Secpath+做nat一对多

Secpath 10F/100F 做nat一对多

acl nu 3000

rule permit ip so 192.168.1.0 0.0.0.255

rule deny ip

int e2/0

des wan

ip add 100.100.100.1 24 替换为相应外网地址

nat ou 3000

int e1/0

des lan

ip add 192.168.1.1 24

firewall zone trust 注意:防火墙的接口使用前必须加入一个域add int e1/0

firewall zone untrust

add int e2/0

firwall pac def permit

ip route 0.0.0.0 0 100.100.100.254

quidway 100N 做一对多nasyst

[Quidway]acl number 3000

[Quidway-acl-adv-3000]rule permit ip source 192.168.1.0 0.0.0.255 [Quidway-acl-adv-3000]rule deny ip

[Quidway-acl-adv-3000]interface eth0/0

[Quidway-Ethernet0/0]description wan

[Quidway-Ethernet0/0]ip add 210.40.20.140 25

[Quidway-Ethernet0/0]nat outbound 3000

[Quidway-Ethernet0/0]interface eth0/1

[Quidway-Ethernet0/1]description lan

[Quidway-Ethernet0/1]ip add 192.168.1.254 24

[Quidway]ip route 0.0.0.0 0 210.40.20.254

DHCP配置:

[Quidway]dhcp enable

[Quidway]interface e0/1

[Quidway-Ethernet0/1]dhcp select interface

[Quidway-Ethernet0/1]quit

[Quidway]dhcp server forbidden-ip 192.168.1.1 192.168.1.9 [Quidway]dhcp server forbidden-ip 192.168.1.254

[Quidway]interface e0/1

[Quidway-Ethernet0/1]dhcp server expired day 0 hour 4

[Quidway-Ethernet0/1]dhcp server domain-name netlab

[Quidway-Ethernet0/1]dhcp server dns-list 210.x.0.33

备注:该方法采用接口dhcp server模式,网关地址为自动设为接口IP地址