取消
显示结果 
搜索替代 
您的意思是: 
cancel
3284
查看次数
0
有帮助
1
回复

请教大神指教一下

laocao2017
Level 1
Level 1
大神告诉我这个网关都配置了什么,最好给我在后面标注一下 现在电脑插上网线打开网页特慢 我们是联通电信双网做的负载均衡
Building configuration...
Current configuration: 2.*.*70 bytes
version 1.*.*.1(6)B9
hostname ***
!
app-auth offline-detect
!
app-auth cfg-opt id-mac
app-auth cfg-opt syn-proxy
!
app-auth wx-state direct
ip session filter 0
flow-pre-mgr enable
flow-pre-mgr protocol-enable
!
flow-pre-mgr upload-pps-limit 0
!
flow-pre-mgr new-session-limit start-up limit 15000
flow-pre-mgr new-session-limit virtual-host limit 15000
flow-pre-mgr new-session-limit real-host limit 300
!
flow-pre-mgr total-limit 80000000
flow-pre-mgr 1 subscriber 办公用户 action trust total-limit 4000000 per-ip-limit
5000
!
no bypass couple 0
no bypass couple 1
!
ip access-list standard 1
10 permit any
!
ip access-list extended 100
!
ip ref load-sharing original-only
ip tcp keepalive
!
time-range any
periodic Daily 0:00 to 23:59
!
time-range day_time
periodic Daily 6:00 to 18:00
!
time-range night_time
periodic Weekdays 0:00 to 5:59
periodic Daily 18:01 to 23:59
!
time-range unwork_time
periodic Weekdays 0:00 to 7:59
periodic Weekdays 12:00 to 13:00
periodic Weekdays 18:01 to 23:59
!
time-range weekend
periodic Weekend 0:00 to 23:59
!
time-range work_time
periodic Weekdays 8:00 to 12:00
periodic Weekdays 13:00 to 18:00
!
time-range working_time
periodic Weekdays 0:00 to 23:59
!
no vwan loss-recover access-list
no vwan loss-recover enable
vwan loss-recover mss 1360
!
vwan mss 1360
!
route-auto-choose cnc GigabitEthernet 0/7 ****
route-auto-choose cnii GigabitEthernet 0/3 ****
route-auto-choose cnii GigabitEthernet 0/5 ****
!
web-auth portal-escape
web-auth portal-check
web-auth direct-host range 10.96.*.* 10.96.*.*
web-auth direct-host range 10.96.*.* 10.96.*.*
!
web-auth template iportal
!
web-auth template eportalv1
!
web-auth template eportalv2
ip 10.96.*.*
url http://10.96.*.*:80/ess/commonauth
!
web-auth portal key ruijie
web-auth portal eportalv2
web-auth portal eportalv2 ip-mapping 10.96.*.* 255.255.*.*
username admin password 7 050f0c38072c3540775445
!
aaa new-model
aaa local authentication attempts 50
!
aaa accounting update
aaa accounting network default start-stop group radius
aaa authentication web-auth default group radius
aaa authentication sslvpn sslvpnLocal subs
aaa queue-limit account-request 20480
!
no apm sample enable
apm sample default interval 300
apm sample url-topn send-time 1
apm sample url-topn top 50
!
link-as port 10001
link-as ip 0.0.0.0
link-as username mcp
identify-application enable
!
web-bbs-audit cache enable
!
url-filter-notice display 你被禁止访问这个网站,请联系网站管理员!
no url-audit exact-filter
no url-rule apply-referer
!
url-class un_audit_class
comment unaudit
!
url-object un_audit_object
class 软件升级
class 脚本未知
class un_audit_class
!
url-object illegal
class 暴力
class 病毒
class 成人
class 赌博
class 犯罪技能
class 色情
class 违反法律
!
content-policy _AUDIT_DEFAULT
mail-rule audit-default-enable
im-rule audit-default-enable
web-bbs-rule audit-default-enable
web-mail-rule audit-default-enable
url-rule audit-default-enable
!
content-policy _TOP_PRIORITY
app-rule 200 time-range any app-group Block_Group action deny audit
app-rule 197 time-range any app-group Block_Group action deny audit vpn
app-rule 198 time-range any app-group any action permit audit vpn vip
app-rule 199 time-range any app-group any action permit audit vip
url-rule 997 url-object un_audit_object time-range any action permit comment 不
审计的网站
url-rule 1000 url-object illegal time-range any action deny audit comment 黑名?
ネ?静呗?
!
content-policy-relate relate auth-subscriber any policy _TOP_PRIORITY
content-policy-relate relate subscriber any policy _TOP_PRIORITY
content-policy-relate relate subscriber any policy _AUDIT_DEFAULT
!
cwmp
acs url http://cloud.ruijie.com.cn/service/acs/H1KVE31000049/rcn/acs
cpe inform interval 180
timer cpe-timeout 90
!
dev-audit enable
!
ip name-server 222.74.*.*
ip name-server 202.99.*.*
!
dns-proxy
!
mail-service enable
feedback frequency 60
flow-audit enable
flow-audit intf-rt refresh 1
flow-audit intf-rt storage 10 max
http update time daily 06:00
link-sam flowrate 22
ipfix syn-del 1
!
layer23 classify enable
!
layer23 scc-attention enable
!
layer23 flow-detect flow 0
layer23 flow-detect time-interval 15
!
sam-online recycle 60
sam-offline recycle 60
!
network-group name "Out_Server" parent "/"
!
subscriber static name "ruijie" parent "/" password 7 ".*.*"
subscriber static name "sunbin" parent "/" password 7 ".*.*"
subscriber static name "有线用户" parent "/"
subscriber static name "检修楼-有线用户" parent "/有线用户" ip-range 10.96.*.* 1
0.96.*.*
subscriber static name "办公楼-有线用户" parent "/有线用户" ip-range 10.96.*.*
10.96.*.*
subscriber static name "服务楼-外委" parent "/有线用户" ip-range 10.96.*.* 10.9
6.*.*
subscriber static name "服务楼-业主" parent "/有线用户" ip-range 10.96.*.* 10.9
6.*.*
subscriber static name "集控楼-有线网络" parent "/有线用户" ip-range 10.96.*.* 10.9
6.*.*
subscriber static name "脱硫工艺楼-有线网络" parent "/有线用户" ip-range 10.96.*.* 10.9
6.*.*
subscriber static name "除灰综合楼-有线网络" parent "/有线用户" ip-range 10.96.*.* 10.9
6.*.*
subscriber static name "输煤集控楼-有线网络" parent "/有线用户" ip-range 10.96.*.* 10.9
6.*.*
subscriber static name "汽车衡及控制室-有线网络" parent "/有线用户" ip-range 10.96.*.* 10.9
6.*.*
subscriber static name "综合水岛-有线网络" parent "/有线用户" ip-range 10.96.*.* 10.9
6.*.*
subscriber static name "GIS楼-有线网络" parent "/有线用户" ip-range 10.96.*.* 10.9
6.*.*
subscriber static name "无线用户" parent "/"
subscriber static name "办公-无线用户" parent "/无线用户" ip-range 10.96.*.* 10.9
6.*.*
subscriber static name "访客-无线用户" parent "/无线用户" ip-range 10.96.*.* 10.9
6.*.*
subscriber static name "服务器" parent "/"
subscriber static name "服务器-有线用户" parent "/服务器" ip-range 10.96.*.* 10.9
6.*.*
subscriber static name "vpn-user" parent "/"
subscriber static name "zhaoqi" parent "/vpn-user" password 7 "*.*.*.*.*"
subscriber static name "jiawei" parent "/vpn-user" password 7 "*.*.*.*.*"
subscriber static name "lizh2288" parent "/" password 7 "*.*.*.*.*"
subscriber static name "haowanlong" parent "/" password 7 "*.*.*.*.*b"
subscriber static name "duzq003x" parent "/" password 7 "*.*.*.*.*"
subscriber static name "wuyanan" parent "/" password 7 "*.*.*.*.*"
subscriber static name "zhangyj0020" parent "/" password 7 "*.*.*.*.*"
subscriber static name "gaoty2638" parent "/" mac ec51.bcb0.276b password 7 "*.*.*.*.*" two-way-bind
subscriber static name "liucx" parent "/" password 7 "*.*.*.*.*"
subscriber static name "liuchunxiao" parent "/" password 7 "*.*.*.*.*"
subscriber static name "hucy1315" parent "/" password 7 "*.*.*.*.*"
subscriber static name "gaozj0311" parent "/" password 7 "*.*.*.*.*"
subscriber static name "zhaoq0035" parent "/" password 7 "*.*.*.*.*"
subscriber static name "bilg0716" parent "/" password 7 "*.*.*.*.*"
!
subscriber set "ruijie" attribute pwd-edit
subscriber set "sunbin" attribute pwd-edit
subscriber set "zhaoqi" attribute pwd-edit
subscriber set "jiawei" attribute pwd-edit
subscriber set "lizh2288" attribute pwd-edit
subscriber set "haowanlong" attribute pwd-edit
subscriber set "duzq003x" attribute pwd-edit
subscriber set "wuyanan" attribute pwd-edit
subscriber set "zhangyj0020" attribute pwd-edit
subscriber set "gaoty2638" attribute pwd-edit
subscriber set "gaoty2638" attribute ssl-radius-verify
subscriber set "liucx" attribute pwd-edit
subscriber set "liuchunxiao" attribute pwd-edit
subscriber set "hucy1315" attribute pwd-edit
subscriber set "gaozj0311" attribute pwd-edit
subscriber set "zhaoq0035" attribute pwd-edit
subscriber set "bilg0716" attribute pwd-edit
!
subscriber allow "ruijie" privilege vpn
subscriber allow "sunbin" privilege vpn
subscriber allow "检修楼-有线用户" privilege none
subscriber allow "办公楼-有线用户" privilege none
subscriber allow "服务楼-外委" privilege none
subscriber allow "服务楼-业主" privilege none
subscriber allow "集控楼-有线网络" privilege none
subscriber allow "脱硫工艺楼-有线网络" privilege none
subscriber allow "除灰综合楼-有线网络" privilege none
subscriber allow "输煤集控楼-有线网络" privilege none
subscriber allow "汽车衡及控制室-有线网络" privilege none
subscriber allow "综合水岛-有线网络" privilege none
subscriber allow "GIS楼-有线网络" privilege none
subscriber allow "办公-无线用户" privilege none
subscriber allow "访客-无线用户" privilege none
subscriber allow "服务器-有线用户" privilege none
subscriber allow "jiawei" privilege vpn
subscriber allow "lizh2288" privilege vpn
subscriber allow "haowanlong" privilege vpn
subscriber allow "duzq003x" privilege vpn
subscriber allow "wuyanan" privilege vpn
subscriber allow "zhangyj0020" privilege vpn
subscriber allow "gaoty2638" privilege vpn
subscriber allow "liucx" privilege vpn
subscriber allow "liuchunxiao" privilege vpn
subscriber allow "hucy1315" privilege vpn
subscriber allow "gaozj0311" privilege vpn
subscriber allow "zhaoq0035" privilege vpn
subscriber allow "bilg0716" privilege vpn
mllb enable
!
no write-db enable
!
sys-mode gateway
!
specify interface GigabitEthernet 0/0 lan
specify interface GigabitEthernet 0/1 wan
specify interface GigabitEthernet 0/2 lan
specify interface GigabitEthernet 0/3 wan
specify interface GigabitEthernet 0/4 lan
specify interface GigabitEthernet 0/5 wan
specify interface GigabitEthernet 0/6 lan
specify interface GigabitEthernet 0/7 wan
specify interface TenGigabitEthernet 0/0 lan
specify interface TenGigabitEthernet 0/1 wan
!
no nat-log enable
no ip nat-log on
!
police-log auth-type mobile
service password-encryption
!
ip http port 8888
ip http secure-port 4430
enable service web-server all
enable service web-server http
enable service web-server https
!
sslvpn gateway sslvpn
ip address any
title SSL VPN Service
max-ssl-error-persec 5
name-server 10.96.*.*
!
sslvpn web-resource ESS url http://10.96.*.*:8080/ess
description http://10.96.*.*:8080/ess
auto-authorization
!
sslvpn web-resource EG1000 url http://10.96.*.*:8888/
description http://10.96.*.*:8888/
auto-authorization
!
sslvpn iptunnel resource iptunnel_group
!
sslvpn iptunnel resource 内网所有网段
appac net 10.96.*.*/16 any portstart 1 portend 65535
!
sslvpn resource-group iptunnel_group
iptunnel enable
iptunnel client-tunnel full
iptunnel resource iptunnel_group
!
sslvpn resource-group ESS
web-resource ESS
!
sslvpn resource-group EG1000
web-resource EG1000
!
sslvpn resource-group 内网所有网段
iptunnel enable
iptunnel resource 内网所有网段
!
sslvpn user jiawei
password 7 104d4a7f5d.*.*
!
sslvpn user sunbin
resource-group groupname 内网所有网段
password 7 09774d.*.*4a
disable-inherit-resource
!
sslvpn user 服务器-有线用户
password 7 127f5d4.*.*9
!
sslvpn user bilg0716
resource-group groupname iptunnel_group
resource-group groupname 内网所有网段
password 7 127f5d4a1.*.*9
disable-inherit-resource
!
sslvpn user hucy1315
password 7 0540.*.*74d
!
sslvpn user wuyanan
password 7 12.*.*125579
!
sslvpn user zhaoq0035
password 7 05.*.*b774d
!
sslvpn user ruijie
resource-group groupname ESS
password 7 09.*.*f5d4a
!
sslvpn user zhaoqi
password 7 13.*.*94a
!
sslvpn user-group any
resource-group groupname iptunnel_group
resource-group groupname 内网所有网段
!
sslvpn user-group vpn-user
!
sslvpn iptunnel content
!
sslvpn ip pool poolName_1539877.*.*06060 5.6..*.*/24
!
!
sslvpn policy-group
group-map enable
!
auth-method aaa sslvpnLocal
inservice
!
control-plane
security web permit 219.148..*.*
security web permit 116.115..*.*
anti-arp-spoof scan 20
anti-arp-spoof
attack threshold 500
!
control-plane protocol
no acpp
!
control-plane manage
no port-filter
no arp-car
no acpp
!
control-plane data
no glean-car
no acpp
!
ip rns 1
dns www.sina.com.cn name-server 202.99..*.*out-interface GigabitEthernet 0/7
next-hop 116.115..*.*
frequency 6000
!
ip rns 2
dns www.sina.com.cn name-server 202..*.*68 out-interface GigabitEthernet 0/7
next-hop 116.115..*.*
frequency 6000
!
ip rns 5
dns www.sina.com.cn name-server 222..*.*.230 out-interface GigabitEthernet 0/
3 next-hop 219..*.*113
frequency 6000
!
ip rns 6
dns www.sina.com.cn name-server 222..*.*200 out-interface GigabitEthernet 0/3
next-hop 219..*.*.113
frequency 6000
!
ip rns schedule 1 start-time now life forever
ip rns schedule 2 start-time now life forever
ip rns schedule 5 start-time now life forever
ip rns schedule 6 start-time now life forever
!
ip rns reaction-configuration 1 react allfail action-type Track
ip rns reaction-configuration 2 react allfail action-type Track
ip rns reaction-configuration 5 react allfail action-type Track
ip rns reaction-configuration 6 react allfail action-type Track
!
service sysname
service sequence-numbers
logging filter rule exact-match module LOGIN mnemonic LOGIN_FAIL level 5
logging userinfo command-log
logging buffered 131072
logging file flash:syslog
clock timezone PRC +8 0
!
track 1 rns 1
delay up 11 down 11
!
track 2 rns 2
delay up 11 down 11
!
track 5 rns 5
delay up 11 down 11
!
track 6 rns 6
delay up 11 down 11
!
vpdn limit_rate 15
!
was http prefetch time_range web start 00:00 end 00:00
was http prefetch interval_time web 60
was tcp tfo-mem 2700
no was woc-web enable
no was enable
web quick-set
webmaster username admin password 7 0611340.*.*
flow-control Gi0/7
channel-tree inbound
no auto-pir enable
!
channel-group root parent null cir 300000 pir 300000 pri 4 fifo
channel-group 办公 parent root cir 100000 pir 100000 pri 4 per-user per-pir 30
000 limit 10000
channel-group 有线用户 parent root cir 100000 pir 150000 pri 4 per-net per-pir
30000 limit 10000
channel-default root
!
channel-tree outbound
no auto-pir enable
!
channel-group root parent null cir 300000 pir 300000 pri 4 fifo
channel-group 办公 parent root cir 100000 pir 100000 pri 4 per-user per-pir 30
000 limit 10000
channel-group 有线用户 parent root cir 100000 pir 100000 pri 4 per-net per-pir
30000 limit 10000
channel-default root
!
flow-rule 1 auth-group smp_root time-range any
flow-rule 1 action pass in-channel 办公 out-channel 办公 comment 无线用户
flow-rule 3 subscriber 服务器 time-range any
flow-rule 3 action pass comment 服务器
flow-rule 2 subscriber 有线用户 time-range any
flow-rule 2 action pass in-channel 有线用户 out-channel 有线用户 comment 有线用

!
flow-control Gi0/5
channel-tree inbound
no auto-pir enable
!
channel-group root parent null cir 100000 pir 100000 pri 4 fifo
channel-group 办公 parent root cir 66666 pir 100000 pri 4 per-user per-pir 300
00 limit 10000
channel-group 板房限速 parent root cir 16666 pir 66666 pri 4 fifo
channel-default root
!
channel-tree outbound
no auto-pir enable
!
channel-group root parent null cir 100000 pir 100000 pri 4 fifo
channel-group 办公 parent root cir 66666 pir 100000 pri 4 per-user per-pir 300
00 limit 10000
channel-group 板房限速 parent root cir 16666 pir 66666 pri 4 fifo
channel-default root
!
flow-rule 2 subscriber 板房临时用户 time-range any
flow-rule 2 action pass in-channel 板房限速 out-channel 板房限速 comment 板房限
速100M
flow-rule 1 auth-group smp_root time-range any
flow-rule 1 action pass in-channel 办公 out-channel 办公 comment 30Mb
!
flow-control Gi0/3
channel-tree inbound
no auto-pir enable
!
channel-group root parent null cir 500000 pir 500000 pri 4 fifo
channel-group 办公 parent root cir 200000 pir 500000 pri 4 per-user per-pir 30
000 limit 10000
channel-group 板房限速 parent root cir 100000 pir 200000 pri 4 fifo
channel-group 有线用户 parent root cir 200000 pir 300000 pri 4 per-net per-pir
30000 limit 10000
channel-default root
!
channel-tree outbound
no auto-pir enable
!
channel-group root parent null cir 500000 pir 500000 pri 4 fifo
channel-group 办公 parent root cir 200000 pir 500000 pri 4 per-user per-pir 30
000 limit 10000
channel-group 板房限速 parent root cir 100000 pir 200000 pri 4 fifo
channel-group 有线用户 parent root cir 200000 pir 300000 pri 4 per-net per-pir
30000 limit 10000
channel-default root
!
flow-rule 1 auth-group smp_root time-range any
flow-rule 1 action pass in-channel 办公 out-channel 办公 comment 无线用户
flow-rule 3 subscriber 有线用户 time-range any
flow-rule 3 action pass in-channel 有线用户 out-channel 有线用户 comment 有线用

flow-rule 4 subscriber 服务器 time-range any
flow-rule 4 action pass comment 服务器
!
enable password 7 072909.*.*57421b5a
interface GigabitEthernet 0/0
port-group 1
!
interface GigabitEthernet 0/1
!
interface GigabitEthernet 0/2
port-group 1
!
interface GigabitEthernet 0/3
description 电信-ISP
bandwidth 500000
dldp 219..*.*113 219..*.*.113
nexthop 219..*.*113
reverse-path
ip address 219..*.*.114 255..*.*.252
ip name-server 222..*.*.230 track 5
ip name-server 222..*.*.200 track 6
ip nat outside
flow-policy Gi0/3
!
interface GigabitEthernet 0/4
ip address 3..*.*.3 255..*.*.0
ip address 3.3..*.* 255..*.*.0 secondary
!
interface GigabitEthernet 0/5
description 电信
bandwidth 100000
nexthop 1..*.*109
reverse-path
ip address 1.180..*.*110 255..*.*.252
ip nat outside
!
interface GigabitEthernet 0/6
!
interface GigabitEthernet 0/7
description To:中国联通-ISP
bandwidth 300000
dldp 116.115..*.*116.115..*.*
nexthop 116.115..*.*
reverse-path
ip address 116.115..*.* 255.255..*.*
ip name-server 202..*.*224.8 track 1
ip name-server 202..*.*.224.68 track 2
ip nat outside
flow-policy Gi0/7
!
interface TenGigabitEthernet 0/0
!
interface TenGigabitEthernet 0/1
!
interface AggregatePort 1
mac-address 5869.6cb7.1986
description To:JN-WJF-S8607-VSU-AGG1
reverse-path
no ip unreachables
no ip redirects
no ip mask-reply
ip address 10.96..*.* 255..*.*..*.*248
dns-proxy enable
ip nat inside
!
interface Mgmt 0
ip address 192.168.*.*255..*.*.0
gateway 192.168..*.*
!
interface SSLVPN 0
no ip redirects
ip address 5.6..*.*255.255..*.*
ip nat inside
!
interface SSLVPN 1
no ip redirects
ip nat inside
!
no app route mode new-flow
!
ip nat pool nat_pool prefix-length 24
address interface GigabitEthernet 0/7 match interface GigabitEthernet 0/7
address interface GigabitEthernet 0/5 match interface GigabitEthernet 0/5
address interface GigabitEthernet 0/3 match interface GigabitEthernet 0/3
!
ip nat inside source static tcp 10.95..*.* port-range 443 443 116.115..*.* por
t-range 6002 6002 permit-inside
ip nat inside source static tcp 10.95..*.* port-range 443 443 116.115..*.* por
t-range 6003 6003 permit-inside
ip nat inside source static tcp 10.95.*.* port-range 443 443 116.115..*.* por
t-range 6004 6004 permit-inside
ip nat inside source static tcp 10.95.*.*port-range 443 443 116.115..*.* por
t-range 6005 6005 permit-inside
ip nat inside source static tcp 10.96.*.* port-range 443 443 116.115..*.* p
ort-range 6007 6007 permit-inside
ip nat inside source static tcp 10.96.*.*port-range 8080 8080 116.115..*.* p
ort-range 6001 6001 permit-inside
ip nat inside source static tcp 1.1..*.* port-range 443 443 116.115..*.* port-
range 9001 9001 permit-inside
ip nat inside source static udp 1.1..*.* port-range 5246 5246 116.115..*.* por
t-range 5246 5246 permit-inside
ip nat inside source static udp 1.1.*.* port-range 5247 5247 116.115.*.* por
t-range 5247 5247 permit-inside
ip nat inside source static tcp 2.2..*.*port-range 23 23 116.115..*.* port-ra
nge 8024 8024 permit-inside
ip nat inside source static tcp 10.96..*.*port-range 443 443 219.148..*.* p
ort-range 8443 8443 permit-inside
ip nat inside source list 1 pool nat_pool overload
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet 0/7 116.115..*.*
ip route 0.0.0.0 0.0.0.0 GigabitEthernet 0/3 219.148..*.*
ip route 1.1..*.* 255.255..*.* 10.96..*.*
ip route 2.2..*.*255.255..*.* 10.96.2.*.*
ip route 10.0.*.*255.2.*.*.0 10.96..*.*
ip route 10..*.*255..*.*0.0 10.96..*.*
ip route 10.96.*.*255.255.*.* 10.96..*.*
ip route 10.96..*.*255..*.*255.255 10.96.*.*
!
snmp-server location RG-EG2000UE-ISP
snmp-server host 10.96.6.1 traps version 2c ruijie
snmp-server host 10.96.6.1 informs version 2c ruijie web-auth
snmp-server enable traps
snmp-server community 7 131707.*.*817 rw
!
line console 0
line vty 0 4
!
end
wjf#
1 条回复1

cisco.feng
Spotlight
Spotlight
这是CISCO论坛
锐捷产品...
虽说锐捷抄袭 有些配置还是不同的
入门指南

使用上面的搜索栏输入关键字、短语或问题,搜索问题的答案。

我们希望您在这里的旅程尽可能顺利,因此这里有一些链接可以帮助您快速熟悉思科社区:









快捷链接