欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

配置

程序员文章站 2022-04-23 22:09:50
...

802.1x

SW3

dot1x enable

undo dot1x handshake

dot1x authentication-method eap

dot1x free-ip 10.1.5.107 32

radius-server template radius

 radius-server shared-key cipher [email protected]

 radius-server authentication 10.1.5.107 1812

 radius-server accounting 10.1.5.107 1813

quit

radius-server authorization 10.1.5.107 shared-key cipher [email protected]

aaa

 authentication-scheme radius

  authentication-mode radius

 accounting-scheme radius

  accounting-mode radius

 domain default

  authentication-scheme radius

  accounting-scheme radius

  radius-server  radius

  interface GigabitEthernet0/0/10

 dot1x enable

FW1/FW2

security-policy

rule name sw3_AC

source-zone dmz

source-zone trust

destination-zone dmz

destination-zone trust

source-address 10.1.3.3 32

source-address 10.1.5.107 32

destination-address 10.1.3.3 32

destination-address 10.1.5.107 32

action permit

portal

SW3

 web-auth-server portal
 server-ip 10.1.5.107
 port 50200
 shared-key cipher [email protected]
 url http://10.1.5.107:8080/portal
 portal free-rule 1 destination ip 10.1.5.107 mask 255.255.255.255
interface Vlanif2
 web-auth-server portal layer3

DDOS

r1

interface e1/0/0.1
arp broadcast enable
interface e1/0/0.2
arp broadcast enable
ip route-static 10.1.5.110 32 10.1.11.61
acl number 3000
rule 5 permit ip destination 10.1.5.110 0
traffic classifier ddos operator or
if-match acl 3000
traffic behavior ddos
redirect ip-nexthop 10.1.9.21
traffic policy ddos
classifier ddos behavior ddos
interface e1/0/0.2
traffic-policy ddos inbound

r2

interface e1/0/0.1
arp broadcast enable
interface e1/0/0.2
arp broadcast enable
ip route-static 10.1.5.110 32 10.1.11.61
acl number 3000
rule 5 permit destination 10.1.5.110 0
traffic classifier ddos operator or
if-match acl 3000
traffic behavior ddos
redirect ip-nexthop 10.1.10.21
traffic policy ddos
classifier ddos behavior ddos
interface e1/0/0.2
traffic-policy ddos inbound

antiddos

int g1/0/0.1
anti-ddos clean	enable
anti-ddos flow-statistic enable
security-policy
rule name ddos_tr_un
source-zone trust
source-zone untrust
destination-zone trust
destination-zone untrust
action permit
ip route-static 0.0.0.0 0.0.0.0 g1/0/0.1 10.1.11.11
ip route-static 0.0.0.0 0.0.0.0 g1/0/0.1 10.1.11.12 preference 100
ip route-static 10.1.5.110 255.255.255.255 10.1.13.11
ip route-static 10.1.5.110 255.255.255.255 10.1.13.12 preference 100
firewall ddos bgp-next-hop 10.1.11.11

atic

security-policy
rule name acit
source-zone loacal
source-zone trust
destination-zone loacal
destination-zone trust
source-address 10.1.12.105 32
source-address 10.1.12.61 32
destination-address 10.1.12.105 32
destination-address 10.1.12.61 32
action permit
telnet server enable
aaa
manager-user admin
service-type telnet terminal
user-interface vty 0 4
protocol inbound all
snmp-agent
snmp-agent sys-info version v2c
snmp-agent community read [email protected]
snmp-agent community write [email protected]
interface g0/0/0
service-manage telnet snmp permit

 

相关标签: 笔记