The device is running!
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys AR1
[AR1]int g0/0/1
[AR1-GigabitEthernet0/0/1]ip address 10.0.11.11 24
[AR1-GigabitEthernet0/0/1]q
[AR1]ip route-static 0.0.0.0 0.0.0.0 10.0.11.1
<AR1>ping -c 10 10.0.12.2
PING 10.0.12.2: 56 data bytes, press CTRL_C to break
Reply from 10.0.12.2: bytes=56 Sequence=1 ttl=254 time=80 ms
Reply from 10.0.12.2: bytes=56 Sequence=2 ttl=254 time=60 ms
Reply from 10.0.12.2: bytes=56 Sequence=3 ttl=254 time=60 ms
Reply from 10.0.12.2: bytes=56 Sequence=4 ttl=254 time=60 ms
Reply from 10.0.12.2: bytes=56 Sequence=5 ttl=254 time=60 ms
Reply from 10.0.12.2: bytes=56 Sequence=6 ttl=254 time=100 ms
Reply from 10.0.12.2: bytes=56 Sequence=7 ttl=254 time=70 ms
Reply from 10.0.12.2: bytes=56 Sequence=8 ttl=254 time=80 ms
Reply from 10.0.12.2: bytes=56 Sequence=9 ttl=254 time=60 ms
Reply from 10.0.12.2: bytes=56 Sequence=10 ttl=254 time=90 ms
Reply from 10.0.12.2: bytes=56 Sequence=11 ttl=254 time=80 ms
Reply from 10.0.12.2: bytes=56 Sequence=12 ttl=254 time=60 ms
Reply from 10.0.12.2: bytes=56 Sequence=13 ttl=254 time=50 ms
--- 10.0.12.2 ping statistics ---
100 packet(s) transmitted
100 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/74/110 ms
[AR1]ftp server en
[AR1]aaa
[AR1-aaa]local-user ftp service-type ftp
Info: Add a new user.
[AR1-aaa]local-user ftp password cipher huawei@123
[AR1-aaa]local-user ftp privilege level 15
[AR1-aaa]local-user ftp ftp-directory flash:
[AR1-aaa]q
[AR1]q
<AR1>ping 10.0.12.2
PING 10.0.12.2: 56 data bytes, press CTRL_C to break
Reply from 10.0.12.2: bytes=56 Sequence=1 ttl=254 time=90 ms
Reply from 10.0.12.2: bytes=56 Sequence=2 ttl=254 time=90 ms
Reply from 10.0.12.2: bytes=56 Sequence=3 ttl=254 time=80 ms
Reply from 10.0.12.2: bytes=56 Sequence=4 ttl=254 time=70 ms
Reply from 10.0.12.2: bytes=56 Sequence=5 ttl=254 time=40 ms
--- 10.0.12.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 40/74/90 ms
<AR1>save
The current configuration will be written to the device.
Are you sure to continue? (y/n)[n]:y
It will take several minutes to save configuration file, please wait.......
Configuration file had been saved successfully
Note: The configuration file will take effect after being activated
AR2
The device is running!
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys AR2
[AR2]int g0/0/2
[AR2-GigabitEthernet0/0/2]ip address 10.0.12.2 2
[AR2-GigabitEthernet0/0/2]q
[AR2]q
<AR2>ftp 10.0.12.1
Trying 10.0.12.1 ...
Press CTRL+K to abort
Connected to 10.0.12.1.
220 FTP service ready.
User(10.0.12.1:(none)):ftp
331 Password required for ftp.
Enter password:Admin@123
230 User logged in.
[AR2-ftp]dir
200 Port command okay.
150 Opening ASCII mode data connection for *.
drwxrwxrwx 1 noone nogroup 0 Aug 02 06:08 dhcp
-rwxrwxrwx 1 noone nogroup 121802 May 26 2014 portalpage.zip
-rwxrwxrwx 1 noone nogroup 2263 Aug 02 06:07 statemach.efs
-rwxrwxrwx 1 noone nogroup 828482 May 26 2014 sslvpn.zip
drwxrwxrwx 1 noone nogroup 0 Aug 02 06:08 .
226 Transfer complete.
FTP: 327 byte(s) received in 0.110 second(s) 2.97Kbyte(s)/sec.
[AR2-ftp]q
<AR2>save
The current configuration will be written to the device.
Are you sure to continue? (y/n)[n]:y
It will take several minutes to save configuration file, please wait.......
Configuration file had been saved successfully
Note: The configuration file will take effect after being activated
LSW1
The device is running!
<Huawei>system
Enter system view, return user view with Ctrl+Z.
[Huawei]sys LSW1
[LSW1]un in en
Info: Information center is disabled.
[LSW1]vlan 10
[LSW1-vlan10]description DMZ
[LSW1-vlan10]q
[LSW1]int g0/0/1
[LSW1-GigabitEthernet0/0/1]port link-type access
[LSW1-GigabitEthernet0/0/1]port default vlan 10
[LSW1-GigabitEthernet0/0/1]q
[LSW1]int g0/0/3
[LSW1-GigabitEthernet0/0/3]port link-type access
[LSW1-GigabitEthernet0/0/3]port default vlan 10
[LSW1-GigabitEthernet0/0/3]q
[LSW1]vlan 20
[LSW1-vlan20]description Untrust
[LSW1-vlan20]q
[LSW1]int g0/0/2
[LSW1-GigabitEthernet0/0/2]port link-type access
[LSW1-GigabitEthernet0/0/2]port default vlan 20
[LSW1-GigabitEthernet0/0/2]q
[LSW1]int g0/0/4
[LSW1-GigabitEthernet0/0/4]port link-type access
[LSW1-GigabitEthernet0/0/4]port default vlan 20
[LSW1-GigabitEthernet0/0/4]q
[LSW1]q
<LSW1>save
The current configuration will be written to the device.
Are you sure to continue?[Y/N]y
Info: Please input the file name ( *.cfg, *.zip ) [vrpcfg.zip]:
Now saving the current configuration to the slot 0.
Save the configuration successfully.
FW1
The device is running!
Press any key to get started
Recover configuration begin ...
Recover configuration end
Press ENTER to get started.
An initial password is required for the first login via the console.
Set a password and keep it safe. Otherwise you will not be able to login via the
console.
Please configure the login password (8-16)
Enter Password:Admin@123
Confirm Password:Admin@123
Warning: The authentication mode was changed to password authentication and the
user level was changed to 15 on con0 at the first user login.
Warning: There is a risk on the user-interface which you login through. Please c
hange the configuration of the user-interface as soon as possible.
*************************************************************************
* Copyright (C) 2014-2015 Huawei Technologies Co., Ltd. *
* All rights reserved. *
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
*************************************************************************
<USG6000V1>sys
Enter system view, return user view with Ctrl+Z.
[USG6000V1]sys FW1
[FW1]un in en
Info: Information center is disabled.
[FW1]int g1/0/1
[FW1-GigabitEthernet1/0/1]ip address 10.0.11.1 24
[FW1-GigabitEthernet1/0/1]q
[FW1]int g1/0/2
[FW1-GigabitEthernet1/0/2]ip address 10.0.12.1 24
[FW1-GigabitEthernet1/0/2]q
[FW1]ip route-static 0.0.0.0 0.0.0.0 10.0.12.2
[FW1]int g1/0/1
[FW1-GigabitEthernet1/0/1]service-manage ping permit
[FW1-GigabitEthernet1/0/1]q
[FW1]int g1/0/2
[FW1-GigabitEthernet1/0/2]service-manage ping permit
[FW1-GigabitEthernet1/0/2]q
[FW1]firewall zone dmz
[FW1-zone-dmz]description DMZ
[FW1-zone-dmz]add int g1/0/1
[FW1-zone-dmz]q
[FW1]firewall zone untrust
[FW1-zone-untrust]description Untrust
[FW1-zone-untrust]add int g1/0/2
[FW1-zone-untrust]q
[FW1]security-policy
[FW1-policy-security]rule name local_to
[FW1-policy-security-rule-local_to]source-zone local
[FW1-policy-security-rule-local_to]action permit
[FW1-policy-security-rule-local_to]q
[FW1-policy-security]q
[FW1]q
<FW1>ping -c 1 10.0.11.11
PING 10.0.11.11: 56 data bytes, press CTRL_C to break
Reply from 10.0.11.11: bytes=56 Sequence=1 ttl=255 time=66 ms
--- 10.0.11.11 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 66/66/66 ms
<FW1>ping -c 1 10.0.12.2
PING 10.0.12.2: 56 data bytes, press CTRL_C to break
Reply from 10.0.12.2: bytes=56 Sequence=1 ttl=255 time=54 ms
--- 10.0.12.2 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 54/54/54 ms
<FW1>sys
Enter system view, return user view with Ctrl+Z.
[FW1]nat address-group huawei
[FW1-address-group-huawei]mode pat
[FW1-address-group-huawei]route enable
[FW1-address-group-huawei]section 0 10.0.12.1 10.0.12.1
[FW1-address-group-huawei]q
[FW1]nat-policy
[FW1-policy-nat]rule name huawei
[FW1-policy-nat-rule-huawei]source-zone dmz
[FW1-policy-nat-rule-huawei]destination-zone untrust
[FW1-policy-nat-rule-huawei]source-address 10.0.11.0 24
[FW1-policy-nat-rule-huawei]action nat address-group huawei
[FW1-policy-nat-rule-huawei]q
[FW1-policy-nat]q
[FW1]nat server policy_ftp protocol tcp global 10.0.12.1 ftp inside 10.0.11.11 ftp
[FW1]firewall zone dmz
[FW1-zone-dmz]detect ftp
[FW1-zone-dmz]q
[FW1]firewall interzone dmz untrust
[FW1-interzone-dmz-untrust]detect ftp
[FW1-interzone-dmz-untrust]q
[FW1]security-policy
[FW1-policy-security]rule name DMZtoUntrust
[FW1-policy-security-rule-DMZtoUntrust]source-zone dmz
[FW1-policy-security-rule-DMZtoUntrust]destination-zone untrust
[FW1-policy-security-rule-DMZtoUntrust]source-address 10.0.11.0 24
[FW1-policy-security-rule-DMZtoUntrust]action permit
[FW1-policy-security-rule-DMZtoUntrust]q
[FW1-policy-security]rule name Untrust_DMZ
[FW1-policy-security-rule-Untrust_DMZ]source-zone untrust
[FW1-policy-security-rule-Untrust_DMZ]destination-zone dmz
[FW1-policy-security-rule-Untrust_DMZ]destination-address 10.0.11.11 32
[FW1-policy-security-rule-Untrust_DMZ]service ftp
[FW1-policy-security-rule-Untrust_DMZ]action permit
[FW1-policy-security-rule-Untrust_DMZ]q
[FW1-policy-security]q
[FW1]q
<FW1>display firewall session table verbose destination global 10.0.12.2
Current Total Sessions : 1
icmp VPN: public --> public ID: c487fd21a379050d7ce66ac7ec4
Zone: dmz --> untrust TTL: 00:00:20 Left: 00:00:19
Interface: GigabitEthernet1/0/2 NextHop: 10.0.12.2 MAC: 00e0-fcef-7aee
<--packets: 38 bytes: 3,192 --> packets: 38 bytes: 3,192
10.0.11.11:52651[10.0.12.1:2048] --> 10.0.12.2:2048 PolicyName: DMZtoUntrust
[FW1]display firewall session table verbose protocol tcp destination-port global 21
Current Total Sessions : 1
ftp VPN: public --> public ID: c487fd21a3783207dba66ac85ba
Zone: untrust --> dmz TTL: 00:20:00 Left: 00:19:58
Interface: GigabitEthernet1/0/1 NextHop: 10.0.11.11 MAC: 00e0-fc35-774e
<--packets: 9 bytes: 478 --> packets: 12 bytes: 521
10.0.12.2:49873 +-> 10.0.12.1:21[10.0.11.11:21] PolicyName: Untrust_DMZ
[FW1]display firewall server-map
Current Total Server-map : 2
Type: Nat Server, ANY -> 10.0.12.1:21[10.0.11.11:21], Zone:---, protocol:tcp
Vpn: public -> public
Type: Nat Server Reverse, 10.0.11.11[10.0.12.1] -> ANY, Zone:---, protocol:t
cp
Vpn: public -> public, counter: 1
[FW1]q
<FW1>save
The current configuration will be written to the device.
Are you sure to continue?[Y/N]y
Now saving the current configuration to the slot 0.
Save the configuration successfully.