华为 MA5200F配置脚本例子

*********************************************************

* All rights reserved (1997-2003) *

* Without the owner's prior written consent, *

*no decompiling or reverse-engineering shall be allowed.*

*********************************************************

Login authentication

PassWord:

<MA5200F>sys

Enter system view , return user view with Ctrl+Z.

[MA5200F]dis curr

#

version 7115

sysname MA5200F

#

system language-mode english

#

FTP server enable

#

dhcp invalid-server-detecting 10

#

web-auth-server 10.0.0.1 port 50100 key huawei

#

radius-server group radiusyang

radius-server key hello

radius-server authentication 192.168.1.200 1812

radius-server accounting 192.168.2.200 1813

radius-server group zcbradius

radius-server key octopus

radius-server authentication 10.0.0.254 1812

radius-server accounting 10.0.0.254 1813

radius-server group maxch

radius-server key hello

radius-server authentication 192.168.1.200 1812

radius-server accounting 192.168.1.200 1813

radius-server group login

#

web-server

Directory flash:/portal/chn/

default-page /index.Html

#

undo trap-statistics 70f2000

undo trap-statistics 70f2001

undo trap-statistics 70f2002

undo trap-statistics 70f2003

undo trap-statistics 70f2004

undo trap-statistics 70f2005

undo trap-statistics 70f2008

undo trap-statistics 70f2009

undo trap-statistics 70f200c

undo trap-statistics 70f200d

undo trap-statistics 70f200e

undo trap-statistics 70f200f

undo trap-statistics 70f2017

undo trap-statistics 70f2018

#

login authentication-scheme scheme huawei local

login local-user zhanghua password simple zhanghua

login local-user zhanghua service-type ftp

login local-user zhanghua ftp-directory flash:/portal

login local-user myb password simple huawei

login local-user myb service-type ftp

login local-user myb ftp-directory flash:

login local-user ma5200 password simple huawei

login local-user ma5200 service-type ftp

login local-user ma5200 ftp-directory flash:

#

interface Ethernet1

#

interface Ethernet1.10

#

interface Ethernet2

#

interface Ethernet2.0

#

interface Ethernet2.2

#

interface Ethernet3

#

interface Ethernet4

#

interface Ethernet5

#

interface Ethernet6

#

interface Ethernet7

#

interface Ethernet7.1

#

interface Ethernet7.8

#

interface Ethernet8

#

interface Ethernet9

#

interface Ethernet10

#

interface Ethernet11

#

interface Ethernet12

#

interface Ethernet12.0

ip address 10.20.0.1 255.255.255.0

#

interface Ethernet12.1

#

interface Ethernet13

#

interface Ethernet14

#

interface Ethernet15

#

interface Ethernet16

#

interface Ethernet17

#

interface Ethernet18

#

interface Ethernet19

#

interface Ethernet20

#

interface Ethernet21

#

interface Ethernet22

#

interface Ethernet23

#

interface Ethernet24

#

interface NULL0

#

interface LoopBack0

#

interface Nm-Ethernet0

ip address 192.168.1.101 255.255.255.0

#

acl number 110 match-order auto

rule 1 user-net deny ip source 110 (配置对于认证前的用户只能访问WEB服务器和DNS服务器，110是UCl-group号）

acl number 111 match-order auto

rule 0 user-net deny ip source 111

acl number 113

rule 2 user-net deny ip source 113

acl number 134

rule 2 user-net deny ip source 134

#

ip pool haha local

gateway 10.26.1.1 255.255.255.0

section 0 10.26.1.2 10.26.1.200

dns-server 192.168.1.101

#

ip pool home local

gateway 10.20.1.1 255.255.255.0

section 0 10.20.1.2 10.20.1.254

dns-server 202.103.214.5

#

ip pool lfs local

gateway 161.224.1.1 255.255.255.0

#

ip pool maxch local

gateway 10.1.1.1 255.255.252.0

section 0 10.1.1.2 10.1.1.254

section 1 10.1.1.255 10.1.2.255

#

ip pool myb local

gateway 100.100.100.1 255.255.255.0

section 0 100.100.100.2 100.100.100.200

#

ip pool qz local

gateway 220.173.196.1 255.255.255.0

section 0 220.173.196.2 220.173.196.254

#

ip pool yangjh local

gateway 10.23.1.1 255.255.0.0

section 7 10.23.1.2 10.23.4.255

#

ip pool zhanghua local

gateway 10.10.20.1 255.255.0.0

section 0 10.10.20.2 10.10.23.254

#

ip pool zhangxi local

gateway 10.20.0.1 255.255.255.0

section 0 10.20.0.2 10.20.0.254

dns-server 202.103.214.5

#

ip pool zhaochongbin local

gateway 10.0.0.1 255.255.0.0

section 0 10.0.0.2 10.0.0.254

section 1 10.0.1.1 10.0.1.254

#

dot1x-template 1

#

aaa

authentication-scheme zhanghua

authentication-mode local

authentication-scheme maxch

authentication-scheme auth1

authentication-scheme authyang

authentication-mode local

authentication-scheme zhangxi2

authentication-mode local

authentication-scheme local

authentication-scheme lfs

authentication-mode local

authentication-scheme myb

authentication-mode local

authentication-scheme haha

authentication-mode local

authentication-scheme home

authentication-mode local

authentication-scheme authzcb

authentication-mode local

accounting-scheme zhanghua

accounting-mode local

accounting-scheme maxch

accounting-scheme acc1

accounting-scheme acctyang

accounting-mode local

accounting-scheme zhangxi1

accounting-mode local

accounting-scheme lfs

accounting-mode local

accounting-scheme myb

accounting-mode local

accounting-scheme haha

accounting-mode local

accounting-scheme home

accounting-mode local

accounting-scheme acczcb

accounting-mode local

domain default0

web-server 192.168.1.101 （可改为127.0.0.1,这样用户认证时WEB页面地址为IP POOL的网关地址）

ucl-group 110

ip-pool maxch

domain zhanghua

authentication-scheme zhanghua

accounting-scheme zhanghua

domain maxch

authentication-scheme maxch

accounting-scheme maxch

QQread.com

推出各大专业服务器评测 Linux服务器的安全性能

SUN服务器

HP服务器

DELL服务器

IBM服务器

联想服务器

浪潮服务器

曙光服务器

同方服务器

华硕服务器

宝德服务器

web-server 192.168.1.101 (可不需要)

ucl-group 110 (可不需要)

ip-pool maxch (可不需要)

domain zcb

authentication-scheme auth1

accounting-scheme acc1

ip-pool zhaochongbin

domain yangjh

authentication-scheme authyang

accounting-scheme acctyang

radius-server group radiusyang

web-server 192.168.1.101

ucl-group 113

ip-pool yangjh

domain zhangxi3

authentication-scheme zhangxi2

accounting-scheme zhangxi1

ip-pool zhangxi

domain lfs

authentication-scheme lfs

accounting-scheme lfs

ip-pool lfs

domain myb

authentication-scheme myb

accounting-scheme myb

web-server 192.168.1.101

ucl-group 111

ip-pool myb

domain haha

authentication-scheme haha

accounting-scheme haha

domain zcb1

authentication-scheme auth1

accounting-scheme acc1

radius-server group zcbradius

web-server 10.0.0.1

ucl-group 1

ip-pool zhaochongbin

domain home

authentication-scheme home

accounting-scheme home

ip-pool home

#

local-aaa-server

batch-user ethernet 7 5 3

batch-user ethernet 7 11 1

batch-user ethernet 7 23 1

batch-user ethernet 8 1 3

batch-user ethernet 7 300 1 domain haha

batch-user ethernet 7 11 1 domain home

batch-user ethernet 7 17 4 domain maxch

batch-user ethernet 7 10 2 domain myb

user maxch@myb password maxch

user myb@myb password myb

batch-user ethernet 7 13 1 domain yangjh

user zcb@zcb1 password 123456

batch-user ethernet 5 5 1 domain zcb

batch-user ethernet 5 5 1 domain zcb password 123456

batch-user ethernet 5 6 2 domain zcb

batch-user ethernet 7 5 1 domain zcb

batch-user ethernet 7 5 1 domain zcb password 123456

batch-user ethernet 7 6 2 domain zcb

user zcb@zcb password 123456

user zh@zhanghua password zhanghua

batch-user ethernet 7 14 1 domain zhangxi3

batch-user ethernet 7 23 1 domain zhangxi3

batch-user ethernet 7 23 1 domain zhangxi

batch-user ethernet 8 1 3 domain zhangxi

batch-user ethernet 23 5 1 domain zhangxi

#

ip route-static 0.0.0.0 0.0.0.0 10.20.0.2

#

snmp-agent

snmp-agent local-engineid 000007DB7F000001AA7

snmp-agent community read public

snmp-agent community write private

snmp-agent sys-info contact

snmp-agent sys-info location

snmp-agent sys-info version v3

#

Access-group 110 Ethernet 7

#

user-interface con 0

authentication-mode password

set authentication password simple huawei

user-interface vty 0 4

user privilege level 3

set authentication password simple huawei

#

portvlan ethernet 1 vlan 2 1

access-type layer2-subscriber

default-domain authentication maxch

authentication-method bind

portvlan ethernet 1 vlan 7 1

access-type layer2-subscriber

default-domain authentication yangjh

authentication-method bind

portvlan ethernet 5 vlan 5 1

access-type layer2-subscriber

default-domain authentication zcb

authentication-method bind

portvlan ethernet 6 vlan 201 1

access-type layer2-subscriber

default-domain authentication zhanghua

authentication-method web

portvlan ethernet 7 vlan 5 1

access-type layer2-subscriber

default-domain authentication zcb

authentication-method web

portvlan ethernet 7 vlan 8 1

access-type interface

portvlan ethernet 7 vlan 10 1

access-type layer2-subscriber

default-domain authentication myb

authentication-method web

portvlan ethernet 7 vlan 11 1

access-type layer2-subscriber

default-domain authentication home

authentication-method bind

portvlan ethernet 7 vlan 13 1

access-type layer2-subscriber

default-domain authentication yangjh

authentication-method web

portvlan ethernet 7 vlan 14 1

access-type layer2-subscriber

default-domain authentication zhangxi3

authentication-method bind

portvlan ethernet 7 vlan 17 1

access-type layer2-subscriber

default-domain authentication maxch

authentication-method web

portvlan ethernet 7 vlan 23 1

access-type layer2-subscriber

default-domain authentication zhangxi3

authentication-method bind

portvlan ethernet 7 vlan 300 1

access-type layer2-subscriber

default-domain authentication haha

authentication-method bind

portvlan ethernet 8 vlan 1 1

access-type layer2-subscriber

default-domain authentication zhangxi3

authentication-method bind

portvlan ethernet 23 vlan 5 1

access-type layer2-subscriber

default-domain authentication zhangxi3

authentication-method bind

portvlan ethernet 24 vlan 0 1

access-type interface

portvlan ethernet 24 vlan 5 1

access-type interface

#

return

[MA5200F]