首先配置路由器的接口的ip地址,参考命令如下:
[R1]interfacee0
[R1-Ethernet0]ip add 192.168.2.1 24
[R1]interfacee1
[R1-Ethernet1]ip add192.192.169.10 24 //这里假设出口ip是192.192.169.10
然后配置地址转换,参考命令如下:
[R1]acl number 2000 //在vrp为3.4的路由器上,2000-2999表示basic acl
[R1-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255(地址掩码的反码)
[R1-acl-basic-2000]rule deny source any
#这个访问控制列表定义了IP源地址为192.168.2.0/24的外出数据包
[R1] interface e 1
[R1-Ethernet1]nat server protocol tcp global 192.192.169.10ip) inside 192.168.2.1(内网网关E0的ip)
(E1的
[R1-Ethernet1] nat outbound 2000(acl的编号)
[R1]ip route-static 0.0.0.0 0.0.0.0 192.192.169.10
#上面设置了路由器的E0和E1端口IP地址,并在路由表中添加缺省路由。
配置实例:
[Quidway]dis cur
#
sysname Quidway
#
super password level 3 cipher1^S=\\(G5!WGQ=^Q`MAF4<1!!
#
nat address-group 1 10.63.128.4110.63.128.45
#
radius scheme system
#
domain system
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
service-type telnet terminal
level 3
service-type ftp
local-user datapart
password cipher 1^S=\\(G5!WGQ=^Q`MAF4<1!!
service-type telnet
level 3
local-user sjb
password cipher 1^S=\\(G5!WGQ=^Q`MAF4<1!!
service-type telnet
level 3
#
acl number 2000
rule 0 permit source 10.65.160.0 0.0.0.255
rule 1 permit source 10.65.170.0 0.0.0.255
rule 2 permit source 10.65.162.0 0.0.0.255
rule 3 deny
#
interface Aux0
async mode flow
#
interface Ethernet0/0
ip address dhcp-alloc
#
interface Ethernet0/1
ip address dhcp-alloc
#
interface Ethernet3/0
ip address 10.63.128.55 255.255.255.0
nat outbound 2000
nat server protocol tcp global 10.63.128.55 anyinside 10.65.156.100 any
#
interface Ethernet3/1
ip address 10.65.156.27 255.255.128.0
#
interfaceNULL0
#
FTP server enable
#
ip route-static 0.0.0.0 0.0.0.0 10.65.155.0preference 60
ip route-static 10.0.0.0 255.0.0.0 10.63.128.251preference 60
ip route-static 10.65.155.18 255.255.255.25510.65.155.0 preference 60
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
因篇幅问题不能全部显示,请点此查看更多更全内容