version7.1.064,Release9304P05#sysnameUNIS#contextAdminid1#ipvpn-instancemanagementroute-distinguisher1000000000:1vpn-target1000000000:1import-extcommunityvpn-target1000000000:1export-extcommunity#teln
version 7.1.064, Release 9304P05
#
sysname UNIS
#
context Admin id 1
#
ip vpn-instance management
route-distinguisher 1000000000:1
vpn-target 1000000000:1 import-extcommunity
vpn-target 1000000000:1 export-extcommunity
#
telnet server enable
#
irf mac-address persistent timer
irf auto-update enable
undo irf link-delay
irf member 1 priority 1
#
security-zone intra-zone default permit
#
password-recovery enable
#
vlan 1
#
vlan 49 to 50
#
vlan 70
#
vlan 255
#
object-group ip address DNC服务器
0 network host address 10.100.80.10
#
object-group ip address DNC机床
description DNC机床
0 network subnet 10.100.50.0 255.255.255.0
#
object-group ip address test
#
object-group ip address 机加一分厂触摸屏控制台
0 network host address 10.100.50.193
#
object-group service 123
0 service icmp 0 0
#
object-group service DNC机床-服务器端口策略
0 service icmp 0 0
10 service tcp destination eq 21
20 service tcp destination range 600 1023
30 service udp destination eq 2049
40 service udp destination eq 111
50 service tcp destination eq 2049
60 service tcp destination eq 111
70 service tcp destination eq 19000
80 service udp destination range 8192 8193
90 service tcp destination range 8192 8193
100 service tcp destination eq 502
#
object-group service 机加一分厂触摸屏控制台-服务器
0 service icmp 0 0
10 service tcp destination eq 8889
20 service tcp destination eq 8000
30 service tcp destination eq 1521
#
interface NULL0
#
interface Vlan-interface255
ip address 10.100.255.40 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-mode route
ip binding vpn-instance management
ip address 192.168.0.1 255.255.255.0
#
interface GigabitEthernet1/0/16
port link-mode route
#
interface GigabitEthernet1/0/17
port link-mode route
#
interface GigabitEthernet1/0/18
port link-mode route
#
interface GigabitEthernet1/0/19
port link-mode route
#
interface GigabitEthernet1/0/20
port link-mode route
#
interface GigabitEthernet1/0/21
port link-mode route
#
interface GigabitEthernet1/0/22
port link-mode route
#
interface GigabitEthernet1/0/23
port link-mode route
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port trunk pvid vlan 255
#
interface GigabitEthernet1/0/2
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port trunk pvid vlan 255
#
interface GigabitEthernet1/0/3
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port trunk pvid vlan 255
#
interface GigabitEthernet1/0/4
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port trunk pvid vlan 255
#
interface GigabitEthernet1/0/5
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port trunk pvid vlan 255
#
interface GigabitEthernet1/0/6
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port trunk pvid vlan 255
#
interface GigabitEthernet1/0/7
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port trunk pvid vlan 255
#
interface GigabitEthernet1/0/8
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port trunk pvid vlan 255
#
interface GigabitEthernet1/0/9
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port trunk pvid vlan 255
#
interface GigabitEthernet1/0/10
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port trunk pvid vlan 255
#
interface GigabitEthernet1/0/11
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port trunk pvid vlan 255
#
interface GigabitEthernet1/0/12
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port trunk pvid vlan 255
#
interface GigabitEthernet1/0/13
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port trunk pvid vlan 255
#
interface GigabitEthernet1/0/14
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port trunk pvid vlan 255
#
interface GigabitEthernet1/0/15
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port trunk pvid vlan 255
#
object-policy ip Any-Any
rule 0 pass logging counting
#
object-policy ip Trust-Untrust
rule 0 pass source-ip DNC机床 destination-ip DNC服务器 service DNC机床-服务器端
口策略 logging counting
rule 1 pass source-ip 机加一分厂触摸屏控制台 destination-ip DNC服务器 service
右环殖Тッ量刂铺?服务器 logging counting
#
security-zone name Local
#
security-zone name Trust
import interface GigabitEthernet1/0/8 vlan 1 50 70 80 255
import interface GigabitEthernet1/0/9 vlan 1 50 70 80 255
import interface GigabitEthernet1/0/10 vlan 1 50 70 80 255
import interface GigabitEthernet1/0/11 vlan 1 50 70 80 255
import interface GigabitEthernet1/0/12 vlan 1 50 70 80 255
import interface GigabitEthernet1/0/13 vlan 1 49 to 50 70 80 255
import interface GigabitEthernet1/0/14 vlan 1 49 to 50 70 80 255
import interface GigabitEthernet1/0/15 vlan 1 49 to 50 70 80 255
#
security-zone name DMZ
#
security-zone name Untrust
import interface Vlan-interface255
import interface GigabitEthernet1/0/1 vlan 1 49 to 50 70 80 255
import interface GigabitEthernet1/0/2 vlan 1 50 70 80 255
import interface GigabitEthernet1/0/3 vlan 1 50 70 80 255
import interface GigabitEthernet1/0/4 vlan 1 50 70 80 255
import interface GigabitEthernet1/0/5 vlan 1 50 70 80 255
import interface GigabitEthernet1/0/6 vlan 1 50 70 80 255
import interface GigabitEthernet1/0/7 vlan 1 50 70 80 255
#
security-zone name Management
import interface GigabitEthernet1/0/0
#
zone-pair security source Any destination Any
object-policy apply ip Any-Any
packet-filter 2000
#
zone-pair security source Trust destination Untrust
object-policy apply ip Trust-Untrust
#
scheduler logfile size 16
#
line class aux
user-role network-operator
#
line class console
user-role network-admin
#
line class vty
user-role network-operator
#
line aux 0
user-role network-admin
#
line con 0
authentication-mode scheme
user-role network-admin
#
line vty 0 4
user-role level-15
user-role network-admin
set authentication password hash $h$6$FXcqr ZUfkzh0xpf$FoUxGIL0XT92tC90K2jVEkPb
95M33o675GIBswGHmY1iFfkmEoA/5m37Bn8aOnghK8bXPJZRbEd6P9VLjopCdg==
protocol inbound telnet
#
line vty 5 63
authentication-mode scheme
user-role network-admin
#
ip route-static 0.0.0.0 0 10.100.255.254
#
info-center logbuffer size 1024
#
ssh server enable
#
acl basic 2000
rule 0 permit
rule 0 permit
#
domain system
#
aaa session-limit ftp 16
aaa session-limit telnet 16
aaa session-limit ssh 16
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user admin class manage
password hash $h$6$9R/xrcOboMeyKx5C$0bPaw7Q41dLHQp2X8AAdmTLTU8RGFVplQmWdU7VZG95
n 3Dh2SQlKUn nIIVZflQSgIhMWZzVFEqlXFMeecodQ==
service-type ssh terminal https
authorization-attribute user-role level-3
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
local-user h3c class manage
service-type https
authorization-attribute user-role level-3
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
local-user i class manage
authorization-attribute user-role network-operator
#
ip https enable
#
ips policy default
#
anti-virus policy default
#
return
