgdx
snmp-agent sys-info version all
#
user-interface aux 0 7
user-interface vty 0 4
authentication-mode scheme
#
return




阅读(1023) | 评论(0) | 转发(0) |
0

上一篇:思科路由器组网丢包故障分析和处理实例

下一篇:Cisco设备AAA认证配置

给主人留下些什么吧!~~
关于我们 | 关于IT168 | 联系方式 | 广告合作 | 法律声明 | 免费注册

Copyright 2001-2010 ChinaUnix.net All Rights Reserved 北京皓辰网域网络信息技术有限公司. 版权所有

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6