H3C路由器配置Word格式.docx
《H3C路由器配置Word格式.docx》由会员分享,可在线阅读,更多相关《H3C路由器配置Word格式.docx(9页珍藏版)》请在冰豆网上搜索。
[xianBBB]intLoopBack10
[xianBBB-LoopBack10]ipaddressx.x.x.xx.x.x.x//ip地址
#
routerid1.1.1.1配置路由id
ospf1#进程号1
area0#骨干区域
network10.44.251.00.0.0.255network10.44.253.00.0.0.255
VLAN10//创建VLAN
intvlan10ipadd10.1.1.124//配置VLAN10的IP地址
intg0/7portlink-typeaccess#交换机模式
ospf1area0.0.0.0
importroutedirect//引入直连路由
network10.44.251.00.0.0.255network10.44.253.00.0.0.255
interfaceVlan-interface1
ipaddress192.168.204.204255.255.255.0
interfaceGigabitEthernet0/5
portlink-moderoute//设置接口为路由模式
ipaddress10.44.251.45255.255.255.0
#
interfaceGigabitEthernet0/7
portlink-moderoute//设置接口为路由模式
ipaddress10.44.253.45255.255.255.0
[H3C]iproute-static10.44.251.0255.255.255.010.44.171.5//配置静态目的网段(多个目的路由需配多条)和下一条的出口地址
[H3C]iproute-static0.0.0.00.0.0.010.44.171.5//配置缺省路由只需配0.0.0.0和下一跳
iproute-static10.1.1.02410.44.171.6preferencce60//设置优先级为60,数字越小越优先
iphttpenable
[H3C-ospf-1]import-routedirect//ospf加入直连
[H3C-ospf-1]import-routestatic//ospf加入静态路由
network10.44.251.00.0.0.255
ipunreachablesenable显示跟踪ipttl-expiresenable显示跟踪
#
iproute-static10.1.1.02410.44.171.6iproute-static10.44.171.02410.44.171.6
iproute-static10.44.200.02410.44.171.6
双链路路由器设置:
#市路由器:
acladvanced3300//创建访问控制列表ACL3300
rule0permitipdestination10.44.200.2220//配置允许目的ip地址或网段(反掩码)访问
acladvanced3333//创建访问控制列表ACL3333
rule0permitipdestination10.44.200.00.0.0.255//配置允许目的ip网段或固定地址(反掩码)
policy-based-routexxxpermitnode1//创建策略路xxx,节点1
if-matchacl3000//如果是ACL3000
applynext-hop10.10.10.11//指定下一跳ip地址路由器
policy-based-routexxxpermitnode11//创建策略路xxx,节点11
if-matchacl3333//如果是ACL3333
applynext-hop10.44.171.6//指定下一跳ip地址路由器
在网口应用策略路由
interfaceGigabitEthernet0/5portlink-moderoute
ipaddress10.44.251.46255.255.255.0ippolicy-based-routexxx
acladvanced3500//创建ACL3500
rule1permitipdestination10.44.200.2220//允许指定目的地址通过,反掩码
rule11denyipdestination10.44.200.00.0.0.255//拒绝目的网段通过,反掩码
在外网接口应用上网策略(outbound是出,inbound是进)
interfaceGigabitEthernet0/10portlink-moderoute
ipaddress10.10.10.10255.255.255.0packet-filter3500outbound
#县路由器:
acladvanced3300//创建ACL3300访问
rule0permitipsource10.44.200.2220//配置允许源ip固定地址,反掩码
rule11denyipsource10.44.200.00.0.0.255//拒绝目的网段通过,反掩码
acladvanced3333//创建ACL3333访问
rule0permitipsource10.44.200.00.0.0.255//配置允许源ip段地址,反掩码
if-matchacl3300//如果是ACL3300
if-matchacl3333//如果是ACL3333
applynext-hop10.44.171.5//指定下一跳ip地址路由器
[H3C]interfaceVlan-interface1ipaddress10.44.200.1255.255.255.0
[H3C-Vlan-interface1]ippolicy-based-routexxxquit
interfaceGigabitEthernet0/10portlink-moderoute
ipaddress10.10.10.10255.255.255.0packet-filter3300outbound
市A静态配置:
shiAAA>
discu
telnetserverenable
routerid4.4.4.4
#ospf1import-routedirecimport-routestatic
area0.0.0.0network10.44.251.00.0.0.255
ipunreachablesenableipttl-expiresenable
policy-based-routexxxpermitnode1
if-matchacl3300applynext-hop10.10.10.10
policy-based-routexxxpermitnode11
if-matchacl3333applynext-hop10.44.171.6
interfaceGigabitEthernet0/1
portlink-moderoute
ipaddress192.168.204.1255.255.255.0
interfaceGigabitEthernet0/3
ipaddress10.44.171.5255.255.255.0
ipaddress10.44.251.46255.255.255.0
ippolicy-based-routexxx
interfaceGigabitEthernet0/10portlink-moderoute
ipaddress10.10.10.11255.255.255.0packet-filter3300outbound
iproute-static10.44.200.02410.44.171.6、
iproute-static10.44.200.02410.10.10.10
acladvanced3300
rule1permitipdestination10.44.200.2220
rule11denyipdestination10.44.200.00.0.0.255
acladvanced3333
rule11permitipdestination10.44.200.00.0.0.255
local-useradminclassmanageservice-typetelnethttphttps
authorization-attributeuser-rolelevel-12
authorization-attributeuser-rolelevel-15
authorization-attributeuser-rolenetwork-operator
iphttpsenable
县B动态ospf
xianBBB>
telnetserverenable
routerid10.10.10.10
ospf1
area0.0.0.1
network10.10.11.00.0.0.255
network10.44.100.00.0.0.255
network10.44.172.00.0.0.255
#ipunreachablesenableipttl-expiresenable
policy-based-routeyyypermitnode1
if-matchacl3300applynext-hop10.10.11.11
policy-based-routeyyypermitnode11
if-matchacl3333applynext-hop10.44.172.5
ipaddress10.44.100.1255.255.255.0ippolicy-based-routeyyy
interfaceGigabitEthernet0/3portlink-moderoute
ipaddress10.44.172.6255.255.255.0ospfcost2
interfaceGigabitEthernet0/11portlink-moderoute
ipaddress10.10.11.10255.255.255.0packet-filter3300outbound
rule1permitipsource10.44.100.2220
rule11denyipsource10.44.100.00.0.0.255
rule11permitipsource10.44.100.00.0.0.255
local-useradminclassmanage
service-typetelnethttphttps
iphttpenableiphttpsenable
#县A静态
xianAAA>
ipunreachablesenablipttl-expiresenable
if-matchacl3300applynext-hop10.10.10.11
policy-based-routexxxpermitnode2
if-matchacl3333applynext-hop10.44.171.5
ipaddress10.44.200.1255.255.255.0ippolicy-based-routexxx
portlink-moderouteipaddress10.44.171.6255.255.255.0
ipaddress10.10.10.10255.255.255.0packet-filter3300outbound
linevty04
authentication-modeschemeuser-rolenetwork-operator
linevty563
user-rolenetwork-operator
iproute-static10.44.0.01610.44.171.5
iproute-static10.44.0.01610.10.10.11
#acladvanced3300
rule1permitipsource10.44.200.2220
rule11denyipsource10.44.200.00.0.0.255
#acladvanced3333
rule1permitipsource10.44.200.00.0.0.255