华为USG防火墙配置实例脚本-PPPOE

华为USG防火墙配置实例脚本-PPPOE

PPPOE分两部分：

PPPOE-Server(例如ADSL局端)和PPPoE Client（ADSL拨号上网。客户端）PPPOE-Server:

G0/0接WAN、G0/1接局域网。客户端通过PPPOE拨号拿IP上网。

公网IP 129.7.66.2/24、网关129.7.66.1，局域网拨到拿1.1.1.2/8-100的IP 典型应用：小区宽带、酒店等。

============================

firewall mode route

interface GigabitEthernet 0/0

ip address 129.7.66.2 24

ip route-static 0.0.0.0 0.0.0.0 129.7.66.1

firewall zone trust

add interface GigabitEthernet 0/1

firewall zone untrust

add interface GigabitEthernet 0/0

firewall packet-filter default permit all

#------------------------------------

interface Virtual-Template 1

ppp authentication-mode pap

ip address 1.1.1.1 255.0.0.0

remote address pool 1

firewall zone trust

add interface Virtual-Template 1

interface GigabitEthernet 0/1

pppoe-server bind Virtual-Template 1

#------------------------------------

aaa

local-user usg3000 password simple usg3000

ip pool 1 1.1.1.2 1.1.1.100

#-----------------------------------

acl 2001

rule 0 permit source 1.1.1.0 0.255.255.255

firewall interzone trust untrust

nat outbound 2001

=============================

PPPOE-Client

防火墙G0/0上接ADSL MODEM、局域网G0/1用IP192.168.1.1/24做网关。

防火墙自动拨号。上网。用户名1234密码123

========================================================================== firewall zone trust

add interface GigabitEthernet 0/1

firewall zone untrust

add interface GigabitEthernet 0/0

firewall packet-filter default permit all

interface GigabitEthernet 0/1

ip address 192.168.1.0 24

#-----------------------------------------

interface Dialer 1

link-protocol ppp

ppp pap local-user 123 password simple 123

ip address ppp-negotiate

dialer user usg3000

dialer bundle 1

firewall zone untrust

add interface Dialer 1

#-----------------------------------------

interface GigabitEthernet 0/0

pppoe-client dial-bundle-number 1

ip route-static 0.0.0.0 0.0.0.0 dialer1

#---------------------------------------

acl 2001

rule 0 permit source 192.168.1.0 0.0.0.255

firewall interzone trust untrust

nat outbound 2001