内容发布更新时间 : 2024/5/23 13:58:14星期一 下面是文章的全部内容请认真阅读。
宁波移动ME60 NAT业务配置脚本
VSU单板槽位:slot 7、slot 8
VSU单板型号:VSUF-80 负载分担
user-group pppoe-nat-1 user-group pppoe-nat-2
license
active nat session-table size 12 slot 7 engine 0 active nat session-table size 12 slot 8 engine 0 quit
service-location 1
location slot 7 engine 0 backup slot 8 engine 0 quit
service-location 2
location slot 8 engine 0 backup slot 7 engine 0 quit
service-instance-group nat444-1 service-location 1 quit
service-instance-group nat444-2 service-location 2 quit
acl number 3001
description Anti-virus
rule 5 permit tcp destination-port eq 135 rule 10 permit udp destination-port eq 135 rule 15 permit tcp destination-port eq 139
rule 20 permit udp destination-port eq netbios-ssn rule 25 permit tcp destination-port eq 445 rule 30 permit udp destination-port eq 445 rule 35 permit tcp destination-port eq 593 rule 40 permit udp destination-port eq 593 rule 45 permit tcp destination-port eq 136 rule 50 permit udp destination-port eq 136 rule 55 permit tcp destination-port eq 137
rule 60 permit udp destination-port eq netbios-ns rule 65 permit tcp destination-port eq 138
rule 70 permit udp destination-port eq netbios-dgm
rule 75 permit tcp destination-port eq 389 rule 80 permit udp destination-port eq 389 quit
acl number 3100
description To_PPPOE_NAT
rule 5 permit ip source 10.156.160.0 0.0.31.255 rule 10 permit ip source 10.156.192.0 0.0.31.255 quit
nat instance nat444-1 id 1 port-range 4096
service-instance-group nat444-1
nat address-group addressgroup1 group-id 1 section 0 223.95.220.0 mask 22 section 1 39.186.78.0 mask 23
nat outbound 3100 address-group addressgroup1 nat log session enable
nat session-log host 211.140.25.228 2055 source 221.131.204.229 2055 nat alg all
undo nat alg sip
nat filter mode full-cone y quit
nat instance nat444-2 id 2 port-range 4096
service-instance-group nat444-2
nat address-group addressgroup1 group-id 1
section 0 39.186.68.0 mask 22
nat outbound 3100 address-group addressgroup1 nat log session enable
nat session-log host 211.140.25.228 2055 source 221.131.204.229 2055 nat alg all
undo nat alg sip
nat filter mode full-cone y quit
acl number 6800
description To_PPPOE-NAT-1
rule 5 permit ip source user-group pppoe-nat-1 #
acl number 6801
description To_PPPOE-NAT-2
rule 5 permit ip source user-group pppoe-nat-2 #
traffic classifier pppoe-nat-1 operator or if-match acl 6800
traffic classifier pppoe-nat-2 operator or if-match acl 6801
traffic classifier Anti-virus operator or if-match acl 3001 #
traffic behavior nat-pppoe-1 nat bind instance nat444-1 traffic behavior nat-pppoe-2 nat bind instance nat444-2 traffic behavior Anti-virus deny #
traffic policy Anti-virus share-mode statistics enable
classifier pppoe-nat-1 behavior nat-pppoe-1 classifier pppoe-nat-2 behavior nat-pppoe-2 classifier Anti-virus behavior Anti-virus
ip pool pppoe_nat_1 bas local
gateway 10.156.160.1 255.255.224.0 section 0 10.156.160.2 10.156.191.254
dns-server 211.140.13.188 211.140.188.188 undo warning-threshold
ip pool pppoe_nat_2 bas local
gateway 10.156.192.1 255.255.224.0 section 0 10.156.192.2 10.156.223.254
dns-server 211.140.13.188 211.140.188.188 undo warning-threshold aaa
domain pppoe_nat
authentication-scheme radius accounting-scheme radius ip-pool pppoe_nat_1