h3c防火墙如何设置adsl

2016-12-02

想要用h3c防火墙去设置adsl,该怎么办呢?下面由小编给你做出详细的h3c防火墙设置adsl方法介绍!希望对你有帮助!

h3c防火墙设置adsl方法一:

1. firewall packet-filter default permit 更改默认包过滤规则为允许

2.就是你的d0端口下的配置问题。是否正确如下

interface Dialer1

link-protocol ppp

ppp pap local-user ADSL用户名password simple密码

mtu 1492

tcp mss 1200

ip address ppp-negotiate

dialer user mypppoe

dialer-group 1

dialer bundle 1

nat outbound 3100

3.物理端口绑定错误。如下:

#

interface Ethernet0/4

pppoe-client dial-bundle-number 1

4.d0口要加入到安全域里。我估计你是这个问题。

#

firewall zone untrust

add interface Ethernet0/4

add interface Dialer0

h3c防火墙设置adsl方法二:

首先创建一个拨号连接接口、封装一下协议、然后设置用户名和密码,如下:

拨号连接接口为dialer1,拨号的用户名为:uesr1,密码为:abc123.

interface Dialer1

link-protocol ppp

ppp chap user user1

ppp chap password cipher abc123

ppp pap local-user user1 password cipher abc123

ip address ppp-negotiate

dialer user user1

dialer-group 1

dialer bundle 1

然后把拨号连接口应用在路由器的外网端口上面:

interface GigabitEthernet0/1

pppoe-client dial-bundle-number 1

然后写一条默认路由指向拨号连接口出去:

ip route-static 0.0.0.0 0.0.0.0 Dialer1

h3c防火墙设置adsl方法三:

#

sysname H3C

#

ike local-name NO_3

#

firewall packet-filter enable

firewall packet-filter default permit

#

insulate

#

dialer-rule 1 ip permit

#

firewall statistic system enable

#

radius scheme system

server-type extended

#

domain system

#

local-user admin

password simple admin

service-type telnet

level 3

#

ike peer 1

exchange-mode aggressive

pre-shared-key h3c123

id-type name

remote-name CENTER

remote-address X.X.X.X

nat traversal

#

ipsec proposal 1

#

ipsec policy vpn 1 isakmp

security acl 3000

ike-peer 1

proposal 1

#

acl number 3000

rule 0 permit ip source 172.16.0.0 0.0.255.255 destination 192.168.0.0 0.0.255.255

acl number 3100

rule 0 deny ip source 172.16.3.0 0.0.0.255 destination 192.168.0.0 0.0.0.255

rule 10 permit ip source 172.16.3.0 0.0.0.255

#

interface Aux0

async mode flow

#

interface Dialer1

link-protocol ppp

ppp pap local-user 宽带账号 password simple 宽带密码

mtu 1492

tcp mss 1024

ip address ppp-negotiate

dialer user mypppoe

dialer user 1

dialer-group 1

dialer bundle 1

nat outbound 3100

ipsec policy vpn

#

interface Ethernet0/0

ip address 172.16.3.254 255.255.255.0

#

interface Ethernet0/1

#

interface Ethernet0/2

#

interface Ethernet0/3

#

interface Ethernet0/4

pppoe-client dial-bundle-number 1

#

interface Encrypt1/0

#

interface NULL0

#

firewall zone local

set priority 100

#

firewall zone trust

add interface Ethernet0/0

add interface Ethernet0/1

add interface Ethernet0/2

add interface Ethernet0/3

set priority 85

#

firewall zone untrust

add interface Ethernet0/4

add interface Dialer1

set priority 5

#

firewall zone DMZ

set priority 50

#

firewall interzone local trust

#

firewall interzone local untrust

#

firewall interzone local DMZ

#

firewall interzone trust untrust

#

firewall interzone trust DMZ

#

firewall interzone DMZ untrust

#

FTP server enable

#

ip route-static 0.0.0.0 0.0.0.0 Dialer 1 preference 60

#

user-interface con 0

user-interface aux 0

user-interface vty 0 4

authentication-mode scheme

#

return

我的H3C F100-C,配置ADSL后,一直不能联网,请各位高手给看看

DIS INTER DIALER后的结果如下

Dialer1 current state :DOWN

Line protocol current state :DOWN

Description : Dialer1 Interface

The Maximum Transmit Unit is 1492, Hold timer is 10(sec)

Internet protocol processing : disabled

Link layer protocol is PPP

LCP initial

Physical is Dialer, baudrate: 100000000 bps

Output queue : (Urgent queuing : Size/Length/Discards) 0/50/0

Output queue : (Protocol queuing : Size/Length/Discards) 0/500/0

Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0

Last 300 seconds input: 0 bytes/sec 0 packets/sec

Last 300 seconds output: 0 bytes/sec 0 packets/sec

0 packets input, 0 bytes, 0 drops

0 packets output, 0 bytes, 0 drops

更多相关阅读

最新发布的文章