华三H3C-ICG3000B路由器NAT配置脚本
#
sysname H3C-ICG3000B
#
arp source-suppression enable //开启ARP功能
arp source-suppression limit 30 //开启arp源抑制功能
#
arp anti-attack valid-check enable //开启ARP报文源MAC地址一致性检查功能
#
arp anti-attack active-ack enable //开启ARP主动确认功能
#
arp fixup //开启ARP固化功能
#
nat address-group 1 183.224.220.49 183.224.220.49 // 公网址组
#
domain default enable system
#
telnet server enable
#
undo ip http enable
#
acl number 2001 //允许的地址段
rule 1 permit source 10.128.0.0 0.0.0.255
rule 255 deny
#
dhcp server ip-pool 1 // DHCP地址池
network 192.168.0.0 mask 255.255.255.0
gateway-list 10.128.0.1
dns-list 211.139.29.170 211.139.29.150 //指定DNS
#
local-user xxxxxxxxx //新增用户名,密码 并开启telnet功能
password cipher xxxxxx
authorization-attribute level 3
service-type telnet
#
interface Ethernet0/0
port link-mode route
ip address 10.128.0.1 255.255.255.0
arp scan 10.128.0.1 to 10.128.0.254 //开启ARP固化功能
#
interface Ethernet0/1
port link-mode route
nat outbound 2001 address-group 1 //NAT 出方向 转换为内部允许的地址段 2001 外部是 address-group 1
ip address 183.224.160.49 255.255.255.192
#
ip route-static 0.0.0.0 0.0.0.0 183.224.160.1
#
dhcp enable /// 打开DHCP功协
dhcp server forbidden-ip 192.168.0.55 192.168.0.254 ///DHCP 禁止DHCP分配的地址
#
user-interface vty 0 4
authentication-mode scheme
#