1. Manuals
  2. Brands
  3. Huawei Manuals
  4. Wireless Router
  5. EGW2100
  6. Web configuration manual

Huawei EGW2100 Web Configuration Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

HUAWEI EGW2100
V100R001C01
Web Configuration Guide
Issue
01
Date
2010-02-20
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.

Advertisement

Table of Contents
loading

Related Manuals for Huawei EGW2100

Summary of Contents for Huawei EGW2100

  • Page 1 HUAWEI EGW2100 V100R001C01 Web Configuration Guide Issue Date 2010-02-20 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 2 All other trademarks and trade names mentioned in this document are the property of their respective holders. Notice The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope.

  • Page 3: Table Of Contents

    7 Configuration Example of the Dual-System Hot Backup in Routing Mode....7-1 8 Configuration Example of the VPN..................8-1 8.1 Configuration Example of GRE........................8-2 8.2 Configuration Example of L2TP IPSec......................8-6 A Acronyms and Abbreviations....................A-1 Issue 01 (2010-02-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 5 Figure 4-14 Saving the configuration........................4-7 Figure 4-15 Networking of the ADSL configuration example................4-8 Figure 4-16 Basic configuration of the SHDSL interface..................4-8 Figure 4-17 Configuring the SHDSL interface....................4-9 Issue 01 (2010-02-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 6 Figure 4-55 Configuring a rule...........................4-27 Figure 4-56 Configuring the NAT........................4-27 Figure 4-57 Configuring the interzone packet filtering rule................4-28 Figure 4-58 Configuring the static route......................4-28 Figure 4-59 Enabling the DHCP function......................4-28 Huawei Proprietary and Confidential Issue 01 (2010-02-20) Copyright © Huawei Technologies Co., Ltd.
  • Page 7 Figure 4-97 Creating a Service Class.........................4-44 Figure 4-98 Configuring the crypto service class....................4-45 Figure 4-99 Creating 802.1X domain abc......................4-45 Figure 4-100 Creating the WLAN-BSS interface....................4-45 Figure 4-101 Configuring interface Wlan-Bss2....................4-46 Issue 01 (2010-02-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 8 Figure 8-2 Creating an interface named Tunnel1....................8-2 Figure 8-3 Configuring the tunnel1 interface.......................8-3 Figure 8-4 Configuring the static route........................8-3 Figure 8-5 Configuring the static route........................8-4 Figure 8-6 Creating an interface named Tunnel1....................8-4 Huawei Proprietary and Confidential Issue 01 (2010-02-20) Copyright © Huawei Technologies Co., Ltd.
  • Page 9 Figure 8-19 Configuring the IPSec proposal......................8-11 Figure 8-20 Configuring the IPSec policy template...................8-12 Figure 8-21 Configuring the IPSec policy......................8-12 Figure 8-22 Applying the policy........................8-12 Figure 8-23 Saving the configuration.........................8-13 Issue 01 (2010-02-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 11: About This Document

    HUAWEI EGW2100 Web Configuration Guide About This Document About This Document Purpose This document provides the methods for configuring the functions of the EGW2100. Product Version The following table lists the product versions related to this document. Product Name Version...

  • Page 12: A Acronyms And Abbreviations

    Indicates a tip that may help you solve a problem or save time. Provides additional information to emphasize or supplement NOTE important points of the main text. Huawei Proprietary and Confidential Issue 01 (2010-02-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 13: General Conventions

    For example, click OK. > Multi-level menus are in boldface and separated by the ">" sign. For example, choose File > Create > Folder. Issue 01 (2010-02-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 14 Update History Updates between document issues are cumulative. Therefore, the latest document issue contains all updates made in previous issues. Updates in Issue 01 (2010-02-20) Initial commercial release. Huawei Proprietary and Confidential Issue 01 (2010-02-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 15: Configuration Example Of Logging In To Web

    As shown in Figure 1-1, the PC is connected to Ethernet1/0/0 of the EGW2100. You can control and manage the EGW2100 by accessing its IP address 192.168.0.1 through the Web browser on the PC. Figure 1-1 Networking diagram for logging in...
  • Page 16 HUAWEI EGW2100 1 Configuration Example of Logging in to Web Web Configuration Guide Step 4 Input username admin and password Admin@123. The configuration interface is shown. ----End Huawei Proprietary and Confidential Issue 01 (2010-02-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 17: Configuration Example Of Quick Config

    Networking Requirements As shown in Figure 2-1, the EGW2100 connects to a LAN through WLAN and LAN users access the Internet through the ADSL and 3G. The ADSL is the master link, otherwise, the 3G is the backup link. Figure 2-1 Networking diagram for the web-manager function...

  • Page 18: Figure 2-2 Configuring The Adsl

    Click Refresh, ADSL IP disconnected (as shown in Figure 2-2) turns to the obtained IP address. This indicates the ADSL connection succeeds. In the 3G configuration group box, Figure 2-3 shows the parameter setting. Huawei Proprietary and Confidential Issue 01 (2010-02-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 19: Figure 2-3 Configuring The 3G

    Step 3 Save the configuration. Click Save on the upper right of the page to save the configuration. Figure 2-6 shows the parameter setting. Issue 01 (2010-02-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 20: Figure 2-6 Saving The Configuration

    Step 4 Save the Station. Change the TCP/IP setting of the Station to obtain its IP address automatically. For help, see the operating system documentation for the Station. ----End Huawei Proprietary and Confidential Issue 01 (2010-02-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 21: Configuration Example Of The Basic Operation

    Step 2 Create interface Dialer 0. Choose NetWork > Interface. The Interface page is displayed. Click New to enter the Create New Interface interface. Figure 3-2 shows the parameter setting. Issue 01 (2010-02-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 22: Figure 3-3 Configuring Interface Ethernet0/0/0

    Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click New to enter the Rule Config interface. Figure 3-5 shows the parameter setting. Huawei Proprietary and Confidential Issue 01 (2010-02-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 23: Figure 3-5 Configuring A Rule

    Step 6 Save the configuration. Click Save on the upper right of the page to save the configuration. Figure 3-7 shows the parameter setting. Issue 01 (2010-02-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 24: Figure 3-7 Saving The Configuration

    Click OK in the This will save current configuration, if you switch to other pages, you will not get the operation result. Are you sure to save? dialog box that is displayed to complete the configuration. ----End Huawei Proprietary and Confidential Issue 01 (2010-02-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 25: Configuration Example Of The Internetworking

    The locations and number of terminals in the network change frequently, so you need to use the Dynamic Host Configuration Protocol (DHCP) to allocate dynamic IP addresses to the terminals. The EGW2100 can serve as a DHCP server to offer IP addresses to the DHCP client. 4.4 Configuration Example of RIP Routing Information Protocol (RIP) is a type of protocol based on the distance-vector (D-V) algorithm.

  • Page 26: 4.1 Configuration Example Of Adsl By Using Pppoe

    4 Configuration Example of the Internetworking Web Configuration Guide 4.1 Configuration Example of ADSL by Using PPPoE Networking Requirements The EGW2100 connects to a LAN through Ethernet 0/0/0 and LAN users access the Internet through the ADSL interface (ATM 2/0/0). Networking Diagram Figure 4-1 shows the networking of the ADSL configuration example.

  • Page 27: Figure 4-3 Configuring The Pvc

    Click back, then return to Interface interface. In the PPP User and Dialer group box, click PPP User and Dialer. The PPP User Config interface is displayed. Figure 4-5 shows the parameter setting. Issue 01 (2010-02-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 28: Figure 4-5 Configuring The Ppp User On The Dialer Interface

    Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Step 6 Configure a specific route. Huawei Proprietary and Confidential Issue 01 (2010-02-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 29: Figure 4-8 Configuring The Static Route

    Step 8 Configure the DHCP function, which can dynamically assign IP addresses to intranet users. Choose Service > DHCP > DHCP Basic. The DHCP Basic Config page is displayed. Issue 01 (2010-02-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 30: Figure 4-10 Enabling The Dhcp Function

    Figure 4-12 shows the parameter setting. Figure 4-12 Enabling the DNS proxy Click the DNS Server Address tab. Choose the interface Dialer1, Figure 4-13 shows the parameter setting. Huawei Proprietary and Confidential Issue 01 (2010-02-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 31: 4.2 Configuration Example Of Shdsl

    ----End 4.2 Configuration Example of SHDSL Networking Requirements The EGW2100 connects to a LAN through Ethernet 0/0/0 and LAN users access the Internet through the SHDSL interface (ATM 2/0/0). Networking Diagram Figure 4-15 shows the networking of the SHDSL configuration example.

  • Page 32: Figure 4-15 Networking Of The Adsl Configuration Example

    Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Completing the operations on the EGW2100 takes a while (about 10 seconds). Wait with patience. The progress bar at the bottom of the Web page shows the progress.

  • Page 33: Figure 4-17 Configuring The Shdsl Interface

    Choose NetWork > Route Config. The Route Config page is displayed. Click the Route-Static tab. Click New. The Route-Static Config page is displayed. Figure 4-19 shows the parameter setting. Figure 4-19 Configuring the static route Issue 01 (2010-02-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 34: 4.3 Configuration Example Of Dhcp Server

    The locations and number of terminals in the network change frequently, so you need to use the Dynamic Host Configuration Protocol (DHCP) to allocate dynamic IP addresses to the terminals. The EGW2100 can serve as a DHCP server to offer IP addresses to the DHCP client. Networking Requirements A DHCP server dynamically assigns the IP addresses to a client in the same network segment.

  • Page 35: Figure 4-21 Networking For Configuring The Dhcp Client

    Select Service > DHCP > DHCP Basic. The DHCP Basic page is displayed. Click the Select button next to the Main Interface text box to select Vlanif20. Set the parameters based on Figure 4-22. Issue 01 (2010-02-20) Huawei Proprietary and Confidential 4-11 Copyright © Huawei Technologies Co., Ltd.

  • Page 36: Figure 4-22 Setting The Vlanif20 Interface Process Mode Of Dhcp Packets

    Select Service > DHCP > DHCP Server. The DHCP Server page is displayed. Select Forbidden Ip tab. Click New. The Forbidden IP Config page is displayed. Set the parameters based on Figure 4-24. 4-12 Huawei Proprietary and Confidential Issue 01 (2010-02-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 37: Figure 4-24 Configuring The Forbidden Ip Addresses

    Figure 4-27 Configuring the forbidden IP addresses Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Issue 01 (2010-02-20) Huawei Proprietary and Confidential 4-13 Copyright © Huawei Technologies Co., Ltd.
  • Page 38 Step 6 Save the configuration. Click Save on the upper right of the page to save the configuration. Figure 4-30 shows the parameter setting. 4-14 Huawei Proprietary and Confidential Issue 01 (2010-02-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 39: 4.4 Configuration Example Of Rip

    Ethernet interfaces of Router B and Router C through Ethernet interfaces. The EGW2100 (192.1.1.1) receives RIP packets broadcasted by Router B (192.1.1.2) and Router C (192.1.1.3). The EGW2100 sends RIP broadcast packets to Router B and Router C at the same time. Networking Diagram Figure 4-31 shows the networking of the RIP configuration example.

  • Page 40: Figure 4-31 Networking Of The Rip Configuration Example

    RouterC RouterB 192.1.4.0/24 192.1.3.0/24 Procedure Step 1 Configure the EGW2100. Set the IP address of the interface, and then add the interface to the specified zone. For the configuration procedure, see 3 Configuration Example of the Basic Operation. Configure the Packet-Filter.

  • Page 41: Figure 4-32 Configuring The Packet Receiving And Packet Sending Functions

    Click MORE. The RIP Config page is displayed. Set the parameters based on Figure 4-34. Figure 4-34 Configuring the IP address of the RIP network segment Issue 01 (2010-02-20) Huawei Proprietary and Confidential 4-17 Copyright © Huawei Technologies Co., Ltd.

  • Page 42: 4.5 Configuration Example Of Ospf

    AS. Networking Requirements Start OSPF process 100 on the Ethernet0/0/0 interface of the EGW2100 and the interface is in area 0. Start OSPF process 100 on the Vlanif 5 interface and the interface is in area 1.

  • Page 43: Figure 4-37 Networking Diagram Of Ospf Configurations

    Web Configuration Guide 4 Configuration Example of the Internetworking Respectively set up the neighbor relationship between Router A and the EGW2100 and between Router B and the EGW2100. Start OSPF process 100 on the Ethernet1/0/0 interface of Router A and the interface is in area...
  • Page 44 12. Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. 13. Click New to enter the Area Config interface. Figure 4-40 shows the parameter setting. 4-20 Huawei Proprietary and Confidential Issue 01 (2010-02-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 45: Configuration Example Of The 3G Interface For Dial-On-Demand

    4.6 Configuration Example of the 3G Interface for Dial-on- Demand Networking Requirements The EGW2100 connects to the enterprise intranet through Ethernet 0/0/0 and to the Internet through USB WCDMA 3G card. The networking requirements are as follows: The intranet of the enterprise is in network segment 192.168.1.0/24.

  • Page 46: Figure 4-42 Networking Diagram Of Dial-On-Demand Through The Dialer Interface

    DCC and configure the dialing string. Choose NetWork > Interface. The Interface page is displayed. Click New to enter the Create New Interface interface. Figure 4-45 shows the parameter setting. 4-22 Huawei Proprietary and Confidential Issue 01 (2010-02-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 47: Figure 4-46 Adding The Dialer0 Interface To The Untrust Zone

    Figure 4-48 shows the parameter setting. CAUTION Configure access authentication (according to the actual networking). The corresponding authentication configuration on the physical interface (Cellular) is required. Issue 01 (2010-02-20) Huawei Proprietary and Confidential 4-23 Copyright © Huawei Technologies Co., Ltd.

  • Page 48: Figure 4-48 Configuring The Ppp User On The Dialer0 Interface

    In the PPP User and Dialer group box, click PPP User and Dialer. The PPP User Config interface is displayed. Figure 4-50 shows the parameter setting. 4-24 Huawei Proprietary and Confidential Issue 01 (2010-02-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 49: Figure 4-50 Configuring The Ppp User On The Cellular Interface

    In the Data Card Config group box, click Data Card Config. Then click the Operator Manage tab. The Operator Config interface is displayed. Figure 4-52 shows the parameter setting. Figure 4-52 Configuring the operator Issue 01 (2010-02-20) Huawei Proprietary and Confidential 4-25 Copyright © Huawei Technologies Co., Ltd.

  • Page 50: Figure 4-53 Configuring Ethernet 0/0/0 Interface

    Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click New to enter the Rule Config interface. Figure 4-55 shows the parameter setting. 4-26 Huawei Proprietary and Confidential Issue 01 (2010-02-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 51: Figure 4-55 Configuring A Rule

    Choose Security > Packet-Filter. The Packet-Filter page is displayed. 10. Click MORE corresponding to trust-untrust. The Packet-Filter Config page is displayed. Figure 4-57 shows the parameter setting. Issue 01 (2010-02-20) Huawei Proprietary and Confidential 4-27 Copyright © Huawei Technologies Co., Ltd.

  • Page 52: Figure 4-57 Configuring The Interzone Packet Filtering Rule

    In the Setting Interface Process Mode Of DHCP Packet group box, configure the processing mode for DHCP packets on Ethernet0/0/0. Figure 4-60 shows the parameter setting. 4-28 Huawei Proprietary and Confidential Issue 01 (2010-02-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 53: Figure 4-60 Configuring The Processing Mode For Dhcp Packets On The Interface

    Click OK in the This will save current configuration, if you switch to other pages, you will not get the operation result. Are you sure to save? dialog box that is displayed to complete the configuration. ----End Issue 01 (2010-02-20) Huawei Proprietary and Confidential 4-29 Copyright © Huawei Technologies Co., Ltd.

  • Page 54: Configuration Example Of The 3G Interface For Automatic Dialup

    4.7 Configuration Example of the 3G Interface for Automatic Dialup Networking Requirements The EGW2100 connects to the enterprise intranet through Ethernet 0/0/0 and to the Internet through USB 3G card. The networking requirements are as follows: The intranet of the enterprise is in network segment 192.168.1.0/24.

  • Page 55: Figure 4-66 Configuring The Dialer Rule

    In the PPP User and Dialer group box, click PPP User and Dialer. The PPP User Config interface is displayed. Figure 4-69 shows the parameter setting. Issue 01 (2010-02-20) Huawei Proprietary and Confidential 4-31 Copyright © Huawei Technologies Co., Ltd.

  • Page 56: Figure 4-69 Configuring The Ppp User

    10. In the Dial Control Center group box, click DCC Configuration. The DCC Configuration interface is displayed. Figure 4-70 shows the parameter setting. CAUTION You can obtain the Peer Number from the operator. Figure 4-70 Configuring circular DCC 4-32 Huawei Proprietary and Confidential Issue 01 (2010-02-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 57: Figure 4-71 Configuring The Ethernet 0/0/0 Interface

    Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click New to enter the Rule Config interface. Figure 4-73 shows the parameter setting. Issue 01 (2010-02-20) Huawei Proprietary and Confidential 4-33 Copyright © Huawei Technologies Co., Ltd.

  • Page 58: Figure 4-73 Configuring A Rule

    Choose Security > Packet-Filter. The Packet-Filter page is displayed. 10. Click MORE corresponding to trust-untrust. The Packet-Filter Config page is displayed. Figure 4-75 shows the parameter setting. 4-34 Huawei Proprietary and Confidential Issue 01 (2010-02-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 59: Figure 4-75 Configuring The Interzone Packet Filtering Rule

    In the Setting Interface Process Mode Of DHCP Packet group box, configure the processing mode for DHCP packets on Ethernet0/0/0. Figure 4-78 shows the parameter setting. Issue 01 (2010-02-20) Huawei Proprietary and Confidential 4-35 Copyright © Huawei Technologies Co., Ltd.

  • Page 60: Configuration Example Of A Wlan (Crypto Service Class)

    4.8 Configuration Example of a WLAN (Crypto Service Class) Networking Requirements The EGW2100 (AP) is connected to the Router through Ethernet 0/0/0 (already added to the Untrust zone). The fixed IP address of Ethernet 0/0/0 is 202.169.10.1/24 and the IP address of Ethernet 1/0/0 on the Router is 202.169.10.2/24.

  • Page 61: Figure 4-81 Networking Diagram Of Configuring A Wlan (Crypto Service Class)

    Eth1/0/0 Eth0/0/0 Station Procedure Step 1 Set the IP address of Ethernet 0/0/0 of the EGW2100, and add the interface to the Untrust zone. For the configuration procedure, see 3 Configuration Example of the Basic Operation. Step 2 Create VLAN 2. Set the IP address of interface Vlanif 2 to 192.168.1.1/24, and add the interface to the Trust zone.

  • Page 62: Figure 4-83 Configuring The Crypto Service Class

    Click MORE corresponding to Wlan-Bss2 in the Wlan Bss group box. The configuration interface of interface Wlan-Bss2 is displayed. Figure 4-85 shows the parameter setting. 4-38 Huawei Proprietary and Confidential Issue 01 (2010-02-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 63: Figure 4-85 Configuring Interface Wlan-Bss2

    Choose Service > NAT > Nat-Policy. The Nat-Policy page is displayed. Click new to enter the NAT-Policy interface. Figure 4-87 shows the parameter setting. Figure 4-87 Configuring the NAT Issue 01 (2010-02-20) Huawei Proprietary and Confidential 4-39 Copyright © Huawei Technologies Co., Ltd.

  • Page 64: Configuration Example Of A Wlan (Plain Service Class)

    EGW2100. ----End 4.9 Configuration Example of a WLAN (Plain Service Class) Networking Requirements The EGW2100 (AP) is connected to the Router through Ethernet 0/0/0 (already added to the Untrust zone). 4-40 Huawei Proprietary and Confidential Issue 01 (2010-02-20) Copyright ©...

  • Page 65: Figure 4-90 Networking Diagram Of Configuring A Wlan (Plain Service Class)

    Eth1/0/0 Eth0/0/0 Station Procedure Step 1 Set the IP address of Ethernet 0/0/0 of the EGW2100, and add the interface to the Untrust zone. For the configuration procedure, see 3 Configuration Example of the Basic Operation. Step 2 Create VLAN 2. Set the IP address of interface Vlanif 2 to 192.168.1.1/24, and add the interface to the Trust zone.

  • Page 66: Figure 4-92 Configuring The Processing Mode For Dhcp Packets On The Interface

    Choose NetWork > Wlan > Service Class. The Service Class page is displayed. NOTE By default, the number of the plain service class of the EGW2100 is 0. Click DISABLE corresponding to service class number 0. Click OK in the Are you sure...

  • Page 67: Configuration Example Of A Wlan (802.1X)

    4.10 Configuration Example of a WLAN (802.1X) Networking Requirements The EGW2100 (AP) is connected to the Router through Ethernet 0/0/0 (already added to the Untrust zone). The fixed IP address of Ethernet 0/0/0 is 202.169.10.1/24 and the IP address of Ethernet 1/0/0 on the Router is 202.169.10.2/24.

  • Page 68: Figure 4-96 Networking Diagram Of Configuring A Wlan (802.1X)

    Select WPA, WPA2 or WPA-WPA2 for the authentication mode when configuring 802.1X. Procedure Step 1 Set the IP address of Ethernet 0/0/0 of the EGW2100, and add the interface to the Untrust zone. For the configuration procedure, see 3 Configuration Example of the Basic Operation.

  • Page 69: Figure 4-98 Configuring The Crypto Service Class

    Click New Bss in the Wlan Bss group box to access the Interface Basic Config interface. Figure 4-100 shows the parameter setting. Figure 4-100 Creating the WLAN-BSS interface Issue 01 (2010-02-20) Huawei Proprietary and Confidential 4-45 Copyright © Huawei Technologies Co., Ltd.

  • Page 70: Figure 4-101 Configuring Interface Wlan-Bss2

    Click MORE corresponding to template name test, and click the Server Info tab. The Radius Server Config interface is displayed. Figure 4-103 shows the parameter setting. 4-46 Huawei Proprietary and Confidential Issue 01 (2010-02-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 71: Figure 4-103 Configuring The Radius Authentication Server

    Choose Resource > AAA > Domain. The Domain interface is displayed. Click new. The Domain Basic Config interface is displayed. Figure 4-105 shows the parameter setting. Figure 4-105 Configuring the domain Issue 01 (2010-02-20) Huawei Proprietary and Confidential 4-47 Copyright © Huawei Technologies Co., Ltd.

  • Page 72: Figure 4-106 Configuring The Aaa Domain Policy

    The SSID and authentication mode on the wireless network cards should be consistent with those on the AP. The user name, password and certificate for 802.1X authentication should be consistent with those on the RADIUS server. ----End 4-48 Huawei Proprietary and Confidential Issue 01 (2010-02-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 73: Configuration Example Of The Acl

    Networking Requirements A EGW2100 is deployed at the network egress of the company. The Ethernet1/0/0 interface is connected to the internal network of the company. The Ethernet0/0/0 interface is connected to the Internet.

  • Page 74: Figure 5-1 Networking Of The Acl Configuration Example

    202.38.10.2/24 202.38.10.6/24 Procedure Step 1 Configure the IP addresses of interfaces of the EGW2100 and add the interfaces to related security zones. Choose NetWork > VLAN. The VLAN page is displayed. Click New to enter the VLAN Config interface. Enter 5 in VLAN ID.

  • Page 75: Figure 5-4 Setting Basic Parameters Of The Vlanif 5 Interface

    Choose NetWork > Route Config. The Route Config page is displayed. Click the Route-Static tab. Click New. The Route-Static Config page is displayed. Set the parameters based on Figure 5-6. Issue 01 (2010-02-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 76: Figure 5-6 Configuring The Static Route

    In the ACL Rule Configuration area, click New. The Rule Configuration page is displayed. Set the parameters based on Figure 5-7. Figure 5-7 Configuring ACL rule 1 Huawei Proprietary and Confidential Issue 01 (2010-02-20) Copyright © Huawei Technologies Co., Ltd.
  • Page 77 Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. In the ACL Rule Configuration area, click New. The Rule Configuration page is displayed. Set the parameters based on Figure 5-9. Issue 01 (2010-02-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 78 14. Choose Security > ASPF. The ASPF Config page is displayed. 15. Click the InterZone ASPF tab. In the InterZone, select DMZ and Untrust. 16. Click confirm. Set the parameters based on Figure 5-11. Huawei Proprietary and Confidential Issue 01 (2010-02-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 79: Figure 5-11 Configuring Interzone Aspf

    Figure 5-12 Configuring ACL rule 4 Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Issue 01 (2010-02-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 80 11. Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Step 5 Save the configuration. Huawei Proprietary and Confidential Issue 01 (2010-02-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 81: Figure 5-15 Saving The Configuration

    Click OK in the This will save current configuration, if you switch to other pages, you will not get the operation result. Are you sure to save? dialog box that is displayed to complete the configuration. ----End Issue 01 (2010-02-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 83: Configuration Example Of Nat

    Networking Requirements The company networks with different service are in the EGW2100 security zones with different security levels. The mappings are described as follows: The WWW server and the FTP server are in the DMZ security zone, and the network segment is 10.100.20.0/24.
  • Page 84 Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click New. The Rule Configuration page is displayed. Set the parameters based on Figure 6-3. Huawei Proprietary and Confidential Issue 01 (2010-02-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 85: Figure 6-4 Configuring The Packet Filtering Rule Between The Dmz Security Zone And The Untrust Security Zone

    Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Step 4 Configure the function of filtering application layer-based FTP packets on the EGW2100. Choose Security > ASPF and then click InterZone ASPF. The ASPF Config page is displayed.

  • Page 86: Figure 6-5 Configuring The Aspf Between The Dmz Security Zone And The Untrust Security Zone

    Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Step 5 Configure the address mapping function of the EGW2100. Choose Service > NAT > Address-Map. The Address-Map page is displayed.

  • Page 87: Figure 6-8 Saving The Configuration

    Click OK in the This will save current configuration, if you switch to other pages, you will not get the operation result. Are you sure to save? dialog box that is displayed to complete the configuration. ----End Issue 01 (2010-02-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 89: Configuration Example Of The Dual-System Hot Backup In Routing Mode

    Configuration Example of the Dual-System Hot Backup in Routing Mode As a security device, the EGW2100 is deployed between a protected network and other networks. In order to maintain the stability of devices, two EGW2100s are used in master/backup mode.

  • Page 90: Figure 7-1 Networking Of The Dual-System Hot Backup In Routing Mode

    Vlanif5:10.100.10.3/24 10.100.20.1/24 Backup EGW B Procedure Step 1 Configure the IP addresses of interfaces of the EGW2100 A and add the interfaces to related security zones. For the configuration procedure, see 3 Configuration Example of the Basic Operation. Step 2 Configure the Packet-Filtering between the Trust security zone, DMZ security zone, and Untrust security zone of the EGW2100 A.
  • Page 91 Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Step 4 Enable the HRP function of the EGW2100 A. Choose Reliability > HRP. The HRP page is displayed.

  • Page 92: Figure 7-5 Configuring Vgmp

    Step 5 Configure EGW2100 B. The procedure for configuring the EGW2100 B is the same as that for configuring the EGW2100 A. The following parameters, however, are different: The interface IP addresses of EGW2100 B are different from those of the EGW2100 A.

  • Page 93: Figure 7-7 Saving The Configuration

    Click OK in the This will save current configuration, if you switch to other pages, you will not get the operation result. Are you sure to save? dialog box that is displayed to complete the configuration. ----End Issue 01 (2010-02-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 95: Configuration Example Of The Vpn

    Web Configuration Guide 8 Configuration Example of the VPN Configuration Example of the VPN About This Chapter 8.1 Configuration Example of GRE 8.2 Configuration Example of L2TP IPSec Issue 01 (2010-02-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 96: 8.1 Configuration Example Of Gre

    EGW B GRE tunnel Procedure Step 1 Configure the EGW2100 A. Configure the VLANs that Vlanif interfaces belong to, set the IP addresses of the Vlanif interfaces, and add the Vlanif interfaces to the specified zones. For the configuration procedure, see 3 Configuration Example of the Basic Operation.

  • Page 97: Figure 8-3 Configuring The Tunnel1 Interface

    Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. 10. Click New. The Route-Static Config page is displayed. Set the parameters based on Figure 8-5. Issue 01 (2010-02-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 98: Figure 8-5 Configuring The Static Route

    Therefore, it is recommended to apply the ACL rule between security zones. 15. Click Save on the upper right of the page to save the configuration. Step 2 Configure the IP addresses of interfaces of the EGW2100 B and add the interfaces to related security zones.

  • Page 99: Figure 8-7 Configuring The Tunnel1 Interface

    Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Click New. The Route-Static Config page is displayed. Set the parameters based on Figure 8-9. Issue 01 (2010-02-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 100: 8.2 Configuration Example Of L2Tp Ipsec

    PC of the employees on business trip; the employee sends a connection request to the EGW2100 and an L2TP+IPSec VPN tunnel is then established, through which the employee can communicate with other internal users of the company.

  • Page 101: Figure 8-10 Networking Diagram Of L2Tp Ipsec

    Transform Authentication- Algorithm ESP Encryption- Algorithm Nat-Traversal Enable Enable Pre-Shared-Key abcde abcde Exchange-Mode aggressive aggressive Local-Id-Type Name Name IKE Local-Name server client Remote-Name client server Authentication- Algorithm Issue 01 (2010-02-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 102: Figure 8-11 Configuring The Virtual-Template1 Interface

    Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Step 2 Disable the fast forwarding function on Ethernet 0/0/0. Choose NetWork > Interface. The Interface page is displayed. Huawei Proprietary and Confidential Issue 01 (2010-02-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 103: Figure 8-13 Disabling The Fast Forwarding Function

    Figure 8-15 Configuring the IP pool Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Issue 01 (2010-02-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 104: Figure 8-16 Configuring The L2Tp-Group

    Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Choose IKE Peer tab, then click new. The IKE Peer Config page is displayed. Figure 8-18 shows the parameter setting. 8-10 Huawei Proprietary and Confidential Issue 01 (2010-02-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 105: Figure 8-18 Configuring The Ike Peer

    Click Apply. Then click OK in the Are you sure to submit? dialog box that is displayed to complete the configuration. Choose IPSec Policy Template tab, then click new. The IPSec Policy Template page is displayed. Figure 8-20 shows the parameter setting. Issue 01 (2010-02-20) Huawei Proprietary and Confidential 8-11 Copyright © Huawei Technologies Co., Ltd.

  • Page 106: Figure 8-20 Configuring The Ipsec Policy Template

    3G uplink is adopted, the policy should be applied on the Dialer interface. Step 8 Save the configuration. Click Save on the upper right of the page to save the configuration. Figure 8-23 shows the parameter setting. 8-12 Huawei Proprietary and Confidential Issue 01 (2010-02-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 107: Figure 8-23 Saving The Configuration

    Install the VPN Client on the PC of the remote user. Create the dial-up program (the parameters should be consistent with those on the EGW2100). Click the connection to start communications with the headquarters. ----End Issue 01 (2010-02-20) Huawei Proprietary and Confidential 8-13 Copyright © Huawei Technologies Co., Ltd.

  • Page 109: Acronyms And Abbreviations

    Application Specific Packet Filter DHCP Dynamic Host Configuration Protocol DeMilitarized Zone File Transfer Protocol HTTP Hypertext Transfer Protocol ICMP Internet Control Message Protocol Internet Protocol Media Access Control Issue 01 (2010-02-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 110 Network Address Translation Personal Computer RADIUS Remote Authentication Dial in User Service Routing Information Protocol TFTP Trivial File Transfer Protocol VLAN Virtual Local Area Network World Wide Web Huawei Proprietary and Confidential Issue 01 (2010-02-20) Copyright © Huawei Technologies Co., Ltd.

Table of Contents