华为路由交换由浅入深系列(十二):ENSP2.0
华为无线路由猫 时间:2021-05-19 阅读:()
模拟NAT+Firewall+DNS+DHCP功能ENSP2.
0模拟NAT+Firewall+DNS+DHCP功能,主要涉及在华为路由器上面,如何实现防火墙特性、NAT、DNS、DHCP功能.
掌握目标1、路由器DHCP客户端配置(模拟PC)2、防火墙特性配置3、NAT配置4、DNS与DHCP的配置掌握一、实验拓扑:二、PC的配置#sysnamePCdhcpenablednsresolvednsserver8.
8.
8.
8#interfaceGigabitEthernet0/0/0ipaddressdhcp-alloc三、网关路由器的配置#sysnameGW#dhcpenablednsresolvednsserver8.
8.
8.
8#aclnumber3000rule5permitipsource192.
168.
10.
00.
0.
0.
255aclnumber3001rule5denyicmpicmp-typeechorule10permitip#firewallzonetrustpriority10#firewallzoneuntrustpriority5#firewallzoneLocalpriority15#firewallinterzonetrustuntrustfirewallenablepacket-filter3001inbounddetectaspfftpdetectaspfsipdetectaspfrtspdetectaspfhttpdetectaspfhttpjava-blockingdetectaspfhttpactivex-blocking#interfaceGigabitEthernet0/0/0ipaddress192.
168.
10.
1255.
255.
255.
0zonetrustdhcpselectinterfacedhcpserverdns-list8.
8.
8.
8#interfaceGigabitEthernet0/0/1ipaddress211.
1.
1.
2255.
255.
255.
0natoutbound3000zoneuntrust#iproute-static0.
0.
0.
00.
0.
0.
0GigabitEthernet0/0/1211.
1.
1.
1#user-interfacevty04authentication-modepasswordsetauthenticationpasswordcipherhuaweiuserprivilegelevel3四、公网路由器的配置#sysnameINTERNET#iphostwww.
baidu.
com100.
100.
100.
100iphostwww.
google.
com200.
200.
200.
200#dnsresolvednsserver8.
8.
8.
8dnsproxyenable#interfaceGigabitEthernet0/0/0ipaddress211.
1.
1.
1255.
255.
255.
0#interfaceNULL0#interfaceLoopBack0ipaddress100.
100.
100.
100255.
255.
255.
0#interfaceLoopBack1ipaddress200.
200.
200.
200255.
255.
255.
0#interfaceLoopBack100ipaddress8.
8.
8.
8255.
255.
255.
0#user-interfacevty04authentication-modepasswordsetauthenticationpasswordcipherhuaweiuserprivilegelevel3#五、测试PC上网pingwww.
google.
comPINGwww.
google.
com:56databytes,pressCTRL_CtobreakReplyfrom200.
200.
200.
200:bytes=56Sequence=1ttl=254time=20msReplyfrom200.
200.
200.
200:bytes=56Sequence=2ttl=254time=20msReplyfrom200.
200.
200.
200:bytes=56Sequence=3ttl=254time=10msReplyfrom200.
200.
200.
200:bytes=56Sequence=4ttl=254time=10msReplyfrom200.
200.
200.
200:bytes=56Sequence=5ttl=254time=30ms---www.
google.
compingstatistics---5packet(s)transmitted5packet(s)received0.
00%packetlossround-tripmin/avg/max=10/18/30mstelnetwww.
baidu.
comPressCTRL_]toquittelnetmodeTrying100.
100.
100.
100.
.
.
Connectedto100.
100.
100.
100.
.
.
LoginauthenticationPassword:huaweidisaccess-userInfo:Noonlineuser.
disipinterbri*down:administrativelydown^down:standby(l):loopback(s):spoofingThenumberofinterfacethatisUPinPhysicalis5ThenumberofinterfacethatisDOWNinPhysicalis1ThenumberofinterfacethatisUPinProtocolis5ThenumberofinterfacethatisDOWNinProtocolis1InterfaceIPAddress/MaskPhysicalProtocolGigabitEthernet0/0/0211.
1.
1.
1/24upupGigabitEthernet0/0/1unassigneddowndownLoopBack0100.
100.
100.
100/24upup(s)LoopBack1200.
200.
200.
200/24upup(s)LoopBack1008.
8.
8.
8/24upup(s)NULL0unassignedupup(s)六、测试网关的状态[GW]disnatsessionallNATSessionTableInformation:Protocol:ICMP(1)SrcAddrVpn:192.
168.
10.
254DestAddrVpn:200.
200.
200.
200TypeCodeIcmpId:0843997NAT-InfoNewSrcAddr:211.
1.
1.
2NewDestAddr:----NewIcmpId:10255Protocol:TCP(6)SrcAddrPortVpn:192.
168.
10.
25446273DestAddrPortVpn:100.
100.
100.
1005888NAT-InfoNewSrcAddr:211.
1.
1.
2NewSrcPort:10253NewDestAddr:----NewDestPort:----Protocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
2547109DestAddrPortVpn:8.
8.
8.
813568NAT-Info[GW]disfirewallsessionallFirewallSessionTableInformation:Protocol:TCP(6)SrcAddrPortVpn:192.
168.
10.
25446273DestAddrPortVpn:100.
100.
100.
1005888Firewall-InfoInZone:trustOutZone:untrustProtocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
2547109DestAddrPortVpn:8.
8.
8.
813568Firewall-InfoInZone:trustOutZone:untrustProtocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
2542245DestAddrPortVpn:8.
8.
8.
813568Firewall-InfoInZone:trustOutZone:untrustProtocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
25433990DestAddrPortVpn:8.
8.
8.
813568Firewall-InfoInZone:trustOutZone:untrustProtocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
2544806DestAddrPortVpn:8.
8.
8.
813568Firewall-InfoInZone:trustOutZone:untrustProtocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
2544038DestAddrPortVpn:8.
8.
8.
813568Firewall-InfoInZone:trustOutZone:untrustProtocol:TCP(6)SrcAddrPortVpn:192.
168.
10.
25421700DestAddrPortVpn:100.
100.
100.
1005888Firewall-Info博主也只是业余时间写写技术文档,请大家见谅,大家觉得不错的话,可以推荐给朋友哦,博主会努力推出更好的系列文档的.
如果大家有任何疑问或者文中有错误跟疏忽的地方,欢迎大家留言指出,博主看到后会第一时间修改,谢谢大家的支持,更多技术文章尽在网络之路博客,http://ccieh3c.
com.
0模拟NAT+Firewall+DNS+DHCP功能,主要涉及在华为路由器上面,如何实现防火墙特性、NAT、DNS、DHCP功能.
掌握目标1、路由器DHCP客户端配置(模拟PC)2、防火墙特性配置3、NAT配置4、DNS与DHCP的配置掌握一、实验拓扑:二、PC的配置#sysnamePCdhcpenablednsresolvednsserver8.
8.
8.
8#interfaceGigabitEthernet0/0/0ipaddressdhcp-alloc三、网关路由器的配置#sysnameGW#dhcpenablednsresolvednsserver8.
8.
8.
8#aclnumber3000rule5permitipsource192.
168.
10.
00.
0.
0.
255aclnumber3001rule5denyicmpicmp-typeechorule10permitip#firewallzonetrustpriority10#firewallzoneuntrustpriority5#firewallzoneLocalpriority15#firewallinterzonetrustuntrustfirewallenablepacket-filter3001inbounddetectaspfftpdetectaspfsipdetectaspfrtspdetectaspfhttpdetectaspfhttpjava-blockingdetectaspfhttpactivex-blocking#interfaceGigabitEthernet0/0/0ipaddress192.
168.
10.
1255.
255.
255.
0zonetrustdhcpselectinterfacedhcpserverdns-list8.
8.
8.
8#interfaceGigabitEthernet0/0/1ipaddress211.
1.
1.
2255.
255.
255.
0natoutbound3000zoneuntrust#iproute-static0.
0.
0.
00.
0.
0.
0GigabitEthernet0/0/1211.
1.
1.
1#user-interfacevty04authentication-modepasswordsetauthenticationpasswordcipherhuaweiuserprivilegelevel3四、公网路由器的配置#sysnameINTERNET#iphostwww.
baidu.
com100.
100.
100.
100iphostwww.
google.
com200.
200.
200.
200#dnsresolvednsserver8.
8.
8.
8dnsproxyenable#interfaceGigabitEthernet0/0/0ipaddress211.
1.
1.
1255.
255.
255.
0#interfaceNULL0#interfaceLoopBack0ipaddress100.
100.
100.
100255.
255.
255.
0#interfaceLoopBack1ipaddress200.
200.
200.
200255.
255.
255.
0#interfaceLoopBack100ipaddress8.
8.
8.
8255.
255.
255.
0#user-interfacevty04authentication-modepasswordsetauthenticationpasswordcipherhuaweiuserprivilegelevel3#五、测试PC上网pingwww.
google.
comPINGwww.
google.
com:56databytes,pressCTRL_CtobreakReplyfrom200.
200.
200.
200:bytes=56Sequence=1ttl=254time=20msReplyfrom200.
200.
200.
200:bytes=56Sequence=2ttl=254time=20msReplyfrom200.
200.
200.
200:bytes=56Sequence=3ttl=254time=10msReplyfrom200.
200.
200.
200:bytes=56Sequence=4ttl=254time=10msReplyfrom200.
200.
200.
200:bytes=56Sequence=5ttl=254time=30ms---www.
google.
compingstatistics---5packet(s)transmitted5packet(s)received0.
00%packetlossround-tripmin/avg/max=10/18/30mstelnetwww.
baidu.
comPressCTRL_]toquittelnetmodeTrying100.
100.
100.
100.
.
.
Connectedto100.
100.
100.
100.
.
.
LoginauthenticationPassword:huaweidisaccess-userInfo:Noonlineuser.
disipinterbri*down:administrativelydown^down:standby(l):loopback(s):spoofingThenumberofinterfacethatisUPinPhysicalis5ThenumberofinterfacethatisDOWNinPhysicalis1ThenumberofinterfacethatisUPinProtocolis5ThenumberofinterfacethatisDOWNinProtocolis1InterfaceIPAddress/MaskPhysicalProtocolGigabitEthernet0/0/0211.
1.
1.
1/24upupGigabitEthernet0/0/1unassigneddowndownLoopBack0100.
100.
100.
100/24upup(s)LoopBack1200.
200.
200.
200/24upup(s)LoopBack1008.
8.
8.
8/24upup(s)NULL0unassignedupup(s)六、测试网关的状态[GW]disnatsessionallNATSessionTableInformation:Protocol:ICMP(1)SrcAddrVpn:192.
168.
10.
254DestAddrVpn:200.
200.
200.
200TypeCodeIcmpId:0843997NAT-InfoNewSrcAddr:211.
1.
1.
2NewDestAddr:----NewIcmpId:10255Protocol:TCP(6)SrcAddrPortVpn:192.
168.
10.
25446273DestAddrPortVpn:100.
100.
100.
1005888NAT-InfoNewSrcAddr:211.
1.
1.
2NewSrcPort:10253NewDestAddr:----NewDestPort:----Protocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
2547109DestAddrPortVpn:8.
8.
8.
813568NAT-Info[GW]disfirewallsessionallFirewallSessionTableInformation:Protocol:TCP(6)SrcAddrPortVpn:192.
168.
10.
25446273DestAddrPortVpn:100.
100.
100.
1005888Firewall-InfoInZone:trustOutZone:untrustProtocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
2547109DestAddrPortVpn:8.
8.
8.
813568Firewall-InfoInZone:trustOutZone:untrustProtocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
2542245DestAddrPortVpn:8.
8.
8.
813568Firewall-InfoInZone:trustOutZone:untrustProtocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
25433990DestAddrPortVpn:8.
8.
8.
813568Firewall-InfoInZone:trustOutZone:untrustProtocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
2544806DestAddrPortVpn:8.
8.
8.
813568Firewall-InfoInZone:trustOutZone:untrustProtocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
2544038DestAddrPortVpn:8.
8.
8.
813568Firewall-InfoInZone:trustOutZone:untrustProtocol:TCP(6)SrcAddrPortVpn:192.
168.
10.
25421700DestAddrPortVpn:100.
100.
100.
1005888Firewall-Info博主也只是业余时间写写技术文档,请大家见谅,大家觉得不错的话,可以推荐给朋友哦,博主会努力推出更好的系列文档的.
如果大家有任何疑问或者文中有错误跟疏忽的地方,欢迎大家留言指出,博主看到后会第一时间修改,谢谢大家的支持,更多技术文章尽在网络之路博客,http://ccieh3c.
com.
Dataideas:$1.5/月KVM-1GB/10G SSD/无限流量/休斯顿(德州)_主机域名
Dataideas是一家2019年成立的国外VPS主机商,提供基于KVM架构的VPS主机,数据中心在美国得克萨斯州休斯敦,主机分为三个系列:AMD Ryzen系列、Intel Xeon系列、大硬盘系列,同时每个系列又分为共享CPU和独立CPU系列,最低每月1.5美元起。不过需要注意,这家没有主页,你直接访问根域名是空白页的,还好他们的所有套餐支持月付,相对风险较低。下面以Intel Xeon系列共...
2021年国内/国外便宜VPS主机/云服务器商家推荐整理
2021年各大云服务商竞争尤为激烈,因为云服务商家的竞争我们可以选择更加便宜的VPS或云服务器,这样成本更低,选择空间更大。但是,如果我们是建站用途或者是稳定项目的,不要太过于追求便宜VPS或便宜云服务器,更需要追求稳定和服务。不同的商家有不同的特点,而且任何商家和线路不可能一直稳定,我们需要做的就是定期观察和数据定期备份。下面,请跟云服务器网(yuntue.com)小编来看一下2021年国内/国...
ZJI韩国BGP+CN2服务器,440元起
ZJI又上新了!商家是原Wordpress圈知名主机商:维翔主机,成立于2011年,2018年9月启用新域名ZJI,提供中国香港、台湾、日本、美国独立服务器(自营/数据中心直营)租用及VDS、虚拟主机空间、域名注册等业务。本次商家新上韩国BGP+CN2线路服务器,国内三网访问速度优秀,适用8折优惠码,优惠后韩国服务器最低每月440元起。韩国一型CPU:Intel 2×E5-2620 十二核二十四线...
华为无线路由猫为你推荐
-
Createdwin7重要产品信息指南支持ipad模式ios8支持ipad支持ipadxp如何关闭445端口请大家帮帮忙,怎样关闭135和445端口?win7telnet怎样在win7下打开telnet 命令win7telnetwindows7旗舰版中telnet在哪canvas2html5创建两个canvas后,怎么回到第一个canvas