标签:network firewall 十六进制 number interface
dhcp enable 开启dhcp
dhcp server ip-pool pool 建立dhcp名称
network 172.16.18.0 mask 255.255.255.0 地址段
gateway-list 172.16.18.1 网关
dns-list 202.106.0.20 DNS
expired day 8 租用天数
option 43 hex 800B0000 02AC1267 03AC1267 04 十六进制 (无线用的)
dhcp server forbidden-ip 172.16.18.1 排除地址
dhcp server forbidden-ip 172.16.18.254
acl number 2000
rule 0 permit source 172.16.18.0 0.0.255.255 允许做地址转换
firewall zone trust
add interface GigabitEthernet1/1
set priority 85
interface GigabitEthernet1/1
description link to S5500
ip address 172.16.18.1 255.255.255.0 内网地址
firewall zone untrust
add interface GigabitEthernet1/0
set priority 5
interface GigabitEthernet1/0 外网口
ip address 106.120.223.242 255.255.255.0 公网地址
nat outbound 2000 address-group 1
nat server protocol tcp global 106.120.223.254 9900 inside 172.16.18.100 9900 端口映射
nat server protocol udp global 106.120.223.254 9904 inside 172.16.18.100 9904
nat static enable
nat static outbound 172.16.18.100 106.120.205.100
nat address-group 1 106.120.205.24 106.120.205.24 用户NAT的地址池
ip route-static 0.0.0.0 0.0.0.0 106.120.223.240 静态路由
nat log enable 开启nat日志
display nat all 显示所有nat配置信息
reset nat session 清除nat缓存
标签:network firewall 十六进制 number interface
原文地址:http://maguangjie.blog.51cto.com/11214671/1767080
