帮忙看下网吧300台机子,AR28-11的配置!
<Quidway>dis cu
#
sysname Quidway
#
FTP server enable
#
l2tp domain suffix-separator @
#
firewall enable
#
radius scheme system
#
domain system
#
local-user admin
password simple ynqjhlxk
service-type telnet terminal
level 3
service-type ftp
#
interface Aux0
async mode flow
#
interface Ethernet0/0
ip address 192.168.1.254 255.255.255.0
firewall packet-filter 3001 inbound
#
interface Ethernet0/1
ip address 60.161.81.102 255.255.255.248
firewall packet-filter 3001 inbound
nat outbound 2000
#
interface Serial0/0
clock DTECLK1
link-protocol ppp
ip address ppp-negotiate
#
interface NULL0
#
acl number 2000
rule 0 permit source 192.168.1.0 0.0.0.255
rule 1 permit source 192.168.0.0 0.0.0.255
rule 2 deny
#
acl number 3001
rule 0 deny tcp destination-port eq 135
rule 1 deny udp destination-port eq 135
rule 2 deny tcp destination-port eq 445
rule 3 deny udp destination-port eq 445
rule 4 deny tcp destination-port eq 137
rule 5 deny tcp destination-port eq 139
rule 6 deny tcp destination-port eq 593
rule 7 deny udp destination-port eq 593
rule 8 deny tcp destination-port eq 4444
rule 9 deny tcp destination-port eq 5554
rule 10 deny udp destination-port eq tftp
rule 11 deny udp destination-port eq 1434
rule 12 deny tcp destination-port eq 9996
rule 13 deny tcp destination-port eq 44445
#
ip route-static 0.0.0.0 0.0.0.0 60.161.81.97 preference 60
ip route-static 192.168.0.0 255.255.255.0 192.168.1.1 preference 60 /回程路由,指向三层交换机
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
300台的网吧,用一台三层交换机,分了二个VLAN,192.168.0.0和192.168.1.0
大家看下这个路由的配置有没有问题呢?
搜索更多相关主题的帖子:
网吧 帮忙
