- 论坛徽章:
- 0
|
华为18-22-24路由器往外ping时出现不规则丢包,丢包率在20%左右,请高手帮看看!
配置如下 :
#
sysname Quidway
#
FTP server enable
#
firewall enable
#
dialer-rule 1 ip permit
#
web set-package force flash:/http.zip
#
radius scheme system
#
domain system
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
service-type telnet terminal
level 3
service-type ftp
#
acl number 2000
rule 0 permit source 192.168.0.0 0.0.0.255
acl number 3333
rule 0 deny udp destination-port eq tftp
rule 1 deny tcp source-port eq 135 destination-port eq 135
rule 2 deny udp source-port eq 135 destination-port eq 135
rule 3 deny tcp source-port eq 137 destination-port eq 137
rule 4 deny tcp source-port eq 1068 destination-port eq 138
rule 5 deny tcp source-port eq 389 destination-port eq 139
rule 6 deny tcp source-port eq 593 destination-port eq 139
rule 7 deny udp source-port eq 445 destination-port eq 445
rule 8 deny tcp source-port eq 1025 destination-port eq 445
rule 9 deny udp source-port eq 1434 destination-port eq 539
rule 10 deny tcp source-port eq 3127 destination-port eq 539
rule 11 deny tcp source-port eq 3128 destination-port eq 593
rule 12 deny tcp source-port eq 4444 destination-port eq 593
rule 13 deny tcp source-port eq 5554 destination-port eq 1434
rule 14 deny tcp source-port eq 5800 destination-port eq 1433
rule 15 deny tcp source-port eq 5900 destination-port eq 4444
rule 16 deny tcp source-port eq 8998 destination-port eq 9996
rule 17 deny tcp source-port eq 9995 destination-port eq 5554
rule 18 deny tcp source-port eq 9996 destination-port eq 9996
rule 19 deny tcp destination-port eq 445
rule 20 deny udp destination-port eq 445
rule 21 deny tcp destination-port eq 135
rule 22 deny udp destination-port eq 135
rule 23 deny tcp destination-port eq 136
rule 24 deny udp destination-port eq 136
rule 25 deny tcp destination-port eq 137
rule 26 deny udp destination-port eq netbios-ns
rule 27 deny udp destination-port eq 1068
rule 28 deny tcp destination-port eq 1023
rule 29 deny udp destination-port eq 1023
rule 30 permit icmp icmp-type echo
rule 31 deny udp source-port eq 0 destination-port eq netbios-ns
rule 32 deny udp source-port eq 11 destination-port eq netbios-ns
rule 33 deny icmp
rule 40 deny tcp destination-port eq 138
rule 41 deny udp destination-port eq netbios-dgm
rule 43 deny tcp destination-port eq 139
rule 51 deny udp destination-port eq netbios-ssn
rule 62 deny tcp destination-port eq 389
rule 63 deny tcp destination-port eq 539
rule 64 deny udp destination-port eq 539
rule 65 deny tcp destination-port eq 4444
rule 66 deny tcp destination-port eq 707
rule 70 deny tcp destination-port eq 593
rule 71 deny udp destination-port eq 593
rule 72 deny tcp destination-port eq 1024
rule 73 deny tcp destination-port eq 1025
rule 74 deny tcp destination-port eq 1033
rule 75 deny tcp destination-port eq 1068
rule 76 deny tcp destination-port eq 1243
rule 77 deny tcp destination-port eq 1978
rule 78 deny tcp destination-port eq 1999
rule 79 deny tcp destination-port eq 2000
rule 80 deny tcp destination-port eq 2001
rule 81 deny tcp destination-port eq 3127
rule 82 deny tcp destination-port eq 4899
rule 83 deny tcp destination-port eq 5022
rule 84 deny tcp destination-port eq 6881
rule 85 deny tcp destination-port eq 6882
rule 86 deny tcp destination-port eq 6883
rule 87 deny tcp destination-port eq 6884
rule 88 deny tcp destination-port eq 6885
rule 138 deny tcp destination-port eq 8011
rule 139 deny tcp destination-port eq 8998
rule 140 deny tcp destination-port eq 9995
rule 141 deny tcp destination-port eq 12345
rule 142 deny tcp destination-port eq 12346
rule 143 deny tcp destination-port eq 27374
rule 145 deny tcp destination-port eq 30100
rule 161 permit icmp icmp-type echo-reply
rule 162 permit icmp icmp-type ttl-exceeded
#
interface Dialer1
link-protocol ppp
ppp pap local-user mglb007@wsl02.yn password cipher V3"LO2/=!<WQ=^Q`MAF4<1!!
tcp mss 1024
ip address ppp-negotiate
dialer user admin
dialer-group 1
dialer bundle 1
nat outbound 2000
#
interface Dialer2
link-protocol ppp
ppp pap local-user mglb007@wsl02.yn password cipher V3"LO2/=!<WQ=^Q`MAF4<1!!
tcp mss 1024
ip address ppp-negotiate
dialer user admin
dialer-group 1
dialer bundle 2
nat outbound 2000
#
interface Ethernet1/0
pppoe-client dial-bundle-number 1
ip address dhcp-alloc
firewall packet-filter 3333 inbound
#
interface Ethernet2/0
pppoe-client dial-bundle-number 2
ip address dhcp-alloc
firewall packet-filter 3333 inbound
#
interface Ethernet3/0
ip address 192.168.0.49 255.255.255.0
#
interface Ethernet3/1
#
interface Ethernet3/2
#
interface Ethernet3/3
#
interface Ethernet3/4
interface Ethernet3/5
#
interface Ethernet3/6
#
interface Ethernet3/7
#
interface Ethernet3/8
#
interface Ethernet3/9
#
interface Ethernet3/10
#
interface Ethernet3/11
#
interface Ethernet3/12
#
interface Ethernet3/13
#
interface Ethernet3/14
#
interface Ethernet3/15
interface Ethernet3/16
#
interface Ethernet3/17
#
interface Ethernet3/18
#
interface Ethernet3/19
#
interface Ethernet3/20
#
interface Ethernet3/21
#
interface Ethernet3/22
#
interface Ethernet3/23
#
interface Ethernet3/24
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 Dialer 1 preference 60
ip route-static 0.0.0.0 0.0.0.0 Dialer 2 preference 60
#
user-interface con 0
user-interface vty 0 4
authentication-mode scheme
#
return |
|
免费注册
发表于 2007-10-15 17:00
发表于 2007-10-15 18:41
