电工技术基础_电工基础知识_电工之家-电工学习网

欢迎来到电工学习网!
电工基础知识 电工技术基础 电工维修知识 电工安全知识
PLC学习资料 电工基础知识 电工技术基础 电工维修知识 电工安全知识 电工考证知识
电工技术基础_电工基础知识_电工之家-电工学习网电工学习网
当前位置:电工学习网 > 电工技术基础 > 电子技术 >

中兴M6000的NAT装备指令

2017-04-07 15:40分类:电子技术 阅读:

 

中兴M6000的NAT装备指令
1、树立私网地址的vbui接口
interface vbui101
description nat-pppoe-pool
ip address 100.64.0.1 255.255.0.0

2、树立acl源地址为nat私网地址
ipv4-access-list nat
rule 1 permit 100.64.0.0 0.0.255.255

3、装备cgn
cgn
advanced-nat-service //这儿面是翻开运用层网关,NAT根柢都需要
advanced-nat-service enable
dns-alg enable
ftp-alg enable
icmp-alg enable
pptp-alg enable
$
cgn-pool nat-pppoe-1 poolid 1
pool-type port-range 4096 allowed-range 4096 65535 //界说端口计划
section 1 x.y.20.1 x.y.21.254 //这儿面界说公网地址池
section 2 x.y.22.1 x.y.23.254
section 3 x.y.56.1 x.y.57.254
section 4 x.y.58.1 x.y.59.254
$
domain 1001 type bras ipv4-issued //树立一个nat domain域
dynamic source rule-id 1 ipv4-list nat permit pool nat-pppoe-1 //这儿界说私网地址池有关的公网pool,这儿是私网nat有关nat-pppoe-1
$

4、装备授权模板
先装备一个aaa-authorization-template
aaa-authorization-template 101
aaa-authorization-type mix-radius //设为mix-radius,估量是恰当于none和radius一同都能够
subscriber-manage
authorization-template 101
bind aaa-author-template 101 //绑定前面树立的模板
bind nat-domain 1001 //绑定之前在cgn里边树立的nat domain
nat-type inside //指明nat类型,要设置为inside
user-priority-input 0
l2tp tunnel-client-endpoint ip x.y.174.3 //这个要依据BAS的loopback地址来改
//在授权模板里边还能够对用户进行手艺限速,一般一般拨号的不必这么做,由radisu限速,只需经过dhcp接入的才进行手艺限速
sub-car-input ipv4 cir 10240 cbs 512
sub-car-output ipv4 cir 10240 cbs 512

5、树立域
subscriber-manage

domain 101
bind authentication-template 101 //认证和记帐都跟一般的相同
bind authorization-template 101 //首要是授官僚绑定之前树立的授权模板
bind accounting-template 101
alias nat-pppoe
alias NAT-PPPOE

6、树立vbui接口地址池
跟一般的地址池相同,仅仅需要指定portrange-poolid,即咱们在cgn里边树立的pool
vbui-configuration
interface vbui101
ip-pool pool-name nat-pppoe-pool-1 pool-id 5
access-domain nat-pppoe
access-domain NAT-PPPOE
pppoe-dns-server 202.103.225.68
pppoe-dns-server 202.103.224.68 second
portrange-poolid 1 //留心这个要指定之前cgn树立的pool
member 1
start-ip 100.64.0.2 end-ip 100.64.15.255
$
member 2
start-ip 100.64.16.0 end-ip 100.64.31.255
$
member 3
start-ip 100.64.32.0 end-ip 100.64.47.255
$
member 4
start-ip 100.64.48.0 end-ip 100.64.63.255
$
$
ip-pool pool-name nat-pppoe-pool-2 pool-id 39
access-domain nat-pppoe
access-domain NAT-PPPOE
pppoe-dns-server 202.103.225.68
pppoe-dns-server 202.103.224.68 second
portrange-poolid 1 //留心这个要指定之前cgn树立的pool
member 1
start-ip 100.64.64.0 end-ip 100.64.79.255
$
member 2
start-ip 100.64.80.0 end-ip 100.64.95.255
$
member 3
start-ip 100.64.96.0 end-ip 100.64.111.255
$
member 4
start-ip 100.64.112.0 end-ip 100.64.127.255
$
$
$

中兴M6000-16X又纷歧样

1、树立私网地址的vbui接口
interface vbui2
description nat-pppoe-pool
ip address 100.64.0.1 255.255.0.0

2、树立acl源地址为nat私网地址
ipv4-access-list nat
rule 1 permit 100.64.0.0 0.0.255.255

3、装备cgn
cgn nat 1
location //这儿面跟之前M6000纷歧样,需要指定cgn板卡
node 1 SPU-0/7/1
node 2 SPU-0/7/2
node 3 SPU-0/7/3
node 4 SPU-0/7/4
node 5 SPU-0/10/1
node 6 SPU-0/10/2
node 7 SPU-0/10/3
node 8 SPU-0/10/4
$
advanced-service
enable
alg ftp enable icmp enable dns enable pptp enable
$
cgn-pool nat-pppoe-1 poolid 1 mode pat //这儿面要指定办法为pat
port-range enable 4096
port-allowed-range 4096 65535
section 1 x.y.4.1 x.y.7.254
section 2 x.y.72.1 x.y.75.254
section 3 x.y.110.1 x.y.111.254
$
domain nat-pppoe 1 type bras ipv4-issued //这儿也跟早年纷歧样,M6000是有nat domain的,但16X则没有,只需一般的域
dynamic source rule-id 1 ipv4-list nat permit pool nat-pppoe-1
$
$

4、装备授权模板
这个相较早年来说,简化许多了
subscriber-manage
authorization-template 101
authorization-type mix-radius
bind nat-domain-name nat-pppoe //这儿面直接绑定域了,早年是要绑定nat-domain的
nat-type inside //指明nat类型,要设置为inside
user-priority-input 0
l2tp tunnel-client-endpoint ip x.y.174.142 //这个要依据BAS的loopback地址来改
//在授权模板里边还能够对用户进行手艺限速,一般一般拨号的不必这么做,由radisu限速,只需经过dhcp接入的才进行手艺限速
sub-car-input ipv4 cir 10240 cbs 512
sub-car-output ipv4 cir 10240 cbs 512

5、树立域
subscriber-manage
domain nat-pppoe
bind accounting-template 1
bind authentication-template 1
bind authorization-template 101

6、树立vbui接口地址池
interface vbui2
ip-pool pool-name nat-pppoe-pool-1 pool-id 2
access-domain nat-pppoe
access-domain NAT-PPPOE
access-domain dhcp
pppoe-dns-server 202.103.224.68
pppoe-dns-server 202.103.225.68 second
portrange-poolname nat-pppoe-1 //留心这个要指定之前cgn树立的pool,16X是指定称谓,而M6000是指定ID
member 1
start-ip 100.64.0.2 end-ip 100.64.15.255
$
member 2
start-ip 100.64.16.0 end-ip 100.64.31.255
$
member 3
start-ip 100.64.32.0 end-ip 100.64.47.255
$
member 4
start-ip 100.64.48.0 end-ip 100.64.63.255
$
member 5
start-ip 100.64.64.0 end-ip 100.64.79.255
$
member 6
start-ip 100.64.80.0 end-ip 100.64.95.254
$
member 7
start-ip 100.64.96.0 end-ip 100.64.111.254
$
$
ip-pool pool-name nat-pppoe-pool-2 pool-id 4
access-domain nat-pppoe
access-domain NAT-PPPOE
pppoe-dns-server 202.103.224.68
pppoe-dns-server 202.103.225.68 second
portrange-poolname nat-pppoe-1
member 1
start-ip 100.64.112.0 end-ip 100.64.127.254
$
member 2
start-ip 100.64.128.0 end-ip 100.64.143.254
$
member 3
start-ip 100.64.144.0 end-ip 100.64.159.254
$
$
$

上一篇:中兴2826e沟通机根柢装备指令大全

下一篇:数字信号的载波传送及按捺回传通道噪声的办法

相关推荐

最新更新

推荐阅读

猜你喜欢

电工推荐

    电工技术基础_电工基础知识_电工之家-电工学习网
返回顶部