欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

H3C产品体系

程序员文章站 2022-05-30 19:43:32
...

H3C产品体系

​ 路由器:
​ ER系列:中小型企业 ER3100 3260 5100 5200
​ MSR系列:大中型企业 MSR20 30 50
​ SR系列:大型或超大型企业 SR6602 6616 8802 8812

​ 交换机:
​ 接入层:小型企业 S1000 1500 2100 5000P/5000E
​ 汇聚层:中小型企业 S3100 3600 3610 E328
​ 核心层:中大型企业 S5100 5500 5600 7500 7600 9500

策略路由

​ 依据用户制定的策略进行路由选择的机制,优先于路由表

策略路由分类

​ ip单播策略路由:
​ 接口策略路由:在接口模式下配置并仅对本接口报文起作用
​ 本地策略路由:在系统模式下配置对本机产生的报文进行策略路由

​ ip组播策略路由:
策略路由:一般用于安全、负载分流,多数情况使用接口策略路由

​ 配置步骤:
​ 创建策略route-policy
​ 定义route-policy的if-match子句
​ 定义route-policy的apply子句
​ 使用/禁止本地策略路由
​ 使用/禁止接口策略路由

​ 配置命令:
​ acl advanced 3001 //扩展acl,表号从3000—3999
​ rule 0 permit ip source 192.168.3.0 0.0.0.255
​ quit
​ policy-based-route a1 permit node 10
​ if-match acl 3001
​ apply next-hop 200.200.200.1
​ quit
​ policy-based-route a1 permit node 20 //空节点,即不匹配acl3001的流量都放行,正常查路由表
​ quit
​ 在接口vlan上应用策略路由(此处使用的是基于接口的策略路由)
​ int Vlan-interface 1
​ ip policy-based-route a1

练习

H3C产品体系

基本配置

主机配置:pc与路由器接口ip配置

pc1配置

<h3c>system-view
[h3c]sysname pc1
[h3c]int g0/0
[pc1-GigabitEthernet0/0]ip add 192.168.2.100 255.255.255.0
[pc1-GigabitEthernet0/0]undo sh
[pc1-GigabitEthernet0/0]quit
[pc1]ip route-static 0.0.0.0 0.0.0.0 192.168.2.1
[pc1]display ip routing-table

pc2配置

<h3c>system-view
[h3c]sysname pc2
[pc2]int g0/0
[pc2-GigabitEthernet0/0]ip add 192.168.3.100 255.255.255.0
[pc2-GigabitEthernet0/0]undo sh
[pc2-GigabitEthernet0/0]quit
[pc2]ip route-static 0.0.0.0 0.0.0.0 192.168.3.1
[pc2]display ip routing-table

服务器配置

<h3c>system-view
[h3c]sysname server
[server]int g0/0
[server -GigabitEthernet0/0]ip add 192.168.3.250 255.255.255.0
[server -GigabitEthernet0/0]undo sh
[server -GigabitEthernet0/0]quit
[server]ip route-static 0.0.0.0 0.0.0.0 192.168.3.1
[server]display ip routing-table

pc3配置

<h3c>system-view
[h3c]sysname pc3
[pc3]int g0/0
[pc3-GigabitEthernet0/0]ip add 202.1.1.2 55.255.255.0
[pc3-GigabitEthernet0/0]undo sh
[pc3-GigabitEthernet0/0]quit
[pc3]ip route-static 0.0.0.0 0.0.0.0 202.1.1.1
[pc3]display ip routing-table

路由器接口ip配置

r1配置

<H3C>system-view
[H3C]sysname r1
[r1]int g0/0
[r1-GigabitEthernet0/0]ip add 202.202.202.2 255.255.255.252
[r1-GigabitEthernet0/0]undo sh
[r1-GigabitEthernet0/0]int g0/1
[r1-GigabitEthernet0/1]ip add 200.200.200.2 255.255.255.248
[r1-GigabitEthernet0/1]undo sh

将g0/2改为桥接模式

[r1-GigabitEthernet0/1]int g0/2
[r1-GigabitEthernet0/2]port link-mode bridge
[r1-GigabitEthernet0/2]int vlan 1
[r1-Vlan-interface1]ip add 192.168.1.1 255.255.255.0
[r1-Vlan-interface1]undo sh

r2配置

<H3C>system-view
System View: return to User View with Ctrl+Z.
[H3C]sysname r2
[r2]int g0/0
[r2-GigabitEthernet0/0]ip add 202.202.202.1 255.255.255.252
[r2-GigabitEthernet0/0]undo sh
[r2-GigabitEthernet0/0]int g0/1
[r2-GigabitEthernet0/1]ip add 222.222.222.1 255.255.255.252
[r2-GigabitEthernet0/1]undo sh
[r2-GigabitEthernet0/1]int loopback 0
[r2-LoopBack0]ip add 202.202.0.1 255.255.255.255
[r2-LoopBack0]

r3配置

<H3C>system-view
[H3C]sysname r3
[r3]int g0/1
[r3-GigabitEthernet0/1]ip add 200.200.200.1 255.255.255.248
[r3-GigabitEthernet0/1]undo sh
[r3-GigabitEthernet0/1]int g0/0
[r3-GigabitEthernet0/0]ip add 222.222.222.2 255.255.255.252
[r3-GigabitEthernet0/0]undo sh
[r3-GigabitEthernet0/0]
[r3-GigabitEthernet0/0]int  g0/2
[r3-GigabitEthernet0/2] ip add 202.1.1.1  255.255.255.0
[r3-GigabitEthernet0/2]undo sh

交换机sw1配置:包括vlan以及ip的配置

[H3C]sysname sw1

创建VLAN

[sw1]vlan 2
[sw1-vlan2]vlan 3

为vlan创建ip

[sw1]int vlan 1
[sw1-Vlan-interface1]ip add 192.168.1.2 255.255.255.0
[sw1-Vlan-interface1]undo sh
[sw1-vlan3]int vlan 2
[sw1-Vlan-interface2]ip add 192.168.2.1 255.255.255.0
[sw1-Vlan-interface2]undo sh
[sw1-Vlan-interface2]int vlan 3
[sw1-Vlan-interface3]ip add 192.168.3.1 255.255.255.0
[sw1-Vlan-interface3]undo sh

端口加入vlan

[sw1]int g1/0/6
[sw1-GigabitEthernet1/0/6]port access vlan 2
[sw1-GigabitEthernet1/0/6]int g1/0/7
[sw1-GigabitEthernet1/0/7]port access vlan 3
[sw1-GigabitEthernet1/0/7]int g1/0/8
[sw1-GigabitEthernet1/0/8]port access vlan 3

测试:到目前为止三台pc:pc1与pc2以及server之间就可以通信了

路由配置

sw1配置默认路由

[sw1-GigabitEthernet1/0/8]ip route-static 0.0.0.0 0.0.0.0 192.168.1.1

r1上配置静态路由和ospf

<r1>system-view
[r1]ip route-static 192.168.2.0 255.255.255.0 192.168.1.2
[r1]ip route-static 192.168.3.0 255.255.255.0 192.168.1.2
[r1]ospf 1
[r1-ospf-1]area 0
[r1-ospf-1-area-0.0.0.0]net 202.202.202.0  0.0.0.3
[r1-ospf-1-area-0.0.0.0]net 200.200.200. 0  0.0.0.7

r2上配置ospf

<r2>system-view
[r2]ospf 1
[r2-ospf-1]area 0
[r2-ospf-1-area-0.0.0.0]net 0.0.0.0 255.255.255.255

r3上配置ospf

<r2>system-view
[r2]ospf 1
[r2-ospf-1]area 0
[r2-ospf-1-area-0.0.0.0]net 0.0.0.0 255.255.255.255

说明:

nat配置

配置acl,将需要转换的流量包含在acl2001中

[r1]acl basic 2001
[r1-acl-ipv4-basic-2001]rule 0 permit source 192.168.2.0 0.0.0.255
[r1-acl-ipv4-basic-2001]rule 5 permit source 192.168.3.0 0.0.0.255
[r1-acl-ipv4-basic-2001]rule 10 deny

配置基于出接口的nat(easy-ip),将内网地址转换成r1的出口地址

[r1-acl-ipv4-basic-2001]int g0/0
[r1-GigabitEthernet0/0]port link-mode route
[r1-GigabitEthernet0/0]description link_to_tel
[r1-GigabitEthernet0/0]nat outbound 2001   
[r1-GigabitEthernet0/0]int g0/1`
[r1-GigabitEthernet0/1]port link-mode route
[r1-GigabitEthernet0/1]desc link_to_end
[r1-GigabitEthernet0/1]nat outbound 2001   

验证:在pc上可以ping外部的所有主机和接口

配置nat-server发布内网的telnet

[r1-GigabitEthernet0/1]nat server protocol tcp global 200.200.200.3 23 inside 19
2.168.3.250 23  
[r1-GigabitEthernet0/1]

验证:从pc1 ping 202.202.0.1
display nat session

验证

nat,在server上开启telnet

<server>system-view
[server]telnet server enable   //默认开启
[server]local-user admin     //创建用户admin
[server-luser-manage-admin]password simple benet //配置密码
[server-luser-manage-admin]service-type telnet //指定服务类型为telnet
[server-luser-manage-admin]authorization-attribute user-role level-3 //指定命令级别为3级
[server-luser-manage-admin]quit 
[server]user-interface vty 0  //进入vty线路
[server-line-vty0]authentication-mode scheme //配置用户的认证方式
[server-line-vty0]protocol inbound telnet     //支持telnet
[server-line-vty0]quit

在pc3上telnet服务器

<pc3>telnet 200.200.200.3
login: admin
Password:
<server>
<server>

策略路由配置

[r1]acl advanced 3001 //扩展acl,表号从3000---3999
[r1-acl-ipv4-adv-3001]rule 0 permit ip source 192.168.3.0 0.0.0.255
[r1-acl-ipv4-adv-3001]quit

策略路由配置

[r1]policy-based-route  a1  permit node 10
[r1-pbr-a1-10]if-match acl 3001
[r1-pbr-a1-10]apply next-hop 200.200.200.1
[r1-pbr-a1-10]quit
[r1]policy-based-route  a1  permit node 20  //空节点,即不匹配acl3001的流量都放行,正常查路由表
[r1-pbr-a1-20]quit

在接口vlan上应用策略路由(此处使用的是基于接口的策略路由)

[r1]int Vlan-interface 1
[r1-Vlan-interface1]ip policy-based-route a1
[r1-Vlan-interface1]

验证:
从pc2访问外部走下一跳200.200.200.1
可以通过tracert 202.1.1.2跟踪
在r1上disp nat session
说明:模拟器上可能看不到效果