华为路由交换由浅入深系列(十二):ENSP2.0
华为无线路由猫 时间:2021-05-19 阅读:()
模拟NAT+Firewall+DNS+DHCP功能ENSP2.
0模拟NAT+Firewall+DNS+DHCP功能,主要涉及在华为路由器上面,如何实现防火墙特性、NAT、DNS、DHCP功能.
掌握目标1、路由器DHCP客户端配置(模拟PC)2、防火墙特性配置3、NAT配置4、DNS与DHCP的配置掌握一、实验拓扑:二、PC的配置#sysnamePCdhcpenablednsresolvednsserver8.
8.
8.
8#interfaceGigabitEthernet0/0/0ipaddressdhcp-alloc三、网关路由器的配置#sysnameGW#dhcpenablednsresolvednsserver8.
8.
8.
8#aclnumber3000rule5permitipsource192.
168.
10.
00.
0.
0.
255aclnumber3001rule5denyicmpicmp-typeechorule10permitip#firewallzonetrustpriority10#firewallzoneuntrustpriority5#firewallzoneLocalpriority15#firewallinterzonetrustuntrustfirewallenablepacket-filter3001inbounddetectaspfftpdetectaspfsipdetectaspfrtspdetectaspfhttpdetectaspfhttpjava-blockingdetectaspfhttpactivex-blocking#interfaceGigabitEthernet0/0/0ipaddress192.
168.
10.
1255.
255.
255.
0zonetrustdhcpselectinterfacedhcpserverdns-list8.
8.
8.
8#interfaceGigabitEthernet0/0/1ipaddress211.
1.
1.
2255.
255.
255.
0natoutbound3000zoneuntrust#iproute-static0.
0.
0.
00.
0.
0.
0GigabitEthernet0/0/1211.
1.
1.
1#user-interfacevty04authentication-modepasswordsetauthenticationpasswordcipherhuaweiuserprivilegelevel3四、公网路由器的配置#sysnameINTERNET#iphostwww.
baidu.
com100.
100.
100.
100iphostwww.
google.
com200.
200.
200.
200#dnsresolvednsserver8.
8.
8.
8dnsproxyenable#interfaceGigabitEthernet0/0/0ipaddress211.
1.
1.
1255.
255.
255.
0#interfaceNULL0#interfaceLoopBack0ipaddress100.
100.
100.
100255.
255.
255.
0#interfaceLoopBack1ipaddress200.
200.
200.
200255.
255.
255.
0#interfaceLoopBack100ipaddress8.
8.
8.
8255.
255.
255.
0#user-interfacevty04authentication-modepasswordsetauthenticationpasswordcipherhuaweiuserprivilegelevel3#五、测试PC上网pingwww.
google.
comPINGwww.
google.
com:56databytes,pressCTRL_CtobreakReplyfrom200.
200.
200.
200:bytes=56Sequence=1ttl=254time=20msReplyfrom200.
200.
200.
200:bytes=56Sequence=2ttl=254time=20msReplyfrom200.
200.
200.
200:bytes=56Sequence=3ttl=254time=10msReplyfrom200.
200.
200.
200:bytes=56Sequence=4ttl=254time=10msReplyfrom200.
200.
200.
200:bytes=56Sequence=5ttl=254time=30ms---www.
google.
compingstatistics---5packet(s)transmitted5packet(s)received0.
00%packetlossround-tripmin/avg/max=10/18/30mstelnetwww.
baidu.
comPressCTRL_]toquittelnetmodeTrying100.
100.
100.
100.
.
.
Connectedto100.
100.
100.
100.
.
.
LoginauthenticationPassword:huaweidisaccess-userInfo:Noonlineuser.
disipinterbri*down:administrativelydown^down:standby(l):loopback(s):spoofingThenumberofinterfacethatisUPinPhysicalis5ThenumberofinterfacethatisDOWNinPhysicalis1ThenumberofinterfacethatisUPinProtocolis5ThenumberofinterfacethatisDOWNinProtocolis1InterfaceIPAddress/MaskPhysicalProtocolGigabitEthernet0/0/0211.
1.
1.
1/24upupGigabitEthernet0/0/1unassigneddowndownLoopBack0100.
100.
100.
100/24upup(s)LoopBack1200.
200.
200.
200/24upup(s)LoopBack1008.
8.
8.
8/24upup(s)NULL0unassignedupup(s)六、测试网关的状态[GW]disnatsessionallNATSessionTableInformation:Protocol:ICMP(1)SrcAddrVpn:192.
168.
10.
254DestAddrVpn:200.
200.
200.
200TypeCodeIcmpId:0843997NAT-InfoNewSrcAddr:211.
1.
1.
2NewDestAddr:----NewIcmpId:10255Protocol:TCP(6)SrcAddrPortVpn:192.
168.
10.
25446273DestAddrPortVpn:100.
100.
100.
1005888NAT-InfoNewSrcAddr:211.
1.
1.
2NewSrcPort:10253NewDestAddr:----NewDestPort:----Protocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
2547109DestAddrPortVpn:8.
8.
8.
813568NAT-Info[GW]disfirewallsessionallFirewallSessionTableInformation:Protocol:TCP(6)SrcAddrPortVpn:192.
168.
10.
25446273DestAddrPortVpn:100.
100.
100.
1005888Firewall-InfoInZone:trustOutZone:untrustProtocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
2547109DestAddrPortVpn:8.
8.
8.
813568Firewall-InfoInZone:trustOutZone:untrustProtocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
2542245DestAddrPortVpn:8.
8.
8.
813568Firewall-InfoInZone:trustOutZone:untrustProtocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
25433990DestAddrPortVpn:8.
8.
8.
813568Firewall-InfoInZone:trustOutZone:untrustProtocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
2544806DestAddrPortVpn:8.
8.
8.
813568Firewall-InfoInZone:trustOutZone:untrustProtocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
2544038DestAddrPortVpn:8.
8.
8.
813568Firewall-InfoInZone:trustOutZone:untrustProtocol:TCP(6)SrcAddrPortVpn:192.
168.
10.
25421700DestAddrPortVpn:100.
100.
100.
1005888Firewall-Info博主也只是业余时间写写技术文档,请大家见谅,大家觉得不错的话,可以推荐给朋友哦,博主会努力推出更好的系列文档的.
如果大家有任何疑问或者文中有错误跟疏忽的地方,欢迎大家留言指出,博主看到后会第一时间修改,谢谢大家的支持,更多技术文章尽在网络之路博客,http://ccieh3c.
com.
0模拟NAT+Firewall+DNS+DHCP功能,主要涉及在华为路由器上面,如何实现防火墙特性、NAT、DNS、DHCP功能.
掌握目标1、路由器DHCP客户端配置(模拟PC)2、防火墙特性配置3、NAT配置4、DNS与DHCP的配置掌握一、实验拓扑:二、PC的配置#sysnamePCdhcpenablednsresolvednsserver8.
8.
8.
8#interfaceGigabitEthernet0/0/0ipaddressdhcp-alloc三、网关路由器的配置#sysnameGW#dhcpenablednsresolvednsserver8.
8.
8.
8#aclnumber3000rule5permitipsource192.
168.
10.
00.
0.
0.
255aclnumber3001rule5denyicmpicmp-typeechorule10permitip#firewallzonetrustpriority10#firewallzoneuntrustpriority5#firewallzoneLocalpriority15#firewallinterzonetrustuntrustfirewallenablepacket-filter3001inbounddetectaspfftpdetectaspfsipdetectaspfrtspdetectaspfhttpdetectaspfhttpjava-blockingdetectaspfhttpactivex-blocking#interfaceGigabitEthernet0/0/0ipaddress192.
168.
10.
1255.
255.
255.
0zonetrustdhcpselectinterfacedhcpserverdns-list8.
8.
8.
8#interfaceGigabitEthernet0/0/1ipaddress211.
1.
1.
2255.
255.
255.
0natoutbound3000zoneuntrust#iproute-static0.
0.
0.
00.
0.
0.
0GigabitEthernet0/0/1211.
1.
1.
1#user-interfacevty04authentication-modepasswordsetauthenticationpasswordcipherhuaweiuserprivilegelevel3四、公网路由器的配置#sysnameINTERNET#iphostwww.
baidu.
com100.
100.
100.
100iphostwww.
google.
com200.
200.
200.
200#dnsresolvednsserver8.
8.
8.
8dnsproxyenable#interfaceGigabitEthernet0/0/0ipaddress211.
1.
1.
1255.
255.
255.
0#interfaceNULL0#interfaceLoopBack0ipaddress100.
100.
100.
100255.
255.
255.
0#interfaceLoopBack1ipaddress200.
200.
200.
200255.
255.
255.
0#interfaceLoopBack100ipaddress8.
8.
8.
8255.
255.
255.
0#user-interfacevty04authentication-modepasswordsetauthenticationpasswordcipherhuaweiuserprivilegelevel3#五、测试PC上网pingwww.
google.
comPINGwww.
google.
com:56databytes,pressCTRL_CtobreakReplyfrom200.
200.
200.
200:bytes=56Sequence=1ttl=254time=20msReplyfrom200.
200.
200.
200:bytes=56Sequence=2ttl=254time=20msReplyfrom200.
200.
200.
200:bytes=56Sequence=3ttl=254time=10msReplyfrom200.
200.
200.
200:bytes=56Sequence=4ttl=254time=10msReplyfrom200.
200.
200.
200:bytes=56Sequence=5ttl=254time=30ms---www.
google.
compingstatistics---5packet(s)transmitted5packet(s)received0.
00%packetlossround-tripmin/avg/max=10/18/30mstelnetwww.
baidu.
comPressCTRL_]toquittelnetmodeTrying100.
100.
100.
100.
.
.
Connectedto100.
100.
100.
100.
.
.
LoginauthenticationPassword:huaweidisaccess-userInfo:Noonlineuser.
disipinterbri*down:administrativelydown^down:standby(l):loopback(s):spoofingThenumberofinterfacethatisUPinPhysicalis5ThenumberofinterfacethatisDOWNinPhysicalis1ThenumberofinterfacethatisUPinProtocolis5ThenumberofinterfacethatisDOWNinProtocolis1InterfaceIPAddress/MaskPhysicalProtocolGigabitEthernet0/0/0211.
1.
1.
1/24upupGigabitEthernet0/0/1unassigneddowndownLoopBack0100.
100.
100.
100/24upup(s)LoopBack1200.
200.
200.
200/24upup(s)LoopBack1008.
8.
8.
8/24upup(s)NULL0unassignedupup(s)六、测试网关的状态[GW]disnatsessionallNATSessionTableInformation:Protocol:ICMP(1)SrcAddrVpn:192.
168.
10.
254DestAddrVpn:200.
200.
200.
200TypeCodeIcmpId:0843997NAT-InfoNewSrcAddr:211.
1.
1.
2NewDestAddr:----NewIcmpId:10255Protocol:TCP(6)SrcAddrPortVpn:192.
168.
10.
25446273DestAddrPortVpn:100.
100.
100.
1005888NAT-InfoNewSrcAddr:211.
1.
1.
2NewSrcPort:10253NewDestAddr:----NewDestPort:----Protocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
2547109DestAddrPortVpn:8.
8.
8.
813568NAT-Info[GW]disfirewallsessionallFirewallSessionTableInformation:Protocol:TCP(6)SrcAddrPortVpn:192.
168.
10.
25446273DestAddrPortVpn:100.
100.
100.
1005888Firewall-InfoInZone:trustOutZone:untrustProtocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
2547109DestAddrPortVpn:8.
8.
8.
813568Firewall-InfoInZone:trustOutZone:untrustProtocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
2542245DestAddrPortVpn:8.
8.
8.
813568Firewall-InfoInZone:trustOutZone:untrustProtocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
25433990DestAddrPortVpn:8.
8.
8.
813568Firewall-InfoInZone:trustOutZone:untrustProtocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
2544806DestAddrPortVpn:8.
8.
8.
813568Firewall-InfoInZone:trustOutZone:untrustProtocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
2544038DestAddrPortVpn:8.
8.
8.
813568Firewall-InfoInZone:trustOutZone:untrustProtocol:TCP(6)SrcAddrPortVpn:192.
168.
10.
25421700DestAddrPortVpn:100.
100.
100.
1005888Firewall-Info博主也只是业余时间写写技术文档,请大家见谅,大家觉得不错的话,可以推荐给朋友哦,博主会努力推出更好的系列文档的.
如果大家有任何疑问或者文中有错误跟疏忽的地方,欢迎大家留言指出,博主看到后会第一时间修改,谢谢大家的支持,更多技术文章尽在网络之路博客,http://ccieh3c.
com.
MineServer:洛杉矶CN2 GIA VPS/512MB内存/20GB NVME/800GB流量/200Mbps/KVM,58元/季
mineserver怎么样?mineserver是一家国人商家,主要提供香港CN2 KVM VPS、香港CMI KVM VPS、日本CN2 KVM VPS、洛杉矶cn2 gia端口转发等服务,之前介绍过几次,最近比较活跃。这家新推出了洛杉矶CN2 GIA VPS,512MB内存/20GB NVME/800GB流量/200Mbps/KVM,58元/季,并且进行了带宽升级,同时IP更改为美国IP。点击...
VoLLcloud7折月付$3,香港CMI云服务器原生IP解锁,香港VoLLcloud
vollcloud怎么样?vollcloud LLC创立于2020年,是一家以互联网基础业务服务为主的 技术型企业,运营全球数据中心业务。VoLLcloud LLC针对新老用户推出全场年付产品7折促销优惠,共30个,机会难得,所有产品支持3日内无条件退款,同时提供产品免费体验。目前所有产品中,“镇店之宝”产品性价比高,适用大部分用户基础应用,卖的也是最好,同时,在这里感谢新老用户的支持和信任,我们...
美得云(15元/月)美国cera 2核4G 15元/月 香港1核 1G 3M独享
美得云怎么样?美得云好不好?美得云是第一次来推广软文,老板人脾气特别好,能感觉出来会用心对待用户。美得云这次为大家提供了几款性价比十分高的产品,美国cera 2核4G 15元/月 香港1核 1G 3M独享 15元/月,并且还提供了免费空间给大家使用。嘻嘻 我也打算去白嫖一个空间了。新用户注册福利-8折优惠码:H2dmBKbF 截止2021.10.1结束。KVM架构,99.99%高可用性,依托BGP...
华为无线路由猫为你推荐
-
uctuationchrome支持ipadAnthemmycss3圆角css实现圆角的几种方法是什么?ipadwifiIpad怎么用移动无线上网iexplore.exe应用程序错误iexplore.exe应用程序错误联通版iphone4s联通版iPhone4s 用联通3G卡好还是移动的好icloudiphone苹果6显示已停用请连接itunes什么意思win7关闭135端口win7系统 怎么关闭135 445 端口 修改注册表 创建IP安全策略 也试过 就是关不了 还望高手指教win7关闭135端口win7系统怎么关闭135端口?网上很多方法都不好用!