窗体顶端NAT【Router】华为路由器单臂路由配置实例组网描述:PC---------------------3050C-------------------------AR28-31-------------------------INTERNET组网实现:3050C上划分多个VLAN,在AR28-31上终结VLAN信息,下面的所有VLAN中的PC都可以上公网,所有的PC机都通过AR28-31分配IP地址和DNS[AR28-31]dis cu#sysname Quidway#FTP server enable#nat address-group 0 222.222.222.2 222.222.222.10用于上公网的地址池#radius scheme system#domain system#local-user adminpasswordcipher .]@USE=B,53Q=^Q`MAF4<1!! service-type telnet terminallevel 3service-type ftplocal-userhuawei telnet用户,用于远程管理password simple huaweiservice-type telnetlevel 3#dhcp server ip-pool 10为VLAN10分配IP地址network 192.168.10.0 mask 255.255.255.0gateway-list 192.168.10.1dns-list 100.100.100.100#dhcp server ip-pool 20为VLAN20分配IP地址network 192.168.20.0 mask 255.255.255.0gateway-list 192.168.20.1dns-list 100.100.100.100#dhcp server ip-pool 30为VLAN30分配IP地址network 192.168.30.0 mask 255.255.255.0gateway-list 192.168.30.1dns-list 100.100.100.100#dhcp server ip-pool 40为VLAN40分配IP地址network 192.168.40.0 mask 255.255.255.0gateway-list 192.168.40.1dns-list 100.100.100.100#interface Aux0async mode flow#interfaceEthernet1/0用于与交换机的管理IP互通ip address 192.168.100.1 255.255.255.0 firewall packet-filter 3000 inbound#interfaceEthernet1/0.1终结交换机上的VLAN10tcp mss 1024ip address 192.168.10.1 255.255.255.0 firewall packet-filter 3000 inbound vlan-type dot1q vid 10#interfaceEthernet1/0.2终结交换机上的VLAN20tcp mss 1024ip address 192.168.20.1 255.255.255.0 firewall packet-filter 3000 inbound vlan-type dot1q vid 20#interfaceEthernet1/0.3终结交换机上的VLAN30tcp mss 1024ip address 192.168.30.1 255.255.255.0 firewall packet-filter 3000 inbound vlan-type dot1q vid 30#interfaceEthernet1/0.4终结交换机上的VLAN40tcp mss 1024ip address 192.168.40.1 255.255.255.0 firewall packet-filter 3000 inbound vlan-type dot1q vid 40#interface Ethernet2/0ip address 222.222.222.1 255.255.255.0 nat outbound 2000 address-group 0进行私网到公网的地址转换#interface NULL0#acl number 2000允许192.168.0.0 这个网段的地址进行地址转换rule 0 permit source 192.168.0.0 0.0.255.255rule 1 deny#acl number 3000rule 0 deny udp destination-port eq tftp rule 1 deny tcp destination-port eq 135 rule 2 deny udp destination-port eq 135 rule 3 deny udp destination-port eq netbios-nsrule 4 deny udp destination-port eq netbios-dgmrule 5 deny tcp destination-port eq 139 rule 6 deny udp destination-port eq netbios-ssnrule 7 deny tcp destination-port eq 445 rule 8 deny udp destination-port eq 445 rule 9 deny tcp destination-port eq 539 rule 10 deny udp destination-port eq 539 rule 11 deny udp destination-port eq 593 rule 12 deny tcp destination-port eq 593 rule 13 deny udp destination-port eq 1434rule 14 deny tcp destination-port eq 4444rule 15 deny tcp destination-port eq 9996rule 16 deny tcp destination-port eq 5554rule 17 deny udp destination-port eq 9996rule 18 deny udp destination-port eq 5554rule 19 deny tcp destination-port eq 137 rule 20 deny tcp destination-port eq 138 rule 21 deny tcp destination-port eq 1025rule 22 deny udp destination-port eq 1025rule 23 deny tcp destination-port eq 9995rule 24 deny udp destination-port eq 9995rule 25 deny tcp destination-port eq 1068rule 26 deny udp destination-port eq 1068rule 27 deny tcp destination-port eq 1023rule 28 deny udp destination-port eq 1023#ip route-static 0.0.0.0 0.0.0.0 222.222.222.254 preference 60到电信网关的缺省路由#user-interface con 0user-interface aux 0user-interface vty 0 4authentication-mode scheme#return===================================== ==========================<Quidway 3050C>dis cu#sysname Quidway#radius scheme systemserver-type huaweiprimary authentication 127.0.0.1 1645 primary accounting 127.0.0.1 1646 user-name-format without-domaindomain systemradius-scheme systemaccess-limit disablestate activevlan-assignment-mode integeridle-cut disableself-service-url disablemessenger time disabledomain default enable system#local-server nas-ip 127.0.0.1 key huaweilocal-user huawei用于WEB网管和TELNETpassword simple huaweiservice-type telnet level 3#vlan 1#vlan 10#vlan 20#vlan 30# vlan 40#interfaceVlan-interface1管理IPip address 192.168.100.2 255.255.255.0 #interface Aux0/0#interface Ethernet0/1port access vlan 10#interface Ethernet0/2port access vlan 10#interface Ethernet0/3port access vlan 10#interface Ethernet0/4port access vlan 10#interface Ethernet0/5port access vlan 10#interface Ethernet0/6port access vlan 10#interface Ethernet0/7port access vlan 10#interface Ethernet0/8port access vlan 10#interface Ethernet0/9port access vlan 10#interface Ethernet0/10port access vlan 10#interface Ethernet0/11port access vlan 20#interface Ethernet0/12port access vlan 20#interface Ethernet0/13 port access vlan 20#interface Ethernet0/14 port access vlan 20#interface Ethernet0/15 port access vlan 20#interface Ethernet0/16 port access vlan 20#interface Ethernet0/17 port access vlan 20#interface Ethernet0/18 port access vlan 20#interface Ethernet0/19 port access vlan 20#interface Ethernet0/20 port access vlan 20#interface Ethernet0/21 port access vlan 30#interface Ethernet0/22 port access vlan 30#interface Ethernet0/23 port access vlan 30#interface Ethernet0/24 port access vlan 30#interface Ethernet0/25 port access vlan 30#interface Ethernet0/26 port access vlan 30# interface Ethernet0/27 port access vlan 30#interface Ethernet0/28 port access vlan 30#interface Ethernet0/29 port access vlan 30#interface Ethernet0/30 port access vlan 30#interface Ethernet0/31 port access vlan 40#interface Ethernet0/32 port access vlan 40#interface Ethernet0/33 port access vlan 40#interface Ethernet0/34 port access vlan 40#interface Ethernet0/35 port access vlan 40#interface Ethernet0/36 port access vlan 40#interface Ethernet0/37 port access vlan 40#interface Ethernet0/38 port access vlan 40#interface Ethernet0/39 port access vlan 40#interface Ethernet0/40 port access vlan 40#interface Ethernet0/41 port access vlan 40 #interface Ethernet0/42port access vlan 40 #interface Ethernet0/43 port access vlan 40 #interface Ethernet0/44 port access vlan 40 #interface Ethernet0/45 port access vlan 40 #interface Ethernet0/46 port access vlan 40 #interface Ethernet0/47 port access vlan 40 #interface Ethernet0/48 上行口port link-type trunkport trunk permit vlan 1 10 20 30 40 只允许这几个VLAN 标签透传 #interface NULL0 #user-interface aux 0 user-interface vty 0 4 #return<Quidway> 0人了章。