华为路由交换由浅入深系列(十二):ENSP2.0
华为无线路由猫 时间:2021-05-19 阅读:()
模拟NAT+Firewall+DNS+DHCP功能ENSP2.
0模拟NAT+Firewall+DNS+DHCP功能,主要涉及在华为路由器上面,如何实现防火墙特性、NAT、DNS、DHCP功能.
掌握目标1、路由器DHCP客户端配置(模拟PC)2、防火墙特性配置3、NAT配置4、DNS与DHCP的配置掌握一、实验拓扑:二、PC的配置#sysnamePCdhcpenablednsresolvednsserver8.
8.
8.
8#interfaceGigabitEthernet0/0/0ipaddressdhcp-alloc三、网关路由器的配置#sysnameGW#dhcpenablednsresolvednsserver8.
8.
8.
8#aclnumber3000rule5permitipsource192.
168.
10.
00.
0.
0.
255aclnumber3001rule5denyicmpicmp-typeechorule10permitip#firewallzonetrustpriority10#firewallzoneuntrustpriority5#firewallzoneLocalpriority15#firewallinterzonetrustuntrustfirewallenablepacket-filter3001inbounddetectaspfftpdetectaspfsipdetectaspfrtspdetectaspfhttpdetectaspfhttpjava-blockingdetectaspfhttpactivex-blocking#interfaceGigabitEthernet0/0/0ipaddress192.
168.
10.
1255.
255.
255.
0zonetrustdhcpselectinterfacedhcpserverdns-list8.
8.
8.
8#interfaceGigabitEthernet0/0/1ipaddress211.
1.
1.
2255.
255.
255.
0natoutbound3000zoneuntrust#iproute-static0.
0.
0.
00.
0.
0.
0GigabitEthernet0/0/1211.
1.
1.
1#user-interfacevty04authentication-modepasswordsetauthenticationpasswordcipherhuaweiuserprivilegelevel3四、公网路由器的配置#sysnameINTERNET#iphostwww.
baidu.
com100.
100.
100.
100iphostwww.
google.
com200.
200.
200.
200#dnsresolvednsserver8.
8.
8.
8dnsproxyenable#interfaceGigabitEthernet0/0/0ipaddress211.
1.
1.
1255.
255.
255.
0#interfaceNULL0#interfaceLoopBack0ipaddress100.
100.
100.
100255.
255.
255.
0#interfaceLoopBack1ipaddress200.
200.
200.
200255.
255.
255.
0#interfaceLoopBack100ipaddress8.
8.
8.
8255.
255.
255.
0#user-interfacevty04authentication-modepasswordsetauthenticationpasswordcipherhuaweiuserprivilegelevel3#五、测试PC上网pingwww.
google.
comPINGwww.
google.
com:56databytes,pressCTRL_CtobreakReplyfrom200.
200.
200.
200:bytes=56Sequence=1ttl=254time=20msReplyfrom200.
200.
200.
200:bytes=56Sequence=2ttl=254time=20msReplyfrom200.
200.
200.
200:bytes=56Sequence=3ttl=254time=10msReplyfrom200.
200.
200.
200:bytes=56Sequence=4ttl=254time=10msReplyfrom200.
200.
200.
200:bytes=56Sequence=5ttl=254time=30ms---www.
google.
compingstatistics---5packet(s)transmitted5packet(s)received0.
00%packetlossround-tripmin/avg/max=10/18/30mstelnetwww.
baidu.
comPressCTRL_]toquittelnetmodeTrying100.
100.
100.
100.
.
.
Connectedto100.
100.
100.
100.
.
.
LoginauthenticationPassword:huaweidisaccess-userInfo:Noonlineuser.
disipinterbri*down:administrativelydown^down:standby(l):loopback(s):spoofingThenumberofinterfacethatisUPinPhysicalis5ThenumberofinterfacethatisDOWNinPhysicalis1ThenumberofinterfacethatisUPinProtocolis5ThenumberofinterfacethatisDOWNinProtocolis1InterfaceIPAddress/MaskPhysicalProtocolGigabitEthernet0/0/0211.
1.
1.
1/24upupGigabitEthernet0/0/1unassigneddowndownLoopBack0100.
100.
100.
100/24upup(s)LoopBack1200.
200.
200.
200/24upup(s)LoopBack1008.
8.
8.
8/24upup(s)NULL0unassignedupup(s)六、测试网关的状态[GW]disnatsessionallNATSessionTableInformation:Protocol:ICMP(1)SrcAddrVpn:192.
168.
10.
254DestAddrVpn:200.
200.
200.
200TypeCodeIcmpId:0843997NAT-InfoNewSrcAddr:211.
1.
1.
2NewDestAddr:----NewIcmpId:10255Protocol:TCP(6)SrcAddrPortVpn:192.
168.
10.
25446273DestAddrPortVpn:100.
100.
100.
1005888NAT-InfoNewSrcAddr:211.
1.
1.
2NewSrcPort:10253NewDestAddr:----NewDestPort:----Protocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
2547109DestAddrPortVpn:8.
8.
8.
813568NAT-Info[GW]disfirewallsessionallFirewallSessionTableInformation:Protocol:TCP(6)SrcAddrPortVpn:192.
168.
10.
25446273DestAddrPortVpn:100.
100.
100.
1005888Firewall-InfoInZone:trustOutZone:untrustProtocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
2547109DestAddrPortVpn:8.
8.
8.
813568Firewall-InfoInZone:trustOutZone:untrustProtocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
2542245DestAddrPortVpn:8.
8.
8.
813568Firewall-InfoInZone:trustOutZone:untrustProtocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
25433990DestAddrPortVpn:8.
8.
8.
813568Firewall-InfoInZone:trustOutZone:untrustProtocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
2544806DestAddrPortVpn:8.
8.
8.
813568Firewall-InfoInZone:trustOutZone:untrustProtocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
2544038DestAddrPortVpn:8.
8.
8.
813568Firewall-InfoInZone:trustOutZone:untrustProtocol:TCP(6)SrcAddrPortVpn:192.
168.
10.
25421700DestAddrPortVpn:100.
100.
100.
1005888Firewall-Info博主也只是业余时间写写技术文档,请大家见谅,大家觉得不错的话,可以推荐给朋友哦,博主会努力推出更好的系列文档的.
如果大家有任何疑问或者文中有错误跟疏忽的地方,欢迎大家留言指出,博主看到后会第一时间修改,谢谢大家的支持,更多技术文章尽在网络之路博客,http://ccieh3c.
com.
0模拟NAT+Firewall+DNS+DHCP功能,主要涉及在华为路由器上面,如何实现防火墙特性、NAT、DNS、DHCP功能.
掌握目标1、路由器DHCP客户端配置(模拟PC)2、防火墙特性配置3、NAT配置4、DNS与DHCP的配置掌握一、实验拓扑:二、PC的配置#sysnamePCdhcpenablednsresolvednsserver8.
8.
8.
8#interfaceGigabitEthernet0/0/0ipaddressdhcp-alloc三、网关路由器的配置#sysnameGW#dhcpenablednsresolvednsserver8.
8.
8.
8#aclnumber3000rule5permitipsource192.
168.
10.
00.
0.
0.
255aclnumber3001rule5denyicmpicmp-typeechorule10permitip#firewallzonetrustpriority10#firewallzoneuntrustpriority5#firewallzoneLocalpriority15#firewallinterzonetrustuntrustfirewallenablepacket-filter3001inbounddetectaspfftpdetectaspfsipdetectaspfrtspdetectaspfhttpdetectaspfhttpjava-blockingdetectaspfhttpactivex-blocking#interfaceGigabitEthernet0/0/0ipaddress192.
168.
10.
1255.
255.
255.
0zonetrustdhcpselectinterfacedhcpserverdns-list8.
8.
8.
8#interfaceGigabitEthernet0/0/1ipaddress211.
1.
1.
2255.
255.
255.
0natoutbound3000zoneuntrust#iproute-static0.
0.
0.
00.
0.
0.
0GigabitEthernet0/0/1211.
1.
1.
1#user-interfacevty04authentication-modepasswordsetauthenticationpasswordcipherhuaweiuserprivilegelevel3四、公网路由器的配置#sysnameINTERNET#iphostwww.
baidu.
com100.
100.
100.
100iphostwww.
google.
com200.
200.
200.
200#dnsresolvednsserver8.
8.
8.
8dnsproxyenable#interfaceGigabitEthernet0/0/0ipaddress211.
1.
1.
1255.
255.
255.
0#interfaceNULL0#interfaceLoopBack0ipaddress100.
100.
100.
100255.
255.
255.
0#interfaceLoopBack1ipaddress200.
200.
200.
200255.
255.
255.
0#interfaceLoopBack100ipaddress8.
8.
8.
8255.
255.
255.
0#user-interfacevty04authentication-modepasswordsetauthenticationpasswordcipherhuaweiuserprivilegelevel3#五、测试PC上网pingwww.
google.
comPINGwww.
google.
com:56databytes,pressCTRL_CtobreakReplyfrom200.
200.
200.
200:bytes=56Sequence=1ttl=254time=20msReplyfrom200.
200.
200.
200:bytes=56Sequence=2ttl=254time=20msReplyfrom200.
200.
200.
200:bytes=56Sequence=3ttl=254time=10msReplyfrom200.
200.
200.
200:bytes=56Sequence=4ttl=254time=10msReplyfrom200.
200.
200.
200:bytes=56Sequence=5ttl=254time=30ms---www.
google.
compingstatistics---5packet(s)transmitted5packet(s)received0.
00%packetlossround-tripmin/avg/max=10/18/30mstelnetwww.
baidu.
comPressCTRL_]toquittelnetmodeTrying100.
100.
100.
100.
.
.
Connectedto100.
100.
100.
100.
.
.
LoginauthenticationPassword:huaweidisaccess-userInfo:Noonlineuser.
disipinterbri*down:administrativelydown^down:standby(l):loopback(s):spoofingThenumberofinterfacethatisUPinPhysicalis5ThenumberofinterfacethatisDOWNinPhysicalis1ThenumberofinterfacethatisUPinProtocolis5ThenumberofinterfacethatisDOWNinProtocolis1InterfaceIPAddress/MaskPhysicalProtocolGigabitEthernet0/0/0211.
1.
1.
1/24upupGigabitEthernet0/0/1unassigneddowndownLoopBack0100.
100.
100.
100/24upup(s)LoopBack1200.
200.
200.
200/24upup(s)LoopBack1008.
8.
8.
8/24upup(s)NULL0unassignedupup(s)六、测试网关的状态[GW]disnatsessionallNATSessionTableInformation:Protocol:ICMP(1)SrcAddrVpn:192.
168.
10.
254DestAddrVpn:200.
200.
200.
200TypeCodeIcmpId:0843997NAT-InfoNewSrcAddr:211.
1.
1.
2NewDestAddr:----NewIcmpId:10255Protocol:TCP(6)SrcAddrPortVpn:192.
168.
10.
25446273DestAddrPortVpn:100.
100.
100.
1005888NAT-InfoNewSrcAddr:211.
1.
1.
2NewSrcPort:10253NewDestAddr:----NewDestPort:----Protocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
2547109DestAddrPortVpn:8.
8.
8.
813568NAT-Info[GW]disfirewallsessionallFirewallSessionTableInformation:Protocol:TCP(6)SrcAddrPortVpn:192.
168.
10.
25446273DestAddrPortVpn:100.
100.
100.
1005888Firewall-InfoInZone:trustOutZone:untrustProtocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
2547109DestAddrPortVpn:8.
8.
8.
813568Firewall-InfoInZone:trustOutZone:untrustProtocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
2542245DestAddrPortVpn:8.
8.
8.
813568Firewall-InfoInZone:trustOutZone:untrustProtocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
25433990DestAddrPortVpn:8.
8.
8.
813568Firewall-InfoInZone:trustOutZone:untrustProtocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
2544806DestAddrPortVpn:8.
8.
8.
813568Firewall-InfoInZone:trustOutZone:untrustProtocol:UDP(17)SrcAddrPortVpn:192.
168.
10.
2544038DestAddrPortVpn:8.
8.
8.
813568Firewall-InfoInZone:trustOutZone:untrustProtocol:TCP(6)SrcAddrPortVpn:192.
168.
10.
25421700DestAddrPortVpn:100.
100.
100.
1005888Firewall-Info博主也只是业余时间写写技术文档,请大家见谅,大家觉得不错的话,可以推荐给朋友哦,博主会努力推出更好的系列文档的.
如果大家有任何疑问或者文中有错误跟疏忽的地方,欢迎大家留言指出,博主看到后会第一时间修改,谢谢大家的支持,更多技术文章尽在网络之路博客,http://ccieh3c.
com.
美得云(15元/月)美国cera 2核4G 15元/月 香港1核 1G 3M独享
美得云怎么样?美得云好不好?美得云是第一次来推广软文,老板人脾气特别好,能感觉出来会用心对待用户。美得云这次为大家提供了几款性价比十分高的产品,美国cera 2核4G 15元/月 香港1核 1G 3M独享 15元/月,并且还提供了免费空间给大家使用。嘻嘻 我也打算去白嫖一个空间了。新用户注册福利-8折优惠码:H2dmBKbF 截止2021.10.1结束。KVM架构,99.99%高可用性,依托BGP...
华纳云E5处理器16G内存100Mbps688元/月
近日华纳云商家正式上线了美国服务器产品,这次美国机房上线的产品包括美国云服务器、美国独立服务器、美国高防御服务器以及美国高防云服务器等产品,新产品上线华纳云推出了史上优惠力度最高的特价优惠活动,美国云服务器低至3折,1核心1G内存5Mbps带宽低至24元/月,20G ddos高防御服务器低至688元/月,年付周期再送2个月、两年送4个月、三年送6个月,终身续费同价,有需要的朋友可以关注一下。华纳云...
HostKvm(4.25美)香港和俄罗斯高防机房云服务器
HostKvm 商家我们算是比较熟悉的国内商家,商家主要还是提供以亚洲数据中心,以及直连海外线路的服务商。这次商家有新增香港和俄罗斯两个机房的高防服务器方案。默认提供30GB防御,且目前半价优惠至4.25美元起步,其他方案的VPS主机还是正常的八折优惠。我们看看优惠活动。香港和俄罗斯半价优惠:2021fall,限购100台。通用优惠码:2021 ,八折优惠全部VPS。我们看看具体的套餐。1、香港高...
华为无线路由猫为你推荐
-
徐州微信5支持ipad存在问题的应用软件名单(2020年第四批)支持ipad支持ipad支持ipadDescriptionios5重庆网通重庆联通现在有哪些资费???eacceleratorW3S是什么意思win7关闭445端口win7系统怎么关闭445和135这两个端口