Shulou(Shulou.com)06/01 Report--

New version of OS initial console username: admin, password: Admin@123

Connect the console to the device:

Copyright (C) 2010-2013 Huawei Technologies Co., Ltd. * All rights reserved * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed. *

User interface con0 is available

Please Press ENTER.

Clock date 12:40:30 2016-02-24

System-view

12:32:52 2016-02-24

Enter system view, return user view with Ctrl+Z.

[SRG] sysn

[SRG] sysname toys

[toys] dis ip int b-display ip interface brief

13:27:09 2016-02-24

* down: administratively down

(s): spoofing

Interface IP Address Physical Protocol Description

GigabitEthernet0/0/0 192.168.0.1 down down Huawei, SRG Seri

GigabitEthernet0/0/1 unassigned down down Huawei, SRG Seri

GigabitEthernet0/0/2 unassigned down down Huawei, SRG Seri

GigabitEthernet0/0/3 unassigned down down Huawei, SRG Seri

GigabitEthernet0/0/4 unassigned down down Huawei, SRG Seri

GigabitEthernet0/0/5 unassigned down down Huawei, SRG Seri

GigabitEthernet0/0/6 unassigned down down Huawei, SRG Seri

GigabitEthernet0/0/7 unassigned down down Huawei, SRG Seri

GigabitEthernet0/0/8 unassigned down down Huawei, SRG Seri

[toys] int Gi 0/0/1-interface GigabitEthernet0/0/1

13:28:28 2016-02-24

[toys-GigabitEthernet0/0/1] ip add 192.168.2.2 24----ip address 192.168.2.2 255.255.255.0

13:29:40 2016-02-24

[toys-GigabitEthernet0/0/1] des link-port-to-neiwang-description link-port-to-neiwang

13:31:50 2016-02-24

[toys-GigabitEthernet0/0/1] q-quit

13:32:38 2016-02-24

[toys] dis zo-display zone

13:33:11 2016-02-24

Local

Priority is 100

#

Trust

Priority is 85

Interface of the zone is (1):

GigabitEthernet0/0/0

#

Untrust

Priority is 5

Interface of the zone is (0):

#

Dmz

Priority is 50

Interface of the zone is (0):

#

[toys] fire zo trust-firewall zone trust

13:34:38 2016-02-24

[toys-zone-trust] add int gi 0/0/1-add interface GigabitEthernet0/0/1

13:35:30 2016-02-24

[toys-zone-trust] dis fire packet-filter default all-display firewall packet-filter default all view packet filtering default

13:36:21 2016-02-24

Firewall default packet-filter action is:

Packet-filter in public:

Local-> trust:

Inbound: default: permit; | | IPv6-acl: null

Outbound: default: permit; | | IPv6-acl: null

Local-> untrust:

Inbound: default: deny; | | IPv6-acl: null

Outbound: default: permit; | | IPv6-acl: null

Local-> dmz:

Inbound: default: deny; | | IPv6-acl: null

Outbound: default: permit; | | IPv6-acl: null

Trust-> untrust:

Inbound: default: deny; | | IPv6-acl: null

Outbound: default: deny; | | IPv6-acl: null

Trust-> dmz:

Inbound: default: deny; | | IPv6-acl: null

Outbound: default: deny; | | IPv6-acl: null

Dmz-> untrust:

Inbound: default: deny; | | IPv6-acl: null

Outbound: default: deny; | | IPv6-acl: null

Packet-filter between VFW:

[toys-zone-trust] q

13:43:02 2016-02-24

[toys] firewall packet-filter default permit interzone trust local--- is allowed by default trust policy, which does not specify direction (default) two-way access by default

13:50:03 2016-02-24

Warning:Setting the default packet filtering to permit poses security risks. You

Are advised to configure the security policy based on the actual data flows. Ar

E you sure you want to continue? [Y/N] y

[toys] q

13:57:26 2016-02-24

Language-mode chinese

13:57:39 2016-02-24

Warning: The operation will change the language mode. Continue? [Y/N]: y

Tip: change to Chinese mode.

13:57:42 on 2018-2-5 toys% CMD/4/LAN_MODE (l): when deciding whether to change the language mode, the user chose Y.

System-view

14:02:12 2016-02-24

Enter the system view and type Ctrl+Z to return to the user view.

[toys] user-interface?

The first user terminal interface to be configured by INTEGER

Aux Auxiliary user Terminal Interface

Console primary user terminal interface

Current current user Terminal Interface

Maximum number of maximum-vty vty users

Tty Asynchronous user Terminal Interface

Vty virtual user terminal interface

[toys] user-interface v

[toys] user-interface vty?

The first user terminal interface to be configured by INTEGER

[toys] user-interface vty 0 4

14:03:21 2016-02-24

[toys-ui-vty0-4] authentication-mode?

Aaa uses AAA for verification

Password uses password authentication of user terminal interface

[toys-ui-vty0-4] authentication-mode aaa

14:04:21 2016-02-24

[toys-ui-vty0-4] authentication-mode password?

Cipher indicates that the password is displayed in ciphertext

[toys-ui-vty0-4] authentication-mode password ci

[toys-ui-vty0-4] authentication-mode password cipher?

STRING/ plaintext / ciphertext password string

[toys-ui-vty0-4] authentication-mode password cipher Toys123456

14:06:19 2016-02-24

[toys-ui-vty0-4] Q

[toys] aaa

14:07:55 2016-02-24

[toys-aaa] local-user toy?

Access-limit access restriction

Acl-number configuration ACL number

Ftp-directory sets the FTP directory where the user logs in

Idle-cut configuration Idle cut off

L2tp-ip configure user l2tp bind ip

Level configure user priority

Password plaintext password string

Service-type authorized user service type

State sets the activation status of the user

Valid-period indicates the validity period of the user

* *-instance specifies a × × instance

[toys-aaa] local-user toy pss

[toys-aaa] local-user toy pa

[toys-aaa] local-user toy password?

Cipher indicates that the password is displayed in ciphertext

[toys-aaa] local-user toy password ci

[toys-aaa] local-user toy password cipher Toys123456

14:08:31 2016-02-24

[toys-aaa] local-user toy?

Access-limit access restriction

Acl-number configuration ACL number

Ftp-directory sets the FTP directory where the user logs in

Idle-cut configuration Idle cut off

L2tp-ip configure user l2tp bind ip

Level configure user priority

Password plaintext password string

Service-type authorized user service type

State sets the activation status of the user

Valid-period indicates the validity period of the user

* *-instance specifies a × × instance

[toys-aaa] local-user toy le

[toys-aaa] local-user toy level?

INTEGER priority value

Audit audit level

[toys-aaa] local-user toy level 15

14:09:58 2016-02-24

[toys-aaa] q

[toys-aaa] local-user toy level 15

14:09:58 2016-02-24

[toys-aaa] q

14:11:17 2016-02-24

[toys] q

14:11:21 2016-02-24

Save- remember to save to avoid losing the configuration.

14:15:32 2016-02-24

The current configuration will be written to the device.

Are you sure to continue? [Y/N] y

2018-02-05 14:15:33 toys% CFM/4/SAVE (l): When deciding whether to save config

Uration to the device, the user chose Y.

Do you want to synchronically save the configuration to the startup saved-config

Uration file on peer device? [Y/N]: y

Now saving the current configuration to the device....

Info:The current configuration was saved to the device successfully.

System-view

14:16:39 2016-02-24

Enter system view, return user view with Ctrl+Z.

[toys] web-manager?

Config-guide Indicate the keyword of the HTTPD configuration guide

Enable Enable Web server

Security Indicate HTTP running over SSL

Timeout Specify the web timeout of the Web server

User Specify the parameter of the web user

[toys] web-manager enable- configure web mode

14:19:32 2016-02-24

Web server has been enabled,please disable it first!

[toys] rsa local-key-pair?

Create Create new local public key pairs

Destroy Destroy the local public key pairs

[toys] rsa local-key-pair c

[toys] rsa local-key-pair create?

[toys] rsa local-key-pair create- sets ssh management and creates local RSA key pairs

14:22:39 2016-02-24

The key name will be: toys_Host

The range of public key size is (512 ~ 2048).

NOTES: If the key modulus is greater than 512

It will take a few minutes.

Input the bits in the modulus [default = 768]:

Generating keys...

. +

. +

. +

. +

[toys] user-interface vty 0 4

14:24:21 2016-02-24

[toys-ui-vty0-4] pro

[toys-ui-vty0-4] protocol?

Inbound Incomming protocol

[toys-ui-vty0-4] protocol in

[toys-ui-vty0-4] protocol inbound?

All All protocol

Ssh SSH protocol

Telnet Telnet protocol

[toys-ui-vty0-4] protocol inbound all?

[toys-ui-vty0-4] protocol inbound all

14:24:51 2016-02-24

[toys] ssh?

Authentication-type Authentication type

Client Set SSH client attribute

Server Set the server attribute

User SSH user

[toys] ssh us

[toys] ssh user?

STRING The specified user name

[toys] ssh user toy?

Assign Set the key

Authentication-type Authentication type

Service-type Set service type

Sftp-directory Set SFTP direcotry

[toys] ssh user toy su

[toys] ssh user toy au

[toys] ssh user toy authentication-type?

All All authentication mode, either password or RSA

Password Password authentication

Password-rsa Both password and RSA authentication modes

Rsa RSA authentication

[toys] ssh user toy authentication-type rsa?

[toys] ssh user toy authentication-type rsa

14:26:29 2016-02-24

Info: Succeeded in adding a new SSH user.

[toys] q

14:27:07 2016-02-24

Save

14:27:09 2016-02-24

The current configuration will be written to the device.

Are you sure to continue? [Y/N] y

2018-02-05 14:27:12 toys% CFM/4/SAVE (l): When deciding whether to save config

Uration to the device, the user chose Y.

Do you want to synchronically save the configuration to the startup saved-config

Uration file on peer device? [Y/N]: y

Now saving the current configuration to the device...

Info:The current configuration was saved to the device successfully.

Clear the configuration and restore the factory settings

Reset saved-configuration

14:28:04 2016-02-24

The action will delete the saved configuration in the device.

The configuration will be erased to reconfigure.

Are you sure? [Y/N] n

2018-02-05 14:28:09 toys% CFM/4/RST_CFG (l): When deciding whether to reset th

E saved configuration, the user chose N.

Delete configuration directory

Dir?

/ all List all files

STRING [drive] [path] [file name]

Flash: Flash device name

Dir / a

Dir / all

14:28:58 2016-02-24

Directory of flash:/

0-rw- 61 Feb 05 2018 14:27:16 private-data.txt

1-rw- 2907 Feb 05 2018 14:27:17 vrpcfg.cfg

31248 KB total with 31184 KB free

Dir?

/ all List all files

STRING [drive] [path] [file name]

Flash: Flash device name

Dir fl

Dir flash:?

Flash:

Dir flash:

14:29:19 2016-02-24

Directory of flash:/

0-rw- 61 Feb 05 2018 14:27:16 private-data.txt

1-rw- 2907 Feb 05 2018 14:27:17 vrpcfg.cfg

31248 KB total with 31184 KB free

Del?

/ unreserved Delete a file permanently

STRING [drive] [path] [file name]

Flash: Flash device name

Del fl

Del flash:?

Flash:

Del vr

Del vrpcfg.cfg?

Del vrpcfg.cfg

14:30:02 2016-02-24

Be Careful! Deleting the next startup config file will lose your configuration.

Delete flash:/vrpcfg.cfg? [Y/N]: n

2018-02-05 14:30:04 toys% VFS/4/DEL (l): When asked whether to delete the file

Flash:/vrpcfg.cfg, the user entered N.

Ftp is enabled

System-view

14:30:55 2016-02-24

Enter system view, return user view with Ctrl+Z.

[toys] ftp server enable

14:31:10 2016-02-24

Info:Start FTP server

[toys] dhcp enable

14:36:48 2016-02-24

Info:DHCP task has already started.

[toys] [toys] int gi 0/0/1

14:37:14 2016-02-24

[toys-GigabitEthernet0/0/1] dhcp cli

[toys-GigabitEthernet0/0/1] dhcp client?

Enable DHCP Client enable

Forbid DHCP Client forbid apply option

Renew dhcp client renew

[toys-GigabitEthernet0/0/1] dhcp client rn

[toys-GigabitEthernet0/0/1] dhcp client en

[toys-GigabitEthernet0/0/1] dhcp client enable?

Track Specify track configuration

[toys-GigabitEthernet0/0/1] dhcp client enable

14:39:31 2016-02-24

Info: There are ip addresses in the interface, please delete them at first.

[toys] firewall zone untrust

14:47:02 2016-02-24

[toys-zone-untrust] add?

Interface Indicate the priority of the security zone

[toys-zone-untrust] add interface GigabitEthernet 0/0/2

14:47:24 2016-02-24

[toys-zone-untrust] q

14:48:05 2016-02-24

[toys] fir

[toys] firewall pa

[toys] firewall packet-filter de

[toys] firewall packet-filter default in

[toys] firewall packet-filter default int

[toys] firewall packet-filter default pe

[toys] firewall packet-filter default permit in

[toys] firewall packet-filter default permit interzone lo

[toys] firewall packet-filter default permit interzone local

[toys] firewall packet-filter default permit interzone local?

Dmz Indicate the DMZ

Trust Indicate the Trust zone

Untrust Indicate the Untrust zone

*-instance Indicate a × × instance

[toys] firewall packet-filter default permit interzone local un

[toys] firewall packet-filter default permit interzone local untrust?

Direction Indicate the direction

[toys] firewall packet-filter default permit interzone local untrust

14:48:37 2016-02-24

Warning:Setting the default packet filtering to permit poses security risks. You

Are advised to configure the security policy based on the actual data flows. Ar

E you sure you want to continue? [Y/N] y

[toys] dhcp server forbidden-ip 192.168.2.2 192.168.2.30-DHCP

14:50:05 2016-02-24

[toys] dhcp server forbidden-ip?

X.X.X.X Low IP address

[toys] dhcp server forbidden-ip 192.168.2.2 192.168.2.30

14:50:05 2016-02-24

[toys] dhc

[toys] dhcp se

[toys] dhcp server ip

[toys] dhcp server ip-pool?

STRING Global IP address pool name

[toys] dhcp server ip-pool 0

14:50:28 2016-02-24

[toys-dhcp-0] ne

[toys-dhcp-0] net

[toys-dhcp-0] netw

[toys-dhcp-0] network 192.168.2.1 m

[toys-dhcp-0] network 192.168.2.1 mask?

INTEGER Network mask length

X.X.X.X Network mask

[toys-dhcp-0] network 192.168.2.1 mask 255.255.255.0

14:50:56 2016-02-24

[toys-dhcp-0] gs

[toys-dhcp-0] ga

[toys-dhcp-0] gateway-list 192.168.2.1

14:51:07 2016-02-24

[toys-dhcp-0] dns

[toys-dhcp-0] dns-list 202.96.209.166 202.96.209.6

14:51:34 2016-02-24

[toys-dhcp-0] dom

[toys-dhcp-0] domain-name www.baidu.com

14:51:52 2016-02-24

[toys-dhcp-0] dh

[toys-dhcp-0] q

14:52:09 2016-02-24

[toys] interface Dialer?

Dialer interface number

[toys] interface Dialer 1

14:54:03 2016-02-24

[toys-Dialer1] li

[toys-Dialer1] link-protocol?

Ppp Point-to-Point protocol

[toys-Dialer1] link-protocol ppp?

[toys-Dialer1] link-protocol ppp

14:54:14 2016-02-24

[toys-Dialer1] ppp?

Accm Specify accm value

Authentication-mode Specify PPP authentication-mode

Chap Specify CHAP parameters

Ipcp Specify IPCP parameters

Lqc Specify the close and resume percent of link

Pap Specify PAP parameters

Peer Specify PPP peer

Timer Specify timer

[toys-Dialer1] ppp pap

[toys-Dialer1] ppp pap?

Local-user Specify user name

[toys-Dialer1] ppp pap loc

[toys-Dialer1] ppp pap local-user toy?

Password Specify user password

[toys-Dialer1] ppp pap local-user toy pa

[toys-Dialer1] ppp pap local-user toy password?

Cipher Indicate the current password with cipher text

[toys-Dialer1] ppp pap local-user toy password ci

[toys-Dialer1] ppp pap local-user toy password cipher?

STRING/ The UNENCRYPTED/ENCRYPTED password string

[toys-Dialer1] ppp pap local-user toy password cipher Toy123456

[toys-Dialer1] ip address pp

[toys-Dialer1] ip address ppp-negotiate?

[toys-Dialer1] ip address ppp-negotiate

14:57:20 2016-02-24

[toys-Dialer1] dialer?

Bundle Specify dialer bundle number

Enable-circular Enable Circular DCC

Listen-group Dialer listen group

Number Dial number to next-hop

Priority Specify priority for use in dialer rotary-group

Queue-length Output queue during dial out

Threshold Specify threshold

Timer Specify timer configuration information

User Enable RS-DCC,specify the user name of remote

[toys-Dialer1] dialer us

[toys-Dialer1] dialer user?

STRING The user name of remote

[toys-Dialer1] dialer user toy

14:57:47 2016-02-24

[toys-Dialer1] dialer user?

STRING The user name of remote

[toys-Dialer1] dialer user toy

14:57:47 2016-02-24

[toys-Dialer1] di

[toys-Dialer1] dia

[toys-Dialer1] dialer b

[toys-Dialer1] dialer bundle?

INTEGER Bundle number

[toys-Dialer1] dialer bundle 1

14:58:08 2016-02-24

[toys-Dialer1] q

14:58:31 2016-02-24

[toys] display pppoe-?-PPPOE

Pppoe-client pppoe-server

[toys] display pppoe-cl

[toys] display pppoe-client?

Session Indicate the PPPoE Client session information

[toys] display pppoe-client se

[toys] display pppoe-client session?

Packet Indicate Packet/Byte count information

Summary Indicate session summary information

[toys] display pppoe-client session su

[toys] display pppoe-client session summary?

Dial-bundle-number Indicate the dialer bundle keyword

[toys] display pppoe-client session summary di

[toys] display pppoe-client session summary dial-bundle-number?

INTEGER Dialer bundle number

[toys] display pppoe-client session summary dial-bundle-number 1

14:59:42 2016-02-24

PPPoE Client Session:

ID Bundle Dialer Intf Client-MAC Server-MAC State

[toys] ip route-static?

X.X.X.X Destination IP address

Default-preference Preference-value for IPv4 static-routes

*-instance × × ×-Instance route information

[toys] ip route-static 192.168.2.2 255.255.255.0 10.10.10.2-add rout

15:03:43 2016-02-24

Info: The destination address and the mask do not match.

[toys] dis ip routing-table verbose-View rout

15:04:33 2016-02-24

Route Flags: r-relay, D-download to fib

Routing Table: Public

Destinations: 3 Routes: 3

Destination: 127.0.0.0/8

Protocol: Direct Process ID: 0

Preference: 0 Cost: 0

NextHop: 127.0.0.1 Neighbour: 0.0.0.0

State: Active NoAdv Age: 02h49m33s

Tag: 0 Priority: 0

Label: NULL QoSInfo: 0x0

EntryFlags: 0x80000018 RefPriCnt: 1

RelayNextHop: 0.0.0.0 Interface: InLoopBack0

TunnelID: 0x0 Flags: D

Destination: 127.0.0.1/32

Protocol: Direct Process ID: 0

Preference: 0 Cost: 0

NextHop: 127.0.0.1 Neighbour: 0.0.0.0

State: Active NoAdv Age: 02h49m33s

Tag: 0 Priority: 0

Label: NULL QoSInfo: 0x0

EntryFlags: 0x81000018 RefPriCnt: 1

RelayNextHop: 0.0.0.0 Interface: InLoopBack0

TunnelID: 0x0 Flags: D

Destination: 192.168.2.0/24

Protocol: Static Process ID: 0

Preference: 60 Cost: 0

NextHop: 10.10.10.2 Neighbour: 0.0.0.0

State: Inactive Adv WaitQ Age: 00h00m55s

Tag: 0 Priority: 0

Label: NULL QoSInfo: 0x0

EntryFlags: 0x312000 RefPriCnt: 2

RelayNextHop: 0.0.0.0 Interface:

TunnelID: 0x0 Flags: R

[toys] dis zone-View security zone

15:05:30 2016-02-24

Local

Priority is 100

#

Trust

Priority is 85

Interface of the zone is (2):

GigabitEthernet0/0/0

GigabitEthernet0/0/1

#

Untrust

Priority is 5

Interface of the zone is (1):

GigabitEthernet0/0/2

#

Dmz

Priority is 50

Interface of the zone is (0):

#

[toys] fil

[toys] fir

[toys] firewall zon

[toys] firewall zone n

[toys] firewall zone name dm

[toys] firewall zone name dmz3- sets the security level of the security zone

15:06:24 2016-02-24

[toys-zone-dmz3] set?

Priority Indicate the priority of the security zone

[toys-zone-dmz3] set p

[toys-zone-dmz3] set priority?

INTEGER Specify the priority of the security zone

[toys-zone-dmz3] set priority 80

15:06:46 2016-02-24

[toys-zone-dmz3] q

15:07:36 2016-02-24

[toys] acl 2000-set acl

15:09:07 2016-02-24

[toys-acl-basic-2000] rule?

INTEGER Specify ID of ACL rule

Deny Indicate matched packet deny

Permit Indicate matched packet permit

[toys-acl-basic-2000] rule 1?

Deny Indicate matched packet deny

Permit Indicate matched packet permit

[toys-acl-basic-2000] rule 1 pe

[toys-acl-basic-2000] rule 1 permit?

Description Specify rule description

Logging Indicate log matched packet

Source Indicate source address

Time-range Indicate a special time

[toys-acl-basic-2000] rule 1 permit so

[toys-acl-basic-2000] rule 1 permit source?

X.X.X.X Specify the source address

Address-set Indicate the address set configuration information

Any Indicate any source

[toys-acl-basic-2000] rule 1 permit source 192.168.2.2?

0 Wildcard bits: 0.0.0.0 (a host)

X.X.X.X Indicate wildcard of source

[toys-acl-basic-2000] rule 1 permit source 192.168.2.2 0

15:10:12 2016-02-24

[toys-acl-basic-2000] q

15:10:15 2016-02-24

[toys] dis acl all

15:10:20 2016-02-24

Total nonempty acl number is 1

Basic ACL 2000, 1 rule,not binding with * *-instance

Acl's step is 5

Rule 1 permit source 192.168.2.2 0 (0 times matched)

[toys] firewall interzone untrust t

[toys] firewall interzone untrust trust

15:12:18 2016-02-24

[toys-interzone-trust-untrust] q

15:13:30 2016-02-24

[toys] nat server global?-address nat

X.X.X.X Global IP address of server

Interface Indicate the interface

[toys] nat server global 192.168.2.2 in

[toys] nat server global 192.168.2.2 inside?

X.X.X.X Local IP address of server host

[toys] nat server global 192.168.2.2 inside 10.10.10.3

15:15:54 2016-02-24

[toys] q

Save

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.