H3C路由器固定IP地址标准配置
#
version 5.20, Alpha 1503
#
sysname TH
#
configure-user count 5
#
firewall enable //使能防火墙功能
#
domain default enable system
#
dns resolve
dns server 218.74.122.74
dns server 218.74.122.66
#
telnet server enable
#
undo l2fw fast-forwarding
#
vlan 1
#
radius scheme system
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
traffic classifier test operator and //流量分类器test，条件操作为“逻辑与” if-match acl 3999 //匹配ACL3999
traffic classifier mac operator or //流量分类器mac，条件操作为“逻辑或” if-match source-mac 00e0-4c02-29b4 //匹配源MAC 00e0-4c02-29b4
if-match source-mac 00e0-4cf0-189f //匹配源MAC 00e0-4cf0-189f
if-match source-mac 0050-8d6e-c328 //匹配源MAC 0050-8d6e-c328
#
traffic behavior permit //流量行为permit
filter permit //过滤操作为“允许转发”
traffic behavior deny //流量行为deny
filter deny //过滤操作为“拒绝、丢弃”
#
qos policy test //QoS策略test
classifier test behavior permit //对流分类test允许通过，即允许任意源访问192.168.1.0/24
classifier mac behavior deny //对流分类mac拒绝并丢弃，即不允许mac访问除192.168.1.0外的网段
#
dhcp server ip-pool 1
network 192.168.1.0 mask 255.255.255.0
gateway-list 192.168.1.1
nbns-list 218.74.122.66
expired day 10 hour 12
#
local-user admin
password simple adminlogin
service-type telnet
level 3
#
acl number 2000
rule 0 permit source 192.168.1.0 0.0.0.255
rule 1 deny
#
acl number 3000 //ACL3000为防火墙策略
description match the destination ip-address
rule 0 deny ip source 192.168.1.68 0 //不允许源192.168.1.68访问
acl number 3999 //ACL3999用于流分类test匹配
rule 0 permit ip destination 192.168.1.0 0.0.0.255 //匹配目的网段192.168.1.0/24
#
wlan rrm
11a mandatory-rate 6 12 24
11a supported-rate 9 18 36 48 54
11b mandatory-rate 1 2
11b supported-rate 5.5 11
11g mandatory-rate 1 2 5.5 11
11g supported-rate 6 9 12 18 24 36 48 54
#
interface Analogmodem0/0
async mode flow
link-protocol ppp
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Ethernet0/0
port link-mode route
firewall packet-filter 3000 outbound //在出方向应用ACL3000的防火墙策略 nat outbound 2000
ip address 61.153.222.250 255.255.255.252
#
interface Ethernet0/3
port link-mode route
ip address 192.168.1.1 255.255.255.0
qos apply policy test inbound //在入方向应用QoS策略test
#
interface NULL0
#
interface Ethernet0/1
port link-mode bridge
#
interface Ethernet0/2
port link-mode bridge
#
interface Ethernet0/4
port link-mode bridge
#
interface WLAN-Radio2/0
radio-type 11g
#
ip route-static 0.0.0.0 0.0.0.0 61.153.222.249
#
dhcp enable
#
user-interface tty 0
redirect listen-port 2000
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#。