gh0s7/NE_YuR
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

theory lab finished

Browse Source
This commit is contained in:
CGH0S7
2025-11-28 18:28:11 +08:00
parent be4742dfa2
commit ac5b4bc15d
111 changed files with 99196 additions and 2637 deletions
Download Patch File Download Diff File Expand all files Collapse all files

336
experiment/gemini.md
View File

@ -1,336 +0,0 @@
### **企业网络架构设计综合实验方案**
#### **一、 实验目标**
本项目旨在模拟一个中型企业的总部网络架构。通过本次实验,你将能够:
1. **规划与设计网络**: 学习从需求分析到设计拓扑、规划IP和VLAN的完整流程。
2. **掌握高可用性技术**:
* 使用 **iStack堆叠** 技术将两台核心交换机虚拟化为一台,实现设备级冗余。
* 使用 **Eth-Trunk链路聚合** 提高关键链路的带宽和可靠性。
* 使用 **VRRP虚拟路由冗余协议** 实现出口网关的冗余备份。
* 配置防火墙 **双机热备HRP**,确保安全策略的持续性。
3. **掌握网络安全技术**:
* 利用 **VLAN** 划分不同安全域(如员工区、服务器区)。
* 采用 **防火墙旁挂** 方案,通过安全区域和策略控制不同区域间的流量。
* 配置 **端口安全**,防止非法设备接入。
4. **掌握网络服务配置**:
* 配置 **DHCP** 服务器为内部员工自动分配IP地址。
* 配置 **NAT** 地址转换,使内网用户能访问互联网。
5. **掌握高级路由技术**:
* 在核心交换机上配置 **VPN实例VPN-Instance**,实现逻辑隔离。
* 配置 **OSPF** 动态路由协议和 **静态路由**,实现全网互通。
#### **二、 网络拓扑与规划**
##### **1. 逻辑拓扑图**
我们将采用经典的三层架构:**接入层 -\> 核心层 -\> 出口层**,并旁挂安全设备(防火墙)。
* **核心层**: 两台华为交换机 (S1, S2) 组成堆叠系统,作为网络核心 **CORE**
* **接入层**:
* 一台交换机 (S3) 连接员工区 (VLAN 10)。
* 一台交换机 (S4) 连接服务器区/DMZ (VLAN 20)。
* **出口层**: 两台华为路由器 (R1, R2) 作为主备出口网关,通过 VRRP 提供单一虚拟网关。
* **安全层**: 两台华为防火墙 (FW1, FW2) 以双机热备模式旁挂在核心交换机上。
* **模拟互联网**: 使用第三台路由器 (R3) 模拟外部互联网。
* **主机**:
* PC1, PC2: 员工区主机。
* PC3: 服务器区部署Web服务。
* PC4: 外网主机,用于测试访问。
* PC5: 管理主机用于连接设备Console口进行配置。
##### **2. 设备连接表**
| 设备名称 | 本地接口 | 连接设备 | 对方接口 | 备注 |
| :--- | :--- | :--- | :--- | :--- |
| **S1 (CORE)** | GigabitEthernet0/0/1 | S2 | GigabitEthernet0/0/1 | 堆叠链路1 |
| | GigabitEthernet0/0/2 | S2 | GigabitEthernet0/0/2 | 堆叠链路2 |
| | GigabitEthernet0/0/3 | R1 | GigabitEthernet0/0/1 | Eth-Trunk 1 |
| | GigabitEthernet0/0/4 | R2 | GigabitEthernet0/0/1 | Eth-Trunk 2 |
| | GigabitEthernet0/0/5 | FW1 | GigabitEthernet0/0/1 | Eth-Trunk 3 (Untrust) |
| | GigabitEthernet0/0/6 | FW1 | GigabitEthernet0/0/2 | Eth-Trunk 4 (Trust) |
| | GigabitEthernet0/0/7 | S3 | GigabitEthernet0/0/24 | 连接员工区交换机 |
| | GigabitEthernet0/0/8 | S4 | GigabitEthernet0/0/24 | 连接服务器区交换机 |
| **S2 (CORE)** | GigabitEthernet1/0/3 | R1 | GigabitEthernet0/0/2 | Eth-Trunk 1 |
| | GigabitEthernet1/0/4 | R2 | GigabitEthernet0/0/2 | Eth-Trunk 2 |
| | GigabitEthernet1/0/5 | FW2 | GigabitEthernet0/0/1 | Eth-Trunk 5 (Untrust) |
| | GigabitEthernet1/0/6 | FW2 | GigabitEthernet0/0/2 | Eth-Trunk 6 (Trust) |
| **FW1** | GigabitEthernet0/0/3 | FW2 | GigabitEthernet0/0/3 | 心跳线 (HRP) |
| **R1** | GigabitEthernet0/0/0 | R3 | GigabitEthernet0/0/0 | 连接模拟Internet |
| **R2** | GigabitEthernet0/0/0 | R3 | GigabitEthernet0/0/1 | 连接模拟Internet |
| **S3** | GigabitEthernet0/0/1 | PC1 | - | 员工主机 |
| | GigabitEthernet0/0/2 | PC2 | - | 员工主机 |
| **S4** | GigabitEthernet0/0/1 | PC3 | - | Web服务器 |
##### **3. IP地址与VLAN规划**
| 用途 | VLAN ID | 网段 | 网关 | 备注 |
| :--- | :--- | :--- | :--- | :--- |
| 员工区 | 10 | `192.168.10.0/24` | `192.168.10.254` (Vlanif10) | DHCP分配 |
| 服务器区 | 20 | `192.168.20.0/24` | `192.168.20.254` (Vlanif20) | |
| CORE -\> Routers | 100 | `10.1.100.0/24` | `10.1.100.254` (Vlanif100) | CORE-R1: `.1`, CORE-R2: `.2`, VRRP: `.253` |
| CORE -\> FWs (外) | 200 | `10.1.200.0/24` | `10.1.200.254` (Vlanif200) | CORE-FW1: `.1`, CORE-FW2: `.2`, VRRP: `.253` |
| CORE -\> FWs (内) | 300 | `10.1.300.0/24` | `10.1.300.254` (Vlanif300) | CORE-FW1: `.1`, CORE-FW2: `.2`, VRRP: `.253` |
| FWs 心跳 | - | `1.1.1.0/30` | - | FW1: `.1`, FW2: `.2` |
| Internet 模拟 | - | `202.100.10.0/24` | - | R1-R3: `10.0`, R2-R3: `20.0` |
-----
#### **三、 详细实验步骤与指令**
**准备工作**: 使用 `reset saved-configuration``reboot` 命令清空所有设备配置并通过Console线连接PC5进行初始配置。
##### **步骤一:配置核心层 (S1, S2 -\> CORE)**
**1. 组建堆叠系统**
* **在 S1 上配置:**
```bash
<HUAWEI> system-view
[HUAWEI] sysname S1
[S1] interface stack-port 0/1
[S1-stack-port0/1] port interface GigabitEthernet 0/0/1 enable
[S1-stack-port0/1] port interface GigabitEthernet 0/0/2 enable
[S1-stack-port0/1] quit
[S1] stack slot 0 priority 200
[S1] save
```
* **在 S2 上配置:**
```bash
<HUAWEI> system-view
[HUAWEI] sysname S2
[S2] interface stack-port 0/1
[S2-stack-port0/1] port interface GigabitEthernet 0/0/1 enable
[S2-stack-port0/1] port interface GigabitEthernet 0/0/2 enable
[S2-stack-port0/1] quit
[S2] stack slot 0 renumber 1
Warning: The device will reboot. Continue? [Y/N]: y
```
* **操作**: S2 重启后,将 S1 和 S2 断电。先启动 S1等待约1-2分钟再启动 S2。启动完成后通过 S1 的 Console 口登录,设备名称应变为 `HUAWEI`。
```bash
<HUAWEI> system-view
[HUAWEI] sysname CORE
[CORE] display stack
# 确认 S1(slot 0) 为 MasterS2(slot 1) 为 Standby
```
**2. 配置链路聚合 (Eth-Trunk)**
```bash
[CORE] interface Eth-Trunk 1
[CORE-Eth-Trunk1] mode lacp-static
[CORE-Eth-Trunk1] trunkport GigabitEthernet 0/0/3
[CORE-Eth-Trunk1] trunkport GigabitEthernet 1/0/3
[CORE-Eth-Trunk1] quit
# 重复为 Eth-Trunk 2, 3, 4, 5, 6 创建,并加入对应端口
```
**3. 创建 VLAN 和 VLANIF 接口**
```bash
[CORE] vlan batch 10 20 100 200 300
[CORE] interface Vlanif10
[CORE-Vlanif10] ip address 192.168.10.254 24
[CORE-Vlanif10] quit
# 为 Vlanif20, 100, 200, 300 配置对应的IP地址
```
**4. 配置接口模式 (Trunk)**
```bash
# 配置连接路由器的链路
[CORE] interface Eth-Trunk 1
[CORE-Eth-Trunk1] port link-type trunk
[CORE-Eth-Trunk1] port trunk allow-pass vlan 100
[CORE-Eth-Trunk1] quit
# 对 Eth-Trunk 2, 3, 4, 5, 6 及连接接入层交换机的 G0/0/7, G0/0/8 配置相应的Trunk和VLAN
# 例如,连接 S3 的 G0/0/7
[CORE] interface GigabitEthernet 0/0/7
[CORE-GigabitEthernet0/0/7] port link-type trunk
[CORE-GigabitEthernet0/0/7] port trunk allow-pass vlan 10
[CORE-GigabitEthernet0/0/7] quit
```
##### **步骤二:配置接入层 (S3, S4)**
* **在 S3 (员工区) 上配置:**
```bash
[S3] vlan 10
[S3] interface GigabitEthernet 0/0/1
[S3-GigabitEthernet0/0/1] port link-type access
[S3-GigabitEthernet0/0/1] port default vlan 10
[S3-GigabitEthernet0/0/1] quit
# 对 G0/0/2 重复配置
[S3] interface GigabitEthernet 0/0/24
[S3-GigabitEthernet0/0/24] port link-type trunk
[S3-GigabitEthernet0/0/24] port trunk allow-pass vlan 10
[S3-GigabitEthernet0/0/24] quit
```
* **在 S4 (服务器区) 上做类似配置**,使用 VLAN 20。
##### **步骤三:配置出口网关 (R1, R2)**
* **在 R1 上配置:**
```bash
[R1] interface Eth-Trunk 1
[R1-Eth-Trunk1] mode lacp-static
[R1-Eth-Trunk1] trunkport GigabitEthernet 0/0/1
[R1-Eth-Trunk1] trunkport GigabitEthernet 0/0/2
[R1-Eth-Trunk1] quit
[R1] interface Eth-Trunk 1.100 // 创建子接口
[R1-Eth-Trunk1.100] dot1q termination vid 100
[R1-Eth-Trunk1.100] ip address 10.1.100.1 24
[R1-Eth-Trunk1.100] vrrp vrid 1 virtual-ip 10.1.100.253
[R1-Eth-Trunk1.100] vrrp vrid 1 priority 120 // R1 作为 Master
[R1-Eth-Trunk1.100] quit
# 配置连接外网的接口
[R1] interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0] ip address 202.100.10.1 24
[R1-GigabitEthernet0/0/0] quit
```
* **在 R2 上做类似配置**IP为`10.1.100.2`VRRP 优先级为默认(100)。
##### **步骤四:配置防火墙 (FW1, FW2)**
* **在 FW1 上配置:**
```bash
# 1. 配置接口和IP
[FW1] interface Eth-Trunk 3
[FW1-Eth-Trunk3] mode lacp-static
[FW1-Eth-Trunk3] ip address 10.1.200.1 24
... // 添加成员接口
[FW1] interface Eth-Trunk 4
[FW1-Eth-Trunk4] mode lacp-static
[FW1-Eth-Trunk4] ip address 10.1.300.1 24
... // 添加成员接口
[FW1] interface GigabitEthernet 0/0/3
[FW1-GigabitEthernet0/0/3] ip address 1.1.1.1 30
# 2. 划分安全区域
[FW1] firewall zone untrust
[FW1-zone-untrust] add interface Eth-Trunk 3
[FW1] firewall zone trust
[FW1-zone-trust] add interface Eth-Trunk 4
[FW1] firewall zone dmz
[FW1-zone-dmz] add interface GigabitEthernet 0/0/3
# 3. 配置双机热备 (HRP)
[FW1] hrp interface GigabitEthernet 0/0/3 remote 1.1.1.2
[FW1] hrp enable
```
* **在 FW2 上做类似配置**IP地址和 HRP remote 地址相应更改。配置完成后,按 **先主后备** 顺序重启防火墙。
##### **步骤五:配置路由实现全网互通**
这是最关键的一步,参考了学长报告中的 "旁挂防火墙" 路由设计。
* **在 CORE 上配置 VPN 实例和路由:**
```bash
# 1. 创建VPN实例
[CORE] ip vpn-instance Public
[CORE-vpn-instance-Public] route-distinguisher 100:1
[CORE] ip vpn-instance Private
[CORE-vpn-instance-Private] route-distinguisher 200:1
# 2. 将接口绑定到VPN实例
[CORE] interface Vlanif100
[CORE-Vlanif100] ip binding vpn-instance Public
[CORE-Vlanif100] ip address 10.1.100.254 24 // 重新配置IP
[CORE] interface Vlanif200
[CORE-Vlanif200] ip binding vpn-instance Public
[CORE-Vlanif200] ip address 10.1.200.254 24
# 将 Vlanif10, 20, 300 绑定到 Private 实例并重配IP
# 3. 配置路由
# Private实例的流量默认全部扔给防火墙内口
[CORE] ip route-static vpn-instance Private 0.0.0.0 0.0.0.0 10.1.300.253
# Public实例去往内网的流量下一跳是防火墙外口
[CORE] ip route-static vpn-instance Public 192.168.10.0 24 10.1.200.253
[CORE] ip route-static vpn-instance Public 192.168.20.0 24 10.1.200.253
```
* **在 CORE, R1, R2 上配置 OSPF:**
```bash
# CORE上
[CORE] ospf 100 vpn-instance Public
[CORE-ospf-100] area 0
[CORE-ospf-100-area-0.0.0.0] network 10.1.100.0 0.0.0.255
# R1上
[R1] ospf 1
[R1-ospf-1] area 0
[R1-ospf-1-area-0.0.0.0] network 10.1.100.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0] network 202.100.10.0 0.0.0.255
```
* **在 FW1 上配置静态路由 (FW2会自动同步):**
```bash
# 上行流量(去往外网)
[FW1] ip route-static 0.0.0.0 0 10.1.200.254
# 下行流量(回到内网)
[FW1] ip route-static 192.168.10.0 24 10.1.300.254
[FW1] ip route-static 192.168.20.0 24 10.1.300.254
```
##### **步骤六:配置网络服务**
* **在 CORE 上配置 DHCP:**
```bash
[CORE] dhcp enable
[CORE] interface Vlanif10
[CORE-Vlanif10] dhcp select interface
[CORE-Vlanif10] dhcp server dns-list 192.168.20.10 // 假设DNS服务器是PC3
```
* **在 R1 和 R2 上配置 NAT:**
```bash
# R1上
[R1] acl 2000
[R1-acl-basic-2000] rule permit source 192.168.10.0 0.0.0.255
[R1] interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0] nat outbound 2000
# 为Web服务器做静态NAT
[R1-GigabitEthernet0/0/0] nat static protocol tcp global 202.100.10.100 80 inside 192.168.20.10 80
```
在 R2 上做类似配置。
##### **步骤七:配置安全策略**
* **在 FW1 的Web管理界面或命令行配置 (FW2会自动同步):**
1. **Trust -\> Untrust**: 允许员工区访问外网。
```bash
[FW1] security-policy
[FW1-security-policy] rule name staff_to_internet
[FW1-security-policy-rule-staff_to_internet] source-zone trust
[FW1-security-policy-rule-staff_to_internet] destination-zone untrust
[FW1-security-policy-rule-staff_to_internet] source-address 192.168.10.0 24
[FW1-security-policy-rule-staff_to_internet] action permit
```
2. **Untrust -\> Trust**: 允许外网访问Web服务器。
```bash
[FW1-security-policy] rule name internet_to_web
[FW1-security-policy-rule-internet_to_web] source-zone untrust
[FW1-security-policy-rule-internet_to_web] destination-zone trust
[FW1-security-policy-rule-internet_to_web] destination-address 192.168.20.10 32
[FW1-security-policy-rule-internet_to_web] service protocol tcp destination-port 80
[FW1-security-policy-rule-internet_to_web] action permit
```
3. **默认策略**: `any` to `any` 的流量是 `deny` 的。
* **在 S3 上配置端口安全:**
```bash
[S3] interface GigabitEthernet 0/0/2
[S3-GigabitEthernet0/0/2] port-security enable
[S3-GigabitEthernet0/0/2] port-security max-mac-num 1
[S3-GigabitEthernet0/0/2] port-security mac-address sticky
```
#### **四、 实验验证**
完成所有配置后,进行以下验证:
1. **DHCP 验证**: 将 PC1 设置为自动获取 IP检查是否能获取到 `192.168.10.0/24` 网段的地址。
2. **内网连通性**: PC1 `ping` PC2, PC1 `ping` PC3 (Web服务器)。
3. **NAT 验证**: PC1 `ping` 外网主机 PC4 的地址,应该能通。
4. **Web 服务访问**:
* 内网 PC1 打开浏览器访问 `http://192.168.20.10`。
* 外网 PC4 打开浏览器访问 `http://202.100.10.100` (R1的NAT地址)。
5. **VRRP 故障切换**: 在 PC1 上长 `ping` 外网地址,然后 `shutdown` R1 的 `Eth-Trunk1.100` 接口,观察 `ping` 是否中断应该只会丢1-2个包
6. **防火墙 HA 切换**: `display hrp state` 查看主备状态。关闭 FW1 电源再次查看FW2 应切换为 Active。
7. **端口安全验证**: 将 PC2 的网线拔下,接到 G0/0/2 端口PC2 应该无法通信。

442
experiment/kimi-advice.md
View File

@ -1,442 +0,0 @@
以下是基于你提供的小型网络拓扑图和评分标准结合华为设备交换机、路由器、防火墙和Windows 10 PC、树莓派作为Web服务器环境设计的一份**详细实验内容与配置步骤文档**。该文档兼顾了**得分点覆盖**、**配置简洁性**(特别是防火墙部分尽量简化),并明确区分了**Web配置仅防火墙**与**命令行配置(其余设备)**。
---
## 🧪 实验名称:小型企业网络综合设计与实现(华为设备)
---
### ✅ 一、实验目标(对应评分项)
| 目标 | 得分点 |
|------|--------|
| 设计完整拓扑实现多服务Web、DHCP、邮件 | 拓扑图+5需求设计10IP编址+2数据规划+2配置流程+1 |
| 实现内网用户访问网页、邮件通信、DHCP中继 | 网络应用服务10分Web+3邮件+3DHCP中继+4 |
| 实现VLAN划分、内网互通、服务器访问 | 网络连通性10分VLAN+2互通+5访问服务器+3 |
| 实现环路防护、VRRP主备、外网多路径 | 网络可靠性10分环路+3VRRP/冗余+3外网多路径+4 |
| 实现端口安全、非法服务器屏蔽、时间控制、NAT发布Web | 安全保护10分端口安全+2屏蔽非法+3时间控制+3NAT发布+2 |
| 拓展功能可选无线接入、BFD、MPLS、网页美化等 | 拓展功能20分每功能+5~10封顶20 |
---
### 🧱 二、设备清单与角色分配
| 设备 | 型号(建议) | 角色 | 管理方式 |
|------|---------------|------|----------|
| R1, R2 | AR2220 | 出口路由器VRRP主备 | Telnet CLI |
| R3 | AR2220 | ISP模拟 | Telnet CLI |
| FW1 | USG6000V华为防火墙 | NAT、安全策略、区域划分 | Web界面简化配置 |
| R_NEW | AR2220 | 核心路由转发 | Telnet CLI |
| CORE (S1+S2) | S5700堆叠 | 核心三层交换机VLAN网关 | Telnet CLI |
| S3, S4 | S3700 | 接入交换机 | Telnet CLI |
| PC1, PC3 | Windows 10 | 员工/访客终端 | 图形界面 |
| Server | 树莓派Pi | 内网Web服务器192.168.20.10 | 手动配置 |
| InternetServer | 树莓派Pi | 外网Web服务8.8.8.8 | 手动配置 |
| PC4 | Windows 10 | 外网用户 | 图形界面 |
---
### 🌍 三、IP地址规划评分+2
| 区域 | VLAN | 子网 | 网关 | 说明 |
|------|------|--------|--------|--------|
| 员工区 | 10 | 192.168.10.0/24 | 192.168.10.254 | 网关CORE |
| 服务器区 | 20 | 192.168.20.0/24 | 192.168.20.254 | 网关CORE |
| 访客区 | 30 | 192.168.30.0/24 | 192.168.30.254 | 网关CORE |
| DMZ逻辑 | 20 | 同上 | 同上 | 实际在S4但网关仍在CORE |
| 外网模拟 | — | 8.8.8.0/24 | 8.8.8.1 | 树莓派模拟 |
| 外网用户 | — | 172.16.1.0/24 | 172.16.1.1 | PC4 |
| R3-R1 | — | 203.0.113.0/30 | — | 链路A |
| R3-R2 | — | 203.0.113.4/30 | — | 链路B |
| R1-FW1 | — | 10.0.2.0/30 | — | 主路径 |
| R2-FW1 | — | 10.0.3.0/30 | — | 备路径 |
| FW1-R_NEW | — | 10.0.1.0/30 | — | 核心上行 |
| R_NEW-CORE | — | 10.0.4.0/30 | — | 核心互联 |
> ✅ 所有三层接口使用静态路由或OSPF推荐OSPF简化
---
### 🔧 四、实验步骤(按模块划分)
---
#### 🔹 步骤 1基础连接与IP配置所有设备互通
> ✅ 目标实现直连ping通为后续服务打基础
##### 1.1 配置 R1出口1
```bash
system-view
sysname R1
interface GigabitEthernet0/0/0
ip address 203.0.113.2 255.255.255.252
quit
interface GigabitEthernet0/0/1
ip address 10.0.2.1 255.255.255.252
quit
```
##### 1.2 配置 R2出口2
```bash
interface GigabitEthernet0/0/0
ip address 203.0.113.6 255.255.255.252
interface GigabitEthernet0/0/1
ip address 10.0.3.1 255.255.255.252
```
##### 1.3 配置 R3ISP
```bash
interface GigabitEthernet0/0/0
ip address 203.0.113.1 255.255.255.252
interface GigabitEthernet0/0/1
ip address 203.0.113.5 255.255.255.252
interface GigabitEthernet0/0/2
ip address 8.8.8.1 255.255.255.0 # 模拟公网网关
```
---
#### 🔹 步骤 2配置 VRRP评分+3
> ✅ 在 R1 与 R2 上配置 VRRP虚拟IP为 `10.0.2.254`(主)和 `10.0.3.254`(备),统一对外为 `10.0.2.254`
##### R1
```bash
interface GigabitEthernet0/0/1
vrrp vrid 1 virtual-ip 10.0.2.254
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode
```
##### R2
```bash
interface GigabitEthernet0/0/1
vrrp vrid 1 virtual-ip 10.0.2.254
vrrp vrid 1 priority 100
```
> ✅ 验证:`display vrrp`
---
#### 🔹 步骤 3配置静态路由或OSPF实现全网互通
> ✅ 推荐:在 R1、R2、R_NEW、CORE 上启用 OSPFArea 0
##### R1
```bash
ospf 1
area 0
network 10.0.2.0 0.0.0.3
network 203.0.113.0 0.0.0.3
```
##### R2
```bash
ospf 1
area 0
network 10.0.3.0 0.0.0.3
network 203.0.113.4 0.0.0.3
```
##### R_NEW
```bash
ospf 1
area 0
network 10.0.1.0 0.0.0.3
network 10.0.4.0 0.0.0.3
```
##### CORE
```bash
ospf 1
area 0
network 10.0.4.0 0.0.0.3
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255
network 192.168.30.0 0.0.0.255
```
---
#### 🔹 步骤 4配置 VLAN 与 Eth-Trunk评分+2
##### CORE堆叠作为三层网关
```bash
vlan batch 10 20 30
interface Vlanif10
ip address 192.168.10.254 255.255.255.0
interface Vlanif20
ip address 192.168.20.254 255.255.255.0
interface Vlanif30
ip address 192.168.30.254 255.255.255.0
# Eth-Trunk 到 S3员工
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 10
interface GigabitEthernet0/0/1
eth-trunk 1
interface GigabitEthernet0/0/2
eth-trunk 1
# Eth-Trunk 到 S4服务器+访客)
interface Eth-Trunk2
port link-type trunk
port trunk allow-pass vlan 20 30
interface GigabitEthernet0/0/3
eth-trunk 2
interface GigabitEthernet0/0/4
eth-trunk 2
```
##### S3接入员工
```bash
vlan 10
interface Ethernet0/0/1
port link-type access
port default vlan 10
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
```
##### S4接入服务器+访客)
```bash
vlan batch 20 30
interface Ethernet0/0/1
port link-type access
port default vlan 20
interface Ethernet0/0/2
port link-type access
port default vlan 30
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 20 30
```
---
#### 🔹 步骤 5配置 DHCP 中继(评分+4
> ✅ 在 CORE 上启用 DHCP 中继,指向外部 DHCP 服务器(如 Windows Server 或路由器)
##### 假设 DHCP 服务器在 192.168.20.10(树莓派或路由器)
```bash
dhcp enable
interface Vlanif10
dhcp select relay
dhcp relay server-ip 192.168.20.10
interface Vlanif30
dhcp select relay
dhcp relay server-ip 192.168.20.10
```
> ✅ 树莓派上安装 `isc-dhcp-server`,配置作用域为 192.168.10.0 和 192.168.30.0
---
#### 🔹 步骤 6配置防火墙 FW1Web配置简化
> ✅ 仅使用 Web 界面,配置以下内容:
##### 6.1 登录 FW1 Web 控制台(默认 https://192.168.0.1
##### 6.2 配置接口
| 接口 | IP | 区域 |
|------|----|------|
| GigabitEthernet0/0/0 | 10.0.2.2/30 | Untrust |
| GigabitEthernet0/0/1 | 10.0.3.2/30 | Untrust |
| GigabitEthernet0/0/2 | 10.0.1.1/30 | Trust |
> ✅ 注意:不要配置 Vlanif20删除任何 VLAN 20 网关(得分点:简化防火墙)
##### 6.3 配置安全策略(允许内网访问外网)
- 源区域Trust
- 目的区域Untrust
- 源地址192.168.10.0/24, 192.168.20.0/24, 192.168.30.0/24
- 动作:允许
##### 6.4 配置 NATEasy IP
- 出接口G0/0/0 和 G0/0/1主备
- 源地址:同上私网段
- 类型源NAT使用出接口地址
> ✅ 验证PC1 能 ping 8.8.8.8
##### 6.5 配置 NAT Server发布 Web 服务器)
- 公网地址203.0.113.100(可绑定到 R1/R2 环回)
- 私网地址192.168.20.10
- 端口TCP 80
- 区域Untrust -> Trust
> ✅ 外网 PC4 访问 `http://203.0.113.100` 可看到树莓派网页
---
#### 🔹 步骤 7配置邮件服务评分+3
> ✅ 使用树莓派作为内网邮件服务器Postfix + Dovecot
##### 7.1 安装邮件服务
```bash
sudo apt update
sudo apt install postfix dovecot-core dovecot-imapd
```
##### 7.2 配置 Postfix
```bash
sudo nano /etc/postfix/main.cf
```
添加:
```ini
myhostname = mail.company.local
mydomain = company.local
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
home_mailbox = Maildir/
```
##### 7.3 创建用户
```bash
sudo adduser user1
sudo adduser user2
```
##### 7.4 测试
- 在 PC1 上使用 Outlook 或 Thunderbird
- 配置 IMAP 服务器192.168.20.10
- 发送邮件给 user2@company.local
- user2 登录接收 → 成功即得分
---
#### 🔹 步骤 8安全配置评分+10
##### 8.1 交换机端口安全S3, S4
```bash
interface Ethernet0/0/1
port-security enable
port-security max-mac-num 1
port-security mac-address sticky
```
> ✅ 防止非法设备接入
##### 8.2 屏蔽非法 DHCP 服务器(评分+3
```bash
dhcp snooping enable
interface GigabitEthernet0/0/1
dhcp snooping trusted
```
> ✅ 仅信任上行口,屏蔽用户侧非法 DHCP
##### 8.3 内网用户分时段访问外网(评分+3
> ✅ 在 FW1 Web 配置:
- 创建时间段:工作日 18:0022:00
- 创建策略:源为 192.168.10.0/24时间为上述动作拒绝
- 放在允许策略之前
> ✅ 实现“上班不能上网,下班可以”
---
#### 🔹 步骤 9网络可靠性评分+10
| 功能 | 实现 | 得分 |
|------|------|------|
| 环路防护 | 启用 STP默认开启 | +3 |
| VRRP 主备 | 已配置 | +3 |
| 外网多路径 | R1/R2 双上行OSPF 自动选路 | +4 |
> ✅ 验证:断开 R1流量走 R2网络不中断
---
#### 🔹 步骤 10拓展功能选做+20 封顶)
| 功能 | 实现方式 | 得分 |
|------|----------|------|
| 无线接入 | 添加华为 AP配置 WLAN 服务AC 或胖 AP | +10 |
| BFD 快速检测 | 在 R1/R2 与 R3 之间配置 BFD | +5 |
| 网页美化 | 树莓派 Web 页面使用 Bootstrap 设计 | +5 |
| MPLS VPN | 在核心启用 MPLS划分 VPN 实例(员工/访客隔离) | +10 |
---
### ✅ 五、验证清单(实验完成标准)
| 验证项 | 命令/方法 | 是否完成 |
|--------|------------|----------|
| PC1 能访问外网 Web | ping 8.8.8.8 + 浏览器访问 | ✅ |
| PC1 与 PC3 互通 | ping 192.168.30.x | ✅ |
| PC1 能访问服务器 | ping 192.168.20.10 | ✅ |
| 外网 PC4 能访问内网 Web | http://203.0.113.100 | ✅ |
| 邮件发送接收 | Outlook 测试 | ✅ |
| DHCP 获取 | PC1/PC3 自动获取 IP | ✅ |
| VRRP 主备切换 | shutdown R1 接口,测试连通性 | ✅ |
| 端口安全 | 插入新设备,是否被阻止 | ✅ |
| 时间控制 | 非允许时间无法上网 | ✅ |
---
### 📎 六、提交材料建议
1. **拓扑图**(已提供,+5
2. **IP 地址规划表**(见上文,+2
3. **设备配置文件**CLI 命令汇总,+2
4. **服务测试截图**Web访问、邮件、DHCP、VRRP切换等
5. **拓展功能演示**如无线接入、BFD、网页美化
---
### 🏁 七、总结
本实验设计:
-**完全覆盖评分标准**
-**防火墙配置极简**(仅用 Web无复杂 CLI
-**其余设备全命令行**(符合要求)
-**使用真实设备(华为)与树莓派**
-**可拓展性强**无线、BFD、MPLS 等)
---
如需我为你生成:
- 完整的 **CLI 配置脚本打包**(按设备分类)
- **防火墙 Web 配置截图指南**
- **树莓派 Web/邮件服务搭建脚本**
- **测试用 PC 配置指南**
请告诉我,我可以继续为你补充!祝你实验顺利完成,冲击满分!💯

63
experiment/labdesign.md
View File

@ -1,63 +0,0 @@
graph TD
subgraph Internet [外网区域]
style Internet fill:#E6F3FF,stroke:#99CCFF
Internet_Cloud(fa:fa-cloud Internet)
PC4(fa:fa-laptop PC4 - 外网用户)
end
Internet_Cloud -- WAN链路 --> R3(R3 - 模拟ISP)
R3 -- 链路 A --> R1
R3 -- 链路 B --> R2
subgraph Exit_Layer [出口层 - VRRP负载分担]
style Exit_Layer fill:#E6FFE6,stroke:#99FF99
R1(fa:fa-route R1 - 出口网关)
R2(fa:fa-route R2 - 出口网关)
end
subgraph Core_and_Security [核心与安全区_防火墙旁挂]
style Core_and_Security fill:#F5F5F5,stroke:#CCCCCC,stroke-width:2px
subgraph CORE_STACK [核心层_堆叠系统_S1+S2]
style CORE_STACK fill:#FFF5E6,stroke:#FFCC99
CORE((fa:fa-layer-group CORE))
end
subgraph FW_HA [安全层_防火墙双机热备]
style FW_HA fill:#FFECE6,stroke:#FFB399
FW1(fa:fa-shield-alt FW1)
FW2(fa:fa-shield-alt FW2)
end
FW1 <-.->|HRP 心跳线| FW2
end
subgraph Access_Layer [接入层]
style Access_Layer fill:#F0E6FF,stroke:#D1B3FF
S3(S3 - 员工区交换机)
S4(S4 - 服务器/访客区交换机)
end
subgraph End_Devices [内网终端设备]
PC1(fa:fa-computer PC1 <br> 员工区 VLAN 10)
Server(fa:fa-server Web服务器 <br> 服务器区 VLAN 20)
PC3(fa:fa-wifi PC3 <br> 访客区 VLAN 30)
end
%% 定义连接关系
%% 出口层 <--> 核心层
R1 -- Eth-Trunk 1 --> CORE
R2 -- Eth-Trunk 2 --> CORE
%% 防火墙旁挂流量路径
CORE -- "Untrust区 <br> (VLAN 200)" --> FW1 & FW2
FW1 & FW2 -- "Trust区 <br> (VLAN 300)" --> CORE
%% 核心层 <--> 接入层
CORE -- Trunk链路 --> S3
CORE -- Trunk链路 --> S4
%% 接入层 <--> 终端
S3 -- Access端口 --> PC1
S4 -- Access端口 --> Server
S4 -- Access端口 --> PC3

BIN
experiment/labdesign.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 301 KiB

BIN
experiment/labdesign2.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 197 KiB

BIN
experiment/labdesign3.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 164 KiB

BIN
experiment/labdesign4.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 163 KiB

81
experiment/labdesignfinal-fix-again.md
View File

@ -1,81 +0,0 @@
---
config:
layout: dagre
---
flowchart TD
subgraph Internet["外网区域 (Untrust)"]
InternetServer["fa:fa-server Internet(Pi)<br>Web服务 (8.8.8.8)"]
PC4["fa:fa-laptop PC4 - 外网用户<br>(172.16.1.0/24)"]
end
subgraph ISP["ISP 模拟"]
R3["fa:fa-route R3 - 模拟ISP"]
end
%% 1. 出口层修改为 VRRP/主备
subgraph ExitLayer["出口层 - VRRP/主备"]
R1["fa:fa-route R1 (出口1)"]
R2["fa:fa-route R2 (出口2)"]
end
subgraph SecurityLayer["安全层 - FW1"]
%% 2. 移除 FW1 的 V20 网关
FW1["fa:fa-shield-alt FW1<br>NAT & 安全策略"]
end
subgraph CoreStack["核心层 - 堆叠系统 (Trust)"]
%% 3. 增加 R_NEW (新增路由器)
R_NEW["fa:fa-route R_NEW - 核心路由"]
%% 4. CORE 增加 V20 网关
CORE["fa:fa-layer-group CORE (S1+S2)<br>L3网关: V10, V20, V30"]
end
subgraph AccessLayer["接入层"]
S3["S3 - 员工区交换机"]
S4["S4 - 服务器/访客区交换机"]
end
subgraph EndUsers["终端用户区"]
PC1["fa:fa-computer PC1<br>员工区 - VLAN 10<br>(192.168.10.0/24)"]
PC3["fa:fa-wifi PC3<br>访客区 - VLAN 30<br>(192.168.30.0/24)"]
Server["fa:fa-server Web服务器(Pi)<br>服务器区 - VLAN 20<br>(192.168.20.0/24)"]
end
%% A. 外网连接 (R3模拟外网网关) - 不变
InternetServer -- "8.8.8.0/24" --> R3
PC4 -- "172.16.1.0/24" --> R3
%% B. ISP 到 出口 - 不变
R3 -- "链路 A (203.0.113.0/30)" --> R1
R3 -- "链路 B (203.0.113.4/30)" --> R2
%% C. 出口 到 防火墙 (Untrust 接口, VRRP/主备) - 修改描述
R1 -- "L3 链路 A (主, 10.0.2.0/30)" --> FW1
R2 -- "L3 链路 B (备, 10.0.3.0/30)" --> FW1
%% D. 防火墙 到 核心 (Trust 接口) - 修改为单线, 经过 R_NEW
FW1 -- "L3 链路 (10.0.1.0/30)" --> R_NEW
%% E. 新增 R_NEW 到 核心
R_NEW -- "L3 链路 (10.0.4.0/30)" --> CORE
%% F. 防火墙 到 DMZ (L2) - 删除
%% FW1 -- "L2 链路 (VLAN 20)" --> S4
%% G. 核心 到 接入 (Trust 接口) - 修改为 Eth-Trunk, 增加 V20
CORE -- "Eth-Trunk (VLAN 10)" --> S3
CORE -- "Eth-Trunk (VLAN 20, 30)" --> S4
%% H. 接入 到 终端 - 不变
S3 -- "Access (VLAN 10)" --> PC1
S4 -- "Access (VLAN 30)" --> PC3
S4 -- "Access (VLAN 20)" --> Server
%% 样式 - 不变
style Internet fill:#E6F3FF,stroke:#99CCFF
style ISP fill:#E0E0E0,stroke:#A0A0A0
style ExitLayer fill:#E6FFE6,stroke:#99FF99
style SecurityLayer fill:#FFECE6,stroke:#FFB399
style CoreStack fill:#FFF5E6,stroke:#FFCC99
style AccessLayer fill:#F0E6FF,stroke:#D1B3FF
style EndUsers fill:#FFFFE6,stroke:#FFCC66

BIN
experiment/labdesignfinal-fix-again.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 156 KiB

73
experiment/labdesignfinal-fix.md
View File

@ -1,73 +0,0 @@
------
config:
layout: dagre
---
flowchart TD
subgraph Internet["外网区域 (Untrust)"]
InternetServer["fa:fa-server Internet(Pi)<br>Web服务 (8.8.8.8)"]
PC4["fa:fa-laptop PC4 - 外网用户<br>(172.16.1.0/24)"]
end
subgraph ISP["ISP 模拟"]
R3["fa:fa-route R3 - 模拟ISP"]
end
subgraph ExitLayer["出口层 - ECMP 负载分担"]
R1["fa:fa-route R1 (出口1)"]
R2["fa:fa-route R2 (出口2)"]
end
subgraph SecurityLayer["安全层 - FW1 (Trust, DMZ, Untrust)"]
FW1["fa:fa-shield-alt FW1<br>L3网关: V20 (DMZ)<br>NAT & 安全策略"]
end
subgraph CoreStack["核心层 - 堆叠系统 (Trust)"]
CORE["fa:fa-layer-group CORE (S1+S2)<br>L3网关: V10, V30"]
end
subgraph AccessLayer["接入层"]
S3["S3 - 员工区交换机"]
S4["S4 - 服务器/访客区交换机"]
end
subgraph EndUsers["终端用户区"]
PC1["fa:fa-computer PC1<br>员工区 - VLAN 10<br>(192.168.10.0/24)"]
PC3["fa:fa-wifi PC3<br>访客区 - VLAN 30<br>(192.168.30.0/24)"]
Server["fa:fa-server Web服务器(Pi)<br>服务器区 - VLAN 20<br>(192.168.20.0/24)"]
end
%% 1. 外网连接 (R3模拟外网网关)
InternetServer -- "8.8.8.0/24" --> R3
PC4 -- "172.16.1.0/24" --> R3
%% 2. ISP 到 出口
R3 -- "链路 A (203.0.113.0/30)" --> R1
R3 -- "链路 B (203.0.113.4/30)" --> R2
%% 3. 出口 到 防火墙 (Untrust 接口, ECMP)
R1 -- "L3 链路 A (10.0.2.0/30)" --> FW1
R2 -- "L3 链路 B (10.0.3.0/30)" --> FW1
%% 4. 防火墙 到 核心 (Trust 接口)
FW1 -- "L3 Eth-Trunk 2<br>(10.0.1.0/30)" --> CORE
%% 5. 防火墙 到 DMZ (DMZ 接口) - 关键变更点
FW1 -- "L2 链路 (VLAN 20)" --> S4
%% 6. 核心 到 接入 (Trust 接口)
CORE -- "Trunk (VLAN 10)" --> S3
CORE -- "Trunk (VLAN 30)" --> S4
%% 7. 接入 到 终端
S3 -- "Access (VLAN 10)" --> PC1
S4 -- "Access (VLAN 30)" --> PC3
S4 -- "Access (VLAN 20)" --> Server
%% 样式
style Internet fill:#E6F3FF,stroke:#99CCFF
style ISP fill:#E0E0E0,stroke:#A0A0A0
style ExitLayer fill:#E6FFE6,stroke:#99FF99
style SecurityLayer fill:#FFECE6,stroke:#FFB399
style CoreStack fill:#FFF5E6,stroke:#FFCC99
style AccessLayer fill:#F0E6FF,stroke:#D1B3FF
style EndUsers fill:#FFFFE6,stroke:#FFCC66

BIN
experiment/labdesignfinal-fix.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 163 KiB

38
experiment/labdesignfinal.md
View File

@ -1,38 +0,0 @@
---
config:
layout: dagre
---
flowchart TD
subgraph Internet["外网区域"]
InternetCloud["fa:fa-cloud Internet"]
PC4["fa:fa-laptop PC4 - 外网用户"]
end
subgraph ExitLayer["出口层 - VRRP 负载分担"]
R1["fa:fa-route R1"]
R2["fa:fa-route R2"]
end
subgraph SecurityLayer["安全层 - 串联出口"]
FW1["fa:fa-shield-alt FW1 (出口安全边界)"]
end
subgraph CoreStack["核心层 - 堆叠系统 (S1 + S2)"]
CORE["fa:fa-layer-group CORE"]
end
subgraph AccessLayer["接入层"]
S3["S3 - 员工区交换机"]
S4["S4 - 服务器/访客区交换机"]
end
InternetCloud -- WAN链路 --> R3["R3 - 模拟ISP"]
R3 -- 链路 A --> R1
R3 -- 链路 B --> R2
R1 -- "Eth-Trunk 1 (R1 to FW)" --> FW1
R2 -- "Eth-Trunk 1 (R2 to FW)" --> FW1
FW1 -- "Eth-Trunk 2 (FW to CORE)" --> CORE
CORE -- Trunk链路 --> S3 & S4
S3 -- Access端口 --> PC1["fa:fa-computer PC1<br>员工区 VLAN 10"]
S4 -- Access端口 --> Server["fa:fa-server Web服务器<br>服务器区 VLAN 20 (DMZ)"] & PC3["fa:fa-wifi PC3<br>访客区 VLAN 30"]
style Internet fill:#E6F3FF,stroke:#99CCFF
style ExitLayer fill:#E6FFE6,stroke:#99FF99
style SecurityLayer fill:#FFECE6,stroke:#FFB399
style CoreStack fill:#FFF5E6,stroke:#FFCC99
style AccessLayer fill:#F0E6FF,stroke:#D1B3FF

BIN
experiment/labdesignfinal.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 93 KiB

BIN
experiment/屏幕截图_20251029_150441.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 169 KiB

217
experiment/网络拓扑.drawio
View File

@ -1,217 +0,0 @@
<mxfile host="65bd71144e">
<diagram id="s8aCzVUHsWF-Ozmndaxl" name="Page-1">
<mxGraphModel dx="712" dy="505" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="1169" pageHeight="827" math="0" shadow="0">
<root>
<mxCell id="0"/>
<mxCell id="1" parent="0"/>
<mxCell id="2" value="" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.server;" parent="1" vertex="1">
<mxGeometry x="523" y="5" width="90" height="70" as="geometry"/>
</mxCell>
<mxCell id="3" value="" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.router;" parent="1" vertex="1">
<mxGeometry x="518" y="155" width="100" height="30" as="geometry"/>
</mxCell>
<mxCell id="4" value="" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.router;" parent="1" vertex="1">
<mxGeometry x="378" y="255" width="100" height="30" as="geometry"/>
</mxCell>
<mxCell id="5" value="" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.router;" parent="1" vertex="1">
<mxGeometry x="658" y="255" width="100" height="30" as="geometry"/>
</mxCell>
<mxCell id="27" style="edgeStyle=none;html=1;exitX=0.5;exitY=0;exitDx=0;exitDy=0;exitPerimeter=0;" parent="1" source="6" edge="1">
<mxGeometry relative="1" as="geometry">
<mxPoint x="430" y="290" as="targetPoint"/>
</mxGeometry>
</mxCell>
<mxCell id="6" value="" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.firewall;" parent="1" vertex="1">
<mxGeometry x="516" y="335" width="110" height="60" as="geometry"/>
</mxCell>
<mxCell id="7" value="" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.router;" parent="1" vertex="1">
<mxGeometry x="521" y="456" width="100" height="30" as="geometry"/>
</mxCell>
<mxCell id="8" value="" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.switch;" parent="1" vertex="1">
<mxGeometry x="521" y="545" width="100" height="30" as="geometry"/>
</mxCell>
<mxCell id="23" style="edgeStyle=none;html=1;exitX=0.5;exitY=0;exitDx=0;exitDy=0;exitPerimeter=0;" parent="1" source="9" edge="1">
<mxGeometry relative="1" as="geometry">
<mxPoint x="570.0000000000002" y="580" as="targetPoint"/>
</mxGeometry>
</mxCell>
<mxCell id="9" value="" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.switch;" parent="1" vertex="1">
<mxGeometry x="378" y="645" width="100" height="30" as="geometry"/>
</mxCell>
<mxCell id="24" style="edgeStyle=none;html=1;exitX=0.5;exitY=0;exitDx=0;exitDy=0;exitPerimeter=0;" parent="1" source="10" edge="1">
<mxGeometry relative="1" as="geometry">
<mxPoint x="570.0000000000002" y="580" as="targetPoint"/>
</mxGeometry>
</mxCell>
<mxCell id="10" value="" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.switch;" parent="1" vertex="1">
<mxGeometry x="658" y="645" width="100" height="30" as="geometry"/>
</mxCell>
<mxCell id="11" value="" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.pc;" parent="1" vertex="1">
<mxGeometry x="320" y="740" width="100" height="70" as="geometry"/>
</mxCell>
<mxCell id="12" value="" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.mobile;" parent="1" vertex="1">
<mxGeometry x="1000" y="724.5" width="50" height="100" as="geometry"/>
</mxCell>
<mxCell id="13" value="" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.web_server;" parent="1" vertex="1">
<mxGeometry x="800" y="719.5" width="105" height="105" as="geometry"/>
</mxCell>
<mxCell id="14" style="edgeStyle=none;html=1;exitX=0.5;exitY=0;exitDx=0;exitDy=0;exitPerimeter=0;entryX=0.5;entryY=1;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="3" target="2" edge="1">
<mxGeometry relative="1" as="geometry"/>
</mxCell>
<mxCell id="15" style="edgeStyle=none;html=1;exitX=0.5;exitY=0.07;exitDx=0;exitDy=0;exitPerimeter=0;entryX=0.5;entryY=1;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="11" target="9" edge="1">
<mxGeometry relative="1" as="geometry"/>
</mxCell>
<mxCell id="16" value="" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.wireless_hub;" parent="1" vertex="1">
<mxGeometry x="920" y="545" width="100" height="85" as="geometry"/>
</mxCell>
<mxCell id="17" value="" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.laptop;" parent="1" vertex="1">
<mxGeometry x="558" y="755" width="100" height="55" as="geometry"/>
</mxCell>
<mxCell id="18" style="edgeStyle=none;html=1;exitX=0.5;exitY=0;exitDx=0;exitDy=0;exitPerimeter=0;entryX=0.5;entryY=1;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="17" target="10" edge="1">
<mxGeometry relative="1" as="geometry"/>
</mxCell>
<mxCell id="19" style="edgeStyle=none;html=1;exitX=0;exitY=0.14;exitDx=0;exitDy=0;exitPerimeter=0;entryX=0.5;entryY=1;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="13" target="10" edge="1">
<mxGeometry relative="1" as="geometry"/>
</mxCell>
<mxCell id="20" style="edgeStyle=none;html=1;exitX=0.5;exitY=0;exitDx=0;exitDy=0;exitPerimeter=0;entryX=0.98;entryY=0.94;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="12" target="16" edge="1">
<mxGeometry relative="1" as="geometry"/>
</mxCell>
<mxCell id="21" style="edgeStyle=none;html=1;exitX=0.87;exitY=0.14;exitDx=0;exitDy=0;exitPerimeter=0;entryX=0.02;entryY=0.94;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="13" target="16" edge="1">
<mxGeometry relative="1" as="geometry"/>
</mxCell>
<mxCell id="25" style="edgeStyle=none;html=1;exitX=0.5;exitY=0;exitDx=0;exitDy=0;exitPerimeter=0;entryX=0.5;entryY=1;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="8" target="7" edge="1">
<mxGeometry relative="1" as="geometry"/>
</mxCell>
<mxCell id="26" style="edgeStyle=none;html=1;exitX=0.5;exitY=0;exitDx=0;exitDy=0;exitPerimeter=0;entryX=0.5;entryY=1;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="7" target="6" edge="1">
<mxGeometry relative="1" as="geometry"/>
</mxCell>
<mxCell id="28" style="edgeStyle=none;html=1;exitX=0.5;exitY=0;exitDx=0;exitDy=0;exitPerimeter=0;entryX=0.5;entryY=1;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="6" target="5" edge="1">
<mxGeometry relative="1" as="geometry"/>
</mxCell>
<mxCell id="29" style="edgeStyle=none;html=1;exitX=0.5;exitY=0;exitDx=0;exitDy=0;exitPerimeter=0;entryX=0.5;entryY=1;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="4" target="3" edge="1">
<mxGeometry relative="1" as="geometry"/>
</mxCell>
<mxCell id="31" style="edgeStyle=none;html=1;exitX=0.5;exitY=0;exitDx=0;exitDy=0;exitPerimeter=0;entryX=0.5;entryY=1;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="5" target="3" edge="1">
<mxGeometry relative="1" as="geometry"/>
</mxCell>
<mxCell id="33" value="Internet&lt;div&gt;8.8.8.8&lt;/div&gt;" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="613" y="30" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="34" value="R3" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="621" y="155" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="35" value="R1" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="480" y="255" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="36" value="R2" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="758" y="255" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="37" value="Firewall" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="626" y="350" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="38" value="R_NEW" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="621" y="456" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="39" value="CORE (LSW1+LSW2)" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="632" y="545" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="40" value="S3" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="478" y="645" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="42" value="S4" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="758" y="645" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="43" value="PC1&lt;div&gt;192.168.10.20&lt;/div&gt;" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="429" y="760" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="44" value="PC2&lt;div&gt;192.168.30.20&lt;/div&gt;" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="658" y="767.5" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="45" value="Server&lt;div&gt;192.168.20.50&lt;/div&gt;" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="906" y="767.5" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="46" value="Phone" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="1050" y="767.5" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="47" value="G0/0/3" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="420" y="689.5" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="48" value="G0/0/1 G0/0/2" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="490" y="615" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="49" value="Eth-Trunk&amp;nbsp;" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="380" y="610" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="50" value="Eth-Trunk&amp;nbsp;" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="598" y="610" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="52" value="G0/0/1 G0/0/2" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="698" y="615" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="53" value="G0/0/4" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="600" y="689.5" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="54" value="G0/0/5" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="758" y="689.5" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="55" value="G0/0/1 G0/0/2" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="463" y="572.5" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="56" value="G0/0/3 G0/0/4" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="621" y="575" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="57" value="G0/0/5" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="570" y="515" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="58" value="G0/0/0" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="570" y="485" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="59" value="G0/0/1" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="570" y="426" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="60" value="G0/0/0" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="570" y="396" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="61" value="G0/0/1" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="523" y="300" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="62" value="G0/0/2" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="627" y="300" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="63" value="G0/0/1" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="456" y="225" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="64" value="G0/0/0" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="456" y="280" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="65" value="G0/0/0" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="686" y="280" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="66" value="G0/0/1" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="687" y="225" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="67" value="G0/0/0" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="518" y="195" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="68" value="G0/0/1" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="618" y="195" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="69" value="G0/0/2" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="566" y="125" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="70" value="Wireless" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="1030" y="600" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="73" value="Trust" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" vertex="1" parent="1">
<mxGeometry x="489" y="740" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="74" value="DMZ" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" vertex="1" parent="1">
<mxGeometry x="905" y="737.5" width="60" height="30" as="geometry"/>
</mxCell>
<mxCell id="75" value="VRRP" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" vertex="1" parent="1">
<mxGeometry x="538" y="250" width="60" height="30" as="geometry"/>
</mxCell>
</root>
</mxGraphModel>
</diagram>
</mxfile>

BIN
experiment/网络拓扑.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 100 KiB

BIN
ne_expr_2/PXL_20251022_081520630.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 6.0 MiB

BIN
ne_expr_2/PXL_20251022_081527334.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 4.4 MiB

BIN
ne_expr_2/PXL_20251022_111102704.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 4.1 MiB

BIN
ne_expr_2/PXL_20251022_112810186.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 4.1 MiB

BIN
ne_expr_2/PXL_20251022_112816558.MP.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 8.1 MiB

BIN
ne_expr_2/PXL_20251022_112821204.MP.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 8.7 MiB

BIN
ne_expr_2/PXL_20251029_074936561.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 3.3 MiB

165
ne_expr_2/core.txt.txt
View File

@ -1,165 +0,0 @@
#
sysname CORE
#
vlan batch 10 20 30 400
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name dot1xmac_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name multi_authen_profile
authentication-profile name portal_authen_profile
#
diffserv domain default
#
radius-server template default
#
pki realm default
certificate-check none
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
aaa
authentication-scheme default
authentication-mode local
authentication-scheme radius
authentication-mode radius
authorization-scheme default
authorization-mode local
accounting-scheme default
accounting-mode none
local-aaa-user password policy administrator
password history record number 0
password expire 0
domain default
authentication-scheme radius
accounting-scheme default
radius-server default
domain default_admin
authentication-scheme default
accounting-scheme default
local-user admin password irreversible-cipher $1c$2{cX@;%V5#$`(w_4>*#q1iDviGwC{
bCxq8cFF@6EC<80+<(peJH$
local-user admin privilege level 15
local-user admin service-type terminal http
#
interface Vlanif1
#
interface Vlanif10
ip address 192.168.10.254 255.255.255.0
#
interface Vlanif20
ip address 192.168.20.254 255.255.255.0
#
interface Vlanif30
ip address 192.168.30.254 255.255.255.0
#
interface Vlanif400
ip address 10.0.4.2 255.255.255.252
#
interface MEth0/0/1
ip address 192.168.1.253 255.255.255.0
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 10
mode lacp
#
interface Eth-Trunk2
port link-type trunk
port trunk allow-pass vlan 20 30
mode lacp
#
interface GigabitEthernet0/0/1
eth-trunk 1
#
interface GigabitEthernet0/0/2
eth-trunk 1
#
interface GigabitEthernet0/0/3
eth-trunk 2
#
interface GigabitEthernet0/0/4
eth-trunk 2
#
interface GigabitEthernet0/0/5
port link-type access
port default vlan 400
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface GigabitEthernet0/0/25
#
interface GigabitEthernet0/0/26
#
interface GigabitEthernet0/0/27
#
interface GigabitEthernet0/0/28
#
interface NULL0
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 10.0.4.0 0.0.0.3
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255
network 192.168.30.0 0.0.0.255
#
undo icmp name timestamp-request receive
#
ssh server cipher aes256_ctr aes128_ctr
ssh server hmac sha2_256
ssh client cipher aes256_ctr aes128_ctr
ssh client hmac sha2_256
ssh server dh-exchange min-len 2048
#
user-interface con 0
authentication-mode none
user-interface vty 0 4
user-interface vty 16 20
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
#
ops
#
return

294
ne_expr_2/fw.txt.txt
View File

@ -1,294 +0,0 @@
#
sysname FW
#
l2tp domain suffix-separator @
#
authentication-profile name portal_authen_default
#
undo factory-configuration prohibit
#
undo telnet server enable
undo telnet ipv6 server enable
#
clock timezone Beijing add 08:00:00
#
firewall packet-filter basic-protocol enable
#
update schedule location-sdb weekly Sun 22:42
#
firewall defend action discard
#
undo log type traffic enable
log type syslog enable
log type policy enable
#
undo dataflow enable
#
undo sa force-detection enable
#
banner enable
#
user-manage web-authentication security port 8887
undo privacy-statement english
undo privacy-statement chinese
page-setting
user-manage security version tlsv1.1 tlsv1.2
password-policy
level high
user-manage single-sign-on ad
user-manage single-sign-on tsm
user-manage single-sign-on radius
user-manage auto-sync online-user
#
firewall ids authentication type aes256
#
web-manager security version tlsv1.1 tlsv1.2
web-manager enable
web-manager security enable
#
firewall dataplane to manageplane application-apperceive default-action drop
#
dhcp enable
#
undo feedback type threat-log enable
#
update schedule ips-sdb daily 06:48
update schedule av-sdb daily 06:48
update schedule sa-sdb daily 06:48
update schedule ip-reputation daily 06:48
update schedule cnc daily 06:48
update schedule file-reputation daily 06:48
update schedule ext-url-sdb daily 06:48
#
disk-usage alarm threshold 95
#
ip vpn-instance default
ipv4-family
#
time-range worktime
period-range 08:00:00 to 18:00:00 working-day
#
ike proposal default
encryption-algorithm aes-256 aes-192 aes-128
dh group14
authentication-algorithm sha2-512 sha2-384 sha2-256
authentication-method pre-share
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
#
web-auth-server default
port 50100
#
portal-access-profile name default
#
ip pool VLAN10_Staff
gateway-list 192.168.10.254
network 192.168.10.0 mask 255.255.255.0
section 0 192.168.10.10 192.168.10.200
dns-list 8.8.8.8
#
ip pool VLAN30_Guest
gateway-list 192.168.30.254
network 192.168.30.0 mask 255.255.255.0
section 0 192.168.30.10 192.168.30.200
dns-list 8.8.8.8
#
aaa
authentication-scheme admin_ad
authentication-scheme admin_ad_local
authentication-scheme admin_hwtacacs
authentication-scheme admin_hwtacacs_local
authentication-scheme admin_ldap
authentication-scheme admin_ldap_local
authentication-scheme admin_local
authentication-scheme admin_radius
authentication-scheme admin_radius_local
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
service-type internetaccess ssl-vpn l2tp ike dot1x
internet-access mode password
reference user current-domain
manager-user audit-admin
password cipher $1a$<vT~V/>!YP$I6@T1:%^)Rhm%fM@2<B1Cmu1MT+mL:'{'CKfTQ;($
service-type web terminal
level 15
manager-user admin
password cipher $1a$Y5J}3yr|ZQ$(02cA"\}B$#q*/JU(0=~6NSWS$)*n:}ex."SFDY<$
service-type web terminal
level 15
role system-admin
role device-admin
role device-admin(monitor)
role audit-admin
bind manager-user audit-admin role audit-admin
bind manager-user admin role system-admin
#
interface MEth0/0/0
undo shutdown
ip binding vpn-instance default
ip address 192.168.0.1 255.255.255.0
service-manage http permit
service-manage https permit
service-manage ping permit
#
l2tp-group default-lns
#
interface GigabitEthernet0/0/0
undo shutdown
ip address 10.0.1.1 255.255.255.252
#
interface GigabitEthernet0/0/1
undo shutdown
ip address 10.0.2.2 255.255.255.252
#
interface GigabitEthernet0/0/2
undo shutdown
ip address 10.0.3.2 255.255.255.252
#
interface GigabitEthernet0/0/3
undo shutdown
#
interface GigabitEthernet0/0/4
undo shutdown
#
interface GigabitEthernet0/0/5
undo shutdown
#
interface GigabitEthernet0/0/6
undo shutdown
#
interface GigabitEthernet0/0/7
undo shutdown
#
interface WAN0/0/0
undo shutdown
#
interface WAN0/0/1
undo shutdown
#
interface XGigabitEthernet0/0/0
undo shutdown
#
interface XGigabitEthernet0/0/1
undo shutdown
#
interface Virtual-if0
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface MEth0/0/0
#
firewall zone untrust
set priority 5
add interface GigabitEthernet0/0/1
add interface GigabitEthernet0/0/2
#
firewall zone dmz
set priority 50
#
api
#
ospf 1 router-id 6.6.6.6
area 0.0.0.0
network 10.0.1.0 0.0.0.3
network 10.0.2.0 0.0.0.3
network 10.0.3.0 0.0.0.3
#
undo icmp name timestamp-request receive
undo icmp name timestamp-reply receive
undo icmp type 17 code 0 receive
undo icmp type 18 code 0 receive
#
undo ssh server compatible-ssh1x enable
ssh authentication-type default password
ssh server cipher aes256_ctr aes128_ctr
ssh server hmac sha2_256 sha1
ssh client cipher aes256_ctr aes128_ctr
ssh client hmac sha2_256 sha1
ssh server dh-exchange min-len 2048
#
firewall detect ftp
#
v-gateway ssl-renegotiation-attack defend enable
#
user-interface con 0
authentication-mode aaa
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh
user-interface vty 16 20
#
pki realm default
#
sa
#
location
#
multi-interface
mode proportion-of-weight
#
right-manager server-group
#
IoT
#
network-scan
network-scan timeout per-asset 300
network-scan timeout entire-scan 23
conflict-resolve override
#
device-classification
device-group pc
device-group mobile-terminal
device-group undefined-group
#
user-manage server-sync tsm
#
security-policy
default action permit
rule name t2ut
source-zone trust
destination-zone untrust
source-address 192.168.0.0 mask 255.255.0.0
action permit
#
auth-policy
#
traffic-policy
#
policy-based-route
#
nat-policy
rule name t2ut
source-zone trust
destination-zone untrust
source-address 192.168.0.0 mask 255.255.0.0
action source-nat easy-ip
#
proxy-policy
#
quota-policy
#
pcp-policy
#
dns-transparent-policy
mode based-on-multi-interface
#
rightm-policy
#
decryption-policy
#
flow-probe-policy
#
mac-access-profile name mac_access_profile
#
return

154
ne_expr_2/r1.txt.txt
View File

@ -1,154 +0,0 @@
[V300R019C00SPC300]
#
sysname R1
#
drop illegal-mac alarm
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name dot1xmac_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name multi_authen_profile
authentication-profile name portal_authen_profile
#
dhcp enable
#
radius-server template default
#
pki realm default
#
ssl policy default_policy type server
pki-realm default
version tls1.2
ciphersuite rsa_aes_128_cbc_sha rsa_aes_128_sha256 rsa_aes_256_sha256 ecdhe_rsa
_aes128_gcm_sha256 ecdhe_rsa_aes256_gcm_sha384
#
acl number 3000
rule 5 permit ip source 192.168.0.0 0.0.255.255
#
ike proposal default
encryption-algorithm aes-256 aes-192 aes-128
dh group14
authentication-algorithm sha2-512 sha2-384 sha2-256
authentication-method pre-share
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
aaa
authentication-scheme default
authentication-scheme radius
authentication-mode radius
authorization-scheme default
accounting-scheme default
local-aaa-user password policy administrator
domain default
authentication-scheme default
domain default_admin
authentication-scheme default
local-user admin password irreversible-cipher $1a$l/ee<QKJ`1$aPb2.&;1m0F.R-CHp_
};.,#v)1A_gH=rau~tev,#$
local-user admin privilege level 15
local-user admin service-type terminal http
#
firewall zone Local
#
interface Vlanif1
ip address 192.168.1.1 255.255.255.0
dhcp select interface
#
interface GigabitEthernet0/0/0
undo portswitch
ip address 10.0.2.1 255.255.255.252
#
interface GigabitEthernet0/0/1
undo portswitch
ip address 203.0.113.2 255.255.255.252
nat outbound 3000
ospf cost 10
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
description VirtualPort
#
interface XGigabitEthernet0/0/0
#
interface NULL0
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 10.0.2.0 0.0.0.3
area 0.0.0.1
network 203.0.113.0 0.0.0.3
#
snmp-agent local-engineid 800007DB0324A52CE71F00
snmp-agent trap enable
#
http secure-server ssl-policy default_policy
http secure-server enable
http server permit interface GigabitEthernet0/0/0
#
fib regularly-refresh disable
#
user-interface con 0
authentication-mode password
set authentication password cipher %^%#E!6OI[asAL@pGh=~\&TAr:W2;pNN{Tzhe08'*EcE
BCWEHUqkDX{@(pW(9&x*%^%#
user-interface vty 0
authentication-mode aaa
user privilege level 15
user-interface vty 1 4
#
wlan ac
traffic-profile name default
security-profile name default
security-profile name default-wds
security wpa2 psk pass-phrase %^%##>,!RC>rMCb+P-%g3FJX_n;+T!$&5Zhmw3WHu%qX%^%#
aes
ssid-profile name default
vap-profile name default
wds-profile name default
regulatory-domain-profile name default
air-scan-profile name default
rrm-profile name default
radio-2g-profile name default
radio-5g-profile name default
wids-spoof-profile name default
wids-profile name default
ap-system-profile name default
port-link-profile name default
wired-port-profile name default
ap-group name default
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
#
ops
#
autostart
#
secelog
#
ms-channel
#
return

161
ne_expr_2/r2.txt.txt
View File

@ -1,161 +0,0 @@
[V300R019C10SPC200]
#
sysname R2
#
drop illegal-mac alarm
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name dot1xmac_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name multi_authen_profile
authentication-profile name portal_authen_profile
#
dhcp enable
#
radius-server template default
#
pki realm default
#
ssl policy default_policy type server
pki-realm default
version tls1.2
ciphersuite rsa_aes_128_cbc_sha rsa_aes_128_sha256 rsa_aes_256_sha256 ecdhe_rsa
_aes128_gcm_sha256 ecdhe_rsa_aes256_gcm_sha384
#
acl number 3000
rule 5 permit ip source 192.168.0.0 0.0.255.255
#
ike proposal default
encryption-algorithm aes-256 aes-192 aes-128
dh group14
authentication-algorithm sha2-512 sha2-384 sha2-256
authentication-method pre-share
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
aaa
authentication-scheme default
authentication-mode local
authentication-scheme radius
authentication-mode radius
authorization-scheme default
authorization-mode local
accounting-scheme default
accounting-mode none
local-aaa-user password policy administrator
domain default
authentication-scheme default
accounting-scheme default
domain default_admin
authentication-scheme default
accounting-scheme default
local-user admin password irreversible-cipher $1a$l/ee<QKJ`1$aPb2.&;1m0F.R-CHp_
};.,#v)1A_gH=rau~tev,#$
local-user admin privilege level 15
local-user admin service-type terminal http
#
web
#
firewall zone Local
#
interface Vlanif1
ip address 192.168.1.1 255.255.255.0
dhcp select interface
#
interface GigabitEthernet0/0/0
undo portswitch
ip address 10.0.3.1 255.255.255.252
#
interface GigabitEthernet0/0/1
undo portswitch
ip address 203.0.113.6 255.255.255.252
nat outbound 3000
ospf cost 100
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/11
description VirtualPort
#
interface XGigabitEthernet0/0/0
#
interface NULL0
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 10.0.3.0 0.0.0.3
area 0.0.0.1
network 203.0.113.4 0.0.0.3
#
snmp-agent local-engineid 800007DB03A01C8D170B1A
snmp-agent trap enable
#
http secure-server ssl-policy default_policy
http secure-server enable
http server permit interface GigabitEthernet0/0/0
#
fib regularly-refresh disable
#
user-interface con 0
authentication-mode password
set authentication password cipher %^%#\~EgVI'Gi9UVWMQ}8H-B75z=~<67c~A-D2I,"s&<
l,=SB8oa+Lr\,8ER+^wD%^%#
user-interface vty 0
authentication-mode aaa
user privilege level 15
user-interface vty 1 4
#
wlan ac
traffic-profile name default
security-profile name default
security-profile name default-wds
security wpa2 psk pass-phrase %^%#Bre)S*TVAH#I6aH8Fd98ay'KOIR|F,-DemJ:)_<H%^%#
aes
ssid-profile name default
vap-profile name default
wds-profile name default
regulatory-domain-profile name default
air-scan-profile name default
rrm-profile name default
radio-2g-profile name default
radio-5g-profile name default
wids-spoof-profile name default
wids-profile name default
ap-system-profile name default
port-link-profile name default
wired-port-profile name default
ap-group name default
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
#
ops
#
autostart
#
secelog
#
ms-channel
#
return

161
ne_expr_2/r3.txt.txt
View File

@ -1,161 +0,0 @@
#
sysname R3
#
drop illegal-mac alarm
#
ipv6
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name dot1xmac_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name multi_authen_profile
authentication-profile name portal_authen_profile
#
dhcp enable
#
radius-server template default
#
pki realm default
#
ike proposal default
encryption-algorithm aes-256 aes-192 aes-128
dh group14
authentication-algorithm sha2-512 sha2-384 sha2-256
authentication-method pre-share
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
aaa
authentication-scheme default
authentication-mode local
authentication-scheme radius
authentication-mode radius
authorization-scheme default
authorization-mode local
accounting-scheme default
accounting-mode none
domain default
authentication-scheme radius
accounting-scheme default
radius-server default
domain default_admin
authentication-scheme default
accounting-scheme default
local-user admin password irreversible-cipher $1a$dI~qTD'A.$$83RH2*P,V!+M,IT;TP
9$fCzdPEf|JQk>p.GadHd>$
local-user admin service-type http
#
web
#
firewall zone Local
#
interface GigabitEthernet0/0/0
undo portswitch
ipv6 enable
ip address 203.0.113.1 255.255.255.252
ipv6 address auto link-local
ipv6 address auto global default
ipv6 address auto dhcp
#
interface GigabitEthernet0/0/1
undo portswitch
ipv6 enable
ip address 203.0.113.5 255.255.255.252
ipv6 address auto link-local
ipv6 address auto global default
ipv6 address auto dhcp
#
interface GigabitEthernet0/0/2
undo portswitch
ip address 172.16.1.254 255.255.255.0
#
interface GigabitEthernet0/0/3
undo portswitch
ipv6 enable
ip address 8.8.8.1 255.255.255.0
ipv6 address auto link-local
ipv6 address auto global default
ipv6 address auto dhcp
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/11
description VirtualPort
ipv6 enable
ipv6 address auto link-local
ipv6 address auto global default
ip address dhcp-alloc
ipv6 address auto dhcp
#
interface XGigabitEthernet0/0/0
#
interface NULL0
#
ospf 1 router-id 5.5.5.5
default-route-advertise always
area 0.0.0.1
network 8.8.8.0 0.0.0.255
network 172.16.1.0 0.0.0.255
network 203.0.113.0 0.0.0.3
network 203.0.113.4 0.0.0.3
#
snmp-agent local-engineid 800007DB03A01C8D17099E
#
fib regularly-refresh disable
#
user-interface con 0
authentication-mode password
set authentication password cipher %^%#4wT.3a<>PKul8&(@~(-0v,-w1-zQo/`:j^LE<I5$
i;%u'EhQ-R%VY]SS(43"%^%#
user-interface vty 0 4
#
wlan ac
traffic-profile name default
security-profile name default
security-profile name default-wds
security wpa2 psk pass-phrase %^%#OaPv/S-z7#`J3@Jh\/{+NISM.mJ*5GAyP[-0As85%^%#
aes
ssid-profile name default
vap-profile name default
wds-profile name default
regulatory-domain-profile name default
air-scan-profile name default
rrm-profile name default
radio-2g-profile name default
radio-5g-profile name default
wids-spoof-profile name default
wids-profile name default
ap-system-profile name default
port-link-profile name default
wired-port-profile name default
ap-group name default
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
#
ops
#
autostart
#
secelog
#
ms-channel
#
return

154
ne_expr_2/rnew.txt.txt
View File

@ -1,154 +0,0 @@
#
sysname R_NEW
#
drop illegal-mac alarm
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name dot1xmac_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name multi_authen_profile
authentication-profile name portal_authen_profile
#
dhcp enable
#
radius-server template default
#
pki realm default
#
ssl policy default_policy type server
pki-realm default
version tls1.2
ciphersuite rsa_aes_128_cbc_sha rsa_aes_128_sha256 rsa_aes_256_sha256 ecdhe_rsa
_aes128_gcm_sha256 ecdhe_rsa_aes256_gcm_sha384
#
ike proposal default
encryption-algorithm aes-256 aes-192 aes-128
dh group14
authentication-algorithm sha2-512 sha2-384 sha2-256
authentication-method pre-share
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
aaa
authentication-scheme default
authentication-mode local
authentication-scheme radius
authentication-mode radius
authorization-scheme default
authorization-mode local
accounting-scheme default
accounting-mode none
local-aaa-user password policy administrator
domain default
authentication-scheme default
accounting-scheme default
domain default_admin
authentication-scheme default
accounting-scheme default
local-user admin password irreversible-cipher $1a$l/ee<QKJ`1$aPb2.&;1m0F.R-CHp_
};.,#v)1A_gH=rau~tev,#$
local-user admin privilege level 15
local-user admin service-type terminal http
#
web
#
firewall zone Local
#
interface Vlanif1
ip address 192.168.1.1 255.255.255.0
dhcp select interface
#
interface GigabitEthernet0/0/0
undo portswitch
ip address 10.0.1.2 255.255.255.252
#
interface GigabitEthernet0/0/1
undo portswitch
ip address 10.0.4.1 255.255.255.252
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/11
description VirtualPort
#
interface XGigabitEthernet0/0/0
#
interface NULL0
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 10.0.1.0 0.0.0.3
network 10.0.4.0 0.0.0.3
#
snmp-agent local-engineid 800007DB03A01C8D1709B2
snmp-agent trap enable
#
http secure-server ssl-policy default_policy
http secure-server enable
http server permit interface GigabitEthernet0/0/0
#
fib regularly-refresh disable
#
user-interface con 0
authentication-mode password
set authentication password cipher %^%#ldqKO$>Xw/5.o2KC#J`@~EDG4BYJ'~f8F3FV~e/3
Af\S)aqga5*%H'CVym#O%^%#
user-interface vty 0
authentication-mode aaa
user privilege level 15
user-interface vty 1 4
#
wlan ac
traffic-profile name default
security-profile name default
security-profile name default-wds
security wpa2 psk pass-phrase %^%#/+;z%#YEj.Y]/]N"dDy)Ge)KPW``JA5#2wH.,.-~%^%#
aes
ssid-profile name default
vap-profile name default
wds-profile name default
regulatory-domain-profile name default
air-scan-profile name default
rrm-profile name default
radio-2g-profile name default
radio-5g-profile name default
wids-spoof-profile name default
wids-profile name default
ap-system-profile name default
port-link-profile name default
wired-port-profile name default
ap-group name default
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
#
ops
#
autostart
#
secelog
#
ms-channel
#
return

142
ne_expr_2/s3.txt.txt
View File

@ -1,142 +0,0 @@
#
sysname S3
#
dns resolve
#
vlan batch 10
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name dot1xmac_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name multi_authen_profile
authentication-profile name portal_authen_profile
#
diffserv domain default
#
radius-server template default
#
pki realm default
certificate-check none
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
aaa
authentication-scheme default
authentication-mode local
authentication-scheme radius
authentication-mode radius
authorization-scheme default
authorization-mode local
accounting-scheme default
accounting-mode none
local-aaa-user password policy administrator
password history record number 0
password expire 0
domain default
authentication-scheme radius
accounting-scheme default
radius-server default
domain default_admin
authentication-scheme default
accounting-scheme default
local-user admin password irreversible-cipher $1c$3GgV!n|Zu$$nq7TY{L42<}bh%!$&\
UOth,TDxg`TByVn#Rx'I!#$
local-user admin privilege level 15
local-user admin service-type terminal http
#
interface Vlanif1
#
interface MEth0/0/1
ip address 192.168.1.253 255.255.255.0
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 10
mode lacp
#
interface GigabitEthernet0/0/1
eth-trunk 1
#
interface GigabitEthernet0/0/2
eth-trunk 1
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 10
stp edged-port enable
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface GigabitEthernet0/0/25
#
interface GigabitEthernet0/0/26
#
interface GigabitEthernet0/0/27
#
interface GigabitEthernet0/0/28
#
interface NULL0
#
undo icmp name timestamp-request receive
#
ssh server cipher aes256_ctr aes128_ctr
ssh server hmac sha2_256
ssh client cipher aes256_ctr aes128_ctr
ssh client hmac sha2_256
ssh server dh-exchange min-len 2048
#
user-interface con 0
authentication-mode aaa
user-interface vty 0 4
user-interface vty 16 20
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
#
ops
#
return

156
ne_expr_2/s4.txt.txt
View File

@ -1,156 +0,0 @@
#
sysname S4
#
vlan batch 20 30
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name dot1xmac_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name multi_authen_profile
authentication-profile name portal_authen_profile
#
dhcp enable
#
dhcp snooping enable
#
diffserv domain default
#
radius-server template default
#
pki realm default
certificate-check none
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
vlan 20
dhcp snooping enable
vlan 30
dhcp snooping enable
#
aaa
authentication-scheme default
authentication-mode local
authentication-scheme radius
authentication-mode radius
authorization-scheme default
authorization-mode local
accounting-scheme default
accounting-mode none
local-aaa-user password policy administrator
password history record number 0
password expire 0
domain default
authentication-scheme radius
accounting-scheme default
radius-server default
domain default_admin
authentication-scheme default
accounting-scheme default
local-user admin password irreversible-cipher $1c$!KEu5`>r/U$XH0oSdg%O*K{t>JY0_
J/I`r9Rf1"aW(ws]4]S^=+$
local-user admin privilege level 15
local-user admin service-type terminal http
#
interface Vlanif1
#
interface MEth0/0/1
ip address 192.168.1.253 255.255.255.0
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 20 30
mode lacp
#
interface GigabitEthernet0/0/1
eth-trunk 1
#
interface GigabitEthernet0/0/2
eth-trunk 1
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 20
stp edged-port enable
port-security enable
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 30
stp edged-port enable
port-security enable
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface GigabitEthernet0/0/25
#
interface GigabitEthernet0/0/26
#
interface GigabitEthernet0/0/27
#
interface GigabitEthernet0/0/28
#
interface NULL0
#
undo icmp name timestamp-request receive
#
ssh server cipher aes256_ctr aes128_ctr
ssh server hmac sha2_256
ssh client cipher aes256_ctr aes128_ctr
ssh client hmac sha2_256
ssh server dh-exchange min-len 2048
#
user-interface con 0
authentication-mode password
set authentication password cipher $1a$SFrKTa%+a4$4L)<7dU}{5G(z2Q*Gy0+_)r!T\az%
6O:[iC+^701$
user-interface vty 0 4
user-interface vty 16 20
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
#
ops
#
return

BIN
ne_expr_2/{1C8B4330-AF97-4D12-B73E-037D5523D7C9}.png.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 173 KiB

BIN
ne_expr_2/{2A9E53EC-06B2-4704-AE3F-35F1A3625A8D}.png.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 233 KiB

BIN
ne_expr_2/{374A14BD-D226-43DB-A4FE-221FE8E9C514}.png.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 132 KiB

BIN
ne_expr_2/{47C4A6AB-C168-42E1-9CE8-42AF14D5F8C7}.png.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 78 KiB

BIN
ne_expr_2/{577D5AC7-2E99-4E16-ADBE-081DF37B8FD0}.png.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 80 KiB

BIN
ne_expr_2/{6CEA5711-0BAA-4C25-BD5E-75798724C5D1}.png.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 116 KiB

BIN
ne_expr_2/{6D994F59-2296-4D02-BB3A-E77C4710AB99}.png.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 161 KiB

BIN
ne_expr_2/{7D4FA9E9-5A24-4F57-A2FA-3D1F4B9D5C5F}.png.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 51 KiB

BIN
ne_expr_2/{A1A4A426-554A-4926-A27E-86B752F66115}.png.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 77 KiB

BIN
ne_expr_2/{A8FD3D0F-343F-4109-B94A-83AFDDED0F8B}.png.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 48 KiB

BIN
ne_expr_2/{B9ABB5AF-70AF-44A9-B85B-299251D61713}.png.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 138 KiB

BIN
ne_expr_2/{BC5A7130-05DF-4B18-8D30-CE19F9A52366}.png.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 252 KiB

BIN
ne_expr_2/{BDE9B1E7-7878-43A1-8449-F33ACE792E33}.png.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 119 KiB

BIN
ne_expr_2/{C86AE363-1566-4884-B693-C0B6479ECF6D}.png.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 178 KiB

BIN
ne_expr_2/{DA8A21BA-8B78-4804-B7E7-2A92E5347E53}.png.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 106 KiB

BIN
ne_expr_2/{E0D418DB-04C2-46DA-A0AB-EF64E154EBD1}.png.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 102 KiB

BIN
ne_expr_2/{E8AC7E26-A0FC-4541-A4B1-CA75416E9339}.png.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 64 KiB

BIN
ne_expr_2/{ED0A2BE7-0DE7-44D5-B2B1-18E7CD7DFDDC}.png.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 218 KiB

BIN
ne_expr_2/{ED88143D-B5F3-47FF-A018-5C100BCB4614}.png.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 110 KiB

BIN
ne_expr_2/{F2794DDE-A555-4ACB-92F5-5574DA293C60}.png.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 144 KiB

BIN
ne_expr_2/{FCAD8E82-03DC-4BBE-96B3-7FFEE7F628F0}.png.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 134 KiB

BIN
ne_expr_2/{FD2679C9-78AE-43CD-B952-5F17B5FA10CD}.png.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 184 KiB

BIN
theory/dcs_1.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 938 KiB

BIN
theory/dcs_10.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 465 KiB

BIN
theory/dcs_11.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 456 KiB

BIN
theory/dcs_12.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 543 KiB

BIN
theory/dcs_13.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 948 KiB

BIN
theory/dcs_14.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 459 KiB

BIN
theory/dcs_15.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 561 KiB

BIN
theory/dcs_16.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 457 KiB

BIN
theory/dcs_17.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.2 MiB

BIN
theory/dcs_18.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 564 KiB

BIN
theory/dcs_19.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 463 KiB

BIN
theory/dcs_2.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 661 KiB

BIN
theory/dcs_20.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 696 KiB

BIN
theory/dcs_21.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 523 KiB

BIN
theory/dcs_22.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 450 KiB

BIN
theory/dcs_23.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 726 KiB

BIN
theory/dcs_24.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 576 KiB

BIN
theory/dcs_25.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 455 KiB

BIN
theory/dcs_26.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 528 KiB

BIN
theory/dcs_27.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 454 KiB

BIN
theory/dcs_28.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 742 KiB

BIN
theory/dcs_29.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 547 KiB

BIN
theory/dcs_3.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 668 KiB

BIN
theory/dcs_30.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 457 KiB

BIN
theory/dcs_31.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 406 KiB

BIN
theory/dcs_32.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 578 KiB

BIN
theory/dcs_33.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 464 KiB

BIN
theory/dcs_34.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 704 KiB

BIN
theory/dcs_35.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 652 KiB

BIN
theory/dcs_36.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 457 KiB

BIN
theory/dcs_37.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 621 KiB

BIN
theory/dcs_38.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 556 KiB

BIN
theory/dcs_39.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 454 KiB

BIN
theory/dcs_4.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 517 KiB

BIN
theory/dcs_40.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 719 KiB

BIN
theory/dcs_41.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 558 KiB

BIN
theory/dcs_42.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 452 KiB

BIN
theory/dcs_43.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 788 KiB

BIN
theory/dcs_44.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 608 KiB

BIN
theory/dcs_45.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 457 KiB

BIN
theory/dcs_46.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 781 KiB

BIN
theory/dcs_47.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 572 KiB

BIN
theory/dcs_48.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 455 KiB

BIN
theory/dcs_49.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 762 KiB

BIN
theory/dcs_5.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 472 KiB

BIN
theory/dcs_50.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 484 KiB

BIN
theory/dcs_51.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 458 KiB

Some files were not shown because too many files have changed in this diff Show More