Zone Configuration
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
775
Alcatel-Lucent
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Configuration Guide
OMNIACCESS 5740 USG CONFIGURATION FOR THE ABOVE SCENARIO
1. Configure IP addresses on the specific interfaces.
ALU#configure
ALU(config)#interface GigabitEthernet 3/0
ALU(config-if GigabitEthernet3/0)#no shutdown
ALU(config-if GigabitEthernet3/0)#ip address 10.0.0.1/24
ALU(config-if GigabitEthernet3/0)#ip address 192.168.1.1/24
secondary
ALU(config-if)#interface GigabitEthernet 3/1
ALU(config-if GigabitEthernet3/1)#no shutdown
ALU(config-if GigabitEthernet3/1)#ip address 172.16.0.132/25
ALU(config-if)#interface Serial 0/0:0
ALU(config-if Serial0/0:0)#no shutdown
ALU(config-if Serial0/0:0)#ip address 202.24.45.100/30
ALU(config-if Serial0/0:0)#exit
ALU(config)#
2. Put a default route going towards the Internet.
ALU(config)# ip route 0.0.0.0/0 Serial0/0:0
3. The three zones are configured by using lists and attaching the interfaces
to these lists. It is also possible to define the networks within the lists.
ALU(config)# list Trust interface GigabitEthernet 3/0
ALU(config)# list Untrust interface Serial0/0:0
ALU(config)# list DMZ interface GigabitEthernet 3/1
or
ALU(config)# list Trust prefix 10.0.0.0/24 prefix
192.168.0.0/24 prefix 172.16.0.0/25
ALU(config)# list Untrust prefix 202.24.45.100/30
ALU(config)# list DMZ host 172.16.0.130 host 172.16.0.131
ALU(config)# list SG8 host 172.16.0.130 host 192.168.1.1
host 202.24.45.100 host 10.0.0.1 host 172.16.0.1
Note: Configuring Lists with IP addresses rather than interfaces lead to the more efficient
system operation, as it does not have to a lookup to determine egress interface and
then apply filter.
To Next Page
Loading...
