1樓:百度文庫精選
內容來自使用者:casper_john
華為路由器nat配置案例
拓撲圖nat地址池配置
aclnumber2000rule5permitsource192.168.2.
00.0.0.
255nataddress-group1192.168.4.
1192.168.4.
10#inte***cegigabitethernet0/0/0ipaddress192.168.4.
30255.255.255.
0natserverprotocoltcpglobal192.168.4.
118080inside192.168.2.
10wwwnatoutbound2000address-group1#inte***cegigabitethernet0/0/1ipaddress192.168.2.
254255.255.255.
0iproute-static0.0.0.
00.0.0.
0192.168.4.
100通過本機訪問
抓包驗證
nateasyip配置
aclnumber2000rule5permitsource192.168.2.
00.0.0.
255nataddress-group1192.168.4.
1192.168.4.
10#inte***cegigabitethernet0/0/0ipaddress192.168.4.
30255.255.255.
0natserverprotocoltcpglobalcurrent-inte***ce8080inside192.168.2.
10wwwnatoutbound2000#inte***cegigabitethernet0/0/1ipaddress192.168.2.
254255.255.255.
0iproute-static0.0.0.
00.0.0.
0192.168.4.
100通過本機訪問
抓包驗證
2樓:匿名使用者
華為路由器 nat及dhcp配置例項
sysname huawei-ar28-11
#nat address-group 1 125.95.190.3 125.95.190.3
nat static 192.168.100.254 125.95.190.6
nat static 192.168.100.252 125.95.190.5
nat aging-time tcp 360
#radius scheme system
#domain system
#local-user admin
password cipher .]@use=b,53q=^q`maf4<1!!
service-type telnet terminal
level 3
service-type ftp
#dhcp server ip-pool 1
network 192.168.1.0 mask 255.255.255.0
gateway-list 192.168.1.1
dns-list 202.96.128.86 202.96.128.166 202.96.128.143
#dhcp server ip-pool 2
network 192.168.2.0 mask 255.255.255.0
gateway-list 192.168.2.1
dns-list 202.96.128.86 202.96.128.166 202.96.128.143
#dhcp server ip-pool 3
network 192.168.3.0 mask 255.255.255.0
gateway-list 192.168.3.1
dns-list 202.96.128.86 202.96.128.166 202.96.128.143
#dhcp server ip-pool 4
network 192.168.4.0 mask 255.255.255.0
gateway-list 192.168.4.1
dns-list 202.96.128.86 202.96.128.166 202.96.128.143
#dhcp server ip-pool 5
network 192.168.5.0 mask 255.255.255.0
gateway-list 192.168.5.1
dns-list 202.96.128.86 202.96.128.166 202.96.128.143
#dhcp server ip-pool 6
network 192.168.6.0 mask 255.255.255.0
gateway-list 192.168.6.1
dns-list 202.96.128.86 202.96.128.166 202.96.128.143
#dhcp server ip-pool 7
network 192.168.7.0 mask 255.255.255.0
gateway-list 192.168.7.1
dns-list 202.96.128.86 202.96.128.166 202.96.128.143
#acl number 2500
rule 0 permit source 192.168.0.0 0.0.255.255
#acl number 3900
rule 0 deny tcp destination-port eq 8
rule 1 deny tcp destination-port eq 135
rule 2 deny tcp destination-port eq 139
rule 3 deny tcp destination-port eq 445
rule 4 deny tcp destination-port eq exec
rule 5 deny tcp destination-port eq 64444
rule 6 deny tcp destination-port eq 8080
rule 7 deny udp destination-port eq 135
rule 8 deny udp destination-port eq 445
rule 9 deny udp destination-port eq 3500
#inte***ce aux0
async mode flow
#inte***ce ethernet0/0
ip address 125.95.190.2 255.255.255.248
nat outbound static
nat outbound 2500 address-group 1
#inte***ce ethernet0/1
description line to huawei-s3928
ip address 192.168.8.2 255.255.255.0
#inte***ce serial0/0
clock dteclk1
link-protocol ppp
ip address dhcp-alloc
#inte***ce null0
#dhcp server forbidden-ip 192.168.100.252
dhcp server forbidden-ip 192.168.100.254
#ip route-static 0.0.0.0 0.0.0.0 125.95.190.1 preference 60
ip route-static 192.168.1.0 255.255.255.0 192.168.8.1 preference 60
ip route-static 192.168.2.0 255.255.255.0 192.168.8.1 preference 60
ip route-static 192.168.3.0 255.255.255.0 192.168.8.1 preference 60
ip route-static 192.168.4.0 255.255.255.0 192.168.8.1 preference 60
ip route-static 192.168.5.0 255.255.255.0 192.168.8.1 preference 60
ip route-static 192.168.6.0 255.255.255.0 192.168.8.1 preference 60
ip route-static 192.168.7.0 255.255.255.0 192.168.8.1 preference 60
ip route-static 192.168.100.0 255.255.255.0 192.168.8.1 preference 60
#user-inte***ce con 0
user-inte***ce aux 0
set authentication password cipher v_$d$4n:*#f/$atr*`+,;!!!
idle-timeout 2 0
user-inte***ce vty 0 4
user privilege level 3
set authentication password cipher v_$d$4n:*#f/$atr*`+,;!!!
idle-timeout 2 0
#return
具體最好諮詢廠家
3樓:匿名使用者
華為的這個路由器,在指定outside 和inside的埠有一點不一樣,
quidway#show run
now create configuration...
current configuration
!version 1.66
enable password ,y@jm,uxnzl0xaltv.u4*!!!
access-list normal 100 permit ip 10.0.0.0 0.255.255.255 any
!inte***ce aux0
async mode interactive
encapsulation ppp
!inte***ce ethernet0 #inside port#
speed auto
duplex auto
no loopback
ip address 10.0.0.2 255.255.255.0
!inte***ce ethernet1 #outside port#
speed auto
duplex auto
no loopback
ip address 192.168.0.198 255.255.255.0
nat inside 100 inte***ce #通過這個命令幫定訪問列表和地址池在外部埠上#
!inte***ce serial0
encapsulation ppp
!exit
ip route 0.0.0.0 0.0.0.0 192.168.0.254 preference 60
!end
quidway#
nat的配置任務列表如下:
1. 配置地址池
2. 配置訪問控制列表和地址池的關聯
3. 配置訪問控制列表和介面的關聯(easy ip特性)
4. 配置內部伺服器
增加一個內部伺服器
nat serverglobal global-addr [ global-port] inside inside-addr inside-port protocol
例子: 202.38.160.101-103為公網ip
設定內部ftp伺服器
quidway(config-if-serial0)# nat server global 202.38.160.
101 inside 10.110.10.
1 ftp tcp
!設定內部www伺服器1
quidway(config-if-serial0)# nat server global 202.38.160.
102 inside 10.110.10.
2 www tcp
!設定內部www伺服器2
quidway(config-if-serial0)# nat server global 202.38.160.
102 8080 inside 10.110.10.
3 www tcp
!設定內部snmp伺服器
quidway(config-if-serial0)# nat server global 202.38.160.
103 inside 10.110.10.
4 snmp udp
5. 配置地址轉換的有效時間
關於華為路由器ACL的問題,華為用路由器,ACL的問題
蕭蕭瑟瑟 acl num 2000 rule permit source 192.168.10.10 0 0表示單一ip地址 中間省略。rule permit source 192.168.10.60 0將此acl下發到外網介面,nat out 2000也就是acl裡定義的ip地址可以訪問外網,用定...
路由器配置問題 常見的路由器配置錯誤
上級給你們的ip也是私網ip,也就是說通過路由器撥號的工作他們已經做了,現在你直接拿交換機分就行了啊,不知道你現在是想大家都能訪問上級,還是都不想訪問。要想都訪問,直接拿交換機接匯流排,然後再分就行了,不需要用路由吧。請問這種情況路由器怎麼配置?路由器設定方法。預設管理地址為,管理埠是8080。將一...
華為路由器web配置方法是怎樣的
華為路由器web配置方法,你可以通過web登陸路由器設定介面,如果電信網線接wan口1,那就設定wan口1為靜態ip地址連線,輸入電信提供的ip地址資訊,最好包括dsn資訊,wan口2可以空著不用,也可以同一設定,這樣就可以上網了,lan口的地址段可以通過dhcp來設定。大概就是這樣。你好!設定無線...