某市级银行数据中心广域网接入区技术规划及配置——配置脚本(4)
AR13
sysname AR13
#
board add 0/4 2SA
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
acl number 2000
rule 5 permit source 220.200.0.1 0.0.15.254
acl number 2001
rule 5 permit source 220.200.0.0 0.0.15.254
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface Serial4/0/0
link-protocol ppp
ppp chap user XGang
ppp chap password cipher %$%$(23h6}-ScNP4d$SJ{,$>,A}G%$%$
ip address 176.0.132.2 255.255.255.252
#
interface Serial4/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 10.0.134.13 255.255.255.0
ospf network-type p2p
#
interface GigabitEthernet0/0/1
ip address 10.0.136.13 255.255.255.0
ospf cost 5
ospf network-type p2p
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 13.13.13.13 255.255.255.255
#
bgp 65200
peer 15.15.15.15 as-number 65200
peer 15.15.15.15 connect-interface LoopBack0
peer 176.0.132.1 as-number 65001
#
ipv4-family unicast
undo synchronization
network 220.200.3.30 255.255.255.255
network 220.200.3.31 255.255.255.255
network 220.200.3.32 255.255.255.255
network 220.200.3.33 255.255.255.255
network 220.200.3.34 255.255.255.255
network 220.200.3.35 255.255.255.255
network 220.200.3.36 255.255.255.255
network 220.200.3.37 255.255.255.255
network 220.200.3.38 255.255.255.255
network 220.200.3.39 255.255.255.255
network 220.200.4.40 255.255.255.255
network 220.200.4.41 255.255.255.255
network 220.200.4.42 255.255.255.255
network 220.200.4.43 255.255.255.255
network 220.200.4.44 255.255.255.255
network 220.200.4.45 255.255.255.255
network 220.200.4.46 255.255.255.255
network 220.200.4.47 255.255.255.255
network 220.200.4.48 255.255.255.255
network 220.200.4.49 255.255.255.255
peer 15.15.15.15 enable
peer 15.15.15.15 next-hop-local
peer 15.15.15.15 advertise-community
peer 176.0.132.1 enable
peer 176.0.132.1 route-policy fabu export
peer 176.0.132.1 advertise-community
#
ospf 1 router-id 10.13.13.13
filter-policy route-policy jujue import
import-route bgp route-policy btoo
area 0.0.0.0
network 10.0.134.0 0.0.0.255
network 10.0.136.0 0.0.0.255
network 13.13.13.13 0.0.0.0
#
route-policy fabu permit node 10
if-match acl 2000
apply cost 50
apply community 200:1
#
route-policy fabu permit node 20
if-match acl 2001
apply cost 100
apply community 200:2
#
route-policy btoo permit node 10
if-match community-filter 100
apply cost 10
apply tag 100
#
route-policy btoo permit node 20
if-match community-filter 120
apply cost 20
apply tag 100
#
route-policy jujue deny node 10
if-match tag 100
#
route-policy jujue permit node 10000
#
ip community-filter 100 permit :1
ip community-filter 120 permit :2
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
AR14
sysname AR14
#
board add 0/1 1GEC
board add 0/2 1GEC
board add 0/3 1GEC
board add 0/4 1GEC
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.0.134.14 255.255.255.0
ospf network-type p2p
#
interface GigabitEthernet0/0/1
ip address 10.0.145.14 255.255.255.0
ospf network-type p2p
#
interface GigabitEthernet0/0/2
ip address 20.0.143.2 255.255.255.252
ospf network-type p2p
#
interface GigabitEthernet1/0/0
ip address 20.0.144.2 255.255.255.252
ospf network-type p2p
#
interface GigabitEthernet2/0/0
#
interface GigabitEthernet3/0/0
#
interface GigabitEthernet4/0/0
#
interface NULL0
#
ospf 1 router-id 10.14.14.14
area 0.0.0.0
network 10.0.134.0 0.0.0.255
network 10.0.145.0 0.0.0.255
area 0.0.0.1
network 20.0.143.0 0.0.0.3
network 20.0.144.0 0.0.0.3
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
AR15
sysname AR15
#
board add 0/4 2SA
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
acl number 2000
rule 5 permit source 220.200.0.1 0.0.15.254
acl number 2001
rule 5 permit source 220.200.0.0 0.0.15.254
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface Serial4/0/0
link-protocol ppp
ppp chap user XGang
ppp chap password cipher %$%$H%|1+vFc:/2)R#'yu}&S,A1E%$%$
ip address 176.0.144.2 255.255.255.252
#
interface Serial4/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 10.0.156.15 255.255.255.0
ospf network-type p2p
#
interface GigabitEthernet0/0/1
ip address 10.0.145.15 255.255.255.0
ospf network-type p2p
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 15.15.15.15 255.255.255.255
#
bgp 65200
peer 13.13.13.13 as-number 65200
peer 13.13.13.13 connect-interface LoopBack0
peer 176.0.144.1 as-number 65001
#
ipv4-family unicast
undo synchronization
network 220.200.3.30 255.255.255.255
network 220.200.3.31 255.255.255.255
network 220.200.3.32 255.255.255.255
network 220.200.3.33 255.255.255.255
network 220.200.3.34 255.255.255.255
network 220.200.3.35 255.255.255.255
network 220.200.3.36 255.255.255.255
network 220.200.3.37 255.255.255.255
network 220.200.3.38 255.255.255.255
network 220.200.3.39 255.255.255.255
network 220.200.4.40 255.255.255.255
network 220.200.4.41 255.255.255.255
network 220.200.4.42 255.255.255.255
network 220.200.4.43 255.255.255.255
network 220.200.4.44 255.255.255.255
network 220.200.4.45 255.255.255.255
network 220.200.4.46 255.255.255.255
network 220.200.4.47 255.255.255.255
network 220.200.4.48 255.255.255.255
network 220.200.4.49 255.255.255.255
peer 13.13.13.13 enable
peer 13.13.13.13 next-hop-local
peer 13.13.13.13 advertise-community
peer 176.0.144.1 enable
peer 176.0.144.1 route-policy fabu export
peer 176.0.144.1 advertise-community
#
ospf 1 router-id 10.15.15.15
filter-policy route-policy jujue import
import-route bgp route-policy btoo
area 0.0.0.0
network 10.0.145.0 0.0.0.255
network 10.0.156.0 0.0.0.255
network 15.15.15.15 0.0.0.0
#
route-policy fabu permit node 10
if-match acl 2001
apply cost 50
apply community 200:2
#
route-policy fabu permit node 20
if-match acl 2000
apply cost 100
apply community 200:1
#
route-policy btoo permit node 10
if-match community-filter 120
apply cost 10
apply tag 100
#
route-policy btoo permit node 20
if-match community-filter 100
apply cost 20
apply tag 100
#
route-policy jujue deny node 10
if-match tag 100
#
route-policy jujue permit node 10000
#
ip community-filter 100 permit :1
ip community-filter 120 permit :2
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
AR16
sysname AR16
#
board add 0/1 1GEC
board add 0/2 1GEC
board add 0/3 1GEC
board add 0/4 1GEC
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.0.136.16 255.255.255.0
ospf network-type p2p
#
interface GigabitEthernet0/0/1
ip address 10.0.156.16 255.255.255.0
ospf network-type p2p
#
interface GigabitEthernet0/0/2
ip address 20.0.163.2 255.255.255.252
ospf network-type p2p
#
interface GigabitEthernet1/0/0
ip address 20.0.164.2 255.255.255.252
ospf network-type p2p
#
interface GigabitEthernet2/0/0
#
interface GigabitEthernet3/0/0
#
interface GigabitEthernet4/0/0
#
interface NULL0
#
ospf 1 router-id 10.16.16.16
area 0.0.0.0
network 10.0.136.0 0.0.0.255
network 10.0.156.0 0.0.0.255
area 0.0.0.1
network 20.0.163.0 0.0.0.3
network 20.0.164.0 0.0.0.3
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return