H核心B10.30.0.49_2024.03.05
******************************************************************************
* Copyright (c) 2004-2022 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
<YDSJYC2-105-A-02-CSW-H6900-M2-01U37>dis cur
#
version 7.1.070, Release 2910
#
sysname YDSJYC2-105-A-02-CSW-H6900-M2-01U37
#
clock timezone beijing add 08:00:00
clock protocol ntp
#
ip vpn-instance DMZ
route-distinguisher 1:209
vpn-target 1:209 import-extcommunity
vpn-target 1:209 export-extcommunity
#
ip vpn-instance Internet
route-distinguisher 1:5006
#
ip vpn-instance MAD
route-distinguisher 1:2
#
ip vpn-instance NET-manage
route-distinguisher 1:1
vpn-id 1:1
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
address-family ipv4
#
ip vpn-instance NEt-manage
#
ip vpn-instance OS_Inside
route-distinguisher 1:5001
vpn-target 1:301 import-extcommunity
vpn-target 1:301 export-extcommunity
#
ip vpn-instance OS_Internet
route-distinguisher 1:5005
#
ip vpn-instance OS_storage
route-distinguisher 1:5000
#
parity-error consistency-check log enable
parity-error unrecoverable log enable
parity-error unrecoverable reboot
#
irf mac-address persistent timer
undo irf auto-update enable
undo irf link-delay
irf member 2 priority 1
#
link-aggregation global load-sharing mode destination-ip source-ip destination-port source-port
#
archive configuration location flash: filename-prefix my_archive
#
ip ttl-expires enable
#
ip load-sharing mode per-flow dest-ip src-ip ip-pro dest-port src-port global
#
lldp global enable
lldp global tlv-enable basic-tlv management-address-tlv interface M-GigabitEthernet0/0/0
#
loopback-detection global enable vlan 1 to 4094
loopback-detection interval-time 10
#
burst-mode enable
#
system-working-mode standard
hardware-resource switch-mode 0
hardware-resource routing-mode ipv6-64
hardware-resource vxlan l2gw
password-recovery enable
#
vlan 1
#
vlan 200
name OS_Internet
description For_OS_Internet
#
vlan 201 to 208
#
vlan 209
name For_DMZ
#
vlan 210 to 299
#
vlan 300
name OS_storage
description For_OS_Storage
#
vlan 301
name OS_inside
description For_OS_Inside
#
vlan 302
name OS_ceph
#
vlan 303 to 308
#
vlan 309
name BM
#
vlan 500 to 3999
#
vlan 4094
name Drni
#
traffic classifier 1 operator and
if-match acl mac 4001
#
traffic behavior 1
accounting packet
#
qos policy 1
classifier 1 behavior 1
#
stp region-configuration
region-name h3c
revision-level 255
instance 1 vlan 1 to 4094
active region-configuration
#
stp instance 1 root secondary
#
interface Bridge-Aggregation1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 200
link-aggregation mode dynamic
port m-lag group 1
#
interface Bridge-Aggregation11
description dT: YDSJYC2-105-A-01-ASW-RGS6520-01U26.AGG1
port link-type trunk
port trunk permit vlan 1 200 to 209 300 to 309 500 to 509
link-aggregation mode dynamic
port m-lag group 11
#
interface Bridge-Aggregation1024
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
link-aggregation mode dynamic
port m-lag peer-link 1
undo mac-address static source-check enable
#
interface Route-Aggregation1023
ip binding vpn-instance MAD
ip address 1.1.1.6 255.255.255.252
link-aggregation mode dynamic
#
interface NULL0
#
interface Vlan-interface200
description OS_Internet
ip binding vpn-instance OS_Internet
ip address 9.9.9.253 255.255.255.0
vrrp vrid 1 virtual-ip 9.9.9.254
#
interface Vlan-interface209
description For_DMZ
ip address 100.126.7.253 255.255.248.0
vrrp vrid 2 virtual-ip 100.126.7.254
#
interface Vlan-interface300
description For_Storage_Outside
ip binding vpn-instance OS_storage
ip address 10.30.11.253 255.255.252.0
vrrp vrid 3 virtual-ip 10.30.11.254
#
interface Vlan-interface301
description For_OS_Inside
ip binding vpn-instance OS_Inside
ip address 10.30.7.253 255.255.248.0
vrrp vrid 4 virtual-ip 10.30.7.254
#
interface Vlan-interface309
description NO_USE
shutdown
#
interface FortyGigE2/0/49
port link-mode bridge
#
interface FortyGigE2/0/50
port link-mode bridge
#
interface FortyGigE2/0/51
port link-mode bridge
#
interface FortyGigE2/0/52
port link-mode bridge
#
interface FortyGigE2/0/53
port link-mode bridge
#
interface FortyGigE2/0/54
port link-mode bridge
#
interface M-GigabitEthernet0/0/0
description For_NetworkManage
ip binding vpn-instance NET-manage
ip address 10.30.0.49 255.255.254.0
dhcp client identifier hex 0200bed5f03066
#
interface M-GigabitEthernet0/0/1
description pT:YDSJYC2-105-A-01-CSW-H6900-M1-01U37.Ten0/48:10.30.0.50.MLAG_Peerlink
shutdown
dhcp client identifier hex 0200bed5f03066
#
interface Ten-GigabitEthernet2/0/43
port link-mode route
description pT: YDSJYC2-105-A-01-CSW-H6900-01U37.Ten1/0/43:10.30.0.50.Mlag_keepalive
port link-aggregation group 1023
#
interface Ten-GigabitEthernet2/0/1
port link-mode bridge
description uT:YDSJYC2-105-A-02-MSW-H5110-01U39:10GE1/0/2
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 200
port link-aggregation group 1
#
interface Ten-GigabitEthernet2/0/2
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/3
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/4
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/5
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/6
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/7
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/8
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/9
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/10
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/11
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/12
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/13
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/14
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/15
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/16
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/17
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/18
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/19
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/20
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/21
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/22
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/23
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/24
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/25
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/26
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/27
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/28
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/29
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/30
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/31
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/32
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/33
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/34
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/35
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/36
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/37
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/38
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/39
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/40
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/41
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/42
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/44
port link-mode bridge
description NO_USE
shutdown
#
interface Ten-GigabitEthernet2/0/45
port link-mode bridge
description dT: YDSJYC2-105-A-01-ASW-RGS6520-01U26.Ten0/46
port link-type trunk
port trunk permit vlan 1 200 to 209 300 to 309 500 to 509
port link-aggregation group 11
#
interface Ten-GigabitEthernet2/0/46
port link-mode bridge
description dT: YDSJYC2-105-A-02-ASW-RGS6520-01U26.Ten0/46
port link-type trunk
port trunk permit vlan 1 200 to 209 300 to 309 500 to 509
port link-aggregation group 11
#
interface Ten-GigabitEthernet2/0/47
port link-mode bridge
description pT: YDSJYC2-105-A-01-CSW-H6900-01U37.Ten1/0/47:10.30.0.49.Mlag_keepalive
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
port link-aggregation group 1024
#
interface Ten-GigabitEthernet2/0/48
port link-mode bridge
description pT: YDSJYC2-105-A-01-CSW-H6900-01U37.Ten1/0/48:10.30.0.49.Mlag_keepalive
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
port link-aggregation group 1024
#
m-lag mad exclude interface Route-Aggregation1023
m-lag restore-delay 300
m-lag role priority 150
m-lag system-mac 0001-0001-0001
m-lag system-number 2
m-lag system-priority 123
m-lag standalone enable
m-lag keepalive ip destination 1.1.1.5 source 1.1.1.6 vpn-instance MAD
#
scheduler logfile size 16
#
line class aux
user-role network-admin
#
line class vty
user-role network-operator
#
line aux 1
user-role network-admin
#
line vty 0 9
authentication-mode scheme
user-role level-15
user-role network-admin
user-role network-operator
protocol inbound ssh
idle-timeout 10 1
#
line vty 10 63
user-role network-operator
#
ip route-static vpn-instance NET-manage 0.0.0.0 0 10.30.1.254
#
info-center timestamp loghost iso
info-center loghost source M-GigabitEthernet0/0/0
info-center loghost vpn-instance NET-manage 10.30.0.62
info-center loghost vpn-instance NET-manage 10.30.0.136 port 5000 facility local4
info-center loghost vpn-instance NET-manage 10.30.0.137 port 5000 facility local4
info-center source default loghost level warning
#
snmp-agent
snmp-agent local-engineid 800063A28000BED5F0306A00000001
snmp-agent community read SNMPGROUP acl 3020
snmp-agent community read cipher $c$3$6as+l+JEyK5dxDNjP7ALpEUX3N8OQN2NphxC4WBVBb0zr78=
snmp-agent sys-info version v2c v3
snmp-agent target-host trap address udp-domain 10.30.0.136 vpn-instance NET-manage params securityname yundiao*&COC2016 v2c
snmp-agent target-host trap address udp-domain 10.30.0.137 vpn-instance NET-manage params securityname yundiao*&COC2016 v2c
snmp-agent target-host trap address udp-domain 10.30.0.62 vpn-instance NET-manage params securityname yundiao*&COC2016 v2c
snmp-agent trap enable arp
snmp-agent trap enable nd
snmp-agent trap enable radius
snmp-agent trap enable stp
snmp-agent trap enable syslog
snmp-agent trap source M-GigabitEthernet0/0/0
#
ssh server enable
#
ntp-service source M-GigabitEthernet0/0/0
ntp-service refclock-master 2
ntp-service unicast-server 10.30.0.136
ntp-service unicast-server 10.30.0.137
ntp-service unicast-server 10.30.0.136 vpn-instance NET-manage priority
ntp-service unicast-server 10.30.0.137 vpn-instance NET-manage priority
ntp-service unicast-server 10.30.1.254 priority
ntp-service unicast-server 10.30.1.254 vpn-instance NET-manage priority
ntp-service unicast-server 10.30.0.254 source M-GigabitEthernet0/0/0
ntp-service unicast-server 10.10.0.136
ntp-service unicast-server 10.10.0.137 priority
ntp-service unicast-server 10.30.0.63 vpn-instance NET-manage source M-GigabitEthernet0/0/0
#
acl number 2000
description For_SNMP
rule 10 permit vpn-instance NET-manage source 10.30.0.136 0
rule 15 permit vpn-instance NET-manage source 10.30.0.137 0
rule 1000 deny vpn-instance NET-manage
#
acl number 2001
description For_Login
rule 10 permit vpn-instance NET-manage source 192.168.0.0 0.0.7.255
rule 15 permit vpn-instance NET-manage source 192.168.8.0 0.0.7.255
rule 20 permit vpn-instance NET-manage source 192.168.120.0 0.0.0.255
rule 25 permit vpn-instance NET-manage source 10.252.134.0 0.0.1.255
rule 30 permit vpn-instance NET-manage source 10.254.181.0 0.0.0.255
rule 35 permit vpn-instance NET-manage source 10.10.0.0 0.0.0.127
rule 40 permit vpn-instance NET-manage source 10.30.0.0 0.0.1.255
rule 45 permit vpn-instance NET-manage source 10.243.72.0 0.0.0.255
rule 1000 deny vpn-instance NET-manage
#
user-profile user
#
password-control login-attempt 3 exceed lock-time 10
#
radius scheme system
user-name-format without-domain
#
domain system
#
aaa session-limit http 64
aaa session-limit https 64
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user AutoDevOps class manage
password hash $h$6$aEfUUb+Mxho0jBzG$RCShBq0591zX0NFdadbMQE/npySVtxR62zAY1t2LZuc2Oi8Q4+nj/dy4zv8jTzFaf/n/8/GnSlfCfkz1BjQOiw==
service-type ssh terminal
authorization-attribute idle-cut 10
authorization-attribute user-role level-15
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
local-user COC_monitor class manage
password hash $h$6$PHigCDbPXiT2i+E+$yLRZQNlWsPu2zFmO9Hd6qnBbdQINkGh6c3ygS3AGk/h13TdgAz5UeOLaZx6o+akkw9lG/Z1IRjcuLWiiOnVs+g==
service-type ssh terminal
authorization-attribute idle-cut 10
authorization-attribute user-role level-1
authorization-attribute user-role network-operator
password-control length 9
#
local-user COC_operator class manage
password hash $h$6$Js0hWICw+AX48xM2$OKsWi4jzGbTRZhVY4OA/2ZfmhamZoNfSQwxQzxqoFllnhlHzyuf0KPwk79xpNtuk2dWUCJOwba/18yETiK2ZOA==
service-type ssh terminal
authorization-attribute idle-cut 10
authorization-attribute user-role level-15
authorization-attribute user-role network-operator
#
local-user admin class manage
password hash $h$6$s2nsO+UQ4jdYnYiz$LJhVWJ4L7bbw+u+hOTEe+g6UPoyC5ArPjCjW8LFHhogfCt18Tc9iEsLtY1Tv2/3bY1+QtIYnQ6H1e7y/dpYFBg==
service-type ssh
authorization-attribute idle-cut 10
authorization-attribute user-role level-15
authorization-attribute user-role network-admin
authorization-attribute user-role network-operato
authorization-attribute user-role network-operator
#
local-user coc_operator class manage
password hash $h$6$0lUoT+TdtfpRaqiO$lOMFZsu8kiyL4nLn7H2oyqRF+cYiVrFrTP4c9aajc99JXuoLZuaRd/dxS1NH9D1WiKeBavmL4wos27RZ+SJWrA==
authorization-attribute user-role level-15
authorization-attribute user-role network-operator
#
local-user hdj class manage
password hash $h$6$qZKtrYw4Mo74QXMs$7tpEQtXzhbgZVndLDxQdtr6mctd7BKsFpDfBICkvJlwVN7cM7UFbkndYIQHqWuIs7BAnudL08lMRe2Rqk2qvZw==
service-type telnet
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
local-user oepnstackadmin class manage
password hash $h$6$03DGwvZh2p+kCCaa$+xTvpXv5CBJ26g39hNqgBK0TknXnwRl/3jB0LTyZL2WOqxCgE8Y0tK5trSR+Pj/6Ip81PrYpD10mZZqAHPORug==
service-type ssh terminal
authorization-attribute idle-cut 10
authorization-attribute user-role level-15
authorization-attribute user-role network-operator
#
local-user openstackadmin class manage
password hash $h$6$r+MdrUPweuXAgy7n$g4P/N/Sm25iRMNCdusNwo0E5RM6hPfziGtKN+Hee2fUen6AdQBABYNxVj9rpPJO6YI8jUDE8oVDjgagWP/olFw==
service-type http ssh terminal
authorization-attribute idle-cut 10
authorization-attribute user-role level-15
authorization-attribute user-role network-operator
#
local-user sdnadmin class manage
password hash $h$6$AkY75gvNaSksaBFP$pqwvKtOGL8CcnwKbLi1QBcW6sa8jDO3i9UO7w1LOrRw4dnqnu4Dy1iXF0kiK8ZaLWdhfhSJRUWZWHTwRClXAEw==
authorization-attribute user-role network-operator
#
local-user shixun class manage
password hash $h$6$mkwUmXA7aUqe7x5a$CO7Evx20383RxVuiW6ghw4CDfadbr7av4lFAv0P2zoWdJcfao3BzAOETiY11sMsfHRDbVuUQ2bDk0SqruC8yCg==
service-type ssh
authorization-attribute idle-cut 10
authorization-attribute user-role level-15
authorization-attribute user-role network-operator
#
local-user yundiao_read class manage
password hash $h$6$KDRFAn2sN0g5qQAK$JZW6UzfnK/0ajzjUYvx76im30WzWUuv0D8JOpkjuHLcB6IEdbQ8Com9AA+Dh4eWfkBdnYUPQgqKj1VbqCeDN1w==
service-type ssh terminal
authorization-attribute idle-cut 10
authorization-attribute user-role level-1
authorization-attribute user-role network-operator
#
local-user COC_monitor class network guest
password cipher $c$3$A6Njw6D2aN6+DkKD5xlHUo+QmyTor0Qs1T83rf0YFJmVaI1smKU=
#
local-user yundiao_read class network guest
password cipher $c$3$QlZR+b6aApTEeST2E+P5/sTVDNWq7bwbhmBFUjAF7MWCQDS6+3Y=
#
security-enhanced level 2
#
ssl renegotiation disable
ssl version ssl3.0 disable
ssl version tls1.0 disable
undo ssl version tls1.1 disable
#
netconf soap http enable
netconf soap http acl 2001
netconf ssh server enable
#
return
<YDSJYC2-105-A-02-CSW-H6900-M2-01U37>
<YDSJYC2-105-A-02-CSW-H6900-M2-01U37>
浙公网安备 33010602011771号