This is a sample Administration Buildings Project network, we directly give the configuration of the equipment.
1. S3700
sysname S3700#
undo info-center enable
#
vlan batch 101 to 102
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type access
port default vlan 101
#
interface Ethernet0/0/2
port link-type access
port default vlan 102
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
2.S7700
sysname S7700#
undo info-center enable
#
vlan batch 100 to 102
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
dhcp enable
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif100
ip address 192.168.100.1 255.255.255.0
#
interface Vlanif101
ip address 192.168.101.254 255.255.255.0
dhcp select interface
dhcp server dns-list 1.1.1.1
#
interface Vlanif102
ip address 192.168.102.254 255.255.255.0
dhcp select interface
dhcp server dns-list 1.1.1.1
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/3
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.100.2
#
user-interface con 0
user-interface vty 0 4
#
return
3.USG 2260
stp region-configuration
region-name 103d6415909d
active region-configuration
#
interface GigabitEthernet0/0/0
alias GE0/MGMT
ip address 192.168.0.1 255.255.255.0
dhcp select interface
dhcp server gateway-list 192.168.0.1
#
interface GigabitEthernet0/0/1
ip address 202.98.100.1 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
ip address 192.168.100.2 255.255.255.0
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface NULL0
alias NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet0/0/3
#
firewall zone untrust
set priority 5
add interface GigabitEthernet0/0/1
#
firewall zone dmz
set priority 50
#
aaa
local-user admin password cipher %$%$}CSe#6I!<Wm|ZUTv*4#A:`WN%$%$
local-user admin service-type web terminal telnet
local-user admin level 15
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
#
nqa-jitter tag-version 1
#
ip route-static 0.0.0.0 0.0.0.0 202.98.100.2
ip route-static 192.168.101.0 255.255.255.0 192.168.100.1
ip route-static 192.168.102.0 255.255.255.0 192.168.100.1
#
banner enable
#
user-interface con 0
authentication-mode none
user-interface vty 0 4
authentication-mode none
protocol inbound all
#
slb
#
right-manager server-group
#
sysname USG2260
#
l2tp domain suffix-separator @
#
firewall packet-filter default permit interzone local trust direction inbound
firewall packet-filter default permit interzone local trust direction outbound
firewall packet-filter default permit interzone local untrust direction outbound
firewall packet-filter default permit interzone local dmz direction outbound
#
ip df-unreachables enable
#
firewall ipv6 session link-state check
firewall ipv6 statistic system enable
#
dns resolve
#
firewall statistic system enable
#
pki ocsp response cache refresh interval 0
pki ocsp response cache number 0
#
undo dns proxy
#
license-server domain lic.huawei.com
#
web-manager enable
#
policy interzone trust untrust outbound
policy 0
action permit
policy source 192.168.0.0 0.0.255.255
#
nat-policy interzone trust untrust outbound
policy 1
action source-nat
policy source 192.168.0.0 0.0.255.255
easy-ip GigabitEthernet0/0/1
#
return