[H3C]di cu # version 5.20, Release 2202 # sysname H3C # irf mac-address persistent timer irf auto-update enable undo irf link-delay # domain default enable system # telnet server enable # undo ip ttl-expires # dhcp-snooping # acl number 3000 rule 0 permit ip source 192.168.2.1 0 acl number 3001 rule 0 permit ip source 192.168.6.0 0.0.0.255 # vlan 1 description default vlan # vlan 2 description Technology # vlan 3 description XXXX # vlan 4 description xx # vlan 5 description sssss # vlan 6 description Customer Service # vlan 7 description ssfff # vlan 8 description ssffweee # vlan 9 description ssdfsf # vlan 30 description Avaya VOIP Phone # vlan 40 description Shenzhen - IPLC - Hongkong # radius scheme system server-type extended primary authentication 127.0.0.1 1645 primary accounting 127.0.0.1 1646 user-name-format without-domain # domain system access-limit disable state active idle-cut disable self-service-url disable # public-key peer 192.168.4.254 public-key-code begin 30819F300D06092A864886F70D010101050003818D0030818902818100E8854810B9DD27CC DFFA9873A201DA7D2523D9C3BF3765B9F4C8F94D698B79632FEC9EF03966F983EE78618D8D 87CCC737328A9BEF5D2C0077C212CA37E7FB1E236CD329C6A18EB80FCE99EB5AF550A57D49 A3D32D8114BC087950B2BFCA21B338A3BF7F77FC34C5531665988F7A240BC564A0C41CDA07 3392730C587282A7F90203010001 public-key-code end peer-public-key end # traffic classifier 2 operator or if-match acl 3000 traffic classifier 1 operator and if-match acl 3001 # traffic behavior 1 redirect next-hop 192.168.40.254 # qos policy 2 classifier 2 behavior 1 qos policy 1 classifier 1 behavior 1 # dhcp server ip-pool vlan2 network 192.168.2.0 mask 255.255.255.0 gateway-list 192.168.2.254 dns-list 202.96.134.133 8.8.8.8 expired day 7 # dhcp server ip-pool vlan3 network 192.168.3.0 mask 255.255.255.0 gateway-list 192.168.3.254 dns-list 202.96.134.133 202.96.128.68 208.67.222.222 208.67.220.220 # dhcp server ip-pool vlan4 network 192.168.4.0 mask 255.255.255.0 gateway-list 192.168.4.254 dns-list 202.96.134.133 202.96.128.68 208.67.222.222 208.67.220.220 # dhcp server ip-pool vlan5 network 192.168.5.0 mask 255.255.255.0 gateway-list 192.168.5.254 dns-list 202.96.134.133 202.96.128.68 208.67.222.222 208.67.220.220 # dhcp server ip-pool vlan6 network 192.168.6.0 mask 255.255.255.0 gateway-list 192.168.6.254 dns-list 208.67.222.222 208.67.220.220 8.8.8.8 4.4.4.4 # dhcp server ip-pool vlan7 network 192.168.7.0 mask 255.255.255.0 gateway-list 192.168.7.254 dns-list 208.67.222.222 208.67.220.220 8.8.8.8 4.4.4.4 # dhcp server ip-pool vlan8 network 192.168.8.0 mask 255.255.255.0 gateway-list 192.168.8.254 dns-list 208.67.222.222 208.67.220.220 8.8.8.8 4.4.4.4 # dhcp server ip-pool vlan9 network 192.168.9.0 mask 255.255.255.0 gateway-list 192.168.9.254 dns-list 208.67.222.222 208.67.220.220 8.8.8.8 4.4.4.4 # user-group system # local-user admin password cipher '`7&+[]_T$CQ=^Q`MAF4<1!! authorization-attribute level 3 service-type ssh telnet terminal local-user h3c password cipher OUM!K%F<+$[Q=^Q`MAF4<1!! service-type telnet # stp enable # interface NULL0 # interface LoopBack0 ip address 1.1.1.1 255.255.255.255 # interface Vlan-interface1 ip address 192.168.1.254 255.255.255.0 # interface Vlan-interface2 description Technology ip address 192.168.2.254 255.255.255.0 # interface Vlan-interface3 ip address 192.168.3.254 255.255.255.0 # interface Vlan-interface4 ip address 192.168.4.254 255.255.255.0 # interface Vlan-interface5 ip address 192.168.5.254 255.255.255.0 # interface Vlan-interface6 description Customer Service ip address 192.168.6.254 255.255.255.0 # interface Vlan-interface7 ip address 192.168.7.254 255.255.255.0 # interface Vlan-interface8 ip address 192.168.8.254 255.255.255.0 # interface Vlan-interface9 ip address 192.168.9.254 255.255.255.0 # interface Vlan-interface30 ip address 192.168.30.1 255.255.255.0 # interface Vlan-interface40 description IPLC ip address 192.168.40.253 255.255.255.240 # interface GigabitEthernet1/0/1 port link-type trunk port trunk permit vlan all # interface GigabitEthernet1/0/2 port link-type trunk port trunk permit vlan all # interface GigabitEthernet1/0/3 port access vlan 2 qos apply policy 2 inbound dhcp-snooping trust # interface GigabitEthernet1/0/4 port access vlan 2 dhcp-snooping trust # interface GigabitEthernet1/0/5 port access vlan 3 dhcp-snooping trust # interface GigabitEthernet1/0/6 port access vlan 3 dhcp-snooping trust # interface GigabitEthernet1/0/7 port access vlan 4 dhcp-snooping trust # interface GigabitEthernet1/0/8 port access vlan 4 dhcp-snooping trust # interface GigabitEthernet1/0/9 port access vlan 5 dhcp-snooping trust # interface GigabitEthernet1/0/10 port access vlan 5 dhcp-snooping trust # interface GigabitEthernet1/0/11 port access vlan 6 qos apply policy 1 inbound dhcp-snooping trust # interface GigabitEthernet1/0/12 port access vlan 6 qos apply policy 1 inbound dhcp-snooping trust # interface GigabitEthernet1/0/13 port access vlan 7 dhcp-snooping trust # interface GigabitEthernet1/0/14 port access vlan 7 dhcp-snooping trust # interface GigabitEthernet1/0/15 port access vlan 8 dhcp-snooping trust # interface GigabitEthernet1/0/16 port access vlan 8 dhcp-snooping trust # interface GigabitEthernet1/0/17 port access vlan 9 dhcp-snooping trust # interface GigabitEthernet1/0/18 port access vlan 9 dhcp-snooping trust # interface GigabitEthernet1/0/19 # interface GigabitEthernet1/0/20 # interface GigabitEthernet1/0/21 port access vlan 30 # interface GigabitEthernet1/0/22 port access vlan 30 # interface GigabitEthernet1/0/23 port access vlan 40 # interface GigabitEthernet1/0/24 port access vlan 40 # interface GigabitEthernet1/0/25 shutdown # interface GigabitEthernet1/0/26 shutdown # interface GigabitEthernet1/0/27 shutdown # interface GigabitEthernet1/0/28 shutdown # ospf 1 area 0.0.0.1 network 192.168.40.240 0.0.0.15 network 192.168.2.0 0.0.0.255 network 192.168.3.0 0.0.0.255 network 192.168.4.0 0.0.0.255 network 192.168.5.0 0.0.0.255 network 192.168.6.0 0.0.0.255 network 192.168.7.0 0.0.0.255 network 192.168.8.0 0.0.0.255 network 192.168.9.0 0.0.0.255 network 172.16.0.0 0.0.0.255 network 192.168.30.0 0.0.0.255 network 172.16.100.0 0.0.0.255 # ip route-static 0.0.0.0 0.0.0.0 192.168.1.1 ip route-static 4.4.4.4 255.255.255.255 192.168.40.254 description google dns ip route-static 8.8.8.8 255.255.255.255 192.168.40.254 description google dns ip route-static 64.4.61.215 255.255.255.255 192.168.40.254 ip route-static 74.125.71.94 255.255.255.255 192.168.40.254 ip route-static 192.168.30.112 255.255.255.255 192.168.30.254 ip route-static 203.208.46.146 255.255.255.255 192.168.40.254 # snmp-agent snmp-agent local-engineid 800063A2035866BA917F11 snmp-agent community write public snmp-agent sys-info version all # dhcp server forbidden-ip 192.168.2.1 192.168.2.10 dhcp server forbidden-ip 192.168.2.200 192.168.2.254 dhcp server forbidden-ip 192.168.3.200 192.168.3.254 dhcp server forbidden-ip 192.168.4.1 192.168.4.10 dhcp server forbidden-ip 192.168.4.200 192.168.4.254 dhcp server forbidden-ip 192.168.3.1 192.168.3.10 dhcp server forbidden-ip 192.168.5.1 192.168.5.10 dhcp server forbidden-ip 192.168.5.200 192.168.5.254 dhcp server forbidden-ip 192.168.6.1 192.168.6.10 dhcp server forbidden-ip 192.168.6.200 192.168.6.254 dhcp server forbidden-ip 192.168.7.1 192.168.7.10 dhcp server forbidden-ip 192.168.7.200 192.168.7.254 dhcp server forbidden-ip 192.168.8.1 192.168.8.10 dhcp server forbidden-ip 192.168.8.200 192.168.8.254 dhcp server forbidden-ip 192.168.9.1 192.168.9.10 dhcp server forbidden-ip 192.168.9.200 192.168.9.254 # dhcp enable # ssh server enable ssh client source interface LoopBack0 ssh user admin service-type stelnet authentication-type password ssh client authentication server 192.168.4.254 assign publickey 192.168.4.254 # user-interface aux 0 8 user-interface vty 0 4 authentication-mode scheme user privilege level 3 # return