中兴路由器NAT配置

ZXR10# sh run
Building configuration...
!
!
ip dhcp enable
ip dhcp server dns 222.74.1.200
ip dhcp server leasetime 90
ip dhcp server update arp
!
ip dhcp-client disable
!
urpf log off
!
ip local pool conflict-ip 10
ip local pool 10 192.168.10.2 192.168.10.254 255.255.255.0
ip local pool 20 192.168.20.2 192.168.20.254 255.255.255.0
ip local pool 30 192.168.30.2 192.168.30.254 255.255.255.0
!
mac-filter permit all
!
blacklist disable
!
!
interface null1
out_index 1
!
interface cellular1
out_index 2
!
interface cellular2
out_index 3
!
interface fei_1/1
out_index 9
negotiation auto
!
interface fei_1/2
out_index 10
negotiation auto
!
interface fei_1/3
out_index 11
negotiation auto
!
interface fei_1/4
out_index 12
negotiation auto
!
interface fei_0/1
out_index 4
negotiation auto
!
interface fei_0/1.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
out_index 13
peer default ip pool 10
ip access-group 100 in
ip access-group 100 out
ip dhcp mode server
ip dhcp server gateway 192.168.10.1
ip nat inside
!
interface fei_0/1.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
out_index 14
peer default ip pool 20
ip access-group 100 in
ip access-group 100 out
ip dhcp mode server
ip dhcp server gateway 192.168.20.1
ip nat inside
!
interface fei_0/1.30
encapsulation dot1Q 30
ip address 192.168.30.1 255.255.255.0
out_index 15
peer default ip pool 30
ip access-group 100 in
ip access-group 100 out
ip dhcp mode server
ip dhcp server gateway 192.168.30.1
ip nat inside
!
interface fei_0/1.100
encapsulation dot1Q 100
ip address 192.168.100.1 255.255.255.0
out_index 16
!
interface fei_0/2
out_index 5
negotiation auto
!
interface gei_0/3
ip address 123.178.171.46 255.255.255.252
out_index 6
hybrid-attribute copper
no negotiation auto
speed 100
ip nat outside
!
interface gei_0/4
out_index 7
hybrid-attribute copper
negotiation auto
!
interface gei_0/5
out_index 8
hybrid-attribute copper
no negotiation auto
!
!
reference clock local
!
ip nat max-entry-number 64
ip nat start
ip nat inside source list 10 interface fei_0/1
ip nat inside source list 10 interface gei_0/3
ip nat translation timeout class a 20
ip nat translation timeout class b 60
ip nat translation timeout class c 150
ip nat translation timeout class d 300
ip nat translation timeout class e 1200
ip nat translation timeout protocol icmp a
ip nat translation timeout protocol ip d
ip nat translation timeout protocol tcp port 80 a
ip nat translation timeout protocol tcp d
ip nat translation timeout protocol udp port 4000 d
ip nat translation timeout protocol udp port 4001 d
ip nat translation timeout protocol udp port 4002 d
ip nat translation timeout protocol udp port 4003 d
ip nat translation timeout protocol udp port 8000 d
ip nat translati

on timeout protocol udp port 8001 d
ip nat translation timeout protocol udp c
ip nat translation maximal default 65535
!
ip route 0.0.0.0 0.0.0.0 123.178.171.45
!
voice class service
!
!
no ipv6 nat enable
!
!
time-range disable
!
acl standard number 10
rule 1 permit any
!
acl extended number 100
rule 1 permit ip 192.168.10.0 0.0.0.255 192.168.10.1 0.0.0.0
rule 2 permit ip 192.168.20.0 0.0.0.255 192.168.20.1 0.0.0.0
rule 3 permit ip 192.168.30.0 0.0.0.255 192.168.30.1 0.0.0.0
rule 4 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
rule 5 permit ip any any
!
!
!
ip tcp intercept mode intercept
ip tcp intercept drop-mode oldest
ip tcp intercept watch-timeout 30
ip tcp intercept finrst-timeout 5
ip tcp intercept connection-timeout 86400
ip tcp intercept max-incomplete high 1100
ip tcp intercept max-incomplete low 900
ip tcp intercept one-minute high 1100
ip tcp intercept one-minute low 900
!
nas
!
version V4.8.01.B.01
!
nvram mng-ip-address 10.40.88.9 255.255.0.0
!
nvram boot-username target
!
nvram boot-password target
!
nvram boot-server 10.40.88.171
!
nvram imgfile-location local
!
hostname ZXR10
!
forward re-fragment time 6
!
enable secret level 15 5 RcMLuUKvnFZX9kNAV6A/UA==
!
username zxr10 password zsr
username zte password zte
!
user-authentication-type local
user-authorization-type local
!
line console 0
no login authentication
!
banner incoming @

*****************************************************
Welcome to ZXR10 ZSR Serial Router of ZTE Corporation
*****************************************************
@
!
!
lfap disable
lfap max-send-fun-size 100
lfap update-interval 60
lfap server-retry-interval 60
lfap message-response-interval 60
lfap ka-interval 60
lfap flow-expired-time 600
!
!
!
snmp-server location No.68 Zijinghua Rd. Yuhuatai District, Nanjing, China
snmp-server contact +86-25-52870000
snmp-server packetsize 1400
snmp-server engine-id 830900020300010289d64401
snmp-server view AllView internet included
snmp-server view DefaultView system included
!
!
logging on
logging buffer 200
logging mode fullcycle
logging console notifications
logging level notifications
logging cmdlog-interval 2880
logging timestamps datetime localtime
alarm cpuload-on
alarm cpuload-interval 30
alarm cpuload-threshold high-grade 95 middle-grade 85 low-grade 75
syslog-server facility local0
!
line console idle-timeout 120
line console absolute-timeout 1440
line telnet idle-timeout 120
line telnet absolute-timeout 1440
!
ssh server authentication ispgroup 1
ssh server authentication mode local
ssh server authentication type chap
no ssh server only
ssh server version 2
!
!
radius auto-change off
!
!
!
radius server-port-check off
!
!
tacacs disable
tacacs-server timeout 60
tacacs-server packet 1024
!
!
amat disable
system monitor on
!
ip stream

disable
!
end