中兴路由器配制
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
Building configuration...
!
!
ip dhcp enable(开启DHCP功能)
ip dhcp server dns 211.138.106.2 211.138.106.7(设置分配给客户的DNS地址)
ip dhcp server leasetime 18000
ip dhcp server update arp
!
ip dhcp-client disable
!
urpf log off
!
ip local pool conflict-ip 254
ip local pool dhcp 10.10.10.2 10.10.10.254 255.255.255.0(配置地址池,地址池名字为DHCP,等下在接口下引用这个名字)
!
mac-filter permit all
!
blacklist disable
!
!
interface null1
!
interface fei_0/1(连接公网的接口)
ip address 192.168.11.2 255.255.255.192
negotiation auto
ip nat outside(做为nat的outside口)
!
interface fei_0/2(连接内网的接口)
ip address 10.10.10.1 255.255.255.0(配置内网接口ip地址)
peer default ip pool dhcp(确定内网pc机使用哪个地址池,地址名字为dhcp)negotiation auto
ip dhcp mode server(在接口下使能dhcp功能)
ip dhcp server gateway 10.10.10.1(配置分配的默认网关地址)
ip nat inside(作为nat的inside接口)
!
interface fei_0/3
negotiation auto
!
!
reference clock local
!
ip nat max-entry-number 64
ip nat start(启用nat功能)
ip nat inside source list 1 interface fei_0/1 (配置允许内网地址进行nat转换,并且转换后的地址为外网接口fei——0/1地址)
ip nat translation timeout class a 20
ip nat translation timeout class b 60
ip nat translation timeout class c 150
ip nat translation timeout class d 300
ip nat translation timeout class e 1200
ip nat translation timeout protocol icmp a
ip nat translation timeout protocol ip d
ip nat translation timeout protocol tcp port 80 a
ip nat translation timeout protocol tcp d
ip nat translation timeout protocol udp port 4000 d
ip nat translation timeout protocol udp port 4001 d
ip nat translation timeout protocol udp port 4002 d
ip nat translation timeout protocol udp port 4003 d
ip nat translation timeout protocol udp port 8000 d
ip nat translation timeout protocol udp port 8001 d
ip nat translation timeout protocol udp c
ip nat translation maximal default 65535
!
ip route 0.0.0.0 0.0.0.0 192.168.11.1(添加一条默认出口路由)
!
voice class service
!
!
ip prefix-list 1 seq 5 permit 10.10.10.0 24
!
!
no ipv6 nat enable
!
!
!
acl standard number 1(配置访问列表,用于允许哪些地址进行nat转换,在上面被引用)rule 1 permit 10.10.10.0 0.0.0.255
!
!
!
ip tcp intercept mode intercept
ip tcp intercept drop-mode oldest
ip tcp intercept watch-timeout 30
ip tcp intercept finrst-timeout 5
ip tcp intercept connection-timeout 86400
ip tcp intercept max-incomplete high 1100
ip tcp intercept max-incomplete low 900