7750BRAS維護(hù)與配置(SR功能篇)

第60頁共77頁 7750SR/BRAS維護(hù)與配置(SR功能篇）

1. 設(shè)備配置命令說明 41.1. System基本配置 41.2. Log配置 71.3. Port配置 91.3.1上行端口和互聯(lián)PORT端口配置 91.3.2下聯(lián)端口配置 101.4. IGP協(xié)議配置 141.4.1OSPF協(xié)議配置 141.4.2ISIS協(xié)議配置 171.5. Mpls、LDP協(xié)議配置 191.6. 設(shè)備安全配置（security） 241.6.1設(shè)備訪問安全 241.6.2主CPU保護(hù) 281.7. VPN-BGP配置 351.8. Policy配置 381.9. 業(yè)務(wù)配置 401.9.1IES業(yè)務(wù)配置 411.9.2二層VPNvpls業(yè)務(wù)配置 451.9.3三層VPNVPRN業(yè)務(wù)配置 481.10. SNMP配置 521.11. Cflowd配置 532. 業(yè)務(wù)運(yùn)行狀態(tài)檢查命令 552.1查看設(shè)備Port端口運(yùn)行狀態(tài) 552.1.1查看設(shè)備所有Port端口運(yùn)行狀態(tài) 552.1.2查看設(shè)備單個(gè)Port端口運(yùn)行狀態(tài) 572.2查看Service業(yè)務(wù)運(yùn)行狀態(tài) 602.3檢查路由器接口運(yùn)行狀態(tài) 622.3.1查看所有接口狀態(tài) 622.3.1查看單個(gè)業(yè)務(wù)的接口狀態(tài) 642.4查看設(shè)備MAC地址表信息 662.4.1查看所有MAC地址表 662.4.2查看單個(gè)業(yè)務(wù)的MAC地址表 692.5查看設(shè)備路由表信息 702.5.1查看所有路由表地址表 702.5.2查看某個(gè)業(yè)務(wù)的路由表 723. 故障排除方法說明 733.1光路正常但port端口down 733.2 ping不通對(duì)端地址 733.3 ISIS鄰接關(guān)系無法建立 733.4 BGP鄰居無法正常建立 733.5 BGP表中有路由，但路由沒有被放進(jìn)vpn路由表中 733.6 VPN中用戶CE設(shè)備無法訪問遠(yuǎn)端 743.7VPLS故障分析 743.7.1按照下列配置做mac-filter 743.7.2在VPLS中應(yīng)用MAC-FILTER 753.8.3通過分析LOG找出問題 754刪除Service配置步驟 764.1刪除單個(gè)sapService配置步驟 764.2刪除多個(gè)sapService配置步驟 76設(shè)備配置命令說明System基本配置chassis-mode要配置為C，以支持新的feature。關(guān)閉外部參考時(shí)鐘（一般現(xiàn)場(chǎng)均沒有接）多鏈路負(fù)載平衡SNMP報(bào)文大小9216telnet的session限制為設(shè)置為最大數(shù)7。最好定義預(yù)設(shè)登陸消息，避免設(shè)備信息泄露時(shí)間同步由用戶提供時(shí)鐘源（一般是上級(jí)路由器，也可能是一臺(tái)服務(wù)器，可能加密）時(shí)區(qū)自定義為GMT808（BJ08）（BEIJ08）配置示例：configuresystemname"ZJJIH-MC-CMNET-SR/BRAS3-DYYDJF1"chassis-modecl4-load-balancinglsr-load-balancinglbl-ipsync-if-timingbeginref1shutdownexitref2shutdownexitbitsshutdownexitcommitexitsnmppacket-size9216exitlogin-controlftpinbound-max-sessions5exittelnetinbound-max-sessions7outbound-max-sessions7idle-timeout15exitpre-login-message"Authorisedaccessonly,ThissystemisthepropertyofInternet,DisconnectIMMEDIATELYifyouarenotanauthoriseduser!Contactmanagerforhelp."nologin-bannerexittimentpauthentication-key1key"OAwgNUlbzgI"hash2typemessage-digestserverkey1version3preferserverkey1version3server9noshutdownexitsntpshutdownexitzoneBJ08（zoneGMT808zoneBEIJ08）exitthresholdsrmonexitexitexit#echo"RedundancyConfiguration"#redundancysynchronizeconfig（boot-env）exit檢查命令：showchassis查看chassismode是否為C。Showtime查看系統(tǒng)時(shí)間。修改時(shí)間adminset-time2010/11/1219:04:38adminset-time-set-time<date><time><date>:YYYY/MM/DD<time>:hh:mm[:ss]#echo"CardConfiguration"#card5card-typeiom2-20gmda1mda-typem10-1gb-sfp-bingressmcast-path-managementshutdownexitexitexitmda2mda-typem2-oc48-sfpingressmcast-path-managementshutdownexitexitexitexit注：mcast-path-management為加強(qiáng)安全，關(guān)閉mcast-path，Log配置配置本地log用于保存7750SR的日常設(shè)備信息，log-id為50，file-id為50。配置示例：根據(jù)log99報(bào)告情況，適當(dāng)抑制一些報(bào)告，避免系統(tǒng)報(bào)告太多#echo"LogConfiguration"#logevent-control"chassis"2063generateevent-control"system"2006suppressevent-control"system"2007suppressevent-control"system"2008suppressevent-control"system"2009suppressevent-control"system"2011suppressfile-id30locationcf3:rollover600retention24exitlog-id30time-formatlocalfromdebug-tracetofile30exitsyslog1address50facilitylocal4levelcriticalexitlog-id97frommainsecuritychangetosyslog1exitsyslog2description"To-Syslog-Server"addressfacilitylocal5levelcriticalexitlog-id96frommainsecuritychangetosyslog2exitsnmp-trap-group98trap-target"4:162"address4snmpv2cnotify-community"SR/BRAS11-DYYDJF1"exitlog-id98frommaintosnmpexitexitl#echo"FilterLogConfiguration"#filterlog102createexitexit檢查命令：Showloglog-id10查看本地LOGShowlogevent-control查看系統(tǒng)報(bào)告數(shù)量和開關(guān)情況Port配置1.3.1上行端口和互聯(lián)PORT端口配置根據(jù)上行或互聯(lián)的端口類型和協(xié)商方式配置。根據(jù)端口不同，配置相應(yīng)協(xié)議Ethernet,sonnet-sdh，根據(jù)時(shí)鐘同步要求，確定是否提取時(shí)鐘clock-sourcenode-timed3．多鏈路捆綁，多個(gè)端口屬性必須一致4．多鏈路捆綁，鏈路協(xié)議需要和對(duì)端一致，對(duì)端啟用lacp，本地也啟用lacp5．多鏈路捆綁，active表示主動(dòng)發(fā)鏈路消息，passive表示只是被動(dòng)回應(yīng)鏈路消息至少有一端必須是active例子一：10GEconfigport2/1/1description"ToZJJXI-MB-CMNET-RT02ge-1/1/010G"ethernetmtu1550exitnoshutdown例子二：1GEconfigureport1/1/1description"To_JH_JH_NE5000E_1ge"ethernetmtu1550noautonegotiateexitnoshutdown例子三：10GPOSconfigureport6/1/1description"TO-QZ-QZ-NJ-t320-so-2/1/1"sonet-sdhframingsdhclock-sourcenode-timedpathmtu4472scramblenoshutdownexitexitnoshutdownexit例子四：2.5GPOSconfigureport6/1/1description"To_QZ_XDL_R1_T320_1.MAN_so-6/0/1"sonet-sdhframingsdhpathmtu4470scramblereport-alarmpaisprdipreinoshutdownexitexitnoshutdownexit例子三：多端口捆綁lag2*1GEconfigureport1/1/1description"ToZJJXI-MC-CMNET-RT07-TXYDJF_7750ge-1/1/11Glag1-1"ethernetmtu1550noautonegotiateexitnoshutdownconfigureport1/1/2description"ToZJJXI-MC-CMNET-RT07-TXYDJF_7750ge-1/1/21Glag1-2"ethernetmtu1550noautonegotiateexitnoshutdownconfigurelag1description"ToZJJXI-MC-CMNET-RT07-TXYDJF_7750lag12G"port1/1/1port1/1/2noshutdown1.3.2下聯(lián)端口配置根據(jù)下聯(lián)交換機(jī)的端口類型和協(xié)商方式靈活配置。采用7750物理端口與下聯(lián)設(shè)備直聯(lián)就不需要封裝dot1Q，如果有VLAN則需要封裝dot1Q或qinq目前移動(dòng)要求全部采用QINQ方式。端口下配置的用戶數(shù)據(jù)，如需配置IES、VLL、VPLS、VPRN等數(shù)據(jù)就需要設(shè)置mode為access。與下聯(lián)設(shè)備不需要協(xié)商需要配置noautonegotiate。4．多鏈路捆綁，多個(gè)端口屬性必須一致5．多鏈路捆綁，鏈路協(xié)議需要和對(duì)端一致，對(duì)端啟用lacp，本地也啟用lacp6．多鏈路捆綁，lactive表示主動(dòng)發(fā)鏈路消息，passive表示只是被動(dòng)回應(yīng)鏈路消息配置示例：下聯(lián)二層路由器:單端口QINQconfigureport1/1/4description"NanH-S6503"ethernetmodeaccessencap-typeqinqnoautonegotiateexitnoshutdownexitexitallconfigureport1/1/15description"JHWY-xiacheng-OLT"ethernetmodeaccessencap-typeqinqnoautonegotiateexitnoshutdownexitexitall下聯(lián)二層路由器：多鏈路捆綁configureport1/1/3description"LAG2-To-GuangDian-LAG-port1"ethernetmodeaccessencap-typeqinqnoautonegotiateexitnoshutdownexitallconfigureport1/1/4description"LAG2-To-GuangDian-LAG-port2"ethernetmodeaccessencap-typeqinqnoautonegotiateexitnoshutdownconfigurelag2description"To-GuangDian-LAG2"modeaccessencap-typeqinqport1/1/3port1/1/4lacpactiveadministrative-key32768noshutdown檢查命令：Showport查看端口狀態(tài)是否UP。showlag查看LAG狀態(tài)是否up*A:ZJJXI-MC-CMNET-RT002-XieXi_7750#showport===============================================================================PortsonSlot1===============================================================================PortAdminLinkPortCfgOperLAG/PortPortPortSFP/XFP/IdStateStateMTUMTUBndlModeEncpTypeMDIMDX1/1/1UpYesUp155015501netwnullxcmeGIGE-LX10KM1/1/2UpYesUp155015501netwnullxcmeGIGE-LX10KM1/1/3DownNoDown92129212-netwnullxcmeGIGE-LX80KM1/1/4DownNoDown92129212-netwnullxcmeGIGE-LX40KM1/1/5UpYesUp15221522-accsqinqxcmeGIGE-LX10KM1/1/6UpYesUp15221522-accsqinqxcmeGIGE-LX40KM1/1/7UpYesUp15221522-accsqinqxcmeGIGE-LX40KM1/1/8UpNoDown15221522-accsqinqxcmeGIGE-LX10KM1/1/9UpYesUp15221522-accsqinqxcmeGIGE-LX10KM1/1/10UpYesUp152215223accsqinqxcmeGIGE-LX40KM1/1/11UpNoDown152215223accsqinqxcmeGIGE-LX40KM1/1/12UpYesUp152215224accsqinqxcmeGIGE-LX40KM1/1/13UpNoDown152215224accsqinqxcmeGIGE-LX40KM1/1/14UpYesUp15221522-accsqinqxcmeGIGE-LX40KM1/1/15UpYesUp15221522-accsqinqxcmeGIGE-LX40KM1/1/16UpYesUp15221522-accsqinqxcmeGIGE-LX10KM1/1/17UpYesUp15221522-accsqinqxcmeGIGE-LX10KM1/1/18UpYesUp15181518-accsdotqxcmeGIGE-LX10KM1/1/19UpNoDown152215225accsqinqxcmeGIGE-LX80KM1/1/20UpYesUp152215225accsqinqxcmeGIGE-LX10KM===============================================================================PortsonSlot2===============================================================================PortAdminLinkPortCfgOperLAG/PortPortPortSFP/XFP/IdStateStateMTUMTUBndlModeEncpTypeMDIMDX2/1/1UpYesUp15501550-netwnullxgige10GBASE-LR10*===============================================================================PortsonSlotA===============================================================================PortAdminLinkPortCfgOperLAG/PortPortPortSFP/XFP/IdStateStateMTUMTUBndlModeEncpTypeMDIMDXA/1UpNoDown15141514-netwnullfaste===============================================================================PortsonSlotB===============================================================================PortAdminLinkPortCfgOperLAG/PortPortPortSFP/XFP/IdStateStateMTUMTUBndlModeEncpTypeMDIMDXB/1UpNoDown15141514-netwnullfaste===============================================================================*A:ZJJXI-MC-CMNET-RT002-XieXi_7750#showlag===============================================================================LagData===============================================================================Lag-idAdmOprPort-ThresholdUp-Link-CountMCAct/Stdby1upup02N/A2downdown00N/A3upup01N/A4upup01N/A5upup01N/A11downdown00N/ATotalLag-ids:6SingleChassis:6MCAct:0MCStdby:0===============================================================================*A:ZJJXI-MC-CMNET-RT002-XieXi_7750#

IGP協(xié)議配置1.4.1OSPF協(xié)議配置1設(shè)備的唯一標(biāo)識(shí)地址系統(tǒng)默認(rèn)名字為system，配置IP地址X.X.X.X。2設(shè)備管理地址loopback配置IP地址Y.Y.Y.Y3配置系統(tǒng)自治號(hào)為64850。4打開多鏈路負(fù)載均衡ECMP設(shè)置為16。5配置設(shè)備router-id為協(xié)議互聯(lián)地址，必須是loopback/32地址，一般使用system地址。配置示例：a定義network互聯(lián)接口#echo"IPConfiguration"#interface"ge-2/1/1"address30/30description"ToZJJXI-MB-CMNET-RT02ge-1/0/110G"port2/1/1exitinterface"lag1"address54/30description"ToZJJXI-MC-CMNET-RT03-NanHu_7750lag12G"portlag-1exitinterface"loopback0"address7/32loopbackexitinterface"system"address8/32local-dhcp-server"pppoe"exitautonomous-system64850ecmp8//equalcostmulti-pathrouter-id8exitallb定義access互聯(lián)接口configureserviceies10002customer10002createinterface"to-gaozhongyuanqu6503"createaddress3/30sap1/1/14:18.0createexitexitnoshutdownexitexitallC在OSPF協(xié)議加入接口configurerouterospfasbrreference-bandwidth40000000export"export-direct-to-ospf"graceful-restartexitareainterface"system"exitinterface"lag1"metric10exitinterface"ge-2/1/1"exitinterface"loopback0"exitinterface"to-gaozhongyuanqu6503"exitexitexit檢查命令：showrouterospfinterface查看interface是否UP。showrouterecmp查看ecmp是否打開。showrouterospfneighter查看鄰居狀態(tài)是否正常showrouterospfstatusshowrouterospfdatabase查看OSPF路由數(shù)據(jù)庫-database[type{router|network|summary|asbr-summary|external|nssa|all}][area<area-id>][adv-router<router-id>][<link-state-id>][detail]*A:ZJJXI-MC-CMNET-RT002-XieXi_7750>config>service#showrouterospfinterface=============================================================================OSPFInterfaces=============================================================================IfNameAreaIdDesignatedRtrBkupDesigRtrAdmOpersystem7UpDRlag179UpDRge-2/1/1367UpBDRloopback07UpDRto-gaozhongyuanqu65037UpDRNo.ofOSPFInterfaces:5=============================================================================*A:ZJJXI-MC-CMNET-RT002-XieXi_7750>config>service#*A:ZJJXI-MC-CMNET-RT002-XieXi_7750#showrouterospfneighbor=============================================================================OSPFNeighbors=============================================================================Interface-NameRtrIdStatePriRetxQTTLlag19Full1037ge-2/1/136Full1035No.ofNeighbors:2=============================================================================

1.4.2ISIS協(xié)議配置配置ISIS為leverl-1配置area-id為86.4661.0573（按照規(guī)劃配置）將system、上聯(lián)，互聯(lián)的接口、與下聯(lián)設(shè)備互聯(lián)接口加入到ISIS進(jìn)程。配置示例：isislevel-capabilitylevel-1area-id86.4665.0514traffic-engineeringlevel1wide-metrics-onlyexitinterface"system"level-capabilitylevel-1exitinterface"to_SYL12416-1_1"level-capabilitylevel-1level1metric200exitexitinterface"to_SYL12416-1_2"level-capabilitylevel-1level1metric200exitexitinterface"to_DBL12416-1_1"level-capabilitylevel-1level1metric200exitexitinterface"to_DBL12416-1_2"level-capabilitylevel-1level1metric200

exitexitexit檢查命令：showrouterisisadjacency查看ISIS鄰接是否建立。

Mpls、LDP協(xié)議配置將system、上聯(lián)設(shè)備的接口，互聯(lián)設(shè)備的接口加入到MPLS和LDP進(jìn)程。按照需要將下聯(lián)設(shè)備的接口加入到MPLS和LDP進(jìn)程。配置示例：a配置標(biāo)簽限制策略configurerouterpolicy-optionsbeginprefix-list"system1"prefix/0prefix-length-range32-32exitpolicy-statement"label-filter"entry10fromprefix-list"system1"exitactionacceptexitexitentry20actionrejectexitexitcommitexitallb配置MPLS接口（routerid地址必須加入MPLS）configureroutermplsnoshutdowninterface"system"exitinterface"ge-1/1/1"exitinterface"ge-1/1/2"exitexitc配置LDP接口（引用標(biāo)簽限制策略）ldpexport"label-filter"interface-parametersinterface"ge-1/1/1"exitinterface"ge-1/1/2"exitexittargeted-sessionexitexitexitall檢查命令：showroutermplsinterface查看Mpls接口是否正常upshowrouterldpsession查看LDP鄰接是否成功建立Established。showrouterldpdiscovery查看LDP鄰接是否成功建立Establ。showrouterldpbinding查看LDP標(biāo)簽發(fā)布情況l。showrouterldpbindingprefixx.x.x.x/32查看LDP某個(gè)目的地的標(biāo)簽發(fā)布情況。*A:ZJJXI-MC-CMNET-RT002-XieXi_7750#showroutermplsinterface==================================================MPLSInterfaces==================================================InterfacePort-idAdmOprTE-metricsystemsystemUpUpNoneAdminGroupsNoneSrlgGroupsNonelag1lag-1UpUpNoneAdminGroupsNoneSrlgGroupsNonege-2/1/12/1/1UpUpNoneAdminGroupsNoneSrlgGroupsNoneInterfaces:3==================================================*A:ZJJXI-MC-CMNET-RT002-XieXi_7750#showrouterldpsession==================================================LDPSessions==================================================PeerLDPIdAdjTypeStateMsgSentMsgRecvUpTime0:0LinkEstablished4340179430313918d02:08:220:0LinkEstablished3049446188783117d17:09:49No.ofSessions:2==================================================*A:ZJJXI-MC-CMNET-RT002-XieXi_7750#showrouterldpdiscovery==================================================LDPHelloAdjacencies==================================================InterfaceNameLocalAddrPeerAddrAdjTypeStatelag180LinkEstabge-2/1/180LinkEstabNo.ofHelloAdjacencies:2==================================================*A:ZJJXI-MC-CMNET-RT002-XieXi_7750#showrouterldpbindingsprefix0/32==================================================LDPLSRID:8==================================================Legend:U-LabelInUse,N-LabelNotInUse,W-LabelWithdrawnWP-LabelWithdrawPending==================================================LDPPrefixBindings==================================================PrefixPeerIngLblEgrLblEgrIntfEgrNextHop0/320128578N12022/1/1290/320128578U128458----No.ofPrefixBindings:2==================================================*A:ZJJXI-MC-CMNET-RT002-XieXi_7750#showrouterldpbindingsactiveprefix0/32==================================================Legend:(S)-Static(M)-Multi-homedSecondarySupport(B)-BGPNextHop==================================================LDPPrefixBindings(Active)==================================================PrefixOpIngLblEgrLblEgrIntf/LspIdEgrNextHop0/32Push--12022/1/1290/32Swap12857812022/1/129No.ofPrefixActiveBindings:2*A:ZJJXI-MC-CMNET-RT002-XieXi_7750#showrouterldpbindings-bindings[fec-type<prefixes|services>][detail|summary][session<ip-addr[:label-space]>]-bindings[fec-typep2mp][p2mp-id<identifier>root<ip-address>][detail|summary][session<ip-addr[:label-space]>]-bindings<label-type><start-label>[<end-label>]-bindings{prefix<ip-prefix/mask>[detail]}[session<ip-addr[:label-space]>]-bindingsactive[fec-typeprefixes][prefix<ip-prefix/mask>][egress-nh<ip-prefix/mask>|egress-if<port-id>|egress-lsp<tunnel-id>][summary]-bindingsactive[fec-typep2mp][p2mp-id<identifier>root<ip-address>][egress-nh<ip-prefix/mask>|egress-if<port-id>|egress-lsp<tunnel-id>][summary]-bindingsservice-id<service-id>[detail]-bindingsvc-type<vc-type>[{vc-id<vc-id>|agi<agi>}[session<ip-addr[:label-space]>]]-bindingsp2mp-id<identifier>root<ip-address>[detail]<fec-type>:prefixes|services|p2mp-keywords<ip-addr[:label-sp*>:ip-addr-a.b.c.dlabel-space-[0..65535]<ip-prefix/mask>:ip-prefixa.b.c.d(hostbitsmustbe0)mask[0..32]<vc-type>:<ethernet|vlan|mirror|frdlci|atmsdu|atmcell|atmvcc|atmvpc|ipipe|satop-e1|satop-t1|cesopsn|cesopsn-cas>-keywords<vc-id>:[1..4294967295]<service-id>:[1..2147483648]|<svc-name:64charmax><label-type>:ingress-label|egress-label-keywords<start-label>:[16..1048575]<end-label>:[17..1048575]<active>:keyword<detail>:keyword<agi>:<ip-addr:comm-val>|<2byte-asnumber:ext-comm-val>|<4byte-asnumber:comm-val>ip-addr-a.b.c.dcomm-val-[0..65535]2byte-asnumber-[1..65535]ext-comm-val-[0..4294967295]4byte-asnumber-[1..4294967295]<identifier>:[0..4294967295]<ip-address>:a.b.c.d<tunnel-id>:[0..4294967295]<port-id>:slot[/mda[/port]]orslot/mda/port[.channel]aps-id-aps-<group-id>[.channel]aps-keywordgroup-id-[1..64]ccag-id-slot/mda/<path-id>[cc-type]path-id-[a|b]cc-type-[.sap-net|.net-sap]

設(shè)備安全配置（security）1.6.1設(shè)備訪問安全開啟telnet、snmp服務(wù)。并對(duì)訪問IP進(jìn)行限制。全網(wǎng)7750SR設(shè)備關(guān)閉FTP，SSH服務(wù)。配置IPV6-filter。對(duì)每臺(tái)7750SR的普通上網(wǎng)用戶和每個(gè)VPRN用戶都要進(jìn)行IPV6包的過濾。配置示例：configuresystemsecuritytelnet-servernoftp-servermanagement-access-filterip-filterdefault-actionpermitentry1description"forssh,entry001-100"src-ip9/32dst-port2265535actionpermitexitentry2src-ip6/27dst-port2265535actionpermitexitentry100description"forsshsecurity,rejectotherip"dst-port2265535actiondenyexitentry101description"fortelnet,entry101-200"src-ip9/32dst-port2365535actionpermitexitentry102src-ip6/27dst-port2365535actionpermitexitentry200description"fortelnetsecurity,rejectotherip"dst-port2365535actiondenyexitentry201description"forsnmpsecurity,entry201-300"src-ip/23dst-port16165535actionpermitexitentry202src-ip40/28dst-port16165535actionpermitexitentry300description"forsnmpsecurity,rejectotherip"dst-port16165535actiondenyexitexitexitpasswordauthentication-ordertacpluslocalexit-on-rejectattempts3time5lockout0exittacplusaccountingauthorizationserver1address41secret"c0U/mpLwwC03lOPC3MHySE"hash2server2address83secret"WZBK9MwJl5FLJURrtaiD6."hash2exitsource-addressxxx.xxx.xxx.xxx//defaultsystemaddressifnotdefineexitall注：exit-on-reject--提供AAA認(rèn)證取TACPLUS內(nèi)容,如果加了EXIT-ONF-REJECT，則3A服務(wù)器上沒有這個(gè)用戶名密碼的話，則本地帳號(hào)也無法登陸

本地用戶權(quán)限管理：1系統(tǒng)默認(rèn)賬號(hào)user"admin"password"VeuGBy9agmYtpDhhW0yi359H.JvK5.8c"hash2accessconsoleftpsnmp

consolemember"administrative"exitexit創(chuàng)建一個(gè)新權(quán)限，并且應(yīng)用（注：對(duì)本地用戶有效，AAA認(rèn)證由服務(wù)器控制）例子a：開放全部權(quán)限并應(yīng)用與用戶賬號(hào)profile"zcuc"default-actionpermit-allexituser"zcuc"password"f9GWVwcz08n3aMW6R1aHek"hash2accessconsoleftpsnmpconsolemember"default"member"zcuc"exitexit例子b：有限制的權(quán)限并且應(yīng)用于用戶賬號(hào)profile"showonly"default-actionpermit-allentry10match"configure"actiondenyexitentry20match"admin"actiondenyexitentry30match"debug"actiondenyexitentry40match"tools"actiondenyexitentry50match"clear"actiondenyexitentry60match"file"actiondenyexitentry70match"bof"actiondenyexitexituser"hzjk"pa