sy
sysname AR-3200
http timeout 3
web-auth-server version v2
ACl 配置
rule 0 permit source 192.168.0.0 0.0.0.255
rule 1 permit source 192.168.1.0 0.0.0.255
rule 2 permit source 192.168.2.0 0.0.0.255
rule 3 permit source 192.168.3.0 0.0.0.255
rule 4 permit source 192.168.4.0 0.0.0.255
rule 5 permit source 192.168.5.0 0.0.0.255
rule 6 permit source 192.168.6.0 0.0.0.255
rule 7 permit source 192.168.7.0 0.0.0.255
rule 8 permit source 192.168.8.0 0.0.0.255
rule 10 permit source 192.168.10.0 0.0.0.255
rule 11 permit source 1.1.1.0 0.0.0.255
firewall zone Local
priority 64
interface Virtual-Template1
ppp authentication-mode chap
remote address pool 1
ip address 10.1.1.1 255.255.255.0
interface GigabitEthernet0/0/0
ip address 192.168.6.1 255.255.255.0
interface GigabitEthernet0/0/1
ip address 192.168.31.1 255.255.255.224
nat outbound 2000
interface GigabitEthernet0/0/2
ip address 192.168.32.1 255.255.255.248
nat outbound 2000
VPN配置
l2tp enable
l2tp-group 10
undo tunnel authentication
allow l2tp virtual-template 1
tunnel name lns
ip route-static 0.0.0.0 0.0.0.0 192.168.31.2
ip route-static 0.0.0.0 0.0.0.0 192.168.32.1
ip route-static 1.1.1.1.0 255.255.255.0 192.168.6.2
ip route-static 192.168.1.0 255.255.255.0 192.168.6.2
ip route-static 192.168.2.0 255.255.255.0 192.168.6.2
ip route-static 192.168.3.0 255.255.255.0 192.168.6.2
ip route-static 192.168.4.0 255.255.255.0 192.168.6.2
ip route-static 192.168.5.0 255.255.255.0 192.168.6.2
ip route-static 192.168.6.0 255.255.255.0 192.168.6.2
ip route-static 192.168.7.0 255.255.255.0 192.168.6.2
ip route-static 192.168.8.0 255.255.255.0 192.168.6.2
ip route-static 192.168.10.0 255.255.255.0 192.168.6.2
SSH登录配置
本地RSA密钥对
rsa local-key-pair create
2048
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher Admin@123
local-user admin privilege level 15
local-user admin service-type telnet ssh ppp web
local-user huawei01 password cipher Admin@123
user-interface con 0
authentication-mode password
set authentication password cipher Admin@123
stelnet server enable
ssh server port 22
ssh user huawei01 authentication-type password
user-interface vty 0 4
authentication-mode aaa
user privilege level 15
protocol inbound all
display users 查看用户登录情况
display interface brief 查看所有接口状态
display version 查看设备信息
save