

Level 1
Level 1
大神告诉我这个网关都配置了什么,最好给我在后面标注一下 现在电脑插上网线打开网页特慢 我们是联通电信双网做的负载均衡
Building configuration...
Current configuration: 2.*.*70 bytes
version 1.*.*.1(6)B9
hostname ***
app-auth offline-detect
app-auth cfg-opt id-mac
app-auth cfg-opt syn-proxy
app-auth wx-state direct
ip session filter 0
flow-pre-mgr enable
flow-pre-mgr protocol-enable
flow-pre-mgr upload-pps-limit 0
flow-pre-mgr new-session-limit start-up limit 15000
flow-pre-mgr new-session-limit virtual-host limit 15000
flow-pre-mgr new-session-limit real-host limit 300
flow-pre-mgr total-limit 80000000
flow-pre-mgr 1 subscriber 办公用户 action trust total-limit 4000000 per-ip-limit
no bypass couple 0
no bypass couple 1
ip access-list standard 1
10 permit any
ip access-list extended 100
ip ref load-sharing original-only
ip tcp keepalive
time-range any
periodic Daily 0:00 to 23:59
time-range day_time
periodic Daily 6:00 to 18:00
time-range night_time
periodic Weekdays 0:00 to 5:59
periodic Daily 18:01 to 23:59
time-range unwork_time
periodic Weekdays 0:00 to 7:59
periodic Weekdays 12:00 to 13:00
periodic Weekdays 18:01 to 23:59
time-range weekend
periodic Weekend 0:00 to 23:59
time-range work_time
periodic Weekdays 8:00 to 12:00
periodic Weekdays 13:00 to 18:00
time-range working_time
periodic Weekdays 0:00 to 23:59
no vwan loss-recover access-list
no vwan loss-recover enable
vwan loss-recover mss 1360
vwan mss 1360
route-auto-choose cnc GigabitEthernet 0/7 ****
route-auto-choose cnii GigabitEthernet 0/3 ****
route-auto-choose cnii GigabitEthernet 0/5 ****
web-auth portal-escape
web-auth portal-check
web-auth direct-host range 10.96.*.* 10.96.*.*
web-auth direct-host range 10.96.*.* 10.96.*.*
web-auth template iportal
web-auth template eportalv1
web-auth template eportalv2
ip 10.96.*.*
url http://10.96.*.*:80/ess/commonauth
web-auth portal key ruijie
web-auth portal eportalv2
web-auth portal eportalv2 ip-mapping 10.96.*.* 255.255.*.*
username admin password 7 050f0c38072c3540775445
aaa new-model
aaa local authentication attempts 50
aaa accounting update
aaa accounting network default start-stop group radius
aaa authentication web-auth default group radius
aaa authentication sslvpn sslvpnLocal subs
aaa queue-limit account-request 20480
no apm sample enable
apm sample default interval 300
apm sample url-topn send-time 1
apm sample url-topn top 50
link-as port 10001
link-as ip
link-as username mcp
identify-application enable
web-bbs-audit cache enable
url-filter-notice display 你被禁止访问这个网站,请联系网站管理员!
no url-audit exact-filter
no url-rule apply-referer
url-class un_audit_class
comment unaudit
url-object un_audit_object
class 软件升级
class 脚本未知
class un_audit_class
url-object illegal
class 暴力
class 病毒
class 成人
class 赌博
class 犯罪技能
class 色情
class 违反法律
content-policy _AUDIT_DEFAULT
mail-rule audit-default-enable
im-rule audit-default-enable
web-bbs-rule audit-default-enable
web-mail-rule audit-default-enable
url-rule audit-default-enable
content-policy _TOP_PRIORITY
app-rule 200 time-range any app-group Block_Group action deny audit
app-rule 197 time-range any app-group Block_Group action deny audit vpn
app-rule 198 time-range any app-group any action permit audit vpn vip
app-rule 199 time-range any app-group any action permit audit vip
url-rule 997 url-object un_audit_object time-range any action permit comment 不
url-rule 1000 url-object illegal time-range any action deny audit comment 黑名?
content-policy-relate relate auth-subscriber any policy _TOP_PRIORITY
content-policy-relate relate subscriber any policy _TOP_PRIORITY
content-policy-relate relate subscriber any policy _AUDIT_DEFAULT
acs url http://cloud.ruijie.com.cn/service/acs/H1KVE31000049/rcn/acs
cpe inform interval 180
timer cpe-timeout 90
dev-audit enable
ip name-server 222.74.*.*
ip name-server 202.99.*.*
mail-service enable
feedback frequency 60
flow-audit enable
flow-audit intf-rt refresh 1
flow-audit intf-rt storage 10 max
http update time daily 06:00
link-sam flowrate 22
ipfix syn-del 1
layer23 classify enable
layer23 scc-attention enable
layer23 flow-detect flow 0
layer23 flow-detect time-interval 15
sam-online recycle 60
sam-offline recycle 60
network-group name "Out_Server" parent "/"
subscriber static name "ruijie" parent "/" password 7 ".*.*"
subscriber static name "sunbin" parent "/" password 7 ".*.*"
subscriber static name "有线用户" parent "/"
subscriber static name "检修楼-有线用户" parent "/有线用户" ip-range 10.96.*.* 1
subscriber static name "办公楼-有线用户" parent "/有线用户" ip-range 10.96.*.*
subscriber static name "服务楼-外委" parent "/有线用户" ip-range 10.96.*.* 10.9
subscriber static name "服务楼-业主" parent "/有线用户" ip-range 10.96.*.* 10.9
subscriber static name "集控楼-有线网络" parent "/有线用户" ip-range 10.96.*.* 10.9
subscriber static name "脱硫工艺楼-有线网络" parent "/有线用户" ip-range 10.96.*.* 10.9
subscriber static name "除灰综合楼-有线网络" parent "/有线用户" ip-range 10.96.*.* 10.9
subscriber static name "输煤集控楼-有线网络" parent "/有线用户" ip-range 10.96.*.* 10.9
subscriber static name "汽车衡及控制室-有线网络" parent "/有线用户" ip-range 10.96.*.* 10.9
subscriber static name "综合水岛-有线网络" parent "/有线用户" ip-range 10.96.*.* 10.9
subscriber static name "GIS楼-有线网络" parent "/有线用户" ip-range 10.96.*.* 10.9
subscriber static name "无线用户" parent "/"
subscriber static name "办公-无线用户" parent "/无线用户" ip-range 10.96.*.* 10.9
subscriber static name "访客-无线用户" parent "/无线用户" ip-range 10.96.*.* 10.9
subscriber static name "服务器" parent "/"
subscriber static name "服务器-有线用户" parent "/服务器" ip-range 10.96.*.* 10.9
subscriber static name "vpn-user" parent "/"
subscriber static name "zhaoqi" parent "/vpn-user" password 7 "*.*.*.*.*"
subscriber static name "jiawei" parent "/vpn-user" password 7 "*.*.*.*.*"
subscriber static name "lizh2288" parent "/" password 7 "*.*.*.*.*"
subscriber static name "haowanlong" parent "/" password 7 "*.*.*.*.*b"
subscriber static name "duzq003x" parent "/" password 7 "*.*.*.*.*"
subscriber static name "wuyanan" parent "/" password 7 "*.*.*.*.*"
subscriber static name "zhangyj0020" parent "/" password 7 "*.*.*.*.*"
subscriber static name "gaoty2638" parent "/" mac ec51.bcb0.276b password 7 "*.*.*.*.*" two-way-bind
subscriber static name "liucx" parent "/" password 7 "*.*.*.*.*"
subscriber static name "liuchunxiao" parent "/" password 7 "*.*.*.*.*"
subscriber static name "hucy1315" parent "/" password 7 "*.*.*.*.*"
subscriber static name "gaozj0311" parent "/" password 7 "*.*.*.*.*"
subscriber static name "zhaoq0035" parent "/" password 7 "*.*.*.*.*"
subscriber static name "bilg0716" parent "/" password 7 "*.*.*.*.*"
subscriber set "ruijie" attribute pwd-edit
subscriber set "sunbin" attribute pwd-edit
subscriber set "zhaoqi" attribute pwd-edit
subscriber set "jiawei" attribute pwd-edit
subscriber set "lizh2288" attribute pwd-edit
subscriber set "haowanlong" attribute pwd-edit
subscriber set "duzq003x" attribute pwd-edit
subscriber set "wuyanan" attribute pwd-edit
subscriber set "zhangyj0020" attribute pwd-edit
subscriber set "gaoty2638" attribute pwd-edit
subscriber set "gaoty2638" attribute ssl-radius-verify
subscriber set "liucx" attribute pwd-edit
subscriber set "liuchunxiao" attribute pwd-edit
subscriber set "hucy1315" attribute pwd-edit
subscriber set "gaozj0311" attribute pwd-edit
subscriber set "zhaoq0035" attribute pwd-edit
subscriber set "bilg0716" attribute pwd-edit
subscriber allow "ruijie" privilege vpn
subscriber allow "sunbin" privilege vpn
subscriber allow "检修楼-有线用户" privilege none
subscriber allow "办公楼-有线用户" privilege none
subscriber allow "服务楼-外委" privilege none
subscriber allow "服务楼-业主" privilege none
subscriber allow "集控楼-有线网络" privilege none
subscriber allow "脱硫工艺楼-有线网络" privilege none
subscriber allow "除灰综合楼-有线网络" privilege none
subscriber allow "输煤集控楼-有线网络" privilege none
subscriber allow "汽车衡及控制室-有线网络" privilege none
subscriber allow "综合水岛-有线网络" privilege none
subscriber allow "GIS楼-有线网络" privilege none
subscriber allow "办公-无线用户" privilege none
subscriber allow "访客-无线用户" privilege none
subscriber allow "服务器-有线用户" privilege none
subscriber allow "jiawei" privilege vpn
subscriber allow "lizh2288" privilege vpn
subscriber allow "haowanlong" privilege vpn
subscriber allow "duzq003x" privilege vpn
subscriber allow "wuyanan" privilege vpn
subscriber allow "zhangyj0020" privilege vpn
subscriber allow "gaoty2638" privilege vpn
subscriber allow "liucx" privilege vpn
subscriber allow "liuchunxiao" privilege vpn
subscriber allow "hucy1315" privilege vpn
subscriber allow "gaozj0311" privilege vpn
subscriber allow "zhaoq0035" privilege vpn
subscriber allow "bilg0716" privilege vpn
mllb enable
no write-db enable
sys-mode gateway
specify interface GigabitEthernet 0/0 lan
specify interface GigabitEthernet 0/1 wan
specify interface GigabitEthernet 0/2 lan
specify interface GigabitEthernet 0/3 wan
specify interface GigabitEthernet 0/4 lan
specify interface GigabitEthernet 0/5 wan
specify interface GigabitEthernet 0/6 lan
specify interface GigabitEthernet 0/7 wan
specify interface TenGigabitEthernet 0/0 lan
specify interface TenGigabitEthernet 0/1 wan
no nat-log enable
no ip nat-log on
police-log auth-type mobile
service password-encryption
ip http port 8888
ip http secure-port 4430
enable service web-server all
enable service web-server http
enable service web-server https
sslvpn gateway sslvpn
ip address any
title SSL VPN Service
max-ssl-error-persec 5
name-server 10.96.*.*
sslvpn web-resource ESS url http://10.96.*.*:8080/ess
description http://10.96.*.*:8080/ess
sslvpn web-resource EG1000 url http://10.96.*.*:8888/
description http://10.96.*.*:8888/
sslvpn iptunnel resource iptunnel_group
sslvpn iptunnel resource 内网所有网段
appac net 10.96.*.*/16 any portstart 1 portend 65535
sslvpn resource-group iptunnel_group
iptunnel enable
iptunnel client-tunnel full
iptunnel resource iptunnel_group
sslvpn resource-group ESS
web-resource ESS
sslvpn resource-group EG1000
web-resource EG1000
sslvpn resource-group 内网所有网段
iptunnel enable
iptunnel resource 内网所有网段
sslvpn user jiawei
password 7 104d4a7f5d.*.*
sslvpn user sunbin
resource-group groupname 内网所有网段
password 7 09774d.*.*4a
sslvpn user 服务器-有线用户
password 7 127f5d4.*.*9
sslvpn user bilg0716
resource-group groupname iptunnel_group
resource-group groupname 内网所有网段
password 7 127f5d4a1.*.*9
sslvpn user hucy1315
password 7 0540.*.*74d
sslvpn user wuyanan
password 7 12.*.*125579
sslvpn user zhaoq0035
password 7 05.*.*b774d
sslvpn user ruijie
resource-group groupname ESS
password 7 09.*.*f5d4a
sslvpn user zhaoqi
password 7 13.*.*94a
sslvpn user-group any
resource-group groupname iptunnel_group
resource-group groupname 内网所有网段
sslvpn user-group vpn-user
sslvpn iptunnel content
sslvpn ip pool poolName_1539877.*.*06060 5.6..*.*/24
sslvpn policy-group
group-map enable
auth-method aaa sslvpnLocal
security web permit 219.148..*.*
security web permit 116.115..*.*
anti-arp-spoof scan 20
attack threshold 500
control-plane protocol
no acpp
control-plane manage
no port-filter
no arp-car
no acpp
control-plane data
no glean-car
no acpp
ip rns 1
dns www.sina.com.cn name-server 202.99..*.*out-interface GigabitEthernet 0/7
next-hop 116.115..*.*
frequency 6000
ip rns 2
dns www.sina.com.cn name-server 202..*.*68 out-interface GigabitEthernet 0/7
next-hop 116.115..*.*
frequency 6000
ip rns 5
dns www.sina.com.cn name-server 222..*.*.230 out-interface GigabitEthernet 0/
3 next-hop 219..*.*113
frequency 6000
ip rns 6
dns www.sina.com.cn name-server 222..*.*200 out-interface GigabitEthernet 0/3
next-hop 219..*.*.113
frequency 6000
ip rns schedule 1 start-time now life forever
ip rns schedule 2 start-time now life forever
ip rns schedule 5 start-time now life forever
ip rns schedule 6 start-time now life forever
ip rns reaction-configuration 1 react allfail action-type Track
ip rns reaction-configuration 2 react allfail action-type Track
ip rns reaction-configuration 5 react allfail action-type Track
ip rns reaction-configuration 6 react allfail action-type Track
service sysname
service sequence-numbers
logging filter rule exact-match module LOGIN mnemonic LOGIN_FAIL level 5
logging userinfo command-log
logging buffered 131072
logging file flash:syslog
clock timezone PRC +8 0
track 1 rns 1
delay up 11 down 11
track 2 rns 2
delay up 11 down 11
track 5 rns 5
delay up 11 down 11
track 6 rns 6
delay up 11 down 11
vpdn limit_rate 15
was http prefetch time_range web start 00:00 end 00:00
was http prefetch interval_time web 60
was tcp tfo-mem 2700
no was woc-web enable
no was enable
web quick-set
webmaster username admin password 7 0611340.*.*
flow-control Gi0/7
channel-tree inbound
no auto-pir enable
channel-group root parent null cir 300000 pir 300000 pri 4 fifo
channel-group 办公 parent root cir 100000 pir 100000 pri 4 per-user per-pir 30
000 limit 10000
channel-group 有线用户 parent root cir 100000 pir 150000 pri 4 per-net per-pir
30000 limit 10000
channel-default root
channel-tree outbound
no auto-pir enable
channel-group root parent null cir 300000 pir 300000 pri 4 fifo
channel-group 办公 parent root cir 100000 pir 100000 pri 4 per-user per-pir 30
000 limit 10000
channel-group 有线用户 parent root cir 100000 pir 100000 pri 4 per-net per-pir
30000 limit 10000
channel-default root
flow-rule 1 auth-group smp_root time-range any
flow-rule 1 action pass in-channel 办公 out-channel 办公 comment 无线用户
flow-rule 3 subscriber 服务器 time-range any
flow-rule 3 action pass comment 服务器
flow-rule 2 subscriber 有线用户 time-range any
flow-rule 2 action pass in-channel 有线用户 out-channel 有线用户 comment 有线用

flow-control Gi0/5
channel-tree inbound
no auto-pir enable
channel-group root parent null cir 100000 pir 100000 pri 4 fifo
channel-group 办公 parent root cir 66666 pir 100000 pri 4 per-user per-pir 300
00 limit 10000
channel-group 板房限速 parent root cir 16666 pir 66666 pri 4 fifo
channel-default root
channel-tree outbound
no auto-pir enable
channel-group root parent null cir 100000 pir 100000 pri 4 fifo
channel-group 办公 parent root cir 66666 pir 100000 pri 4 per-user per-pir 300
00 limit 10000
channel-group 板房限速 parent root cir 16666 pir 66666 pri 4 fifo
channel-default root
flow-rule 2 subscriber 板房临时用户 time-range any
flow-rule 2 action pass in-channel 板房限速 out-channel 板房限速 comment 板房限
flow-rule 1 auth-group smp_root time-range any
flow-rule 1 action pass in-channel 办公 out-channel 办公 comment 30Mb
flow-control Gi0/3
channel-tree inbound
no auto-pir enable
channel-group root parent null cir 500000 pir 500000 pri 4 fifo
channel-group 办公 parent root cir 200000 pir 500000 pri 4 per-user per-pir 30
000 limit 10000
channel-group 板房限速 parent root cir 100000 pir 200000 pri 4 fifo
channel-group 有线用户 parent root cir 200000 pir 300000 pri 4 per-net per-pir
30000 limit 10000
channel-default root
channel-tree outbound
no auto-pir enable
channel-group root parent null cir 500000 pir 500000 pri 4 fifo
channel-group 办公 parent root cir 200000 pir 500000 pri 4 per-user per-pir 30
000 limit 10000
channel-group 板房限速 parent root cir 100000 pir 200000 pri 4 fifo
channel-group 有线用户 parent root cir 200000 pir 300000 pri 4 per-net per-pir
30000 limit 10000
channel-default root
flow-rule 1 auth-group smp_root time-range any
flow-rule 1 action pass in-channel 办公 out-channel 办公 comment 无线用户
flow-rule 3 subscriber 有线用户 time-range any
flow-rule 3 action pass in-channel 有线用户 out-channel 有线用户 comment 有线用

flow-rule 4 subscriber 服务器 time-range any
flow-rule 4 action pass comment 服务器
enable password 7 072909.*.*57421b5a
interface GigabitEthernet 0/0
port-group 1
interface GigabitEthernet 0/1
interface GigabitEthernet 0/2
port-group 1
interface GigabitEthernet 0/3
description 电信-ISP
bandwidth 500000
dldp 219..*.*113 219..*.*.113
nexthop 219..*.*113
ip address 219..*.*.114 255..*.*.252
ip name-server 222..*.*.230 track 5
ip name-server 222..*.*.200 track 6
ip nat outside
flow-policy Gi0/3
interface GigabitEthernet 0/4
ip address 3..*.*.3 255..*.*.0
ip address 3.3..*.* 255..*.*.0 secondary
interface GigabitEthernet 0/5
description 电信
bandwidth 100000
nexthop 1..*.*109
ip address 1.180..*.*110 255..*.*.252
ip nat outside
interface GigabitEthernet 0/6
interface GigabitEthernet 0/7
description To:中国联通-ISP
bandwidth 300000
dldp 116.115..*.*116.115..*.*
nexthop 116.115..*.*
ip address 116.115..*.* 255.255..*.*
ip name-server 202..*.*224.8 track 1
ip name-server 202..*.*.224.68 track 2
ip nat outside
flow-policy Gi0/7
interface TenGigabitEthernet 0/0
interface TenGigabitEthernet 0/1
interface AggregatePort 1
mac-address 5869.6cb7.1986
description To:JN-WJF-S8607-VSU-AGG1
no ip unreachables
no ip redirects
no ip mask-reply
ip address 10.96..*.* 255..*.*..*.*248
dns-proxy enable
ip nat inside
interface Mgmt 0
ip address 192.168.*.*255..*.*.0
gateway 192.168..*.*
interface SSLVPN 0
no ip redirects
ip address 5.6..*.*255.255..*.*
ip nat inside
interface SSLVPN 1
no ip redirects
ip nat inside
no app route mode new-flow
ip nat pool nat_pool prefix-length 24
address interface GigabitEthernet 0/7 match interface GigabitEthernet 0/7
address interface GigabitEthernet 0/5 match interface GigabitEthernet 0/5
address interface GigabitEthernet 0/3 match interface GigabitEthernet 0/3
ip nat inside source static tcp 10.95..*.* port-range 443 443 116.115..*.* por
t-range 6002 6002 permit-inside
ip nat inside source static tcp 10.95..*.* port-range 443 443 116.115..*.* por
t-range 6003 6003 permit-inside
ip nat inside source static tcp 10.95.*.* port-range 443 443 116.115..*.* por
t-range 6004 6004 permit-inside
ip nat inside source static tcp 10.95.*.*port-range 443 443 116.115..*.* por
t-range 6005 6005 permit-inside
ip nat inside source static tcp 10.96.*.* port-range 443 443 116.115..*.* p
ort-range 6007 6007 permit-inside
ip nat inside source static tcp 10.96.*.*port-range 8080 8080 116.115..*.* p
ort-range 6001 6001 permit-inside
ip nat inside source static tcp 1.1..*.* port-range 443 443 116.115..*.* port-
range 9001 9001 permit-inside
ip nat inside source static udp 1.1..*.* port-range 5246 5246 116.115..*.* por
t-range 5246 5246 permit-inside
ip nat inside source static udp 1.1.*.* port-range 5247 5247 116.115.*.* por
t-range 5247 5247 permit-inside
ip nat inside source static tcp 2.2..*.*port-range 23 23 116.115..*.* port-ra
nge 8024 8024 permit-inside
ip nat inside source static tcp 10.96..*.*port-range 443 443 219.148..*.* p
ort-range 8443 8443 permit-inside
ip nat inside source list 1 pool nat_pool overload
ip route GigabitEthernet 0/7 116.115..*.*
ip route GigabitEthernet 0/3 219.148..*.*
ip route 1.1..*.* 255.255..*.* 10.96..*.*
ip route 2.2..*.*255.255..*.* 10.96.2.*.*
ip route 10.0.*.*255.2.*.*.0 10.96..*.*
ip route 10..*.*255..*.*0.0 10.96..*.*
ip route 10.96.*.*255.255.*.* 10.96..*.*
ip route 10.96..*.*255..*.*255.255 10.96.*.*
snmp-server location RG-EG2000UE-ISP
snmp-server host traps version 2c ruijie
snmp-server host informs version 2c ruijie web-auth
snmp-server enable traps
snmp-server community 7 131707.*.*817 rw
line console 0
line vty 0 4
1 条回复1

虽说锐捷抄袭 有些配置还是不同的