贴一个配置,M20城域网
*敏感信息已处理*
[email=junmana@4ju-m20]junmana@4ju-m20[/email]> show configuration
version 5.5R4.3;
system {----------------->>帐户设置
host-name 4ju-m20;
ports {
console type vt100;
}
name-server {
202.98.0.68;
}
login {
message "Welcome to use M20";
class read-only-local {
idle-timeout 5;
permissions [ interface view ];
}
class route_only {
idle-timeout 5;
permissions [ configure network routing routing-control view ];
}
class superuser-local {
idle-timeout 10;
permissions all;
}
user jladmin {
uid 2006;
class superuser;
authentication {
encrypted-password "$1$Z5mSAdhO$3BD8qXiT9tEsH8Bgh0w2P1"; # SECRET-DATA
}
}
user junmana {
uid 2002;
class superuser;
authentication {
encrypted-password "$1$mAsBzGrW$.a2h.9ke/5M1lC/C.ehSp1"; # SECRET-DATA
}
}
user opt {
uid 2005;
class read-only;
authentication {
encrypted-password "$1$xjl2.$No72IDI65ErcSta75NSPJ."; # SECRET-DATA
}
}
}
services {
telnet;
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
}
}
chassis {--------------------->>>冗余设置,graceful-switchover设置
redundancy {
routing-engine 0 backup;
routing-engine 1 master;
ssb 1 preferred;
failover on-loss-of-keepalives;
}
fpc 0 {
pic 0 {
framing sdh;
}
}
fpc 1 {
pic 0 {
framing sdh;
}
}
fpc 2 {
pic 0 {
framing sdh;
}
}
alarm {
management-ethernet {
link-down ignore;
}
}
}
interfaces {-------------------->>>接口设置
so-0/0/0 {
description connect-to-jlgsr;
clocking internal;
encapsulation ppp;
sonet-options {
fcs 32;
}
unit 0 {
family inet {
filter {
input no-udp-143X;
output no-tcp;
}
address 218.27.127.134/30;
}
family mpls;
}
}
so-1/0/0 {
description connect-to-2ju-m20;
encapsulation ppp;
unit 0 {
family inet {
filter {
input game;
}
address 218.27.127.138/30;
}
family mpls;
}
}
so-2/0/0 {
description connect-5ju-m20;
unit 0 {
family inet {
address 218.27.127.145/30;
}
family mpls;
}
}
ge-3/0/0 {
description connet-to-4ju-8016;
mtu 1548;
unit 0 {
family inet {
filter {
input game;
}
address 221.8.191.66/30;
}
family mpls;
}
}
fe-3/1/0 {
description connect-4ju-7500;
unit 0 {
family inet {
filter {
input no-udp-143X;
}
address 218.27.127.233/30;
}
}
}
fe-3/1/2 {
description connect-to-4ju-Ne16-01;
link-mode full-duplex;
unit 0 {
family inet {
filter {
input no-udp-143X;
}
address 218.27.130.245/30;
}
}
}
fe-3/1/3 {
description connect-to-4ju-Ne16-02;
link-mode full-duplex;
unit 0 {
family inet {
filter {
input no-udp-143X;
}
address 218.27.130.241/30;
}
}
}
ge-3/2/0 {
description connect-to-6ju-8016;
mtu 1548;
unit 0 {
family inet {
filter {
input game;
}
address 221.8.191.198/30;
}
family mpls;
}
}
fxp0 {
unit 0 {
family inet {
address 10.0.0.1/24;
}
}
}
lo0 {
unit 0 {
family inet {
filter {
input re-protect;
}
address 127.0.0.1/32;
address 218.27.127.15/32;
}
}
}
}
snmp {
community junM20mana {
authorization read-only;
}
}
routing-options {
interface-routes {
rib-group inet dirrect;
}
rib-groups {--------------------->>因为有一个策略路由,是给一个特定用户用的,所以rib-gro up是需要的
dirrect {
import-rib [ game-fbf.inet.0 inet.0 ];
}
}
}
protocols {
mpls {
interface so-2/0/0.0;
interface so-1/0/0.0;
interface so-3/0/0.0;
interface so-3/2/0.0;
interface so-0/0/0.0;
}
ospf {
export [ redistribute-static redistribute-connect ];
area 0.0.0.0 {
interface so-0/0/0.0;
}
area 0.0.0.32 {
interface so-1/0/0.0 {
metric 50;
}
interface so-2/0/0.0 {
metric 50;
}
interface ge-3/2/0.0 {
metric 20;
}
interface ge-3/0/0.0 {
metric 20;
}
interface ge-3/1/0.0;
}
}
ldp {
interface so-0/0/0.0;
interface so-1/0/0.0;
interface so-2/0/0.0;
interface ge-3/0/0.0;
interface ge-3/2/0.0;
interface lo0.0;
}
}
policy-options {
policy-statement redistribute-static {
from protocol static;
then {
external {
type 1;
}
accept;
}
}
policy-statement redistribute-connect {
from protocol direct;
then {
external {
type 1;
}
accept;
}
}
}
firewall {
filter re-protect {
term allow-telnet {
from {
source-address {
218.27.127.137/32;
218.27.127.141/32;
218.27.127.146/32;
202.111.168.128/26;
221.8.191.0/24;
61.52.71.0/24;
}
protocol tcp;
destination-port telnet;
}
then accept;
}
term deny-telnet {
from {
protocol tcp;
destination-port telnet;
}
then {
reject;
}
}
term allow-all {
then accept;
}
}
filter ipfragment-DOS {
policer p1 { # Warning: 'policer' is deprecated
if-exceeding {
bandwidth-limit 128k;
burst-size-limit 10k;
}
then discard;
}
term term1 {
from {
is-fragment;
fragment-offset-except 0x00;
protocol icmp;
}
then {
count icmp-count;
discard;
}
}
term term2 {
from {
destination-address {
218.27.72.0/24;
}
is-fragment;
fragment-offset-except 0x00;
}
then {
policer p1;
accept;
}
}
term term3 {
then accept;
}
}
filter no-udp-143X {
term deny-udp {
from {
address {
218.27.175.30/32 except;
}
protocol udp;
destination-port [ 1433 1434 1438 ];
}
then {
count Deny-143X;
discard;
}
}
term allow-all {
then accept;
}
}
filter no-tcp {
term deny-tcp {
from {
protocol tcp;
destination-port [ 5554 9996 139 445 ];
}
then {
count Deny-tcp;
discard;
}
}
term allow-all {
then accept;
}
}
filter game {
term game-source {
from {
source-address {
202.111.168.166/32;
202.111.168.163/32;
}
destination-address {
202.104.129.0/24;
61.129.75.0/24;
219.153.29.0/24;
218.91.255.0/24;
61.177.216.0/24;
219.149.248.0/24;
204.251.15.0/24;
202.108.27.3/32;
221.231.129.0/24;
221.231.130.0/24;
221.231.131.0/24;
218.30.74.0/24;
61.172.251.0/24;
61.152.144.0/24;
61.152.146.0/24;
61.152.101.0/24;
61.152.151.0/24;
}
}
then routing-instance game-fbf;
}
term others {
then accept;
}
}
filter denydip {
term dip {
from {
destination-address {
210.22.25.29/32;
}
}
then discard;
}
term other {
then accept;
}
}
}
routing-instances {
game-fbf {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0 next-hop 218.27.130.242;
}
}
}
}
[email=junmana@4ju-m20]junmana@4ju-m20[/email]>
2001-2007 Comsenz Inc.
