H3C U200-S 配置实例

<U200-S>dis cur                    
#
 version 5.20, Beta 5104
#
 sysname U200-S
#
 ftp server enable
#
 undo voice vlan mac-address 00e0-bb00-0000
#
 domain default enable system
#
 telnet server enable
#
 qos carl 1 source-ip-address subnet 10.58.9.0 24 per-address shared-bandwidth
 qos carl 2 destination-ip-address subnet 10.58.9.0 24 per-address shared-bandwidth
 qos carl 3 source-ip-address subnet 10.58.11.0 24 per-address shared-bandwidth
 qos carl 4 destination-ip-address subnet 10.58.11.0 24 per-address shared-bandwidth
 qos carl 5 source-ip-address subnet 10.58.12.0 24 per-address shared-bandwidth
 qos carl 6 destination-ip-address subnet 10.58.12.0 24 per-address shared-bandwidth
 qos carl 7 source-ip-address subnet 10.58.13.0 24 per-address shared-bandwidth
 qos carl 8 source-ip-address subnet 10.58.13.0 24 per-address shared-bandwidth
#
 time-range test 06:00 to 23:00 daily
#              
acl number 3001
 rule 0 deny tcp source-port eq 3127
 rule 1 deny tcp source-port eq 1025
 rule 2 deny tcp source-port eq 5554
 rule 3 deny tcp source-port eq 9996
 rule 4 deny tcp source-port eq 1068
 rule 5 deny tcp source-port eq 135
 rule 6 deny udp source-port eq 135
 rule 7 deny tcp source-port eq 137
 rule 8 deny udp source-port eq netbios-ns
 rule 9 deny tcp source-port eq 138
 rule 10 deny udp source-port eq netbios-dgm
 rule 11 deny tcp source-port eq 139
 rule 12 deny udp source-port eq netbios-ssn
 rule 13 deny tcp source-port eq 593
 rule 15 deny tcp source-port eq 5800
 rule 16 deny tcp source-port eq 5900
 rule 18 deny tcp source-port eq 8998
 rule 19 deny tcp source-port eq 445
 rule 20 deny udp source-port eq 445
 rule 21 deny udp source-port eq 1434
 rule 30 deny tcp destination-port eq 3127
 rule 31 deny tcp destination-port eq 1025
 rule 32 deny tcp destination-port eq 5554
 rule 33 deny tcp destination-port eq 9996
 rule 34 deny tcp destination-port eq 1068
 rule 35 deny tcp destination-port eq 135
 rule 36 deny udp destination-port eq 135
 rule 37 deny tcp destination-port eq 137
 rule 38 deny udp destination-port eq netbios-ns
 rule 39 deny tcp destination-port eq 138
 rule 40 deny udp destination-port eq netbios-dgm
 rule 41 deny tcp destination-port eq 139
 rule 42 deny udp destination-port eq netbios-ssn
 rule 43 deny tcp destination-port eq 593
 rule 44 deny tcp destination-port eq 4444
 rule 45 deny tcp destination-port eq 5800
 rule 46 deny tcp destination-port eq 5900
 rule 48 deny tcp destination-port eq 8998
 rule 49 deny tcp destination-port eq 445
 rule 50 deny udp destination-port eq 445
 rule 51 deny udp destination-port eq 1434
acl number 3999
 rule 0 permit ip
#
acl accelerate number 3001
acl accelerate number 3999
#
vlan 1
#
domain system
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
#
qos policy qos
#
user-group system
#
local-user admin
 password cipher ];]_K)@WJ`'Q=^Q`MAF4<1!!
 authorization-attribute level 3
 service-type telnet terminal
 service-type ftp
local-user h3c
 password cipher ];]_K)@WJ`'Q=^Q`MAF4<1!!
 authorization-attribute level 3
 service-type telnet
#
interface Ethernet0/0
 port link-mode route
 ip address 10.254.254.1 255.255.255.0
#
interface NULL0
#
interface GigabitEthernet0/0
 port link-mode route
 ip address 192.168.0.1 255.255.255.0
#
interface GigabitEthernet0/1
 port link-mode route
 nat server protocol tcp global 10.58.1.1 8080 inside 10.254.254.2 www
 ip address 10.58.1.1 255.255.255.0
 qos car inbound carl 1 cir 300000 cbs 300000 ebs 300000 green pass red discard
 qos car inbound carl 3 cir 300000 cbs 300000 ebs 300000 green pass red discard
 qos car inbound carl 5 cir 300000 cbs 300000 ebs 300000 green pass red discard
 qos car inbound carl 7 cir 300000 cbs 300000 ebs 300000 green pass red discard
 qos car outbound carl 2 cir 400000 cbs 400000 ebs 400000 green pass red discard
 qos car outbound carl 4 cir 400000 cbs 400000 ebs 400000 green pass red discard
 qos car outbound carl 6 cir 400000 cbs 400000 ebs 400000 green pass red discard
 qos car outbound carl 8 cir 400000 cbs 400000 ebs 400000 green pass red discard
#
interface GigabitEthernet0/2
 port link-mode route
 nat server protocol tcp global 218.17.208.134 www inside 10.58.1.1 www
 ip address 218.17.208.134 255.255.255.252
 tcp mss 1250
#
interface GigabitEthernet0/3
 port link-mode route
 ip address 10.58.100.254 255.255.255.0
#
interface GigabitEthernet0/4
 port link-mode route
 ip address 10.58.50.254 255.255.255.0
#
 ip route-static 0.0.0.0 0.0.0.0 218.17.208.133
 ip route-static 10.58.0.0 255.255.0.0 10.58.1.254 preference 50
#
 load xml-configuration
#
user-interface con 0
user-interface vty 0 4
 authentication-mode scheme
 protocol inbound telnet
#
return

本文出自 “陈高儒的博客” 博客，转载请与作者联系！