# sysname Huawei AR1220C-S # drop illegal-mac alarm # authentication-profile name default_authen_profile authentication-profile name dot1x_authen_profile authentication-profile name mac_authen_profile authentication-profile name portal_authen_profile authentication-profile name dot1xmac_authen_profile authentication-profile name multi_authen_profile # ike local-name rta # dns server 223.5.5.5 dns server 223.6.6.6 # dhcp enable # radius-server template default # pki realm default # ssl policy default_policy type server pki-realm default version tls1.0 tls1.1 tls1.2 ciphersuite rsa_aes_128_cbc_sha # acl number 2000 rule 5 permit source 10.255.0.0 0.0.255.255 # acl number 3000 rule 5 deny ip source 10.255.254.0 0.0.0.255 destination 192.168.16.0 0.0.0.255 rule 1000 permit ip acl name b_GigabitEthernet0/0/11_1 3999 rule 6 permit ip source 10.255.254.0 0.0.0.255 destination 192.168.16.0 0.0.0.255 # ipsec proposal branch_p1 esp authentication-algorithm sha1 esp encryption-algorithm 3des # ike proposal default encryption-algorithm aes-256 dh group14 authentication-algorithm sha2-256 authentication-method pre-share integrity-algorithm hmac-sha2-256 prf hmac-sha2-256 ike proposal 1 encryption-algorithm aes-128 dh group14 authentication-algorithm sha2-256 authentication-method pre-share integrity-algorithm hmac-sha2-256 prf hmac-sha2-256 # ike peer branch_p1 undo version 2 exchange-mode aggressive pre-shared-key cipher %^%#k[&6K=34->s/zW+9|idQ#9Z16)qR_NR^xk$Nf\7W%^%# ike-proposal 1 remote-address 113.105.103.165 # ipsec policy branch_p 1 isakmp security acl 3999 ike-peer branch_p1 proposal branch_p1 # free-rule-template name default_free_rule # portal-access-profile name portal_access_profile # aaa authentication-scheme default authentication-scheme radius authentication-mode radius authorization-scheme default accounting-scheme default domain default authentication-scheme default domain default_admin authentication-scheme default local-user admin password irreversible-cipher $1a$).$2$-vQ7C$qI2G-=n2!0-gV*JVWA.AJq9U>c'OlB\\M~@<'f&.$ local-user admin privilege level 15 local-user admin service-type terminal ssh http # firewall zone Local # interface GigabitEthernet0/0/0 # interface GigabitEthernet0/0/1 # interface GigabitEthernet0/0/2 # interface GigabitEthernet0/0/3 # interface GigabitEthernet0/0/4 # interface GigabitEthernet0/0/5 # interface GigabitEthernet0/0/6 # interface GigabitEthernet0/0/7 # interface GigabitEthernet0/0/8 # interface GigabitEthernet0/0/9 description TOcore ip address 10.255.254.254 255.255.255.0 # interface GigabitEthernet0/0/10 # interface GigabitEthernet0/0/11 description CHinanet ip address 192.168.1.100 255.255.255.0 nat outbound 3000 ipsec policy branch_p # interface GigabitEthernet0/0/12 # interface GigabitEthernet0/0/13 description VirtualPort # interface Cellular0/0/0 # interface Cellular0/0/1 # interface NULL0 # dialer-rule dialer-rule 1 ip permit # info-center timestamp log format-date # snmp-agent local-engineid 800007DB031C20DBFC4569 # stelnet server enable # http secure-server ssl-policy default_policy http server enable http secure-server enable http server permit interface GigabitEthernet0/0/9 # ip route-static 0.0.0.0 0.0.0.0 192.168.1.1 ip route-static 10.255.253.0 255.255.255.0 10.255.254.1 ip route-static 10.255.254.0 255.255.255.0 10.255.254.1 ip route-static 192.168.16.0 255.255.255.0 192.168.1.1 # fib regularly-refresh disable # user-interface con 0 authentication-mode aaa user-interface vty 0 authentication-mode aaa user privilege level 15 protocol inbound ssh user-interface vty 1 4 protocol inbound ssh # wlan ac traffic-profile name default security-profile name default security-profile name default-wds security wpa2 psk pass-phrase %^%#y$Q^"I|>"2NR.d39,V7)qKDR-neVxXPQs`4zxy;~%^%# aes ssid-profile name default vap-profile name default wds-profile name default regulatory-domain-profile name default air-scan-profile name default rrm-profile name default radio-2g-profile name default radio-5g-profile name default wids-spoof-profile name default wids-profile name default ap-system-profile name default port-link-profile name default wired-port-profile name default ap-group name default # dot1x-access-profile name dot1x_access_profile # mac-access-profile name mac_access_profile # ops # autostart # secelog # return