华为路由器配置说明
注意:在
在[SRG2210]模式下退到
1.配置公网NAT转换地址池
[SRG2210]nat address-group 0 211.137.5.22 211.137.5.22
2.配置acl列表允许规则
[SRG2210]acl number 2000
[SRG2210-acl-basic-2000]rule permit source 192.168.1.1 0.0.0.255
[SRG2210-acl-basic-2000]quit
3.使能dhcp服务器(功能开启)
[SRG2210]dhcp enable
4.配置用户侧局域网网关地址 dhcp 服务器
[SRG2210]interface GigabitEthernet 0/0/0
[SRG2210-GigabitEthernet0/0/0]ip address 192.168.1.1 255.255.255.0
[SRG2210-GigabitEthernet0/0/0]dhcp select interface
[SRG2210-GigabitEthernet0/0/0]dhcp server dns-list 211.140.197.58 211.137.32.178
[SRG2210-GigabitEthernet0/0/0]quit
5.配置移动侧广域网互联地址及10M网速 全双工工作方式
[SRG2210]interface GigabitEthernet 0/0/1
[SRG2210-GigabitEthernet0/0/1]ip address 211.137.5.22 255.255.255.0
[SRG2210-GigabitEthernet0/0/1]speed 10
[SRG2210-GigabitEthernet0/0/1]duplex full
[SRG2210-GigabitEthernet0/0/1]quit
6.配置信任域端口
[SRG2210]firewall zone trust
[SRG2210-zone-trust]add interface GigabitEthernet 0/0/0
[SRG2210-zone-trust]quit
7.配置非信任域端口
[SRG2210]firewall zone untrust
[SRG2210-zone-untrust]add interface GigabitEthernet 0/0/1
[SRG2210-zone-untrust]quit
8.配置信任域到非信任域匹配规则(nat地址转换)
[SRG2210]firewall interzone trust untrust
[SRG2210-interzone-trust-untrust]nat outbound 2000 address-group 0
9.配置默认静态路由
[SRG2210]ip route-static 0.0.0.0 0.0.0.0 211.137.5.1
10.保存配置
[SRG2210]quit
The current configuration will be written to the device.
Caution: Executing the "save" command on the firewall can affect the quality of
some types of traffic at the time of configuration saving.
Are you sure?[Y/N]y
Now saving the current configuration to the device..................