# network

**Repository Path**: ckorig/network

## Basic Information

- **Project Name**: network
- **Description**: 网络相关架构与资源
- **Primary Language**: Shell
- **License**: MulanPSL-2.0
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2025-05-23
- **Last Updated**: 2025-10-17

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

# network

#### 介绍
小型网络相关架构与资源

1. 交换机
2. 路由器
3. 防火墙

![](./n1.png)
![](./n2.png)
![](./n3.png)
![](./n4.png)

## 交换机配置

```
core>display current-configuration 
#
sysname core
#
undo info-center enable
#
vlan batch 10 12 15 100
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif10
 ip address 192.168.10.254 255.255.255.0
#
interface Vlanif12
 ip address 192.168.12.254 255.255.255.0
#
interface Vlanif15
 ip address 192.168.15.254 255.255.255.0
#
interface Vlanif100
 ip address 192.168.100.1 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10 12 15 100
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 10 12 15 100
#
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 10
#
interface GigabitEthernet0/0/4
#
.....
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.100.1
#
user-interface con 0
user-interface vty 0 4
#
return
```

### 防火墙

```
[USG6000V1]display current-configuration 
2025-10-17 08:08:50.020 
!Software Version V500R005C10SPC300
#
sysname USG6000V1
#
 l2tp domain suffix-separator @
#
vlan batch 10 12 15 100
#
 ipsec sha2 compatible enable
#
undo telnet server enable
undo telnet ipv6 server enable
#
 update schedule location-sdb weekly Sun 01:13
#
 firewall defend action discard
#
 banner enable
#
 user-manage web-authentication security port 8887
 undo privacy-statement english
 undo privacy-statement chinese
page-setting
 user-manage security version tlsv1.1 tlsv1.2
password-policy
 level high
user-manage single-sign-on ad
user-manage single-sign-on tsm
user-manage single-sign-on radius
user-manage auto-sync online-user
#
 web-manager security version tlsv1.1 tlsv1.2
 web-manager enable
 web-manager security enable
#
firewall dataplane to manageplane application-apperceive default-action drop
#
 undo ips log merge enable
#
 decoding uri-cache disable
#
 update schedule ips-sdb daily 00:12
 update schedule av-sdb daily 00:12
 update schedule sa-sdb daily 00:12
 update schedule cnc daily 00:12
 update schedule file-reputation daily 00:12
#
ip vpn-instance default
 ipv4-family
#
 time-range worktime
  period-range 08:00:00 to 18:00:00 working-day
#
ike proposal default
 encryption-algorithm aes-256 aes-192 aes-128
 dh group14
 authentication-algorithm sha2-512 sha2-384 sha2-256
 authentication-method pre-share
 integrity-algorithm hmac-sha2-256
 prf hmac-sha2-256
#
aaa
 authentication-scheme default
 authentication-scheme admin_local
 authentication-scheme admin_radius_local
 authentication-scheme admin_hwtacacs_local
 authentication-scheme admin_ad_local
 authentication-scheme admin_ldap_local
 authentication-scheme admin_radius
 authentication-scheme admin_hwtacacs
 authentication-scheme admin_ad
 authorization-scheme default
 accounting-scheme default
 domain default
  service-type internetaccess ssl-vpn l2tp ike
  internet-access mode password
  reference user current-domain
 manager-user audit-admin
  password cipher @%@%1wLV*kkPi,]EpfS*P:"&[5K6Up^'<gt+p67%\LJ&>D/05K9[@%@%
  service-type web terminal
  level 15

 manager-user api-admin
  password cipher @%@%8K`.I<t4zE,29O/$6/(;x0Xs&3gM8IXgEQw5ct"Rt"}J0Xvx@%@%
  level 15

 manager-user admin
  password cipher @%@%sV,a2>+ewE4A%E245ZL+jrCrwBzYYQbpT~`p)'4VM|S>rCuj@%@%
  service-type web terminal
  level 15

 role system-admin
 role device-admin
 role device-admin(monitor)
 role audit-admin
 bind manager-user audit-admin role audit-admin
 bind manager-user admin role system-admin
#
interface Vlanif10
 ip address 192.168.10.254 255.255.255.0
 service-manage ping permit
#
interface Vlanif12
 ip address 192.168.12.254 255.255.255.0
 service-manage ping permit
#
interface Vlanif15
 ip address 192.168.15.254 255.255.255.0
 service-manage ping permit
#
interface Vlanif100
 ip address 192.168.100.250 255.255.255.0
 service-manage https permit
 service-manage ping permit
 service-manage ssh permit
#
l2tp-group default-lns
#
interface GigabitEthernet0/0/0
 undo shutdown
 ip address 192.168.66.1 255.255.255.0
 alias GE0/METH
 service-manage http permit
 service-manage https permit
 service-manage ping permit
 service-manage ssh permit
 service-manage snmp permit
 service-manage telnet permit
#
interface GigabitEthernet1/0/0
 portswitch
 undo shutdown
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet1/0/1
 undo shutdown
#
interface GigabitEthernet1/0/2
 undo shutdown
#
interface GigabitEthernet1/0/3
 undo shutdown
#
interface GigabitEthernet1/0/4
 undo shutdown
#
interface GigabitEthernet1/0/5
 undo shutdown
#
interface GigabitEthernet1/0/6
 undo shutdown
#
interface Virtual-if0
#
interface NULL0
#
firewall zone local
 set priority 100
#
firewall zone trust
 set priority 85
 add interface GigabitEthernet0/0/0
 add interface Vlanif10
 add interface Vlanif100
 add interface Vlanif12
 add interface Vlanif15
#
firewall zone untrust
 set priority 5
#
firewall zone dmz
 set priority 50
#
undo ssh server compatible-ssh1x enable
ssh authentication-type default password
ssh server cipher aes256_ctr aes128_ctr
ssh server hmac sha2_256 sha1
ssh client cipher aes256_ctr aes128_ctr
ssh client hmac sha2_256 sha1
#
firewall detect ftp
#
user-interface con 0
 authentication-mode aaa
user-interface vty 0 4
 authentication-mode aaa
 protocol inbound ssh
user-interface vty 16 20
#
pki realm default
#
sa
#
location
#
multi-linkif
 mode proportion-of-weight
#
right-manager server-group
#
device-classification
 device-group pc
 device-group mobile-terminal
 device-group undefined-group
#
user-manage server-sync tsm
#
security-policy
 rule name allow_ping_local
  source-zone local
  source-zone trust
  destination-zone local
  destination-zone trust
  service icmp
  action permit
 rule name vlan10_to_vlan100
  source-zone trust
  destination-zone trust
  source-address 192.168.10.0 0.0.0.255
  destination-address 192.168.100.0 0.0.0.255
  service icmp
  action permit
 rule name trust_to_trust
  source-zone trust
  destination-zone trust
  source-address 192.168.10.0 0.0.0.255
  source-address 192.168.100.0 0.0.0.255
  source-address 192.168.12.0 0.0.0.255
  source-address 192.168.15.0 0.0.0.255
  destination-address 192.168.10.0 0.0.0.255
  destination-address 192.168.100.0 0.0.0.255
  destination-address 192.168.12.0 0.0.0.255
  destination-address 192.168.15.0 0.0.0.255
  service icmp
  action permit
 rule name vlan100_to_cloud
  source-zone trust
  destination-zone untrust
  source-address 192.168.0.0 0.0.255.255
  destination-address 192.168.66.0 0.0.0.255
  service icmp
  action permit
#
auth-policy
#
traffic-policy
#
policy-based-route
#
nat-policy
#
quota-policy
#
pcp-policy
#
dns-transparent-policy
#
rightm-policy
#
return

```