华为USG防火墙配置实例脚本-PPPOE
PPPOE分两部分:PPPOE-Server(例如ADSL局端)和PPPoE Client(ADSL拨号上网。客户端)PPPOE-Server:G0/0接WAN、G0/1接局域网。客户端通过PPPOE拨号拿IP上网。公网IP 129.7.66.2/24、网关129.7.66.1,局域网拨到拿1.1.1.2/8-100的IP典型应用:小区宽带、酒店等。============================firewall mode routeinterface GigabitEthernet 0/0ip address 129.7.66.2 24ip route-static 0.0.0.0 0.0.0.0 129.7.66.1firewall zone trustadd interface GigabitEthernet 0/1firewall zone untrustadd interface GigabitEthernet 0/0firewall packet-filter default permit all#------------------------------------interface Virtual-Template 1ppp authentication-mode papip address 1.1.1.1 255.0.0.0remote address pool 1firewall zone trustadd interface Virtual-Template 1interface GigabitEthernet 0/1pppoe-server bind Virtual-Template 1#------------------------------------aaalocal-user usg3000 password simple usg3000ip pool 1 1.1.1.2 1.1.1.100#-----------------------------------acl 2001rule 0 permit source 1.1.1.0 0.255.255.255firewall interzone trust untrustnat outbound 2001=============================PPPOE-Client防火墙G0/0上接ADSL MODEM、局域网G0/1用IP192.168.1.1/24做网关。防火墙自动拨号。上网。用户名1234密码123==========================================================================firewall zone trustadd interface GigabitEthernet 0/1firewall zone untrustadd interface GigabitEthernet 0/0firewall packet-filter default permit allinterface GigabitEthernet 0/1ip address 192.168.1.0 24#-----------------------------------------interface Dialer 1link-protocol pppppp pap local-user 123 password simple 123ip address ppp-negotiatedialer user usg3000dialer bundle 1firewall zone untrustadd interface Dialer 1#-----------------------------------------interface GigabitEthernet 0/0pppoe-client dial-bundle-number 1ip route-static 0.0.0.0 0.0.0.0 dialer1#---------------------------------------acl 2001rule 0 permit source 192.168.1.0 0.0.0.255firewall interzone trust untrustnat outbound 2001
本文来源:https://www.2haoxitong.net/k/doc/7f00e76748d7c1c708a14560.html
文档为doc格式