华为 MA5200F配置脚本例子

3/1/2008来源:华为网络人气:7010


*********************************************************
*          All rights reserved (1997-2003)              *
*      Without the owner's PRior written consent,       *
*no decompiling or reverse-engineering shall be allowed.*
*********************************************************


Login authentication


PassWord:
<MA5200F>sys
Enter system view , return user view with Ctrl+Z.
[MA5200F]dis curr
#
version 7115
sysname MA5200F
#
system language-mode english
#
FTP server enable
#
dhcp invalid-server-detecting 10
#
web-auth-server 10.0.0.1 port 50100 key huawei
#
radius-server group radiusyang
radius-server key hello
radius-server authentication 192.168.1.200 1812
radius-server accounting 192.168.2.200 1813
radius-server group zcbradius
radius-server key octopus
radius-server authentication 10.0.0.254 1812
radius-server accounting 10.0.0.254 1813
radius-server group maxch
radius-server key hello
radius-server authentication 192.168.1.200 1812
radius-server accounting 192.168.1.200 1813
radius-server group login
#
web-server
Directory Flash:/portal/chn/
default-page /index.Html
#
undo trap-statistics 70f2000
undo trap-statistics 70f2001
undo trap-statistics 70f2002
undo trap-statistics 70f2003
undo trap-statistics 70f2004
undo trap-statistics 70f2005
undo trap-statistics 70f2008
undo trap-statistics 70f2009
undo trap-statistics 70f200c
undo trap-statistics 70f200d
undo trap-statistics 70f200e
undo trap-statistics 70f200f
undo trap-statistics 70f2017
undo trap-statistics 70f2018
#
login authentication-scheme scheme huawei local
login local-user zhanghua  password simple zhanghua
login local-user zhanghua service-type ftp
login local-user zhanghua ftp-directory flash:/portal
login local-user myb  password simple huawei
login local-user myb service-type ftp
login local-user myb ftp-directory flash:
login local-user ma5200  password simple huawei
login local-user ma5200 service-type ftp
login local-user ma5200 ftp-directory flash:
#
interface Ethernet1
#
interface Ethernet1.10
#
interface Ethernet2
#
interface Ethernet2.0
#
interface Ethernet2.2
#
interface Ethernet3
#
interface Ethernet4
#
interface Ethernet5
#
interface Ethernet6
#
interface Ethernet7
#
interface Ethernet7.1
#
interface Ethernet7.8
#
interface Ethernet8
#
interface Ethernet9
#
interface Ethernet10
#
interface Ethernet11
#
interface Ethernet12
#
interface Ethernet12.0
ip address 10.20.0.1 255.255.255.0
#
interface Ethernet12.1
#
interface Ethernet13
#
interface Ethernet14
#
interface Ethernet15
#
interface Ethernet16
#
interface Ethernet17
#
interface Ethernet18
#
interface Ethernet19
#
interface Ethernet20
#
interface Ethernet21
#
interface Ethernet22
#
interface Ethernet23
#
interface Ethernet24
#
interface NULL0
#
interface LoopBack0
#
interface Nm-Ethernet0
ip address 192.168.1.101 255.255.255.0
#
acl number 110 match-order auto
rule 1 user-net deny ip source 110     (配置对于认证前的用户只能访问WEB服务器和DNS服务器,110是UCl-group号)

acl number 111 match-order auto
rule 0 user-net deny ip source 111
acl number 113
rule 2 user-net deny ip source 113
acl number 134
rule 2 user-net deny ip source 134
#
ip pool haha local
gateway 10.26.1.1 255.255.255.0
section 0 10.26.1.2 10.26.1.200
dns-server  192.168.1.101
#
ip pool home local
gateway 10.20.1.1 255.255.255.0
section 0 10.20.1.2 10.20.1.254
dns-server  202.103.214.5
#
ip pool lfs local
gateway 161.224.1.1 255.255.255.0
#
ip pool maxch local
gateway 10.1.1.1 255.255.252.0
section 0 10.1.1.2 10.1.1.254
section 1 10.1.1.255 10.1.2.255
#
ip pool myb local
gateway 100.100.100.1 255.255.255.0
section 0 100.100.100.2 100.100.100.200
#
ip pool qz local
gateway 220.173.196.1 255.255.255.0
section 0 220.173.196.2 220.173.196.254
#
ip pool yangjh local
gateway 10.23.1.1 255.255.0.0
section 7 10.23.1.2 10.23.4.255
#
ip pool zhanghua local
gateway 10.10.20.1 255.255.0.0
section 0 10.10.20.2 10.10.23.254
#
ip pool zhangxi local
gateway 10.20.0.1 255.255.255.0
section 0 10.20.0.2 10.20.0.254
dns-server  202.103.214.5
#
ip pool zhaochongbin local
gateway 10.0.0.1 255.255.0.0
section 0 10.0.0.2 10.0.0.254
section 1 10.0.1.1 10.0.1.254
#
dot1x-template 1
#
aaa
authentication-scheme  zhanghua
authentication-mode local
authentication-scheme  maxch
authentication-scheme  auth1
authentication-scheme  authyang
authentication-mode local
authentication-scheme  zhangxi2
authentication-mode local
authentication-scheme  local
authentication-scheme  lfs
authentication-mode local
authentication-scheme  myb
authentication-mode local
authentication-scheme  haha
authentication-mode local
authentication-scheme  home
authentication-mode local
authentication-scheme  authzcb
authentication-mode local
accounting-scheme  zhanghua
accounting-mode local
accounting-scheme  maxch
accounting-scheme  acc1
accounting-scheme  acctyang
accounting-mode local
accounting-scheme  zhangxi1
accounting-mode local
accounting-scheme  lfs
accounting-mode local
accounting-scheme  myb
accounting-mode local
accounting-scheme  haha
accounting-mode local
accounting-scheme  home
accounting-mode local
accounting-scheme  acczcb
accounting-mode local
domain  default0
web-server  192.168.1.101     (可改为127.0.0.1,这样用户认证时WEB页面地址为IP POOL的网关地址)
ucl-group   110
ip-pool   maxch
domain  zhanghua
authentication-scheme   zhanghua
accounting-scheme   zhanghua
domain  maxch
authentication-scheme   maxch
accounting-scheme   maxch
QQread.com 推出各大专业服务器评测 linux服务器的安全性能 SUN服务器 HP服务器 DELL服务器 IBM服务器 联想服务器 浪潮服务器 曙光服务器 同方服务器 华硕服务器 宝德服务器
web-server  192.168.1.101    (可不需要)
ucl-group   110             (可不需要)
ip-pool   maxch             (可不需要)  
domain  zcb
authentication-scheme   auth1
accounting-scheme   acc1
ip-pool   zhaochongbin
domain  yangjh
authentication-scheme   authyang
accounting-scheme   acctyang
radius-server group  radiusyang
web-server  192.168.1.101
ucl-group   113
ip-pool   yangjh
domain  zhangxi3
authentication-scheme   zhangxi2
accounting-scheme   zhangxi1
ip-pool   zhangxi
domain  lfs
authentication-scheme   lfs
accounting-scheme   lfs
ip-pool   lfs
domain  myb
authentication-scheme   myb
accounting-scheme   myb
web-server  192.168.1.101
ucl-group   111
ip-pool   myb
domain  haha
authentication-scheme   haha
accounting-scheme   haha
domain  zcb1
authentication-scheme   auth1
accounting-scheme   acc1
radius-server group  zcbradius
web-server  10.0.0.1
ucl-group   1
ip-pool   zhaochongbin
domain  home
authentication-scheme   home
accounting-scheme   home
ip-pool   home
#
local-aaa-server
batch-user ethernet 7 5 3
batch-user ethernet 7 11 1
batch-user ethernet 7 23 1
batch-user ethernet 8 1 3
batch-user ethernet 7 300 1 domain haha
batch-user ethernet 7 11 1 domain home
batch-user ethernet 7 17 4 domain maxch
batch-user ethernet 7 10 2 domain myb
user [email protected] password maxch
user [email protected] password myb
batch-user ethernet 7 13 1 domain yangjh
user [email protected] password 123456
batch-user ethernet 5 5 1 domain zcb
batch-user ethernet 5 5 1 domain zcb password 123456
batch-user ethernet 5 6 2 domain zcb
batch-user ethernet 7 5 1 domain zcb
batch-user ethernet 7 5 1 domain zcb password 123456
batch-user ethernet 7 6 2 domain zcb
user [email protected] password 123456
user [email protected] password zhanghua
batch-user ethernet 7 14 1 domain zhangxi3
batch-user ethernet 7 23 1 domain zhangxi3
batch-user ethernet 7 23 1 domain zhangxi
batch-user ethernet 8 1 3 domain zhangxi
batch-user ethernet 23 5 1 domain zhangxi
#
ip route-static 0.0.0.0 0.0.0.0 10.20.0.2
#
snmp-agent
snmp-agent local-engineid 000007DB7F000001AA7
snmp-agent community read  public
snmp-agent community write  private
snmp-agent sys-info contact
snmp-agent sys-info location
snmp-agent sys-info version v3
#
access-group 110 Ethernet 7
#
user-interface con 0
authentication-mode password
set authentication password simple huawei
user-interface vty 0 4
user privilege level 3
set authentication password simple huawei
#
portvlan ethernet 1 vlan 2 1
access-type layer2-subscriber
default-domain authentication maxch
authentication-method bind
portvlan ethernet 1 vlan 7 1
access-type layer2-subscriber
default-domain authentication yangjh
authentication-method bind
portvlan ethernet 5 vlan 5 1
access-type layer2-subscriber
default-domain authentication zcb
authentication-method bind
portvlan ethernet 6 vlan 201 1
access-type layer2-subscriber
default-domain authentication zhanghua
authentication-method web
portvlan ethernet 7 vlan 5 1
access-type layer2-subscriber
default-domain authentication zcb
authentication-method web
portvlan ethernet 7 vlan 8 1
access-type interface
portvlan ethernet 7 vlan 10 1
access-type layer2-subscriber
default-domain authentication myb
authentication-method web
portvlan ethernet 7 vlan 11 1
access-type layer2-subscriber
default-domain authentication home
authentication-method bind
portvlan ethernet 7 vlan 13 1
access-type layer2-subscriber
default-domain authentication yangjh
authentication-method web
portvlan ethernet 7 vlan 14 1
access-type layer2-subscriber
default-domain authentication zhangxi3
authentication-method bind
portvlan ethernet 7 vlan 17 1
access-type layer2-subscriber
default-domain authentication maxch
authentication-method web
portvlan ethernet 7 vlan 23 1
access-type layer2-subscriber
default-domain authentication zhangxi3
authentication-method bind
portvlan ethernet 7 vlan 300 1
access-type layer2-subscriber
default-domain authentication haha
authentication-method bind
portvlan ethernet 8 vlan 1 1
access-type layer2-subscriber
default-domain authentication zhangxi3
authentication-method bind
portvlan ethernet 23 vlan 5 1
access-type layer2-subscriber
default-domain authentication zhangxi3
authentication-method bind
portvlan ethernet 24 vlan 0 1
access-type interface
portvlan ethernet 24 vlan 5 1
access-type interface
#
return
[MA5200F]