当前版块：问答社区 > 综合讨论区

H3C无法打开web页面，我把配置贴在下面请工程师帮我看看

时间：2024-11-02 11:17 作者：新手078261 阅读：12 评论：0

dis cu

#

version 7.1.064, Release 9333P26

#

clock timezone UTC add 08:00:00

#

context Admin id 1

#

irf mac-address persistent timer

irf auto-update enable

undo irf link-delay

irf member 1 priority 32

irf member 2 priority 1

#

ospf 10

area 0.0.0.0

network 192.168.10.1 0.0.0.0

#

ip unreachables enable

ip ttl-expires enable

#

nat port-block synchronization enable

#

lldp global enable

#

password-recovery enable

#

vlan 1

#

vlan 1001

description BFD¼ì²â

#

irf-port 1/2

port group interface GigabitEthernet1/0/14

port group interface GigabitEthernet1/0/15

#

irf-port 2/1

port group interface GigabitEthernet2/0/14

port group interface GigabitEthernet2/0/15

#

object-group service ¸ßÎ£

0 service tcp destination range 135 139

10 service udp destination range 135 139

20 service tcp destination eq 445

30 service udp

40 service tcp destination eq 177

60 service tcp destination eq 593

#

policy-based-route neiwang permit node 5

if-match acl 3000

apply next-hop 58.53.167.181

#

policy-based-route neiwang permit node 10

if-match acl 3001

apply next-hop 10.10.1.1

#

interface Reth1

ip address 192.168.10.1 255.255.255.0

member interface Route-Aggregation1 priority 255

member interface Route-Aggregation2 priority 1

nat hairpin enable

#

interface Route-Aggregation1

#

interface Route-Aggregation2

#

interface NULL0

#

interface Vlan-interface1001

description BFD¼ì²â

mad bfd enable

mad ip address 192.168.101.5 255.255.255.0 member 1

mad ip address 192.168.101.6 255.255.255.0 member 2

#

interface GigabitEthernet1/0/0

port link-mode route

ip address 192.168.0.1 255.255.255.0

#

interface GigabitEthernet1/0/1

port link-mode route

ip address 1.1.1.1 255.255.255.252

#

interface GigabitEthernet1/0/2

port link-mode route

#

interface GigabitEthernet1/0/4

port link-mode route

port link-aggregation group 1

#

interface GigabitEthernet1/0/5

port link-mode route

port link-aggregation group 1

#

interface GigabitEthernet1/0/6

port link-mode route

#

interface GigabitEthernet1/0/7

port link-mode route

#

interface GigabitEthernet1/0/8

port link-mode route

#

interface GigabitEthernet1/0/9

port link-mode route

#

interface GigabitEthernet1/0/10

port link-mode route

#

interface GigabitEthernet1/0/11

port link-mode route

description ceshi

ip address 172.16.1.1 255.255.255.252

#

interface GigabitEthernet1/0/12

port link-mode route

ip address 10.10.1.2 255.255.255.0

nat outbound

#

interface GigabitEthernet1/0/13

port link-mode route

ip address 58.53.167.185 255.255.255.224

ip last-hop hold

nat outbound

#

interface GigabitEthernet1/0/16

port link-mode route

#

interface GigabitEthernet1/0/17

port link-mode route

#

interface GigabitEthernet1/0/18

port link-mode route

#

interface GigabitEthernet1/0/19

port link-mode route

#

interface GigabitEthernet1/0/20

port link-mode route

#

interface GigabitEthernet1/0/21

port link-mode route

#

interface GigabitEthernet1/0/22

port link-mode route

#

interface GigabitEthernet1/0/23

port link-mode route

#

interface GigabitEthernet2/0/0

port link-mode route

#

interface GigabitEthernet2/0/1

port link-mode route

#

interface GigabitEthernet2/0/2

port link-mode route

#

interface GigabitEthernet2/0/4

port link-mode route

port link-aggregation group 2

#

interface GigabitEthernet2/0/5

port link-mode route

port link-aggregation group 2

#

interface GigabitEthernet2/0/6

port link-mode route

#

interface GigabitEthernet2/0/7

port link-mode route

#

interface GigabitEthernet2/0/8

port link-mode route

#

interface GigabitEthernet2/0/9

port link-mode route

#

interface GigabitEthernet2/0/10

port link-mode route

#

interface GigabitEthernet2/0/11

port link-mode route

#

interface GigabitEthernet2/0/12

port link-mode route

#

interface GigabitEthernet2/0/13

port link-mode route

#

interface GigabitEthernet2/0/16

port link-mode route

#

interface GigabitEthernet2/0/17

port link-mode route

#

interface GigabitEthernet2/0/18

port link-mode route

#

interface GigabitEthernet2/0/19

port link-mode route

#

interface GigabitEthernet2/0/20

port link-mode route

#

interface GigabitEthernet2/0/21

port link-mode route

#

interface GigabitEthernet2/0/22

port link-mode route

#

interface GigabitEthernet2/0/23

port link-mode route

#

interface GigabitEthernet1/0/3

port link-mode bridge

description BFD¼ì²â

port access vlan 1001

undo stp enable

#

interface GigabitEthernet2/0/3

port link-mode bridge

description BFD¼ì²â

port access vlan 1001

undo stp enable

#

interface GigabitEthernet1/0/14

#

interface GigabitEthernet1/0/15

#

interface GigabitEthernet2/0/14

#

interface GigabitEthernet2/0/15

#

security-zone name Local

attack-defense apply policy test

#

security-zone name Trust

import interface GigabitEthernet1/0/1

import interface GigabitEthernet1/0/11

import interface Reth1

attack-defense apply policy test

#

security-zone name DMZ

#

security-zone name Untrust

import interface GigabitEthernet1/0/12

import interface GigabitEthernet1/0/13

attack-defense apply policy test

#

security-zone name Management

import interface GigabitEthernet1/0/0

#

scheduler logfile size 16

#

line class aux

user-role network-operator

#

line class console

authentication-mode scheme

user-role network-admin

#

line class usb

user-role network-operator

#

line class vty

user-role network-operator

#

line aux 0

user-role network-admin

#

line aux 1

user-role network-operator

#

line con 0 1

user-role network-admin

#

line vty 0 4

authentication-mode scheme

user-role network-admin

idle-timeout 15 0

#

line vty 5 63

authentication-mode scheme

user-role network-admin

#

snmp-agent

snmp-agent local-engineid 800063A28074504EBFD1D400000001

snmp-agent community write private

snmp-agent community read public

snmp-agent sys-info version v2c v3

snmp-agent target-host trap address udp-domain 172.20.1.101 params securityname public v2c

snmp-agent target-host trap address udp-domain 172.21.1.101 udp-port 5000 params securityname public

snmp-agent trap enable arp

snmp-agent trap enable radius

snmp-agent trap enable stp

snmp-agent trap enable syslog

#

ssh server enable

#

ntp-service enable

ntp-service unicast-server 172.20.1.101

#

acl basic 2000

description WiFi

rule 5 permit source 172.10.32.0 0.0.15.255

rule 10 permit source 172.10.16.0 0.0.15.255

#

acl basic 2001

rule 5 permit source 172.20.4.0 0.0.0.255

#

acl advanced 3000

description Ð£Ô°WiFi

rule 5 permit ip source 172.10.32.0 0.0.15.255

rule 10 permit ip source 172.10.16.0 0.0.15.255

#

acl advanced 3001

description °à°àÍ¨

rule 5 permit ip source 172.20.4.0 0.0.0.255

#

password-control enable

undo password-control aging enable

undo password-control history enable

password-control length 8

password-control login-attempt 3 exceed lock-time 30

password-control update-interval 0

#

domain system

#

domain default enable system

#

role name level-0

description Predefined level-0 role

#

role name level-1

description Predefined level-1 role

#

role name level-2

description Predefined level-2 role

#

role name level-3

description Predefined level-3 role

#

role name level-4

description Predefined level-4 role

#

role name level-5

description Predefined level-5 role

#

role name level-6

description Predefined level-6 role

#

role name level-7

description Predefined level-7 role

#

role name level-8

description Predefined level-8 role

#

role name level-9

description Predefined level-9 role

#

role name level-10

description Predefined level-10 role

#

role name level-11

description Predefined level-11 role

#

role name level-12

description Predefined level-12 role

#

role name level-13

description Predefined level-13 role

#

role name level-14

description Predefined level-14 role

#

user-group system

#

local-user admin class manage

service-type ssh terminal https

authorization-attribute user-role network-admin

password-control login-attempt 3 exceed lock-time 30

#

local-user root class manage

authorization-attribute user-role network-operator

password-control login-attempt 2 exceed lock

#

session statistics enable

session synchronization enable

session synchronization dns http

#

ipsec redundancy enable

ipsec logging negotiation enable

#

ike logging negotiation enable

#

ip https port 8443

ip https enable

webui log enable

#

blacklist global enable

#

attack-defense policy test

scan detect level medium action logging block-source

#

app-profile 1_IPv4

ips apply policy default mode protect

anti-virus apply policy default mode protect

#

app-profile 2_IPv4

ips apply policy default mode protect

anti-virus apply policy default mode protect

#

app-profile 6_IPv4

ips apply policy default mode protect

anti-virus apply policy default mode protect

#

inspect logging parameter-profile av_logging_default_parameter

#

inspect logging parameter-profile ips_logging_default_parameter

#

inspect logging parameter-profile url_logging_default_parameter

#

loadbalance isp file flash:/lbispinfo_v1.5.tp

#

traffic-policy

rule 1 name ÏÞËÙ²ßÂÔ

action qos profile ÏÞËÙÍ¨µÀ

source-zone Truns

destination-zone Untrust

profile name ÏÞËÙÍ¨µÀ

bandwidth downstream guaranteed 10000000

bandwidth downstream maximum 10000000

bandwidth upstream guaranteed 10000000

bandwidth upstream maximum 10000000

bandwidth upstream guaranteed per-ip 20480

bandwidth upstream maximum per-ip 20480

bandwidth downstream guaranteed per-ip 40960

bandwidth downstream maximum per-ip 40960

#

security-policy ip

rule 1 name trust-untrust

action pass

logging enable

counting enable

profile 1_IPv4

source-zone Trust

destination-zone Untrust

destination-zone Local

rule 2 name untrust-trust

action pass

logging enable

counting enable

profile 2_IPv4

source-zone Untrust

destination-zone Trust

destination-zone Local

service ssh

service-port tcp destination eq 8443

service-port tcp destination eq 9443

service-port tcp destination eq 22

service-port tcp destination eq 7443

service-port tcp destination eq 443

service-port tcp destination eq 65443

---- More ----%Nov 2 10:28:28:358 2024 Fxyz_JYW_FW SSHS/6/SSHS_LOG: -COntext=1; Connection closed by 79.110.62.93.

service-port tcp destination eq 9500

service-port tcp destination range 9000 9400

---- More ----%Nov 2 10:28:28:359 2024 Fxyz_JYW_FW SSHS/6/SSHS_DISCONNECT: -COntext=1; SSH user (IP: 79.110.62.93) disconnected from the server.

service-port tcp destination eq 8081

service-port tcp destination range 61616 61617

service-port tcp destination eq 50001

service-port tcp destination range 3121 3123

service-port tcp destination eq 9902

service-port tcp destination eq 8083

service-port tcp destination eq 80

service-port tcp destination eq 1935

service-port tcp destination eq 6080

service-port tcp destination range 5555 5570

service-port tcp destination eq 6060

service-port tcp destination eq 3389

service-port tcp destination eq 9022

service-port tcp destination eq 8080

service-port udp destination range 60000 65000

service-port udp destination eq 9902

rule 6 name local-any

action pass

logging enable

counting enable

profile 6_IPv4

source-zone Local

rule 7 name ¸ßÎ£¶Ë¿Ú

counting enable

source-zone Untrust

destination-zone Trust

destination-zone Local

service ¸ßÎ£

#

ips logging parameter-profile ips_logging_default_parameter

#

anti-virus logging parameter-profile av_logging_default_parameter

#

return

暂无评论