Secpath 10F/100F 做nat一对多
acl nu 3000
rule permit ip so 192.168.1.0 0.0.0.255
rule deny ip
int e2/0
des wan
ip add 100.100.100.1 24 替换为相应外网地址
nat ou 3000
int e1/0
des lan
ip add 192.168.1.1 24
firewall zone trust 注意:防火墙的接口使用前必须加入一个域add int e1/0
firewall zone untrust
add int e2/0
firwall pac def permit
ip route 0.0.0.0 0 100.100.100.254
quidway 100N 做一对多nasyst
[Quidway]acl number 3000
[Quidway-acl-adv-3000]rule permit ip source 192.168.1.0 0.0.0.255 [Quidway-acl-adv-3000]rule deny ip
[Quidway-acl-adv-3000]interface eth0/0
[Quidway-Ethernet0/0]description wan
[Quidway-Ethernet0/0]ip add 210.40.20.140 25
[Quidway-Ethernet0/0]nat outbound 3000
[Quidway-Ethernet0/0]interface eth0/1
[Quidway-Ethernet0/1]description lan
[Quidway-Ethernet0/1]ip add 192.168.1.254 24
[Quidway]ip route 0.0.0.0 0 210.40.20.254
DHCP配置:
[Quidway]dhcp enable
[Quidway]interface e0/1
[Quidway-Ethernet0/1]dhcp select interface
[Quidway-Ethernet0/1]quit
[Quidway]dhcp server forbidden-ip 192.168.1.1 192.168.1.9 [Quidway]dhcp server forbidden-ip 192.168.1.254
[Quidway]interface e0/1
[Quidway-Ethernet0/1]dhcp server expired day 0 hour 4
[Quidway-Ethernet0/1]dhcp server domain-name netlab
[Quidway-Ethernet0/1]dhcp server dns-list 210.x.0.33
备注:该方法采用接口dhcp server模式,网关地址为自动设为接口IP地址