AR18-63-1的网吧新版本带WEB管理出炉
[size=4][color=#ff0000]AR18-63-1的网吧新版本特色(H3C AR1863-CMW340-T6112L01)[/color][/size][b][color=black]1、增加内网流量查看功能:查看所有内网主机的流量,方便定位问题。[/b][/color]
[b]见Word文档:[/b]
[b][color=#000000]2、增加了功能强大的web管理。[/color][/b]
[b][color=#000000]见Word文档:[/color][/b]
[b][color=#000000][/color][/b]
[b][color=#000000][/color][/b]
[b][color=#000000]有需要升级的网吧客户或网络管理员请留下信息和联系方式:[/color][/b]
[b][color=#000000]1、网吧名称、PC机台数[/color][/b]
[b][color=#000000]2、外网线路(单线还是双线,北方还是南方)[/color][/b]
[b][color=#000000]3、网吧网管联系人以及手机[/color][/b]
[b][color=#000000]4、Email电子邮箱[/color][/b]
将联系方式发到我的邮箱:[email=zhouzhongbiao520@126.com]zhouzhongbiao520@126.com[/email]
[b][color=#000000]要求网管懂VRP的命令行操作,会通过FTP等方式进行.bin文件的升级。如果网吧网管不会升级软件,可以提供技术支持,先试用命令行版本,运行1-2周之后再试用web管理界面。[/color][/b]
AR18-63-1在网吧的配置指导和IP+MAC绑定简单方法
AR18-63-1在网吧的配置指导,IP+MAC绑定,安全域的统计,防攻击的设置<H3C>dis cur
#
sysname H3C
#
firewall packet-filter enable
#
undo info-center enable
#
undo icmp unreach send
#
firewall defend enable
#
arp static 192.168.0.144 000c-f1f4-63fc
arp static 192.168.0.63 0011-110b-6237
arp static 192.168.0.156 000c-f1f4-6e1e
arp static 192.168.0.83 000c-f1f5-2ae9
arp static 192.168.0.125 0011-110b-6890
arp static 192.168.0.82 000c-f1f4-67ff
arp static 192.168.0.24 0011-110b-6358
arp static 192.168.0.16 0011-110a-eb54
arp static 192.168.0.167 0011-110a-f41b
arp static 192.168.1.15 000c-f1f4-65ca
………………………………
#
dns resolve
dns server 221.12.65.228
#
radius scheme system
#
domain system
#
acl number 2001
rule 0 permit source 192.168.0.0 0.0.0.252
rule 1 deny
acl number 3001
rule 10 deny tcp destination-port eq 445
rule 11 deny udp destination-port eq 445
rule 20 deny tcp destination-port eq 135
rule 21 deny udp destination-port eq 135
rule 30 deny tcp destination-port eq 137
rule 31 deny udp destination-port eq netbios-ns
rule 40 deny tcp destination-port eq 138
rule 41 deny udp destination-port eq netbios-dgm
rule 50 deny tcp destination-port eq 139
rule 51 deny udp destination-port eq netbios-ssn
rule 61 deny udp destination-port eq tftp
rule 70 deny tcp destination-port eq 593
rule 80 deny tcp destination-port eq 4444
rule 90 deny tcp destination-port eq 707
rule 100 deny tcp destination-port eq 1433
rule 101 deny udp destination-port eq 1433
rule 110 deny tcp destination-port eq 1434
rule 111 deny udp destination-port eq 1434
rule 120 deny tcp destination-port eq 5554
rule 130 deny tcp destination-port eq 9996
rule 141 deny udp source-port eq bootps
rule 160 permit icmp icmp-type echo
rule 161 permit icmp icmp-type echo-reply
rule 162 permit icmp icmp-type ttl-exceeded
rule 165 deny icmp
rule 200 deny tcp destination-port eq www
rule 202 deny tcp destination-port eq ftp
rule 204 deny tcp destination-port eq 3389
rule 2000 permit ip destination 218.75.27.144 0.0.0.15
rule 2001 permit ip destination 192.168.0.0 0.0.0.255
rule 2002 deny ip
acl number 3002
rule 10 deny tcp destination-port eq 445
rule 11 deny udp destination-port eq 445
rule 20 deny tcp destination-port eq 135
rule 21 deny udp destination-port eq 135
rule 30 deny tcp destination-port eq 137
rule 31 deny udp destination-port eq netbios-ns
rule 40 deny tcp destination-port eq 138
rule 41 deny udp destination-port eq netbios-dgm
rule 50 deny tcp destination-port eq 139
rule 51 deny udp destination-port eq netbios-ssn
rule 61 deny udp destination-port eq tftp
rule 70 deny tcp destination-port eq 593
rule 80 deny tcp destination-port eq 4444
rule 90 deny tcp destination-port eq 707
rule 100 deny tcp destination-port eq 1433
rule 101 deny udp destination-port eq 1433
rule 110 deny tcp destination-port eq 1434
rule 111 deny udp destination-port eq 1434
rule 120 deny tcp destination-port eq 5554
rule 130 deny tcp destination-port eq 9996
rule 141 deny udp source-port eq bootps
rule 160 permit icmp icmp-type echo
rule 161 permit icmp icmp-type echo-reply
rule 162 permit icmp icmp-type ttl-exceeded
rule 165 deny icmp
rule 200 deny tcp destination-port eq www
rule 202 deny tcp destination-port eq ftp
rule 204 deny tcp destination-port eq 3389
rule 2000 permit ip destination 221.12.164.134 0
rule 2001 permit ip destination 192.168.0.0 0.0.0.255
rule 2002 deny ip
acl number 3003
rule 10 deny tcp destination-port eq 445
rule 11 deny udp destination-port eq 445
rule 20 deny tcp destination-port eq 135
rule 21 deny udp destination-port eq 135
rule 30 deny tcp destination-port eq 137
rule 31 deny udp destination-port eq netbios-ns
rule 40 deny tcp destination-port eq 138
rule 41 deny udp destination-port eq netbios-dgm
rule 50 deny tcp destination-port eq 139
rule 51 deny udp destination-port eq netbios-ssn
rule 61 deny udp destination-port eq tftp
rule 70 deny tcp destination-port eq 593
rule 80 deny tcp destination-port eq 4444
rule 90 deny tcp destination-port eq 707
rule 100 deny tcp destination-port eq 1433
rule 101 deny udp destination-port eq 1433
rule 110 deny tcp destination-port eq 1434
rule 111 deny udp destination-port eq 1434
rule 120 deny tcp destination-port eq 5554
rule 130 deny tcp destination-port eq 9996
rule 141 deny udp source-port eq bootps
rule 160 permit icmp icmp-type echo
rule 161 permit icmp icmp-type echo-reply
rule 162 permit icmp icmp-type ttl-exceeded
rule 165 deny icmp
rule 2010 deny ip source 192.168.0.1 0
rule 2030 permit ip source 192.168.0.0 0.0.0.255
rule 3000 deny ip
#
interface Aux0
async mode flow
#
interface GigabitEthernet1/0
ip address 218.75.27.146 255.255.255.240
firewall packet-filter 3001 inbound
nat outbound 2001
arp send-gratuitous-arp 1
#
interface GigabitEthernet2/0
ip address 192.168.0.1 255.255.255.0
firewall packet-filter 3003 inbound
arp send-gratuitous-arp 1
#
interface NULL0
#
firewall zone trust
add interface GigabitEthernet1/0
add interface GigabitEthernet2/0
set priority 85
statistic enable zone inzone
statistic enable zone outzone
#
firewall zone untrust
add interface GigabitEthernet3/0
add interface GigabitEthernet4/0
set priority 5
statistic enable ip inzone
statistic enable ip outzone
#
firewall zone DMZ
set priority 50
#
ip route-static 0.0.0.0 0.0.0.0 218.75.27.145 preference 60
#
firewall defend ip-spoofing
firewall defend land
firewall defend smurf
firewall defend fraggle
firewall defend winnuke
firewall defend icmp-redirect
firewall defend icmp-unreachable
firewall defend source-route
firewall defend route-record
firewall defend tracert
firewall defend ping-of-death
firewall defend tcp-flag
firewall defend ip-fragment
firewall defend large-icmp
firewall defend teardrop
firewall defend ip-sweep
firewall defend port-scan
firewall defend arp-spoofing
firewall defend arp-reverse-query
firewall defend arp-flood
firewall defend frag-flood
firewall defend syn-flood enable
firewall defend syn-flood zone local max-rate 500
firewall defend syn-flood zone trust tcp-proxy
firewall defend udp-flood enable
firewall defend icmp-flood enable
firewall defend udp-flood zone trust
firewall defend icmp-flood zone trust
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
user privilege level 3
set authentication password cipher "3!=[M.="G;Q=^Q`MAF4<1!!
idle-timeout 0 0
#
return
<H3C>
其他进行ARP的静态绑定比较麻烦,有下面的简便操作办法,将网吧内的所有PC机都打开,访问外网,然后:
IP与MAC地址绑定的简便操作方法,请大家学习
ARP静态绑定步骤:
1、首先telnet或者通过console口登录到路由器。
2、在路由器上执行dis arp的命令,这时路由器会把学习到的动态ARP都显示出来。
3、把显示结果拷贝出来,如下:
10.106.32.20 000a-6a20-1400
10.106.32.30 000a-6a20-1e00
10.106.32.49 000a-6a20-3100
10.106.32.42 000a-6a20-2a00
10.106.32.54 000a-6a20-3600
10.106.32.19 000a-6a20-1300
10.106.32.13 000a-6a20-0d00
10.106.32.52 000a-6a20-3400
10.106.32.12 000a-6a20-0c00
10.106.32.16 000a-6a20-1000
4、对选择的信息进行替换操作,使用arp static 10.106替换10.106,结果如下:
arp static 10.106.32.20 000a-6a20-1400
arp static 10.106.32.30 000a-6a20-1e00
arp static 10.106.32.49 000a-6a20-3100
arp static 10.106.32.42 000a-6a20-2a00
arp static 10.106.32.54 000a-6a20-3600
arp static 10.106.32.19 000a-6a20-1300
arp static 10.106.32.13 000a-6a20-0d00
arp static 10.106.32.52 000a-6a20-3400
arp static 10.106.32.12 000a-6a20-0c00
arp static 10.106.32.16 000a-6a20-1000
5、登录到路由器的系统模式,把上面的替换结果直接贴到路由器上即可。
6、如果路由器再学到新的ARP也可以按照如上方法进行配置。
顶
我公司也是用这个,但我不够积分下在不了,唉~ 顶 顶 好。。。。。。。。。。。。。 我的积分也不够啊! :L: :P: :P: :P: :victory: :victory: :victory: ding :lol :lol :lol :lol页:
[1]
