h3c secpath f100-c的一些配置

先说刚刚上电后的初始化配置

sys

firewall packet-filter enable

firewall packet-filter default permit

区域配置

firewall zone trust

add interface ethernet 1/0

quit

firewall zone untrust

add interface ethernet 2/0

quit

接口配置

int e2/0

ip address 10.0.0.1 255.255.255.0

duplex full

speed 10

int e1/0

ip add 172.20.0.1 255.255.0.0

duplex full

speed 10

允许网页配置

undo ip http shutdown

配置用户登陆

local user huawei

password simple huawei

service type telnet

level 3

配置telnet远程登录

user-interface vty 0 4

authentication-mode schem/password

user privilage 3

开启防范功能

firewall defend all

save

reboot

配置dhcp

dhcp enable

dhcp server ip-pool 0

network 172.20.0.0 mask 255.255.0.0

gateway-list 172.20.0.1

dns-list 172.20.0.1

配置nat

nat static 172.20.0.2 10.0.0.2

nat address-group 0 10.0.0.3 10.0.0.100

acl number 2000

rule permit source 172.20.0.0 0.0.255.255

int e2/0

nat outbound static //一对一

// nat oubound 2000 多对一 外网ip即wan接口地址 easy nat

nat outbound 2000 address-group 0 //多对多 nopat

nat server protocal tcp global 10.0.0.111 www inside 172.20.0.2 www