#
sysname GATEWAY
#
super password level 3 simple 123456
#
domain default enable zzu
#
firewall packet-filter enable
firewall packet-filter default permit
#
undo insulate
#
firewall statistic system enable
#
radius scheme system
server-type standard
radius scheme zzu
server-type standard
primary authentication 192.168.30.2
key authentication 123456
user-name-format without-domain
#
domain system
domain zzu
scheme radius-scheme zzu
access-limit enable 10
accounting optional
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
service-type telnet terminal
level 3
service-type ftp
#
interface Aux0
async mode flow
#
interface Ethernet0/0
ip address 192.168.1.254 255.255.255.0
dhcp select relay
#
interface Ethernet0/0.10
ip address 192.168.10.254 255.255.255.0
ip relay address 192.168.30.1
dhcp select relay
vlan-type dot1q vid 10
#
interface Ethernet0/0.20
ip address 192.168.20.254 255.255.255.0
ip relay address 192.168.30.1
dhcp select relay
vlan-type dot1q vid 20
#
interface Ethernet0/0.30
ip address 192.168.30.254 255.255.255.0
dhcp select relay
vlan-type dot1q vid 30
#
interface Ethernet0/4
dhcp select relay
#
interface Encrypt1/0
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
add interface Ethernet0/0
add interface Ethernet0/0.10
add interface Ethernet0/0.20
add interface Ethernet0/0.30
set priority 85
#
firewall zone untrust
set priority 5
#
firewall zone DMZ
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
FTP server enable
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
sysname NAS
#
super password level 3 simple 123456
#
local-server nas-ip 192.168.30.2 key 123456
#
domain default enable zzu
#
dot1x
dot1x authentication-method pap
#
radius scheme system
radius scheme radius
server-type standard
primary authentication 192.168.30.2
key authentication 123456
user-name-format without-domain
#
domain system
domain zzu
scheme radius-scheme radius
access-limit enable 10
accounting optional
#
local-user user1
#
vlan 1
#
vlan 10
description student
#
vlan 20
description teacher
#
vlan 30
description server
#
interface Vlan-interface1
ip address 192.168.1.1 255.255.255.0
#
interface Aux1/0/0
#
interface Ethernet1/0/1
port access vlan 10
dot1x
#
interface Ethernet1/0/2
port access vlan 10
dot1x
#
interface Ethernet1/0/3
port access vlan 10
dot1x
#
interface Ethernet1/0/4
port access vlan 10
dot1x
#
interface Ethernet1/0/5
port access vlan 10
dot1x
#
interface Ethernet1/0/6
port access vlan 10
dot1x
#
interface Ethernet1/0/7
port access vlan 10
dot1x
#
interface Ethernet1/0/8
port access vlan 10
dot1x
#
interface Ethernet1/0/9
port access vlan 10
dot1x
#
interface Ethernet1/0/10
port access vlan 10
dot1x
#
interface Ethernet1/0/11
port access vlan 20
dot1x
#
interface Ethernet1/0/12
port access vlan 20
dot1x
#
interface Ethernet1/0/13
port access vlan 20
dot1x
#
interface Ethernet1/0/14
port access vlan 20
dot1x
#
interface Ethernet1/0/15
port access vlan 20
dot1x
#
interface Ethernet1/0/16
port access vlan 20
dot1x
#
interface Ethernet1/0/17
port access vlan 20
dot1x
#
interface Ethernet1/0/18
port access vlan 20
dot1x
#
interface Ethernet1/0/19
port access vlan 20
dot1x
#
interface Ethernet1/0/20
port access vlan 20
dot1x
#
interface Ethernet1/0/21
port access vlan 30
#
interface Ethernet1/0/22
#
interface Ethernet1/0/23
#
interface Ethernet1/0/24
port link-type trunk
port trunk permit vlan all
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.1.254 preference 60
#
user-interface aux 0
idle-timeout 35791 0
user-interface vty 0 4
authentication-mode scheme
idle-timeout 35791 0