某市级银行数据中心广域网接入区技术规划及配置——配置脚本(1)
AR1
sysname AR1
#
board add 0/1 1GEC
board add 0/2 1GEC
board add 0/3 1GEC
board add 0/4 1GEC
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.0.14.1 255.255.255.0
ospf cost 5
ospf network-type p2p
#
interface GigabitEthernet0/0/1
ip address 10.0.12.1 255.255.255.0
ospf network-type p2p
#
interface GigabitEthernet0/0/2
ip address 20.0.11.2 255.255.255.252
ospf network-type p2p
#
interface GigabitEthernet1/0/0
ip address 20.0.12.2 255.255.255.252
ospf network-type p2p
#
interface GigabitEthernet2/0/0
#
interface GigabitEthernet3/0/0
#
interface GigabitEthernet4/0/0
#
interface NULL0
#
ospf 1 router-id 10.1.1.1
area 0.0.0.0
network 10.0.12.0 0.0.0.255
network 10.0.14.0 0.0.0.255
area 0.0.0.1
network 20.0.11.0 0.0.0.3
network 20.0.12.0 0.0.0.3
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
AR2
sysname AR2
#
board add 0/1 2SA
board add 0/2 2SA
board add 0/3 2SA
board add 0/4 2SA
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
acl number 2000
rule 5 permit source 220.1.0.1 0.0.15.254
acl number 2001
rule 5 permit source 220.1.0.0 0.0.15.254
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
local-user XGang password cipher %$%$3}_JLVWTa8f1YvN]Q&BCcupv%$%$
local-user XGang service-type ppp
#
firewall zone Local
priority 15
#
interface Serial1/0/0
link-protocol ppp
ppp authentication-mode chap
ip address 176.0.132.1 255.255.255.252
#
interface Serial1/0/1
link-protocol ppp
#
interface Serial2/0/0
link-protocol ppp
ppp authentication-mode chap
ip address 176.0.25.1 255.255.255.252
#
interface Serial2/0/1
link-protocol ppp
#
interface Serial3/0/0
link-protocol ppp
ppp authentication-mode chap
ip address 176.0.29.1 255.255.255.252
#
interface Serial3/0/1
link-protocol ppp
#
interface Serial4/0/0
link-protocol ppp
#
interface Serial4/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 10.0.23.2 255.255.255.0
ospf cost 5
ospf network-type p2p
#
interface GigabitEthernet0/0/1
ip address 10.0.12.2 255.255.255.0
ospf network-type p2p
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
bgp 65001
peer 4.4.4.4 as-number 65001
peer 4.4.4.4 connect-interface LoopBack0
peer 176.0.25.2 as-number 65201
peer 176.0.29.2 as-number 65202
peer 176.0.132.2 as-number 65200
#
ipv4-family unicast
undo synchronization
network 220.1.1.10 255.255.255.255
network 220.1.1.11 255.255.255.255
network 220.1.1.12 255.255.255.255
network 220.1.1.13 255.255.255.255
network 220.1.1.14 255.255.255.255
network 220.1.1.15 255.255.255.255
network 220.1.1.16 255.255.255.255
network 220.1.1.17 255.255.255.255
network 220.1.1.18 255.255.255.255
network 220.1.1.19 255.255.255.255
network 220.1.2.20 255.255.255.255
network 220.1.2.21 255.255.255.255
network 220.1.2.22 255.255.255.255
network 220.1.2.23 255.255.255.255
network 220.1.2.24 255.255.255.255
network 220.1.2.25 255.255.255.255
network 220.1.2.26 255.255.255.255
network 220.1.2.27 255.255.255.255
network 220.1.2.28 255.255.255.255
network 220.1.2.29 255.255.255.255
peer 4.4.4.4 enable
peer 4.4.4.4 next-hop-local
peer 4.4.4.4 advertise-community
peer 176.0.25.2 enable
peer 176.0.25.2 route-policy xuanlu import
peer 176.0.25.2 route-policy fabu export
peer 176.0.25.2 advertise-community
peer 176.0.29.2 enable
peer 176.0.29.2 route-policy xuanlu import
peer 176.0.29.2 route-policy fabu export
peer 176.0.29.2 advertise-community
peer 176.0.132.2 enable
peer 176.0.132.2 route-policy xuanlu import
peer 176.0.132.2 route-policy fabu export
peer 176.0.132.2 advertise-community
#
ospf 1 router-id 10.2.2.2
filter-policy route-policy jujue import
import-route bgp route-policy btoo
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.0.12.0 0.0.0.255
network 10.0.23.0 0.0.0.255
#
route-policy fabu permit node 10
if-match acl 2000
apply cost 50
apply community 1:1
#
route-policy fabu permit node 20
if-match acl 2001
apply cost 100
apply community 2:2
#
route-policy fabu permit node 30
if-match community-filter 100
apply cost 50
#
route-policy fabu permit node 40
if-match community-filter 120
apply cost 100
#
route-policy xuanlu permit node 10
if-match community-filter 100
apply local-preference 200
#
route-policy xuanlu permit node 20
if-match community-filter 120
apply local-preference 150
#
route-policy btoo permit node 10
if-match community-filter 100
apply cost 10
apply tag 100
#
route-policy btoo permit node 20
if-match community-filter 120
apply cost 20
apply tag 100
#
route-policy jujue deny node 10
if-match tag 100
#
route-policy jujue permit node 10000
#
ip community-filter 100 permit :1
ip community-filter 120 permit :2
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
AR3
sysname AR3
#
board add 0/1 1GEC
board add 0/2 1GEC
board add 0/3 1GEC
board add 0/4 1GEC
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.0.23.3 255.255.255.0
ospf cost 5
ospf network-type p2p
#
interface GigabitEthernet0/0/1
ip address 10.0.34.3 255.255.255.0
ospf network-type p2p
#
interface GigabitEthernet0/0/2
ip address 20.0.13.2 255.255.255.252
ospf network-type p2p
#
interface GigabitEthernet1/0/0
ip address 20.0.23.2 255.255.255.252
ospf network-type p2p
#
interface GigabitEthernet2/0/0
#
interface GigabitEthernet3/0/0
#
interface GigabitEthernet4/0/0
#
interface NULL0
#
ospf 1 router-id 10.3.3.3
area 0.0.0.0
network 10.0.23.0 0.0.0.255
network 10.0.34.0 0.0.0.255
area 0.0.0.1
network 20.0.13.0 0.0.0.3
network 20.0.23.0 0.0.0.3
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
AR4
sysname AR4
#
board add 0/1 2SA
board add 0/2 2SA
board add 0/3 2SA
board add 0/4 2SA
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
acl number 2000
rule 5 permit source 220.1.0.1 0.0.15.254
acl number 2001
rule 5 permit source 220.1.0.0 0.0.15.254
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
local-user XGang password cipher %$%$s..ZG#|K^M<>tmL{V!YNcv6J%$%$
local-user XGang service-type ppp
#
firewall zone Local
priority 15
#
interface Serial1/0/0
link-protocol ppp
ppp authentication-mode chap
ip address 176.0.144.1 255.255.255.252
#
interface Serial1/0/1
link-protocol ppp
#
interface Serial2/0/0
link-protocol ppp
ppp authentication-mode chap
ip address 176.0.47.1 255.255.255.252
#
interface Serial2/0/1
link-protocol ppp
#
interface Serial3/0/0
link-protocol ppp
ppp authentication-mode chap
ip address 176.0.114.1 255.255.255.252
#
interface Serial3/0/1
link-protocol ppp
#
interface Serial4/0/0
link-protocol ppp
#
interface Serial4/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 10.0.14.4 255.255.255.0
ospf cost 5
ospf network-type p2p
#
interface GigabitEthernet0/0/1
ip address 10.0.34.4 255.255.255.0
ospf network-type p2p
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
bgp 65001
peer 2.2.2.2 as-number 65001
peer 2.2.2.2 connect-interface LoopBack0
peer 176.0.47.2 as-number 65201
peer 176.0.114.2 as-number 65202
peer 176.0.144.2 as-number 65200
#
ipv4-family unicast
undo synchronization
network 220.1.1.10 255.255.255.255
network 220.1.1.11 255.255.255.255
network 220.1.1.12 255.255.255.255
network 220.1.1.13 255.255.255.255
network 220.1.1.14 255.255.255.255
network 220.1.1.15 255.255.255.255
network 220.1.1.16 255.255.255.255
network 220.1.1.17 255.255.255.255
network 220.1.1.18 255.255.255.255
network 220.1.1.19 255.255.255.255
network 220.1.2.20 255.255.255.255
network 220.1.2.21 255.255.255.255
network 220.1.2.22 255.255.255.255
network 220.1.2.23 255.255.255.255
network 220.1.2.24 255.255.255.255
network 220.1.2.25 255.255.255.255
network 220.1.2.26 255.255.255.255
network 220.1.2.27 255.255.255.255
network 220.1.2.28 255.255.255.255
network 220.1.2.29 255.255.255.255
peer 2.2.2.2 enable
peer 2.2.2.2 next-hop-local
peer 2.2.2.2 advertise-community
peer 176.0.47.2 enable
peer 176.0.47.2 route-policy xuanlu import
peer 176.0.47.2 route-policy fabu export
peer 176.0.47.2 advertise-community
peer 176.0.114.2 enable
peer 176.0.114.2 route-policy xuanlu import
peer 176.0.114.2 route-policy fabu export
peer 176.0.114.2 advertise-community
peer 176.0.144.2 enable
peer 176.0.144.2 route-policy xuanlu import
peer 176.0.144.2 route-policy fabu export
peer 176.0.144.2 advertise-community
#
ospf 1 router-id 10.4.4.4
filter-policy route-policy jujue import
import-route bgp route-policy btoo
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 10.0.14.0 0.0.0.255
network 10.0.34.0 0.0.0.255
#
route-policy fabu permit node 10
if-match acl 2001
apply cost 50
apply community 2:2
#
route-policy fabu permit node 20
if-match acl 2000
apply cost 100
apply community 1:1
#
route-policy fabu permit node 30
if-match community-filter 120
apply cost 50
#
route-policy fabu permit node 40
if-match community-filter 100
apply cost 100
#
route-policy xuanlu permit node 10
if-match community-filter 120
apply local-preference 200
#
route-policy xuanlu permit node 20
if-match community-filter 100
apply local-preference 150
#
route-policy btoo permit node 10
if-match community-filter 120
apply cost 10
apply tag 100
#
route-policy btoo permit node 20
if-match community-filter 100
apply cost 20
apply tag 100
#
route-policy jujue deny node 10
if-match tag 100
#
route-policy jujue permit node 10000
#
ip community-filter 100 permit :1
ip community-filter 120 permit :2
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
扫一扫
1270
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
