华为AR1220路由器配置参数实际应用实例解说一.docx

华为AR1220路由器配置参数实际应用实例解说一配置参数[GZ]dis cu[V200R001C00SPC200] //路由器软件版本，可从官方网站下载#sysname GZ //路由器名字GZ ftp server enable //ftp 服务开通以便拷贝出配置文件备份#voice#http server port 1025 //httpundo http server enable#drop illegal-mac alarm#l2tp aging 0#vlan batch 10 20 30 40 50 //本路由器设置的VLAN ID#igmp global limit 256# multicast routing-enable //开启组播#dhcp enable //全局下开启DHCP服务然后在各VLAN上开启单独的DHCP#ipvpn-instance 1ipv4-family#acl number 2000rule 10 permit#acl number 2001 //以太网访问规则列表。 rule 6 permit source 55 //允许此网段访问外网 rule 7 permit source 55 //允许此网段访问外网rule 8 permit source //允许此网段的前三个IP访问外网 rule 9 deny //不允许其他网段访问外网#acl number 3000 //此规则并未应用rule 40 permit ip source 55 destination 55#acl number 3001//定义两个网段主机互不访问，学生不能访问65网段。rule 5 deny ip source 55 destination 55rule 10 deny ip source 55 destination 55#aaa //默认视图窗口定义本地登录帐号和密码authentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain defaultdomaindefault_admin local-user admin password cipher ]MQ;4\]B+4Z,YWX*NZ55OA!!local-user admin service-type telnet web httplocal-userdfwd password cipher VE5U!@7QCO;V2HX\]\,1!!local-userdfwd privilege level 15local-userdfwd service-type telnet terminal web httplocal-userhuawei password cipher RY,UPVHCMV+Q=^Q`MAF41!! //新建用户dfwd密码 local-user huawei ftp-directory flash: //该用户名默认配置指向的ftp路径 local-user huawei service-type ftp // 该用户采用FTP访问#firewall zone trust //定义信任区域 priority 15 //定义信任区域下的策略#firewall zone untrust //定义不信任区域 priority 1 //定义不信任区域下的策略#firewall interzone trust untrust //配置安全域间 firewall enable//该安全域间启用防火墙 packet-filter 3001 inbound //入口执行3001规则 packet-filter 3001 outbound //出口执行3001规则packet-filter default deny outbound#interface Vlanif10ip address 00 //定义vlan的网关地址和子网掩码pimdm //组播协议需开启的功能igmp enable //组播协议需开启的功能 zone trust //定义VLAN是信任区域#interface Vlanif20 ip address 40 //定义vlan的网关地址和子网掩码pimdm //组播协议需开启的功能igmp enable//组播协议需开启的功能 zone trust//定义VLAN是信任区域#interface Vlanif30ip address 52 //定义vlan的网关地址和子网掩码pimdm //组播协议需开启的功能igmp enable //组播协议需开启的功能