AR28-11+S3928P-EI+S2403H-HI组合配置实例

<TYS-ZongGongHui-AR28-11>display current-configuration
#
sysname TYS-ZongGongHui-AR28-11
#
#
local-user password-display-mode cipher-force
#
cpu-usage cycle 1min
#
firewall enable
#
nat aging-time tcp 300
nat aging-time pptp 300
nat aging-time dns 10
nat aging-time ftp-ctrl 300
nat aging-time tcp-fin 10
nat aging-time tcp-syn 10
#
undo icmp redirect send
undo icmp unreach send
#
DNS resolve
DNS server 202.99.192.66
DNS server 202.99.192.68
#
radius scheme system
#
domain system
#
local-user huawei
password cipher 5W97B'/VOV+Q=^Q`MAF4<1!!
service-type telnet
level 1
#
acl number 2000 match-order auto
rule 1 permit source 192.168.0.0 0.0.0.255
rule 10 deny
#
acl number 3001
description WAN-WaiWang
rule 0 deny tcp source-port eq 67 destination-port eq 9996
rule 1 deny tcp source-port range 135 139
rule 2 deny tcp source-port eq 138 destination-port eq 445
rule 3 deny tcp source-port eq 445 destination-port eq 135
rule 4 deny tcp source-port eq 445
rule 5 deny tcp source-port eq 555
rule 6 deny tcp source-port eq 593
rule 7 deny tcp source-port range 1022 1025
rule 8 deny tcp source-port eq 1034 destination-port eq www
rule 9 deny tcp source-port eq 1068
rule 10 deny tcp source-port range 1433 1434
rule 12 deny tcp source-port eq 1871
rule 13 deny tcp source-port eq 2745
rule 14 deny tcp source-port eq 3127
rule 15 deny tcp source-port eq 3127 destination-port eq 1434
rule 16 deny tcp source-port eq 3208
rule 17 deny tcp source-port range 4331 4334
rule 18 deny tcp source-port eq 4444
rule 19 deny tcp source-port eq 4510
rule 20 deny tcp source-port eq 4557
rule 21 deny tcp source-port eq 5554
rule 22 deny tcp source-port eq 5554 destination-port range 9995 9996
rule 23 deny tcp source-port eq 5800
rule 24 deny tcp source-port eq 5900
rule 25 deny tcp source-port eq 6129
rule 26 deny tcp source-port eq 6667
rule 27 deny tcp source-port eq 8998
rule 28 deny tcp source-port range 9995 9996

[ 本帖最后由 ATWX 于 2007-9-18 16:45 编辑 ]

rule 29 deny tcp source-port eq 10080
rule 30 deny tcp destination-port eq 8
rule 31 deny tcp destination-port eq 69
rule 32 deny tcp destination-port eq www
rule 33 deny tcp destination-port eq ftp
rule 34 deny tcp destination-port eq exec
rule 35 deny tcp destination-port range 133 139
rule 36 deny tcp destination-port eq 445
rule 37 deny tcp destination-port eq 539
rule 38 deny tcp destination-port eq 593
rule 39 deny tcp destination-port eq 707
rule 40 deny tcp destination-port range 1022 1025
rule 41 deny tcp destination-port eq 1068
rule 42 deny tcp destination-port eq 1080
rule 43 deny tcp destination-port eq 1334
rule 44 deny tcp destination-port range 1433 1434
rule 45 deny tcp destination-port eq 1871
rule 46 deny tcp destination-port eq 1978
rule 47 deny tcp destination-port eq 2710
rule 48 deny tcp destination-port eq 2745
rule 49 deny tcp destination-port range 3127 3128
rule 50 deny tcp destination-port eq 3208
rule 51 deny tcp destination-port eq 3389
rule 52 deny tcp destination-port range 4331 4334
rule 53 deny tcp destination-port eq 4444
rule 54 deny tcp destination-port eq 4510
rule 55 deny tcp destination-port eq 4557
rule 56 deny tcp destination-port range 4661 4662
rule 57 deny tcp destination-port eq 4899
rule 58 deny tcp destination-port range 5554 5556
rule 59 deny tcp destination-port eq 5800
rule 60 deny tcp destination-port eq 5900
rule 61 deny tcp destination-port eq 6129
rule 62 deny tcp destination-port eq 6588
rule 63 deny tcp destination-port eq 6667
rule 64 deny tcp destination-port range 6881 6889
rule 65 deny tcp destination-port eq 6969
rule 66 deny tcp destination-port eq 8080
rule 67 deny tcp destination-port range 8881 8999
rule 68 deny tcp destination-port range 9995 9996
rule 69 deny tcp destination-port eq 10080
rule 70 deny tcp destination-port eq 10137
rule 71 deny tcp destination-port eq 16881
rule 72 deny tcp destination-port eq 64444
rule 73 deny tcp destination-port eq sunrpc
rule 74 deny udp source-port eq 135
rule 75 deny udp source-port eq 445
rule 76 deny udp source-port eq 1068
rule 77 deny udp source-port range 1433 1434
rule 78 deny udp source-port eq 1434 destination-port eq 135
rule 79 deny udp source-port eq bootps
rule 80 deny udp source-port eq netbios-ns
rule 81 deny udp source-port eq netbios-ssn
rule 82 deny udp source-port eq netbios-ssn destination-port eq 445
rule 83 deny udp source-port eq netbios-dgm
rule 84 deny udp destination-port range 133 136
rule 85 deny udp destination-port eq 389
rule 86 deny udp destination-port eq 445
rule 87 deny udp destination-port eq 539
rule 88 deny udp destination-port eq 593
rule 89 deny udp destination-port eq 1025
rule 90 deny udp destination-port eq 1334
rule 91 deny udp destination-port range 1433 1434
rule 92 deny udp destination-port eq 3500
rule 93 deny udp destination-port eq 4665
rule 94 deny udp destination-port eq 4672
rule 95 deny udp destination-port eq 5556
rule 96 deny udp destination-port range 6881 6889
rule 97 deny udp destination-port eq 9996
rule 98 deny udp destination-port eq snmp
rule 99 deny udp destination-port eq tftp
rule 100 deny udp destination-port eq netbios-ns
rule 101 deny udp destination-port eq netbios-dgm
rule 102 deny udp destination-port eq netbios-ssn
rule 103 permit icmp icmp-type echo
rule 104 permit icmp icmp-type echo-reply
rule 105 permit icmp icmp-type ttl-exceeded
rule 106 deny icmp
rule 107 permit ip destination 16.22.33.100 0.0.0.3
rule 108 permit ip destination 192.168.0.0 0.0.0.255
rule 2000 deny ip

acl number 3002
description LAN-NeiWang
rule 0 deny tcp source-port eq 67 destination-port eq 9996
rule 1 deny tcp source-port range 135 139
rule 2 deny tcp source-port eq 138 destination-port eq 445
rule 3 deny tcp source-port eq 445 destination-port eq 135
rule 4 deny tcp source-port eq 445
rule 5 deny tcp source-port eq 555
rule 6 deny tcp source-port eq 593
rule 7 deny tcp source-port range 1022 1025
rule 8 deny tcp source-port eq 1034 destination-port eq www
rule 9 deny tcp source-port eq 1068
rule 10 deny tcp source-port range 1433 1434
rule 12 deny tcp source-port eq 1871
rule 13 deny tcp source-port eq 2745
rule 14 deny tcp source-port eq 3127
rule 15 deny tcp source-port eq 3127 destination-port eq 1434
rule 16 deny tcp source-port eq 3208
rule 17 deny tcp source-port range 4331 4334
rule 18 deny tcp source-port eq 4444
rule 19 deny tcp source-port eq 4510
rule 20 deny tcp source-port eq 4557
rule 21 deny tcp source-port eq 5554
rule 22 deny tcp source-port eq 5554 destination-port range 9995 9996
rule 23 deny tcp source-port eq 5800
rule 24 deny tcp source-port eq 5900
rule 25 deny tcp source-port eq 6129
rule 26 deny tcp source-port eq 6667
rule 27 deny tcp source-port eq 8998
rule 28 deny tcp source-port range 9995 9996
rule 29 deny tcp source-port eq 10080
rule 30 deny tcp destination-port eq 8
rule 31 deny tcp destination-port eq 69
rule 33 deny tcp destination-port eq ftp
rule 34 deny tcp destination-port eq exec
rule 35 deny tcp destination-port range 133 139
rule 36 deny tcp destination-port eq 445
rule 37 deny tcp destination-port eq 539
rule 38 deny tcp destination-port eq 593
rule 39 deny tcp destination-port eq 707
rule 40 deny tcp destination-port range 1022 1025
rule 41 deny tcp destination-port eq 1068
rule 42 deny tcp destination-port eq 1080
rule 43 deny tcp destination-port eq 1334
rule 44 deny tcp destination-port range 1433 1434
rule 45 deny tcp destination-port eq 1871
rule 46 deny tcp destination-port eq 1978
rule 47 deny tcp destination-port eq 2710
rule 48 deny tcp destination-port eq 2745
rule 49 deny tcp destination-port range 3127 3128
rule 50 deny tcp destination-port eq 3208
rule 51 deny tcp destination-port eq 3389
rule 52 deny tcp destination-port range 4331 4334
rule 53 deny tcp destination-port eq 4444
rule 54 deny tcp destination-port eq 4510
rule 55 deny tcp destination-port eq 4557
rule 56 deny tcp destination-port range 4661 4662
rule 57 deny tcp destination-port eq 4899
rule 58 deny tcp destination-port range 5554 5556
rule 59 deny tcp destination-port eq 5800
rule 60 deny tcp destination-port eq 5900
rule 61 deny tcp destination-port eq 6129
rule 62 deny tcp destination-port eq 6588
rule 63 deny tcp destination-port eq 6667
rule 64 deny tcp destination-port range 6881 6889
rule 65 deny tcp destination-port eq 6969
rule 66 deny tcp destination-port eq 8080
rule 67 deny tcp destination-port range 8881 8999
rule 68 deny tcp destination-port range 9995 9996
rule 69 deny tcp destination-port eq 10080
rule 70 deny tcp destination-port eq 10137
rule 71 deny tcp destination-port eq 16881
rule 72 deny tcp destination-port eq 64444
rule 73 deny tcp destination-port eq sunrpc
rule 74 deny udp source-port eq 135
rule 75 deny udp source-port eq 445
rule 76 deny udp source-port eq 1068
rule 77 deny udp source-port range 1433 1434
rule 78 deny udp source-port eq 1434 destination-port eq 135
rule 79 deny udp source-port eq bootps
rule 80 deny udp source-port eq netbios-ns
rule 81 deny udp source-port eq netbios-ssn
rule 82 deny udp source-port eq netbios-ssn destination-port eq 445
rule 83 deny udp source-port eq netbios-dgm
rule 84 deny udp destination-port range 133 136
rule 85 deny udp destination-port eq 389
rule 86 deny udp destination-port eq 445
rule 87 deny udp destination-port eq 539
rule 88 deny udp destination-port eq 593
rule 89 deny udp destination-port eq 1025
rule 90 deny udp destination-port eq 1334
rule 91 deny udp destination-port range 1433 1434
rule 92 deny udp destination-port eq 3500
rule 93 deny udp destination-port eq 4665
rule 94 deny udp destination-port eq 4672
rule 95 deny udp destination-port eq 5556
rule 96 deny udp destination-port range 6881 6889
rule 97 deny udp destination-port eq 9996
rule 98 deny udp destination-port eq snmp
rule 99 deny udp destination-port eq tftp
rule 100 deny udp destination-port eq netbios-ns
rule 101 deny udp destination-port eq netbios-dgm
rule 102 deny udp destination-port eq netbios-ssn
rule 103 permit icmp icmp-type echo
rule 104 permit icmp icmp-type echo-reply
rule 105 permit icmp icmp-type ttl-exceeded
rule 106 deny icmp
rule 2000 permit ip source 192.168.0.0 0.0.0.255
rule 3000 deny ip
#
interface Aux0
async mode flow
#
interface Ethernet0/0
description to S3928P-EI E 1/0/24
ip address 172.24.1.101 255.255.255.252
firewall packet-filter 3002 inbound
#
interface Ethernet0/1
description ShangLian S6503-(1/0/5)
ip address 16.22.33.102 255.255.255.252
firewall packet-filter 3001 inbound
nat outbound 2000
#
interface Serial0/0
clock DTECLK1
link-protocol ppp
shutdown
ip address dhcp-alloc
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 16.22.33.101 preference 60
ip route-static 10.0.0.0 255.0.0.0 NULL 0 preference 60
ip route-static 169.254.0.0 255.255.0.0 NULL 0 preference 60
ip route-static 192.168.0.0 255.255.255.0 172.24.1.102 preference 60
#
ntp-service unicast-server 202.112.10.60
ntp-service unicast-server 207.46.130.100
#
user-interface con 0
authentication-mode password
user-interface aux 0
set authentication password cipher 5W97B'/VOV+Q=^Q`MAF4<1!!
user-interface vty 0 4
authentication-mode scheme
#
return
<TYS-ZongGongHui-AR28-11>
<TYS-ZongGongHui-AR28-11>dis arp
Type: S-Static D-Dynamic A-Authorized
IP Address MAC Address Type Vpn-instance Name Interface
16.22.33.101 00e0-fc6a-ff77 D Eth0/1
172.24.1.102 000f-e24c-661e D Eth0/0

--- 2 entries found ---

<TYS-ZongGongHui-AR28-11>dis ip rou
Routing Table: public net
Destination/Mask Protocol Pre Cost Nexthop Interface
0.0.0.0/0 STATIC 60 0 16.22.33.101 Ethernet0/1
10.0.0.0/8 STATIC 60 0 0.0.0.0 NULL0
127.0.0.0/8 DIRECT 0 0 127.0.0.1 InLoopBack0
127.0.0.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0
169.254.0.0/16 STATIC 60 0 0.0.0.0 NULL0
172.24.1.100/30 DIRECT 0 0 172.24.1.101 Ethernet0/0
172.24.1.101/32 DIRECT 0 0 127.0.0.1 InLoopBack0
192.168.0.0/24 STATIC 60 0 172.24.1.102 Ethernet0/0
16.22.33.100/30 DIRECT 0 0 16.22.33.102 Ethernet0/1
16.22.33.102/32 DIRECT 0 0 127.0.0.1 InLoopBack0
<TYS-ZongGongHui-AR28-11>

以上部分为AR28-11的配置


<TYS-ZongGongHui-AR28-11>tel
<TYS-ZongGongHui-AR28-11>telnet 192.168.0.1
Trying 192.168.0.1 ...
Press CTRL+K to abort
Connected to 192.168.0.1 ...
********************************************************************************
* Copyright(c) 1998-2007 Huawei Technologies Co., Ltd. All rights reserved. *
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
********************************************************************************


Login authentication


Username:cisoc
Password:
% Login failed!

Username:huawei
Password:
<S3928P-EI>
%Apr 7 18:14:31:723 2000 S3928P-EI SHELL/5/LOGIN:- 1 - huawei(172.24.1.101) in unit1 login
<S3928P-EI>lan ch
Change language mode, confirm? [Y/N]y
% 改变到中文模式。
<S3928P-EI>dis arp
类型: S-静态 D-动态
IP地址 MAC地址 VLAN ID 端口名/聚合链路号 老化时间 类型
192.168.0.16 0016-1723-804c 100 Ethernet1/0/5 0 D
192.168.0.178 0000-39e3-e1f3 100 Ethernet1/0/3 0 D
192.168.0.23 0020-ed3c-17fb 100 Ethernet1/0/5 0 D
172.24.1.101 000f-e261-5431 94 Ethernet1/0/24 11 D
172.22.1.3 000f-e242-8489 80 Ethernet1/0/3 12 D
172.22.1.4 000f-e242-84ec 80 Ethernet1/0/5 13 D
172.22.1.6 000f-e242-84ea 80 Ethernet1/0/5 13 D
172.22.1.5 000f-e242-84f6 80 Ethernet1/0/5 13 D

--- 8条ARP表项 ---

[ 本帖最后由 ATWX 于 2007-9-18 15:38 编辑 ]

<S3928P-EI>dis cu
#
sysname S3928P-EI
#
super password level 3 cipher :;(GD\S-.@(\`B0Z^=\BB!!!
#
loopback-detection enable
#
undo icmp redirect send
undo icmp unreach send
#
system-guard ip enable
system-guard tcn enable
#
radius scheme system
#
domain system
#
local-user huawei
password cipher 5W97B'/VOV+Q=^Q`MAF4<1!!
service-type telnet
level 1
#
acl number 3001
rule 0 deny tcp source-port eq 67 destination-port eq 9996
rule 4 deny tcp source-port eq 445
rule 5 deny tcp source-port eq 555
rule 6 deny tcp source-port eq 593
rule 8 deny tcp source-port eq 1034 destination-port eq www
rule 9 deny tcp source-port eq 1068
rule 12 deny tcp source-port eq 1871
rule 13 deny tcp source-port eq 2745
rule 14 deny tcp source-port eq 3127
rule 16 deny tcp source-port eq 3208
rule 18 deny tcp source-port eq 4444
rule 19 deny tcp source-port eq 4510
rule 20 deny tcp source-port eq 4557
rule 21 deny tcp source-port eq 5554
rule 23 deny tcp source-port eq 5800
rule 24 deny tcp source-port eq 5900
rule 25 deny tcp source-port eq 6129
rule 26 deny tcp source-port eq 6667
rule 27 deny tcp source-port eq 8998
rule 29 deny tcp source-port eq 10080
rule 30 deny tcp destination-port eq 8
rule 31 deny tcp destination-port eq 69
rule 34 deny tcp destination-port eq exec
rule 36 deny tcp destination-port eq 445
rule 37 deny tcp destination-port eq 539
rule 38 deny tcp destination-port eq 593
rule 39 deny tcp destination-port eq 707
rule 41 deny tcp destination-port eq 1068
rule 42 deny tcp destination-port eq 1080
rule 43 deny tcp destination-port eq 1334
rule 45 deny tcp destination-port eq 1871
rule 46 deny tcp destination-port eq 1978
rule 47 deny tcp destination-port eq 2710
rule 48 deny tcp destination-port eq 2745
rule 50 deny tcp destination-port eq 3208
rule 51 deny tcp destination-port eq 3389
rule 53 deny tcp destination-port eq 4444
rule 54 deny tcp destination-port eq 4510
rule 55 deny tcp destination-port eq 4557
rule 57 deny tcp destination-port eq 4899
rule 59 deny tcp destination-port eq 5800
rule 60 deny tcp destination-port eq 5900
rule 61 deny tcp destination-port eq 6129
rule 62 deny tcp destination-port eq 6588
rule 63 deny tcp destination-port eq 6667
rule 65 deny tcp destination-port eq 6969
rule 66 deny tcp destination-port eq 8080
rule 69 deny tcp destination-port eq 10080
rule 70 deny tcp destination-port eq 10137
rule 71 deny tcp destination-port eq 16881
rule 72 deny tcp destination-port eq 64444
rule 73 deny tcp destination-port eq sunrpc
rule 74 deny udp source-port eq 135
rule 75 deny udp source-port eq 445
rule 76 deny udp source-port eq 1068
rule 79 deny udp source-port eq bootps
rule 80 deny udp source-port eq netbios-ns
rule 81 deny udp source-port eq netbios-ssn
rule 83 deny udp source-port eq netbios-dgm
rule 85 deny udp destination-port eq 389
rule 86 deny udp destination-port eq 445
rule 87 deny udp destination-port eq 539
rule 88 deny udp destination-port eq 593
rule 89 deny udp destination-port eq 1025
rule 90 deny udp destination-port eq 1334
rule 92 deny udp destination-port eq 3500
rule 93 deny udp destination-port eq 4665
rule 94 deny udp destination-port eq 4672
rule 95 deny udp destination-port eq 5556
rule 97 deny udp destination-port eq 9996
rule 98 deny udp destination-port eq snmp
rule 99 deny udp destination-port eq tftp
rule 100 deny udp destination-port eq netbios-ns
rule 101 deny udp destination-port eq netbios-dgm
rule 102 deny udp destination-port eq netbios-ssn
rule 103 permit icmp icmp-type echo
rule 104 permit icmp icmp-type echo-reply
rule 105 permit icmp icmp-type ttl-exceeded
rule 106 deny icmp
rule 107 deny tcp destination-port eq 133
rule 108 deny tcp destination-port eq 134
rule 109 deny tcp destination-port eq 135
rule 110 deny tcp destination-port eq 136
rule 111 deny tcp destination-port eq 137
rule 112 deny tcp destination-port eq 138
rule 113 deny tcp destination-port eq 139
rule 114 deny tcp source-port eq 135
rule 115 deny tcp source-port eq 136
rule 116 deny tcp source-port eq 137
rule 117 deny tcp source-port eq 138
rule 118 deny tcp source-port eq 139
rule 119 deny tcp source-port eq 1022
rule 120 deny tcp source-port eq 1023
rule 121 deny tcp source-port eq 1024
rule 122 deny tcp source-port eq 1025
rule 123 deny tcp source-port eq 1433
rule 124 deny tcp source-port eq 1434
rule 125 deny tcp source-port eq 4331
rule 126 deny tcp source-port eq 4332
rule 127 deny tcp source-port eq 4333
rule 128 deny tcp source-port eq 4334
rule 129 deny tcp source-port eq 9995
rule 130 deny tcp source-port eq 9996
rule 131 deny tcp destination-port eq 1022
rule 132 deny tcp destination-port eq 1023
rule 133 deny tcp destination-port eq 1024
rule 134 deny tcp destination-port eq 1025
rule 135 deny tcp destination-port eq 1433
rule 136 deny tcp destination-port eq 1434
rule 137 deny tcp destination-port eq 3127
rule 138 deny tcp destination-port eq 3128
rule 139 deny tcp destination-port eq 4331
rule 140 deny tcp destination-port eq 4332
rule 141 deny tcp destination-port eq 4333
rule 142 deny tcp destination-port eq 4334
rule 143 deny tcp destination-port eq 4661
rule 144 deny tcp destination-port eq 4662
rule 145 deny tcp destination-port eq 5554
rule 146 deny tcp destination-port eq 5555
rule 147 deny tcp destination-port eq 5556
rule 148 deny tcp destination-port eq 6881
rule 149 deny tcp destination-port eq 6882
rule 150 deny tcp destination-port eq 6883
rule 151 deny tcp destination-port eq 6884
rule 152 deny tcp destination-port eq 6885
rule 153 deny tcp destination-port eq 6886
rule 154 deny tcp destination-port eq 6887
rule 155 deny tcp destination-port eq 6888
rule 156 deny tcp destination-port eq 6889
rule 157 deny tcp destination-port eq 9995
rule 158 deny tcp destination-port eq 9996
rule 159 deny udp source-port eq 1433
rule 160 deny udp source-port eq 1434
rule 161 deny udp destination-port eq 133
rule 162 deny udp destination-port eq 134
rule 163 deny udp destination-port eq 135
rule 164 deny udp destination-port eq 136
rule 165 deny udp destination-port eq 1433
rule 166 deny udp destination-port eq 1434
rule 167 deny udp destination-port eq 6881
rule 168 deny udp destination-port eq 6882
rule 169 deny udp destination-port eq 6883
rule 170 deny udp destination-port eq 6884
rule 171 deny udp destination-port eq 6885
rule 172 deny udp destination-port eq 6886
rule 173 deny udp destination-port eq 6887
rule 174 deny udp destination-port eq 6888
rule 175 deny udp destination-port eq 6889
#
vlan 1
#
vlan 80
description GuanLi
#
vlan 94
description AR28-11
#
vlan 100
description YeWu
#
interface Vlan-interface80
description GuanLi
ip address 172.22.1.1 255.255.255.0
#
interface Vlan-interface94
description to AR28-11 E 0/0
ip address 172.24.1.102 255.255.255.252
#
interface Vlan-interface100
description dhcp YeWu
ip address 192.168.0.1 255.255.255.0
#
interface Aux1/0/0
#
interface Ethernet1/0/1
broadcast-suppression 20
port access vlan 100
port isolate
#
interface Ethernet1/0/2
broadcast-suppression 20
port access vlan 100
port isolate

#
interface Ethernet1/0/3
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 80 100
broadcast-suppression 20
packet-filter inbound ip-group 3001 rule 0
packet-filter inbound ip-group 3001 rule 4
packet-filter inbound ip-group 3001 rule 5
packet-filter inbound ip-group 3001 rule 6
packet-filter inbound ip-group 3001 rule 8
packet-filter inbound ip-group 3001 rule 9
packet-filter inbound ip-group 3001 rule 12
packet-filter inbound ip-group 3001 rule 13
packet-filter inbound ip-group 3001 rule 14
packet-filter inbound ip-group 3001 rule 16
packet-filter inbound ip-group 3001 rule 18
packet-filter inbound ip-group 3001 rule 19
packet-filter inbound ip-group 3001 rule 20
packet-filter inbound ip-group 3001 rule 21
packet-filter inbound ip-group 3001 rule 23
packet-filter inbound ip-group 3001 rule 24
packet-filter inbound ip-group 3001 rule 25
packet-filter inbound ip-group 3001 rule 26
packet-filter inbound ip-group 3001 rule 27
packet-filter inbound ip-group 3001 rule 29
packet-filter inbound ip-group 3001 rule 30
packet-filter inbound ip-group 3001 rule 31
packet-filter inbound ip-group 3001 rule 34
packet-filter inbound ip-group 3001 rule 36
packet-filter inbound ip-group 3001 rule 37
packet-filter inbound ip-group 3001 rule 38
packet-filter inbound ip-group 3001 rule 39
packet-filter inbound ip-group 3001 rule 41
packet-filter inbound ip-group 3001 rule 42
packet-filter inbound ip-group 3001 rule 43
packet-filter inbound ip-group 3001 rule 45
packet-filter inbound ip-group 3001 rule 46
packet-filter inbound ip-group 3001 rule 47
packet-filter inbound ip-group 3001 rule 48
packet-filter inbound ip-group 3001 rule 50
packet-filter inbound ip-group 3001 rule 51
packet-filter inbound ip-group 3001 rule 53
packet-filter inbound ip-group 3001 rule 54
packet-filter inbound ip-group 3001 rule 55
packet-filter inbound ip-group 3001 rule 57
packet-filter inbound ip-group 3001 rule 59
packet-filter inbound ip-group 3001 rule 60
packet-filter inbound ip-group 3001 rule 61
packet-filter inbound ip-group 3001 rule 62
packet-filter inbound ip-group 3001 rule 63
packet-filter inbound ip-group 3001 rule 65
packet-filter inbound ip-group 3001 rule 66
packet-filter inbound ip-group 3001 rule 69
packet-filter inbound ip-group 3001 rule 70
packet-filter inbound ip-group 3001 rule 71
packet-filter inbound ip-group 3001 rule 72
packet-filter inbound ip-group 3001 rule 73
packet-filter inbound ip-group 3001 rule 74
packet-filter inbound ip-group 3001 rule 75
packet-filter inbound ip-group 3001 rule 76
packet-filter inbound ip-group 3001 rule 79
packet-filter inbound ip-group 3001 rule 80
packet-filter inbound ip-group 3001 rule 81
packet-filter inbound ip-group 3001 rule 83
packet-filter inbound ip-group 3001 rule 85
packet-filter inbound ip-group 3001 rule 86
description to 172.22.1.3
#
interface Ethernet1/0/4
broadcast-suppression 20
port access vlan 100
port isolate
#
interface Ethernet1/0/5
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 80 100
broadcast-suppression 20
packet-filter inbound ip-group 3001 rule 0
packet-filter inbound ip-group 3001 rule 4
packet-filter inbound ip-group 3001 rule 5
packet-filter inbound ip-group 3001 rule 6
packet-filter inbound ip-group 3001 rule 8
packet-filter inbound ip-group 3001 rule 9
packet-filter inbound ip-group 3001 rule 12
packet-filter inbound ip-group 3001 rule 13
packet-filter inbound ip-group 3001 rule 14
packet-filter inbound ip-group 3001 rule 16
packet-filter inbound ip-group 3001 rule 18
packet-filter inbound ip-group 3001 rule 19
packet-filter inbound ip-group 3001 rule 20
packet-filter inbound ip-group 3001 rule 21
packet-filter inbound ip-group 3001 rule 23
packet-filter inbound ip-group 3001 rule 24
packet-filter inbound ip-group 3001 rule 25
packet-filter inbound ip-group 3001 rule 26
packet-filter inbound ip-group 3001 rule 27
packet-filter inbound ip-group 3001 rule 29
packet-filter inbound ip-group 3001 rule 30
packet-filter inbound ip-group 3001 rule 31
packet-filter inbound ip-group 3001 rule 34
packet-filter inbound ip-group 3001 rule 36
packet-filter inbound ip-group 3001 rule 37
packet-filter inbound ip-group 3001 rule 38
packet-filter inbound ip-group 3001 rule 39
packet-filter inbound ip-group 3001 rule 41
packet-filter inbound ip-group 3001 rule 42
packet-filter inbound ip-group 3001 rule 43
packet-filter inbound ip-group 3001 rule 45
packet-filter inbound ip-group 3001 rule 46
packet-filter inbound ip-group 3001 rule 47
packet-filter inbound ip-group 3001 rule 48
packet-filter inbound ip-group 3001 rule 50
packet-filter inbound ip-group 3001 rule 51
packet-filter inbound ip-group 3001 rule 53
packet-filter inbound ip-group 3001 rule 54
packet-filter inbound ip-group 3001 rule 55
packet-filter inbound ip-group 3001 rule 57
packet-filter inbound ip-group 3001 rule 59
packet-filter inbound ip-group 3001 rule 60
packet-filter inbound ip-group 3001 rule 61
packet-filter inbound ip-group 3001 rule 62
packet-filter inbound ip-group 3001 rule 63
packet-filter inbound ip-group 3001 rule 65
packet-filter inbound ip-group 3001 rule 66
packet-filter inbound ip-group 3001 rule 69
packet-filter inbound ip-group 3001 rule 70
packet-filter inbound ip-group 3001 rule 71
packet-filter inbound ip-group 3001 rule 72
packet-filter inbound ip-group 3001 rule 73
packet-filter inbound ip-group 3001 rule 74
packet-filter inbound ip-group 3001 rule 75
packet-filter inbound ip-group 3001 rule 76
packet-filter inbound ip-group 3001 rule 79
packet-filter inbound ip-group 3001 rule 80
packet-filter inbound ip-group 3001 rule 81
packet-filter inbound ip-group 3001 rule 83
packet-filter inbound ip-group 3001 rule 85
packet-filter inbound ip-group 3001 rule 86
packet-filter inbound ip-group 3001 rule 87
packet-filter inbound ip-group 3001 rule 88
packet-filter inbound ip-group 3001 rule 89
packet-filter inbound ip-group 3001 rule 90
packet-filter inbound ip-group 3001 rule 92
packet-filter inbound ip-group 3001 rule 93
packet-filter inbound ip-group 3001 rule 94
packet-filter inbound ip-group 3001 rule 95
packet-filter inbound ip-group 3001 rule 97
packet-filter inbound ip-group 3001 rule 98
packet-filter inbound ip-group 3001 rule 99
packet-filter inbound ip-group 3001 rule 100
packet-filter inbound ip-group 3001 rule 101
packet-filter inbound ip-group 3001 rule 102
packet-filter inbound ip-group 3001 rule 103
packet-filter inbound ip-group 3001 rule 104
packet-filter inbound ip-group 3001 rule 105
packet-filter inbound ip-group 3001 rule 106
packet-filter inbound ip-group 3001 rule 107
packet-filter inbound ip-group 3001 rule 108
packet-filter inbound ip-group 3001 rule 109
packet-filter inbound ip-group 3001 rule 110
packet-filter inbound ip-group 3001 rule 111
packet-filter inbound ip-group 3001 rule 112
packet-filter inbound ip-group 3001 rule 113
packet-filter inbound ip-group 3001 rule 114
packet-filter inbound ip-group 3001 rule 115
packet-filter inbound ip-group 3001 rule 116
packet-filter inbound ip-group 3001 rule 117
packet-filter inbound ip-group 3001 rule 118
packet-filter inbound ip-group 3001 rule 119
packet-filter inbound ip-group 3001 rule 120
packet-filter inbound ip-group 3001 rule 121
packet-filter inbound ip-group 3001 rule 122
packet-filter inbound ip-group 3001 rule 123
packet-filter inbound ip-group 3001 rule 124
packet-filter inbound ip-group 3001 rule 125
packet-filter inbound ip-group 3001 rule 126
packet-filter inbound ip-group 3001 rule 127
packet-filter inbound ip-group 3001 rule 128
packet-filter inbound ip-group 3001 rule 129
packet-filter inbound ip-group 3001 rule 130
packet-filter inbound ip-group 3001 rule 131
packet-filter inbound ip-group 3001 rule 132
packet-filter inbound ip-group 3001 rule 133
packet-filter inbound ip-group 3001 rule 134
packet-filter inbound ip-group 3001 rule 135
packet-filter inbound ip-group 3001 rule 136
packet-filter inbound ip-group 3001 rule 137
packet-filter inbound ip-group 3001 rule 138
packet-filter inbound ip-group 3001 rule 139
packet-filter inbound ip-group 3001 rule 140
packet-filter inbound ip-group 3001 rule 141
packet-filter inbound ip-group 3001 rule 142
packet-filter inbound ip-group 3001 rule 143
packet-filter inbound ip-group 3001 rule 144
packet-filter inbound ip-group 3001 rule 145
packet-filter inbound ip-group 3001 rule 146
packet-filter inbound ip-group 3001 rule 147
packet-filter inbound ip-group 3001 rule 148
packet-filter inbound ip-group 3001 rule 149
packet-filter inbound ip-group 3001 rule 150
packet-filter inbound ip-group 3001 rule 151
packet-filter inbound ip-group 3001 rule 152
packet-filter inbound ip-group 3001 rule 153
packet-filter inbound ip-group 3001 rule 154
packet-filter inbound ip-group 3001 rule 155
packet-filter inbound ip-group 3001 rule 156
packet-filter inbound ip-group 3001 rule 157
packet-filter inbound ip-group 3001 rule 158
packet-filter inbound ip-group 3001 rule 159
packet-filter inbound ip-group 3001 rule 160
packet-filter inbound ip-group 3001 rule 161
packet-filter inbound ip-group 3001 rule 162
packet-filter inbound ip-group 3001 rule 163
packet-filter inbound ip-group 3001 rule 164
packet-filter inbound ip-group 3001 rule 165
packet-filter inbound ip-group 3001 rule 166
packet-filter inbound ip-group 3001 rule 167
packet-filter inbound ip-group 3001 rule 168
packet-filter inbound ip-group 3001 rule 169
packet-filter inbound ip-group 3001 rule 170
packet-filter inbound ip-group 3001 rule 171
packet-filter inbound ip-group 3001 rule 172
packet-filter inbound ip-group 3001 rule 173
packet-filter inbound ip-group 3001 rule 174
packet-filter inbound ip-group 3001 rule 175
description to 172.22.1.4 172.22.1.5 172.22.1.6
#

interface Ethernet1/0/6
broadcast-suppression 20
port access vlan 100
port isolate
#
interface Ethernet1/0/7
broadcast-suppression 20
port access vlan 100
port isolate
#
interface Ethernet1/0/8
broadcast-suppression 20
port access vlan 100
port isolate
#
interface Ethernet1/0/9
broadcast-suppression 20
port access vlan 100
port isolate
packet-filter inbound ip-group 3001 rule 0
packet-filter inbound ip-group 3001 rule 4
packet-filter inbound ip-group 3001 rule 5
packet-filter inbound ip-group 3001 rule 6
packet-filter inbound ip-group 3001 rule 8
packet-filter inbound ip-group 3001 rule 9
packet-filter inbound ip-group 3001 rule 12
packet-filter inbound ip-group 3001 rule 13
packet-filter inbound ip-group 3001 rule 14
packet-filter inbound ip-group 3001 rule 16
packet-filter inbound ip-group 3001 rule 18
packet-filter inbound ip-group 3001 rule 19
packet-filter inbound ip-group 3001 rule 20
packet-filter inbound ip-group 3001 rule 21
packet-filter inbound ip-group 3001 rule 23
packet-filter inbound ip-group 3001 rule 24
packet-filter inbound ip-group 3001 rule 25
packet-filter inbound ip-group 3001 rule 26
packet-filter inbound ip-group 3001 rule 27
packet-filter inbound ip-group 3001 rule 29
packet-filter inbound ip-group 3001 rule 30
packet-filter inbound ip-group 3001 rule 31
packet-filter inbound ip-group 3001 rule 34
packet-filter inbound ip-group 3001 rule 36
packet-filter inbound ip-group 3001 rule 37
packet-filter inbound ip-group 3001 rule 38
packet-filter inbound ip-group 3001 rule 39
packet-filter inbound ip-group 3001 rule 41
packet-filter inbound ip-group 3001 rule 42
packet-filter inbound ip-group 3001 rule 43
packet-filter inbound ip-group 3001 rule 45
packet-filter inbound ip-group 3001 rule 46
packet-filter inbound ip-group 3001 rule 47
packet-filter inbound ip-group 3001 rule 48
packet-filter inbound ip-group 3001 rule 50
packet-filter inbound ip-group 3001 rule 51
packet-filter inbound ip-group 3001 rule 53
packet-filter inbound ip-group 3001 rule 54
packet-filter inbound ip-group 3001 rule 55
packet-filter inbound ip-group 3001 rule 57
packet-filter inbound ip-group 3001 rule 59
packet-filter inbound ip-group 3001 rule 60
packet-filter inbound ip-group 3001 rule 61
packet-filter inbound ip-group 3001 rule 62
packet-filter inbound ip-group 3001 rule 63
packet-filter inbound ip-group 3001 rule 65
packet-filter inbound ip-group 3001 rule 66
packet-filter inbound ip-group 3001 rule 69
packet-filter inbound ip-group 3001 rule 70
packet-filter inbound ip-group 3001 rule 71
packet-filter inbound ip-group 3001 rule 72
packet-filter inbound ip-group 3001 rule 73
packet-filter inbound ip-group 3001 rule 74
packet-filter inbound ip-group 3001 rule 75
packet-filter inbound ip-group 3001 rule 76
packet-filter inbound ip-group 3001 rule 79
packet-filter inbound ip-group 3001 rule 80
packet-filter inbound ip-group 3001 rule 81
packet-filter inbound ip-group 3001 rule 83
packet-filter inbound ip-group 3001 rule 85
packet-filter inbound ip-group 3001 rule 86
packet-filter inbound ip-group 3001 rule 87
packet-filter inbound ip-group 3001 rule 88
packet-filter inbound ip-group 3001 rule 89
packet-filter inbound ip-group 3001 rule 90
packet-filter inbound ip-group 3001 rule 92
packet-filter inbound ip-group 3001 rule 93
packet-filter inbound ip-group 3001 rule 94
packet-filter inbound ip-group 3001 rule 95
packet-filter inbound ip-group 3001 rule 97
packet-filter inbound ip-group 3001 rule 98
packet-filter inbound ip-group 3001 rule 99
packet-filter inbound ip-group 3001 rule 100
packet-filter inbound ip-group 3001 rule 101
packet-filter inbound ip-group 3001 rule 102
packet-filter inbound ip-group 3001 rule 103
packet-filter inbound ip-group 3001 rule 104
packet-filter inbound ip-group 3001 rule 105
packet-filter inbound ip-group 3001 rule 106
packet-filter inbound ip-group 3001 rule 107
packet-filter inbound ip-group 3001 rule 108
packet-filter inbound ip-group 3001 rule 109
packet-filter inbound ip-group 3001 rule 110
packet-filter inbound ip-group 3001 rule 111
packet-filter inbound ip-group 3001 rule 112
packet-filter inbound ip-group 3001 rule 113
packet-filter inbound ip-group 3001 rule 114
packet-filter inbound ip-group 3001 rule 115
packet-filter inbound ip-group 3001 rule 116
packet-filter inbound ip-group 3001 rule 117
packet-filter inbound ip-group 3001 rule 118
packet-filter inbound ip-group 3001 rule 119
packet-filter inbound ip-group 3001 rule 120
packet-filter inbound ip-group 3001 rule 121
packet-filter inbound ip-group 3001 rule 122
packet-filter inbound ip-group 3001 rule 123
packet-filter inbound ip-group 3001 rule 124
packet-filter inbound ip-group 3001 rule 125
packet-filter inbound ip-group 3001 rule 126
packet-filter inbound ip-group 3001 rule 127
packet-filter inbound ip-group 3001 rule 128
packet-filter inbound ip-group 3001 rule 129
packet-filter inbound ip-group 3001 rule 130
packet-filter inbound ip-group 3001 rule 131
packet-filter inbound ip-group 3001 rule 132
packet-filter inbound ip-group 3001 rule 133
packet-filter inbound ip-group 3001 rule 134
packet-filter inbound ip-group 3001 rule 135
packet-filter inbound ip-group 3001 rule 136
packet-filter inbound ip-group 3001 rule 137
packet-filter inbound ip-group 3001 rule 138
packet-filter inbound ip-group 3001 rule 139
packet-filter inbound ip-group 3001 rule 140
packet-filter inbound ip-group 3001 rule 141
packet-filter inbound ip-group 3001 rule 142
packet-filter inbound ip-group 3001 rule 143
packet-filter inbound ip-group 3001 rule 144
packet-filter inbound ip-group 3001 rule 145
packet-filter inbound ip-group 3001 rule 146
packet-filter inbound ip-group 3001 rule 147
packet-filter inbound ip-group 3001 rule 148
packet-filter inbound ip-group 3001 rule 149
packet-filter inbound ip-group 3001 rule 150
packet-filter inbound ip-group 3001 rule 151
packet-filter inbound ip-group 3001 rule 152
packet-filter inbound ip-group 3001 rule 153
packet-filter inbound ip-group 3001 rule 154
packet-filter inbound ip-group 3001 rule 155
packet-filter inbound ip-group 3001 rule 156
packet-filter inbound ip-group 3001 rule 157
packet-filter inbound ip-group 3001 rule 158
packet-filter inbound ip-group 3001 rule 159
packet-filter inbound ip-group 3001 rule 160
packet-filter inbound ip-group 3001 rule 161
packet-filter inbound ip-group 3001 rule 162
packet-filter inbound ip-group 3001 rule 163
packet-filter inbound ip-group 3001 rule 164
packet-filter inbound ip-group 3001 rule 165
packet-filter inbound ip-group 3001 rule 166
packet-filter inbound ip-group 3001 rule 167
packet-filter inbound ip-group 3001 rule 168
packet-filter inbound ip-group 3001 rule 169
packet-filter inbound ip-group 3001 rule 170
packet-filter inbound ip-group 3001 rule 171
packet-filter inbound ip-group 3001 rule 172
packet-filter inbound ip-group 3001 rule 173
packet-filter inbound ip-group 3001 rule 174
packet-filter inbound ip-group 3001 rule 175
#
interface Ethernet1/0/10
broadcast-suppression 20
port access vlan 100
port isolate
packet-filter inbound ip-group 3001 rule 0
packet-filter inbound ip-group 3001 rule 4
packet-filter inbound ip-group 3001 rule 5
packet-filter inbound ip-group 3001 rule 6
packet-filter inbound ip-group 3001 rule 8
packet-filter inbound ip-group 3001 rule 9
packet-filter inbound ip-group 3001 rule 12
packet-filter inbound ip-group 3001 rule 13
packet-filter inbound ip-group 3001 rule 14
packet-filter inbound ip-group 3001 rule 16
packet-filter inbound ip-group 3001 rule 18
packet-filter inbound ip-group 3001 rule 19
packet-filter inbound ip-group 3001 rule 20
packet-filter inbound ip-group 3001 rule 21
packet-filter inbound ip-group 3001 rule 23
packet-filter inbound ip-group 3001 rule 24
packet-filter inbound ip-group 3001 rule 25
packet-filter inbound ip-group 3001 rule 26
packet-filter inbound ip-group 3001 rule 27
packet-filter inbound ip-group 3001 rule 29
packet-filter inbound ip-group 3001 rule 30
packet-filter inbound ip-group 3001 rule 31
packet-filter inbound ip-group 3001 rule 34
packet-filter inbound ip-group 3001 rule 36
packet-filter inbound ip-group 3001 rule 37
packet-filter inbound ip-group 3001 rule 38
packet-filter inbound ip-group 3001 rule 39
packet-filter inbound ip-group 3001 rule 41
packet-filter inbound ip-group 3001 rule 42
packet-filter inbound ip-group 3001 rule 43
packet-filter inbound ip-group 3001 rule 45
packet-filter inbound ip-group 3001 rule 46
packet-filter inbound ip-group 3001 rule 47
packet-filter inbound ip-group 3001 rule 48
packet-filter inbound ip-group 3001 rule 50
packet-filter inbound ip-group 3001 rule 51
packet-filter inbound ip-group 3001 rule 53
packet-filter inbound ip-group 3001 rule 54
packet-filter inbound ip-group 3001 rule 55
packet-filter inbound ip-group 3001 rule 57
packet-filter inbound ip-group 3001 rule 59
packet-filter inbound ip-group 3001 rule 60
packet-filter inbound ip-group 3001 rule 61
packet-filter inbound ip-group 3001 rule 62
packet-filter inbound ip-group 3001 rule 63
packet-filter inbound ip-group 3001 rule 65
packet-filter inbound ip-group 3001 rule 66
packet-filter inbound ip-group 3001 rule 69
packet-filter inbound ip-group 3001 rule 70
packet-filter inbound ip-group 3001 rule 71
packet-filter inbound ip-group 3001 rule 72
packet-filter inbound ip-group 3001 rule 73
packet-filter inbound ip-group 3001 rule 74
packet-filter inbound ip-group 3001 rule 75
packet-filter inbound ip-group 3001 rule 76
packet-filter inbound ip-group 3001 rule 79
packet-filter inbound ip-group 3001 rule 80
packet-filter inbound ip-group 3001 rule 81
packet-filter inbound ip-group 3001 rule 83
packet-filter inbound ip-group 3001 rule 85
packet-filter inbound ip-group 3001 rule 86
#
interface Ethernet1/0/11
broadcast-suppression 20
port access vlan 100
port isolate
#
interface Ethernet1/0/12
broadcast-suppression 20
port access vlan 100
port isolate
#
interface Ethernet1/0/13
broadcast-suppression 20
port access vlan 100
port isolate
#
interface Ethernet1/0/14
broadcast-suppression 20
port access vlan 100
port isolate
#
interface Ethernet1/0/15
broadcast-suppression 20
port access vlan 100
port isolate
#
interface Ethernet1/0/16
broadcast-suppression 20
port access vlan 100
port isolate
#

interface Ethernet1/0/17
broadcast-suppression 20
port access vlan 100
port isolate
packet-filter inbound ip-group 3001 rule 0
packet-filter inbound ip-group 3001 rule 4
packet-filter inbound ip-group 3001 rule 5
packet-filter inbound ip-group 3001 rule 6
packet-filter inbound ip-group 3001 rule 8
packet-filter inbound ip-group 3001 rule 9
packet-filter inbound ip-group 3001 rule 12
packet-filter inbound ip-group 3001 rule 13
packet-filter inbound ip-group 3001 rule 14
packet-filter inbound ip-group 3001 rule 16
packet-filter inbound ip-group 3001 rule 18
packet-filter inbound ip-group 3001 rule 19
packet-filter inbound ip-group 3001 rule 20
packet-filter inbound ip-group 3001 rule 21
packet-filter inbound ip-group 3001 rule 23
packet-filter inbound ip-group 3001 rule 24
packet-filter inbound ip-group 3001 rule 25
packet-filter inbound ip-group 3001 rule 26
packet-filter inbound ip-group 3001 rule 27
packet-filter inbound ip-group 3001 rule 29
packet-filter inbound ip-group 3001 rule 30
packet-filter inbound ip-group 3001 rule 31
packet-filter inbound ip-group 3001 rule 34
packet-filter inbound ip-group 3001 rule 36
packet-filter inbound ip-group 3001 rule 37
packet-filter inbound ip-group 3001 rule 38
packet-filter inbound ip-group 3001 rule 39
packet-filter inbound ip-group 3001 rule 41
packet-filter inbound ip-group 3001 rule 42
packet-filter inbound ip-group 3001 rule 43
packet-filter inbound ip-group 3001 rule 45
packet-filter inbound ip-group 3001 rule 46
packet-filter inbound ip-group 3001 rule 47
packet-filter inbound ip-group 3001 rule 48
packet-filter inbound ip-group 3001 rule 50
packet-filter inbound ip-group 3001 rule 51
packet-filter inbound ip-group 3001 rule 53
packet-filter inbound ip-group 3001 rule 54
packet-filter inbound ip-group 3001 rule 55
packet-filter inbound ip-group 3001 rule 57
packet-filter inbound ip-group 3001 rule 59
packet-filter inbound ip-group 3001 rule 60
packet-filter inbound ip-group 3001 rule 61
packet-filter inbound ip-group 3001 rule 62
packet-filter inbound ip-group 3001 rule 63
packet-filter inbound ip-group 3001 rule 65
packet-filter inbound ip-group 3001 rule 66
packet-filter inbound ip-group 3001 rule 69
packet-filter inbound ip-group 3001 rule 70
packet-filter inbound ip-group 3001 rule 71
packet-filter inbound ip-group 3001 rule 72
packet-filter inbound ip-group 3001 rule 73
packet-filter inbound ip-group 3001 rule 74
packet-filter inbound ip-group 3001 rule 75
packet-filter inbound ip-group 3001 rule 76
packet-filter inbound ip-group 3001 rule 79
packet-filter inbound ip-group 3001 rule 80
packet-filter inbound ip-group 3001 rule 81
packet-filter inbound ip-group 3001 rule 83
packet-filter inbound ip-group 3001 rule 85
packet-filter inbound ip-group 3001 rule 86
#
interface Ethernet1/0/18
broadcast-suppression 20
port access vlan 100
port isolate
#
interface Ethernet1/0/19
broadcast-suppression 20
port access vlan 100
port isolate
#
interface Ethernet1/0/20
broadcast-suppression 20
port access vlan 100
port isolate
#
interface Ethernet1/0/21
broadcast-suppression 20
port access vlan 100
port isolate
#
interface Ethernet1/0/22
broadcast-suppression 20
port access vlan 100
port isolate
#
interface Ethernet1/0/23
broadcast-suppression 20
port access vlan 100
port isolate
#
interface Ethernet1/0/24
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 94 100
port trunk pvid vlan 94
broadcast-suppression 20
packet-filter inbound ip-group 3001 rule 0
packet-filter inbound ip-group 3001 rule 4
packet-filter inbound ip-group 3001 rule 5
packet-filter inbound ip-group 3001 rule 6
packet-filter inbound ip-group 3001 rule 8
packet-filter inbound ip-group 3001 rule 9
packet-filter inbound ip-group 3001 rule 12
packet-filter inbound ip-group 3001 rule 13
packet-filter inbound ip-group 3001 rule 14
packet-filter inbound ip-group 3001 rule 16
packet-filter inbound ip-group 3001 rule 18
packet-filter inbound ip-group 3001 rule 19
packet-filter inbound ip-group 3001 rule 20
packet-filter inbound ip-group 3001 rule 21
packet-filter inbound ip-group 3001 rule 23
packet-filter inbound ip-group 3001 rule 24
packet-filter inbound ip-group 3001 rule 25
packet-filter inbound ip-group 3001 rule 26
packet-filter inbound ip-group 3001 rule 27
packet-filter inbound ip-group 3001 rule 29
packet-filter inbound ip-group 3001 rule 30
packet-filter inbound ip-group 3001 rule 31
packet-filter inbound ip-group 3001 rule 34
packet-filter inbound ip-group 3001 rule 36
packet-filter inbound ip-group 3001 rule 37
packet-filter inbound ip-group 3001 rule 38
packet-filter inbound ip-group 3001 rule 39
packet-filter inbound ip-group 3001 rule 41
packet-filter inbound ip-group 3001 rule 42
packet-filter inbound ip-group 3001 rule 43
packet-filter inbound ip-group 3001 rule 45
packet-filter inbound ip-group 3001 rule 46
packet-filter inbound ip-group 3001 rule 47
packet-filter inbound ip-group 3001 rule 48
packet-filter inbound ip-group 3001 rule 50
packet-filter inbound ip-group 3001 rule 51
packet-filter inbound ip-group 3001 rule 53
packet-filter inbound ip-group 3001 rule 54
packet-filter inbound ip-group 3001 rule 55
packet-filter inbound ip-group 3001 rule 57
packet-filter inbound ip-group 3001 rule 59
packet-filter inbound ip-group 3001 rule 60
packet-filter inbound ip-group 3001 rule 61
packet-filter inbound ip-group 3001 rule 62
packet-filter inbound ip-group 3001 rule 63
packet-filter inbound ip-group 3001 rule 65
packet-filter inbound ip-group 3001 rule 66
packet-filter inbound ip-group 3001 rule 69
packet-filter inbound ip-group 3001 rule 70
packet-filter inbound ip-group 3001 rule 71
packet-filter inbound ip-group 3001 rule 72
packet-filter inbound ip-group 3001 rule 73
packet-filter inbound ip-group 3001 rule 74
packet-filter inbound ip-group 3001 rule 75
packet-filter inbound ip-group 3001 rule 76
packet-filter inbound ip-group 3001 rule 79
packet-filter inbound ip-group 3001 rule 80
packet-filter inbound ip-group 3001 rule 81
packet-filter inbound ip-group 3001 rule 83
packet-filter inbound ip-group 3001 rule 85
packet-filter inbound ip-group 3001 rule 86
packet-filter inbound ip-group 3001 rule 87
packet-filter inbound ip-group 3001 rule 88
packet-filter inbound ip-group 3001 rule 89
packet-filter inbound ip-group 3001 rule 90
packet-filter inbound ip-group 3001 rule 92
packet-filter inbound ip-group 3001 rule 93
packet-filter inbound ip-group 3001 rule 94
packet-filter inbound ip-group 3001 rule 95
packet-filter inbound ip-group 3001 rule 97
packet-filter inbound ip-group 3001 rule 98
packet-filter inbound ip-group 3001 rule 99
packet-filter inbound ip-group 3001 rule 100
packet-filter inbound ip-group 3001 rule 101
packet-filter inbound ip-group 3001 rule 102
packet-filter inbound ip-group 3001 rule 103
packet-filter inbound ip-group 3001 rule 104
packet-filter inbound ip-group 3001 rule 105
packet-filter inbound ip-group 3001 rule 106
packet-filter inbound ip-group 3001 rule 107
packet-filter inbound ip-group 3001 rule 108
packet-filter inbound ip-group 3001 rule 109
packet-filter inbound ip-group 3001 rule 110
packet-filter inbound ip-group 3001 rule 111
packet-filter inbound ip-group 3001 rule 112
packet-filter inbound ip-group 3001 rule 113
packet-filter inbound ip-group 3001 rule 114
packet-filter inbound ip-group 3001 rule 115
packet-filter inbound ip-group 3001 rule 116
packet-filter inbound ip-group 3001 rule 117
packet-filter inbound ip-group 3001 rule 118
packet-filter inbound ip-group 3001 rule 119
packet-filter inbound ip-group 3001 rule 120
packet-filter inbound ip-group 3001 rule 121
packet-filter inbound ip-group 3001 rule 122
packet-filter inbound ip-group 3001 rule 123
packet-filter inbound ip-group 3001 rule 124
packet-filter inbound ip-group 3001 rule 125
packet-filter inbound ip-group 3001 rule 126
packet-filter inbound ip-group 3001 rule 127
packet-filter inbound ip-group 3001 rule 128
packet-filter inbound ip-group 3001 rule 129
packet-filter inbound ip-group 3001 rule 130
packet-filter inbound ip-group 3001 rule 131
packet-filter inbound ip-group 3001 rule 132
packet-filter inbound ip-group 3001 rule 133
packet-filter inbound ip-group 3001 rule 134
packet-filter inbound ip-group 3001 rule 135
packet-filter inbound ip-group 3001 rule 136
packet-filter inbound ip-group 3001 rule 137
packet-filter inbound ip-group 3001 rule 138
packet-filter inbound ip-group 3001 rule 139
packet-filter inbound ip-group 3001 rule 140
packet-filter inbound ip-group 3001 rule 141
packet-filter inbound ip-group 3001 rule 142
packet-filter inbound ip-group 3001 rule 143
packet-filter inbound ip-group 3001 rule 144
packet-filter inbound ip-group 3001 rule 145
packet-filter inbound ip-group 3001 rule 146
packet-filter inbound ip-group 3001 rule 147
packet-filter inbound ip-group 3001 rule 148
packet-filter inbound ip-group 3001 rule 149
packet-filter inbound ip-group 3001 rule 150
packet-filter inbound ip-group 3001 rule 151
packet-filter inbound ip-group 3001 rule 152
packet-filter inbound ip-group 3001 rule 153
packet-filter inbound ip-group 3001 rule 154
packet-filter inbound ip-group 3001 rule 155
packet-filter inbound ip-group 3001 rule 156
packet-filter inbound ip-group 3001 rule 157
packet-filter inbound ip-group 3001 rule 158
packet-filter inbound ip-group 3001 rule 159
packet-filter inbound ip-group 3001 rule 160
packet-filter inbound ip-group 3001 rule 161
packet-filter inbound ip-group 3001 rule 162
packet-filter inbound ip-group 3001 rule 163
packet-filter inbound ip-group 3001 rule 164
packet-filter inbound ip-group 3001 rule 165
packet-filter inbound ip-group 3001 rule 166
packet-filter inbound ip-group 3001 rule 167
packet-filter inbound ip-group 3001 rule 168
packet-filter inbound ip-group 3001 rule 169
packet-filter inbound ip-group 3001 rule 170
packet-filter inbound ip-group 3001 rule 171
packet-filter inbound ip-group 3001 rule 172
packet-filter inbound ip-group 3001 rule 173
packet-filter inbound ip-group 3001 rule 174
packet-filter inbound ip-group 3001 rule 175
description to AR28-11
#
interface GigabitEthernet1/1/1
shutdown
#
interface GigabitEthernet1/1/2
shutdown
#
interface GigabitEthernet1/1/3
shutdown
#
interface GigabitEthernet1/1/4
shutdown
#
undo irf-fabric authentication-mode
#
interface NULL0
#
voice vlan mac-address 0001-e300-0000 mask ffff-ff00-0000
#
undo dhcp enable
#
ip route-static 0.0.0.0 0.0.0.0 172.24.1.101 preference 60
#
user-interface aux 0 7
authentication-mode scheme
set authentication password cipher 5W97B'/VOV+Q=^Q`MAF4<1!!
user-interface vty 0 4
authentication-mode scheme
user privilege level 1
set authentication password cipher :;(GD\S-.@(\`B0Z^=\BB!!!
#
return
以上部分为S3928P-EI的配置

[ 本帖最后由 ATWX 于 2007-9-18 15:40 编辑 ]

<S3928P-EI>telnet 172.22.1.3
连接 172.22.1.3 ...
按CTRL+K键终止连接
成功连接到 172.22.1.3 ...
********************************************************************************
* Copyright(c) 1998-2006 Huawei Technologies Co., Ltd. All rights reserved. *
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
********************************************************************************


Login authentication


Username:huawei
Password:
<S2403H-HI-3>
%Apr 7 18:15:17:020 2000 S2403H-HI-3 SHELL/5/LOGIN:- 1 - huawei(172.22.1.1) in unit1 login
<S2403H-HI-3>lan ch
Change language mode, confirm? [Y/N]y
% 改变到中文模式。
<S2403H-HI-3>dis
<S2403H-HI-3>display arp
类型: S-静态 D-动态
IP地址 MAC地址 VLAN ID 端口名/聚合链路号 老化时间 类型
172.22.1.5 000f-e242-84f6 80 Ethernet1/0/1 15 D
172.22.1.4 000f-e242-84ec 80 Ethernet1/0/1 16 D
172.22.1.6 000f-e242-84ea 80 Ethernet1/0/1 20 D
172.22.1.1 000f-e24c-661e 80 Ethernet1/0/1 20 D

--- 4条ARP表项 ---
<S2403H-HI-3>dis cu
#
sysname S2403H-HI-3
#
super password level 3 cipher 5W97B'/VOV+Q=^Q`MAF4<1!!
#
loopback-detection enable
#
radius scheme system
#
domain system
#
local-user huawei
password cipher 5W97B'/VOV+Q=^Q`MAF4<1!!
service-type telnet
level 1
service-type ftp
#
vlan 1
#
vlan 80
description guanli
#
vlan 100
description yewu
#
interface Vlan-interface80
ip address 172.22.1.3 255.255.255.0
#
interface Aux1/0/0
#
interface Ethernet1/0/1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 80 100
description shanglian 172.22.1.1
#
interface Ethernet1/0/2
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/3
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/4
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/5
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/6
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/7
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/8
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/9
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/10
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/11
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/12
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/13
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/14
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/15
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/16
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/17
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/18
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/19
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/20
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/21
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/22
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/23
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/24
speed 10
port access vlan 100
port isolate
#
interface NULL0
#
management-vlan 80
#
FTP server enable
#
ip route-static 0.0.0.0 0.0.0.0 172.22.1.1 preference 60
#
user-interface aux 0
authentication-mode password
set authentication password cipher 5W97B'/VOV+Q=^Q`MAF4<1!!
user-interface vty 0 4
authentication-mode scheme
user privilege level 1
set authentication password cipher 5W97B'/VOV+Q=^Q`MAF4<1!!
#
return

<S2403H-HI-3> qui
远程主机已关闭连接!
<S3928P-EI>telnet 172.22.1.3 4
连接 172.22.1.4 ...
按CTRL+K键终止连接
成功连接到 172.22.1.4 ...
********************************************************************************
* Copyright(c) 1998-2006 Huawei Technologies Co., Ltd. All rights reserved. *
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
********************************************************************************


Login authentication


Username:huawei
Password:
<S2403H-HI-4>
%Apr 7 18:15:34:820 2000 S2403H-HI-4 SHELL/5/LOGIN:- 1 - huawei(172.22.1.1) in unit1 login
<S2403H-HI-4>dis cu
#
sysname S2403H-HI-4
#
super password level 3 cipher 5W97B'/VOV+Q=^Q`MAF4<1!!
#
loopback-detection enable
#
radius scheme system
#
domain system
#
local-user huawei
password cipher 5W97B'/VOV+Q=^Q`MAF4<1!!
service-type telnet
level 1
service-type ftp
#
vlan 1
#
vlan 80
description guanli
#
vlan 100
description yewu
#
interface Vlan-interface80
ip address 172.22.1.4 255.255.255.0
#
interface Aux1/0/0
#
interface Ethernet1/0/1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 80 100
port isolate
description to 172.22.1.5
#
interface Ethernet1/0/2
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 80 100
port isolate
description to 172.22.1.6
#
interface Ethernet1/0/3
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/4
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/5
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/6
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/7
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/8
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/9
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/10
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/11
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/12
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/13
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/14
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/15
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/16
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/17
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/18
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/19
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/20
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/21
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/22
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/23
speed 10
port access vlan 100
port isolate
#
interface Ethernet1/0/24
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 80 100
description to 172.22.1.1
#
interface NULL0
#
management-vlan 80
#
FTP server enable
#
ip route-static 0.0.0.0 0.0.0.0 172.22.1.1 preference 60
#
user-interface aux 0
authentication-mode password
set authentication password cipher 5W97B'/VOV+Q=^Q`MAF4<1!!
user-interface vty 0 4
authentication-mode scheme
user privilege level 3
set authentication password cipher 5W97B'/VOV+Q=^Q`MAF4<1!!
#
return
<S2403H-HI-4>
以上部分为S2403H-HI的配置

[ 本帖最后由 ATWX 于 2007-9-18 15:42 编辑 ]

个人感觉防病毒配制相当全面

很强大……

这个配置的acl控制太多了. 要发上来,就发一个大众化的配置吧.

1 路由器上, ip地址,acl, 地址转换, 默认路由, 用户名,telnet打开
2 39/36上, 起一个三层接口vlan,连接路由器,下面再划N个数据vlan,再划分端口到这些vlan中.
3 2403之类的,就当做普通的接入交换机了. 可以不用配置.

Basic ACL 2000, 2 rules, match-order is auto
Acl's step is 1
rule 1 permit source 192.168.0.0 0.0.0.255 (3354533 times matched)
rule 10 deny (0 times matched)

Advanced ACL 3001, 109 rules
WAN-WaiWang
Acl's step is 1
rule 0 deny tcp source-port eq 67 destination-port eq 9996 (0 times matched)
rule 1 deny tcp source-port range 135 139 (0 times matched)
rule 2 deny tcp source-port eq 138 destination-port eq 445 (0 times matched)
rule 3 deny tcp source-port eq 445 destination-port eq 135 (0 times matched)
rule 4 deny tcp source-port eq 445 (0 times matched)
rule 5 deny tcp source-port eq 555 (0 times matched)
rule 6 deny tcp source-port eq 593 (0 times matched)
rule 7 deny tcp source-port range 1022 1025 (3 times matched)
rule 8 deny tcp source-port eq 1034 destination-port eq www (0 times matched)
rule 9 deny tcp source-port eq 1068 (4 times matched)
rule 10 deny tcp source-port range 1433 1434 (0 times matched)
rule 12 deny tcp source-port eq 1871 (0 times matched)
rule 13 deny tcp source-port eq 2745 (3 times matched)
rule 14 deny tcp source-port eq 3127 (2 times matched)
rule 15 deny tcp source-port eq 3127 destination-port eq 1434 (0 times matched)
rule 16 deny tcp source-port eq 3208 (6 times matched)
rule 17 deny tcp source-port range 4331 4334 (3 times matched)
rule 18 deny tcp source-port eq 4444 (4 times matched)
rule 19 deny tcp source-port eq 4510 (4