<H3C>dis cu
#
 sysname H3C
#
 l2tp enable    //开启动L2TP协议
#
 nat address-group 20 xx.xx.xx.xx xx.xx.xx.xx
 nat static 192.168.1.1 211.99.10.148
 nat static 192.168.1.5 211.99.10.158
 nat static 192.168.1.4 211.99.10.157
 nat static 192.168.1.3 211.99.10.156
 nat static 192.168.1.2 211.99.10.155
#
 DNS resolve
 DNS-proxy enable
#
 web set-package force flash:/http.zip
#
radius scheme system
#
domain system
 ip pool 1 192.168.250.2 192.168.250.3    //设置VPN的地址池
#
local-user admin
 password simple huawei
 service-type telnet terminal
 level 3
 service-type ftp
local-user caolei
 password simple caolei
 service-type ppp           ///设置VPN的用户名字与密码,然后开启动PPP协议
local-user huawei
 password simple huawei
 service-type telnet
 level 3
local-user pppoe
 password cipher (Z9S*/B*+TOQ=^Q`MAF4<1!!
 service-type ppp
#
dhcp server ip-pool jingliren
 network 192.168.1.0 mask 255.255.255.224
 gateway-list 192.168.1.1
 dns-list 202.106.196.115 202.106.0.20
#
acl number 2000
 rule 0 permit source 192.168.1.0 0.0.0.31
 rule 2 permit source 192.168.250.0 0.0.0.31
 rule 3 deny
#
acl number 3000
 rule 0 deny tcp destination-port eq 6667
 rule 1 deny tcp destination-port eq 1434
 rule 2 deny udp destination-port eq 4444
 rule 3 deny tcp destination-port eq 135
 rule 4 deny udp destination-port eq 135
 rule 5 deny udp destination-port eq netbios-ssn
 rule 6 deny tcp destination-port eq 139
 rule 7 permit ip
#
interface Virtual-Template0
 ppp authentication-mode pap
 ip address 192.168.250.1 255.255.255.0      //在虚拟摸块设置ppp验证,然后设置网关
#
interface Ethernet1/0
 ip address 192.168.1.1 255.255.255.224
 ip address 211.xx.xx.xx 255.255.255.128 sub
 qos car inbound any cir 4096000 cbs 204800 ebs 1000 gree
 qos car outbound any cir 4096000 cbs 204800 ebs 1000 gre     ///QOS设置带宽限制
#
interface Ethernet1/1
#
interface Ethernet1/2
#
interface Ethernet1/3
#
interface Ethernet1/4
#
interface Ethernet3/0
 ip address 192.168.xx.xx 255.255.255.252
 firewall packet-filter 3000 inbound
 nat outbound static
 nat outbound 2000 address-group 20
#
interface Atm2/0
#
interface Virtual-Ethernet0
#
interface NULL0
#
l2tp-group 1
 undo tunnel authentication             //不进行TUNNEL认证
 mandatory-lcp                                /////LCP再协商/
 allow l2tp virtual-template 0        /接受任何LAC的l2tp请求，并绑定到VT0/
#
 FTP server enable
#
 dhcp server forbidden-ip 192.168.1.2 192.168.1.6
#
 ip route-static 0.0.0.0 0.0.0.0 192.168.xx.xx preferenc
#
 snmp-agent
 snmp-agent local-engineid 7F00000100002893
 snmp-agent community read jingliren
 snmp-agent sys-info version all
#
user-interface con 0
user-interface vty 0 4
 authentication-mode scheme
 user privilege level 3
#
return
<H3C>

本文出自 “黑子儿” 博客，请务必保留此出处http://heizi.blog.51cto.com/14185/36584

本文出自 51CTO.COM技术博客