[H3C MSR2600]dis cur
#
 version 7.1.064, Release 0809P33
#
 sysname H3C MSR2600
#
 telnet server enable
#
 dialer-group 1 rule ip permit
 dialer-group 2 rule ip permit
#
 ip ttl-expires enable
#
 ip load-sharing mode per-flow dest-ip src-ip global
#
nat address-group 1
 address 113.105.103.165 113.105.103.165
#
 dhcp server always-broadcast
#
 dns proxy enable
#
 password-recovery enable
#
vlan 1
#
policy-based-route AAA permit node 10
 if-match acl 3101
 apply next-hop 172.16.10.1
#
policy-based-route AAA permit node 20
 if-match acl 3300
 apply next-hop 113.105.103.129
#
controller Cellular0/0
#
interface Dialer0
 mtu 1492
 ppp chap password cipher $c$3$00cXUlLw1PlfuaeAsgGqin8tU4rNS0Qwpz0t
 ppp chap user 07551207035912@163.gd
 ppp ipcp dns admit-any
 ppp ipcp dns request
 ppp pap local-user 07551207035912@163.gd password cipher $c$3$H2qLe5fP1id3RQMnpWeMDRb7lKrBNl8x8fbG
 dialer bundle enable
 dialer-group 1
 dialer timer idle 0
 ip address ppp-negotiate
 tcp mss 1280
 nat outbound
#
interface Dialer1
 mtu 1492
 ppp chap password cipher $c$3$s5Y2kSpQTxJ6tWPdlhiyhGwBkE2F0jd7lpEp
 ppp chap user 07551202996709@163.gd
 ppp ipcp dns admit-any
 ppp ipcp dns request
 ppp pap local-user 07551202996709@163.gd password cipher $c$3$u8NjoFWuMWILusMRvhfv1CTQZlgX+lwvqrpo
 dialer bundle enable
 dialer-group 2
 dialer timer idle 0
 dialer timer autodial 5
 ip address ppp-negotiate
 tcp mss 1280
 nat outbound
#
interface Virtual-Template0
#
interface NULL0
#
interface LoopBack0
#
interface GigabitEthernet0/0
 port link-mode route
 ip address 10.255.255.254 255.255.255.0
 undo dhcp select server
 ip policy-based-route AAA
#
interface GigabitEthernet0/1
 port link-mode route
 description Multiple_Line
 ip last-hop hold
 pppoe-client dial-bundle-number 0
#
interface GigabitEthernet0/2
 port link-mode route
 description Multiple_Line
 ip address 172.16.10.254 255.255.255.0
 dns server 172.16.10.1
 ip last-hop hold
 nat outbound
 undo dhcp select server
#
interface GigabitEthernet0/3
 port link-mode route
 description Multiple_Line
 ip address 113.105.103.165 255.255.255.128
 dns server 202.96.134.133
 ip last-hop hold
 nat outbound 3000
 nat server protocol tcp global 113.105.103.165 21 inside 192.168.16.240 21
 nat server protocol tcp global 113.105.103.165 943 inside 192.168.16.28 943
 nat server protocol tcp global 113.105.103.165 5900 inside 192.168.16.240 5900
 nat server protocol tcp global 113.105.103.165 14443 inside 192.168.16.28 14443
 nat server protocol tcp global 113.105.103.165 59000 inside 192.168.16.151 3389
 nat server protocol udp global 113.105.103.165 1194 inside 192.168.16.28 1194
 undo dhcp select server
 ipsec apply policy QHSJ
#
interface GigabitEthernet0/4
 port link-mode route
 description Multiple_Line
 ip last-hop hold
 pppoe-client dial-bundle-number 1
#
interface GigabitEthernet0/5
 port link-mode route
#
object-policy ip Any-Any
 rule 65534 pass
#
security-zone name Local
#
security-zone name Trust
#
security-zone name DMZ
#
security-zone name Untrust
#
security-zone name Management
#
zone-pair security source Any destination Any
 object-policy apply ip Any-Any
#
 scheduler logfile size 16
#
line class console
 user-role network-admin
#
line class tty
 user-role network-operator
#
line class usb
 user-role network-admin
#
line class vty
 user-role network-operator
#
line con 0
 user-role network-admin
#
line vty 0 4
 authentication-mode scheme
 user-role level-15
 user-role network-operator
 protocol inbound ssh
#
line vty 5 63
 authentication-mode scheme
 user-role network-operator
 protocol inbound ssh
#
 ip route-static 0.0.0.0 0 Dialer1
 ip route-static 0.0.0.0 0 Dialer0
 ip route-static 0.0.0.0 0 GigabitEthernet0/3 113.105.103.129
 ip route-static 0.0.0.0 0 GigabitEthernet0/2 172.16.10.1
 ip route-static 10.255.254.0 24 GigabitEthernet0/3 113.105.103.129
 ip route-static 119.123.49.21 32 113.105.103.129
 ip route-static 172.27.226.0 24 10.255.255.1
 ip route-static 192.168.0.0 16 10.255.255.1
#
 snmp-agent
 snmp-agent local-engineid 800063A2805098B87E48F600000001
 snmp-agent community read public004
 snmp-agent sys-info version all
 snmp-agent target-host inform address udp-domain 192.168.16.130 udp-port 161 params securityname public004 v2c
 snmp-agent trap enable arp
 snmp-agent trap enable ipsec
 snmp-agent trap enable radius
 snmp-agent trap enable syslog
 snmp-agent trap enable wlan ap
 snmp-agent trap enable wlan capwap
 snmp-agent trap enable wlan client
 snmp-agent trap enable wlan client-audit
 snmp-agent trap enable wlan load-balance
 snmp-agent trap enable wlan mobility
 snmp-agent trap enable wlan usersec
#
 ssh server enable
#
acl advanced 3000
 rule 5 deny ip source 192.168.16.0 0.0.0.255 destination 10.255.254.0 0.0.0.255
 rule 1000 permit ip
#
acl advanced 3101
 rule 1 permit ip source 192.168.11.0 0.0.0.255
 rule 100 permit ip source 192.168.0.0 0.0.255.255 destination 3.109.196.134 0
 rule 101 permit ip source 192.168.0.0 0.0.255.255 destination 150.242.18.78 0
 rule 102 permit ip source 192.168.0.0 0.0.255.255 destination 150.252.18.66 0
 rule 103 permit ip destination 8.210.226.11 0
#
acl advanced 3300
 rule 0 permit ip source 192.168.16.80 0
 rule 1 permit ip source 192.168.16.240 0
 rule 2 permit ip source 192.168.16.118 0
 rule 3 permit ip source 192.168.16.47 0
 rule 4 permit ip source 192.168.16.166 0
 rule 5 permit ip source 192.168.16.28 0
#
 password-control enable
 undo password-control aging enable
 undo password-control history enable
 password-control length 6
 password-control login-attempt 3 exceed lock-time 10
 password-control update-interval 0
 password-control login idle-time 0
#
domain system
#
 domain default enable system
#
role name level-0
 description Predefined level-0 role
#
role name level-1
 description Predefined level-1 role
#
role name level-2
 description Predefined level-2 role
#
role name level-3
 description Predefined level-3 role
#
role name level-4
 description Predefined level-4 role
#
role name level-5
 description Predefined level-5 role
#
role name level-6
 description Predefined level-6 role
#
role name level-7
 description Predefined level-7 role
#
role name level-8
 description Predefined level-8 role
#
role name level-9
 description Predefined level-9 role
#
role name level-10
 description Predefined level-10 role
#
role name level-11
 description Predefined level-11 role
#
role name level-12
 description Predefined level-12 role
#
role name level-13
 description Predefined level-13 role
#
role name level-14
 description Predefined level-14 role
#
user-group system
#
local-user admin class manage
 service-type ssh telnet terminal http https
 authorization-attribute user-role network-admin
#
ipsec transform-set QHSJ
 esp encryption-algorithm 3des-cbc
 esp authentication-algorithm sha1
#
ipsec policy-template QHSJ 65535
 transform-set QHSJ
 ike-profile QHSJ
 sa duration time-based 3600
 sa duration traffic-based 1843200
#
ipsec policy QHSJ 65535 isakmp template QHSJ
#
 l2tp enable
#
ike profile QHSJ
 keychain QHSJ
 exchange-mode aggressive
 local-identity address 113.105.103.165
 match remote identity address 0.0.0.0 0.0.0.0
 proposal 65535
#
ike proposal 65535
 encryption-algorithm aes-cbc-128
 dh group14
 authentication-algorithm sha256
#
ike keychain QHSJ
 pre-shared-key address 0.0.0.0 0.0.0.0 key cipher $c$3$bfLOzAajDzMJqehtg6PwVT9ABrT1kW2qPKg2
#
 ip http enable
#
wlan global-configuration
#
wlan ap-group default-group
 vlan 1
#
return