NE5000E配置命令解释

#
sysname GG-CB-CR-1.MAN.NE5000E //主机名配置
#
super password level 3 cipher [M(-7[0H8[:$SIQ)HGG2\A!! //设备三级密码配置，以密文cipher形式显示。
#
info-center source default channel 2 trap level warning //设备上送syslog日志的最低级别是warning。
info-center source default channel 4 trap level informational
info-center loghost source LoopBack0 //上送日志使用的源地址为loopback 0地址。
info-center loghost 202.103.194.99 //全区统一SYSLOG服务器配置
#
router id 222.217.183.2 //设置路由管理中的Router ID。
#
ip netstream export version 9 //配置原始流统计信息的输出报文版本号，缺省版本号为5.
ip netstream sampler fix-packets 5000 inbound //对入方向报文间隔采样的间隔为5000，也就是5000个报文采样1个报文。
ip netstream sampler fix-packets 5000 outbound //出方向采样配置。
ip netstream export source 222.217.183.2 //配置NetStream 统计输出报文的源地址
ip netstream export host 222.217.183.254 9990 //配置输出的服务器地址
#
snmp-agent trap type base-trap
#
diffserv domain default
diffserv domain CN2 //配置DS域并进入Diff-Serv域视图
ip-dscp-inbound 32 phb ef green //修改 ip-dscp-inbound 32对应的服务等级为ef，默认32对应的是af4.
ip-dscp-inbound 40 phb af4 green //修改 ip-dscp-inbound 40对应的服务等级为af4，默认40对应的是ef.
ip-dscp-outbound af4 green map 40
ip-dscp-outbound ef green map 32
mpls-exp-inbound 4 phb ef green
mpls-exp-inbound 5 phb af4 green
mpls-exp-outbound af4 green map 5
mpls-exp-outbound ef green map 4
diffserv domain qinq
diffserv domain 5p3d
#
ip vpn-instance ETS-GG-VPN //VPN实例配置
route-distinguisher 64651:77500 //RD值配置
vpn-target 64651:77500 export-extcommunity //EXPORT RT值配置
vpn-target 64640:77100 import-extcommunity //IMPORT RT值配置
ip vpn-instance GXGG-IAD-YW
route-distinguisher 4809:2050001
vpn-target 4809:205000100 export-extcommunity
vpn-target 4809:205000100 import-extcommunity
ip vpn-instance qly_gg_VPN
route-distinguisher 64651:77518
vpn-target 64651:77518 export-extcommunity
vpn-target 64651:77518 import-extcommunity
ip vpn-instance video_gg_VPN
route-distinguisher 64651:77534
vpn-target 64651:77534 export-extcommunity
vpn-target 64651:77534 import-extcommunity
#

hwtacacs-server template 3a-tacacs //配置tacacs服务器模板
hwtacacs-server authentication 202.103.194.99 //配置认证服务器
hwtacacs-server authorization 202.103.194.99 //配置授权服务器
hwtacacs-server accounting 202.103.194.99 //配置计费服务器
hwtacacs-server source-ip 222.217.183.2 //指定源地址为loopback0地址。
hwtacacs-server shared-key Nocteam //配置服务器密钥
undo hwtacacs-server user-name domain-included //配置上送账号不带后缀域名
#
#
mpls lsr-id 222.217

.183.2 //配置mpls lsr-id 为loopback地址
mpls //全局使能mpls
lsp-trigger host ip-prefix XXX //设置触发建立LSP的策略，为32位地址触发。且通过前缀列表指定32位地址。
#
mpls ldp //全局使能mpls ldp
#
访问控制列表配置

acl number 2000 //2xxx的访问控制列表为基本访问控制列表，只能对源地址控制。
rule 0 permit source 202.103.222.64 0.0.0.15
rule 1 permit source 202.103.194.99 0
rule 7 permit source 202.97.32.168 0
rule 8 permit source 202.103.208.162 0
rule 9 permit source 219.133.0.3 0
rule 10 permit source 219.159.77.53 0
rule 11 permit source 219.159.77.116 0
rule 12 permit source 218.65.250.168 0
rule 13 permit source 202.103.194.101 0
rule 100 deny
#
acl number 2001
#
acl number 2010
rule 0 permit source 202.103.194.99 0
rule 5 permit source 202.103.194.101 0
#
acl number 2011
rule 10 permit source 202.103.222.64 0.0.0.15
rule 15 permit source 218.65.250.168 0
rule 20 permit source 10.18.253.4 0
rule 25 permit source 10.18.253.248 0
rule 30 permit source 218.65.250.21 0
rule 35 permit source 218.65.250.20 0
rule 40 permit source 218.65.250.22 0
rule 45 permit source 222.217.183.254 0
#
acl number 2500
#
acl number 3000 //高级访问控制列表，可以对源、目的地址端口进行控制。
description IDC_1_S5516
rule 1 permit ip destination 218.65.250.0 0.0.0.127
#
acl number 3001
description HePingMA5200G_nsfocus
#
acl number 3002
description CBME60_nsfocus
#
acl number 3003
description guiping_ma5200g_nsfocus
#
acl number 3004
description pingnan_ma5200g_nsfocus
#
acl number 3005
description HePingSR7750_nsfocus
rule 0 permit ip destination 218.65.237.0 0.0.0.255
rule 1 permit ip destination 222.83.228.0 0.0.0.127
rule 2 permit ip destination 218.65.235.0 0.0.0.255
#
acl number 3006
description GuiPingSR7750_nsfocus
rule 0 permit ip destination 222.83.210.0 0.0.1.255
rule 2 permit ip destination 218.65.238.0 0.0.0.255
#
acl number 3007
description PingNanSR7750_nsfocus
rule 0 permit ip destination 222.83.214.0 0.0.1.255
rule 2 permit ip destination 218.65.239.0 0.0.0.255
#
acl number 3008
description QinTangSR7750_nsfocus
rule 0 permit ip destination 58.59.185.0 0.0.0.127
rule 1 permit ip destination 222.83.229.0 0.0.0.63
#
acl number 3009
description ChengBeiSR7750_nsfocus
rule 0 permit ip destination 222.83.228.128 0.0.0.127
rule 1 permit ip destination 222.83.229.128 0.0.0.127
rule 2 permit ip destination 218.65.236.0 0.0.0.255
rule 3 permit ip destination 58.59.184.0 0.0.0.255
rule 4 permit ip destination 58.59.185.128 0.0.0.127
rule 5 permit ip destination 202.103.222.0 0.0.0.15
#
acl number 3010
rule 20 permit ip source 116.8.0.0 0.0.31.255
rule 40 permit ip
#
acl number 3100
rule 5 permit tcp destination-port eq echo
rule 10 permit tcp destination-port eq CHARgen