Huawei EUDEMON1000E Configuration Example

Source: Internet
Author: User

sysname eudemon1000e
#
L2TP enable
L2TP domain Suffix-separator @
#
Firewall packet-filter default permit Interzone local Trust direction inbound
Firewall packet-filter default permit Interzone local Trust direction outbound
Firewall packet-filter default Permit Interzone local untrust direction inbound
Firewall packet-filter default Permit Interzone local untrust direction outbound
Firewall packet-filter default Permit Interzone local DMZ direction inbound
Firewall packet-filter default Permit Interzone local DMZ direction outbound
Firewall packet-filter default Permit Interzone Trust Untrust direction Inbound
Firewall packet-filter default Permit Interzone trust untrust Direction Outbound
Firewall packet-filter default permit Interzone Trust DMZ direction Inbound
Firewall packet-filter default permit Interzone Trust DMZ direction outbound
Firewall packet-filter default permit interzone DMZ untrust direction inbound
Firewall packet-filter default permit interzone DMZ untrust direction outbound
#
Nat Address-group 1 202.100.25.166 202.100.25.166
#
IP df-unreachables Enable
#
Firewall IPv6 session Link-state check
Firewall IPv6 statistic system enable
#
DNS Resolve
DNS Server 114.114.114.114
#
VLAN Batch 1 10
#
Firewall statistic system Enable
#
DNS proxy Enable
#
License-server Domain lic.huawei.com
#
Web-manager Enable
#
User-manage web-authentication Port 8888
#
Interface VLANIF10
Description To_yonghu
IP address 10.8.2.1 255.255.254.0
#
Interface cellular0/1/0
Link-protocol PPP
#
Interface Virtual-template1
PPP Authentication-mode CHAP
IP address 10.1.1.1 255.255.255.0
Remote Address Pool 1
#
Interface gigabitethernet0/0/0
Alias Ge0/mgmt
IP address 192.168.0.1 255.255.255.0
DHCP Select interface
DHCP server gateway-list 192.168.0.1
#
Interface GIGABITETHERNET0/0/1
#
Interface GIGABITETHERNET0/0/2
Description to To_yonghu
Portswitch
Port Link-type Access
Port Access VLAN 10
#
Interface GIGABITETHERNET0/0/3
Description to To_yonghu
Portswitch
Port Link-type Access
Port Access VLAN 10
#
Interface GIGABITETHERNET0/0/4
Description to To_yonghu
Portswitch
Port Link-type Trunk
Port Trunk Pvid 10
Port Trunk Permit VLAN 1 10
#
Interface GIGABITETHERNET0/0/5
#
Interface GIGABITETHERNET0/0/6
#
Interface GIGABITETHERNET0/0/7
Combo Enable Fiber
Portswitch
Port Link-type Trunk
Port Trunk Permit VLAN 1 10
#
Interface GIGABITETHERNET0/0/8
Combo Enable Fiber
IP address 202.100.25.166 255.255.255.192
Nat Enable
Detect FTP
#
Interface NULL0
#
Firewall Zone Local
Set Priority 100
#
Firewall Zone Trust
Set Priority 85
Add Interface gigabitethernet0/0/0
Add Interface GIGABITETHERNET0/0/4
Add Interface GIGABITETHERNET0/0/7
Add Interface Virtual-template1
Add Interface Vlanif10
#
Firewall Zone Untrust
Set Priority 5
Add Interface GIGABITETHERNET0/0/8
#
Firewall Zone DMZ
Set Priority 50
#
L2tp-group 1
Allow L2TP virtual-template 1 remote CLIENT1
Tunnel Password cipher%$%$1by!/0 ' C,9o>,,w$lak)/zqh%$%$
Tunnel name LNS
#
Aaa
Local-user gzgl001 Password cipher%$%$*[email protected]~ib^}[email protected]]ale0ne<%$%$
Local-user Hz password cipher%$% $q | Io*7i^m&%+/z "oo1120c:1%$%$
Local-user AA Password cipher%$%$[[email protected]; qmj:;~j4kv_9.f301 (|%$%$
Local-user Admin password cipher%$% $a 2ogp<; Qb8r/,[email protected]{8$n^}tk%$%$
Local-user admin Service-type Web terminal telnet
Local-user Admin Level 15
Local-user vpdnuser Password cipher%$% $R {u5ni=v "3vjvr9~:gjg/h_v%$%$
Local-user Vpdnuser Service-type PPP
Local-user Vpdnuser Level 15
Local-user Huawei Password cipher%$%$)}w=-m#{<:!o+| ' mb}o5_d;2%$%$
Local-user Huawei Service-type Telnet
Local-user Huawei Level 3
Local-user hzgl001 Password cipher%$%$0 (2C0~V&LT;M1$6B:G '/! o4/}tk%$%$
Local-user hzgl001 Service-type PPP
IP Pool 1 10.1.1.2 10.1.1.100
#
Authentication-scheme Default
Authentication-scheme Defauth
#
Authorization-scheme Default
#
Accounting-scheme Default
#
Domain default
#
#
Nqa-jitter tag-version 1

#
IP route-static 0.0.0.0 0.0.0.0 gigabitethernet0/0/8 202.100.25.165
#
Banner Enable
#
User-interface Con 0
User-interface TTY 2
Authentication-mode Password
Modem both
User-interface vty 0 4
Authentication-mode AAA
Protocol Inbound All
#
Slb
#
Right-manager Server-group
#
Car-class yonghu_1m Type Per-ip
Car Max 1000 Guaranteed
#
Traffic-policy Interzone Trust Untrust Outbound Per-ip
Policy 0
Action Car
Policy Source 10.8.2.0 Mask 255.255.254.0
Policy Destination 202.100.25.166 Mask 32
Policy Car-type Source-ip
Policy Car-class yonghu_1m
#
Policy Interzone Trust Untrust Outbound
Policy 0
Action Permit
#
Nat-policy Interzone Trust Untrust Outbound
Policy 1
Action Source-nat
Policy Source 10.8.2.0 Mask 255.255.254.0
Policy Destination 202.100.25.166 Mask 32
Easy-ip GIGABITETHERNET0/0/8

Policy 0
Policy 0 Disable
#
Return
[eudemon1000e]
#
L2TP enable
L2TP domain Suffix-separator @
#
Firewall packet-filter default permit Interzone local Trust direction inbound
Firewall packet-filter default permit Interzone local Trust direction outbound
Firewall packet-filter default Permit Interzone local untrust direction inbound
Firewall packet-filter default Permit Interzone local untrust direction outbound
Firewall packet-filter default Permit Interzone local DMZ direction inbound
Firewall packet-filter default Permit Interzone local DMZ direction outbound
Firewall packet-filter default Permit Interzone Trust Untrust direction Inbound
Firewall packet-filter default Permit Interzone trust untrust Direction Outbound
Firewall packet-filter default permit Interzone Trust DMZ direction Inbound
Firewall packet-filter default permit Interzone Trust DMZ direction outbound
Firewall packet-filter default permit interzone DMZ untrust direction inbound
Firewall packet-filter default permit interzone DMZ untrust direction outbound
#
Nat Address-group 1 208.100.25.167 202.100.25.168
#
IP df-unreachables Enable
#
Firewall IPv6 session Link-state check
Firewall IPv6 statistic system enable
#
DNS Resolve
DNS Server 114.114.114.114
#
VLAN Batch 1 10
#
Firewall statistic system Enable
#
DNS proxy Enable
#
License-server Domain lic.huawei.com
#
Web-manager Enable
#
User-manage web-authentication Port 8888
#
Interface VLANIF10
Description To_yonghu
IP address 10.8.2.1 255.255.254.0
#
Interface cellular0/1/0
Link-protocol PPP
#
Interface Virtual-template1
PPP Authentication-mode CHAP
IP address 10.1.1.1 255.255.255.0
Remote Address Pool 1
#
Interface gigabitethernet0/0/0
Alias Ge0/mgmt
IP address 192.168.0.1 255.255.255.0
DHCP Select interface
DHCP server gateway-list 192.168.0.1
#
Interface GIGABITETHERNET0/0/1
#
Interface GIGABITETHERNET0/0/2
Description to To_yonghu
Portswitch
Port Link-type Access
Port Access VLAN 10
#
Interface GIGABITETHERNET0/0/3
Description to To_yonghu
Portswitch
Port Link-type Access
Port Access VLAN 10
#
Interface GIGABITETHERNET0/0/4
Description to To_yonghu
Portswitch
Port Link-type Trunk
Port Trunk Pvid 10
Port Trunk Permit VLAN 1 10
#
Interface GIGABITETHERNET0/0/5
#
Interface GIGABITETHERNET0/0/6
#
Interface GIGABITETHERNET0/0/7
Combo Enable Fiber
Portswitch
Port Link-type Trunk
Port Trunk Permit VLAN 1 10
#
Interface GIGABITETHERNET0/0/8
Combo Enable Fiber
IP address 208.100.25.167 255.255.255.192
Nat Enable
Detect FTP
#
Interface NULL0
#
Firewall Zone Local
Set Priority 100
#
Firewall Zone Trust
Set Priority 85
Add Interface gigabitethernet0/0/0
Add Interface GIGABITETHERNET0/0/4
Add Interface GIGABITETHERNET0/0/7
Add Interface Virtual-template1
Add Interface Vlanif10
#
Firewall Zone Untrust
Set Priority 5
Add Interface GIGABITETHERNET0/0/8
#
Firewall Zone DMZ
Set Priority 50
#
L2tp-group 1
Allow L2TP virtual-template 1 remote CLIENT1
Tunnel Password cipher%$%$1by!/0 ' C,9o>,,w$lak)/zqh%$%$
Tunnel name LNS
#
Aaa
Local-user gzgl001 Password cipher%$%$*[email protected]~ib^}[email protected]]ale0ne<%$%$
Local-user Hz password cipher%$% $q | Io*7i^m&%+/z "oo1120c:1%$%$
Local-user AA Password cipher%$%$[[email protected]; qmj:;~j4kv_9.f301 (|%$%$
Local-user Admin password cipher%$% $a 2ogp<; Qb8r/,[email protected]{8$n^}tk%$%$
Local-user admin Service-type Web terminal telnet
Local-user Admin Level 15
Local-user vpdnuser Password cipher%$% $R {u5ni=v "3vjvr9~:gjg/h_v%$%$
Local-user Vpdnuser Service-type PPP
Local-user Vpdnuser Level 15
Local-user Huawei Password cipher%$%$)}w=-m#{<:!o+| ' mb}o5_d;2%$%$
Local-user Huawei Service-type Telnet
Local-user Huawei Level 3
Local-user hzgl001 Password cipher%$%$0 (2C0~V&LT;M1$6B:G '/! o4/}tk%$%$
Local-user hzgl001 Service-type PPP
IP Pool 1 10.1.1.2 10.1.1.100
#
Authentication-scheme Default
Authentication-scheme Defauth
#
Authorization-scheme Default
#
Accounting-scheme Default
#
Domain default
#
#
Nqa-jitter tag-version 1

#
IP route-static 0.0.0.0 0.0.0.0 gigabitethernet0/0/8 208.100.25.169
#
Banner Enable
#
User-interface Con 0
User-interface TTY 2
Authentication-mode Password
Modem both
User-interface vty 0 4
Authentication-mode AAA
Protocol Inbound All
#
Slb
#
Right-manager Server-group
#
Car-class yonghu_1m Type Per-ip
Car Max 1000 Guaranteed
#
Traffic-policy Interzone Trust Untrust Outbound Per-ip
Policy 0
Action Car
Policy Source 10.8.2.0 Mask 255.255.254.0
Policy Destination 202.100.25.166 Mask 32
Policy Car-type Source-ip
Policy Car-class yonghu_1m
#
Policy Interzone Trust Untrust Outbound
Policy 0
Action Permit
#
Nat-policy Interzone Trust Untrust Outbound
Policy 1
Action Source-nat
Policy Source 10.8.2.0 Mask 255.255.254.0
Policy Destination 202.100.25.166 Mask 32
Easy-ip GIGABITETHERNET0/0/8

Policy 0
Policy 0 Disable
#
Return


This article from the "Struggle for the Dream" blog, declined to reprint!

Huawei EUDEMON1000E Configuration Example

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.