配置
程序员文章站
2022-04-23 22:09:50
...
802.1x
SW3
dot1x enable
undo dot1x handshake
dot1x authentication-method eap
dot1x free-ip 10.1.5.107 32
radius-server template radius
radius-server shared-key cipher [email protected]
radius-server authentication 10.1.5.107 1812
radius-server accounting 10.1.5.107 1813
quit
radius-server authorization 10.1.5.107 shared-key cipher [email protected]
aaa
authentication-scheme radius
authentication-mode radius
accounting-scheme radius
accounting-mode radius
domain default
authentication-scheme radius
accounting-scheme radius
radius-server radius
interface GigabitEthernet0/0/10
dot1x enable
FW1/FW2
security-policy
rule name sw3_AC
source-zone dmz
source-zone trust
destination-zone dmz
destination-zone trust
source-address 10.1.3.3 32
source-address 10.1.5.107 32
destination-address 10.1.3.3 32
destination-address 10.1.5.107 32
action permit
portal
SW3
web-auth-server portal
server-ip 10.1.5.107
port 50200
shared-key cipher [email protected]
url http://10.1.5.107:8080/portal
portal free-rule 1 destination ip 10.1.5.107 mask 255.255.255.255
interface Vlanif2
web-auth-server portal layer3
DDOS
r1
interface e1/0/0.1
arp broadcast enable
interface e1/0/0.2
arp broadcast enable
ip route-static 10.1.5.110 32 10.1.11.61
acl number 3000
rule 5 permit ip destination 10.1.5.110 0
traffic classifier ddos operator or
if-match acl 3000
traffic behavior ddos
redirect ip-nexthop 10.1.9.21
traffic policy ddos
classifier ddos behavior ddos
interface e1/0/0.2
traffic-policy ddos inbound
r2
interface e1/0/0.1
arp broadcast enable
interface e1/0/0.2
arp broadcast enable
ip route-static 10.1.5.110 32 10.1.11.61
acl number 3000
rule 5 permit destination 10.1.5.110 0
traffic classifier ddos operator or
if-match acl 3000
traffic behavior ddos
redirect ip-nexthop 10.1.10.21
traffic policy ddos
classifier ddos behavior ddos
interface e1/0/0.2
traffic-policy ddos inbound
antiddos
int g1/0/0.1
anti-ddos clean enable
anti-ddos flow-statistic enable
security-policy
rule name ddos_tr_un
source-zone trust
source-zone untrust
destination-zone trust
destination-zone untrust
action permit
ip route-static 0.0.0.0 0.0.0.0 g1/0/0.1 10.1.11.11
ip route-static 0.0.0.0 0.0.0.0 g1/0/0.1 10.1.11.12 preference 100
ip route-static 10.1.5.110 255.255.255.255 10.1.13.11
ip route-static 10.1.5.110 255.255.255.255 10.1.13.12 preference 100
firewall ddos bgp-next-hop 10.1.11.11
atic
security-policy
rule name acit
source-zone loacal
source-zone trust
destination-zone loacal
destination-zone trust
source-address 10.1.12.105 32
source-address 10.1.12.61 32
destination-address 10.1.12.105 32
destination-address 10.1.12.61 32
action permit
telnet server enable
aaa
manager-user admin
service-type telnet terminal
user-interface vty 0 4
protocol inbound all
snmp-agent
snmp-agent sys-info version v2c
snmp-agent community read [email protected]
snmp-agent community write [email protected]
interface g0/0/0
service-manage telnet snmp permit