H3C MSR930 ×××配置命令

发布时间:2019-08-31 09:40:46编辑:auto阅读(2066)

    Username:admin
    Password:
    < H3C>dis cu
    #
    version 5.20, Release 2313
    #
    sysname H3C
    #
    domain default enable system
    #
    dns proxy enable
    #
    telnet server enable
    #
    dar p2p signature-file flash:/p2p_default.mtd
    #
    port-security enable
    #
    password-recovery enable
    #
    acl number 2010
    #
    acl number 3000
    rule 0 permit ip source 192.168.180.0 0.0.0.255 destination 192.168.199.0 0.0.0.255
    acl number 3010
    rule 0 deny ip source 192.168.180.0 0.0.0.255 destination 192.168.199.0 0.0.0.255[310是通过命令行建立的,这里的意思是不是指规则0拒绝源IP访问目的IP?]
    rule 5 permit ip
    #               
    vlan 1         
    #               
    domain system   
    access-limit disable
    state active   
    idle-cut disable
    self-service-url disable
    #               
    ike proposal 1  
    encryption-algorithm 3des-cbc
    dh group2      
    sa duration 28800
    #               
    ike peer xtdtozb
    proposal 1     
    pre-shared-key cipher $c$3$vWGBU5xCzUKd5l++NnV0uWFE6EqlQANCczA5GyU=
    remote-address 210.10.200.210  [为保密,修改过]
    local-address 210.10.200.230   [为保密,修改过]
    #               
    ipsec transform-set xtdtozb
    encapsulation-mode tunnel
    transform esp  
    esp authentication-algorithm sha1
    esp encryption-algorithm 3des
    #               
    ipsec policy 1048576 1 isakmp
    connection-name xtdtozb
    security acl 3000
    pfs dh-group2  
    ike-peer xtdtozb
    transform-set xtdtozb
    sa duration traffic-based 1843200
    sa duration time-based 28800
    #               
    dhcp server ip-pool vlan1 extended
    #               
    user-group system
    group-attribute allow-guest
    #               
    local-user admin
    password cipher $c$3$LhwixC6Vs/KHKJ8XH6gRh1VPGaT2LUBOeqJ7lnQD
    authorization-attribute level 3
    service-type telnet
    service-type web
    #               
    cwmp            
    undo cwmp enable
    #               
    interface Aux0  
    async mode flow
    link-protocol ppp
    #               
    interface Cellular0/0
    async mode protocol
    link-protocol ppp
    #               
    interface NULL0
    #               
    interface Vlan-interface1
    ip address 192.168.180.253 255.255.255.0
    undo dhcp select server global-pool
    dhcp server apply ip-pool vlan1
    ipsec no-nat-process enable
    #               
    interface GigabitEthernet0/0
    port link-mode route
    nat outbound 3010
    ip address 210.10.200.230   [为保密,修改过] 255.255.255.128
    ipsec no-nat-process enable
    ipsec policy 1048576
    dns server 202.96.128.86
    dns server 202.96.128.128
    #               
    interface GigabitEthernet0/1
    port link-mode bridge
    #               
    interface GigabitEthernet0/2
    port link-mode bridge
    #               
    interface GigabitEthernet0/3
    port link-mode bridge
    #               
    interface GigabitEthernet0/4
    port link-mode bridge
    #               
    ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0 210.10.200.110   [为保密,修改过]
    #               
    nms primary monitor-interface GigabitEthernet0/0
    #               
    load xml-configuration
    #               
    load tr069-configuration
    #               
    user-interface tty 12
    user-interface aux 0
    user-interface vty 0 4
    authentication-mode scheme
    #               
    return         
    < H3C>
    < H3C>dis ike da
                 ^
    % Unrecognized command found at '^' position.
    < H3C>dis ike sa
        total phase-1 SAs:  1
        connection-id  peer                    flag        phase   doi
      ----------------------------------------------------------------
         488           210.10.200.210          RD          1       IPSEC
         717           210.10.200.210          RD          2       IPSEC

      flag meaning
      RD--READY ST--STAYALIVE RL--REPLACED FD--FADING TO--TIMEOUT RK--REKEY
    < H3C>dis ipsec sa
    ===============================
    Interface: GigabitEthernet0/0
        path MTU: 1500
    ===============================

      -----------------------------
      IPsec policy name: "1048576"
      sequence number: 1
      acl version: ACL4
      mode: isakmp
      -----------------------------
        PFS: Y,  DH group: 2
        tunnel:
            local  address: 210.10.200.210  [为保密,修改过]
            remote address: 210.10.200.230   [为保密,修改过]
        flow:
            sour addr: 192.168.180.0/255.255.255.0  port: 0  protocol: IP
            dest addr: 192.168.199.0/255.255.255.0  port: 0  protocol: IP

        [inbound ESP SAs]
          spi: 0xB56E74AA(3043914922)
          transform: ESP-ENCRYPT-3DES ESP-AUTH-SHA1
          in use setting: Tunnel
          connection id: 5
          sa duration (kilobytes/sec): 1843200/28800
          sa remaining duration (kilobytes/sec): 1843182/20441
          anti-replay detection: Enabled
            anti-replay window size(counter based): 32
          udp encapsulation used for nat traversal: N
                   
        [outbound ESP SAs]
          spi: 0x7E10BFD(132189181)
          transform: ESP-ENCRYPT-3DES ESP-AUTH-SHA1
          in use setting: Tunnel
          connection id: 6
          sa duration (kilobytes/sec): 1843200/28800
          sa remaining duration (kilobytes/sec): 1843192/20441
          anti-replay detection: Enabled
            anti-replay window size(counter based): 32
          udp encapsulation used for nat traversal: N
    < H3C>

关键字

上一篇: Python 经典算法100及解析

下一篇: python lambda