Web Configuration Guide (V100R001C01 - 01) PDF

HUAWEI EGW2100 V100R001C01
Web Configuration Guide
Issue Date
01 2010-02-20
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.
Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and service. For any assistance, please contact our local office or company headquarters.
Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China http://www.huawei.com support@huawei.com
Website: Email:
Copyright Huawei Technologies Co., Ltd. 2010. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions

and other Huawei trademarks are the property of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied. The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but the statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied.
HUAWEI EGW2100 Web Configuration Guide
Contents
Contents
About This Document.....................................................................................................................1 1 Configuration Example of Logging in to Web.....................................................................1-1 2 Configuration Example of Quick Config..............................................................................2-1 3 Configuration Example of the Basic Operation...................................................................3-1 4 Configuration Example of the Internetworking..................................................................4-1
4.1 Configuration Example of ADSL by Using PPPoE........................................................................................4-2 4.2 Configuration Example of SHDSL.................................................................................................................4-7 4.3 Configuration Example of DHCP Server......................................................................................................4-10 4.4 Configuration Example of RIP......................................................................................................................4-15 4.5 Configuration Example of OSPF..................................................................................................................4-18 4.6 Configuration Example of the 3G Interface for Dial-on-Demand................................................................4-21 4.7 Configuration Example of the 3G Interface for Automatic Dialup...............................................................4-30 4.8 Configuration Example of a WLAN (Crypto Service Class)........................................................................4-36 4.9 Configuration Example of a WLAN (Plain Service Class)...........................................................................4-40 4.10 Configuration Example of a WLAN (802.1X)............................................................................................4-43
5 Configuration Example of the ACL........................................................................................5-1 6 Configuration Example of NAT..............................................................................................6-1 7 Configuration Example of the Dual-System Hot Backup in Routing Mode..................7-1 8 Configuration Example of the VPN........................................................................................8-1
8.1 Configuration Example of GRE......................................................................................................................8-2 8.2 Configuration Example of L2TP IPSec..........................................................................................................8-6
A Acronyms and Abbreviations................................................................................................A-1
Issue 01 (2010-02-20)
Figures
Figures
Figure 1-1 Networking diagram for logging in....................................................................................................1-1 Figure 1-2 Login page..........................................................................................................................................1-1 Figure 2-1 Networking diagram for the web-manager function..........................................................................2-1 Figure 2-2 Configuring the ADSL.......................................................................................................................2-2 Figure 2-3 Configuring the 3G.............................................................................................................................2-3 Figure 2-4 Configuring the LAN..........................................................................................................................2-3 Figure 2-5 Configuring the WLAN......................................................................................................................2-3 Figure 2-6 Saving the configuration.....................................................................................................................2-4 Figure 3-1 Configuring the VLAN.......................................................................................................................3-1 Figure 3-2 Creating interface Dialer 0..................................................................................................................3-2 Figure 3-3 Configuring interface Ethernet0/0/0...................................................................................................3-2 Figure 3-4 Creating ACL 3001............................................................................................................................3-2 Figure 3-5 Configuring a rule...............................................................................................................................3-3 Figure 3-6 Configuring the interzone packet filtering rule..................................................................................3-3 Figure 3-7 Saving the configuration.....................................................................................................................3-4 Figure 4-1 Networking of the ADSL configuration example..............................................................................4-2 Figure 4-2 Configuring the ADSL interface........................................................................................................4-2 Figure 4-3 Configuring the PVC..........................................................................................................................4-3 Figure 4-4 Obtaining the IP address in PPP negotiation mode............................................................................4-3 Figure 4-5 Configuring the PPP user on the Dialer interface...............................................................................4-4 Figure 4-6 Configuring the Dialer interface.........................................................................................................4-4 Figure 4-7 Configuring the packet filtering rule between the Trust security zone and the Untrust security zone ...............................................................................................................................................................................4-4 Figure 4-8 Configuring the static route................................................................................................................4-5 Figure 4-9 Configuring the NAT..........................................................................................................................4-5 Figure 4-10 Enabling the DHCP function............................................................................................................4-6 Figure 4-11 Configuring the processing mode for DHCP packets on the interface.............................................4-6 Figure 4-12 Enabling the DNS proxy...................................................................................................................4-6 Figure 4-13 Configuring the DNS server address................................................................................................4-7 Figure 4-14 Saving the configuration...................................................................................................................4-7 Figure 4-15 Networking of the ADSL configuration example............................................................................4-8 Figure 4-16 Basic configuration of the SHDSL interface....................................................................................4-8 Figure 4-17 Configuring the SHDSL interface....................................................................................................4-9 Issue 01 (2010-02-20) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. iii
Figures
HUAWEI EGW2100 Web Configuration Guide Figure 4-18 Configuring the packet filtering rule between the Trust security zone and the Untrust security zone ...............................................................................................................................................................................4-9 Figure 4-19 Configuring the static route..............................................................................................................4-9 Figure 4-20 Saving the configuration.................................................................................................................4-10 Figure 4-21 Networking for configuring the DHCP client................................................................................4-11
Figure 4-22 Setting the Vlanif20 interface process mode of DHCP packets.....................................................4-12 Figure 4-23 Setting the Vlanif10 interface process mode of DHCP packets.....................................................4-12 Figure 4-24 Configuring the forbidden IP addresses.........................................................................................4-13 Figure 4-25 Configuring the forbidden IP addresses.........................................................................................4-13 Figure 4-26 Configuring the forbidden IP addresses.........................................................................................4-13 Figure 4-27 Configuring the forbidden IP addresses.........................................................................................4-13 Figure 4-28 Configuring attributes of DHCP address pool 1 ............................................................................4-14 Figure 4-29 Configuring attributes of DHCP address pool 2.............................................................................4-14 Figure 4-30 Saving the configuration.................................................................................................................4-15 Figure 4-31 Networking of the RIP configuration example...............................................................................4-16 Figure 4-32 Configuring the packet receiving and packet sending functions....................................................4-17 Figure 4-33 Enabling the RIP function..............................................................................................................4-17 Figure 4-34 Configuring the IP address of the RIP network segment...............................................................4-17 Figure 4-35 Enabling RIP on the Specified Network Segment..........................................................................4-18 Figure 4-36 Saving the configuration.................................................................................................................4-18 Figure 4-37 Networking diagram of OSPF configurations................................................................................4-19 Figure 4-38 Configuring process 100.................................................................................................................4-20 Figure 4-39 Configuring area 0..........................................................................................................................4-20 Figure 4-40 Configuring area 1..........................................................................................................................4-21 Figure 4-41 Saving the configuration.................................................................................................................4-21 Figure 4-42 Networking diagram of dial-on-demand through the Dialer interface...........................................4-22 Figure 4-43 Configuring the Modem.................................................................................................................4-22 Figure 4-44 Configuring the dialer rule.............................................................................................................4-22 Figure 4-45 Creating interface Dialer 0..............................................................................................................4-23 Figure 4-46 Adding the Dialer0 interface to the Untrust zone...........................................................................4-23 Figure 4-47 Obtaining the IP address in PPP negotiation mode........................................................................4-23 Figure 4-48 Configuring the PPP user on the Dialer0 interface.........................................................................4-24 Figure 4-49 Configuring circular DCC..............................................................................................................4-24 Figure 4-50 Configuring the PPP user on the Cellular interface........................................................................4-25 Figure 4-51 Adding the Cellular interface to the Dialer circular group.............................................................4-25 Figure 4-52 Configuring the operator................................................................................................................4-25 Figure 4-53 Configuring Ethernet 0/0/0 interface..............................................................................................4-26 Figure 4-54 Creating ACL 3001........................................................................................................................4-26 Figure 4-55 Configuring a rule...........................................................................................................................4-27 Figure 4-56 Configuring the NAT......................................................................................................................4-27 Figure 4-57 Configuring the interzone packet filtering rule..............................................................................4-28 Figure 4-58 Configuring the static route............................................................................................................4-28 Figure 4-59 Enabling the DHCP function..........................................................................................................4-28 iv Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 01 (2010-02-20)
Figures
Figure 4-60 Configuring the processing mode for DHCP packets on the interface...........................................4-29 Figure 4-61 Enabling the DNS proxy.................................................................................................................4-29 Figure 4-62 Configuring the DNS server address..............................................................................................4-29 Figure 4-63 Saving the configuration.................................................................................................................4-29 Figure 4-64 Networking diagram of automatic dialup through the Dialer interface..........................................4-30 Figure 4-65 Configuring the Modem.................................................................................................................4-30 Figure 4-66 Configuring the dialer rule.............................................................................................................4-31 Figure 4-67 Adding Cellular5/0/0 interface to the Untrust zone........................................................................4-31 Figure 4-68 Obtaining the IP address in PPP negotiation mode........................................................................4-31 Figure 4-69 Configuring the PPP user...............................................................................................................4-32 Figure 4-70 Configuring circular DCC..............................................................................................................4-32 Figure 4-71 Configuring the Ethernet 0/0/0 interface........................................................................................4-33 Figure 4-72 Creating ACL 3001........................................................................................................................4-33 Figure 4-73 Configuring a rule...........................................................................................................................4-34 Figure 4-74 Configuring the NAT......................................................................................................................4-34 Figure 4-75 Configuring the interzone packet filtering rule..............................................................................4-35 Figure 4-76 Configuring the static route............................................................................................................4-35 Figure 4-77 Enabling the DHCP function..........................................................................................................4-35 Figure 4-78 Configuring the processing mode for DHCP packets on the interface...........................................4-36 Figure 4-79 Enabling the DNS proxy.................................................................................................................4-36 Figure 4-80 Saving the configuration.................................................................................................................4-36 Figure 4-81 Networking diagram of configuring a WLAN (Crypto service class)...........................................4-37 Figure 4-82 Creating a Service Class.................................................................................................................4-37 Figure 4-83 Configuring the crypto service class...............................................................................................4-38 Figure 4-84 Creating the WLAN-BSS interface................................................................................................4-38 Figure 4-85 Configuring interface Wlan-Bss2...................................................................................................4-39 Figure 4-86 Configuring the interzone packet filtering rule..............................................................................4-39 Figure 4-87 Configuring the NAT......................................................................................................................4-39 Figure 4-88 Configuring the static route............................................................................................................4-40 Figure 4-89 Saving the configuration.................................................................................................................4-40 Figure 4-90 Networking diagram of configuring a WLAN (Plain service class)..............................................4-41 Figure 4-91 Enabling the DHCP function..........................................................................................................4-41 Figure 4-92 Configuring the processing mode for DHCP packets on the interface...........................................4-42 Figure 4-93 Configuring the plain service class.................................................................................................4-42 Figure 4-94 Configuring interface Wlan-Bss0...................................................................................................4-43 Figure 4-95 Saving the configuration.................................................................................................................4-43 Figure 4-96 Networking diagram of configuring a WLAN (802.1X)................................................................4-44 Figure 4-97 Creating a Service Class.................................................................................................................4-44 Figure 4-98 Configuring the crypto service class...............................................................................................4-45 Figure 4-99 Creating 802.1X domain abc..........................................................................................................4-45 Figure 4-100 Creating the WLAN-BSS interface..............................................................................................4-45 Figure 4-101 Configuring interface Wlan-Bss2.................................................................................................4-46 Issue 01 (2010-02-20) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. v
Figures
HUAWEI EGW2100 Web Configuration Guide Figure 4-102 Configuring the RADIUS template..............................................................................................4-46
Figure 4-103 Configuring the RADIUS authentication server...........................................................................4-47 Figure 4-104 Configuring the RADIUS authentication scheme........................................................................4-47 Figure 4-105 Configuring the domain................................................................................................................4-47 Figure 4-106 Configuring the AAA domain policy...........................................................................................4-48 Figure 4-107 Saving the configuration...............................................................................................................4-48 Figure 5-1 Networking of the ACL configuration example.................................................................................5-2 Figure 5-2 Creating VLAN 5............................................................................................................................... 5-2 Figure 5-3 Creating Vlanif 5................................................................................................................................5-2 Figure 5-4 Setting basic parameters of the Vlanif 5 interface .............................................................................5-3 Figure 5-5 Configuring interface Ethernet0/0/0...................................................................................................5-3 Figure 5-6 Configuring the static route................................................................................................................5-4 Figure 5-7 Configuring ACL rule 1..................................................................................................................... 5-4 Figure 5-8 Configuring ACL rule 2..................................................................................................................... 5-5 Figure 5-9 Configuring ACL rule 3..................................................................................................................... 5-6 Figure 5-10 Configuring packet filtering rule 1...................................................................................................5-6 Figure 5-11 Configuring interzone ASPF............................................................................................................5-7 Figure 5-12 Configuring ACL rule 4................................................................................................................... 5-7 Figure 5-13 Configuring ACL rule 5................................................................................................................... 5-8 Figure 5-14 Configuring packet filtering rule 2...................................................................................................5-8 Figure 5-15 Saving the configuration...................................................................................................................5-9 Figure 6-1 Networking of a NAT configuration example....................................................................................6-1 Figure 6-2 Configuring the advanced ACL rule 0................................................................................................6-2 Figure 6-3 Configuring advanced ACL rule 5 .................................................................................................... 6-3 Figure 6-4 Configuring the packet filtering rule between the DMZ security zone and the Untrust security zone ...............................................................................................................................................................................6-3 Figure 6-5 Configuring the ASPF between the DMZ security zone and the Untrust security zone....................6-4 Figure 6-6 Configuring the address mapping of the WWW server......................................................................6-4 Figure 6-7 Configuring the address mapping of the FTP server..........................................................................6-4 Figure 6-8 Saving the configuration.....................................................................................................................6-5 Figure 7-1 Networking of the dual-system hot backup in routing mode ............................................................ 7-2 Figure 7-2 Configuring VRRP backup group 1................................................................................................... 7-2 Figure 7-3 Configuring VRRP backup group 2................................................................................................... 7-3 Figure 7-4 Configuring VRRP backup group 3................................................................................................... 7-3 Figure 7-5 Configuring VGMP............................................................................................................................7-4 Figure 7-6 HRP two-node cluster hot backup in routing mode........................................................................... 7-4 Figure 7-7 Saving the configuration.....................................................................................................................7-5 Figure 8-1 GRE tunnel using static routes........................................................................................................... 8-2 Figure 8-2 Creating an interface named Tunnel1.................................................................................................8-2 Figure 8-3 Configuring the tunnel1 interface.......................................................................................................8-3 Figure 8-4 Configuring the static route................................................................................................................8-3 Figure 8-5 Configuring the static route................................................................................................................8-4 Figure 8-6 Creating an interface named Tunnel1.................................................................................................8-4 vi Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 01 (2010-02-20)
Figures
Figure 8-7 Configuring the tunnel1 interface.......................................................................................................8-5 Figure 8-8 Configuring the static route................................................................................................................8-5 Figure 8-9 Configuring the static route................................................................................................................8-6 Figure 8-10 Networking diagram of L2TP IPSec................................................................................................8-7 Figure 8-11 Configuring the Virtual-Template1 interface...................................................................................8-8 Figure 8-12 Configuring PPP...............................................................................................................................8-8 Figure 8-13 Disabling the fast forwarding function.............................................................................................8-9 Figure 8-14 Configuring the local user................................................................................................................8-9 Figure 8-15 Configuring the IP pool....................................................................................................................8-9 Figure 8-16 Configuring the L2TP-group..........................................................................................................8-10 Figure 8-17 Configuring the IKE proposal........................................................................................................8-10 Figure 8-18 Configuring the IKE peer...............................................................................................................8-11 Figure 8-19 Configuring the IPSec proposal......................................................................................................8-11 Figure 8-20 Configuring the IPSec policy template...........................................................................................8-12 Figure 8-21 Configuring the IPSec policy.........................................................................................................8-12 Figure 8-22 Applying the policy........................................................................................................................8-12 Figure 8-23 Saving the configuration.................................................................................................................8-13
Issue 01 (2010-02-20)
vii
About This Document
About This Document

Purpose
This document provides the methods for configuring the functions of the EGW2100.
Product Version
The following table lists the product versions related to this document. Product Name HUAWEI EGW2100 Version V100R001C01
Intended Audience
This document is intended for:
l l l l l
Technical support engineer Maintenance engineer Network engineer Network administrator Network maintenance engineer
Organization
This document is organized as follows. Chapter 1 Configuration Example of Logging in to Web 2 Configuration Example of Quick Config
Issue 01 (2010-02-20)
Description This chapter describes the configuration of logging in to web. This chapter describes the configuration of quick config.
About This Document
Chapter 3 Configuration Example of the Basic Operation 4 Configuration Example of the Internetworking 5 Configuration Example of the ACL 6 Configuration Example of NAT 7 Configuration Example of the Dual-System Hot Backup in Routing Mode 8 Configuration Example of the VPN A Acronyms and Abbreviations
Description This chapter describes the configuration of the basic operation. This chapter describes the internetworking configuration of the EGW2100. This chapter describes the configuration of the ACL. This chapter describes the configuration of the NAT. This chapter describes the configuration of the dual-system hot backup in routing mode. This chapter describes the configuration of the VPN. This chapter describes the abbreviations in this document.
Conventions
Symbol Conventions
The symbols that may be found in this document are defined as follows. Symbol Description
DANGER
Indicates a hazard with a high level of risk, which, if not avoided, could result in death or serious injury. Indicates a hazard with a medium or low level of risk, which, if not avoided, could result in minor or moderate injury. Indicates a potentially hazardous situation, which if not avoided, could result in equipment damage, data loss, performance degradation, or unexpected results. Indicates a tip that may help you solve a problem or save time. Provides additional information to emphasize or supplement important points of the main text.
WARNING
CAUTION
TIP
NOTE
Issue 01 (2010-02-20)
About This Document
General Conventions
The general conventions that may be found in this document are defined as follows. Convention Times New Roman Boldface Italic Courier New Description Normal paragraphs are in Times New Roman. Names of files, directories, folders, and users are in boldface. For example, log in as user root. Book titles are in italics. Examples of information displayed on the screen are in Courier New.
Command Conventions
The command conventions that may be found in this document are defined as follows. Convention Boldface Italic [] { x | y | ... } [ x | y | ... ] { x | y | ... }* Description The keywords of a command line are in boldface. Command arguments are in italics. Items (keywords or arguments) in brackets [ ] are optional. Optional items are grouped in braces and separated by vertical bars. One item is selected. Optional items are grouped in brackets and separated by vertical bars. One item is selected or no item is selected. Optional items are grouped in braces and separated by vertical bars. A minimum of one item or a maximum of all items can be selected. Optional items are grouped in brackets and separated by vertical bars. Several items or no item can be selected.
[ x | y | ... ]*
GUI Conventions
The GUI conventions that may be found in this document are defined as follows. Convention Boldface > Description Buttons, menus, parameters, tabs, windows, and dialog titles are in boldface. For example, click OK. Multi-level menus are in boldface and separated by the ">" sign. For example, choose File > Create > Folder.
Issue 01 (2010-02-20)
About This Document
Keyboard Operations
The keyboard operations that may be found in this document are defined as follows. Format Key Key 1+Key 2 Key 1, Key 2 Description Press the key. For example, press Enter and press Tab. Press the keys concurrently. For example, pressing Ctrl+Alt +A means the three keys should be pressed concurrently. Press the keys in turn. For example, pressing Alt, A means the two keys should be pressed in turn.
Mouse Operations
The mouse operations that may be found in this document are defined as follows. Action Click Double-click Drag Description Select and release the primary mouse button without moving the pointer. Press the primary mouse button twice continuously and quickly without moving the pointer. Press and hold the primary mouse button and move the pointer to a certain position.
Update History
Updates between document issues are cumulative. Therefore, the latest document issue contains all updates made in previous issues.
Updates in Issue 01 (2010-02-20)

Initial commercial release.
Issue 01 (2010-02-20)
1 Configuration Example of Logging in to Web
Configuration Example of Logging in to Web
Networking Requirements
As shown in Figure 1-1, the PC is connected to Ethernet1/0/0 of the EGW2100. You can control and manage the EGW2100 by accessing its IP address 192.168.0.1 through the Web browser on the PC. Figure 1-1 Networking diagram for logging in
Ethernet1/0/0 Vlanif1 192.168.0.1/24
PC 192.168.0.2/24
EGW
Procedure
Step 1 The PC is connected to Ethernet1/0/0 of the EGW2100. Step 2 Configure the IP address of the PC. The configuration details are not mentioned here. Step 3 Access the EGW2100 through the Web browser of the PC. Input http://192.168.0.1 in the Internet Explorer to enter the Web login page. Figure 1-2 shows the login page. Figure 1-2 Login page
Issue 01 (2010-02-20)
1-1
1 Configuration Example of Logging in to Web
Step 4 Input username admin and password Admin@123. The configuration interface is shown. ----End
1-2
Issue 01 (2010-02-20)
2 Configuration Example of Quick Config
Configuration Example of Quick Config
As shown in Figure 2-1, the EGW2100 connects to a LAN through WLAN and LAN users access the Internet through the ADSL and 3G. The ADSL is the master link, otherwise, the 3G is the backup link. Figure 2-1 Networking diagram for the web-manager function
PC
ADSL WLAN 192.168.0.0/24 3G
PC
Data Preparation
Item ADSL PVC User Name Password 3G User Name Password Dialer Number Access point name EGW2100 0/33 adsl password internet password *99# APN Station -
Issue 01 (2010-02-20)
2-1
Item WLAN Access Mode SSID Key Value
EGW2100 encrypted (WPA/WPA2PSK mixed) WLAN100 abcdef123
Station encrypted (WPA/WPA2PSK mixed) WLAN100 abcdef123
NOTE
Obtain the parameters for ADSL or 3G dial-up, such as the user name and password from the operator or network administrator.
Procedure
Step 1 Configure the Internet access. 1. 2. Choose Quick Config > Internet Access. The Internet Access page is displayed. In the ADSL Configuration group box, Figure 2-2 shows the parameter setting. Figure 2-2 Configuring the ADSL
3. 4. 5.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click Refresh, ADSL IP disconnected (as shown in Figure 2-2) turns to the obtained IP address. This indicates the ADSL connection succeeds. In the 3G configuration group box, Figure 2-3 shows the parameter setting.
2-2
Issue 01 (2010-02-20)
Figure 2-3 Configuring the 3G
6. 7.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click Refresh, 3G IP (as shown in Figure 2-3) turns to the obtained IP address. This indicates the 3G connection succeeds.
Step 2 Configure the LAN and WLAN. 1. 2. Choose Quick Config > LAN/WLAN. The LAN/WLAN page is displayed. In the LAN configuration group box, Figure 2-4 shows the parameter setting. Figure 2-4 Configuring the LAN
3. 4.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. In the WLAN configuration group box, Figure 2-5 shows the parameter setting. Figure 2-5 Configuring the WLAN
5.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration.
Step 3 Save the configuration. 1. Click Save on the upper right of the page to save the configuration. Figure 2-6 shows the parameter setting.
Issue 01 (2010-02-20)
2-3
Figure 2-6 Saving the configuration
2.
Click OK in the This will save current configuration, if you switch to other pages, you will not get the operation result. Are you sure to save? dialog box that is displayed to complete the configuration.
Step 4 Save the Station. Change the TCP/IP setting of the Station to obtain its IP address automatically. For help, see the operating system documentation for the Station. ----End
2-4
Issue 01 (2010-02-20)
3 Configuration Example of the Basic Operation
3
l l l l l l
Configuration Example of the Basic Operation
This describes the basic procedure for configuring the device, including: Configure the VLAN and add interfaces. Create an interface. Configure an interface. Configure the ACL. Configure the Packet-Filter. Save the configuration.
Procedure
Step 1 Create VLAN 5 and Add Ethernet 1/0/0 to VLAN 5. 1. 2. Choose NetWork > VLAN. The VLAN page is displayed. Click New to enter the VLAN Config interface. Figure 3-1 shows the parameter setting. Figure 3-1 Configuring the VLAN
3.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Choose NetWork > Interface. The Interface page is displayed. Click New to enter the Create New Interface interface. Figure 3-2 shows the parameter setting.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-1
Step 2 Create interface Dialer 0. 1. 2.
Issue 01 (2010-02-20)
Figure 3-2 Creating interface Dialer 0
3.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Choose NetWork > Interface. The Interface page is displayed. Click MORE corresponding to Ethernet0/0/0 to enter the Interface Basic Config interface. Figure 3-3 shows the parameter setting. Figure 3-3 Configuring interface Ethernet0/0/0
Step 3 Configure an IP address for Ethernet 0/0/0 and add Ethernet 0/0/0 to the Untrust zone. 1. 2.
3.
Step 4 Create ACL 3001 and configure the rule for ACL 3001: The action of the packets whose source IP addresses are in network segment 10.1.1.0/24 is configured as Permit. 1. 2. Choose Resource > ACL. The ACL page is displayed. Click New to enter the ACL Basic Config interface. Figure 3-4 shows the parameter setting. Figure 3-4 Creating ACL 3001
3. 4.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click New to enter the Rule Config interface. Figure 3-5 shows the parameter setting.
3-2
Issue 01 (2010-02-20)
Figure 3-5 Configuring a rule
5.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Choose Security > Packet-Filter. The Packet-Filter page is displayed. Click MORE corresponding to trust-untrust. The Packet-Filter Config page is displayed. Figure 3-6 shows the parameter setting. Figure 3-6 Configuring the interzone packet filtering rule
Step 5 Configure the packet filtering rule between the Trust zone and Untrust zone as Permit. 1. 2.
3.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click Save on the upper right of the page to save the configuration. Figure 3-7 shows the parameter setting.
Step 6 Save the configuration. 1.
Issue 01 (2010-02-20)
3-3
2.
----End
3-4
Issue 01 (2010-02-20)
4 Configuration Example of the Internetworking
4
About This Chapter
Configuration Example of the Internetworking
4.1 Configuration Example of ADSL by Using PPPoE 4.2 Configuration Example of SHDSL 4.3 Configuration Example of DHCP Server The locations and number of terminals in the network change frequently, so you need to use the Dynamic Host Configuration Protocol (DHCP) to allocate dynamic IP addresses to the terminals. The EGW2100 can serve as a DHCP server to offer IP addresses to the DHCP client. 4.4 Configuration Example of RIP Routing Information Protocol (RIP) is a type of protocol based on the distance-vector (D-V) algorithm. By using RIP, you can exchange routing information through UDP packets. This protocol is widely used in simple small-/medium-sized networks. 4.5 Configuration Example of OSPF OSPF is an internal network gateway protocol based on the link status developed by the IETF and is also a dynamic routing protocol applied to the internal of the AS. 4.6 Configuration Example of the 3G Interface for Dial-on-Demand 4.7 Configuration Example of the 3G Interface for Automatic Dialup 4.8 Configuration Example of a WLAN (Crypto Service Class) 4.9 Configuration Example of a WLAN (Plain Service Class) 4.10 Configuration Example of a WLAN (802.1X)
Issue 01 (2010-02-20)
4-1
4.1 Configuration Example of ADSL by Using PPPoE

The EGW2100 connects to a LAN through Ethernet 0/0/0 and LAN users access the Internet through the ADSL interface (ATM 2/0/0).
Networking Diagram
Figure 4-1 shows the networking of the ADSL configuration example. Figure 4-1 Networking of the ADSL configuration example
Ethernet 0/0/0 192.168.1.1/24
ATM 2/0/0 DSLAM PPPoE Server
EGW
Procedure
Step 1 Configure an IP address for Ethernet 0/0/0 and add Ethernet 0/0/0 to the Trust zone. For the configuration procedure, see 3 Configuration Example of the Basic Operation. Step 2 Create Virtual-Ethernet 1 (VE 1) interface and add VE 1 to the Untrust zone. Create Dialer 1 interface and add Dialer 1 to the Untrust zone. For the configuration procedure, see 3 Configuration Example of the Basic Operation. Step 3 Configure the ADSL interface. 1. 2. Choose NetWork > Interface. The Interface page is displayed. Click MORE corresponding to Atm2/0/0 to enter the Interface Basic Config interface. Figure 4-2 shows the parameter setting. Figure 4-2 Configuring the ADSL interface
3.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 01 (2010-02-20)
4-2
4. 5.
In the Interface Physical Config group box, select activate. Then click OK in the Are you sure to submit? dialog box that is displayed to activate the interface. In the PVC Configuration group box, select New. The PVC Configuration interface is displayed. Figure 4-3 shows the parameter setting. Figure 4-3 Configuring the PVC
NOTE
You can obtain the PVC from the operator.
6.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Choose NetWork > Interface. The Interface page is displayed. Click MORE corresponding to Dialer1 to enter the Interface Basic Config interface. In the Interface Basic Config group box, click IP Address Detail Config. The IP Address Config interface is displayed. Figure 4-4 shows the parameter setting. Figure 4-4 Obtaining the IP address in PPP negotiation mode
Step 4 Configure the PPPoE session. 1. 2. 3.
4. 5. 6.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click back, then return to Interface interface. In the PPP User and Dialer group box, click PPP User and Dialer. The PPP User Config interface is displayed. Figure 4-5 shows the parameter setting.
Issue 01 (2010-02-20)
4-3
Figure 4-5 Configuring the PPP user on the Dialer interface
7. 8. 9.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click back, then return to Interface interface. In the PPPOE Dialer interface Config group box, click Detail Config. The Dialer interface detail Config interface is displayed. Figure 4-6 shows the parameter setting. Figure 4-6 Configuring the Dialer interface
10. Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Step 5 Configure the interzone packet filtering rule. 1. 2. Choose Security > Packet-Filter. The Packet-Filter page is displayed. Click MORE corresponding to trust-untrust. The Packet-Filter Config page is displayed. Figure 4-7 shows the parameter setting. Figure 4-7 Configuring the packet filtering rule between the Trust security zone and the Untrust security zone
3.
Step 6 Configure a specific route.

4-4 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 01 (2010-02-20)
1. 2.
Choose NetWork > Route Config. The Route Config page is displayed. Click the Route-Static tab. Click New. The Route-Static Config page is displayed. Figure 4-8 shows the parameter setting. Figure 4-8 Configuring the static route
3.
Step 7 Configure NAT. 1. 2. 3. Create ACL 3001 and configure the rule for ACL 3001: Match all IP packets. For the configuration procedure, see 3 Configuration Example of the Basic Operation. Choose Service > NAT > Nat-Policy. The Nat-Policy page is displayed. Select NAT-Policy tab. Click New. The NAT-Policy page is displayed. Figure 4-9 shows the parameter setting. Figure 4-9 Configuring the NAT
NOTE
When selecting the ACL, you can select basic ACL or advanced ACL from the drop-down list. Then select the proper ACL in the ACL classification table.
4.
Step 8 Configure the DHCP function, which can dynamically assign IP addresses to intranet users. 1.
Issue 01 (2010-02-20)
Choose Service > DHCP > DHCP Basic. The DHCP Basic Config page is displayed.
2.
In the DHCP Basic Config group box, select the DHCP Enable check box. Click OK in the Are you sure to enable? dialog box to enable the DHCP function. Figure 4-10 shows the parameter setting. Figure 4-10 Enabling the DHCP function
3.
In the Setting Interface Process Mode Of DHCP Packet group box, configure the processing mode for DHCP packets on Ethernet0/0/0. Figure 4-11 shows the parameter setting. Figure 4-11 Configuring the processing mode for DHCP packets on the interface
4.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Choose NetWork > DNS Config. The DNS Config page is displayed. Click the Basic Configurations tab. Select the Enable DNS Proxy check box to enable the DNS proxy function. Figure 4-12 shows the parameter setting. Figure 4-12 Enabling the DNS proxy
Step 9 Configure the DNS. 1. 2.
3.
Click the DNS Server Address tab. Choose the interface Dialer1, Figure 4-13 shows the parameter setting.
4-6
Issue 01 (2010-02-20)
Figure 4-13 Configuring the DNS server address
4.
Click add. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click Save on the upper right of the page to save the configuration. Figure 4-14 shows the parameter setting. Figure 4-14 Saving the configuration
2.
----End
4.2 Configuration Example of SHDSL

The EGW2100 connects to a LAN through Ethernet 0/0/0 and LAN users access the Internet through the SHDSL interface (ATM 2/0/0).
Networking Diagram
Figure 4-15 shows the networking of the SHDSL configuration example.
Issue 01 (2010-02-20)
4-7
Figure 4-15 Networking of the ADSL configuration example
BAS 192.168.2.2/24 Eth 0/0/0 10.1.1.1/24 ATM 2/0/0 VE 1 192.168.2.1/24 Untrust DSLAM
Trust
EGW
Procedure
Step 1 Configure an IP address for Ethernet 0/0/0 and add Ethernet 0/0/0 to the Trust zone. For the configuration procedure, see 3 Configuration Example of the Basic Operation. Step 2 Configure an IP address for Virtual-Ethernet 1 (VE 1) interface and add VE 1 to the Untrust zone. For the configuration procedure, see 3 Configuration Example of the Basic Operation. Step 3 Configure the SHDSL interface. 1. 2. Choose NetWork > Interface. The Interface page is displayed. Click MORE corresponding to Atm2/0/0 to enter the Interface Basic Config interface. Figure 4-16 shows the parameter setting. Figure 4-16 Basic configuration of the SHDSL interface
3.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Completing the operations on the EGW2100 takes a while (about 10 seconds). Wait with patience. The progress bar at the bottom of the Web page shows the progress. In the PVC Configuration group box, click New. The GSHDSL Port Configuration interface is displayed. Figure 4-17 shows the parameter setting.
4.
4-8
Issue 01 (2010-02-20)
Figure 4-17 Configuring the SHDSL interface
NOTE
You can obtain the PVC from the operator.
5.
Step 4 Configure the interzone packet filtering rule. 1. 2. Choose Security > Packet-Filter. The Packet-Filter page is displayed. Click MORE corresponding to trust-untrust. The Packet-Filter Config page is displayed. Figure 4-18 shows the parameter setting. Figure 4-18 Configuring the packet filtering rule between the Trust security zone and the Untrust security zone
3.
Step 5 Configure a specific route. 1. 2. Choose NetWork > Route Config. The Route Config page is displayed. Click the Route-Static tab. Click New. The Route-Static Config page is displayed. Figure 4-19 shows the parameter setting. Figure 4-19 Configuring the static route
Issue 01 (2010-02-20)
4-9
3.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click Save on the upper right of the page to save the configuration. Figure 4-20 shows the parameter setting. Figure 4-20 Saving the configuration
2.
----End
4.3 Configuration Example of DHCP Server

The locations and number of terminals in the network change frequently, so you need to use the Dynamic Host Configuration Protocol (DHCP) to allocate dynamic IP addresses to the terminals. The EGW2100 can serve as a DHCP server to offer IP addresses to the DHCP client.
A DHCP server dynamically assigns the IP addresses to a client in the same network segment. The address pool segment 10.1.1.0/24 is divided into two segments: 10.1.1.0/25 and 10.1.1.128/25. The two network segments are in the Trust zone. The IP addresses of the two Ethernet interfaces on the DHCP server are 10.1.1.1/25 and 10.1.1.129/25. The IP lease of the segment 10.1.1.0/25 is 10 days and 12 hours, with domain name as dhcpserver.com, DNS address as 10.1.1.2, egress device address as 10.1.1.126 and without the NetBIOS address. The IP lease of the segment 10.1.1.128/25 is 5 days, with DNS address as 10.1.1.2, egress device address as 10.1.1.254, and NetBIOS address as 10.1.1.4.
Networking Diagram
Figure 4-21 shows the networking for configuring the DHCP server.
4-10
Issue 01 (2010-02-20)
Figure 4-21 Networking for configuring the DHCP client

NetBIOS server DHCP client DHCP client DHCP client
Ethernet1/0/1 Vlan20 10.1.1.1/25
EGW Ethernet1/0/0 Vlan10 10.1.1.129/25 DHCP server
DNS server
DHCP client
DHCP client
DHCP client
Network: 10.1.1.0/25
Network: 10.1.1.128/25
Procedure
Step 1 Configure the VLANs that Vlanif interfaces belong to, set the IP addresses of the Vlanif interfaces, and add the Vlanif interfaces to the specified zones. For the configuration procedure, see 3 Configuration Example of the Basic Operation. Step 2 Configure the packet filtering rule between the Trust security zone and the Untrust security zone. 1. 2. Choose Security > Packet-Filter. The Packet-Filter page is displayed. Click MORE corresponding to trust-untrust. The Packet-Filter Config page is displayed. Select the permit option button respectively next to Inbound Default Packet-filter and Outbound Default Packet-filter. Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration.
3.
CAUTION
The default packet filtering rule that allows all the packets to pass may cause security troubles. Therefore, it is recommended to apply the ACL rule in interzones. Step 3 Enable DHCP and set the interface process mode of DHCP packets. 1. 2. Select Service > DHCP > DHCP Basic. The DHCP Basic page is displayed. Click the Select button next to the Main Interface text box to select Vlanif20. Set the parameters based on Figure 4-22.
Issue 01 (2010-02-20)
4-11
Figure 4-22 Setting the Vlanif20 interface process mode of DHCP packets
3. 4.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click the Select button next to the Main Interface text box to select Vlanif10. Set the parameters based on Figure 4-23. Figure 4-23 Setting the Vlanif10 interface process mode of DHCP packets
5.
Step 4 Configure the IP addresses that do not participate in auto-allocation, including addresses of the DNS server, the NetBIOS server and the egress gateway. 1. 2. Select Service > DHCP > DHCP Server. The DHCP Server page is displayed. Select Forbidden Ip tab. Click New. The Forbidden IP Config page is displayed. Set the parameters based on Figure 4-24.
4-12
Issue 01 (2010-02-20)
Figure 4-24 Configuring the forbidden IP addresses
3. 4.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Select Forbidden Ip tab. Click New. The Forbidden IP Config page is displayed. Set the parameters based on Figure 4-25. Figure 4-25 Configuring the forbidden IP addresses
5. 6.
7. 8.
9.
Issue 01 (2010-02-20)
Step 5 Configure related attributes for the DHCP address pool. 1. 2. Select Service > DHCP > DHCP Server. The DHCP Server page is displayed. Select Global Ip-pool tab. Click New. The Global Ip Pool Config page is displayed. Set the parameters based on Figure 4-28. Figure 4-28 Configuring attributes of DHCP address pool 1
3. 4.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Select Global Ip-pool tab. Click New. The Global Ip Pool Config page is displayed. Set the parameters based on Figure 4-29. Figure 4-29 Configuring attributes of DHCP address pool 2
5.
4-14
2.
----End
4.4 Configuration Example of RIP

Routing Information Protocol (RIP) is a type of protocol based on the distance-vector (D-V) algorithm. By using RIP, you can exchange routing information through UDP packets. This protocol is widely used in simple small-/medium-sized networks.
Three subnetworks (192.1.2.0/24, 192.1.3.0/24, and 192.1.4.0/24) in a Local Area Network (LAN) cooperate with each other through the EGW2100 and two routers. Routing Information Protocol (RIP) works on both the EGW2100 and routers. After the configuration, the EGW2100, Router B, and Router C can learn routing information from each other. The EGW2100, Router B, and Router C respectively serve as the default gateways of the 192.1.2.0/24, 192.1.3.0/24, and 192.1.4.0/24 network segments. The EGW2100 connects to the Ethernet interfaces of Router B and Router C through Ethernet interfaces. The EGW2100 (192.1.1.1) receives RIP packets broadcasted by Router B (192.1.1.2) and Router C (192.1.1.3). The EGW2100 sends RIP broadcast packets to Router B and Router C at the same time.
Networking Diagram
Figure 4-31 shows the networking of the RIP configuration example.
Issue 01 (2010-02-20)
4-15
Figure 4-31 Networking of the RIP configuration example
192.1.2.0/24
Untrust EGW Eth0/0/0 Trust 192.1.1.1 Eth2/0/0 192.1.1.3 RouterC RouterB Eth2/0/0 192.1.1.2
192.1.4.0/24
192.1.3.0/24
Procedure
Step 1 Configure the EGW2100. 1. 2. 3. 4. 5. Set the IP address of the interface, and then add the interface to the specified zone. For the configuration procedure, see 3 Configuration Example of the Basic Operation. Configure the Packet-Filter. For the configuration procedure, see 3 Configuration Example of the Basic Operation. Choose NetWork > RIP. The RIP page is displayed. Click the Interface Configuration tab. Click New. The Interface Configuration page is displayed. Set the parameters of the interface on this page, as shown in Figure 4-32.
4-16
Issue 01 (2010-02-20)
Figure 4-32 Configuring the packet receiving and packet sending functions
6. 7.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click the RIP Config tab. Select the RIP Enable check box to enable the RIP function, as shown in Figure 4-33. Figure 4-33 Enabling the RIP function
8.
Click MORE. The RIP Config page is displayed. Set the parameters based on Figure 4-34. Figure 4-34 Configuring the IP address of the RIP network segment
Issue 01 (2010-02-20)
4-17
9.
Click Add.
10. Enabling RIP on the Specified Network Segment. Set the parameters based on Figure 4-35. Figure 4-35 Enabling RIP on the Specified Network Segment
11. Click Add. 12. Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Step 2 Save the configuration. 1. Click Save on the upper right of the page to save the configuration. Figure 4-36 shows the parameter setting. Figure 4-36 Saving the configuration
2.
Step 3 Configure Router B and Router C. For the configuration procedure, see the configurations of the EGW2100. ----End
4.5 Configuration Example of OSPF

OSPF is an internal network gateway protocol based on the link status developed by the IETF and is also a dynamic routing protocol applied to the internal of the AS.
Start OSPF process 100 on the Ethernet0/0/0 interface of the EGW2100 and the interface is in area 0. Start OSPF process 100 on the Vlanif 5 interface and the interface is in area 1.
Respectively set up the neighbor relationship between Router A and the EGW2100 and between Router B and the EGW2100. Start OSPF process 100 on the Ethernet1/0/0 interface of Router A and the interface is in area 0. Start OSPF process 100 on the Ethernet2/0/0 interface of Router B and the interface is in area 1.
Networking Diagram
Figure 4-37 shows the networking diagram of OSPF configurations. Figure 4-37 Networking diagram of OSPF configurations
Untrust Eth1/0/0 Eth0/0/0 172.10.1.2/16 172.10.1.1/16 Router A Process 100 Area 0 EGW Eth1/0/0 Vlan5 Process 100 131.108.1.3/16 Trust Area 1 Ethernet2/0/0 131.108.1.1/16 Router B
Procedure
Step 1 Configure the EGW2100. 1. Configure the VLANs that Vlanif interfaces belong to, set the IP addresses of the Vlanif interfaces, and add the Vlanif interfaces to the specified zones. For the configuration procedure, see 3 Configuration Example of the Basic Operation. Choose Security > Packet-Filter. The Packet-Filter page is displayed. Click MORE corresponding to trust-untrust. The Packet-Filter Config page is displayed. Select the permit option button respectively next to Inbound Default Packet-filter and Outbound Default Packet-filter. Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration.
2. 3.
4.
Issue 01 (2010-02-20)
4-19
CAUTION
The default packet filtering rule that allows all the packets to pass may cause security troubles. Therefore, it is recommended to apply the ACL rule in interzones. 5. 6. 7. Choose NetWork > OSPF to enter the OSPF interface. Click the Process Config tab. Click New to enter the Process Config interface. Figure 4-38 shows the parameter setting. Figure 4-38 Configuring process 100
NOTE
Router ID in the diagram is the router ID that uniquely identifies a router in the OSPF protocol.
8. 9.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click MORE corresponding to 100 and choose the Area Config tab.
10. Click New to enter the Area Config interface. Figure 4-39 shows the parameter setting. Figure 4-39 Configuring area 0
11. Click Add to add the 172.10.0.0/16 network segment to area 0. 12. Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. 13. Click New to enter the Area Config interface. Figure 4-40 shows the parameter setting.
Figure 4-40 Configuring area 1
14. Click Add to add the 131.108.0.0/16 network segment to area 1. 15. Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Step 2 Save the configuration. 1. Click Save on the upper right of the page to save the configuration. Figure 4-41 shows the parameter setting. Figure 4-41 Saving the configuration
2.
Step 3 Configure Router A and Router B. For the configuration procedure, see the configurations of the EGW2100. ----End
4.6 Configuration Example of the 3G Interface for Dial-onDemand

The EGW2100 connects to the enterprise intranet through Ethernet 0/0/0 and to the Internet through USB WCDMA 3G card. The networking requirements are as follows:
l l l
The intranet of the enterprise is in network segment 192.168.1.0/24. Dialer interface is used for dial-on-demand. The IP address of the 3G interface is allocated by the radio network through negotiation.
Networking Diagram
Figure 4-42 shows the networking diagram of dial-on-demand through the Dialer interface.
Issue 01 (2010-02-20) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-21
Figure 4-42 Networking diagram of dial-on-demand through the Dialer interface

Ethernet 0/0/0 192.168.1.1/24 3G interface
EGW 192.168.1.0/24
Procedure
Step 1 Configure the Modem. 1. Choose NetWork > Modem. The Modem Config page is displayed. Figure 4-43 shows the parameter setting. Figure 4-43 Configuring the Modem
2.
Step 2 Configure the dialer rule. 1. 2. Choose NetWork > Dial Rule. The Dial Rule page is displayed. Click New to enter the Dialer Rule Config interface. Figure 4-44 shows the parameter setting. Figure 4-44 Configuring the dialer rule
3.
Step 3 Configure the Dialer interface and associate dialup access group 1 with the interface. Enable circular DCC and configure the dialing string. 1. 2. Choose NetWork > Interface. The Interface page is displayed. Click New to enter the Create New Interface interface. Figure 4-45 shows the parameter setting.
4-22
Figure 4-45 Creating interface Dialer 0
3. 4.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click MORE corresponding to Dialer0 to enter the Interface Dialer0 Config interface. Figure 4-46 shows the parameter setting. Figure 4-46 Adding the Dialer0 interface to the Untrust zone
5. 6.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. In the Interface Basic Config group box, click IP Address Detail Config. The IP Address Config interface is displayed. Figure 4-47 shows the parameter setting. Figure 4-47 Obtaining the IP address in PPP negotiation mode
7. 8. 9.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click back. Then return to the Interface Dialer0 Config interface. In the PPP User and Dialer group box, click PPP User and Dialer. The PPP User Config interface is displayed. Figure 4-48 shows the parameter setting.
CAUTION
l l
Configure access authentication (according to the actual networking). The corresponding authentication configuration on the physical interface (Cellular) is required.
Issue 01 (2010-02-20)
4-23
Figure 4-48 Configuring the PPP user on the Dialer0 interface
10. Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. 11. Click back. Then return to the Interface Dialer0 Config interface. 12. In the Dial Control Center group box, click DCC Configuration. The DCC Configuration interface is displayed. Figure 4-49 shows the parameter setting.
CAUTION
You can obtain the Peer Number from the operator.
Figure 4-49 Configuring circular DCC
13. Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Step 4 Configure the Cellular5/0/0 interface. 1. 2. 3. Choose NetWork > Interface. The Interface page is displayed. Click MORE corresponding to Cellular5/0/0 to enter the Cellular5/0/0 Interface Config interface. In the PPP User and Dialer group box, click PPP User and Dialer. The PPP User Config interface is displayed. Figure 4-50 shows the parameter setting.
4-24
Issue 01 (2010-02-20)
CAUTION
If the authentication is configured on the Dialer interface, the corresponding configuration on the Cellular interface is also required.
Figure 4-50 Configuring the PPP user on the Cellular interface
4. 5. 6.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click back. Then return to the Cellular5/0/0 Interface Config interface. In the Dial Control Center group box, click DCC Configuration. The DCC Configuration interface is displayed. Figure 4-51 shows the parameter setting. Figure 4-51 Adding the Cellular interface to the Dialer circular group
7. 8.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. In the Data Card Config group box, click Data Card Config. Then click the Operator Manage tab. The Operator Config interface is displayed. Figure 4-52 shows the parameter setting. Figure 4-52 Configuring the operator
Issue 01 (2010-02-20)
4-25
CAUTION
l l
For WCDMA data cards, you should set the Access Point Name (APN). You can obtain the APN from the operator.
9.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Choose NetWork > Interface. The Interface page is displayed. Click MORE corresponding to Ethernet0/0/0 to enter the Ethernet0/0/0 Interface Config interface. Figure 4-53 shows the parameter setting. Figure 4-53 Configuring Ethernet 0/0/0 interface
Step 5 Configure Ethernet 0/0/0 interface. 1. 2.
3.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Choose Resource > ACL. The ACL page is displayed. Click New to enter the ACL Basic Config interface. Figure 4-54 shows the parameter setting. Figure 4-54 Creating ACL 3001
Step 6 Configure the NAT rule, the routing rule, and the packet filtering rule. 1. 2.
3. 4.
4-26
Issue 01 (2010-02-20)
5. 6. 7.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Choose Service > NAT > Nat-Policy. The Nat-Policy page is displayed. Click new to enter the NAT-Policy interface. Figure 4-56 shows the parameter setting. Figure 4-56 Configuring the NAT
8. 9.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Choose Security > Packet-Filter. The Packet-Filter page is displayed.
10. Click MORE corresponding to trust-untrust. The Packet-Filter Config page is displayed. Figure 4-57 shows the parameter setting.
Figure 4-57 Configuring the interzone packet filtering rule
11. Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. 12. Choose NetWork > Route Config. The Route Config page is displayed. 13. Click the Route-Static tab. Click New. The Route-Static Config page is displayed. Figure 4-58 shows the parameter setting. Figure 4-58 Configuring the static route
14. Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Step 7 Configure the DHCP function, which can dynamically assign IP addresses to intranet users. 1. 2. Choose Service > DHCP > DHCP Basic. The DHCP Basic Config page is displayed. In the DHCP Basic Config group box, select the DHCP Enable check box. Click OK in the Are you sure to enable? dialog box to enable the DHCP function. Figure 4-59 shows the parameter setting. Figure 4-59 Enabling the DHCP function
3.
In the Setting Interface Process Mode Of DHCP Packet group box, configure the processing mode for DHCP packets on Ethernet0/0/0. Figure 4-60 shows the parameter setting.
4-28
Issue 01 (2010-02-20)
Figure 4-60 Configuring the processing mode for DHCP packets on the interface
4.
Step 8 Configure the DNS. 1. 2. Choose NetWork > DNS Config. The DNS Config page is displayed. Click the Basic Configurations tab. Select the Enable DNS Proxy check box to enable the DNS proxy function. Figure 4-61 shows the parameter setting. Figure 4-61 Enabling the DNS proxy
3.
Click the DNS Server Address tab. Choose the interface Dialer0, Figure 4-62 shows the parameter setting. Figure 4-62 Configuring the DNS server address
4.
Click add. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration.
Step 9 Save the configuration. 1. Click Save on the upper right of the page to save the configuration. Figure 4-63 shows the parameter setting. Figure 4-63 Saving the configuration
2.
----End
4.7 Configuration Example of the 3G Interface for Automatic Dialup

The EGW2100 connects to the enterprise intranet through Ethernet 0/0/0 and to the Internet through USB 3G card. The networking requirements are as follows:
l l l
The intranet of the enterprise is in network segment 192.168.1.0/24. Cellular interface is used for automatic dialup. The IP address of the 3G interface is allocated by the radio network through negotiation.
Networking Diagram
Figure 4-64 shows the networking diagram of automatic dialup through the Dialer interface. Figure 4-64 Networking diagram of automatic dialup through the Dialer interface
Ethernet 0/0/0 192.168.1.1/24 3G interface
EGW 192.168.1.0/24
Procedure
Step 1 Configure the Modem. 1. Choose NetWork > Modem. The Modem Config page is displayed. Figure 4-65 shows the parameter setting. Figure 4-65 Configuring the Modem
2.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Choose NetWork > Dial Rule. The Dial Rule page is displayed. Click New to enter the Dialer Rule Config interface. Figure 4-66 shows the parameter setting.
Step 2 Configure the dialer rule. 1. 2.
4-30
Figure 4-66 Configuring the dialer rule
3.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Choose NetWork > Interface. The Interface page is displayed. Click MORE corresponding to Cellular5/0/0 to enter the Interface Cellular5/0/0 Config interface. Figure 4-67 shows the parameter setting. Figure 4-67 Adding Cellular5/0/0 interface to the Untrust zone
Step 3 Configure the Cellular interface, enable the circular DCC, and configure the dialup route. 1. 2.
3. 4.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. In the Interface Basic Config group box, click IP Address Detail Config. The IP Address Config interface is displayed. Figure 4-68 shows the parameter setting. Figure 4-68 Obtaining the IP address in PPP negotiation mode
5. 6. 7.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click back. Then return to the Interface Cellular5/0/0 Config interface. In the PPP User and Dialer group box, click PPP User and Dialer. The PPP User Config interface is displayed. Figure 4-69 shows the parameter setting.
Issue 01 (2010-02-20)
4-31
CAUTION
l l
Configure access authentication (according to the actual networking). Generally, the user names and passwords of TD-SCDMA users are free and those of CDMA (EVDO) users are card.
Figure 4-69 Configuring the PPP user
8. 9.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click back. Then return to the Interface Cellular5/0/0 Config interface.
10. In the Dial Control Center group box, click DCC Configuration. The DCC Configuration interface is displayed. Figure 4-70 shows the parameter setting.
CAUTION
You can obtain the Peer Number from the operator.
Figure 4-70 Configuring circular DCC
4-32
Issue 01 (2010-02-20)
11. Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Step 4 Configure the Ethernet 0/0/0 interface. 1. 2. Choose NetWork > Interface. The Interface page is displayed. Click MORE corresponding to Ethernet0/0/0 to enter the Ethernet0/0/0 Interface Config interface. Figure 4-71 shows the parameter setting. Figure 4-71 Configuring the Ethernet 0/0/0 interface.
3.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Choose Resource > ACL. The ACL page is displayed. Click New to enter the ACL Basic Config interface. Figure 4-72 shows the parameter setting. Figure 4-72 Creating ACL 3001
Step 5 Configure the NAT rule, the routing rule, and the packet filtering rule. 1. 2.
3. 4.
Issue 01 (2010-02-20)
4-33
5. 6. 7.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Choose Service > NAT > Nat-Policy. The Nat-Policy page is displayed. Click new to enter the NAT-Policy interface. Figure 4-74 shows the parameter setting. Figure 4-74 Configuring the NAT
8. 9.
10. Click MORE corresponding to trust-untrust. The Packet-Filter Config page is displayed. Figure 4-75 shows the parameter setting.
Figure 4-75 Configuring the interzone packet filtering rule
11. Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. 12. Choose NetWork > Route Config. The Route Config page is displayed. 13. Click the Route-Static tab. Click New. The Route-Static Config page is displayed. Figure 4-76 shows the parameter setting. Figure 4-76 Configuring the static route
14. Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Step 6 Configure the DHCP function, which can dynamically assign IP addresses to intranet users. 1. 2. Choose Service > DHCP > DHCP Basic. The DHCP Basic Config page is displayed. In the DHCP Basic Config group box, select the DHCP Enable check box. Click OK in the Are you sure to enable? dialog box to enable the DHCP function. Figure 4-77 shows the parameter setting. Figure 4-77 Enabling the DHCP function
3.
In the Setting Interface Process Mode Of DHCP Packet group box, configure the processing mode for DHCP packets on Ethernet0/0/0. Figure 4-78 shows the parameter setting.
Issue 01 (2010-02-20)
4-35
4.
Step 7 Configure the DNS. 1. 2. Choose NetWork > DNS Config. The DNS Config page is displayed. Click the Basic Configurations tab. Select the Enable DNS Proxy check box to enable the DNS proxy function. Figure 4-79 shows the parameter setting. Figure 4-79 Enabling the DNS proxy
2.
----End
4.8 Configuration Example of a WLAN (Crypto Service Class)

l
The EGW2100 (AP) is connected to the Router through Ethernet 0/0/0 (already added to the Untrust zone). The fixed IP address of Ethernet 0/0/0 is 202.169.10.1/24 and the IP address of Ethernet 1/0/0 on the Router is 202.169.10.2/24. The IP addresses of the two stations are 192.168.1.2/24 and 192.168.1.3/24. The stations use wireless network cards to connect to the AP, with the SSID of WLAN100.
l l
4-36

l
The authentication mode is WPA-WPA2-PSK, the pre-shared key is abcdefgh, and the CCMP and TKIP encryption suite is adopted.
The stations can access the Internet in wireless mode through the configuration of a WLAN.
Networking Diagram
Figure 4-81 shows the networking diagram of configuring a WLAN (Crypto service class). Figure 4-81 Networking diagram of configuring a WLAN (Crypto service class)
WLAN100 Eth1/0/0 Eth0/0/0 EGW
Station
Station
Procedure
Step 1 Set the IP address of Ethernet 0/0/0 of the EGW2100, and add the interface to the Untrust zone. For the configuration procedure, see 3 Configuration Example of the Basic Operation. Step 2 Create VLAN 2. Set the IP address of interface Vlanif 2 to 192.168.1.1/24, and add the interface to the Trust zone. For the configuration procedure, see 3 Configuration Example of the Basic Operation. Step 3 Configure the service class.
NOTE
By default, Service Class 0 is enabled. If Service Class 0 is not needed, it is recommended to disable the Service Class.
1. 2.
Choose NetWork > Wlan > Service Class. The Service Class page is displayed. Click New to enter the Create a Service Class interface. Figure 4-82 shows the parameter setting. Figure 4-82 Creating a Service Class
3. 4.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click MORE corresponding to Service Class Number 2 to enter the Service Class Config interface. Figure 4-83 shows the parameter setting.
Issue 01 (2010-02-20)
Figure 4-83 Configuring the crypto service class
NOTE
The Pre-shared Key is abcdefgh.
5. 6.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click ENABLE corresponding to service class number 2. Click OK in the Are you sure to enalbe? dialog box that is displayed, and click OK in the Info: Service-class 2 is enabled successfully! dialog box that is displayed to complete the configuration. Choose NetWork > Wlan > Radio Setting. The Radio Setting page is displayed. Click New Bss in the Wlan Bss group box to access the Interface Basic Config interface. Figure 4-84 shows the parameter setting. Figure 4-84 Creating the WLAN-BSS interface
Step 4 Configure the binding between the service class and the WLAN-BSS interface. 1. 2.
3. 4.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click MORE corresponding to Wlan-Bss2 in the Wlan Bss group box. The configuration interface of interface Wlan-Bss2 is displayed. Figure 4-85 shows the parameter setting.
4-38
Issue 01 (2010-02-20)
Figure 4-85 Configuring interface Wlan-Bss2
5.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Choose Security > Packet-Filter. The Packet-Filter page is displayed. Click MORE corresponding to trust-untrust. The Packet-Filter Config page is displayed. Figure 4-86 shows the parameter setting. Figure 4-86 Configuring the interzone packet filtering rule
Step 5 Configure the packet filtering rule. 1. 2.
3.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Create ACL 3001 and configure the rule for ACL 3001: Match all IP packets. For the configuration procedure, see 3 Configuration Example of the Basic Operation. Choose Service > NAT > Nat-Policy. The Nat-Policy page is displayed. Click new to enter the NAT-Policy interface. Figure 4-87 shows the parameter setting. Figure 4-87 Configuring the NAT
Step 6 Configure the NAT. 1. 2. 3.
Issue 01 (2010-02-20)
4-39
4.
Step 7 Configure the static route. 1. 2. Choose NetWork > Route Config. The Route Config page is displayed. Click the Route-Static tab. Click New. The Route-Static page is displayed. Figure 4-88 shows the parameter setting. Figure 4-88 Configuring the static route
3.
2.
Step 9 Configure the wireless network cards on the client.

l
Manually set the IP addresses of the wireless network cards to 192.168.1.2/24 and 192.168.1.3/24. The SSID, encryption mode, authentication mode, and pre-shared key on the wireless network cards should be consistent with those on the EGW2100.
----End
4.9 Configuration Example of a WLAN (Plain Service Class)

l
The EGW2100 (AP) is connected to the Router through Ethernet 0/0/0 (already added to the Untrust zone).
4-40

l
The fixed IP address of Ethernet 0/0/0 is 202.169.10.1/24 and the IP address of Ethernet 1/0/0 on the Router is 202.169.10.2/24. The two stations automatically obtain IP addresses through DHCP. The stations use wireless network cards to connect to the AP, with the SSID of WLAN100.
l l
Networking Diagram
Figure 4-90 shows the networking diagram of configuring a WLAN (Plain service class). Figure 4-90 Networking diagram of configuring a WLAN (Plain service class)
Station WLAN100 Eth1/0/0 Eth0/0/0 EGW Station
Procedure
Step 1 Set the IP address of Ethernet 0/0/0 of the EGW2100, and add the interface to the Untrust zone. For the configuration procedure, see 3 Configuration Example of the Basic Operation. Step 2 Create VLAN 2. Set the IP address of interface Vlanif 2 to 192.168.1.1/24, and add the interface to the Trust zone. For the configuration procedure, see 3 Configuration Example of the Basic Operation. Step 3 Configure the DHCP function. 1. 2. Choose Service > DHCP > DHCP Basic. The DHCP Basic Config page is displayed. In the DHCP Basic Config group box, select the DHCP Enable check box. Click OK in the Are you sure to enable? dialog box to enable the DHCP function. Figure 4-91 shows the parameter setting. Figure 4-91 Enabling the DHCP function
3.
In the Setting Interface Process Mode Of DHCP Packet group box, configure the processing mode for DHCP packets on Vlanif2. Figure 4-92 shows the parameter setting.
Issue 01 (2010-02-20)
4.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Choose NetWork > Wlan > Service Class. The Service Class page is displayed.
NOTE
Step 4 Configure the service class. 1.
By default, the number of the plain service class of the EGW2100 is 0.
2.
Click DISABLE corresponding to service class number 0. Click OK in the Are you sure to disable? dialog box that is displayed, and click OK in the Info: Service class 0 is disabled successfully, and the status of BSS 0 changes to down! dialog box that is displayed to disable service class number 0. Click MORE corresponding to service class number 0 to enter the Service Class Config interface. Figure 4-93 shows the parameter setting. Figure 4-93 Configuring the plain service class
3.
4. 5.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click ENABLE corresponding to service class number 0. Click OK in the Are you sure to enalbe? dialog box that is displayed, and click OK in the Info: Service-class 0 is enabled successfully, and the status of BSS 0 changes to up! dialog box that is displayed to complete the configuration. Choose NetWork > Wlan > Radio Setting. The Radio Setting page is displayed. Click MORE corresponding to Wlan-Bss0 in the Wlan Bss group box. The configuration interface of interface Wlan-Bss0 is displayed. Figure 4-94 shows the parameter setting.
Step 5 Configure the binding between the service class and the WLAN-BSS interface. 1. 2.
4-42
Issue 01 (2010-02-20)
Figure 4-94 Configuring interface Wlan-Bss0
3.
Step 6 Configuring the NAT, packet filtering, and default route. The configuration procedure is similar to that for the WLAN of the crypto service class, see 4.8 Configuration Example of a WLAN (Crypto Service Class). Step 7 Save the configuration. 1. Click Save on the upper right of the page to save the configuration. Figure 4-95 shows the parameter setting. Figure 4-95 Saving the configuration
2.
Click OK in the This will save current configuration, if you switch to other pages, you will not get the operation result. Are you sure to save? dialog box that is displayed to complete the configuration. Configure the wireless network cards to automatically obtain IP addresses. The SSID, encryption mode, and authentication mode on the wireless network cards should be consistent with those on the EGW2100.

l l
----End
4.10 Configuration Example of a WLAN (802.1X)

l
The EGW2100 (AP) is connected to the Router through Ethernet 0/0/0 (already added to the Untrust zone). The fixed IP address of Ethernet 0/0/0 is 202.169.10.1/24 and the IP address of Ethernet 1/0/0 on the Router is 202.169.10.2/24. The two stations automatically obtain IP addresses through DHCP. The stations use wireless network cards to connect to the AP , with the SSID of WLAN100. 802.1X authentication is enabled. The IP address of the RADIUS server is 202.169.10.100/24 and the key is hello.
l l l
Networking Diagram
Figure 4-96 shows the networking diagram of configuring a WLAN (802.1X). Figure 4-96 Networking diagram of configuring a WLAN (802.1X)
RADIUS Server WLAN100 Eth0/0/0 Eth1/0/0 EGW Station Station
Precautions
Select WPA, WPA2 or WPA-WPA2 for the authentication mode when configuring 802.1X.
Procedure
Step 1 Set the IP address of Ethernet 0/0/0 of the EGW2100, and add the interface to the Untrust zone. For the configuration procedure, see 3 Configuration Example of the Basic Operation. Step 2 Create VLAN 2. Set the IP address of interface Vlanif 2 to 192.168.1.1/24, and add the interface to the Trust zone. For the configuration procedure, see 3 Configuration Example of the Basic Operation. Step 3 Configure the service class.
NOTE
By default, Service Class 0 is enabled. If Service Class 0 is not needed, it is recommended to disable the Service Class.
1. 2.
Choose NetWork > Wlan > Service Class. The Service Class page is displayed. Click New to enter the Create a Service Class interface. Figure 4-97 shows the parameter setting. Figure 4-97 Creating a Service Class
3. 4.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click MORE corresponding to Service Class Number 2 to enter the Service Class Config interface. Figure 4-98 shows the parameter setting.
4-44
Figure 4-98 Configuring the crypto service class
5.
Select the check box to the left of Advanced Config. The advanced configuration interface is displayed. Figure 4-99 shows the parameter setting. Figure 4-99 Creating 802.1X domain abc
6. 7.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click ENABLE corresponding to service class number 2. Click OK in the Are you sure to enalbe? dialog box that is displayed, and click OK in the Info: Service-class 2 is enabled successfully! dialog box that is displayed to complete the configuration.
Step 4 Configure the binding between the service class and the WLAN-BSS interface. 1. 2. Choose NetWork > Wlan > Radio Setting. The Radio Setting page is displayed. Click New Bss in the Wlan Bss group box to access the Interface Basic Config interface. Figure 4-100 shows the parameter setting. Figure 4-100 Creating the WLAN-BSS interface
Issue 01 (2010-02-20)
4-45
3. 4.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click MORE corresponding to Wlan-Bss2 in the Wlan Bss group box. The configuration interface of interface Wlan-Bss2 is displayed. Figure 4-101 shows the parameter setting. Figure 4-101 Configuring interface Wlan-Bss2
5.
Step 5 Configuring the NAT, packet filtering, and default route. The configuration procedure is similar to that for the WLAN of the crypto service class, see 4.8 Configuration Example of a WLAN (Crypto Service Class). Step 6 Configuring the DHCP. The configuration procedure is similar to that for the WLAN of the plain service class, see 4.9 Configuration Example of a WLAN (Plain Service Class). Step 7 Configure the RADIUS. 1. 2. Choose Resource > AAA > Radius. The Radius interface is displayed. Click new. The Radius Template Config interface is displayed. Figure 4-102 shows the parameter setting. Figure 4-102 Configuring the RADIUS template
3. 4.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click MORE corresponding to template name test, and click the Server Info tab. The Radius Server Config interface is displayed. Figure 4-103 shows the parameter setting.
4-46
Issue 01 (2010-02-20)
Figure 4-103 Configuring the RADIUS authentication server
5.
Step 8 Configure AAA. 1. 2. Choose Resource > AAA > Scheme. The Scheme interface is displayed. Click the Authentication Scheme tab, and click new. The Authentication Scheme Config interface is displayed. Figure 4-104 shows the parameter setting. Figure 4-104 Configuring the RADIUS authentication scheme
3. 4. 5.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Choose Resource > AAA > Domain. The Domain interface is displayed. Click new. The Domain Basic Config interface is displayed. Figure 4-105 shows the parameter setting. Figure 4-105 Configuring the domain
Issue 01 (2010-02-20)
4-47
6. 7.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click MORE corresponding to domain name abc, and click the AAA Policy tab. The Domain AAA Policy Config interface is displayed. Figure 4-106 shows the parameter setting. Figure 4-106 Configuring the AAA domain policy
8.
2.
Click OK in the This will save current configuration, if you switch to other pages, you will not get the operation result. Are you sure to save? dialog box that is displayed to complete the configuration. Configure the wireless network cards to automatically obtain IP addresses. The SSID and authentication mode on the wireless network cards should be consistent with those on the AP. The user name, password and certificate for 802.1X authentication should be consistent with those on the RADIUS server.

l l
----End
4-48
Issue 01 (2010-02-20)
5 Configuration Example of the ACL
5
l l l
Configuration Example of the ACL
When planning the network, you need to use different policies to manage different users. In the external network, only a specific user can access the internal server. In the internal network, only a specific host can access the external network.
A EGW2100 is deployed at the network egress of the company. The Ethernet1/0/0 interface is connected to the internal network of the company. The Ethernet0/0/0 interface is connected to the Internet. The company provides WWW, FTP, and Telnet services for external users. The network segment of the internal network is 10.100.20.0/24. The IP address of a specific external user is 202.39.2.3.
Configuration requirement:
l
In the external network, only host 202.39.2.3 can access the internal FTP server, Telnet server, WWW server. In the internal network, only host 10.100.20.3 and host 10.100.20.4 can access the external network.
Networking Diagram
Figure 5-1 shows the networking of the ACL configuration example.
Issue 01 (2010-02-20)
5-1
Figure 5-1 Networking of the ACL configuration example

FTP Server Telnet Server WWW Server 10.100.20.3/24 10.100.20.4/24 10.100.20.5/24
Ethernet1/0/0 Vlanif5 10.100.20.2/24 EGW Ethernet0/0/0 202.38.10.2/24
PC 202.39.2.3/16
202.38.10.6/24
Procedure
Step 1 Configure the IP addresses of interfaces of the EGW2100 and add the interfaces to related security zones. 1. 2. 3. Choose NetWork > VLAN. The VLAN page is displayed. Click New to enter the VLAN Config interface. Enter 5 in VLAN ID. Click Select Select Ethernet1/0/0 in the interface list. Click choose to return to the VLAN Config interface. Click Add to add Ethernet1/0/0 to VLAN 5. As shown in Figure 5-2. Figure 5-2 Creating VLAN 5
4. 5.
Choose NetWork > Interface. The Interface page is displayed. Click New to enter the Create New Interface interface. Figure 5-3 shows the parameter setting. Figure 5-3 Creating Vlanif 5
5-2
Issue 01 (2010-02-20)
6. 7.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click MORE corresponding to Vlanif5 to enter the Interface Basic Config interface. Figure 5-4 shows the parameter setting. Figure 5-4 Setting basic parameters of the Vlanif 5 interface
8. 9.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Choose NetWork > Interface. The Interface page is displayed.
10. Click MORE corresponding to Ethernet0/0/0 to enter the Ethernet0/0/0 Interface Config interface. Figure 5-5 shows the parameter setting. Figure 5-5 Configuring interface Ethernet0/0/0
11. Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Step 2 Configure a specific route to the external network. 1. 2. Choose NetWork > Route Config. The Route Config page is displayed. Click the Route-Static tab. Click New. The Route-Static Config page is displayed. Set the parameters based on Figure 5-6.
Issue 01 (2010-02-20)
Figure 5-6 Configuring the static route
3.
Step 3 Configuration requirement 1: In the external network, only host 202.39.2.3 can access the internal FTP server, Telnet server, WWW server. 1. 2. 3. 4. 5. Choose Resource > ACL. The ACL page is displayed. Click New. The ACL Basic Configuration page is displayed. In ACL Number, enter 3102. Click apply to create an ACL rule. In the ACL Rule Configuration area, click New. The Rule Configuration page is displayed. Set the parameters based on Figure 5-7. Figure 5-7 Configuring ACL rule 1
5-4
Issue 01 (2010-02-20)
6. 7.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. In the ACL Rule Configuration area, click New. The Rule Configuration page is displayed. Set the parameters based on Figure 5-8. Figure 5-8 Configuring ACL rule 2
8. 9.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. In the ACL Rule Configuration area, click New. The Rule Configuration page is displayed. Set the parameters based on Figure 5-9.
Issue 01 (2010-02-20)
5-5
Figure 5-9 Configuring ACL rule 3
10. Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. 11. Choose Security > Packet-Filter. The Packet-Filter page is displayed. 12. Click MORE corresponding to dmz-untrust. The Packet-Filter Config page is displayed. Set the parameters based on Figure 5-10. Figure 5-10 Configuring packet filtering rule 1
13. Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. 14. Choose Security > ASPF. The ASPF Config page is displayed. 15. Click the InterZone ASPF tab. In the InterZone, select DMZ and Untrust. 16. Click confirm. Set the parameters based on Figure 5-11.
5-6
Issue 01 (2010-02-20)
Figure 5-11 Configuring interzone ASPF
17. Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Step 4 Configuration requirement 2: In the internal network, only host 10.100.20.3 and host 10.100.20.4 can access the external network. 1. 2. 3. 4. 5. Choose Resource > ACL. The ACL page is displayed. Click New. The ACL Basic Configuration page is displayed. In ACL Number, enter 3103. Click apply to create an ACL rule. In the ACL Rule Configuration area, click New. The Rule Configuration page is displayed. Set the parameters based on Figure 5-12. Figure 5-12 Configuring ACL rule 4
6.
Issue 01 (2010-02-20)
7.
In the ACL Rule Configuration area, click New. The Rule Configuration page is displayed. Set the parameters based on Figure 5-13. Figure 5-13 Configuring ACL rule 5
8. 9.
10. Click MORE corresponding to dmz-untrust. The Packet-Filter Config page is displayed. Set the parameters based on Figure 5-14. Figure 5-14 Configuring packet filtering rule 2
11. Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Step 5 Save the configuration.
1.
Click Save on the upper right of the page to save the configuration. Figure 5-15 shows the parameter setting. Figure 5-15 Saving the configuration
2.
----End
Issue 01 (2010-02-20)
5-9
6 Configuration Example of NAT
6
l l
Configuration Example of NAT
In practice, you can configure an internal server through the NAT process so that the internal server can be accessed by the external network.
The company networks with different service are in the EGW2100 security zones with different security levels. The mappings are described as follows: The WWW server and the FTP server are in the DMZ security zone, and the network segment is 10.100.20.0/24. Internal employees and external users can access the servers. The external network is in the Untrust security zone.
Requirement: Two internal servers are provide to external users. The internal IP address of the WWW server is 10.100.20.1/24, and the port is 8080. The internal IP address of the FTP server is 10.100.20.3/24. For both severs, the external IP address is 202.38.10.2 and the external port numbers are the default numbers.
Networking Diagram
Figure 6-1 shows the networking of a NAT configuration example. Figure 6-1 Networking of a NAT configuration example
WWW Server 10.100.20.1/24 Untrust Ethernet0/0/0 202.38.10.2/24 Ethernet1/0/0 Vlanif5 10.100.20.2/24 EGW PC
DMZ
FTP Server 10.100.20.3/24
Issue 01 (2010-02-20)
6-1
Procedure
Step 1 Configure the VLANs that Vlanif interfaces belong to, set the IP addresses of the Vlanif interfaces, and add the Vlanif interfaces to the specified zones. For the configuration procedure, see 3 Configuration Example of the Basic Operation. Step 2 Create an ACL rule. 1. 2. 3. 4. 5. Choose Resource > ACL. The ACL page is displayed. Click New. The ACL Basic Configuration page is displayed. In ACL Number, enter 3100. Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click New. The Rule Configuration page is displayed. Set the parameters based on Figure 6-2. Figure 6-2 Configuring the advanced ACL rule 0
6. 7.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click New. The Rule Configuration page is displayed. Set the parameters based on Figure 6-3.
6-2
Issue 01 (2010-02-20)
Figure 6-3 Configuring advanced ACL rule 5
8.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Choose Security > Packet-Filter. The Packet-Filter page is displayed. Click MORE corresponding to dmz-untrust. The Packet-Filter Config page is displayed. Set the parameters based on Figure 6-4. Figure 6-4 Configuring the packet filtering rule between the DMZ security zone and the Untrust security zone
Step 3 Configure the interzone packet filtering rule. 1. 2.
3.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Choose Security > ASPF and then click InterZone ASPF. The ASPF Config page is displayed. Set the parameters based on Figure 6-5.
Step 4 Configure the function of filtering application layer-based FTP packets on the EGW2100. 1.
Issue 01 (2010-02-20)
Figure 6-5 Configuring the ASPF between the DMZ security zone and the Untrust security zone
2.
Step 5 Configure the address mapping function of the EGW2100. 1. 2. Choose Service > NAT > Address-Map. The Address-Map page is displayed. Click New. The Configuraition of Address Mapping page is displayed. Set the parameters based on Figure 6-6. Figure 6-6 Configuring the address mapping of the WWW server
3. 4.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click New. The Configuraition of Address Mapping page is displayed. Set the parameters based on Figure 6-7. Figure 6-7 Configuring the address mapping of the FTP server
6-4
Issue 01 (2010-02-20)
5.
2.
----End
Issue 01 (2010-02-20)
6-5
7 Configuration Example of the Dual-System Hot Backup in Routing Mode
Configuration Example of the Dual-System Hot Backup in Routing Mode

As a security device, the EGW2100 is deployed between a protected network and other networks. In order to maintain the stability of devices, two EGW2100s are used in master/backup mode.
Prerequisite
The operating mode of two EGW2100s have been configured in routing mode.
The network is planned as follows:
l
The network to be protected is deployed in the Trust security zone with the network segment of 10.100.10.0/24. Interfaces Ethernet 0/0/0 on both EGW2100s are configured to connect to a heartbeat line. The network segment is 10.100.20.0/24. The DMZ zone connects to the interfaces Ethernet 0/0/0. The external networks are classified into the Untrust zone, and the Untrust zone connects to the interfaces Ethernet 1/0/1 (Vlanif 6) of the EGW2100s. Two EGW2100s are connected to each zone through a LAN switch.
The mappings between the virtual IP addresses of the backup groups and the security zones are as follows:
l l l
Trust: 10.100.10.1 DMZ: 10.100.20.1 Untrust: 202.38.10.1
Issue 01 (2010-02-20)
7-1
Network topology diagram

Figure 7-1 Networking of the dual-system hot backup in routing mode
EGW A Master Eth1/0/0 Eth1/0/1 Vlanif5:10.100.10.2/24 Vlanif6:202.38.10.2/24 Backup group 1 Virtual IP Address 10.100.10.1/24 Eth0/0/0 10.100.20.2/24 Trust 10.100.10.0/24 Heartbeat line DMZ 10.100.20.3/24 Eth0/0/0 Backup group 3 Virtual IP Address 202.38.10.1/24 Untrust
Backup group 2 Eth1/0/1 Eth1/0/0 Virtual IP Address Vlanif6:202.38.10.3/24 Vlanif5:10.100.10.3/24 10.100.20.1/24 Backup EGW B
Procedure
Step 1 Configure the IP addresses of interfaces of the EGW2100 A and add the interfaces to related security zones. For the configuration procedure, see 3 Configuration Example of the Basic Operation. Step 2 Configure the Packet-Filtering between the Trust security zone, DMZ security zone, and Untrust security zone of the EGW2100 A. For the configuration procedure, see 3 Configuration Example of the Basic Operation. Step 3 Create the VRRP backup groups of the EGW2100 A. 1. 2. Click Reliability > VRRP. The VRRP page is displayed. Click New. The Basic Configuration of the VRRP Vrid page is displayed. Figure 7-2 shows the parameter setting. Figure 7-2 Configuring VRRP backup group 1
7-2
Issue 01 (2010-02-20)
3. 4.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click New. The Basic Configuration of the VRRP Vrid page is displayed. Figure 7-3 shows the parameter setting. Figure 7-3 Configuring VRRP backup group 2
5. 6.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click New. The Basic Configuration of the VRRP Vrid page is displayed. Figure 7-4 shows the parameter setting. Figure 7-4 Configuring VRRP backup group 3
7.
Step 4 Enable the HRP function of the EGW2100 A. 1. 2. 3. Choose Reliability > HRP. The HRP page is displayed. Click the VGMP Config tab. The VGMP Config page is displayed. Click New. The VGMP Config page is displayed. Figure 7-5 shows the parameter setting.
Issue 01 (2010-02-20)
7-3
Figure 7-5 Configuring VGMP
4. 5. 6.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click the HRP Config tab. The HRP Config page is displayed. Select the Enable HRP check box. Figure 7-6 shows the parameter setting. Figure 7-6 HRP two-node cluster hot backup in routing mode
7.
Step 5 Configure EGW2100 B. The procedure for configuring the EGW2100 B is the same as that for configuring the EGW2100 A. The following parameters, however, are different:
l l
The interface IP addresses of EGW2100 B are different from those of the EGW2100 A. The default priority of the VRRP management group on EGW2100 B is 100.
7-4
2.
----End
Issue 01 (2010-02-20)
7-5
8 Configuration Example of the VPN
Configuration Example of the VPN
About This Chapter

8.1 Configuration Example of GRE 8.2 Configuration Example of L2TP IPSec
Issue 01 (2010-02-20)
8-1
8.1 Configuration Example of GRE

As show in Figure 8-1, network A and network B connect to the Internet through EGW2100A and EGW2100B respectively. The GRE tunnel is required to be configured to use static routes, so that network A and network B can interwork using GRE.
Network topology diagram

Figure 8-1 GRE tunnel using static routes
Eth1/0/0 Vlan5 10.100.20.2/24 Netwrok A Untrust Trust 202.38.10.3/24 EGW A Eth0/0/0 202.38.10.2/24 Eth0/0/0 131.108.5.2/24 Eth1/0/0 Vlan5 10.1.3.1/24 Netwrok B Trust EGW B
Untrust 131.108.5.1/24
GRE tunnel
Procedure
Step 1 Configure the EGW2100 A. 1. Configure the VLANs that Vlanif interfaces belong to, set the IP addresses of the Vlanif interfaces, and add the Vlanif interfaces to the specified zones. For the configuration procedure, see 3 Configuration Example of the Basic Operation. Choose NetWork > Interface. The Interface page is displayed. Click New. The Create New Interface page is displayed. Configure the parameters as shown in Figure 8-2. Figure 8-2 Creating an interface named Tunnel1
2. 3.
4. 5.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click MORE in the Tunnel1 row. The page for configure the Tunnel interface is displayed. Configure the parameters as shown in Figure 8-3.
8-2
Figure 8-3 Configuring the tunnel1 interface
6. 7. 8.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Choose NetWork > Route Config. Click the Route-Static tab. Click New. The Route-Static Config page is displayed. Set the parameters based on Figure 8-4. Figure 8-4 Configuring the static route
9.
10. Click New. The Route-Static Config page is displayed. Set the parameters based on Figure 8-5.
Issue 01 (2010-02-20)
8-3
11. Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. 12. Choose Security > Packet-Filter. The Packet-Filter page is displayed. 13. Click MORE in the trust-untrust row. The Packet-Filter Config page is displayed. Select the permit option button respectively next to Inbound Default Packet-filter and Outbound Default Packet-filter. 14. Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration.
NOTE
The default Packet-Filtering rule that allows all the packets to pass may cause security troubles. Therefore, it is recommended to apply the ACL rule between security zones.
15. Click Save on the upper right of the page to save the configuration. Step 2 Configure the IP addresses of interfaces of the EGW2100 B and add the interfaces to related security zones. 1. 2. Choose NetWork > Interface. The Interface page is displayed. Click New. The Create New Interface page is displayed. Configure the parameters as shown in Figure 8-6. Figure 8-6 Creating an interface named Tunnel1
3. 4.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click MORE in the Tunnel1 row. The Interface Configuration page is displayed. Configure the parameters as shown in Figure 8-7.
8-4
Issue 01 (2010-02-20)
Figure 8-7 Configuring the tunnel1 interface
5. 6. 7.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Choose NetWork > Route Config. Click the Route-Static tab. Click New. The Route-Static Config page is displayed. Set the parameters based on Figure 8-8. Figure 8-8 Configuring the static route
8. 9.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click New. The Route-Static Config page is displayed. Set the parameters based on Figure 8-9.
Issue 01 (2010-02-20)
8-5
10. Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. 11. Choose Security > Packet-Filter. The Packet-Filter page is displayed. 12. Click MORE in the trust-untrust row. The Packet-Filter Config page is displayed. Select the permit option button respectively next to Inbound Default Packet-filter and Outbound Default Packet-filter. 13. Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration.
NOTE
The default Packet-Filtering rule that allows all the packets to pass may cause security troubles. Therefore, it is recommended to apply the ACL rule between security zones.
14. Click Save on the upper right of the page to save the configuration. ----End
8.2 Configuration Example of L2TP IPSec

The company headquarters access the Internet through the EGW2100. The VPN Client is installed on the PC of the employees on business trip; the employee sends a connection request to the EGW2100 and an L2TP+IPSec VPN tunnel is then established, through which the employee can communicate with other internal users of the company.
Networking Diagram
Figure 8-10 shows the networking diagram of L2TP IPSec.
8-6
Issue 01 (2010-02-20)
Figure 8-10 Networking diagram of L2TP IPSec
Vlanif 1:10.1.1.1/24 Eth1/0/1
Eth0/0/0 202.1.1.1/24
Remote user VPN client
EGW
L2TP tunnel
Data Preparation
Item L2TP Remote-Name Tunnel Local Name AuthenticationMode TunnelAuthentication IPSec EncapsulationMode Transform ESP AuthenticationAlgorithm ESP EncryptionAlgorithm Nat-Traversal IKE Pre-Shared-Key Exchange-Mode Local-Id-Type IKE Local-Name Remote-Name AuthenticationAlgorithm EGW2100 client LNS CHAP 123456 Tunnel ESP MD5 VPN client LNS client CHAP 123456 Tunnel ESP MD5
DES Enable abcde aggressive Name server client MD5
DES Enable abcde aggressive Name client server MD5
Issue 01 (2010-02-20)
8-7
Procedure
Step 1 Configure interfaces. 1. Set the IP address of the Vlanif 1 interface to 10.1.1.1/24 and add the Vlanif 1 interface to the Trust zone. For the configuration procedure, see 3 Configuration Example of the Basic Operation. 2. Set the IP address of Ethernet 0/0/0 to 202.1.1.1/24, and add Ethernet 0/0/0 to the Untrust zone. For the configuration procedure, see 3 Configuration Example of the Basic Operation. 3. 4. 5. 6. Create the Virtual-Template1 interface (VT 1). For the configuration procedure, see 3 Configuration Example of the Basic Operation. Choose NetWork > Interface. The Interface page is displayed. Click MORE corresponding to Virtual-Template1 to enter the Virtual-Template1 Interface Config interface. In the Interface Basic Config group box, Figure 8-11 shows the parameter setting. Figure 8-11 Configuring the Virtual-Template1 interface
7. 8.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click PPP Config to enter the PPP Config interface. Figure 8-12 shows the parameter setting. Figure 8-12 Configuring PPP
NOTE
The specified address pool number should be the same as that in the AAA page.
9.
Step 2 Disable the fast forwarding function on Ethernet 0/0/0. 1.

8-8
Choose NetWork > Interface. The Interface page is displayed.

2. 3.
Click MORE corresponding to Ethernet0/0/0 to enter the Ethernet0/0/0 Interface Config interface. In the Fast Forwarding Config group box, Figure 8-13 shows the parameter setting. Figure 8-13 Disabling the fast forwarding function
4.
Step 3 Configure the local user. 1. 2. Choose Resource > AAA > Local User. The Local User page is displayed. Click new. The Local User Configuration page is displayed. Figure 8-14 shows the parameter setting. Figure 8-14 Configuring the local user
3.
Step 4 Configure the IP Address Pool. 1. 2. Choose Resource > AAA > IP Pool. The IP Pool page is displayed. Click new. The IP Pool Config page is displayed. Figure 8-15 shows the parameter setting. Figure 8-15 Configuring the IP pool
3.
Issue 01 (2010-02-20)
Step 5 Configure the L2TP. 1. 2. 3. Choose VPN > L2TP > L2TP-Group. The L2TP-Group page is displayed. Select the L2TP Enable check box. Then click OK in the Are you sure to enalbe? dialog box that is displayed to complete the configuration. Click new. The L2TP-Group Config page is displayed. Figure 8-16 shows the parameter setting. Figure 8-16 Configuring the L2TP-group
4.
Step 6 Configure the IKE. 1. 2. Choose VPN > IPSec > IKE. The IKE page is displayed. Choose IKE Proposal tab, then click new. The IKE Proposal Config page is displayed. Figure 8-17 shows the parameter setting. Figure 8-17 Configuring the IKE proposal
3. 4.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Choose IKE Peer tab, then click new. The IKE Peer Config page is displayed. Figure 8-18 shows the parameter setting.
8-10
Figure 8-18 Configuring the IKE peer
5.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Choose VPN > IPSec > IPSec. The IPSec page is displayed. Choose IPSec Proposal tab, then click new. The IPSec Proposal Config page is displayed. Figure 8-19 shows the parameter setting. Figure 8-19 Configuring the IPSec proposal
Step 7 Configure the IPSec. 1. 2.
3. 4.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Choose IPSec Policy Template tab, then click new. The IPSec Policy Template page is displayed. Figure 8-20 shows the parameter setting.
Issue 01 (2010-02-20)
8-11
Figure 8-20 Configuring the IPSec policy template
5. 6.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Choose IPSec Policy tab, then click new. The IPSec Policy page is displayed. Figure 8-21 shows the parameter setting. Figure 8-21 Configuring the IPSec policy
7.
Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Apply the policy on Ethernet 0/0/0, Figure 8-22 shows the parameter setting. Figure 8-22 Applying the policy
NOTE
The policy should be applied on the upstream interface of the obtained IP address. For example, when the 3G uplink is adopted, the policy should be applied on the Dialer interface.
8-12
2.
Click OK in the This will save current configuration, if you switch to other pages, you will not get the operation result. Are you sure to save? dialog box that is displayed to complete the configuration. Install the VPN Client on the PC of the remote user. Create the dial-up program (the parameters should be consistent with those on the EGW2100). Click the connection to start communications with the headquarters.
Step 9 Configure the VPN Client.

l l
----End
Issue 01 (2010-02-20)
8-13
A Acronyms and Abbreviations
A
A AAA ACL ASPF D DHCP DMZ
Acronyms and Abbreviations
Authorization, Authentication and Accounting Access Control List Application Specific Packet Filter
Dynamic Host Configuration Protocol DeMilitarized Zone
F FTP File Transfer Protocol
H HTTP Hypertext Transfer Protocol
I ICMP IP Internet Control Message Protocol Internet Protocol
M MAC Media Access Control
Issue 01 (2010-02-20)
A-1
A Acronyms and Abbreviations
N NAPT NAT Network Address Port Translation Network Address Translation
P PC Personal Computer
R RADIUS RIP Remote Authentication Dial in User Service Routing Information Protocol
T TFTP Trivial File Transfer Protocol
V VLAN Virtual Local Area Network
W WWW World Wide Web
A-2
Issue 01 (2010-02-20)

Web Configuration Guide (V100R001C01 - 01) PDF

Transféré par

Informations du document

Description originale:

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Web Configuration Guide (V100R001C01 - 01) PDF

Transféré par

Droits d'auteur :

Formats disponibles

HUAWEI EGW2100 V100R001C01

Web Configuration Guide

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Huawei Technologies Co., Ltd.

Trademarks and Permissions

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

HUAWEI EGW2100 Web Configuration Guide

A Acronyms and Abbreviations................................................................................................A-1

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

HUAWEI EGW2100 Web Configuration Guide

HUAWEI EGW2100 Web Configuration Guide

HUAWEI EGW2100 Web Configuration Guide

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

HUAWEI EGW2100 Web Configuration Guide

About This Document

About This Document

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

About This Document

HUAWEI EGW2100 Web Configuration Guide

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

HUAWEI EGW2100 Web Configuration Guide

About This Document

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

About This Document

HUAWEI EGW2100 Web Configuration Guide

Updates in Issue 01 (2010-02-20)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

HUAWEI EGW2100 Web Configuration Guide

1 Configuration Example of Logging in to Web

Configuration Example of Logging in to Web

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

1 Configuration Example of Logging in to Web

HUAWEI EGW2100 Web Configuration Guide

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

HUAWEI EGW2100 Web Configuration Guide

2 Configuration Example of Quick Config

Configuration Example of Quick Config

ADSL WLAN 192.168.0.0/24 3G

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

2 Configuration Example of Quick Config

HUAWEI EGW2100 Web Configuration Guide

Item WLAN Access Mode SSID Key Value

EGW2100 encrypted (WPA/WPA2PSK mixed) WLAN100 abcdef123

Station encrypted (WPA/WPA2PSK mixed) WLAN100 abcdef123

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

HUAWEI EGW2100 Web Configuration Guide

2 Configuration Example of Quick Config

Figure 2-3 Configuring the 3G

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

2 Configuration Example of Quick Config

HUAWEI EGW2100 Web Configuration Guide

Figure 2-6 Saving the configuration

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

HUAWEI EGW2100 Web Configuration Guide

3 Configuration Example of the Basic Operation

Configuration Example of the Basic Operation

Step 2 Create interface Dialer 0. 1. 2.

3 Configuration Example of the Basic Operation

HUAWEI EGW2100 Web Configuration Guide

Figure 3-2 Creating interface Dialer 0

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

HUAWEI EGW2100 Web Configuration Guide