St ep Co m m an d Rem ark s
(1) Enter system view.
syst em- view Available in user view.
(2) Set the device name.
sysname
sysname
By default, the device name is H3C.
(3) Enable the Telnet
server.
telnet server enable
By default, the Telnet server is disabled.
(4) Enter Ethernet
interface view.
interface
interface-type
interface-number
N/A
(5) Assign an IP address
ip address
ip-address
{ mask-length
|
mask } [ ]
By default, GigabitEthernet 0/0 has an
IP address 192.168.0.1/24.
to the interface.
sub
(6) Configure dynamic
NAT.
Configure an address pool:
nat address-group
group-number
start-address end-address [ level
level ]
Available in system view.
Configure No-PAT by associating an
ACL with an IP address pool on the
outbound interface for translating only
IP addresses:
nat outbound
[ acl-number
]
[
address-group
group-number
[
vpn-instance
vpn-instance-name
]
[
no-pat
] ] [ track vrrp
virtual-router-id
]
Available in interface view.
(7) Configure a security
zone on the default
virtual device (VD).
Enter security zone view:
zone name
zone-name
[
id
zone-id
]
Available in system view.
By default, the default VD has five
security zones: Management (ID = 0),
Local (ID = 1), Trust (ID = 2), DMZ (ID =
3), and Untrust (ID = 4).
Add an interface to the security zone:
import interface
interface-type
interface-number
[ vlan
vlan-list
]
Available in security zone view.
By default, only GigabitEthernet 0/0 is
added to the security zone
Management.
(8) Save the running
configuration to the
configuration file.
save
[
saf ely
]
Available in any view.
You can specify the file as the
configuration file for the next startup.
(9) Display the running
configuration.
display current-configuration
Available in any view.
操作 命令 说明
进入系统视图 system-view
该命令在用户视图下执行
配置防火墙名称 sysname
sysname
该命令在系统视图下执行
可根据据需要修改设备名称
况下 H3C
开启防火墙的Telnet
服务,
telnet server enable
该命令在系统视图下执行
缺省情况下
进入以太网接口视图
interface
interface-type
interface-number
该命令在系统视图下执行
配置接口的IP地址
ip address
ip-address { mask-length |
mask } [
sub
]
该命令在接口视图下执行
缺省情况下 GigabitEthernet 0/0接
口的IP地址为192.168.0.1/24,
接口未配置IP地址
配置NAT动态转换
nat address-group
group-number
start-address end-address [
level
level ]
该命令在系统视图下执行
定义一个地址池
nat outbound
[ acl-number ]
[
address-group
group-number
[
vpn-instance
vpn-instance-name ]
[
no-pat
] ] [
track vrrp
virtual-router-id ]
该命令在接口视图下执行
在出接口配置访问控制列表和地址池
关联 NO-PAT
配置缺省虚拟设备
的安全域
进入安全域视图
zone
name
zone-name [
id
zone-id ]
该命令在系统视图下执行
缺省情况下 VD中存在5个缺省安
全域 Management(0)、Local
(1)、Trust(2)、DMZ
(3)Untrust(4)
将接口加入到安全域
import
interface
interface-type
interface-number [
vlan
vlan-list ]
该命令在安全域视图下执行
缺省情况下 GigabitEthernet 0/0接
口已加入Management安全域
接口未加入到安全域
保存当前配置 save
[
safely
]
该命令可在任意视图下执行
可以同时设置下次启动的配置文件
显示当前配置 display current-configuration
该命令可在任意视图下执行
(82 paginas)
(20 paginas)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales