h3c防火墙u200-A 配置实例

#
version 5.20, Release 5116P17
#
sysname H3C
#
undo voice vlan mac-address 00e0-bb00-0000
#
domain default enable system
#
acl number 2000 match-order auto
rule 1 permit source 192.168.10.0 0.0.0.255
rule 2 permit source 192.168.11.0 0.0.0.255
rule 3 permit source 192.168.12.0 0.0.0.255
rule 4 permit source 192.168.13.0 0.0.0.255
rule 5 permit source 192.168.14.0 0.0.0.255
rule 7 permit source 192.168.0.0 0.0.0.255
rule 6 deny
#
vlan 1
#
domain system
access-limit disable
state active
---- More ----[16D [16D idle-cut disable
self-service-url disable
#
pki domain default
crl check disable
#
dhcp server ip-pool vlan10
network 192.168.10.0 mask 255.255.255.0
gateway-list 192.168.10.1
dns-list 218.30.19.40
#
dhcp server ip-pool vlan11
network 192.168.11.0 mask 255.255.255.0
gateway-list 192.168.11.1
dns-list 218.30.19.40
#
dhcp server ip-pool vlan12
network 192.168.12.0 mask 255.255.255.0
gateway-list 192.168.12.1
dns-list 218.30.19.40
#
dhcp server ip-pool vlan13
network 192.168.13.0 mask 255.255.255.0
---- More ----[16D [16D gateway-list 192.168.13.1
dns-list 218.30.19.40
#
dhcp server ip-pool vlan14
network 192.168.14.0 mask 255.255.255.0
gateway-list 192.168.14.1
dns-list 218.30.19.40
#
dhcp server ip-pool vlan100
network 192.168.0.0 mask 255.255.255.0
gateway-list 192.168.0.2
dns-list 218.30.19.40
#
user-group system
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
authorization-attribute level 3
service-type telnet
#
interface NULL0
#
interface GigabitEthernet0/0
---- More ----[16D [16D port link-mode route
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet0/1
port link-mode route
nat outbound 2000
ip address 61.185.255.46 255.255.255.252
#
interface GigabitEthernet0/2
port link-mode route
#
interface GigabitEthernet0/3
port link-mode route
#
interface GigabitEthernet0/4
port link-mode route
#
interface GigabitEthernet0/5
port link-mode route
ip address 192.168.0.1 255.255.255.0
#
ip route-static 0.0.0.0 0.0.0.0 61.185.255.45
ip route-static 192.168.0.0 255.255.255.0 192.168.0.2
---- More ----[16D [16D ip route-static 192.168.10.0 255.255.255.0 192.168.10.1
ip route-static 192.168.10.0 255.255.255.0 192.168.0.2
ip route-static 192.168.11.0 255.255.255.0 192.168.0.2
ip route-static 192.168.12.0 255.255.255.0 192.168.0.2
ip route-static 192.168.13.0 255.255.255.0 192.168.0.2
ip route-static 192.168.14.0 255.255.255.0 192.168.0.2
#
dhcp enable
#
load xml-configuration
#
load tr069-configuration
#
user-interface con 0
user-interface vty 0 4
authentication-mode scheme
#
return