华为SRG 2220简单上网! SRG2200路由配置!

华为SRG 2220简单上网! SRG2200路由配置!
//WAN

//123.162.114.24

//255.255.255.192

//123.162.114.1

//

//LAN
//192.168.67.1

//255.255.0.0

//(请根据需要改成自己的)

// 超级用户xy03 密码123456a

//斜线文字为说明

















#
acl number 2001
rule 0 permit
#
sysname SRG2220
#
web-manager enable
#
info-center timestamp debugging date
#
firewall packet-filter default permit interzone local trust direction inbound
firewall packet-filter default permit interzone local trust direction outbound
firewall packet-filter default permit interzone local untrust direction inbound
firewall packet-filter default permit interzone local untrust direction outbound
firewall packet-filter default permit interzone local dmz direction inbound
firewall packet-filter default permit interzone local dmz direction outbound
firewall packet-filter default permit interzone local vzone direction inbound
firewall packet-filter default permit interzone local vzone direction outbound
firewall packet-filter default permit interzone trust untrust direction inbound
firewall packet-filter default permit interzone trust untrust direction outbound
firewall packet-filter default permit interzone trust dmz direction inbound
firewall packet-filter default permit interzone trust dmz direction outbound
firewall packet-filter default permit interzone trust vzone direction inbound
firewall packet-filter default permit interzone trust vzone direction outbound
firewall packet-filter default permit interzone dmz untrust direction inbound
firewall packet-filter default permit interzone dmz untrust direction outbound
firewall packet-filter default permit interzone untrust vzone direction inbound
firewall packet-filter default permit interzone untrust vzone direction outbound
firewall packet-filter default permit interzone dmz vzone direction inbound
firewall packet-filter default permit interzone dmz vzone direction outbound
#
nat address-group 1 qqq 123.162.114.24 123.162.114.24
#
firewall statistic system enable
#
interface Cellular0/1/0
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 123.162.114.24 255.255.255.192
arp period-time 3
#
interface GigabitEthernet0/0/1
ip address 192.168.67.1 255.255.0.0
arp period-time 3
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
set priority 85
#
firewall zone untrust
set priority 5
add interface GigabitEthernet0/0/0
#
firewall zone dmz
set priority 50
add interface GigabitEthernet0/0/1
#
firewall zone vzone
set priority 0
#
firewall interzone dmz untrust
nat outbound 2001 address-group qqq
#
aaa
local-user xy03 password simple 123456a
local-user xy03 service-type ppp ftp web bind terminal telnet auth x25-pad ssh
local-user xy03 level 3
local-user admin password cipher O$D!"MAF4<1!!
local-user admin serv

ice-type web telnet
local-user admin level 3
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
#
right-manager server-group
#
slb
#
ip route-static 0.0.0.0 0.0.0.0 123.162.114.1
#
user-interface con 0
user-interface tty 9
authentication-mode none
modem both
user-interface vty 0 4
authentication-mode aaa
user privilege level 3