65+FWSM+ACE旁路部署.docx
- 文档编号:6105371
- 上传时间:2023-05-09
- 格式:DOCX
- 页数:37
- 大小:40.15KB
65+FWSM+ACE旁路部署.docx
《65+FWSM+ACE旁路部署.docx》由会员分享,可在线阅读,更多相关《65+FWSM+ACE旁路部署.docx(37页珍藏版)》请在冰点文库上搜索。
65+FWSM+ACE旁路部署
xxxx#showrun
这次部署是ace的一次简单的旁路部署,有很多丰富的应用还没加上去,比如strick头插入一些特性。
Buildingconfiguration...
Currentconfiguration:
7742bytes
!
upgradefpdauto
version12.2
servicetimestampsdebuguptime
servicetimestampsloguptime
servicepassword-encryption
servicecountersmaxage5
!
hostnamexxxx
!
bootsystemflashsup-bootflash:
/s72033-advipservicesk9_wan-mz.122-18.SXF11.bin
enablepassword701180316590E145E721E175A4925
!
usernameadminpassword710450C0B0712005A5F5673787408
aaanew-model
aaaauthenticationlogindefaultlocal
aaaauthorizationexecdefaultlocal
!
aaasession-idcommon
svclcmultiple-vlan-interfaces(将相对应的vlan关联进ace)
svclcmodule2vlan-group2
svclcvlan-group2900
firewallmultiple-vlan-interfaces(关联防火墙,)
firewallmodule1vlan-group1
firewallvlan-group1100,200,300,900
ipsubnet-zero
!
!
!
noipdomain-lookup
ipdomain-name
ipslbserverfarmSSO-WEB
realxx.xx.137.76
inservice
!
realxx.xx.137.77
inservice
!
ipv6mfibhardware-switchingreplication-modeingress
mlsipmulticastflow-stat-timer9
nomlsflowip
nomlsflowipv6
nomlsacltcamshare-global
mlsceferroractionfreeze
!
!
!
!
!
!
!
!
redundancy
modesso
main-cpu
auto-syncrunning-config
spanning-treemodepvst
diagnosticcnspublishs.device.diag_results
diagnosticcnssubscribes.device.diag_commands
fabricbuffer-reservequeue
!
vlaninternalallocationpolicyascending
vlanaccess-logratelimit2000
!
!
!
!
interfaceGigabitEthernet5/1
noipaddress
!
interfaceGigabitEthernet5/2
noipaddress
!
interfaceGigabitEthernet9/1
switchport
switchportaccessvlan200
switchportmodeaccess
noipaddress
!
interfaceGigabitEthernet9/2
switchport
switchportaccessvlan200
switchportmodeaccess
noipaddress
!
interfaceGigabitEthernet9/3
switchport
switchportaccessvlan200
switchportmodeaccess
noipaddress
!
interfaceGigabitEthernet9/4
switchport
switchportaccessvlan200
switchportmodeaccess
noipaddress
!
interfaceGigabitEthernet9/5
switchport
switchportaccessvlan300
switchportmodeaccess
noipaddress
!
interfaceGigabitEthernet9/6
switchport
switchportaccessvlan300
switchportmodeaccess
noipaddress
!
interfaceGigabitEthernet9/7
switchport
switchportaccessvlan300
switchportmodeaccess
noipaddress
!
interfaceGigabitEthernet9/8
switchport
switchportaccessvlan200
switchportmodeaccess
noipaddress
!
interfaceGigabitEthernet9/9
switchport
switchportaccessvlan200
switchportmodeaccess
noipaddress
!
interfaceGigabitEthernet9/10
switchport
switchportaccessvlan200
switchportmodeaccess
noipaddress
!
interfaceGigabitEthernet9/11
switchport
switchportaccessvlan300
switchportmodeaccess
noipaddress
!
interfaceGigabitEthernet9/12
switchport
switchportaccessvlan200
switchportmodeaccess
noipaddress
!
interfaceGigabitEthernet9/13
switchport
switchportaccessvlan200
switchportmodeaccess
noipaddress
!
interfaceGigabitEthernet9/14
noipaddress
!
interfaceGigabitEthernet9/15
noipaddress
!
interfaceGigabitEthernet9/16
switchport
switchportmodeaccess
noipaddress
!
interfaceGigabitEthernet9/17
switchport
switchportaccessvlan200
switchportmodeaccess
noipaddress
!
interfaceGigabitEthernet9/18
switchport
switchportaccessvlan300
switchportmodeaccess
noipaddress
!
interfaceGigabitEthernet9/19
switchport
switchportaccessvlan300
switchportmodeaccess
noipaddress
!
interfaceGigabitEthernet9/20
switchport
switchportaccessvlan300
switchportmodeaccess
noipaddress
!
interfaceGigabitEthernet9/21
switchport
switchportaccessvlan200
switchportmodeaccess
noipaddress
!
interfaceGigabitEthernet9/22
noipaddress
!
interfaceGigabitEthernet9/23
switchport
switchportaccessvlan200
switchportmodeaccess
switchportnonegotiate
noipaddress
shutdown
!
interfaceGigabitEthernet9/24
switchport
switchportaccessvlan200
switchportmodeaccess
switchportnonegotiate
noipaddress
!
interfaceGigabitEthernet9/25
switchport
switchportaccessvlan300
switchportmodeaccess
noipaddress
shutdown
!
interfaceGigabitEthernet9/26
switchport
switchportaccessvlan300
switchportmodeaccess
noipaddress
!
interfaceGigabitEthernet9/27
noipaddress
!
interfaceGigabitEthernet9/28
noipaddress
!
interfaceGigabitEthernet9/29
noipaddress
!
interfaceGigabitEthernet9/30
noipaddress
!
interfaceGigabitEthernet9/31
noipaddress
!
interfaceGigabitEthernet9/32
noipaddress
!
interfaceGigabitEthernet9/33
noipaddress
!
interfaceGigabitEthernet9/34
noipaddress
!
interfaceGigabitEthernet9/35
noipaddress
!
interfaceGigabitEthernet9/36
noipaddress
!
interfaceGigabitEthernet9/37
noipaddress
!
interfaceGigabitEthernet9/38
noipaddress
!
interfaceGigabitEthernet9/39
switchport
switchportmodeaccess
noipaddress
!
interfaceGigabitEthernet9/40
noipaddress
!
interfaceGigabitEthernet9/41
noipaddress
!
interfaceGigabitEthernet9/42
noipaddress
!
interfaceGigabitEthernet9/43
noipaddress
!
interfaceGigabitEthernet9/44
noipaddress
!
interfaceGigabitEthernet9/45
noipaddress
!
interfaceGigabitEthernet9/46
switchport
switchportaccessvlan300
switchportmodeaccess
noipaddress
!
interfaceGigabitEthernet9/47
switchport
switchportmodeaccess
noipaddress
!
interfaceGigabitEthernet9/48
descriptionconncettoisp
ipaddressxx.xx.131.74255.255.255.252
!
interfaceVlan1
ipaddressxx.xx.10.65255.255.255.0
!
interfaceVlan100
descriptionconnecttoshequ-outside
ipaddressxx.xx.137.241255.255.255.248
!
interfaceVlan900
descriptionconnecttoACE
ipaddressxx.xx.137.225255.255.255.240
ipaccess-groupxxxxout
!
ipclassless
iproute0.0.0.00.0.0.0xx.xx.131.73
iproutexx.xx.137.0255.255.255.0xx.xx.137.242
iproutexx.xx.137.2255.255.255.255xx.xx.137.226
iproutexx.xx.137.3255.255.255.255xx.xx.137.242
iproutexx.xx.137.4255.255.255.255xx.xx.137.242
iproutexx.xx.137.6255.255.255.255xx.xx.137.242
iproutexx.xx.137.7255.255.255.255xx.xx.137.242
iproutexx.xx.137.8255.255.255.255xx.xx.137.242
iproutexx.xx.137.9255.255.255.255xx.xx.137.242
iproutexx.xx.137.10255.255.255.255xx.xx.137.242
iproutexx.xx.137.11255.255.255.255xx.xx.137.242
iproutexx.xx.137.12255.255.255.255xx.xx.137.242
iproutexx.xx.137.13255.255.255.255xx.xx.137.242
iproutexx.xx.137.14255.255.255.255xx.xx.137.242
iproutexx.xx.137.16255.255.255.255xx.xx.137.242
iproutexx.xx.137.17255.255.255.255xx.xx.137.242
iproutexx.xx.137.55255.255.255.255xx.xx.137.226
iproutexx.xx.137.66255.255.255.255xx.xx.137.226
iproutexx.xx.137.74255.255.255.255xx.xx.137.242
iproutexx.xx.137.75255.255.255.255xx.xx.137.242
iproutexx.xx.137.88255.255.255.255xx.xx.137.226
iproutexx.xx.137.89255.255.255.255xx.xx.137.226
iproutexx.xx.137.98255.255.255.255xx.xx.137.226
iproutexx.xx.137.99255.255.255.255xx.xx.137.226
iproutexx.xx.137.180255.255.255.255xx.xx.137.226
!
noiphttpserver
!
ipaccess-listextendedxxxx
permittcphost219.142.154.54hostxx.xx.137.88eqwww
permittcp123.124.172.00.0.0.255hostxx.xx.137.88eqwww
permittcphost61.148.109.85hostxx.xx.137.88eqwww
permittcphost218.204.252.169hostxx.xx.137.88eqwww
permittcphost61.148.109.86hostxx.xx.137.88eqwww
denytcpanyhostxx.xx.137.88eqwww
permitipanyany
!
!
!
radius-serversource-ports1645-1646
!
control-plane
!
!
!
dial-peercorcustom
!
!
!
!
linecon0
exec-timeout50
loggingsynchronous
linevty04
exec-timeout50
transportinputtelnetssh
linevty514
exec-timeout50
transportinputtelnetssh
linevty15
exec-timeout50
!
!
nocnsaaaenable
end
xxxx#sesl1pr1
ThedefaultescapecharacterisCtrl-^,thenx.
Youcanalsotype'exit'attheremoteprompttoendthesession
Trying127.0.0.11...Open
UserAccessVerification
Password:
Typehelpor'?
'foralistofavailablecommands.
FWSM>en
Password:
*************
FWSM#chan
FWSM#changetocon
FWSM#changetocontextshe-qu
FWSM/she-qu#conft
FWSM/she-qu(config)#showrun
:
Saved
:
FWSMVersion3.2(5)
!
hostnameshe-qu
domain-nameshe-qu
enablepasswordfUY/SpghaR7Ytbbbencrypted
cputhresholdrising80%3000
names
!
interfaceVlan100
nameifOutside
security-level0
ipaddressxx.xx.137.242255.255.255.248
!
interfaceVlan200
nameifDMZ
security-level50
ipaddress192.168.1.254255.255.255.0
!
interfaceVlan300
nameifInside
security-level100
ipaddress192.168.2.254255.255.255.0
!
passwdfUY/SpghaR7Ytbbbencrypted
object-groupservicewebtcp
port-objecteqwww
object-groupnetworkweb-host
network-objectxx.xx.137.14255.255.255.255
network-objectxx.xx.137.3255.255.255.255
network-objectxx.xx.137.12255.255.255.255
network-objectxx.xx.137.10255.255.255.255
network-objectxx.xx.137.11255.255.255.255
network-objectxx.xx.137.4255.255.255.255
network-objectxx.xx.137.9255.255.255.255
network-objectxx.xx.137.13255.255.255.255
network-objectxx.xx.137.6255.255.255.255
network-objectxx.xx.137.7255.255.255.255
network-objectxx.xx.137.8255.255.255.255
network-objectxx.xx.137.16255.255.255.255
network-objectxx.xx.137.17255.255.255.255
network-objectxx.xx.137.67255.255.255.255
object-groupnetworksso-host
network-objectxx.xx.137.76255.255.255.255
network-objectxx.xx.137.77255.255.255.255
object-groupnetworkany
network-object0.0.0.00.0.0.0
object-groupne
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 65 FWSM ACE 旁路 部署