华为USG防火墙配置实例脚本-PPPOE
华为USG防火墙配置实例脚本-PPPOE
PPPOE分两部分:
PPPOE-Server(例如ADSL局端)和PPPoE Client(ADSL拨号上网。客户端) PPPOE-Server:
G0/0接WAN、G0/1接局域网。客户端通过PPPOE拨号拿IP上网。
公网IP 129.7.66.2/24、网关129.7.66.1,局域网拨到拿1.1.1.2/8-100的IP 典型应用:小区宽带、酒店等。
============================
firewall mode route
interface GigabitEthernet 0/0
ip address 129.7.66.2 24
ip route-static 0.0.0.0 0.0.0.0 129.7.66.1
firewall zone trust
add interface GigabitEthernet 0/1
firewall zone untrust
add interface GigabitEthernet 0/0
firewall packet-filter default permit all
#------------------------------------
interface Virtual-Template 1
ppp authentication-mode pap
ip address 1.1.1.1 255.0.0.0
remote address pool 1
firewall zone trust
add interface Virtual-Template 1
interface GigabitEthernet 0/1
pppoe-server bind Virtual-Template 1
#------------------------------------
aaa
local-user usg3000 password simple usg3000
ip pool 1 1.1.1.2 1.1.1.100
#-----------------------------------
acl 2001
rule 0 permit source 1.1.1.0 0.255.255.255
firewall interzone trust untrust
nat outbound 2001
=============================
PPPOE-Client
防火墙G0/0上接ADSL MODEM、局域网G0/1用IP192.168.1.1/24做网关。 防火墙自动拨号。上网。用户名1234密码123
========================================================================== firewall zone trust
add interface GigabitEthernet 0/1
firewall zone untrust
add interface GigabitEthernet 0/0
firewall packet-filter default permit all
interface GigabitEthernet 0/1
ip address 192.168.1.0 24
#-----------------------------------------
interface Dialer 1
link-protocol ppp
ppp pap local-user 123 password simple 123
ip address ppp-negotiate
dialer user usg3000
dialer bundle 1
firewall zone untrust
add interface Dialer 1
#-----------------------------------------
interface GigabitEthernet 0/0
pppoe-client dial-bundle-number 1
ip route-static 0.0.0.0 0.0.0.0 dialer1
#---------------------------------------
acl 2001
rule 0 permit source 192.168.1.0 0.0.0.255
firewall interzone trust untrust
nat outbound 2001