H-核心A10.30.0.50_2024.03.05
<YDSJYC2-105-A-01-CSW-H6900-M1-01U37>dis cur
#
version 7.1.070, Release 2910
#
sysname YDSJYC2-105-A-01-CSW-H6900-M1-01U37
#
clock timezone beijing add 08:00:00
clock protocol ntp
#
ip vpn-instance DMZ
route-distinguisher 1:209
vpn-target 1:209 import-extcommunity
vpn-target 1:209 export-extcommunity
#
ip vpn-instance Internet
route-distinguisher 1:5006
#
ip vpn-instance MAD
route-distinguisher 1:2
#
ip vpn-instance NET-manage
route-distinguisher 1:1
vpn-id 1:1
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
address-family ipv4
#
ip vpn-instance OS_Inside
route-distinguisher 1:301
vpn-target 1:301 import-extcommunity
vpn-target 1:301 export-extcommunity
#
address-family ipv4
#
address-family ipv6
#
ip vpn-instance OS_Internet
route-distinguisher 2:200
#
ip vpn-instance OS_storage
route-distinguisher 1:300
#
ip vpn-instance Storage_Outside
#
parity-error consistency-check log enable
parity-error unrecoverable log enable
parity-error unrecoverable reboot
#
irf mac-address persistent timer
irf auto-update enable
undo irf link-delay
irf member 1 priority 1
#
link-aggregation global load-sharing mode destination-ip source-ip destination-port source-port
#
mac-authentication
#
ospf 1
#
ip ttl-expires enable
#
max-ecmp-num 64
ip load-sharing mode per-flow dest-ip src-ip ip-pro dest-port src-port global
ip load-sharing mode per-flow dest-ip src-ip ip-pro dest-port src-port slot 1
#
lldp global enable
lldp global tlv-enable basic-tlv management-address-tlv 10.30.0.50
#
burst-mode enable
#
system-working-mode standard
hardware-resource switch-mode 0
hardware-resource routing-mode ipv6-64
hardware-resource vxlan l2gw
fan prefer-direction slot 1 port-to-power
password-recovery enable
#
vlan 1
#
vlan 200
name OS_Internet
description For_OS_Internet
#
vlan 201 to 208
#
vlan 209
name For_DMZ
#
vlan 300
name OS_storage
description For_OS_Storage
#
vlan 301
name OS_inside
description For_OS_Inside
#
vlan 302
name OS_ceph
#
vlan 303 to 308
#
vlan 309
name BM
#
vlan 500 to 3999
#
vlan 4094
name Drni
#
traffic classifier 1 operator and
if-match acl mac 4001
#
traffic behavior 1
accounting packet
#
qos policy 1
classifier 1 behavior 1
#
stp region-configuration
region-name h3c
revision-level 255
instance 1 vlan 2 to 4093
active region-configuration
#
stp instance 1 root primary
#
interface Bridge-Aggregation1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 200
link-aggregation mode dynamic
port m-lag group 1
#
interface Bridge-Aggregation11
description dT:YDSJYC2-105-A-01_A-02-ASW-RGS6250-M1_M2-01U26.AGG1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 200 to 209 300 to 309 500 to 509
link-aggregation mode dynamic
port m-lag group 11
#
interface Bridge-Aggregation1024
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
link-aggregation mode dynamic
port m-lag peer-link 1
undo mac-address static source-check enable
#
interface Route-Aggregation1023
ip binding vpn-instance MAD
ip address 1.1.1.5 255.255.255.252
link-aggregation mode dynamic
#
interface Route-Aggregation1024
#
interface NULL0
#
interface LoopBack0
#
interface Vlan-interface200
description OS_Internet
ip binding vpn-instance OS_Internet
ip address 9.9.9.252 255.255.255.0
vrrp vrid 1 virtual-ip 9.9.9.254
vrrp vrid 1 priority 150
#
interface Vlan-interface209
description For_DMZ
ip address 100.126.7.252 255.255.248.0
vrrp vrid 2 virtual-ip 100.126.7.254
#
interface Vlan-interface300
description FOr_Storage_Outsite
ip binding vpn-instance OS_storage
ip address 10.30.11.252 255.255.252.0
vrrp vrid 3 virtual-ip 10.30.11.254
#
interface Vlan-interface301
description For_OS_Inside
ip binding vpn-instance OS_Inside
ip address 10.30.7.252 255.255.248.0
vrrp vrid 4 virtual-ip 10.30.7.254
#
interface FortyGigE1/0/49
port link-mode bridge
description NO_USE
shutdown
#
interface FortyGigE1/0/50
port link-mode bridge
description NO_USE
shutdown
#
interface FortyGigE1/0/51
port link-mode bridge
description NO_USE
shutdown
#
interface FortyGigE1/0/52
port link-mode bridge
description NO_USE
shutdown
#
interface FortyGigE1/0/53
port link-mode bridge
description NO_USE
shutdown
#
interface FortyGigE1/0/54
port link-mode bridge
description NO_USE
shutdown
#
interface M-GigabitEthernet0/0/0
description For_NetworkManage
ip binding vpn-instance NET-manage
ip address 10.30.0.50 255.255.254.0
dhcp client identifier hex 0200bed5f06cf6
#
interface M-GigabitEthernet0/0/1
dhcp client identifier hex 0200bed5f06cf6
#
interface Ten-GigabitEthernet1/0/43
port link-mode route
description pT:YDSJYC2-105-A-01-CSW-H6900-01U37:10.30.0.49.10GE2/0/43_M-LAG_KeepAlive
port link-aggregation group 1023
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
description uT:YDSJYC2-105-A-02-MSW-H5110-01U39:10GE1/0/1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 200
port link-aggregation group 1
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/4
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/5
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/6
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/7
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/8
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/9
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/10
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/11
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/12
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/13
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/14
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/15
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/16
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/17
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/18
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/19
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/20
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/21
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/22
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/23
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/24
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/25
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/26
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/27
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/28
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/29
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/30
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/31
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/32
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/33
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/34
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/35
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/36
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/37
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/38
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/39
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/40
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/41
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/42
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/44
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet1/0/45
port link-mode bridge
description dT:YDSJYC2-105-A-02-ASW-RGS6250-01U26.Ten0/46.Hulian
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 200 to 209 300 to 309 500 to 509
lacp period short
port link-aggregation group 11
#
interface Ten-GigabitEthernet1/0/46
port link-mode bridge
description dT:YDSJYC2-105-A-02-ASW-RGS6250-01U26.Ten0/45.Hulian
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 200 to 209 300 to 309 500 to 509
lacp period short
port link-aggregation group 11
#
interface Ten-GigabitEthernet1/0/47
port link-mode bridge
description pT:YDSJYC2-105-A-02-CSW-H6900-M2-01U37.Ten0/47:10.30.0.49.MLAG_Peerlink
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
port link-aggregation group 1024
#
interface Ten-GigabitEthernet1/0/48
port link-mode bridge
description pT:YDSJYC2-105-A-02-CSW-H6900-M2-01U37.Ten0/48:10.30.0.49.MLAG_Peerlink
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
port link-aggregation group 1024
#
m-lag mad exclude interface Route-Aggregation1023
m-lag restore-delay 300
m-lag role priority 100
m-lag system-mac 0001-0001-0001
m-lag system-number 1
m-lag system-priority 123
m-lag standalone enable
m-lag keepalive ip destination 1.1.1.6 source 1.1.1.5 vpn-instance MAD
#
scheduler logfile size 16
#
line class aux
user-role network-admin
#
line class vty
user-role network-operator
#
line aux 0
user-role network-admin
#
line vty 0 9
authentication-mode scheme
user-role level-15
user-role network-admin
user-role network-operator
protocol inbound ssh
idle-timeout 10 59
#
line vty 10 63
user-role network-operator
#
ip route-static vpn-instance NET-manage 0.0.0.0 0 10.30.1.254
#
info-center timestamp loghost iso
info-center loghost source M-GigabitEthernet0/0/0
info-center loghost vpn-instance NET-manage 10.30.0.62
info-center loghost vpn-instance NET-manage 10.30.0.136 port 5000 facility local4
info-center loghost vpn-instance NET-manage 10.30.0.137 port 5000 facility local4
info-center source default loghost level warning
#
snmp-agent
snmp-agent local-engineid 800063A28000BED5F06CFA00000001
snmp-agent community read SNMPGROUP acl 3020
snmp-agent community read cipher $c$3$Df8uJ3YlpcGECKdDByZmQkXOy7hHjw21g6kQlypTCXbYslg= acl 2000
snmp-agent sys-info version all
snmp-agent target-host trap address udp-domain 10.30.0.136 vpn-instance NET-manage params securityname yundiao*&COC2016 v2c
snmp-agent target-host trap address udp-domain 10.30.0.137 vpn-instance NET-manage params securityname yundiao*&COC2016 v2c
snmp-agent target-host trap address udp-domain 10.30.0.62 vpn-instance NET-manage params securityname yundiao*&COC2016 v2c
snmp-agent trap enable arp
snmp-agent trap enable radius
snmp-agent trap enable stp
snmp-agent trap enable syslog
snmp-agent trap source M-GigabitEthernet0/0/0
#
ssh server enable
ssh server acl 2001
#
ntp-service enable
ntp-service source M-GigabitEthernet0/0/0
ntp-service refclock-master 2
ntp-service unicast-server 10.10.0.136 vpn-instance NET-manage priority
ntp-service unicast-server 10.10.0.137 vpn-instance NET-manage priority
ntp-service unicast-server 10.30.0.136
ntp-service unicast-server 10.30.0.137
ntp-service unicast-server 10.30.0.136 vpn-instance NET-manage priority
ntp-service unicast-server 10.30.0.137 vpn-instance NET-manage priority
ntp-service unicast-server 10.30.1.254 vpn-instance NET-manage priority
ntp-service unicast-server 10.30.0.254 source M-GigabitEthernet0/0/0
ntp-service unicast-server 10.30.0.63 vpn-instance NET-manage source M-GigabitEthernet0/0/0
#
acl number 2000
description For_SNMP
rule 10 permit vpn-instance NET-manage source 10.30.0.136 0
rule 15 permit vpn-instance NET-manage source 10.30.0.137 0
rule 1000 deny vpn-instance NET-manage
#
acl number 2001
description For_Login
rule 10 permit vpn-instance NET-manage source 192.168.0.0 0.0.7.255
rule 15 permit vpn-instance NET-manage source 192.168.8.0 0.0.7.255
rule 20 permit vpn-instance NET-manage source 192.168.120.0 0.0.0.255
rule 25 permit vpn-instance NET-manage source 10.252.134.0 0.0.1.255
rule 30 permit vpn-instance NET-manage source 10.254.181.0 0.0.0.255
rule 35 permit vpn-instance NET-manage source 10.10.0.0 0.0.0.127
rule 40 permit vpn-instance NET-manage source 10.30.0.0 0.0.1.255
rule 45 permit vpn-instance NET-manage source 10.243.72.0 0.0.0.255
rule 1000 deny vpn-instance NET-manage
#
undo password-control length enable
password-control login-attempt 3 exceed lock-time 10
undo password-control complexity user-name check
undo password-control change-password first-login enable
#
radius scheme system
user-name-format without-domain
#
domain system
#
aaa session-limit http 64
aaa session-limit https 64
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user AutoDevOps class manage
password hash $h$6$NJW6Tzu5sRE9H3TN$3/NmpVjdEH5NKOs3TVnQBE+XZ75tZvAyS/UW0VMapozdMy1NltGA4lI93d34zUsZkXwLf58xG1Skiebhgi5bjQ==
service-type ssh terminal
authorization-attribute idle-cut 10
authorization-attribute user-role level-15
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
local-user COC_monitor class manage
password hash $h$6$PHigCDbPXiT2i+E+$yLRZQNlWsPu2zFmO9Hd6qnBbdQINkGh6c3ygS3AGk/h13TdgAz5UeOLaZx6o+akkw9lG/Z1IRjcuLWiiOnVs+g==
service-type ssh terminal
authorization-attribute idle-cut 10
authorization-attribute user-role level-1
authorization-attribute user-role network-operator
password-control length 9
#
local-user COC_operator class manage
password hash $h$6$Js0hWICw+AX48xM2$OKsWi4jzGbTRZhVY4OA/2ZfmhamZoNfSQwxQzxqoFllnhlHzyuf0KPwk79xpNtuk2dWUCJOwba/18yETiK2ZOA==
service-type ssh terminal
authorization-attribute idle-cut 10
authorization-attribute user-role level-15
authorization-attribute user-role network-operator
#
local-user admin class manage
password hash $h$6$6nL1DTKX5S60jEMt$QzaoXk8dWoNXm9buy7P7u3/uyo9q7Z7RFZGMjxg2befCwFp7PhekPLsq9VOLm27mTlVO3zGF7gf5AugDWK6szw==
service-type ssh
authorization-attribute idle-cut 10
authorization-attribute user-role level-15
authorization-attribute user-role network-admin
authorization-attribute user-role network-operato
authorization-attribute user-role network-operator
#
local-user admin2 class manage
password hash $h$6$PWzW3XxqMbMelj28$rqzJloWkIMX4fou0H7bpYc6HcmzEKzPEF/VAo77RkiGXcr8mHwXAyhfOjBhtFt3wr4idy2Oze7E0tuIV8wjxOQ==
service-type ssh
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
local-user coc_operator class manage
password hash $h$6$plzkwkAxSzJRKrAQ$JIYZmT7ni9tXn2wwPHTctHrBrkX9PPyeIqEsLm3ehJ03RWqFEwwzNxFIawp5axjG9kpndo2cPkfmDBNs+tAnDg==
authorization-attribute user-role level-15
authorization-attribute user-role network-operator
#
local-user oepnstackadmin class manage
password hash $h$6$U6Dq3o/MSed9hSUv$NOr6v/2iDHSofHW2O/fEu9ETpDA8L6c7btAMpgumnBt7WQ2Iz8CrI8D7Ws69DMJ5+8Tcnzk0cNgEmd1RALW35Q==
service-type ssh
authorization-attribute idle-cut 10
authorization-attribute user-role level-15
authorization-attribute user-role network-operator
#
local-user openstackadmin class manage
password hash $h$6$r+MdrUPweuXAgy7n$g4P/N/Sm25iRMNCdusNwo0E5RM6hPfziGtKN+Hee2fUen6AdQBABYNxVj9rpPJO6YI8jUDE8oVDjgagWP/olFw==
service-type http ssh terminal
authorization-attribute idle-cut 10
authorization-attribute user-role level-15
authorization-attribute user-role network-operator
#
local-user sdnadmin class manage
password hash $h$6$NhG8vnH/Gm0W8F1k$nonlK1r6HFBrYuzVh3hNGaahS57/0RdKB25kDVFnHFgpQAz06FvUP6L71Er5V0wXnVRZmlWNFpOZl0/YnXdRBg==
service-type ssh
authorization-attribute user-role level-15
authorization-attribute user-role network-operator
#
local-user shixun class manage
password hash $h$6$/KNqezSxEDko9eB7$9gOpMzwnk+G8lBDwc9uW5bXeJzhNjjJB/V+/4JMS6BuOI3bouR8kZ9jDBWW8WwzlgJlgGhZddAMEDqvVHYWm5g==
service-type ssh
authorization-attribute idle-cut 10
authorization-attribute user-role level-15
authorization-attribute user-role network-operator
#
local-user yundiao_read class manage
password hash $h$6$KDRFAn2sN0g5qQAK$JZW6UzfnK/0ajzjUYvx76im30WzWUuv0D8JOpkjuHLcB6IEdbQ8Com9AA+Dh4eWfkBdnYUPQgqKj1VbqCeDN1w==
service-type ssh terminal
authorization-attribute idle-cut 10
authorization-attribute user-role level-1
authorization-attribute user-role network-operator
#
local-user COC_monitor class network guest
password cipher $c$3$UeVpKkvf9Oiuto/XFmNT4uQQamyT6KPXfeOLqj+o
#
local-user yundiao_read class network guest
password cipher $c$3$z011EKyzKGmACw4SfII4YUzsYK/J/JoZk+gAm8eo
#
security-enhanced level 2
#
ssl renegotiation disable
ssl version ssl3.0 disable
ssl version tls1.0 disable
undo ssl version tls1.1 disable
#
netconf soap http enable
netconf soap http acl 2001
netconf ssh server enable
#
return
<YDSJYC2-105-A-01-CSW-H6900-M1-01U37>
<YDSJYC2-105-A-01-CSW-H6900-M1-01U37>
浙公网安备 33010602011771号