Login
- Table of Contents
-
- H3C SecPath M9000 Multi Service Security Gateway Configuration Examples(V7)(E9X71)-6W700
- 00-Preface
- 01-About the configuration examples
- 02-Web Login Configuration Examples
- 03-Internet Access Through a Static IP Address Configuration Examples
- 04-Internet access through PPPoE configuration examples
- 05-License Configuration Examples
- 06-Signature Library Upgrade Configuration Examples
- 07-Software Upgrade Examples
- 08-Routing deployment configuration examples
- 09-Transparent deployment configuration examples
- 10-Static routing configuration examples
- 11-RIP configuration examples
- 12-OSPF configuration examples
- 13-BGP configuration examples
- 14-Policy-based routing configuration examples
- 15-Security Policy Configuration Examples
- 16-APR-Based Security Policy Configuration Examples
- 17-Object Group Configuration Examples
- 18-User identification configuration examples
- 19-Attack defense configuration examples
- 20-Request Limit Configuration Examples
- 21-IPS Configuration Examples
- 22-URL Filtering Configuration Examples
- 23-Anti-Virus Configuration Examples
- 24-File Filtering Configuration Examples
- 25-Data Filtering Configuration Examples
- 26-WAF Configuration Examples
- 27-IP Reputation Configuration Examples
- 28-APT Defense Configuration Examples
- 29-NetShare Control Configuration Examples
- 30-Bandwidth Management Configuration Examples
- 31-IPsec configuration examples
- 32-SSL VPN IP access configuration examples
- 32-SSL VPN TCP access configuration examples
- 32-SSL VPN Web access configuration examples
- 33-L2TP Configuration Examples
- 34-NAT configuration examples
- 35-NPTv6 Configuration Examples
- 36-Policy-based NAT configuration examples
- 37-NAT hairpin configuration examples
- 38-NAT Flow Logging Configuration Examples
- 39-Inbound Link Load Balancing Configuration Examples
- 40-Outbound Link Load Balancing Configuration Examples
- 41-Server Load Balancing Configuration Examples
- 42-Transparent DNS Proxy Configuration Examples
- 43-Hot Backup Configuration Examples
- 44-Context Configuration Examples
- 45-DNS configuration examples
- 46-Server Connection Detection Configuration Examples
- 47-Connection Limit Configuration Examples
- 48-Public key management configuration examples
- 49-SSL Decryption Configuration Examples
- 50-MAC Address Learning Through a Layer 3 Device Configuration Examples
- 51-4G Configuration Examples
- 52-WLAN Configuration Examples
| Title | Size | Download |
|---|---|---|
| 51-4G Configuration Examples | 94.43 KB |
4G configuration examples
· General restrictions and guidelines
This document is not restricted to specific software or hardware versions. Procedures and information in the examples might be slightly different depending on the software or hardware version of the device.
The configuration examples were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.
The following information is provided based on the assumption that you have basic knowledge of the 4G feature.
Make sure the device supports USB 4G modems. Connect a USB 4G modem to the device before you configure 4G settings.
A USB 4G modem is available when the USB interface to which the modem is attached is shut down.
Do not remove a USB 4G modem while it is transmitting data. As a best practice, shut down the cellular interface before removing the USB 4G modem.
USB 4G modems are hot swappable.
To prevent an Eth-channel interface from obtaining an incorrect IP address through DHCP, add the Eth-channel interface to the Untrust security zone immediately after you activate the 4G feature. If you fail to do so, you must add the interface to the Untrust security zone and then reboot the interface or re-enable DHCP on the interface.
Network configuration
As shown in Figure 1, the device provides a USB 4G modem, and the PC accesses the LTE network through the device. Configure 4G settings for internal users to access the Internet through the device.
Software versions used
This configuration example was created and verified on F9671 of an F100-C-A6-WL device.
Procedure
1. Assign an IP address to interface GE1/0/1.
# On the top navigation bar, click Network.
# From the navigation pane, select Interface Configuration > Interfaces.
# Click the Edit icon for GE1/0/1.
# In the dialog box that opens, configure the interface:
a. Select the Trust security zone.
b. On the IPv4 Address tab, enter the IP address and mask for the interface. In this example, enter 10.1.1.1/24.
c. Retain the default settings for the other fields.
d. Click OK.
2. Configure 4G settings.
# On the top navigation bar, click Network.
# From the navigation pane, select Interface Configuration > 4G.
# On the page that opens, configure the following parameters:
¡ Select a supported cellular interface.
The device automatically creates Eth-channel interface 0 for the cellular interface, adds the Eth-channel interface to dialer group 1, and permits all IPv4 packets on the interface. By default, the Eth-channel interface uses DHCP to obtain an IP address and is enabled with traditional DDR.
¡ Configure the dial number for placing calls. The device will automatically enable automatic dialup.
¡ Set the interval for dialer autodial. DDR makes call attempts at the intervals until a connection is established.
# Click Apply.
3. Add the Eth-channel interface to the Untrust security zone.
# On the top navigation bar, click Network.
# From the navigation pane, select Security Zones.
# Add Eth-channel interface 0 to the Untrust security zone.
# Click OK.
4. Configure settings for routing:
This example configures a static route. If dynamic routes are used, configure the dynamic routing protocol.
# On the top navigation bar, click Network.
# From the navigation pane, select Routing > Static Routing.
# On the IPv4 Static Routing tab, click Create.
# In the dialog box that opens, create an IPv4 static route:
¡ Enter the destination address 0.0.0.0.
¡ Enter the mask length 24.
¡ Enter the next hop IP address or select the next hop interface. In this example, select Eth-channel interface 0 as the next hop interface.
¡ Retain the default settings for other parameters.
# Click OK.
5. For the Eth-channel interface to obtain an IP address through DHCP, create security policies to permit DHCP-related packets between the Local security zone and Untrust security zone where the Eth-channel interface resides.
# On the top navigation bar, click Policies.
# From the navigation pane, select Security Policies > Security Policies.
# Click Create.
# In the dialog box that opens, create a security policy to permit DHCP-related packets from the Local security zone to the Untrust security zone:
¡ Specify the policy name as local-untrust.
¡ Select Local as the source security zone.
¡ Select Untrust as the destination security zone.
¡ Specify dhcp-client, dhcp-relay, and dhcp-server as the policy groups.
¡ Select IPv4 as the IP version.
¡ Select Permit as the action.
¡ Retain the default settings for the other fields.
# Click OK.
# Create a security policy to permit DHCP-related packets from the Untrust security zone and the Local security zone:
¡ Specify the policy name as untrust-local.
¡ Select Untrust as the source security zone.
¡ Select Local as the destination security zone.
¡ Specify dhcp-client, dhcp-relay, and dhcp-server as the policy groups.
¡ Select IPv4 as the IP version.
¡ Select Permit as the action.
¡ Retain the default settings for the other fields.
# Click OK.
6. For Intranet users to access the Internet through the device, configure a security policy to permit packets from the Trust zone to the Untrust security zone.
# On the top navigation bar, click Policies.
# From the navigation pane, select Security Policies > Security Policies.
# Click Create.
# In the dialog box that opens, create a security policy to permit packets from the Trust to the Untrust security zone:
¡ Specify the policy name as trust-untrust.
¡ Select Trust as the source security zone.
¡ Select Untrust as the destination security zone.
¡ Select IPv4 as the IP version.
¡ Select Permit as the action.
¡ Specify 10.1.1.2/24 as the source IPv4 address.
¡ Retain the default settings for the other fields.
# Click OK.
7. Configure NAT outbound on the Eth-channel interface.
# On the top navigation bar, click Policies.
# From the navigation pane, select Interface NAT > IPv4. Then click the Out Dynamic NAT (ACL-Based) tab.
# Click Create.
# In the dialog box that appears, configure outbound dynamic NAT:
¡ Select the Eth-channel interface.
¡ Select the IP address of the interface as the source address after NAT.
¡ Retain the default settings for the other fields.
# Click OK.
8. Configure DNS.
# The device is DNS-configured by default. To view DNS parameters, execute the display default-configuration command. You can modify DNS parameters as needed.
Verifying the configuration
Verify that the PC can access the LTE network through the device and you can view the operating status of the device from the Web interface.
To view the operating status of the device, click Network on the top navigation bar and then select Interface Configuration > 4G from the navigation pane.
Figure 2 Viewing device operating status
