HW cpe配置 - 《controller》

[Huawei]display current-configuration configuration
[V300R019C10SPC200]
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name dot1xmac_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name multi_authen_profile
authentication-profile name portal_authen_profile
#
ikev2 prf aes-xcbc-128 compatible
#
dhcp enable
#
ip vpn-instance test
 ipv4-family
  route-distinguisher 10:10
  vpn-target 10:10 export-extcommunity
  vpn-target 10:10 import-extcommunity
#
radius-server template default
#
pki realm default
#
ssl policy default_policy type server
 pki-realm default
 version tls1.2
 ciphersuite rsa_aes_128_cbc_sha rsa_aes_128_sha256 rsa_aes_256_sha256 ecdhe_rsa_aes128_gcm_sha256 ecdhe_rsa_aes256_gcm_sha384
#
acl number 2000
 rule 0 permit source 20.2.2.0 0.0.0.255
acl number 2001
 rule 0 permit vpn-instance test source 30.1.1.0 0.0.0.255
#
acl number 3000
 rule 5 permit ip source 88.88.88.88 0 destination 33.33.33.33 0
#
ipsec proposal ADWAN-TS
 esp authentication-algorithm sha1
 esp encryption-algorithm aes-128
ipsec proposal cpe
 esp authentication-algorithm sha1
 esp encryption-algorithm aes-128
#
ike proposal default
 encryption-algorithm des
 dh group1
 authentication-algorithm sha1
 authentication-method pre-share
 integrity-algorithm hmac-sha2-256
 prf hmac-sha2-256
ike proposal 1
 encryption-algorithm des
 dh group1
 authentication-algorithm sha1
 authentication-method pre-share
 integrity-algorithm hmac-sha1-96
 prf hmac-sha1
#
ike peer vpe
 undo version 2
 pre-shared-key cipher %^%#C3pfP{nrQTsi]mV"V"W<~_,UFL)t"8FHnxXS[JI;%^%#
 ike-proposal 1
 remote-address 172.171.9.7
 rsa encryption-padding oaep
 rsa signature-padding pss
 ikev2 authentication sign-hash sha2-256
#
ipsec policy cpe 1 isakmp
 security acl 3000
 ike-peer vpe
 proposal ADWAN-TS
 route inject dynamic
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
ip pool cpe
 vpn-instance test
 gateway-list 10.1.1.1
 network 10.1.1.0 mask 255.255.255.0
 lease unlimited
 dns-list 114.114.114.114
#
aaa
 authentication-scheme default
  authentication-mode local
 authentication-scheme radius
  authentication-mode radius
 authorization-scheme default
  authorization-mode local
 accounting-scheme default
  accounting-mode none
 local-aaa-user password policy administrator
 domain default
  authentication-scheme default
  accounting-scheme default
 domain default_admin
  authentication-scheme default
  accounting-scheme default
 local-user admin password irreversible-cipher $1a$dnb4I=3Xj6$4J'MG1`WP8Qx{I,N}=AWH:r@#@L!VS7#!yY`+5vA$
 local-user admin privilege level 15
 local-user admin service-type terminal http
 local-user fnii2019 password irreversible-cipher $1a$9t(<DJjE9>$kSlFVmC:fK,63g!n`k<D_YZ%CAWo2-4DB|WzB<XG$
 local-user fnii2019 privilege level 15
 local-user fnii2019 service-type ssh
#
web
#
firewall zone Local
#
nat address-group 0 22.22.22.22 22.22.22.22
nat address-group 1 66.66.66.66 66.66.66.66
#
bridge-domain 10
 vxlan vni 100
#
bgp 100
 router-id 88.88.88.88
 #
 ipv4-family unicast
  undo synchronization
  network 22.22.22.22 255.255.255.255
  network 32.0.0.0 255.255.255.0
 #
 ipv4-family vpnv4
  policy vpn-target
 #
 ipv4-family vpn-instance test
  network 10.1.1.0 255.255.255.0
  network 66.66.66.66 255.255.255.255
  peer 192.168.10.9 as-number 100
  peer 192.168.10.9 connect-interface Vbdif10
#
 snmp-agent local-engineid 800007DB0328DEE5262179
 snmp-agent trap enable
#
 ssh user fnii2019 authentication-type password
 stelnet server enable
 telnet server enable
 ssh server hmac sha2_256_96 sha1_96
#
 http secure-server ssl-policy default_policy
 http secure-server enable
 http server permit interface GigabitEthernet0/0/0
#
ip route-static 0.0.0.0 0.0.0.0 vpn-instance test
ip route-static 152.152.152.152 255.255.255.255 100.10.1.2
#
fib regularly-refresh disable
#
nqa test-instance admin icmp
 test-type icmpjitter
 destination-address ipv4 33.33.33.33
 source-address ipv4 88.88.88.88
 frequency 30
 probe-count 10
 start now
#
user-interface con 0
 authentication-mode password
 set authentication password cipher %^%#KB%R7rqQ_5\,]tSW^/c&r|X\D78iY#8Chj;}#l+(!RVz$J6G3Dh=tz.5z:[X%^%#
user-interface vty 0 4
 authentication-mode aaa
 user privilege level 3
 idle-timeout 0 0
#
wlan ac
 traffic-profile name default
 security-profile name default
 security-profile name default-wds
  security wpa2 psk pass-phrase %^%#rOJvPw&N8Bx6FT4WPmE0=>,A=TnWOD`@$PID0BET%^%# aes
 ssid-profile name default
 vap-profile name default
 wds-profile name default
 regulatory-domain-profile name default
 air-scan-profile name default
 rrm-profile name default
 radio-2g-profile name default
 radio-5g-profile name default
 wids-spoof-profile name default
 wids-profile name default
 ap-system-profile name default
 port-link-profile name default
 wired-port-profile name default
 ap-group name default
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
#
ops
#
autostart
#
secelog
#
 ms-channel
#
return