华为AR28-31路由器10.65.156.27

首先配置路由器的接口的ip地址，参考命令如下：


[R1]interfacee0

[R1-Ethernet0]ip add 192.168.2.124

[R1]interfacee1

[R1-Ethernet1]ip add192.192.169.1024//这里假设出口ip是192.192.169.10

然后配置地址转换，参考命令如下：

[R1]acl  number  2000  //在vrp为3.4的路由器上，2000-2999表示basic  acl

[R1-acl-basic-2000]rule  permit  source  192.168.2.0  0.0.0.255（地址掩码的反码）

[R1-acl-basic-2000]rule  deny  source  any

#这个访问控制列表定义了IP源地址为192.168.2.0/24的外出数据包

[R1]  interface  e  1

[R1-Ethernet1]nat  server  protocol  tcp  global  192.192.169.10（E1的ip）  inside  192.168.2.1（内网网关E0的ip）  



[R1-Ethernet1]  nat  outbound  2000（acl的编号）  

[R1]ip  route-static  0.0.0.0  0.0.0.0  192.192.169.1

#上面设置了路由器的E0和E1端口IP地址，并在路由表中添加缺省路由。

 

 

 

配置实例：

 

<AR28-31>sys
System View: return to User View with Ctrl+Z.
[AR28-31]dis cur
#
 sysname AR28-31
#
 super password level 3 cipher 1^S=\(G5!WGQ=^Q`MAF4<1!!
#
 nat address-group 1 10.63.128.41 10.63.128.41
 nat static 10.65.156.80 10.63.128.16
#
radius scheme system
#
domain system
#
local-user admin
 password cipher .]@USE=B,53Q=^Q`MAF4<1!!
 service-type telnet terminal
 level 3
 service-type ftp
local-user datapart
 password cipher 1^S=\(G5!WGQ=^Q`MAF4<1!!
 service-type telnet
 level 3
local-user sjb
 password cipher 1^S=\(G5!WGQ=^Q`MAF4<1!!
 service-type telnet
 level 3                                 
#
acl number 2000
 rule 0 permit source 10.65.160.0 0.0.0.255
 rule 1 permit source 10.65.170.0 0.0.0.255
 rule 2 permit source 10.65.162.0 0.0.0.255
 rule 3 permit source 10.65.161.0 0.0.0.255
 rule 4 permit source 10.65.163.0 0.0.0.255
 rule 5 permit source 10.65.1.35 0
 rule 6 permit source 10.21.0.121 0
 rule 7 permit source 172.16.40.2 0
 rule 10 permit source 10.21.0.1 0
 rule 11 permit source 10.21.0.2 0
 rule 12 permit source 10.21.0.30 0
 rule 14 permit source 10.63.128.0 0.0.0.255
 rule 15 permit source 10.65.156.0 0.0.0.255
 rule 16 permit source 10.2.0.187 0
 rule 20 permit source 10.2.0.55 0
 rule 22 permit source 10.2.0.151 0
 rule 24 permit source 192.168.30.0 0.0.0.255
 rule 25 permit source 10.65.0.129 0
 rule 26 permit source 10.65.164.101 0
 rule 27 permit source 10.65.164.102 0
 rule 28 permit source 10.65.164.103 0
 rule 29 permit source 10.65.164.104 0   
 rule 30 permit source 10.65.164.105 0
 rule 31 permit source 10.65.164.106 0
 rule 32 permit source 10.65.164.107 0
 rule 33 permit source 10.21.0.13 0
 rule 34 deny
#
interface Aux0
 async mode flow
#
interface Ethernet0/0
 ip address dhcp-alloc
#
interface Ethernet0/1
 ip address dhcp-alloc
#
interface Ethernet3/0
 ip address 10.63.128.55 255.255.255.0
 nat outbound static
 nat outbound 2000 address-group 1
#
interface Ethernet3/1
 ip address 10.65.156.27 255.255.128.0
 nat outbound static
#                                        
interface NULL0
#
 time-range nogame 07:30 to 11:00 working-day
 time-range nogame 13:30 to 17:00 working-day
#
 FTP server enable
#
 ip route-static 0.0.0.0 0.0.0.0 10.65.155.0 preference 60
 ip route-static 10.0.0.0 255.0.0.0 10.63.128.251 preference 60
 ip route-static 10.20.0.0 255.255.128.0 10.65.150.1 preference 60
 ip route-static 10.21.0.0 255.255.128.0 10.65.150.1 preference 60
 ip route-static 10.65.155.18 255.255.255.255 10.65.155.0 preference 60
 ip route-static 172.16.32.0 255.255.255.0 10.65.150.4 preference 60
 ip route-static 172.16.40.0 255.255.255.0 10.65.150.4 preference 60
 ip route-static 192.168.30.0 255.255.255.0 10.65.155.0 preference 60
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
 authentication-mode scheme
#
return

                                        2009年5月20日更新