返回列表 发帖
夏日之声

Rank: 4

社区积分
115  
技术积分
1292  
阅读权限
40 
注册时间
2007-7-21 
    论坛徽章 1
网络设备与网管技术板块每日发帖之星  
楼主 跳转到 » 倒序看帖
打印
tT
发表于 2007-9-1 12:00 | 只看该作者

MSR 20-21 配置 (今天不能上网了,还望指教)

MSR, 指教, 上网
<H3C>disp curr
#
version 5.20, Release 1205, Standard
#
sysname H3C
#
super password level 3 cipher G/&,*9)@%QN"AOJR+IZST1!!
#
firewall enable
#
domain default enable system
#
dns resolve
dns server 202.96.128.166
dns server 202.96.128.86
dns server 202.96.134.133
#
telnet server enable
#
dialer flow-interval 60
dialer-rule 1 ip permit
#
vlan 1
#
radius scheme system
server-type extended
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
traffic classifier bt operator and
if-match protocol bittorrent
#
traffic behavior 64K
car cir 64 cbs 4000 ebs 0 green pass red discard
traffic behavior 64k
#
qos policy kill-bt
classifier bt behavior 64K
#
local-user user
level 3
local-user telnet
password cipher [email=]'GO3ZRV/6@"HX_%XPA3ZF1[/email]!!
service-type telnet terminal
level 3
#
acl number 2000
rule 0 permit source 192.168.0.0 0.0.0.255
rule 5 deny
#
acl number 3001
rule 0 deny udp destination-port eq tftp
rule 1 deny tcp destination-port eq 135
rule 2 deny udp destination-port eq 135
rule 3 deny udp destination-port eq netbios-ns
rule 4 deny udp destination-port eq netbios-dgm
rule 5 deny tcp destination-port eq 139
rule 6 deny udp destination-port eq netbios-ssn
rule 7 deny tcp destination-port eq 445
rule 8 deny udp destination-port eq 445
rule 9 deny tcp destination-port eq 539
rule 10 deny udp destination-port eq 539
rule 11 deny udp destination-port eq 593
rule 12 deny tcp destination-port eq 593
rule 13 deny udp destination-port eq 1434
rule 14 deny udp destination-port eq 1433
rule 15 deny tcp destination-port eq 4444
rule 16 deny tcp destination-port eq 9996
rule 17 deny tcp destination-port eq 5554
rule 18 deny udp destination-port eq 9996
rule 19 deny udp destination-port eq 5554
rule 20 deny tcp destination-port eq 137
rule 21 deny tcp destination-port eq 138
rule 22 deny tcp destination-port eq 1025
rule 23 deny udp destination-port eq 1025
rule 24 deny tcp destination-port eq 9995
rule 25 deny udp destination-port eq 9995
rule 26 deny tcp destination-port eq 1068
rule 27 deny udp destination-port eq 1068
rule 28 deny tcp destination-port eq 1023
rule 29 deny udp destination-port eq 1023
rule 141 deny udp source-port eq bootps
rule 160 permit icmp icmp-type echo
rule 161 permit icmp icmp-type echo-reply
rule 162 permit icmp icmp-type ttl-exceeded
rule 165 deny icmp
rule 200 deny tcp destination-port eq www
rule 202 deny tcp destination-port eq ftp
rule 204 deny tcp destination-port eq 3389
rule 205 permit tcp destination-port eq telnet
acl number 3002
rule 0 deny udp destination-port eq tftp
rule 1 deny tcp destination-port eq 135
rule 2 deny udp destination-port eq 135
rule 3 deny udp destination-port eq netbios-ns
rule 4 deny udp destination-port eq netbios-dgm
rule 5 deny tcp destination-port eq 139
rule 6 deny udp destination-port eq netbios-ssn
rule 7 deny tcp destination-port eq 445
rule 8 deny udp destination-port eq 445
rule 9 deny tcp destination-port eq 539
rule 10 deny udp destination-port eq 539
rule 11 deny udp destination-port eq 593
rule 12 deny tcp destination-port eq 593
rule 13 deny udp destination-port eq 1434
rule 14 deny udp destination-port eq 1433
rule 15 deny tcp destination-port eq 4444
rule 16 deny tcp destination-port eq 9996
rule 17 deny tcp destination-port eq 5554
rule 18 deny udp destination-port eq 9996
rule 19 deny udp destination-port eq 5554
rule 20 deny tcp destination-port eq 137
rule 21 deny tcp destination-port eq 138
rule 22 deny tcp destination-port eq 1025
rule 23 deny udp destination-port eq 1025
rule 24 deny tcp destination-port eq 9995
rule 25 deny udp destination-port eq 9995
rule 26 deny tcp destination-port eq 1068
rule 27 deny udp destination-port eq 1068
rule 28 deny tcp destination-port eq 1023
rule 29 deny udp destination-port eq 1023
rule 30 permit tcp destination-port eq telnet
rule 141 deny udp source-port eq bootps
rule 160 permit icmp icmp-type echo
rule 161 permit icmp icmp-type echo-reply
rule 162 permit icmp icmp-type ttl-exceeded
rule 165 deny icmp
rule 170 permit ip source 192.168.0.12 0
rule 171 permit ip source 192.168.0.73 0
rule 172 permit ip source 192.168.0.58 0
rule 173 permit ip source 192.168.0.3 0
rule 174 permit ip source 192.168.0.39 0
rule 175 permit ip source 192.168.0.72 0
rule 177 permit ip source 192.168.0.25 0
rule 178 permit ip source 192.168.0.27 0
rule 179 permit ip source 192.168.0.54 0
rule 180 permit ip source 192.168.0.41 0
rule 181 permit ip source 192.168.0.53 0
rule 182 permit ip source 192.168.0.22 0
rule 183 permit ip source 192.168.0.34 0
rule 184 permit ip source 192.168.0.46 0
rule 185 permit ip source 192.168.0.59 0
rule 186 permit ip source 192.168.0.174 0
rule 187 permit ip source 192.168.0.153 0
rule 188 permit ip source 192.168.0.66 0
rule 189 permit ip source 192.168.0.21 0
rule 190 permit ip source 192.168.0.61 0
rule 191 permit ip source 192.168.0.24 0
rule 192 permit ip source 192.168.0.40 0
rule 193 permit ip source 192.168.0.65 0
rule 194 permit ip source 192.168.0.16 0
rule 195 permit ip source 192.168.0.51 0
rule 196 permit ip source 192.168.0.48 0
rule 197 permit ip source 192.168.0.42 0
rule 198 permit ip source 192.168.0.57 0
rule 199 permit ip source 192.168.0.110 0
rule 200 permit ip source 192.168.0.52 0
rule 201 permit ip source 192.168.0.100 0
rule 202 permit ip source 192.168.0.69 0
rule 203 permit ip source 192.168.0.60 0
rule 204 permit ip source 192.168.0.68 0
rule 205 permit ip source 192.168.0.23 0
rule 206 permit ip source 192.168.0.62 0
rule 207 permit ip source 192.168.0.82 0
rule 208 permit ip source 192.168.0.47 0
rule 209 permit ip source 192.168.0.170 0
rule 210 permit ip source 192.168.0.144 0
rule 211 permit ip source 192.168.0.143 0
rule 212 permit ip source 192.168.0.8 0
rule 213 permit ip source 192.168.0.188 0
rule 214 permit ip source 192.168.0.11 0
rule 215 permit ip source 192.168.0.20 0
rule 216 permit ip source 192.168.0.13 0
rule 217 permit ip source 192.168.0.17 0
rule 218 permit ip source 192.168.0.4 0
rule 219 permit ip source 192.168.0.14 0
rule 1000 deny ip
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Dialer0
nat outbound 2000
firewall packet-filter 3001 inbound
link-protocol ppp
ppp chap user xxx
ppp chap password cipher JBa(VNaE:+7Q=^Q`MAF4<1!!
ppp pap local-user xxx password cipher JBa(VNaE:+7Q=^Q`MAF4<1!!
ppp ipcp dns admit-any
timer hold 0
shutdown
ip address ppp-negotiate
tcp mss 1024
dialer user one
dialer-group 1
dialer bundle 1
dialer timer idle 0
#
interface Dialer1
nat outbound 2000
link-protocol ppp
ppp chap user xxx
ppp chap password cipher 4P6A.RLAC1KQ=^Q`MAF4<1!!
ppp pap local-user xxx password cipher 4P6A.RLAC1KQ=^Q`MAF4<1!!
timer hold 0
ip address ppp-negotiate
tcp mss 1024
dialer user two
dialer-group 1
dialer bundle 2
dialer timer idle 0
#
interface Ethernet0/0
port link-mode route
pppoe-client dial-bundle-number 1
qos apply policy kill-bt inbound
qos apply policy kill-bt outbound
standby interface Dialer1
standby bandwidth 2000
dar protocol-statistic flow-interval 5
#
interface Ethernet0/1
port link-mode route
pppoe-client dial-bundle-number 2
qos apply policy kill-bt inbound
qos apply policy kill-bt outbound
standby interface Dialer0
standby bandwidth 2000
dar protocol-statistic flow-interval 5
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.0.1 255.255.255.0
firewall packet-filter 3002 inbound
#
interface Ethernet0/2
port link-mode bridge
#
interface Ethernet0/3
port link-mode bridge
#
interface Ethernet0/4
port link-mode bridge
#
interface Ethernet0/5
port link-mode bridge
#
interface Ethernet0/6
port link-mode bridge
#
interface Ethernet0/7
port link-mode bridge
#
interface Ethernet0/8
port link-mode bridge
#
interface Ethernet0/9
port link-mode bridge
#
ip route-static 0.0.0.0 0.0.0.0 Dialer0
ip route-static 0.0.0.0 0.0.0.0 Dialer1 preference 80
#
dhcp server detect
#
arp source-suppression enable
arp static 192.168.0.47 0050-ba69-7510
arp static 192.168.0.110 0011-2feb-c14f
arp static 192.168.0.16 0011-2f0f-8781
arp static 192.168.0.23 0050-ba26-748b
arp static 192.168.0.65 000e-a639-c159
arp static 192.168.0.144 0005-5de1-c57f
arp static 192.168.0.48 0011-d82b-4d65
arp static 192.168.0.22 0013-8fc1-4768
arp static 192.168.0.27 000e-a69a-ac3c
arp static 192.168.0.61 5254-ab59-2d38
arp static 192.168.0.25 0011-d82b-4d8d
arp static 192.168.0.24 0013-8fc1-479d
arp static 192.168.0.21 0000-e8a4-1a27
arp static 192.168.0.57 0013-8fb2-a30b
arp static 192.168.0.59 000e-a617-c920
arp static 192.168.0.12 0013-8fab-b404
arp static 192.168.0.41 0011-2f0c-2719
arp static 192.168.0.52 000e-a68a-96d3
arp static 192.168.0.54 000e-a68a-9568
arp static 192.168.0.62 0005-5d04-4b51
arp static 192.168.0.53 0011-d89e-6c91
arp static 192.168.0.40 000e-a63c-6991
arp static 192.168.0.82 0005-5d73-6259
arp static 192.168.0.69 000c-7635-1f11
arp static 192.168.0.100 000a-eb07-34a1
arp static 192.168.0.60 0005-5de1-ce2e
arp static 192.168.0.153 0011-2f04-71a4
arp static 192.168.0.42 0013-d41c-8488
arp static 192.168.0.68 0005-5d66-8d4f
arp static 192.168.0.170 0005-5d67-88bc
arp static 192.168.0.66 0040-0547-0822
arp static 192.168.0.73 0013-20b1-7ea5
arp static 192.168.0.179 000e-a638-fba4
arp static 192.168.0.8 000e-7f26-4194
arp static 192.168.0.39 000e-a6b0-a72a
arp static 192.168.0.58 0050-ba1a-ac9d
arp static 192.168.0.160 000c-6e57-7005
arp static 192.168.0.20 0009-6bbf-b847
arp static 192.168.0.3 000e-7f25-a0a0
arp static 192.168.0.32 0050-ba26-79e1
arp static 192.168.0.237 0011-2f1b-5193
arp static 192.168.0.240 0000-b4c9-dad3
arp static 192.168.0.161 000e-a639-c1ba
arp static 192.168.0.143 0005-5d66-8e8b
arp static 192.168.0.96 00ae-2801-062b
arp static 192.168.0.166 0005-5d05-3fec
arp static 192.168.0.7 000e-a69e-e3ce
arp static 192.168.0.72 000e-a6c8-4220
arp static 192.168.0.111 000e-a691-9a89
arp static 192.168.0.214 0000-e8a3-b33e
arp static 192.168.0.31 0011-d89e-6dd8
arp static 192.168.0.154 000e-a672-cff8
arp static 192.168.0.156 000e-a639-c161
arp static 192.168.0.174 000e-a617-ab21
arp static 192.168.0.150 0005-5dff-b72c
arp static 192.168.0.76 0005-5de1-c56c
arp static 192.168.0.210 0011-95fd-bc13
arp static 192.168.0.188 0019-d246-2ac8
arp static 192.168.0.11 000c-6ee5-222b
arp static 192.168.0.229 0000-e8a3-b160
arp static 192.168.0.163 000e-a679-0064
arp static 192.168.0.158 000e-a672-d45a
arp static 192.168.0.187 0005-5d73-625b
arp static 192.168.0.17 000d-6078-f79a
arp static 192.168.0.213 00e0-4c31-ec4a
arp static 192.168.0.85 0005-5d0d-b39b
arp static 192.168.0.228 0050-ba22-ca12
arp static 192.168.0.140 000c-6e7c-5f13
arp static 192.168.0.56 5254-ab53-5b11
arp static 192.168.0.46 000e-a68b-7f18
arp static 192.168.0.43 0013-d41c-81c6
arp static 192.168.0.239 0011-d814-6010
arp static 192.168.0.151 0011-2f04-71c0
arp static 192.168.0.238 0050-ba27-a58c
arp static 192.168.0.4 000f-2032-0a51
arp static 192.168.0.75 0050-ba68-74ea
arp static 192.168.0.14 000e-a617-aafe
arp static 192.168.0.86 000e-a69e-e3de
arp static 192.168.0.108 0013-ce16-f22d
arp static 192.168.0.165 0005-5d05-26ee
arp static 192.168.0.67 000a-eb7a-3290
arp static 192.168.0.34 0019-6608-a460
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
protocol inbound telnet
#
return
最近一周都没有改配置,今天上午掉线了,然后就上不去了。帮忙看看配置啊。


网友1:

从内一部一部往外ping看最开始是在那个接口不通的!
以前通,而且配置没有改过,配置肯定没问题啊?你光发配置有什么用!


网友2:


看设备在网络中什么位置,按顺序一步步排查,ping命令,看到那里不通,配置没改过,就没问题.再冷静下想想.
收藏 分享

返回列表