码迷,mamicode.com
首页 > Web开发 > 详细

H3C 模拟器 pc与防火墙,交换机相连,在pc cmd下用telnet访问交换机和防火墙

时间:2019-08-27 19:31:35      阅读:131      评论:0      收藏:0      [点我收藏+]

标签:sof   security   cuc   实现   路由   show   inf   use   obj   

架构如图

技术图片

实现目的

1 在pc端,用telnet访问核心交换机10.20.4.252

2 在pc端,用telnet访问二层交换机10.20.4.253

在此之前,pc_4,pc_5与交换机的配置不进行介绍

新建vlan 10 用于管理所有的交换机

##配置二层交换机的telnet管理ip

[sw-2-1]vlan 10
[sw-2-1-vlan10]int vlan 10
[sw-2-1-Vlan-interface10]ip address 10.20.4.253 
[sw-2-1-Vlan-interface10]qu
[sw-2-1]telnet server enable
[sw-2-1]user-interface vty 0 4
[sw-2-1-line-vty0-4]authentication-mode scheme
[sw-2-1-line-vty0-4]qu
[sw-2-1]local-user yhq
[sw-2-1-luser-manage-yhq]password simple 123
[sw-2-1-luser-manage-yhq]service-type telnet
[sw-2-1-luser-manage-yhq]authorization-attribute user-role level-15

##core核心交换机此步骤相同

##telnet 核心交换机//二层交换机
<core-3-1>system-view
System View: return to User View with Ctrl+Z.
[core-3-1]vlan 10
[core-3-1-vlan10]int vlan 10
[core-3-1-Vlan-interface10]dis this
#
interface Vlan-interface10
 ip address 10.20.4.252 255.255.252.0
#
return
[core-3-1-Vlan-interface10]qu
[core-3-1]user-interface vty 0 4
[core-3-1-line-vty0-4]authentication-mode scheme
[core-3-1-line-vty0-4]qu
[core-3-1]local-user yhq
New local user added.
[core-3-1-luser-manage-yhq]password simple 123
[core-3-1-luser-manage-yhq]service-type telnet
[core-3-1-luser-manage-yhq]authorization-attribute user-role level-15
[core-3-1-luser-manage-yhq]qu
[core-3-1]telnet server enable

##核心交换机的端口1修改为路由模式,并配置ip和静态路由

<core-3-1>system-view
System View: return to User View with Ctrl+Z.
[core-3-1]int g1/0/1
[core-3-1-GigabitEthernet1/0/1]dis this
#
interface GigabitEthernet1/0/1
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan 1 200 300
 combo enable fiber
[core-3-1-GigabitEthernet1/0/1]port link-mode route  //配置为路由模式
[core-3-1-GigabitEthernet1/0/1]ip address 1.1.1.1 30
[core-3-1-GigabitEthernet1/0/1]qu
[core-3-1]ip route-static 0.0.0.0 0 1.1.1.2  // 添加路由表,下一条地址为1.1.1.2
[core-3-1]tracert 10.18.4.2          //跟踪
traceroute to 10.18.4.2 (10.18.4.2), 30 hops at most, 40 bytes each packet, press CTRL_C t 
[core-3-1]display ip routing-table   //查看路由表
Destinations : 21       Routes : 21
Destination/Mask   Proto   Pre Cost        NextHop         Interface
0.0.0.0/0          Static  60  0           1.1.1.2         GE1/0/1
0.0.0.0/32         Direct  0   0           127.0.0.1       InLoop0

##fw的端口g1/0/1 配置ip,端口模式为route

<fw-1>system-view
System View: return to User View with Ctrl+Z.
[fw-1]int g1/0/1
[fw-1-GigabitEthernet1/0/1]dis this
#
interface GigabitEthernet1/0/1
 port link-mode route
 combo enable copper
 ip address 1.1.1.2 255.255.255.252
#
return
[fw-1]int g1/0/0 //端口g1/0/0配置
[fw-1-GigabitEthernet1/0/0]dis this
#
interface GigabitEthernet1/0/0
 port link-mode route
 combo enable copper
 ip address 10.18.4.250 255.255.252.0
 nat outbound 2001 address-group 1 no-pat description 1
#
return

在pc的cmd窗口添加路由

C:\Users\Administrator>ping 10.20.4.252
正在 Ping 10.20.4.252 具有 32 字节的数据:
请求超时。
请求超时。
C:\Users\Administrator>route print
C:\Users\Administrator>route add 10.20.4.0 mask 255.255.252.0 10.18.4.250
 操作完成!
C:\Users\Administrator>ping 10.20.4.252
正在 Ping 10.20.4.252 具有 32 字节的数据:
来自 10.20.4.252 的回复: 字节=32 时间<1ms TTL=254
来自 10.20.4.252 的回复: 字节=32 时间<1ms TTL=254

 ##二层sw-2-1添加路由

[sw-2-1]ip route-static 0.0.0.0 0.0.0.0 1.1.1.2
[sw-2-1]ip route-static 0.0.0.0 0.0.0.0 10.20.4.252

由于之前防火墙已经开启了web端口,这里telnet就很容易了

技术图片

在pc的cmd窗口进行telnet 10.20.4.252

技术图片

在pc的cmd窗口进行telnet 10.20.4.253

技术图片

最后3个设备的配置文件

fw

技术图片
[fw-1]dis current-configuration
#
 version 7.1.064, Alpha 7164
#
 sysname fw-1
#
context Admin id 1
#
 telnet server enable
#
 irf mac-address persistent timer
 irf auto-update enable
 undo irf link-delay
 irf member 1 priority 1
#
nat address-group 1 name 1
 address 10.18.4.250 10.18.4.250
#
 xbar load-single
 password-recovery enable
 lpu-type f-series
#
vlan 1
#
object-group ip address y11
 security-zone Untrust
 0 network subnet 10.19.4.0 255.255.252.0
#
object-group ip address y22
 security-zone Trust
 0 network subnet 10.18.4.0 255.255.252.0
#
interface NULL0
#
interface GigabitEthernet1/0/0
 port link-mode route
 combo enable copper
 ip address 10.18.4.250 255.255.252.0
 nat outbound 2001 address-group 1 no-pat description 1
#
interface GigabitEthernet1/0/1
 port link-mode route
 combo enable copper
 ip address 1.1.1.2 255.255.255.252
#
interface GigabitEthernet1/0/2
 port link-mode route
 combo enable copper
#
interface GigabitEthernet1/0/3
 port link-mode route
 combo enable copper
#
interface GigabitEthernet1/0/4
 port link-mode route
 combo enable copper
#
interface GigabitEthernet1/0/5
 port link-mode route
 combo enable copper
#
interface GigabitEthernet1/0/6
 port link-mode route
 combo enable copper
#
interface GigabitEthernet1/0/7
 port link-mode route
 combo enable copper
#
interface GigabitEthernet1/0/8
 port link-mode route
 combo enable copper
#
interface GigabitEthernet1/0/9
 port link-mode route
 combo enable copper
#
interface GigabitEthernet1/0/10
 port link-mode route
 combo enable copper
#
interface GigabitEthernet1/0/11
 port link-mode route
 combo enable copper
#
interface GigabitEthernet1/0/12
 port link-mode route
 combo enable copper
#
interface GigabitEthernet1/0/13
 port link-mode route
 combo enable copper
#
interface GigabitEthernet1/0/14
 port link-mode route
 combo enable copper
#
interface GigabitEthernet1/0/15
 port link-mode route
 combo enable copper
#
interface GigabitEthernet1/0/16
 port link-mode route
 combo enable copper
#
interface GigabitEthernet1/0/17
 port link-mode route
 combo enable copper
#
interface GigabitEthernet1/0/18
 port link-mode route
 combo enable copper
#
interface GigabitEthernet1/0/19
 port link-mode route
 combo enable copper
#
interface GigabitEthernet1/0/20
 port link-mode route
 combo enable copper
#
interface GigabitEthernet1/0/21
 port link-mode route
 combo enable copper
#
interface GigabitEthernet1/0/22
 port link-mode route
 combo enable copper
#
interface GigabitEthernet1/0/23
 port link-mode route
 combo enable copper
#
object-policy ip manage
 rule 0 pass
#
security-zone name Local
#
security-zone name Trust
 import interface GigabitEthernet1/0/0
#
security-zone name DMZ
#
security-zone name Untrust
 import interface GigabitEthernet1/0/1
#
security-zone name Management
#
zone-pair security source Trust destination Local
 object-policy apply ip manage
#
 scheduler logfile size 16
#
line class aux
 user-role network-operator
#
line class console
 user-role network-admin
#
line class tty
 user-role network-operator
#
line class vty
 user-role network-operator
#
line aux 0
 user-role network-admin
#
line con 0
 authentication-mode scheme
 user-role network-admin
#
line vty 0 4
 authentication-mode scheme
 user-role network-admin
#
line vty 5 63
 user-role network-operator
#
 ip route-static 0.0.0.0 0 10.18.4.2
 ip route-static 10.19.4.0 22 GigabitEthernet1/0/1 1.1.1.1
 ip route-static 10.20.4.0 22 GigabitEthernet1/0/1 1.1.1.1
#
 time-range 1 09:14 to 19:14 daily
#
acl basic 2001
 rule 0 permit source 10.19.4.0 0.0.3.255
#
domain system
#
 aaa session-limit ftp 16
 aaa session-limit telnet 16
 aaa session-limit ssh 16
 domain default enable system
#
role name level-0
 description Predefined level-0 role
#
role name level-1
 description Predefined level-1 role
#
role name level-2
 description Predefined level-2 role
#
role name level-3
 description Predefined level-3 role
#
role name level-4
 description Predefined level-4 role
#
role name level-5
 description Predefined level-5 role
#
role name level-6
 description Predefined level-6 role
#
role name level-7
 description Predefined level-7 role
#
role name level-8
 description Predefined level-8 role
#
role name level-9
 description Predefined level-9 role
#
role name level-10
 description Predefined level-10 role
#
role name level-11
 description Predefined level-11 role
#
role name level-12
 description Predefined level-12 role
#
role name level-13
 description Predefined level-13 role
#
role name level-14
 description Predefined level-14 role
#
user-group system
#
local-user admin class manage
 password hash $h$6$tBhNQJuBUd3La7/h$+JNXdiLJ/VASRtMlo1o2qKKJhsNN36EOm7rtF1AccdjJUS60Q3tQaeqqCGXXiaqusgSawzTVnR5yOrVDq1PJzQ==
 service-type telnet terminal http https
 authorization-attribute user-role level-3
 authorization-attribute user-role network-admin
 authorization-attribute user-role network-operator
#
 ip http enable
 ip https enable
#
security-policy ip
 rule 0 name trust-to-untrust
  action pass
#
return
View Code

core-3-1

技术图片
<core-3-1>dis current-configuration
#
 version 7.1.075, Alpha 7571
#
 sysname core-3-1
#
 clock protocol none
#
 telnet server enable
#
 irf mac-address persistent timer
 irf auto-update enable
 undo irf link-delay
 irf member 1 priority 1
#
 lldp global enable
#
 system-working-mode standard
 xbar load-single
 password-recovery enable
 lpu-type f-series
#
vlan 1
#
vlan 10
#
vlan 200
#
vlan 300
#
 stp global enable
#
interface NULL0
#
interface Vlan-interface10
 ip address 10.20.4.252 255.255.252.0
#
interface Vlan-interface200
 ip address 10.19.4.1 255.255.252.0
#
interface Vlan-interface300
 ip address 192.168.4.1 255.255.252.0
#
interface FortyGigE1/0/53
 port link-mode bridge
#
interface FortyGigE1/0/54
 port link-mode bridge
#
interface GigabitEthernet1/0/1
 port link-mode route
 combo enable fiber
 ip address 1.1.1.1 255.255.255.252
#
interface GigabitEthernet1/0/2
 port link-mode bridge
 port link-type trunk
 undo port trunk permit vlan 1
 port trunk permit vlan 10 200 300
 combo enable fiber
#
interface GigabitEthernet1/0/3
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/4
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/5
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/6
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/7
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/8
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/9
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/10
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/11
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/12
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/13
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/14
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/15
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/16
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/17
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/18
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/19
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/20
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/21
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/22
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/23
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/24
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/25
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/26
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/27
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/28
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/29
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/30
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/31
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/32
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/33
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/34
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/35
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/36
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/37
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/38
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/39
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/40
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/41
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/42
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/43
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/44
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/45
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/46
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/47
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/48
 port link-mode bridge
 combo enable fiber
#
interface M-GigabitEthernet0/0/0
#
interface Ten-GigabitEthernet1/0/49
 port link-mode bridge
 combo enable fiber
#
interface Ten-GigabitEthernet1/0/50
 port link-mode bridge
 combo enable fiber
#
interface Ten-GigabitEthernet1/0/51
 port link-mode bridge
 combo enable fiber
#
interface Ten-GigabitEthernet1/0/52
 port link-mode bridge
 combo enable fiber
#
 scheduler logfile size 16
#
line class aux
 user-role network-operator
#
line class console
 user-role network-admin
#
line class tty
 user-role network-operator
#
line class vty
 user-role network-operator
#
line aux 0
 user-role network-operator
#
line con 0
 user-role network-admin
#
line vty 0 4
 authentication-mode scheme
 user-role network-operator
#
line vty 5 63
 user-role network-operator
#
 ip route-static 0.0.0.0 0 1.1.1.2
 ip route-static 10.20.4.0 22 10.20.4.252
 ip route-static 10.20.4.0 22 1.1.1.2
#
 ntp-service unicast-server 10.20.4.253
#
radius scheme system
 user-name-format without-domain
#
domain name system
#
 domain default enable system
#
role name level-0
 description Predefined level-0 role
#
role name level-1
 description Predefined level-1 role
#
role name level-2
 description Predefined level-2 role
#
role name level-3
 description Predefined level-3 role
#
role name level-4
 description Predefined level-4 role
#
role name level-5
 description Predefined level-5 role
#
role name level-6
 description Predefined level-6 role
#
role name level-7
 description Predefined level-7 role
#
role name level-8
 description Predefined level-8 role
#
role name level-9
 description Predefined level-9 role
#
role name level-10
 description Predefined level-10 role
#
role name level-11
 description Predefined level-11 role
#
role name level-12
 description Predefined level-12 role
#
role name level-13
 description Predefined level-13 role
#
role name level-14
 description Predefined level-14 role
#
user-group system
#
local-user yhq class manage
 password hash $h$6$MyuRhIJeandoymXE$5SKNyQVYMgZZm6cJ6nMtUTz4HMCFAIGTjpTJOkX3l09oAnmS3NjZj2E7h1KGFMVk3XYzRqdsKYKI4bKc1HZmiQ==
 service-type telnet
 authorization-attribute user-role level-15
 authorization-attribute user-role network-operator
#
return
View Code

sw-2-1

技术图片
<sw-2-1>dis current-configuration
#
 version 7.1.075, Alpha 7571
#
 sysname sw-2-1
#
 telnet server enable
#
 irf mac-address persistent timer
 irf auto-update enable
 undo irf link-delay
 irf member 1 priority 1
#
 lldp global enable
#
 system-working-mode standard
 xbar load-single
 password-recovery enable
 lpu-type f-series
#
vlan 1
#
vlan 10
#
vlan 200
#
vlan 300
#
 stp global enable
#
interface NULL0
#
interface Vlan-interface10
 ip address 10.20.4.253 255.255.252.0
#
interface Vlan-interface200
#
interface FortyGigE1/0/53
 port link-mode bridge
#
interface FortyGigE1/0/54
 port link-mode bridge
#
interface GigabitEthernet1/0/1
 port link-mode bridge
 port link-type trunk
 undo port trunk permit vlan 1
 port trunk permit vlan 10 200 300
 combo enable fiber
#
interface GigabitEthernet1/0/2
 port link-mode bridge
 port access vlan 200
 combo enable fiber
#
interface GigabitEthernet1/0/3
 port link-mode bridge
 port access vlan 300
 combo enable fiber
#
interface GigabitEthernet1/0/4
 port link-mode bridge
 port access vlan 200
 combo enable fiber
#
interface GigabitEthernet1/0/5
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/6
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/7
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/8
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/9
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/10
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/11
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/12
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/13
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/14
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/15
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/16
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/17
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/18
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/19
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/20
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/21
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/22
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/23
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/24
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/25
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/26
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/27
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/28
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/29
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/30
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/31
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/32
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/33
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/34
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/35
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/36
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/37
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/38
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/39
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/40
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/41
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/42
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/43
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/44
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/45
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/46
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/47
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/48
 port link-mode bridge
 combo enable fiber
#
interface M-GigabitEthernet0/0/0
#
interface Ten-GigabitEthernet1/0/49
 port link-mode bridge
 combo enable fiber
#
interface Ten-GigabitEthernet1/0/50
 port link-mode bridge
 combo enable fiber
#
interface Ten-GigabitEthernet1/0/51
 port link-mode bridge
 combo enable fiber
#
interface Ten-GigabitEthernet1/0/52
 port link-mode bridge
 combo enable fiber
#
 scheduler logfile size 16
#
line class aux
 user-role network-operator
#
line class console
 user-role network-admin
#
line class tty
 user-role network-operator
#
line class vty
 user-role network-operator
#
line aux 0
 user-role network-operator
#
line con 0
 user-role network-admin
#
line vty 0 4
 authentication-mode scheme
 user-role level-3
 user-role network-operator
 set authentication password hash $h$6$LC3L/BBb1SYECRjg$Yt1smXHJIWusWQRLQiRc37xYCUcOs4hahYotExTAb261NBODmPW/4xruBr8pz7DenOdlDkvpzSofLC5qfv0qkA==
#
line vty 5 63
 user-role network-operator
#
 ip route-static 0.0.0.0 0 1.1.1.2
 ip route-static 0.0.0.0 0 1.1.1.1
 ip route-static 0.0.0.0 0 10.20.4.252
#
 ntp-service refclock-master 2
#
radius scheme system
 user-name-format without-domain
#
domain name system
#
 domain default enable system
#
role name level-0
 description Predefined level-0 role
#
role name level-1
 description Predefined level-1 role
#
role name level-2
 description Predefined level-2 role
#
role name level-3
 description Predefined level-3 role
#
role name level-4
 description Predefined level-4 role
#
role name level-5
 description Predefined level-5 role
#
role name level-6
 description Predefined level-6 role
#
role name level-7
 description Predefined level-7 role
#
role name level-8
 description Predefined level-8 role
#
role name level-9
 description Predefined level-9 role
#
role name level-10
 description Predefined level-10 role
#
role name level-11
 description Predefined level-11 role
#
role name level-12
 description Predefined level-12 role
#
role name level-13
 description Predefined level-13 role
#
role name level-14
 description Predefined level-14 role
#
user-group system
#
local-user yhq class manage
 password hash $h$6$2tMr2Zq84CM2cTGZ$0y06oUKk0a1+YnpPDapjOURe46hUuz0qULjIQMTuMhDBboWPydxqEDtvoprqDrX+wjH7FR5fVIaWvQC9l5yD3Q==
 service-type telnet
 authorization-attribute idle-cut 5
 authorization-attribute user-role level-3
 authorization-attribute user-role level-15
 authorization-attribute user-role network-operator
#
return
View Code

在初学使用阶段,如有不正,请提示~~谢谢!!

H3C 模拟器 pc与防火墙,交换机相连,在pc cmd下用telnet访问交换机和防火墙

标签:sof   security   cuc   实现   路由   show   inf   use   obj   

原文地址:https://www.cnblogs.com/yhq1314/p/11419953.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!