h3c secpath f100-c的一些配置

 先说刚刚上电后的初始化配置

    sys

    firewall packet-filter enable

    firewall packet-filter default permit 

区域配置

    firewall zone trust

    add interface ethernet 1/0

    quit

    firewall zone untrust 

    add interface ethernet 2/0

    quit

接口配置

int e2/0

ip address 10.0.0.1 255.255.255.0

duplex full

speed 10

int e1/0

ip add 172.20.0.1 255.255.0.0

duplex full

speed 10

允许网页配置

    undo ip http shutdown

配置用户登陆

    local user huawei

    password simple huawei

    service type telnet

    level 3

配置telnet远程登录

user-interface vty 0 4

authentication-mode schem/password

user privilage 3

开启防范功能

    firewall defend all

save 

reboot

配置dhcp

    dhcp enable

    dhcp server ip-pool 0

    network 172.20.0.0 mask 255.255.0.0 

    gateway-list 172.20.0.1

    dns-list 172.20.0.1

配置nat

nat static 172.20.0.2 10.0.0.2

nat address-group 0 10.0.0.3 10.0.0.100

 

acl number 2000 

rule permit source 172.20.0.0 0.0.255.255

 

int e2/0

nat outbound static //一对一

// nat oubound 2000  多对一 外网ip即wan接口地址 easy nat

nat outbound 2000 address-group 0 //多对多 nopat

nat server protocal tcp global 10.0.0.111 www inside 172.20.0.2 www