sysname eudemon1000e
#
L2TP enable
L2TP domain Suffix-separator @
#
Firewall packet-filter default permit Interzone local Trust direction inbound
Firewall packet-filter default permit Interzone local Trust direction outbound
Firewall packet-filter default Permit Interzone local untrust direction inbound
Firewall packet-filter default Permit Interzone local untrust direction outbound
Firewall packet-filter default Permit Interzone local DMZ direction inbound
Firewall packet-filter default Permit Interzone local DMZ direction outbound
Firewall packet-filter default Permit Interzone Trust Untrust direction Inbound
Firewall packet-filter default Permit Interzone trust untrust Direction Outbound
Firewall packet-filter default permit Interzone Trust DMZ direction Inbound
Firewall packet-filter default permit Interzone Trust DMZ direction outbound
Firewall packet-filter default permit interzone DMZ untrust direction inbound
Firewall packet-filter default permit interzone DMZ untrust direction outbound
#
Nat Address-group 1 202.100.25.166 202.100.25.166
#
IP df-unreachables Enable
#
Firewall IPv6 session Link-state check
Firewall IPv6 statistic system enable
#
DNS Resolve
DNS Server 114.114.114.114
#
VLAN Batch 1 10
#
Firewall statistic system Enable
#
DNS proxy Enable
#
License-server Domain lic.huawei.com
#
Web-manager Enable
#
User-manage web-authentication Port 8888
#
Interface VLANIF10
Description To_yonghu
IP address 10.8.2.1 255.255.254.0
#
Interface cellular0/1/0
Link-protocol PPP
#
Interface Virtual-template1
PPP Authentication-mode CHAP
IP address 10.1.1.1 255.255.255.0
Remote Address Pool 1
#
Interface gigabitethernet0/0/0
Alias Ge0/mgmt
IP address 192.168.0.1 255.255.255.0
DHCP Select interface
DHCP server gateway-list 192.168.0.1
#
Interface GIGABITETHERNET0/0/1
#
Interface GIGABITETHERNET0/0/2
Description to To_yonghu
Portswitch
Port Link-type Access
Port Access VLAN 10
#
Interface GIGABITETHERNET0/0/3
Description to To_yonghu
Portswitch
Port Link-type Access
Port Access VLAN 10
#
Interface GIGABITETHERNET0/0/4
Description to To_yonghu
Portswitch
Port Link-type Trunk
Port Trunk Pvid 10
Port Trunk Permit VLAN 1 10
#
Interface GIGABITETHERNET0/0/5
#
Interface GIGABITETHERNET0/0/6
#
Interface GIGABITETHERNET0/0/7
Combo Enable Fiber
Portswitch
Port Link-type Trunk
Port Trunk Permit VLAN 1 10
#
Interface GIGABITETHERNET0/0/8
Combo Enable Fiber
IP address 202.100.25.166 255.255.255.192
Nat Enable
Detect FTP
#
Interface NULL0
#
Firewall Zone Local
Set Priority 100
#
Firewall Zone Trust
Set Priority 85
Add Interface gigabitethernet0/0/0
Add Interface GIGABITETHERNET0/0/4
Add Interface GIGABITETHERNET0/0/7
Add Interface Virtual-template1
Add Interface Vlanif10
#
Firewall Zone Untrust
Set Priority 5
Add Interface GIGABITETHERNET0/0/8
#
Firewall Zone DMZ
Set Priority 50
#
L2tp-group 1
Allow L2TP virtual-template 1 remote CLIENT1
Tunnel Password cipher%$%$1by!/0 ' C,9o>,,w$lak)/zqh%$%$
Tunnel name LNS
#
Aaa
Local-user gzgl001 Password cipher%$%$*[email protected]~ib^}[email protected]]ale0ne<%$%$
Local-user Hz password cipher%$% $q | Io*7i^m&%+/z "oo1120c:1%$%$
Local-user AA Password cipher%$%$[[email protected]; qmj:;~j4kv_9.f301 (|%$%$
Local-user Admin password cipher%$% $a 2ogp<; Qb8r/,[email protected]{8$n^}tk%$%$
Local-user admin Service-type Web terminal telnet
Local-user Admin Level 15
Local-user vpdnuser Password cipher%$% $R {u5ni=v "3vjvr9~:gjg/h_v%$%$
Local-user Vpdnuser Service-type PPP
Local-user Vpdnuser Level 15
Local-user Huawei Password cipher%$%$)}w=-m#{<:!o+| ' mb}o5_d;2%$%$
Local-user Huawei Service-type Telnet
Local-user Huawei Level 3
Local-user hzgl001 Password cipher%$%$0 (2C0~V<M1$6B:G '/! o4/}tk%$%$
Local-user hzgl001 Service-type PPP
IP Pool 1 10.1.1.2 10.1.1.100
#
Authentication-scheme Default
Authentication-scheme Defauth
#
Authorization-scheme Default
#
Accounting-scheme Default
#
Domain default
#
#
Nqa-jitter tag-version 1
#
IP route-static 0.0.0.0 0.0.0.0 gigabitethernet0/0/8 202.100.25.165
#
Banner Enable
#
User-interface Con 0
User-interface TTY 2
Authentication-mode Password
Modem both
User-interface vty 0 4
Authentication-mode AAA
Protocol Inbound All
#
Slb
#
Right-manager Server-group
#
Car-class yonghu_1m Type Per-ip
Car Max 1000 Guaranteed
#
Traffic-policy Interzone Trust Untrust Outbound Per-ip
Policy 0
Action Car
Policy Source 10.8.2.0 Mask 255.255.254.0
Policy Destination 202.100.25.166 Mask 32
Policy Car-type Source-ip
Policy Car-class yonghu_1m
#
Policy Interzone Trust Untrust Outbound
Policy 0
Action Permit
#
Nat-policy Interzone Trust Untrust Outbound
Policy 1
Action Source-nat
Policy Source 10.8.2.0 Mask 255.255.254.0
Policy Destination 202.100.25.166 Mask 32
Easy-ip GIGABITETHERNET0/0/8
Policy 0
Policy 0 Disable
#
Return
[eudemon1000e]
#
L2TP enable
L2TP domain Suffix-separator @
#
Firewall packet-filter default permit Interzone local Trust direction inbound
Firewall packet-filter default permit Interzone local Trust direction outbound
Firewall packet-filter default Permit Interzone local untrust direction inbound
Firewall packet-filter default Permit Interzone local untrust direction outbound
Firewall packet-filter default Permit Interzone local DMZ direction inbound
Firewall packet-filter default Permit Interzone local DMZ direction outbound
Firewall packet-filter default Permit Interzone Trust Untrust direction Inbound
Firewall packet-filter default Permit Interzone trust untrust Direction Outbound
Firewall packet-filter default permit Interzone Trust DMZ direction Inbound
Firewall packet-filter default permit Interzone Trust DMZ direction outbound
Firewall packet-filter default permit interzone DMZ untrust direction inbound
Firewall packet-filter default permit interzone DMZ untrust direction outbound
#
Nat Address-group 1 208.100.25.167 202.100.25.168
#
IP df-unreachables Enable
#
Firewall IPv6 session Link-state check
Firewall IPv6 statistic system enable
#
DNS Resolve
DNS Server 114.114.114.114
#
VLAN Batch 1 10
#
Firewall statistic system Enable
#
DNS proxy Enable
#
License-server Domain lic.huawei.com
#
Web-manager Enable
#
User-manage web-authentication Port 8888
#
Interface VLANIF10
Description To_yonghu
IP address 10.8.2.1 255.255.254.0
#
Interface cellular0/1/0
Link-protocol PPP
#
Interface Virtual-template1
PPP Authentication-mode CHAP
IP address 10.1.1.1 255.255.255.0
Remote Address Pool 1
#
Interface gigabitethernet0/0/0
Alias Ge0/mgmt
IP address 192.168.0.1 255.255.255.0
DHCP Select interface
DHCP server gateway-list 192.168.0.1
#
Interface GIGABITETHERNET0/0/1
#
Interface GIGABITETHERNET0/0/2
Description to To_yonghu
Portswitch
Port Link-type Access
Port Access VLAN 10
#
Interface GIGABITETHERNET0/0/3
Description to To_yonghu
Portswitch
Port Link-type Access
Port Access VLAN 10
#
Interface GIGABITETHERNET0/0/4
Description to To_yonghu
Portswitch
Port Link-type Trunk
Port Trunk Pvid 10
Port Trunk Permit VLAN 1 10
#
Interface GIGABITETHERNET0/0/5
#
Interface GIGABITETHERNET0/0/6
#
Interface GIGABITETHERNET0/0/7
Combo Enable Fiber
Portswitch
Port Link-type Trunk
Port Trunk Permit VLAN 1 10
#
Interface GIGABITETHERNET0/0/8
Combo Enable Fiber
IP address 208.100.25.167 255.255.255.192
Nat Enable
Detect FTP
#
Interface NULL0
#
Firewall Zone Local
Set Priority 100
#
Firewall Zone Trust
Set Priority 85
Add Interface gigabitethernet0/0/0
Add Interface GIGABITETHERNET0/0/4
Add Interface GIGABITETHERNET0/0/7
Add Interface Virtual-template1
Add Interface Vlanif10
#
Firewall Zone Untrust
Set Priority 5
Add Interface GIGABITETHERNET0/0/8
#
Firewall Zone DMZ
Set Priority 50
#
L2tp-group 1
Allow L2TP virtual-template 1 remote CLIENT1
Tunnel Password cipher%$%$1by!/0 ' C,9o>,,w$lak)/zqh%$%$
Tunnel name LNS
#
Aaa
Local-user gzgl001 Password cipher%$%$*[email protected]~ib^}[email protected]]ale0ne<%$%$
Local-user Hz password cipher%$% $q | Io*7i^m&%+/z "oo1120c:1%$%$
Local-user AA Password cipher%$%$[[email protected]; qmj:;~j4kv_9.f301 (|%$%$
Local-user Admin password cipher%$% $a 2ogp<; Qb8r/,[email protected]{8$n^}tk%$%$
Local-user admin Service-type Web terminal telnet
Local-user Admin Level 15
Local-user vpdnuser Password cipher%$% $R {u5ni=v "3vjvr9~:gjg/h_v%$%$
Local-user Vpdnuser Service-type PPP
Local-user Vpdnuser Level 15
Local-user Huawei Password cipher%$%$)}w=-m#{<:!o+| ' mb}o5_d;2%$%$
Local-user Huawei Service-type Telnet
Local-user Huawei Level 3
Local-user hzgl001 Password cipher%$%$0 (2C0~V<M1$6B:G '/! o4/}tk%$%$
Local-user hzgl001 Service-type PPP
IP Pool 1 10.1.1.2 10.1.1.100
#
Authentication-scheme Default
Authentication-scheme Defauth
#
Authorization-scheme Default
#
Accounting-scheme Default
#
Domain default
#
#
Nqa-jitter tag-version 1
#
IP route-static 0.0.0.0 0.0.0.0 gigabitethernet0/0/8 208.100.25.169
#
Banner Enable
#
User-interface Con 0
User-interface TTY 2
Authentication-mode Password
Modem both
User-interface vty 0 4
Authentication-mode AAA
Protocol Inbound All
#
Slb
#
Right-manager Server-group
#
Car-class yonghu_1m Type Per-ip
Car Max 1000 Guaranteed
#
Traffic-policy Interzone Trust Untrust Outbound Per-ip
Policy 0
Action Car
Policy Source 10.8.2.0 Mask 255.255.254.0
Policy Destination 202.100.25.166 Mask 32
Policy Car-type Source-ip
Policy Car-class yonghu_1m
#
Policy Interzone Trust Untrust Outbound
Policy 0
Action Permit
#
Nat-policy Interzone Trust Untrust Outbound
Policy 1
Action Source-nat
Policy Source 10.8.2.0 Mask 255.255.254.0
Policy Destination 202.100.25.166 Mask 32
Easy-ip GIGABITETHERNET0/0/8
Policy 0
Policy 0 Disable
#
Return
This article from the "Struggle for the Dream" blog, declined to reprint!
Huawei EUDEMON1000E Configuration Example