一、華為路由器的NAT配置

華為路由器 NAT及DHCP配置實(shí)例

sysname HUAWEI-AR28-11

#

nat address-group 1 125.95.190.3 125.95.190.3

nat static 192.168.100.254 125.95.190.6

nat static 192.168.100.252 125.95.190.5

nat aging-time tcp 360

#

radius scheme system

#

domain system

#

local-user admin

password cipher .]@USE=B,53Q=^Q`MAF4<1!!

service-type telnet terminal

level 3

service-type ftp

#

dhcp server ip-pool 1

network 192.168.1.0 mask 255.255.255.0

gateway-list 192.168.1.1

dns-list 202.96.128.86 202.96.128.166 202.96.128.143

#

dhcp server ip-pool 2

network 192.168.2.0 mask 255.255.255.0

gateway-list 192.168.2.1

dns-list 202.96.128.86 202.96.128.166 202.96.128.143

#

dhcp server ip-pool 3

network 192.168.3.0 mask 255.255.255.0

gateway-list 192.168.3.1

dns-list 202.96.128.86 202.96.128.166 202.96.128.143

#

dhcp server ip-pool 4

network 192.168.4.0 mask 255.255.255.0

gateway-list 192.168.4.1

dns-list 202.96.128.86 202.96.128.166 202.96.128.143

#

dhcp server ip-pool 5

network 192.168.5.0 mask 255.255.255.0

gateway-list 192.168.5.1

dns-list 202.96.128.86 202.96.128.166 202.96.128.143

#

dhcp server ip-pool 6

network 192.168.6.0 mask 255.255.255.0

gateway-list 192.168.6.1

dns-list 202.96.128.86 202.96.128.166 202.96.128.143

#

dhcp server ip-pool 7

network 192.168.7.0 mask 255.255.255.0

gateway-list 192.168.7.1

dns-list 202.96.128.86 202.96.128.166 202.96.128.143

#

acl number 2500

rule 0 permit source 192.168.0.0 0.0.255.255

#

acl number 3900

rule 0 deny tcp destination-port eq 8

rule 1 deny tcp destination-port eq 135

rule 2 deny tcp destination-port eq 139

rule 3 deny tcp destination-port eq 445

rule 4 deny tcp destination-port eq exec

rule 5 deny tcp destination-port eq 64444

rule 6 deny tcp destination-port eq 8080

rule 7 deny udp destination-port eq 135

rule 8 deny udp destination-port eq 445

rule 9 deny udp destination-port eq 3500

#

interface Aux0

async mode flow

#

interface Ethernet0/0

ip address 125.95.190.2 255.255.255.248

nat outbound static

nat outbound 2500 address-group 1

#

interface Ethernet0/1

description line to HUAWEI-S3928

ip address 192.168.8.2 255.255.255.0

#

interface Serial0/0

clock DTECLK1

link-protocol ppp

ip address dhcp-alloc

#

interface NULL0

#

dhcp server forbidden-ip 192.168.100.252

dhcp server forbidden-ip 192.168.100.254

#

ip route-static 0.0.0.0 0.0.0.0 125.95.190.1 preference 60

ip route-static 192.168.1.0 255.255.255.0 192.168.8.1 preference 60

ip route-static 192.168.2.0 255.255.255.0 192.168.8.1 preference 60

ip route-static 192.168.3.0 255.255.255.0 192.168.8.1 preference 60

ip route-static 192.168.4.0 255.255.255.0 192.168.8.1 preference 60

ip route-static 192.168.5.0 255.255.255.0 192.168.8.1 preference 60

ip route-static 192.168.6.0 255.255.255.0 192.168.8.1 preference 60

ip route-static 192.168.7.0 255.255.255.0 192.168.8.1 preference 60

ip route-static 192.168.100.0 255.255.255.0 192.168.8.1 preference 60

#

user-interface con 0

user-interface aux 0

set authentication password cipher V_$D$4N:*#F/$ATR*`+,;!!!

idle-timeout 2 0

user-interface vty 0 4

user privilege level 3

set authentication password cipher V_$D$4N:*#F/$ATR*`+,;!!!

idle-timeout 2 0

#

return

具體最好咨詢廠家

二、華為路由器基本配置

H3C路由器常用基本配置命令 [Quidway]sysname router_name 命名路由器(或交換機(jī)) [Quidway]delete 刪除Flash ROM中的配置 [Quidway]save 將配置寫入Flash ROM [Quidway]interface serial 0 進(jìn)入接口配置模式 [Quidway]quit 退出接口模式到系統(tǒng)視圖 [Quidway]shutdown/undo shutdown 關(guān)閉/重啟接口 [Quidway]ip address ip_address subnet_mask 為接口配置IP地址和子網(wǎng)掩碼 [Quidway]display version 顯示VRP版本號(hào) [Quidway]display current-configuration 顯示系統(tǒng)運(yùn)行配置信息 [Quidway]display interfaces 顯示接口配置信息 [Quidway]display ip routing 顯示路由表 [Quidway]ping ip_address 測(cè)試網(wǎng)絡(luò)連通性 [Quidway]tracert ip_address 測(cè)試數(shù)據(jù)包從主機(jī)到目的地所經(jīng)過的網(wǎng)關(guān) [Quidway]debug all 打開所有調(diào)試信息 [Quidway]undo debug all 關(guān)閉所有調(diào)試信息 [Quidway]info-center enable 開啟調(diào)試信息輸出功能 [Quidway]info-center console dubugging 將調(diào)試信息輸出到PC [Quidway]info-center monitor dubugging 將調(diào)試信息輸出到Telnet終端或啞終端 換機(jī)配置命令舉例(大括號(hào){}中的選項(xiàng)為單選項(xiàng)，斜體字部分為參數(shù)值 [Quidway]super password password 修改特權(quán)模式口令 [Quidway]sysname switch_name 命名交換機(jī)(或路 [Quidway]interface ethernet 0/1 進(jìn)入接口視圖 [Quidway]quit 退出系統(tǒng)視圖 [Quidway-Ethernet0/1]duplex {half|full|auto} 配置接口雙工工 [Quidway-Ethernet0/1]speed {10|100|auto} 配置接口速率 [Quidway-Ethernet0/1]flow-control 開啟流控制 [Quidway-Ethernet0/1]mdi {across|normal|auto} 配置MDI/MDIX [Quidway-Ethernet0/1]shutdown/undo shutdown 關(guān)閉/重啟端口 VLAN基本配置命令(以Quidway S3026為例) [Quidway]vlan 3 創(chuàng)建并進(jìn)入VLAN配置模式，缺省時(shí)系統(tǒng)將 所有端口加入VLAN 1，這個(gè)端口既不能被創(chuàng)建也不能被刪除。

[Quidway]undo vlan 3 刪除一個(gè)VLAN [Quidway-vlan3]port ethernet 0/1 to ethernet 0/4 給VLAN增加/刪除以太網(wǎng)接口 [Quidway-Ethernet0/2]port access vlan 3 將本接口加入到指定VLAN id [Quidway-Ethernet0/2]port link-type {access|trunk|hybrid} 設(shè)置端口工作方式，access(缺省)不支持802.1q幀的傳送，而trunk支持(用于Switch間互連)，hybrid和trunk的區(qū)別在于 trunk 只允許缺省VLAN的報(bào)文發(fā)送時(shí)不打標(biāo)簽，而hybrid允許多個(gè)VLAN報(bào)文發(fā)送時(shí)不打標(biāo)簽。

端口聚合配置命令 [Quidway]link-aggregation ethernet 0/7 to ethernet 0/10 {ingress|both} 配置端口聚合 Port_num1為端口聚合組的起始端口號(hào)，Port_num2為終止端口號(hào)

ingress為接口入負(fù)荷分擔(dān)方式，both為接口出負(fù)荷分擔(dān)方式。

STP基本配置命令 [Quidway]stp {enable|disable} 開啟/關(guān)閉 STP 功能，默認(rèn)關(guān)閉，開啟后所有端口都參與STP 計(jì)算。

[Quidway-Ethernet0/3]stp disable 關(guān)閉指定接口上的STP功能，如某些網(wǎng)絡(luò)不存在環(huán)路可以關(guān)閉STP。

PPP配置命令 [Quidway-Serial0]link-protocol ppp 封裝PPP協(xié)議 [Quidway-Serial0]ppp authentication-mode {pap|chap} 設(shè)置驗(yàn)證類型 [Quidway]local-user username password {simple|cipher} password 配置用戶列表 - PAP驗(yàn)證配置: 主驗(yàn)證方 [Quidway]local-user username password {simple|cipher} password 配置用戶列表 [Quidway-Serial0]ppp authentication-mode pap 被驗(yàn)證方 [Quidway-Serial0]ppp pap local-user username password {simple|cipher} password - CHAP驗(yàn)證配置: 主驗(yàn)證方 [Quidway]local-user username password {simple|cipher} password 配置被驗(yàn)證方用戶列表 [Quidway-Serial0]ppp chap host hostname 配置本地名稱 [Quidway-Serial0]ppp authentication-mode chap 被驗(yàn)證方 [Quidway]local-user username password {simple|cipher} password 配置主驗(yàn)證方用戶列表 [Quidway-Serial0]ppp chap user username 配置本地名稱 MP配置命令 [Quidway-Serial0]ppp mp 封裝MP協(xié)議 [Quidway]ppp mp user username bind virtual-template number 建立用戶與虛擬模板的對(duì)應(yīng)關(guān)系 [Quidway]interface virtual-template number 配置虛擬接口模板 [Quidway]ppp mp max-bind number 設(shè)置虛擬模板最大綁定數(shù)(1-100) 幀中繼配置命令 [Quidway-Serial0]link-protocol fr {mfr|ietf|nonstandard} 封裝幀中繼協(xié)議:IETF、Cisco兼容 [Quidway-Serial0]fr interface-type {dte|dce|nni} 配置幀中繼接口類型，NNI為幀中繼交換機(jī)之間的接口。

若配為DCE或NNI，則須先使能fr switching。

[Quidway-Serial0]fr lmi type {q933a|ansi|cisco-compatible} 配置LMI協(xié)議類型 [Quidway-Serial0]fr dlci dlci_number 配置一條本地虛電路號(hào) [Quidway-Serial0]fr map {ip|ipx} protocol-address dlci dlci_number 建立本地DLCI到對(duì)端協(xié)議地址的映射 [Quidway-Serial0]fr inarp [ip|ipx] [dlci_number] 配置Inverse ARP動(dòng)態(tài)映射 [Quidway]interface type number.subinterface_number 創(chuàng)建并進(jìn)入子接口配置模式 RIP協(xié)議配置命令 [Quidway]display rip 顯示RIP配置信息 [Quidway]rip 啟動(dòng)并進(jìn)入RIP配置模式 [Quidway-rip]network {network_number|all} 在指定網(wǎng)絡(luò)上使能RIP [Quidway-rip]peer ip_address 配置報(bào)文的定點(diǎn)傳送 [Quidway-Ethernet0]rip version {1|2 [bcast|mcast]} 指定RIP版本及傳送方式

[Quidway-Serial0]rip work 指定接口工作狀態(tài)(同rip input,rip output) [Quidway-rip]auto-summary 配置RIP-2路由聚合 [Quidway-Serial0]rip authentication simple password 配置RIP-2明文認(rèn)證密碼 [Quidway-Serial0]rip authentication md5 key-string string 配置RIP-2 MD5密文認(rèn)證密碼串 [Quidway-Serial0]rip authentication md5 type {nonstandard-compatible|usual} 指定MD5類型 [Quidway]debugging rip packet 打開RIP調(diào)試開關(guān) [Quidway]info-center console 將調(diào)試信息輸出到PC 靜態(tài)路由配置命令 [Quidway]ip route ip_address subnet_mask {interface_name|gateway_address} [preference preference_value] [reject|black_bone] [命令說明] reject:任何去往該目的地的報(bào)文均被丟棄，通知源主機(jī)不可達(dá)。

black_bone:任何去往該目的地的報(bào)文均被丟棄，不通知源主機(jī)。

當(dāng)只有下一跳的接口是PPP或HDLC接口才能寫interface_name，如Serial0，否則只能寫gateway_address(下一跳地址)。

[命令舉例] [Quidway]ip route 129.1.0.0 16 10.0.0.2 [Quidway]ip route 129.1.0.0 255.255.0.0 10.0.0.2 [Quidway]ip route 129.1.0.0 16 Serial2 [Quidway]ip route 0.0.0.0 0.0.0.0 10.0.0.2 配置缺省路由。

OSPF配置命令 [Quidway]router id ip_address 配置Router ID [Quidway]ospf enable 啟用OSPF協(xié)議 [Quidway-Serial0]ospf enable area area_id 配置當(dāng)前接口所屬的OSPF區(qū)域