华为USG2100配置示例

典型配置示例：

# 1. 基础接口配置
<USG2100> system-view
[USG2100] interface GigabitEthernet 0/0/0  # 公网接口
[USG2100-GigabitEthernet0/0/0] ip address 202.100.1.10 255.255.255.0
[USG2100-GigabitEthernet0/0/0] undo shutdown
[USG2100-GigabitEthernet0/0/0] quit

[USG2100] interface GigabitEthernet 0/0/1  # 内网接口
[USG2100-GigabitEthernet0/0/1] ip address 192.168.1.1 255.255.255.0
[USG2100-GigabitEthernet0/0/1] undo shutdown
[USG2100-GigabitEthernet0/0/1] quit

# 2. 安全区域划分
[USG2100] firewall zone trust
[USG2100-zone-trust] add interface GigabitEthernet 0/0/1
[USG2100-zone-trust] quit

[USG2100] firewall zone untrust
[USG2100-zone-untrust] add interface GigabitEthernet 0/0/0
[USG2100-zone-untrust] quit

# 3. 安全策略
[USG2100] security-policy
[USG2100-policy-security] rule name trust_to_untrust
[USG2100-policy-security-rule-trust_to_untrust] source-zone trust
[USG2100-policy-security-rule-trust_to_untrust] destination-zone untrust
[USG2100-policy-security-rule-trust_to_untrust] action permit
[USG2100-policy-security-rule-trust_to_untrust] quit
[USG2100-policy-security] quit

# 4. NAT配置
[USG2100] nat address-group 1 202.100.1.10 202.100.1.10
[USG2100] acl number 2000
[USG2100-acl-basic-2000] rule 5 permit source 192.168.1.0 0.0.0.255
[USG2100-acl-basic-2000] quit
[USG2100] interface GigabitEthernet 0/0/0
[USG2100-GigabitEthernet0/0/0] nat outbound 2000 address-group 1 no-pat
[USG2100-GigabitEthernet0/0/0] quit

# 5. 路由配置
[USG2100] ip route-static 0.0.0.0 0.0.0.0 202.100.1.1

# 6. DHCP配置（新增）
[USG2100] dhcp enable
[USG2100] ip pool lan_pool
[USG2100-ip-pool-lan_pool] network 192.168.1.0 mask 255.255.255.0
[USG2100-ip-pool-lan_pool] gateway-list 192.168.1.1
[USG2100-ip-pool-lan_pool] dns-list 114.114.114.114 8.8.8.8
[USG2100-ip-pool-lan_pool] lease hour 8
[USG2100-ip-pool-lan_pool] quit
[USG2100] interface GigabitEthernet 0/0/1
[USG2100-GigabitEthernet0/0/1] dhcp select global
[USG2100-GigabitEthernet0/0/1] quit

# 保存配置
[USG2100] save