配置參數[GZ]dis cu[V200R001C00SPC200] //路由器軟件版本,可從官方網站下載
#
sysname GZ //路由器名字GZ
ftpserver enable //ftp 服務開通以便拷貝出配置文件備份
#
voice
#
http server port 1025 //http
undo http server enable
#
drop illegal-mac alarm
#
l2tp aging 0
#
vlan batch 10 20 30 40 50 //本路由器設置的VLAN ID
#
igmp global limit 256
#
multicast routing-enable //開啓組播
#
dhcp enable //全局下開啓DHCP服務然後在各VLAN上開啓單獨的DHCP
#
ip***-instance 1
ipv4-family
#
acl number 2000
rule 10 permit
#
acl number 2001 //以太網訪問規則列表。
rule6 permit source 172.23.68.0 0.0.0.255 //允許此網段訪問外網
rule7 permit source 172.23.69.0 0.0.0.255 //允許此網段訪問外網
rule 8 permit source 172.23.65.0 0.0.0.3 //允許此網段的前三個IP訪問外網
rule9 deny //不允許其他網段訪問外網
#
acl number 3000 //此規則並未應用
rule 40 permit ip source 172.23.65.00.0.0.255 destination 172.23.69.0 0.0.0.25
5
#
acl number 3001//定義兩個網段主機互不訪問,學生不能訪問65網段。
rule 5 deny ip source 172.23.65.0 0.0.0.255destination 172.23.68.0 0.0.0.255
rule 10 deny ip source 172.23.68.00.0.0.255 destination 172.23.65.0 0.0.0.255
#
aaa //默認視圖窗口定義本地登錄帳號和密碼
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domaindefault_admin
local-user admin password cipher ]MQ;4\]B+4Z,YWX*NZ55OA!!
local-user admin service-type telnet webhttp
local-userdfwd password cipher'VE5U!@7QCO;V2HX\\\']\\,1!!
local-userdfwd privilege level 15
local-userdfwd service-type telnet terminalweb http
local-userhuawei password cipherRY,UPVHCMV+Q=^Q`MAF4<1!! //新建用戶dfwd密碼
local-user huawei ftp-directory flash: //該用戶名默認配置指向的ftp路徑
local-user huawei service-type ftp // 該用戶採用FTP訪問
#
firewall zone trust //定義信任區域
priority 15 //定義信任區域下的策略
#
firewall zone untrust //定義不信任區域
priority 1 //定義不信任區域下的策略
#
firewall interzone trust untrust //配置安全域間
firewall enable//該安全域間啓用防火牆
packet-filter 3001 inbound //入口執行3001規則
packet-filter 3001 outbound //出口執行3001規則
packet-filter default deny outbound
#
interface Vlanif10
ip address 172.23.65.100 255.255.255.0 //定義vlan的網關地址和子網掩碼
pimdm //組播協議需開啓的功能
igmp enable //組播協議需開啓的功能
zonetrust //定義VLAN是信任區域
#
interface Vlanif20
ip address 172.23.1.1 255.255.255.240 //定義vlan的網關地址和子網掩碼
pimdm //組播協議需開啓的功能
igmp enable//組播協議需開啓的功能
zonetrust//定義VLAN是信任區域
#
interface Vlanif30
ip address 10.10.10.1 255.255.255.252 //定義vlan的網關地址和子網掩碼
pimdm //組播協議需開啓的功能
igmp enable //組播協議需開啓的功能
zonetrust //定義VLAN是信任區域
#
interface Vlanif40
ip address 172.23.68.100 255.255.255.0 //定義vlan的網關地址和子網掩碼
pimdm //組播協議需開啓的功能
igmp enable //組播協議需開啓的功能
dhcp select interface //自動分配該VLAN網關所在的地址段IP
dhcp server excluded-ip-address172.23.68.201 172.23.69.254 //定義該段IP不自動分配
dhcp server dns-list 61.139.2.69 //定義該VLAN所在IP地址段的DNS地址
zoneuntrust //定義該VLAN爲不信任區域
#
interface Vlanif50
ip address 172.23.69.100 255.255.255.0 //定義vlan的網關地址和子網掩碼
pimdm //組播協議需開啓的功能
igmp enable //組播協議需開啓的功能
dhcp select interface //開啓本VLAN的DHCP功能並選擇端口爲定義的網關地址
dhcp server excluded-ip-address172.23.69.201 172.23.69.252 //定義手動獲取的IP地址段
dhcp server dns-list 61.139.2.69 //定義該VLAN段IP的DNS
#
interface Ethernet0/0/0 //物理端端口0
portlink-type access //定義該端口類型
portdefault vlan 10 //定義端口所在VLAN
#
interface Ethernet0/0/1 //物理端端口1
portlink-type access //定義該端口類型
portdefault vlan 30 //定義端口所在VLAN
#
interface Ethernet0/0/2 //物理端端口2
portlink-type access // 定義該端口類型
portdefault vlan 20 //定義端口所在VLAN
qosgtscir 6000 cbs 600000 //定義該端口數據緩存帶寬範圍
#
interface Ethernet0/0/3 //物理端端口3
port link-type access
port default vlan 30
#
interface Ethernet0/0/4 //物理端端口4
portlink-type access //定義該端口類型
portdefault vlan 40 //定義端口所在VLAN
#
interface Ethernet0/0/5 //物理端端口5
portlink-type access //定義該端口類型
portdefault vlan 50 //定義端口所在VLAN
#
interface Ethernet0/0/6 //物理端端口6
portlink-type access //定義該端口類型
#
interface Ethernet0/0/7 //物理端端口6
portlink-type access //定義該端口類型
portdefault vlan 10 //定義端口所在VLAN
#
interface GigabitEthernet0/0/0 //三層口不在任何一個VLAN中,有映射功能。
ip address 125.69.71.128 255.255.255.0 //定義該端口的網關地址和子網掩碼
nat server protocol tcp globalcurrent-interface 10001 inside 172.23.68.222 10001 //允許內網IP端口映射到外網
nat server protocol tcp globalcurrent-interface 10002 inside 172.23.68.222 10002
nat server protocol tcp globalcurrent-interface 10003 inside 172.23.68.222 10003
nat server protocol tcp globalcurrent-interface 10004 inside 172.23.68.222 10004
nat server protocol tcp globalcurrent-interface 10005 inside 172.23.68.222 10005
nat server protocol tcp globalcurrent-interface 10006 inside 172.23.68.222 10006
nat server protocol tcp globalcurrent-interface 10007 inside 172.23.68.222 10007
nat server protocol tcp globalcurrent-interface 10008 inside 172.23.68.222 10008
nat server protocol tcp globalcurrent-interface 10009 inside 172.23.68.222 10009
nat server protocol tcp globalcurrent-interface 10010 inside 172.23.68.222 10010
nat server protocol udp globalcurrent-interface 11001 inside 172.23.68.222 11001
nat server protocol udp globalcurrent-interface 11002 inside 172.23.68.222 11002
nat server protocol udp globalcurrent-interface 11003 inside 172.23.68.222 11003
nat server protocol udp globalcurrent-interface 11004 inside 172.23.68.222 11004
nat server protocol udp globalcurrent-interface 11005 inside 172.23.68.222 11005
nat server protocol udp globalcurrent-interface 11006 inside 172.23.68.222 11006
nat server protocol udp globalcurrent-interface 11007 inside 172.23.68.222 11007
nat server protocol udp globalcurrent-interface 11008 inside 172.23.68.222 11008
nat server protocol udp globalcurrent-interface 11009 inside 172.23.68.222 11009
nat server protocol udp global current-interface11010 inside 172.23.68.222 11010
nat outbound 2001 //在該端口上執行編號爲2001的訪問規則
#
interface GigabitEthernet0/0/1 //三層口不在任何一個VLAN中,有映射功能。
ip address 10.10.10.6 255.255.255.252 //定義該端口的網關地址和子網掩碼
pimdm //組播協議需開啓的功能
igmp enable //組播協議需開啓的功能
undonegotiation auto //關閉端口自動協商功能
zonetrust //定義該端口是信任區域
#
interface Cellular0/0/0
link-protocolppp
#
interface Cellular0/0/1
link-protocolppp
#
interface NULL0
#
igmp
#
pim
c-bsr GigabitEthernet0/0/0
c-rp GigabitEthernet0/0/0 group-policy 2000
c-rp GigabitEthernet0/0/1 group-policy 2000
#
ip route-static 0.0.0.0 0.0.0.0125.71.213.1 //新增靜態路由列表,訪問外網
ip route-static 10.1.187.0 255.255.255.010.10.10.2
ip route-static 10.102.0.0 255.255.0.0172.23.1.2
ip route-static 10.110.0.0 255.255.0.0172.23.1.2
ip route-static 172.23.66.0 255.255.255.010.10.10.2
ip route-static 172.23.67.0 255.255.255.010.10.10.5
ip route-static 192.168.14.0 255.255.255.0172.23.1.2
ip route-static 192.168.18.0 255.255.255.0172.23.1.2
ip route-static 192.168.20.0 255.255.255.0172.23.1.2
#
super password level 3 cipherEO2\:%&(X.$'CLYaDZ]EJ1!!
user-interface con 0
user-interfacevty 0 4
authentication-modeaaa
user-interfacevty 16 20
#
port-group 1
group-member Ethernet0/0/0
group-member Ethernet0/0/1
group-member Ethernet0/0/2
group-member Ethernet0/0/3
group-member Ethernet0/0/4
group-member Ethernet0/0/5
group-member Ethernet0/0/6
group-member Ethernet0/0/7
#
port-group eth0/0/2
#
Return
華爲AR1220路由器配置參數實際應用實例解說
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.