R1配置:
----------------------------------------------------
#
sysname RT1
#
super password level 3 cipher H`‘>T.,>(V@X!X<]K3BK;Q!!
#
ike local-name zb
#
domain default enable system
#
telnet server enable
#
dar p2p signature-file flash:/p2p_default.mtd
#
port-security enable
#
acl number 2008
rule 0 permit source 192.168.0.0 0.0.0.255
acl number 2030
rule 0 permit source 192.168.200.1 0
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
ike peer fb
exchange-mode aggressive
pre-shared-key simple h3c
id-type name
remote-name fb
#
ipsec proposal 1
#
ipsec policy-template huawei 1
ike-peer fb
proposal 1
#
ipsec policy h3c 1 isakmp template huawei
#
user-group system
group-attribute allow-guest
#
local-user telnet
password simple telnet
authorization-attribute level 2
service-type telnet
local-user useradmin
authorization-attribute level 2
#
wlan rrm
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11g mandatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54
#
attack-defense policy 1
#
ospf 1 router-id 192.168.255.1
default-route-advertise
import-route static route-policy fk
area 0.0.0.0
network 192.168.255.1 0.0.0.0
network 10.255.111.1 0.0.0.0
network 10.255.12.1 0.0.0.0
#
rip 1
undo summary
version 2
network 10.0.0.0
silent-interface Ethernet0/2
silent-interface Ethernet0/0
filter-policy ip-prefix filter export
import-route static route-policy bt
#
route-policy bt permit node 10
if-match ip-prefix bt
route-policy fk permit node 10
if-match ip-prefix fk
#
ip ip-prefix bt index 10 permit 192.168.0.0 19
ip ip-prefix bt index 20 permit 10.0.0.0 11
ip ip-prefix fk index 10 permit 192.168.96.0 19
ip ip-prefix fk index 20 permit 10.101.0.0 19
ip ip-prefix filter index 10 deny 192.168.96.0 19 less-equal 32
ip ip-prefix filter index 20 permit 0.0.0.0 0 less-equal 32
#
ip route-static 0.0.0.0 0.0.0.0 61.67.1.2
ip route-static 10.0.0.0 255.224.0.0 NULL0
ip route-static 10.101.0.0 255.255.224.0 NULL0
ip route-static 192.168.0.0 255.255.224.0 NULL0
ip route-static 192.168.96.0 255.255.224.0 NULL0
#
undo info-center source default channel 2
undo info-center source default channel 9
#
snmp-agent
snmp-agent local-engineid 800063A2030023892DAB30
snmp-agent community read h3c-read
snmp-agent sys-info version v2c v3
snmp-agent target-host trap address udp-domain 192.168.200.1 params securityname h3c-read
undo snmp-agent trap enable voice dial
snmp-agent trap source LoopBack0
#
nat static 10.1.0.100 100.0.0.100
#
nms primary monitor-interface Ethernet0/0
#
load xml-configuration
#
load tr069-configuration
#
user-interface tty 12
user-interface aux 0
user-interface vty 0 4
acl 2030 inbound
authentication-mode scheme
user privilege level 2
idle-timeout 0 0
protocol inbound telnet
#
return
R2配置:
----------------------------------------------------------------
#
sysname RT2
#
super password level 3 cipher $c$3$wUlzmVkRd1JQb+mPCZSg7KXL6nkENfjwROXQFg==
#
#
domain default enable system
#
telnet server enable
#
ip ttl-expires enable
ip unreachables enable
#
dar p2p signature-file cfa0:/p2p_default.mtd
#
port-security enable
#
undo ip http enable
#
password-recovery enable
#
acl number 2030
rule 0 permit source 192.168.200.1 0
#
acl number 3000
rule 0 permit ip source 192.168.0.0 0.0.0.255 destination 192.168.0.0 0.0.31.255
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
traffic classifier oa operator and
if-match acl 3000
#
traffic behavior oa
queue af bandwidth 1500
#
qos policy h3c
classifier oa behavior oa
#
user-group system
group-attribute allow-guest
#
local-user rt2
password cipher $c$3$mnEYQyPWbQ4cubJP5HnyP+IsCzivSg==
service-type ppp
local-user telnet
password cipher $c$3$cospwisuMw1xXMmseocl/GLrIkBBi7RnWQ==
authorization-attribute level 2
service-type telnet
#
ospf 1 router-id 192.168.255.2
area 0.0.0.0
network 192.168.255.2 0.0.0.0
network 10.255.122.1 0.0.0.0
network 10.255.12.2 0.0.0.0
area 0.0.0.1
network 10.255.25.2 0.0.0.0
#
snmp-agent
snmp-agent local-engineid 800063A203000FE2E51B36
snmp-agent community read h3c-read
snmp-agent sys-info version v2c v3
snmp-agent target-host trap address udp-domain 192.168.200.1 params securityname h3c-read
snmp-agent trap source LoopBack0
#
load xml-configuration
#
user-interface con 0
user-interface tty 13
user-interface aux 0
user-interface vty 0 4
acl 2030 inbound
authentication-mode scheme
user privilege level 2
idle-timeout 0 0
protocol inbound telnet
#
return
R3配置
----------------------------------------------------
#
sysname RT3
#
super password level 3 cipher H`‘>T.,>(V@X!X<]K3BK;Q!!
#
ike local-name fb
#
domain default enable system
#
dar p2p signature-file flash:/p2p_default.mtd
#
lldp enable
#
acl number 2000
rule 0 permit source 192.168.96.0 0.0.31.255
#
acl number 3000
rule 0 permit ip source 192.168.255.3 0 destination 192.168.255.1 0
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
ike proposal 1
#
ike peer rt1
exchange-mode aggressive
pre-shared-key simple h3c
id-type name
remote-name zb
remote-address 61.67.1.1
#
ipsec proposal 1
#
ipsec policy h3c 1 isakmp
security acl 3000
ike-peer rt1
proposal 1
#
user-group system
group-attribute allow-guest
#
local-user useradmin
authorization-attribute level 2
#
wlan rrm
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11g mandatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54
#
attack-defense policy 1
#
rip 1
undo summary
version 2
network 10.0.0.0
network 192.168.101.0
network 192.168.110.0
#
policy-based-route Ethernet0/0 permit node 0
if-match acl 2000
apply output-interface Ethernet0/0
#
policy-based-route Ethernet0/2 permit node 0
if-match acl 2000
#
policy-based-route Ethernet0/1 permit node 0
if-match acl 2000
#
ip route-static 0.0.0.0 0.0.0.0 64.67.1.2
#
undo info-center source default channel 2
undo info-center source default channel 9
#
nms primary monitor-interface Ethernet0/0
#
load xml-configuration
#
load tr069-configuration
#
user-interface tty 12
user-interface aux 0
user privilege level 2
idle-timeout 0 0
user-interface vty 0 4
#
return
R4配置:
-------------------------------------------------------------
#
version 5.20, Release 1618P13, Basic
#
sysname RT4
#
super password level 3 cipher H`‘>T.,>(V@X!X<]K3BK;Q!!
#
ipsec cpu-backup enable
#
undo cryptoengine enable
#
domain default enable system
#
acl number 3000
rule 0 permit ip source 192.168.0.0 0.0.31.255 destination 192.168.0.0 0.0.0.255
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
traffic classifier oa operator and
if-match acl 3000
#
traffic behavior oa
queue af bandwidth 1500
#
qos policy h3c
classifier oa behavior oa
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
service-type telnet
level 3
local-user rt4
password simple rt4
service-type ppp
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Ethernet0/0
port link-mode route
#
interface Ethernet0/1
port link-mode route
#
interface Ethernet0/1.10
vlan-type dot1q vid 10
ip address 192.168.11.254 255.255.255.0
#
interface Ethernet0/1.20
vlan-type dot1q vid 20
ip address 10.11.0.254 255.255.0.0
#
interface Serial1/0
virtualbaudrate 2048000
link-protocol ppp
ppp authentication-mode chap
ppp chap user rt2
ppp chap password simple rt2
ip address 10.255.25.1 255.255.255.252
qos apply policy h3c outbound
#
interface Serial2/0
link-protocol ppp
ppp authentication-mode chap
ppp chap user rt2
ppp chap password simple rt2
ppp mp Mp-group 1
shutdown
#
interface NULL0
#
interface LoopBack0
ip address 192.168.255.4 255.255.255.255
#
interface LoopBack10
ip address 192.168.20.1 255.255.255.255
#
interface LoopBack20
ip address 10.20.0.1 255.255.255.255
#
ospf 1 router-id 192.168.255.4
filter-policy ip-prefix filter import
area 0.0.0.1
network 192.168.255.4 0.0.0.0
network 10.255.25.1 0.0.0.0
network 10.11.0.0 0.0.255.255
network 10.20.0.0 0.0.255.255
network 192.168.11.0 0.0.0.255
network 192.168.20.0 0.0.0.255
#
ip ip-prefix filter index 10 deny 192.168.96.0 19
ip ip-prefix filter index 20 permit 0.0.0.0 0 less-equal 32
#
user-interface con 0
user privilege level 2
user-interface aux 0
user-interface vty 0 4
#
return
R5配置
-------------------------------------------------------
#
sysname RT5
#
super password level 3 cipher H`‘>T.,>(V@X!X<]K3BK;Q!!
#
ike local-name fb
#
domain default enable system
#
ip host h 1.1.1.1
#
telnet server enable
#
dar p2p signature-file flash:/p2p_default.mtd
#
port-security enable
#
acl number 2000
rule 0 permit source 192.168.0.0 0.0.31.255
#
acl number 3000
rule 0 permit ip source 192.168.255.5 0 destination 192.168.255.1 0
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
ike proposal 1
#
ike peer rt1
exchange-mode aggressive
pre-shared-key simple h3c
id-type name
remote-name zb
remote-address 61.67.1.1
#
ipsec proposal 1
#
ipsec policy h3c 1 isakmp
security acl 3000
ike-peer rt1
proposal 1
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
authorization-attribute level 3
service-type telnet
#
cwmp
undo cwmp enable
#
rip 1
undo summary
version 2
network 10.0.0.0
network 192.168.111.0
network 192.168.120.0
#
#
voice-setup
#
sip
#
sip-server
#
call-rule-set
#
call-route
#
dial-program
default entity fax protocol standard-t38
default entity fax protocol standard-t38 hb-redundancy 0
default entity fax protocol standard-t38 lb-redundancy 0
#
aaa-client
#
gk-client
#
ip route-static 0.0.0.0 0.0.0.0 202.112.1.2
#
load xml-configuration
#
load tr069-configuration
#
user-interface tty 16
undo shell
idle-timeout 0 0
flow-control none
redirect enable
redirect return-deal from-telnet
undo redirect timeout
redirect listen-port 2001
user-interface tty 17
undo shell
idle-timeout 0 0
flow-control none
redirect enable
redirect return-deal from-telnet
undo redirect timeout
redirect listen-port 2002
user-interface tty 18
undo shell
idle-timeout 0 0
flow-control none
redirect enable
redirect return-deal from-telnet
undo redirect timeout
redirect listen-port 2003
user-interface tty 19
undo shell
idle-timeout 0 0
flow-control none
redirect enable
redirect return-deal from-telnet
undo redirect timeout
redirect listen-port 2004
user-interface tty 20
undo shell
idle-timeout 0 0
flow-control none
redirect enable
redirect return-deal from-telnet
undo redirect timeout
redirect listen-port 2005
user-interface tty 21
undo shell
idle-timeout 0 0
flow-control none
redirect enable
redirect return-deal from-telnet
undo redirect timeout
redirect listen-port 2006
user-interface tty 22
undo shell
idle-timeout 0 0
flow-control none
redirect enable
redirect return-deal from-telnet
undo redirect timeout
redirect listen-port 2007
user-interface tty 23
undo shell
idle-timeout 0 0
flow-control none
redirect enable
redirect return-deal from-telnet
undo redirect timeout
redirect listen-port 2008
user-interface aux 0
user privilege level 2
idle-timeout 0 0
user-interface vty 0 4
user privilege level 2
set authentication password simple h3cte
idle-timeout 0 0
#
return
SW1配置:
--------------------------------------------------------------
#
sysname SW1
#
super password level 3 cipher $c$3$gFoSXX5isPm6ROe6dVr4T0fdLKNjaroPWwBHyg==
#
domain default enable system
#
burst-mode enable
#
undo ip http enable
#
password-recovery enable
#
vlan 1
#
vlan 10
#
vlan 20
#
vlan 30
#
vlan 40
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
#
stp region-configuration
region-name h3c
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
#
stp instance 0 root primary
stp instance 1 root primary
stp instance 2 root secondary
stp enable
#
ospf 1 router-id 192.168.255.11
silent-interface Vlan-interface10
silent-interface Vlan-interface20
area 0.0.0.0
network 192.168.255.11 0.0.0.0
network 192.168.0.0 0.0.0.255
network 10.1.0.0 0.0.255.255
network 10.255.111.2 0.0.0.0
network 10.255.212.1 0.0.0.0
#
user-interface aux 0
user-interface vty 0 4
#
return
SW2配置:
----------------------------------------------------------
#
sysname SW2
#
super password level 3 cipher $c$3$qjfU6akF+IsLNBE31R8g5dya/LHcgc0ERcbrQw==
#
domain default enable system
#
burst-mode enable
#
undo ip http enable
#
password-recovery enable
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
#
stp region-configuration
region-name h3c
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
#
stp instance 0 root primary
stp instance 1 root secondary
stp instance 2 root primary
stp enable
#
ospf 1 router-id 192.168.255.12
silent-interface Vlan-interface10
silent-interface Vlan-interface20
area 0.0.0.0
network 192.168.255.12 0.0.0.0
network 192.168.0.0 0.0.0.255
network 10.1.0.0 0.0.255.255
network 10.255.122.2 0.0.0.0
network 10.255.212.2 0.0.0.0
#
user-interface aux 0
user-interface vty 0 4
#
return
SW3配置:
-----------------------------------------------------
#
sysname SW3
#
super password level 3 cipher H`‘>T.,>(V@X!X<]K3BK;Q!!
#
domain default enable system
#
telnet server enable
#
vlan 1
#
vlan 10
#
vlan 20
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
#
stp bpdu-protection
stp enable
stp region-configuration
region-name h3c
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
#
user-interface aux 0
user-interface vty 0 4
#
return
H3C TE老版本OSPF正确配置,布布扣,bubuko.com
原文地址:http://www.cnblogs.com/networking/p/3840586.html
