静态NAT+Telnet配置

散逸 网工 600 阅读

NAT_Telnet.png
测试Telnet.png


dis cu                      //
#
sysname R1                      //
#
undo info-center enable                      //
#
aaa                      //
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
 local-user admin service-type http
#
firewall zone Local
 priority 16
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Serial0/0/0
 link-protocol ppp
#
interface Serial0/0/1
 link-protocol ppp
#
interface Serial0/0/2
 link-protocol ppp
#
interface Serial0/0/3
 link-protocol ppp
#
interface GigabitEthernet0/0/0                      //
 ip address 202.10.1.2 255.255.255.248                      //
 nat static global 202.10.1.3 inside 10.1.1.2 netmask 255.255.255.255                      //
 nat static global 202.10.1.4 inside 10.1.2.2 netmask 255.255.255.255                      //
 nat static global 202.10.1.5 inside 10.1.3.2 netmask 255.255.255.255                      //
#
interface GigabitEthernet0/0/1                      //
 ip address 10.1.1.1 255.255.255.0                      //
#
interface GigabitEthernet0/0/2                      //
 ip address 10.1.2.1 255.255.255.0                      //
#
interface GigabitEthernet0/0/3                      //
 ip address 10.1.3.1 255.255.255.0                      //
#
wlan
#
interface NULL0
#
ospf 1                      //
 area 0.0.0.0                      //
  network 202.10.1.0 0.0.0.255                      //
  network 10.1.1.0 0.0.0.255                      //
  network 10.1.2.0 0.0.0.255                      //
  network 10.1.3.0 0.0.0.255                      //
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return


dis cu                      //
#
sysname R2                      //
#
undo info-center enable                      //
#
acl number 2000                      //
 rule 5 permit source 10.1.1.2 0                      //
 rule 10 deny                      //
#
aaa                      //
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password cipher SA>!,p*-7Z]@l3D+mKgUzz+#                      //密码加密了
 local-user admin service-type telnet                      //
#
firewall zone Local
 priority 16
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Serial0/0/0
 link-protocol ppp
#
interface Serial0/0/1
 link-protocol ppp
#
interface Serial0/0/2
 link-protocol ppp
#
interface Serial0/0/3
 link-protocol ppp
#
interface GigabitEthernet0/0/0                      //
 ip address 202.10.1.1 255.255.255.248                      //
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
ospf 1                      //
 area 0.0.0.0                      //
  network 202.10.1.0 0.0.0.255                      //
#
user-interface con 0
user-interface vty 0 4                      //
 acl 2000 inbound                      //
 authentication-mode aaa                      //
 user privilege level 2                      //
user-interface vty 16 20                      //
#
return

命令:
R1:
[Huawei]sysname R1
[R1]un in en
Info: Information center is disabled.

[R1]interface GigabitEthernet0/0/0
[R1-GigabitEthernet0/0/0]ip a
[R1-GigabitEthernet0/0/0]ip address 202.10.1.2 29
[R1-GigabitEthernet0/0/0]q

[R1]interface GigabitEthernet0/0/1
[R1-GigabitEthernet0/0/1]ip a
[R1-GigabitEthernet0/0/1]ip address 10.1.1.1 24
[R1-GigabitEthernet0/0/1]q

[R1]interface GigabitEthernet0/0/2
[R1-GigabitEthernet0/0/2]ip address 10.1.2.1 24

[R1]int
[R1]interface GigabitEthernet0/0/3

[R1-GigabitEthernet0/0/3]ip address 10.1.3.1 24
[R1]ospf

[R1-ospf-1]area 0

[R1-ospf-1-area-0.0.0.0]network 202.10.1.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]network 10.1.2.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]network 10.1.3.0 0.0.0.255

[R1]interface GigabitEthernet0/0/0
[R1-GigabitEthernet0/0/0]nat static global 202.10.1.3 inside 10.1.1.2
[R1-GigabitEthernet0/0/0]nat static global 202.10.1.4 inside 10.1.2.2
[R1-GigabitEthernet0/0/0]nat static global 202.10.1.5 inside 10.1.3.2

R2:
[Huawei]sysname R2
[R2]un in en
Info: Information center is disabled.

[R2]interface GigabitEthernet0/0/0

[R2-GigabitEthernet0/0/0]ip address 202.10.1.1 29

[R2-ospf-1-area-0.0.0.0]network 202.10.1.0 0.0.0.7

[R2]user-interface vty 0 4
[R2-ui-vty0-4]user privilege level 2
[R2-ui-vty0-4]authentication-mode aaa

[R2]aaa

[R2-aaa]local-user admin password cipher admin

[R2-aaa]local-user admin service-type telnet

[R2]acl 2001
[R2-acl-basic-2001]rule 10 permit source 10.1.1.2 0.0.0.255
[R2-acl-basic-2001]rule 15 deny source any
[R2-acl-basic-2001]q
[R2]user-interface vty 0 4

[R2-ui-vty0-4]acl 2001 inbound
[R2-ui-vty0-4]q

[R2]display acl 2001
Basic ACL 2001, 2 rules
ACL's step is 5
rule 10 permit source 10.1.1.0 0.0.0.255 (0 times matched)
rule 15 deny (0 times matched)

[R2]

版权声明:
作者:散逸
链接:https://eee.run/2020-01-07/136.html
来源:散逸-博客-导航
文章版权归作者所有,未经允许请勿转载。

THE END
分享
二维码
< <上一篇
下一篇>>