扫一扫
关注微信公众号

H3C SecPath“F”系列防火墙基本配置
2007-04-24   

SECPATH“F”系列基本出外网典型配置:
内网------------(e0/0)-Secpath100F-(e1/0)------------internet
192.168.1.1/24         202.10.1.194/24
sys
System View: return to User View with Ctrl+Z.
[Quidway]int e0/0
[Quidway-Ethernet0/0]ip add 192.168.1.1 255.255.255.0
[Quidway-Ethernet0/0]int e1/0
[Quidway-Ethernet1/0]ip add 202.10.1.194 255.255.255.0
[Quidway]fire zone untrust
[Quidway-zone-untrust]add int e1/0
[Quidway-zone-untrust]fire zone trust
[Quidway-zone-trust]add int e0/0
[Quidway-zone-trust]quit
[Quidway]acl num 2000
[Quidway-acl-basic-2000]rule per source 192.168.1.0 0.0.0.255
[Quidway-acl-basic-2000]rule deny
[Quidway]int e1/0
[Quidway-Ethernet1/0]nat outbound 2000
[Quidway]ip route-static 0.0.0.0 0.0.0.0 202.10.1.193 preference 60
内网------------(g0/0)-Secpath1000F-(g0/1)------------internet
192.168.1.1/24         202.10.1.194/24
sys
System View: return to User View with Ctrl+Z.
[Quidway]int g0/0
[Quidway-GigabitEthernet0/0]ip add 192.168.1.1 255.255.255.0
[Quidway-GigabitEthernet0/0]int g0/1
[Quidway-GigabitEthernet0/1]ip add 202.10.1.194 255.255.255.0
[Quidway]fire zone untrust
[Quidway-zone-untrust]add int g0/1
[Quidway-zone-untrust]fire zone trust
[Quidway-zone-trust]add int g0/0
[Quidway-zone-trust]quit
[Quidway]acl num 2000
[Quidway-acl-basic-2000]rule per source 192.168.1.0 0.0.0.255
[Quidway-acl-basic-2000]rule deny
[Quidway]int g0/1
[Quidway-GigabitEthernet0/1]nat outbound 2000
[Quidway]ip route-static 0.0.0.0 0.0.0.0 202.10.1.193 preference 60
内网------------(e0/0)-Secpath100F-(e0/1)-----ADSLMODEM-------internet
192.168.1.1/24
sys
System View: return to User View with Ctrl+Z.
[Quidway]int e0/0
[Quidway-Ethernet0/0]ip add 192.168.1.1 255.255.255.0
[Quidway-Ethernet0/0]quit
[Quidway]fire zone untrust
[Quidway-zone-untrust]add int e0/1
[Quidway-zone-untrust]fire zone trust
[Quidway-zone-trust]add int e0/0
[Quidway-zone-trust]quit
[Quidway]acl num 2000
[Quidway-acl-basic-2000]rule per source 192.168.1.0 0.0.0.255
[Quidway-acl-basic-2000]rule deny
[Quidway]int e0/1
[Quidway-Ethernet0/1]nat outbound 2000
# 配置Dialer接口
[Quidway] dialer-rule 1 ip permit
[Quidway] interface dialer 1
[Quidway-Dialer1] dialer-group 1
[Quidway-Dialer1] dialer bundle 1
[Quidway-Dialer1] ip address ppp-negotiate
[Quidway-Dialer1] ppp pap local-user huawei password cipher 123456
(这里的用户名和密码就是从运营商提供的)
[Quidway-Dialer1]nat outbound 2000
# 配置PPPoE会话
[Quidway] interface ethernet 0/1
[Quidway-Ethernet0/1] pppoe-client dial-bundle-number 1
[Quidway]ip route-static 0.0.0.0 0.0.0.0 dialer 1 preference 60

热词搜索:

上一篇:企业安装使用网络防火墙的12个注意事项
下一篇:Cisco PIX 网络访问认证相关配置实例

分享到: 收藏