*********************************************************
* All rights reserved (1997-2003) *
* Without the owner's prior written consent, *
*no decompiling or reverse-engineering shall be allowed.*
*********************************************************
Login authentication
PassWord:
<MA5200F>sys
Enter system view , return user view with Ctrl+Z.
[MA5200F]dis curr
#
version 7115
sysname MA5200F
#
system language-mode english
#
FTP server enable
#
dhcp invalid-server-detecting 10
#
web-auth-server 10.0.0.1 port 50100 key huawei
#
radius-server group radiusyang
radius-server key hello
radius-server authentication 192.168.1.200 1812
radius-server accounting 192.168.2.200 1813
radius-server group zcbradius
radius-server key octopus
radius-server authentication 10.0.0.254 1812
radius-server accounting 10.0.0.254 1813
radius-server group maxch
radius-server key hello
radius-server authentication 192.168.1.200 1812
radius-server accounting 192.168.1.200 1813
radius-server group login
#
web-server
Directory flash:/portal/chn/
default-page /index.Html
#
undo trap-statistics 70f2000
undo trap-statistics 70f2001
undo trap-statistics 70f2002
undo trap-statistics 70f2003
undo trap-statistics 70f2004
undo trap-statistics 70f2005
undo trap-statistics 70f2008
undo trap-statistics 70f2009
undo trap-statistics 70f200c
undo trap-statistics 70f200d
undo trap-statistics 70f200e
undo trap-statistics 70f200f
undo trap-statistics 70f2017
undo trap-statistics 70f2018
#
login authentication-scheme scheme huawei local
login local-user zhanghua password simple zhanghua
login local-user zhanghua service-type ftp
login local-user zhanghua ftp-directory flash:/portal
login local-user myb password simple huawei
login local-user myb service-type ftp
login local-user myb ftp-directory flash:
login local-user ma5200 password simple huawei
login local-user ma5200 service-type ftp
login local-user ma5200 ftp-directory flash:
#
interface Ethernet1
#
interface Ethernet1.10
#
interface Ethernet2
#
interface Ethernet2.0
#
interface Ethernet2.2
#
interface Ethernet3
#
interface Ethernet4
#
interface Ethernet5
#
interface Ethernet6
#
interface Ethernet7
#
interface Ethernet7.1
#
interface Ethernet7.8
#
interface Ethernet8
#
interface Ethernet9
#
interface Ethernet10
#
interface Ethernet11
#
interface Ethernet12
#
interface Ethernet12.0
ip address 10.20.0.1 255.255.255.0
#
interface Ethernet12.1
#
interface Ethernet13
#
interface Ethernet14
#
interface Ethernet15
#
interface Ethernet16
#
interface Ethernet17
#
interface Ethernet18
#
interface Ethernet19
#
interface Ethernet20
#
interface Ethernet21
#
interface Ethernet22
#
interface Ethernet23
#
interface Ethernet24
#
interface NULL0
#
interface LoopBack0
#
interface Nm-Ethernet0
ip address 192.168.1.101 255.255.255.0
#
acl number 110 match-order auto
rule 1 user-net deny ip source 110 (配置对于认证前的用户只能访问WEB服务器和DNS服务器,110是UCl-group号)
acl number 111 match-order auto
rule 0 user-net deny ip source 111
acl number 113
rule 2 user-net deny ip source 113
acl number 134
rule 2 user-net deny ip source 134
#
ip pool haha local
gateway 10.26.1.1 255.255.255.0
section 0 10.26.1.2 10.26.1.200
dns-server 192.168.1.101
#
ip pool home local
gateway 10.20.1.1 255.255.255.0
section 0 10.20.1.2 10.20.1.254
dns-server 202.103.214.5
#
ip pool lfs local
gateway 161.224.1.1 255.255.255.0
#
ip pool maxch local
gateway 10.1.1.1 255.255.252.0
section 0 10.1.1.2 10.1.1.254
section 1 10.1.1.255 10.1.2.255
#
ip pool myb local
gateway 100.100.100.1 255.255.255.0
section 0 100.100.100.2 100.100.100.200
#
ip pool qz local
gateway 220.173.196.1 255.255.255.0
section 0 220.173.196.2 220.173.196.254
#
ip pool yangjh local
gateway 10.23.1.1 255.255.0.0
section 7 10.23.1.2 10.23.4.255
#
ip pool zhanghua local
gateway 10.10.20.1 255.255.0.0
section 0 10.10.20.2 10.10.23.254
#
ip pool zhangxi local
gateway 10.20.0.1 255.255.255.0
section 0 10.20.0.2 10.20.0.254
dns-server 202.103.214.5
#
ip pool zhaochongbin local
gateway 10.0.0.1 255.255.0.0
section 0 10.0.0.2 10.0.0.254
section 1 10.0.1.1 10.0.1.254
#
dot1x-template 1
#
aaa
authentication-scheme zhanghua
authentication-mode local
authentication-scheme maxch
authentication-scheme auth1
authentication-scheme authyang
authentication-mode local
authentication-scheme zhangxi2
authentication-mode local
authentication-scheme local
authentication-scheme lfs
authentication-mode local
authentication-scheme myb
authentication-mode local
authentication-scheme haha
authentication-mode local
authentication-scheme home
authentication-mode local
authentication-scheme authzcb
authentication-mode local
accounting-scheme zhanghua
accounting-mode local
accounting-scheme maxch
accounting-scheme acc1
accounting-scheme acctyang
accounting-mode local
accounting-scheme zhangxi1
accounting-mode local
accounting-scheme lfs
accounting-mode local
accounting-scheme myb
accounting-mode local
accounting-scheme haha
accounting-mode local
accounting-scheme home
accounting-mode local
accounting-scheme acczcb
accounting-mode local
domain default0
web-server 192.168.1.101 (可改为127.0.0.1,这样用户认证时WEB页面地址为IP POOL的网关地址)
ucl-group 110
ip-pool maxch
domain zhanghua
authentication-scheme zhanghua
accounting-scheme zhanghua
domain maxch
authentication-scheme maxch
accounting-scheme maxch
QQread.com
推出各大专业服务器评测 Linux服务器的安全性能
SUN服务器
HP服务器
DELL服务器
IBM服务器
联想服务器
浪潮服务器
曙光服务器
同方服务器
华硕服务器
宝德服务器
web-server 192.168.1.101 (可不需要)
ucl-group 110 (可不需要)
ip-pool maxch (可不需要)
domain zcb
authentication-scheme auth1
accounting-scheme acc1
ip-pool zhaochongbin
domain yangjh
authentication-scheme authyang
accounting-scheme acctyang
radius-server group radiusyang
web-server 192.168.1.101
ucl-group 113
ip-pool yangjh
domain zhangxi3
authentication-scheme zhangxi2
accounting-scheme zhangxi1
ip-pool zhangxi
domain lfs
authentication-scheme lfs
accounting-scheme lfs
ip-pool lfs
domain myb
authentication-scheme myb
accounting-scheme myb
web-server 192.168.1.101
ucl-group 111
ip-pool myb
domain haha
authentication-scheme haha
accounting-scheme haha
domain zcb1
authentication-scheme auth1
accounting-scheme acc1
radius-server group zcbradius
web-server 10.0.0.1
ucl-group 1
ip-pool zhaochongbin
domain home
authentication-scheme home
accounting-scheme home
ip-pool home
#
local-aaa-server
batch-user ethernet 7 5 3
batch-user ethernet 7 11 1
batch-user ethernet 7 23 1
batch-user ethernet 8 1 3
batch-user ethernet 7 300 1 domain haha
batch-user ethernet 7 11 1 domain home
batch-user ethernet 7 17 4 domain maxch
batch-user ethernet 7 10 2 domain myb
user maxch@myb password maxch
user myb@myb password myb
batch-user ethernet 7 13 1 domain yangjh
user zcb@zcb1 password 123456
batch-user ethernet 5 5 1 domain zcb
batch-user ethernet 5 5 1 domain zcb password 123456
batch-user ethernet 5 6 2 domain zcb
batch-user ethernet 7 5 1 domain zcb
batch-user ethernet 7 5 1 domain zcb password 123456
batch-user ethernet 7 6 2 domain zcb
user zcb@zcb password 123456
user zh@zhanghua password zhanghua
batch-user ethernet 7 14 1 domain zhangxi3
batch-user ethernet 7 23 1 domain zhangxi3
batch-user ethernet 7 23 1 domain zhangxi
batch-user ethernet 8 1 3 domain zhangxi
batch-user ethernet 23 5 1 domain zhangxi
#
ip route-static 0.0.0.0 0.0.0.0 10.20.0.2
#
snmp-agent
snmp-agent local-engineid 000007DB7F000001AA7
snmp-agent community read public
snmp-agent community write private
snmp-agent sys-info contact
snmp-agent sys-info location
snmp-agent sys-info version v3
#
Access-group 110 Ethernet 7
#
user-interface con 0
authentication-mode password
set authentication password simple huawei
user-interface vty 0 4
user privilege level 3
set authentication password simple huawei
#
portvlan ethernet 1 vlan 2 1
access-type layer2-subscriber
default-domain authentication maxch
authentication-method bind
portvlan ethernet 1 vlan 7 1
access-type layer2-subscriber
default-domain authentication yangjh
authentication-method bind
portvlan ethernet 5 vlan 5 1
access-type layer2-subscriber
default-domain authentication zcb
authentication-method bind
portvlan ethernet 6 vlan 201 1
access-type layer2-subscriber
default-domain authentication zhanghua
authentication-method web
portvlan ethernet 7 vlan 5 1
access-type layer2-subscriber
default-domain authentication zcb
authentication-method web
portvlan ethernet 7 vlan 8 1
access-type interface
portvlan ethernet 7 vlan 10 1
access-type layer2-subscriber
default-domain authentication myb
authentication-method web
portvlan ethernet 7 vlan 11 1
access-type layer2-subscriber
default-domain authentication home
authentication-method bind
portvlan ethernet 7 vlan 13 1
access-type layer2-subscriber
default-domain authentication yangjh
authentication-method web
portvlan ethernet 7 vlan 14 1
access-type layer2-subscriber
default-domain authentication zhangxi3
authentication-method bind
portvlan ethernet 7 vlan 17 1
access-type layer2-subscriber
default-domain authentication maxch
authentication-method web
portvlan ethernet 7 vlan 23 1
access-type layer2-subscriber
default-domain authentication zhangxi3
authentication-method bind
portvlan ethernet 7 vlan 300 1
access-type layer2-subscriber
default-domain authentication haha
authentication-method bind
portvlan ethernet 8 vlan 1 1
access-type layer2-subscriber
default-domain authentication zhangxi3
authentication-method bind
portvlan ethernet 23 vlan 5 1
access-type layer2-subscriber
default-domain authentication zhangxi3
authentication-method bind
portvlan ethernet 24 vlan 0 1
access-type interface
portvlan ethernet 24 vlan 5 1
access-type interface
#
return
[MA5200F]