Ley
文章
105
分类
7
评论
0

家庭组网最佳实践

| 运维归档
字数总计 2830 | 阅读时长 7分钟 | 阅读量 10

1、核心路由器AR161W-S配置

##配置PPPoE拨号(Dialer接口)
system-view
interface Dialer1
 dialer user t532017******       # ISP提供的PPPoE用户名
 dialer bundle 1                 # 绑定拨号组1
 ppp chap user t532017******     # CHAP认证用户名
 ppp chap password cipher 260*** # CHAP认证密码
 quit

2、配置VLAN和子接口

# 创建VLAN1和VLAN2
[Huawei]vlan batch 100 200

# 配置VLAN100接口
[Huawei]interface Vlanif 100                      
[Huawei-Vlanif100]ip address 192.168.100.1 255.255.255.0   # 配置VLAN100的网关
[Huawei-Vlanif100]quit


# 配置VLAN200接口
[Huawei]interface Vlanif 200                    
[Huawei-Vlanif200]ip address 192.168.200.1 255.255.255.0   # 配置VLAN200的网关
[Huawei-Vlanif200]quit

3. 配置DHCP服务

# 配置VLAN100的DHCP地址池
[Huawei]ip pool vlan100
[Huawei-ip-pool-vlan100]network 192.168.100.0 mask 255.255.255.0
[Huawei-ip-pool-vlan100]gateway-list 192.168.100.1
[Huawei-ip-pool-vlan100]dns-list 192.168.100.1 223.5.5.5
[Huawei-ip-pool-vlan100]quit

# 配置VLAN2的DHCP地址池
[Huawei]ip pool vlan200
[Huawei-ip-pool-vlan200]network 192.168.200.0 mask 255.255.255.0
[Huawei-ip-pool-vlan200]gateway-list 192.168.200.1
[Huawei-ip-pool-vlan200]dns-list 192.168.200.1 223.5.5.5
[Huawei-ip-pool-vlan200]quit

# 启用DHCP服务并绑定到VLAN接口
[Huawei]interface Vlanif100
[Huawei-Vlanif100]dhcp select global 
[Huawei-Vlanif100]quit
[Huawei]interface vlan200
[Huawei-Vlanif200]dhcp select global 
[Huawei-Vlanif200]quit

4.配置NAT(地址转换)

# 创建ACL匹配VLAN1/2的内网网段
[Huawei]acl number 2999
[Huawei-acl-basic-GigabitEthernet0/0/4]rule 5 permit source 192.168.100.0 0.0.0.255  # 允许VLAN100流量
[Huawei-acl-basic-GigabitEthernet0/0/4]rule 10 permit source 192.168.200.0 0.0.0.255 # 允许VLAN200流量
[Huawei]quit

# 在PPPoE接口(Dialer1)上启用NAT
[Huawei]interface Dialer 1
[Huawei-Dialer1]nat outbound 2999                           # 将ACL 2999的流量做源地址转换
[Huawei-Dialer1]quit

5.配置ACL(VLAN100可访问VLAN200)

# 允许VLAN100访问VLAN200
acl number 3000
 rule 5 permit ip source 192.168.100.0 0.0.0.255 destination 192.168.200.0 0.0.0.255
 quit
# 禁止VLAN200访问VLAN100
acl number 3001
 rule 5 deny ip source 192.168.200.0 0.0.0.255 destination 192.168.100.0 0.0.0.255
 quit
# 应用ACL到接口
interface Vlanif100
 traffic-filter inbound acl 3001
 quit
interface Vlanif200
 traffic-filter inbound acl 3000
 quit

文章作者: Lukey
本文链接:
版权声明: 本站所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自 三多运维
运维归档 VLAN
喜欢就支持一下吧