配置4G LTE Cellular接口作为主接口接入Internet
配置4G LTE Cellular接口作为主接口接入Internet
组网需求
企业的某个分支位于偏远区域,无法获取有线广域接入服务,但该分支需要与外界进行较大流量的业务传输。如图1所示,为了满足业务传输的需求,该分支使用FW作为出口网关,使用4G LTE Cellular接口通过LTE网络接入Internet。
分支内网希望FW能够为该分支内网用户分配IP地址,并且希望内网用户可以访问外网。
该企业分支办理了每月30G的流量业务,采用按需拨号方式接入Internet。该企业分支从运营商获取到的信息如下:
- APN为ltenet。
- 拨号串为*99#。
配置思路
- 配置将4G LTE Cellular接口加入安全区域。
- 配置4G LTE Cellular接口的连接参数。
- 配置轮询DCC拨号连接,实现4G LTE Cellular接口接入4G LTE网路。
- 配置企业内网,由FW为企业分支内网用户分配IP地址。
- 在FW上配置安全策略和NAT策略(Easy-IP方式),实现分支的内网用户可以访问外网。
- 配置缺省路由,指定出接口为4G LTE Cellular接口,使该企业分支内网的流量通过4G LTE Cellular接口上行传输到Internet。
操作步骤
- 将接口加入安全区域。
<FW> system-view [FW] firewall zone trust [FW-zone-trust] add interface GigabitEthernet 1/0/1 [FW-zone-trust] quit [FW] firewall zone untrust [FW-zone-untrust] add interface cellular 0/0/0 [FW-zone-untrust] quit
- 配置4G LTE Cellular 接口的连接参数。
# 创建APN模板。
[FW] apn profile lteprofile [FW-apn-profile-lteprofile] apn ltenet [FW-apn-profile-lteprofile] quit
# 配置网络连接方式。
[FW] interface cellular 0/0/0 [FW-Cellular0/0/0] mode lte auto
# 在4G LTE Cellular 接口上绑定APN模板。
[FW-Cellular0/0/0] dialer enable-circular [FW-Cellular0/0/0] apn-profile lteprofile [FW-Cellular0/0/0] shutdown [FW-Cellular0/0/0] undo shutdown [FW-Cellular0/0/0] quit
- 配置轮询DCC拨号连接。
# 配置拨号控制列表。
[FW] dialer-rule 1 ip permit# 配置动态获取IP地址。
[FW] interface cellular 0/0/0 [FW-Cellular0/0/0] ip address negotiate
# 配置拨号控制列表关联Cellular0/0/0。
[FW-Cellular0/0/0] dialer-group 1
命令dialer-group中的参数group-number和命令dialer-rule中的dialer-number必须一致。
# 配置达到对端的拨号串。
[FW-Cellular0/0/0] dialer number *99# [FW-Cellular0/0/0] quit
- 配置企业内网。
# 开启DHCP功能。
[FW] dhcp enable# 创建全局地址池。
[FW] ip pool 4gpool [FW-ip-pool-4gpool] network 192.168.100.0 mask 255.255.255.0 [FW-ip-pool-4gpool] gateway-list 192.168.100.1 [FW-ip-pool-4gpool] quit
# 配置接口工作在全局地址池模式。
[FW] interface GigabitEthernet 1/0/1 [FW-GigabitEthernet1/0/1] ip address 192.168.100.1 255.255.255.0 [FW-GigabitEthernet1/0/1] dhcp select global [FW-GigabitEthernet1/0/1] quit
- 配置安全策略,允许内网网段192.168.100.0/24的用户访问Internet。
[FW] security-policy [FW-policy-security] rule name sec_policy_1 [FW-policy-security-rule-sec_policy_1] source-address 192.168.100.0 mask 255.255.255.0 [FW-policy-security-rule-sec_policy_1] source-zone trust [FW-policy-security-rule-sec_policy_1] destination-zone untrust [FW-policy-security-rule-sec_policy_1] action permit [FW-policy-security-rule-sec_policy_1] quit [FW-policy-security] quit
- 配置NAT策略。
[FW] nat-policy [FW-policy-nat] rule name abc [FW-policy-nat-rule-abc] source-address 192.168.100.0 24 [FW-policy-nat-rule-abc] source-zone trust [FW-policy-nat-rule-abc] egress-interface Cellular 0/0/0 [FW-policy-nat-rule-abc] action source-nat easy-ip [FW-policy-nat-rule-abc] quit [FW-policy-nat] quit
- 配置缺省路由,指定出接口为Cellular0/0/0。
[FW] ip route-static 0.0.0.0 0 cellular 0/0/0
结果验证
# 查看接口的详细信息,当接口上有流量传送时,可以看到接口的物理状态和链路层协议状态都是Up,接口动态获得的IP地址为10.1.1.2/24。下面以USG6680为例。
[FW] display interface Cellular 0/0/0 Cellular0/0/0 current state : UP Line protocol current state : UP Description:HUAWEI, USG6680 Series, Cellular0/0/0 Interface Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec) Internet Address is 10.1.1.2/24 Current system time: 2011-06-08 11:35:23 Modem State: Present Last 300 seconds input rate 555 bytes/sec 4440 bits/sec 12 packets/sec Last 300 seconds output rate 11230 bytes/sec 89840 bits/sec 311 packets/sec Input: 210 packets, 87205 bytes Unicast: 200, Ununicast: 10 Output:225340 packets, 6760917 bytes Unicast: 225300, Ununicast: 40 Input bandwidth utilization : 0.01% Output bandwidth utilization : 0.01%
# 查看4G LTE数据卡的呼叫连接信息,可以看到APN为ltenet、无线网络类型为Automatic以及网络连接方式为4G LTE(LTE)。
[FW] display Cellular 0/0/0 all
Modem State:
Hardware Information.
=====================
Model = E392
Modem Firmware Version = 11.833.15.00.000
Hardware Version = CD2E392UM
Integrate circuit card identity (ICCID) = 986810112xxxxxxxxxxx
International Mobile Subscriber Identity (IMSI) = 4600160xxxxxxxx
International Mobile Equipment Identity (IMEI) = 8612300xxxxxxxx
Factory Serial Number (FSN) = T2Y01A92xxxxxxxx
Modem Status = Online
Profile Information.
====================
Profile 1 = ACTIVE
--------
PDP Type = IPv4, Header Compression = OFF
Data Compression = OFF
Access Point Name (APN) = ltenet
Packet Session Status = Active
* - Default profile
Network Information.
====================
Current Service Status = Service available
Current Service = Combined
Packet Service = Attached
Packet Session Status = Active
Current Roaming Status = Home
Network Selection Mode = Automatic
Network Connection Mode = Automatic
Current Network Connection = LTE(LTE)
Mobile Country Code (MCC) = 460
Mobile Network Code (MNC) = 01
Mobile Operator Information = "CHN-CULTE"
Location Area Code (LAC) = 53515
Cell ID = 55924
Upstream Bandwidth = 50mbps
Downstream Bandwidth = 100mbps
Radio Information.
==================
Current Band = AUTO
Current RSSI = -55 dBm
Modem Security Information.
===========================
PIN Verification = Disabled
PIN Status = Ready
Number of Retries remaining = 3
SIM Status = OK
配置脚本
# dialer-rule 1 ip permit # dhcp enable # apn profile lteprofile apn ltenet # ip pool 4gpool gateway-list 192.168.100.1 network 192.168.100.0 mask 255.255.255.0 # interface GigabitEthernet1/0/1 undo shutdown ip address 192.168.100.1 255.255.255.0 dhcp select global # interface Cellular0/0/0 dialer enable-circular dialer-group 1 apn-profile lteprofile dialer number *99# ip address negotiate # firewall zone trust set priority 85 add interface GigabitEthernet1/0/1 # firewall zone untrust set priority 5 add interface Cellular0/0/0 # ip route-static 0.0.0.0 0.0.0.0 Cellular0/0/0 # security-policy rule name sec_policy_1 source-zone trust destination-zone untrust source-address 192.168.100.0 24 action permit # nat-policy rule name abc source-zone trust egress-interface Cellular0/0/0 source-address 192.168.100.0 24 action source-nat easy-ip # return
版权声明:
作者:SE_YT
链接:https://www.cnesa.cn/2173.html
来源:CNESA
文章版权归作者所有,未经允许请勿转载。
THE END
0
打赏
海报
配置4G LTE Cellular接口作为主接口接入Internet
配置4G LTE Cellular接口作为主接口接入Internet
组网需求
企业的某个分支位于偏远区域,无法获取有线广域接入服务,但该分支需要与外界进行较大流量的业务……
共有 0 条评论