H3C产品体系
H3C产品体系
路由器:
ER系列:中小型企业 ER3100 3260 5100 5200
MSR系列:大中型企业 MSR20 30 50
SR系列:大型或超大型企业 SR6602 6616 8802 8812
交换机:
接入层:小型企业 S1000 1500 2100 5000P/5000E
汇聚层:中小型企业 S3100 3600 3610 E328
核心层:中大型企业 S5100 5500 5600 7500 7600 9500
策略路由
依据用户制定的策略进行路由选择的机制,优先于路由表
策略路由分类
ip单播策略路由:
接口策略路由:在接口模式下配置并仅对本接口报文起作用
本地策略路由:在系统模式下配置对本机产生的报文进行策略路由
ip组播策略路由:
策略路由:一般用于安全、负载分流,多数情况使用接口策略路由
配置步骤:
创建策略route-policy
定义route-policy的if-match子句
定义route-policy的apply子句
使用/禁止本地策略路由
使用/禁止接口策略路由
配置命令:
acl advanced 3001 //扩展acl,表号从3000—3999
rule 0 permit ip source 192.168.3.0 0.0.0.255
quit
policy-based-route a1 permit node 10
if-match acl 3001
apply next-hop 200.200.200.1
quit
policy-based-route a1 permit node 20 //空节点,即不匹配acl3001的流量都放行,正常查路由表
quit
在接口vlan上应用策略路由(此处使用的是基于接口的策略路由)
int Vlan-interface 1
ip policy-based-route a1
练习
基本配置
主机配置:pc与路由器接口ip配置
pc1配置
<h3c>system-view
[h3c]sysname pc1
[h3c]int g0/0
[pc1-GigabitEthernet0/0]ip add 192.168.2.100 255.255.255.0
[pc1-GigabitEthernet0/0]undo sh
[pc1-GigabitEthernet0/0]quit
[pc1]ip route-static 0.0.0.0 0.0.0.0 192.168.2.1
[pc1]display ip routing-table
pc2配置
<h3c>system-view
[h3c]sysname pc2
[pc2]int g0/0
[pc2-GigabitEthernet0/0]ip add 192.168.3.100 255.255.255.0
[pc2-GigabitEthernet0/0]undo sh
[pc2-GigabitEthernet0/0]quit
[pc2]ip route-static 0.0.0.0 0.0.0.0 192.168.3.1
[pc2]display ip routing-table
服务器配置
<h3c>system-view
[h3c]sysname server
[server]int g0/0
[server -GigabitEthernet0/0]ip add 192.168.3.250 255.255.255.0
[server -GigabitEthernet0/0]undo sh
[server -GigabitEthernet0/0]quit
[server]ip route-static 0.0.0.0 0.0.0.0 192.168.3.1
[server]display ip routing-table
pc3配置
<h3c>system-view
[h3c]sysname pc3
[pc3]int g0/0
[pc3-GigabitEthernet0/0]ip add 202.1.1.2 55.255.255.0
[pc3-GigabitEthernet0/0]undo sh
[pc3-GigabitEthernet0/0]quit
[pc3]ip route-static 0.0.0.0 0.0.0.0 202.1.1.1
[pc3]display ip routing-table
路由器接口ip配置
r1配置
<H3C>system-view
[H3C]sysname r1
[r1]int g0/0
[r1-GigabitEthernet0/0]ip add 202.202.202.2 255.255.255.252
[r1-GigabitEthernet0/0]undo sh
[r1-GigabitEthernet0/0]int g0/1
[r1-GigabitEthernet0/1]ip add 200.200.200.2 255.255.255.248
[r1-GigabitEthernet0/1]undo sh
将g0/2改为桥接模式
[r1-GigabitEthernet0/1]int g0/2
[r1-GigabitEthernet0/2]port link-mode bridge
[r1-GigabitEthernet0/2]int vlan 1
[r1-Vlan-interface1]ip add 192.168.1.1 255.255.255.0
[r1-Vlan-interface1]undo sh
r2配置
<H3C>system-view
System View: return to User View with Ctrl+Z.
[H3C]sysname r2
[r2]int g0/0
[r2-GigabitEthernet0/0]ip add 202.202.202.1 255.255.255.252
[r2-GigabitEthernet0/0]undo sh
[r2-GigabitEthernet0/0]int g0/1
[r2-GigabitEthernet0/1]ip add 222.222.222.1 255.255.255.252
[r2-GigabitEthernet0/1]undo sh
[r2-GigabitEthernet0/1]int loopback 0
[r2-LoopBack0]ip add 202.202.0.1 255.255.255.255
[r2-LoopBack0]
r3配置
<H3C>system-view
[H3C]sysname r3
[r3]int g0/1
[r3-GigabitEthernet0/1]ip add 200.200.200.1 255.255.255.248
[r3-GigabitEthernet0/1]undo sh
[r3-GigabitEthernet0/1]int g0/0
[r3-GigabitEthernet0/0]ip add 222.222.222.2 255.255.255.252
[r3-GigabitEthernet0/0]undo sh
[r3-GigabitEthernet0/0]
[r3-GigabitEthernet0/0]int g0/2
[r3-GigabitEthernet0/2] ip add 202.1.1.1 255.255.255.0
[r3-GigabitEthernet0/2]undo sh
交换机sw1配置:包括vlan以及ip的配置
[H3C]sysname sw1
创建VLAN
[sw1]vlan 2
[sw1-vlan2]vlan 3
为vlan创建ip
[sw1]int vlan 1
[sw1-Vlan-interface1]ip add 192.168.1.2 255.255.255.0
[sw1-Vlan-interface1]undo sh
[sw1-vlan3]int vlan 2
[sw1-Vlan-interface2]ip add 192.168.2.1 255.255.255.0
[sw1-Vlan-interface2]undo sh
[sw1-Vlan-interface2]int vlan 3
[sw1-Vlan-interface3]ip add 192.168.3.1 255.255.255.0
[sw1-Vlan-interface3]undo sh
端口加入vlan
[sw1]int g1/0/6
[sw1-GigabitEthernet1/0/6]port access vlan 2
[sw1-GigabitEthernet1/0/6]int g1/0/7
[sw1-GigabitEthernet1/0/7]port access vlan 3
[sw1-GigabitEthernet1/0/7]int g1/0/8
[sw1-GigabitEthernet1/0/8]port access vlan 3
测试:到目前为止三台pc:pc1与pc2以及server之间就可以通信了
路由配置
sw1配置默认路由
[sw1-GigabitEthernet1/0/8]ip route-static 0.0.0.0 0.0.0.0 192.168.1.1
r1上配置静态路由和ospf
<r1>system-view
[r1]ip route-static 192.168.2.0 255.255.255.0 192.168.1.2
[r1]ip route-static 192.168.3.0 255.255.255.0 192.168.1.2
[r1]ospf 1
[r1-ospf-1]area 0
[r1-ospf-1-area-0.0.0.0]net 202.202.202.0 0.0.0.3
[r1-ospf-1-area-0.0.0.0]net 200.200.200. 0 0.0.0.7
r2上配置ospf
<r2>system-view
[r2]ospf 1
[r2-ospf-1]area 0
[r2-ospf-1-area-0.0.0.0]net 0.0.0.0 255.255.255.255
r3上配置ospf
<r2>system-view
[r2]ospf 1
[r2-ospf-1]area 0
[r2-ospf-1-area-0.0.0.0]net 0.0.0.0 255.255.255.255
说明:
nat配置
配置acl,将需要转换的流量包含在acl2001中
[r1]acl basic 2001
[r1-acl-ipv4-basic-2001]rule 0 permit source 192.168.2.0 0.0.0.255
[r1-acl-ipv4-basic-2001]rule 5 permit source 192.168.3.0 0.0.0.255
[r1-acl-ipv4-basic-2001]rule 10 deny
配置基于出接口的nat(easy-ip),将内网地址转换成r1的出口地址
[r1-acl-ipv4-basic-2001]int g0/0
[r1-GigabitEthernet0/0]port link-mode route
[r1-GigabitEthernet0/0]description link_to_tel
[r1-GigabitEthernet0/0]nat outbound 2001
[r1-GigabitEthernet0/0]int g0/1`
[r1-GigabitEthernet0/1]port link-mode route
[r1-GigabitEthernet0/1]desc link_to_end
[r1-GigabitEthernet0/1]nat outbound 2001
验证:在pc上可以ping外部的所有主机和接口
配置nat-server发布内网的telnet
[r1-GigabitEthernet0/1]nat server protocol tcp global 200.200.200.3 23 inside 19
2.168.3.250 23
[r1-GigabitEthernet0/1]
验证:从pc1 ping 202.202.0.1
display nat session
验证
nat,在server上开启telnet
<server>system-view
[server]telnet server enable //默认开启
[server]local-user admin //创建用户admin
[server-luser-manage-admin]password simple benet //配置密码
[server-luser-manage-admin]service-type telnet //指定服务类型为telnet
[server-luser-manage-admin]authorization-attribute user-role level-3 //指定命令级别为3级
[server-luser-manage-admin]quit
[server]user-interface vty 0 //进入vty线路
[server-line-vty0]authentication-mode scheme //配置用户的认证方式
[server-line-vty0]protocol inbound telnet //支持telnet
[server-line-vty0]quit
在pc3上telnet服务器
<pc3>telnet 200.200.200.3
login: admin
Password:
<server>
<server>
策略路由配置
[r1]acl advanced 3001 //扩展acl,表号从3000---3999
[r1-acl-ipv4-adv-3001]rule 0 permit ip source 192.168.3.0 0.0.0.255
[r1-acl-ipv4-adv-3001]quit
策略路由配置
[r1]policy-based-route a1 permit node 10
[r1-pbr-a1-10]if-match acl 3001
[r1-pbr-a1-10]apply next-hop 200.200.200.1
[r1-pbr-a1-10]quit
[r1]policy-based-route a1 permit node 20 //空节点,即不匹配acl3001的流量都放行,正常查路由表
[r1-pbr-a1-20]quit
在接口vlan上应用策略路由(此处使用的是基于接口的策略路由)
[r1]int Vlan-interface 1
[r1-Vlan-interface1]ip policy-based-route a1
[r1-Vlan-interface1]
验证:
从pc2访问外部走下一跳200.200.200.1
可以通过tracert 202.1.1.2跟踪
在r1上disp nat session
说明:模拟器上可能看不到效果
上一篇: H3C配置NAT实验
下一篇: H3C 基本配置