华为18-20配置笔记.doc

华为18-20配置笔记 Byduke1010 发表于 2006-4-14 13:50:00前段时间刚换上HW-AR-18-20路由，用者还不错，就是不支持WEB设置这一点不太友好。初次配置，用随机附带的终端线连接PC，建立终端配置，废话不说了，具体配置如下：注：配置中为待命状态， 为配置状态。sysQuidwayint eth 1/0 /对内网进行配置Quidway-Ethernet1/0ip add 24 /添加内网IPQuidway-Ethernet1/0tcp mss 1024Quidway-Ethernet1/0int eth 2/0 /对公网进行配置Quidway-Ethernet2/0ip add （IP）xx.xx.xx.xx （掩码）xx.xx.xx.xx /添加公网IP及掩码Quidway-Ethernet2/0tcp mss 1024 Quidway-Ethernet2/0quQuidwayacl num 2000 /NAT 转换时ACLQuidway-acl-basic-2000rule per sou 55 Quidway-acl-basic-2000rule deny sou anyQuidway-acl-basic-2000quQuidwayacl num 3000 /防病毒ACL 下面是依次添加防火墙：会很累，建议复制吧：）Quidway-acl-adv-3000rule deny udp sou any dest any destination-port eq tftpQuidway-acl-adv-3000rule deny tcp sou any dest any destination-port eq 135 Quidway-acl-adv-3000rule deny udp sou any dest any destination-port eq 135 Quidway-acl-adv-3000rule deny udp sou any dest any destination-port eq netbios-ns Quidway-acl-adv-3000rule deny udp sou any dest any destination-port eq netbios-dgm Quidway-acl-adv-3000rule deny tcp sou any dest any destination-port eq 139 Quidway-acl-adv-3000rule deny udp sou any dest any destination-port eq netbios-ssn Quidway-acl-adv-3000rule deny tcp sou any dest any destination-port eq 445 Quidway-acl-adv-3000rule deny udp sou any dest any destination-port eq 445 Quidway-acl-adv-3000rule deny tcp sou any dest any destination-port eq 539 Quidway-acl-adv-3000rule deny udp sou any dest any destination-port eq 539 Quidway-acl-adv-3000rule deny udp sou any dest any destination-port eq 593 Quidway-acl-adv-3000rule deny tcp sou any dest any destination-port eq 593 Quidway-acl-adv-3000rule deny udp sou any dest any destination-port eq 1434 Quidway-acl-adv-3000rule deny udp sou any dest any destination-port eq 1433Quidway-acl-adv-3000rule deny tcp sou any dest any destination-port eq 4444 Quidway-acl-adv-3000rule deny tcp sou any dest any destination-port eq 9996 Quidway-acl-adv-3000rule deny tcp sou any dest any destination-port eq 5554 Quidway-acl-adv-3000rule deny udp sou any dest any destination-port eq 9996 Quidway-acl-adv-3000rule deny udp sou any dest any destination-port eq 5554 Quidway-acl-adv-3000rule deny tcp sou any dest any destination-port eq 137 Quidway-acl-adv-3000rule deny tcp sou any dest any destination-port eq 138 Quidway-acl-adv-3000rule deny tcp sou any dest any destination-port eq 1025 Quidway-acl-adv-3000rule deny udp sou any dest any destination-port eq 1025 Quidway-acl-adv-3000rule deny tcp sou any dest any destination-port eq 9995 Quidway-acl-adv-3000rule deny udp sou any dest any destination-port eq 9995 Quidway-acl-adv-3000rule deny tcp sou any dest any destination-port eq 1068 Quidway-acl-adv-3000rule deny udp sou any dest any destination-port eq 1068 Quidway-acl-adv-3000rule deny tcp sou any dest any destination-port eq 1023 Quidway-acl-adv-3000rule deny udp sou any dest any destination-port eq 1023Quidway-acl-adv-3000quQuidwayint eth 1/0Quidway-Ethernet1/0fi pack 3000 inQuidway-Ethernet1/0int eth 2/0Quidway-Ethernet2/0nat out 2000Quidway-Ethernet1/0quQuidwayip rou /缺省路由下面是添加路由用户及密码，其中添加了telnet访问，以便日后通过网络控制路由：Quidwaylocal-user admin password simple 123456Quidwaylocal-user admin service-type telnetQuidwaylocal-user admin level 3 /用户等级QuidwayqusaThe configuration will be written to the device. Are you sure?Y/NyPlease input the file name(*.cfg)flash:/config.cfg:Now saving current configuration to the device. Saving configuration flash:/config.cfg. Please wait.至此，基本配置完毕！如果用户想增加ssh登陆的话。可以在下面状态配置：Quidwayrsa local-key-pair create /生成本地密匙对Quidwayuser-interface vty 0 4 /进入vty视图Quidway-ui-vty0-4authentication-modee scheme /设置scheme认证Quidway-ui-vty0-4quQuidwaylocal-user adminQuidway-user-adminservice-type ssh /设置服务类型为sshQuidway-user-adminlevel 3Quidway-user-adminquQuidwayssh user admin authentication-type pssword /设置SSH用户验证方式为passwordQuidwaydomain systemQuidway-isp-systemscheme local /使用本地认证方案Quidway-isp-systemquQui