外包客户公司华为企业有线网,无线网调试
AC配置
AC6003>display current-configuration
Software Version V200R010C00SPC700
#
http server load sdcard:/AC6003V200R010C00SPC700.001.web.7z
http secure-server ssl-policy default_policy
http server enable
#
clock timezone BeijingChongqingHongkongUrumqi add 08:00:00
#
vlan batch 10 20
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name macportal_authen_profile
authentication-profile name portal_authen_profile
#
undo lldp enable
#
diffserv domain default
#
radius-server template default
#
pki realm default
rsa local-key-pair default
enrollment self-signed
#
ssl policy default_policy type server
pki-realm default
version tls1.0 tls1.1 tls1.2
ciphersuite rsa_aes_128_cbc_sha rsa_aes_128_sha256 rsa_aes_256_sha256
#
ike proposal default
encryption-algorithm aes-256
dh group14
authentication-algorithm sha2-256
authentication-method pre-share
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
aaa
authentication-scheme default
authentication-scheme radius
authentication-mode radius
authorization-scheme default
accounting-scheme default
domain default
authentication-scheme default
domain default_admin
authentication-scheme default
local-user admin password irreversible-cipher $1a$*-E\8hVBAP$0]\K1YM{q5.M.&.4XvaL)!g`0vE&&Bzl8)8f]]J3$
local-user admin privilege level 15
local-user admin service-type telnet terminal ssh http
#
interface Vlanif1
ip address 10.1.1.6 255.255.255.0
#
interface Ethernet0/0/47
ip address 169.254.3.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface NULL0
#
info-center timestamp log date precision-time millisecond
info-center timestamp trap date precision-time millisecond
#
undo snmp-agent
#
stelnet server enable
undo telnet ipv6 server enable
ssh server secure-algorithms cipher aes256_ctr aes128_ctr
ssh server secure-algorithms hmac sha2_256
ssh server key-exchange dh_group14_sha1
ssh client secure-algorithms cipher aes256_ctr aes128_ctr
ssh client secure-algorithms hmac sha2_256
ssh client key-exchange dh_group14_sha1
#
ip route-static 0.0.0.0 0.0.0.0 10.1.1.1
#
capwap source interface vlanif1
#
user-interface con 0
authentication-mode aaa
user-interface vty 0 4
authentication-mode aaa
protocol inbound all
user-interface vty 16 20
protocol inbound all
#
wmi-server
collect-item log-data disable
#
wmi-server2
collect-item log-data disable
#
wlan
traffic-profile name RXJS
undo traffic-optimize bcmc unicast-send dhcp
traffic-profile name default
undo traffic-optimize bcmc unicast-send dhcp
security-profile name RXJS
security wpa-wpa2 psk pass-phrase %^%#{<6->b6Xx=Z6#W)$iRIX;KOW"WEW:H2zsBO(zB|+%^%# aes-tkip
security-profile name default
security-profile name RXJS-Guest
security wpa-wpa2 psk pass-phrase %^%#=n#F1'87#,K0{)SR`mtS,><AJi!"O~9gd~"v'&c(%^%# aes-tkip
security-profile name default-wds
security wpa2 psk pass-phrase %^%#qNfI(V#y8:b/W|/(mY81#Z\D8~!8Y*#IO1RwV);+%^%# aes
security-profile name default-mesh
security wpa2 psk pass-phrase %^%#o[7"I"t]\4xd-e7_BV:3&kdR~nCGO!El4DSuB>~E%^%# aes
ssid-profile name RXJS
ssid RXJS
mu-mimo disable
ssid-profile name default
mu-mimo disable
ssid-profile name RXJS-Guest
ssid RXJS-Guest
vap-profile name RXJS
forward-mode tunnel
service-vlan vlan-id 10
ssid-profile RXJS
security-profile RXJS
traffic-profile RXJS
vap-profile name default
vap-profile name RXJS-Guest
forward-mode tunnel
service-vlan vlan-id 20
ssid-profile RXJS-Guest
security-profile RXJS-Guest
wds-profile name default
mu-mimo disable
mesh-handover-profile name default
mesh-profile name default
regulatory-domain-profile name default
dca-channel 5g channel-set 36,40,44,48,52,56,60,64,149,153,157,161
dca-channel 5g bandwidth 80mhz
channel-load-mode indoor
air-scan-profile name default
rrm-profile name default
smart-roam disable
sta-load-balance dynamic disable
radio-2g-profile name default
radio-5g-profile name default
wids-profile name default
wireless-access-specification
ap-system-profile name default
lldp report enable
traffic-optimize broadcast-suppression arp disable
traffic-optimize broadcast-suppression igmp disable
traffic-optimize broadcast-suppression nd disable
traffic-optimize broadcast-suppression other-broadcast disable
traffic-optimize broadcast-suppression other-multicast disable
port-link-profile name default
wired-port-profile name default
ap auth-mode no-auth
ap-group name default
radio 0
vap-profile RXJS wlan 1
vap-profile RXJS-Guest wlan 2
radio 1
vap-profile RXJS wlan 1
vap-profile RXJS-Guest wlan 2
radio 2
vap-profile RXJS wlan 1
vap-profile RXJS-Guest wlan 2
ap-id 0 type-id 49 ap-mac 446a-2e28-0ba0 ap-sn 21500827008WJ1000939
ap-id 1 type-id 49 ap-mac 10c1-721d-3de0 ap-sn 21500836298WJB002899
ap-id 2 type-id 49 ap-mac 446a-2e28-0be0 ap-sn 21500827008WJ1000941
ap-id 3 type-id 49 ap-mac 10c1-721d-7d00 ap-sn 21500836298WJB003404
ap-id 4 type-id 49 ap-mac 2028-3e15-1580 ap-sn 21500836298WJB015331
ap-id 5 type-id 49 ap-mac 10c1-721d-67e0 ap-sn 21500836298WJB003235
ap-id 6 type-id 49 ap-mac 2028-3e15-17a0 ap-sn 21500836298WJB015348
ap-id 7 type-id 49 ap-mac 446a-2e28-0b00 ap-sn 21500827008WJ1000934
ap-id 8 type-id 49 ap-mac 446a-2e28-0b40 ap-sn 21500827008WJ1000936
provision-ap
ap update update-filename FitAP5030DN-S_V200R010C00SPCc00.bin ap-type 49 ap-group default
#
device-profile profile-name @default_device_profile
device-type default_type_phone
enable
rule 0 user-agent sub-match Android
rule 1 user-agent sub-match iPhone
rule 2 user-agent sub-match iPad
if-match rule 0 or rule 1 or rule 2
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
#
undo ntp-service enable
#
return
华为核心
[CoreSW]display current-configuration
!Software Version V200R010C00SPC600
#
sysname CoreSW
#
vlan batch 10 20 99
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name portal_authen_profile
authentication-profile name dot1xmac_authen_profile
authentication-profile name multi_authen_profile
#
telnet server enable
#
lldp enable
#
dhcp enable
#
diffserv domain default
#
radius-server template default
#
acl number 2000
rule 5 deny source 172.25.2.0 0.0.0.255
rule 10 permit
#
acl number 3000
rule 5 deny ip source 172.25.2.0 0.0.0.255 destination 172.25.0.0 0.0.1.255
rule 10 deny ip source 172.25.2.0 0.0.0.255 destination 10.1.1.0 0.0.0.255
rule 15 permit ip source 172.25.2.0 0.0.0.255
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
drop-profile default
#
ip pool Vlan10
gateway-list 172.25.0.1
network 172.25.0.0 mask 255.255.254.0
excluded-ip-address 172.25.1.230 172.25.1.254
lease day 3 hour 0 minute 0
dns-list 114.114.114.114
#
ip pool Vlan20
gateway-list 172.25.2.1
network 172.25.2.0 mask 255.255.255.0
lease day 2 hour 0 minute 0
dns-list 114.114.114.114
#
ip pool Vlan1
gateway-list 10.1.1.1
network 10.1.1.0 mask 255.255.255.0
excluded-ip-address 10.1.1.2 10.1.1.150
lease day 3 hour 0 minute 0
dns-list 114.114.114.114
#
aaa
authentication-scheme default
authentication-scheme radius
authentication-mode radius
authorization-scheme default
accounting-scheme default
local-aaa-user password policy administrator
password history record number 0
password expire 0
local-aaa-user password policy access-user
domain default
authentication-scheme radius
radius-server default
domain default_admin
authentication-scheme default
local-user admin password irreversible-cipher $1a$R=B~X_8/;N$A!&wA@U\~*#o2b88he"7`pq-;Jfec'M=WrShJ82W$
local-user admin privilege level 15
local-user admin service-type telnet terminal ftp
#
interface Vlanif1
ip address 10.1.1.1 255.255.255.0
dhcp select global
#
interface Vlanif10
ip address 172.25.0.1 255.255.254.0
dhcp select global
#
interface Vlanif20
ip address 172.25.2.1 255.255.255.0
dhcp select global
#
interface Vlanif99
ip address 10.0.0.1 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/6
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/18
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/19
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/20
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/21
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
port link-type access
port default vlan 99
#
interface GigabitEthernet0/0/25
#
interface GigabitEthernet0/0/26
#
interface GigabitEthernet0/0/27
#
interface GigabitEthernet0/0/28
#
interface XGigabitEthernet0/0/1
#
interface XGigabitEthernet0/0/2
#
interface XGigabitEthernet0/0/3
#
interface XGigabitEthernet0/0/4
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 10.0.0.2
#
traffic-filter vlan 20 inbound acl 3000
#
user-interface con 0
authentication-mode aaa
user-interface vty 0 4
acl 2000 inbound
authentication-mode aaa
protocol inbound all
user-interface vty 16 20
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
#
return
[CoreSW] dis
[CoreSW] display ip int
[CoreSW] display ip interface br
[CoreSW] display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
(E): E-Trunk down
The number of interface that is UP in Physical is 5
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 5
The number of interface that is DOWN in Protocol is 1
Interface IP Address/Mask Physical Protocol
MEth0/0/1 unassigned down down
NULL0 unassigned up up(s)
Vlanif1 10.1.1.1/24 up up
Vlanif10 172.25.0.1/23 up up
Vlanif20 172.25.2.1/24 up up
Vlanif99 10.0.0.1/24 up up
华为防火墙
<USG6300>display current-configuration
2021-12-01 10:47:02.840 +08:00
!Software Version V500R005C00SPC100
#
sysname USG6300
#
FTP server enable
#
l2tp domain suffix-separator @
#
authentication-profile name portal_authen_default
#
ipsec sha2 compatible enable
#
undo factory-configuration prohibit
#
undo telnet server enable
undo telnet ipv6 server enable
#
clock timezone Beijing add 08:00:00
#
update schedule location-sdb weekly Sun 23:28
#
firewall defend action discard
#
log type traffic enable
log type syslog enable
log type policy enable
#
undo dataflow enable
#
undo sa force-detection enable
#
banner enable
#
user-manage web-authentication security port 8887
page-setting
user-manage security version tlsv1.1 tlsv1.2
password-policy
level high
user-manage single-sign-on ad
user-manage single-sign-on tsm
user-manage single-sign-on radius
user-manage auto-sync online-user
#
firewall ids authentication type aes256
#
web-manager security version tlsv1.1 tlsv1.2
web-manager enable
web-manager security enable
undo web-manager config-guide enable
#
firewall dataplane to manageplane application-apperceive default-action drop
#
update schedule ips-sdb daily 22:00
update schedule av-sdb daily 22:00
update schedule sa-sdb daily 22:00
update schedule ip-reputation daily 22:00
update schedule cnc daily 22:00
update schedule file-reputation daily 22:00
#
set disk-scan parameter attach on
set disk-scan parameter cycle 15
set disk-scan parameter iostat 80
set disk-scan parameter speed 10
set disk-scan parameter switch on
set disk-scan parameter parallel 50
disk-usage alarm threshold 95
#
ip vpn-instance default
ipv4-family
#
ip address-set Office_client type object
address 0 172.25.0.0 mask 16
address 1 10.1.0.0 mask 16
#
time-range worktime
period-range 08:00:00 to 18:00:00 working-day
#
ike proposal default
encryption-algorithm aes-256 aes-192 aes-128
dh group14
authentication-algorithm sha2-512 sha2-384 sha2-256
authentication-method pre-share
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
#
web-auth-server default
port 50100
#
portal-access-profile name default
#
aaa
authentication-scheme default
authentication-scheme admin_local
authentication-scheme admin_radius_local
authentication-scheme admin_hwtacacs_local
authentication-scheme admin_ad_local
authentication-scheme admin_ldap_local
authentication-scheme admin_radius
authentication-scheme admin_hwtacacs
authentication-scheme admin_ad
authentication-scheme admin_ldap
authorization-scheme default
accounting-scheme default
domain default
service-type internetaccess ssl-vpn l2tp ike
internet-access mode password
reference user current-domain
manager-user audit-admin
password cipher @%@%G~BiV3r0c/2Veh'.uBP>2&[83":m)"T=#.z0bY~c|o>'&[;2@%@%
service-type web terminal
level 15
manager-user api-admin
password cipher @%@%M<2>3XHq%~7|kI,$;qqPV3T[KG'6*0N&I9H\JC<;8US<3T^V@%@%
service-type api
level 15
manager-user admin
password cipher @%@%.VKAL%Xy%77+8>.ME4WF9'R9aubG/-la!0xM$;"wXMm%'R<9@%@%
service-type web terminal telnet
level 15
authentication-scheme admin_local
role system-admin
role device-admin
role device-admin(monitor)
role audit-admin
bind manager-user audit-admin role audit-admin
bind manager-user admin role system-admin
#
l2tp-group default-lns
#
interface GigabitEthernet0/0/0
undo shutdown
ip binding vpn-instance default
ip address 192.168.0.1 255.255.255.0
service-manage http permit
service-manage https permit
service-manage ping permit
#
interface GigabitEthernet1/0/0
undo shutdown
#
interface GigabitEthernet1/0/1
undo shutdown
ip address 10.0.0.2 255.255.255.0
alias inside
service-manage http permit
service-manage https permit
service-manage ping permit
service-manage telnet permit
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 222.190.130.18 255.255.255.248
alias outside
gateway 222.190.130.17
#
interface GigabitEthernet1/0/3
undo shutdown
#
interface GigabitEthernet1/0/4
undo shutdown
#
interface GigabitEthernet1/0/5
undo shutdown
#
interface Virtual-if0
#
interface Cellular0/0/0
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet1/0/1
#
firewall zone untrust
set priority 5
add interface GigabitEthernet1/0/2
#
firewall zone dmz
set priority 50
#
api
#
ip route-static 10.1.1.0 255.255.255.0 10.0.0.1
ip route-static 172.25.0.0 255.255.0.0 10.0.0.1
#
undo ssh server compatible-ssh1x enable
#
firewall detect ftp
#
user-interface con 0
authentication-mode aaa
user-interface vty 0 4
authentication-mode aaa
user-interface vty 16 20
#
pki realm default
#
sa
#
location
#
multi-interface
mode proportion-of-weight
#
right-manager server-group
#
agile-network
#
device-classification
device-group pc
device-group mobile-terminal
device-group undefined-group
#
user-manage server-sync tsm
#
security-policy
rule name T-U
source-zone trust
destination-zone untrust
source-address address-set Office_client
action permit
rule name L-U
source-zone local
destination-zone untrust
service dns
service dns-tcp
service dnsix
service icmp
service icmpv6
action permit
#
auth-policy
#
traffic-policy
#
policy-based-route
#
nat-policy
rule name T-U
source-zone trust
destination-zone untrust
source-address address-set Office_client
action source-nat easy-ip
#
proxy-policy
#
quota-policy
#
pcp-policy
#
dns-transparent-policy
dns server bind interface GigabitEthernet1/0/2 preferred 218.2.135.1
mode based-on-multi-interface
#
rightm-policy
#
flow-probe-policy
#
mac-access-profile name mac_access_profile
#
sms
#
return
