H3C MSR路由器 PPPOE NAT 策略路由 QOS 配置实例文档格式.docx
- 文档编号:21810888
- 上传时间:2023-02-01
- 格式:DOCX
- 页数:12
- 大小:17.04KB
H3C MSR路由器 PPPOE NAT 策略路由 QOS 配置实例文档格式.docx
《H3C MSR路由器 PPPOE NAT 策略路由 QOS 配置实例文档格式.docx》由会员分享,可在线阅读,更多相关《H3C MSR路由器 PPPOE NAT 策略路由 QOS 配置实例文档格式.docx(12页珍藏版)》请在冰豆网上搜索。
aclnumber3002
rule0permitipsource10.0.1.10.0.0.254
aclnumber3111
rule0permitipsource192.168.3.00.0.0.254
aclnumber3112
aclnumber3113
rule0permitipdestination192.168.2.00.0.0.255
aclnumber3114
rule5permitipsource192.168.3.1800.0.0.3
aclnumber3333
vlan1
connection-limitpolicy1
domainsystem
access-limitdisable
stateactive
idle-cutdisable
self-service-urldisable
user-groupsystem
local-userhuawei
passwordcipherN`C55QK<
`=/Q=^Q`MAF4<
1!
!
authorization-attributelevel3
service-typetelnet
interfaceAux0
asyncmodeflow
link-protocolppp
interfaceDialer1
natoutbound2000
ppppaplocal-user**************
ipaddressppp-negotiate
load-bandwidth2000
tcpmss1024
dialeruser****************
dialer-group1
dialerbundle1
interfaceDialer2
ppppaplocal-user****************
dialeruser**************
dialerbundle2
interfaceDialer3
dialeruser*************
dialerbundle3
interfaceEthernet0/0
portlink-moderoute
pppoe-clientdial-bundle-number3
interfaceEthernet0/1
pppoe-clientdial-bundle-number2
interfaceEthernet1/0
pppoe-clientdial-bundle-number1
interfaceNULL0
interfaceLoopBack10
ipaddress192.168.2.253255.255.255.255
interfaceVlan-interface1
ipaddress192.168.3.1255.255.255.0
ipaddress192.168.2.254255.255.255.0sub
qoscarinboundcarl10cir1000cbs1000ebs1000greenpassreddiscard
qoscaroutboundcarl20cir1000cbs1000ebs1000greenpassredpass
ippolicy-based-routefz1
interfaceEthernet0/2
portlink-modebridge
interfaceEthernet0/3
interfaceEthernet0/4
interfaceEthernet0/5
interfaceEthernet0/6
interfaceEthernet0/7
interfaceEthernet0/8
interfaceEthernet0/9
policy-based-routefz1permitnode0
if-matchacl3113
applyoutput-interfaceVlan-interface1
policy-based-routefz1permitnode1
if-matchacl3114
applyoutput-interfaceDialer3
policy-based-routefz1permitnode2
if-matchacl3112
applyoutput-interfaceDialer2
policy-based-routefz1permitnode3
if-matchacl3111
applyoutput-interfaceDialer1
policy-based-routefz2permitnode0
policy-based-routefz2permitnode1
iproute-static0.0.0.00.0.0.0Dialer3
natconnection-limit-policy1
telnetclientsourceip192.168.2.254
dialer-rule1ippermit
dialer-rule2ippermit
dialer-rule3ippermit
user-interfacecon0
user-interfaceaux0
user-interfacevty04
acl2222inbound
authentication-modescheme
userprivilegelevel3
setauthenticationpasswordsimplehuawei
return
H3C之AR18路由器配置实例--两条链路是以太网链路+PPPOE链路的备份
网络拓扑图如图4所示,AR18-22-24有两条到ISP的链路,E1/0为主用链路,网络地址为142.1.1.0/30;
ETH2/0连接ADSLmodem通过PPPOE方式连接ISP,Dialer0做备用链路。
正常工作时所有的流量通过主用链路E1/0发送,当主用链路出现异常时,设备会自动发起PPPOE拨号,流量切换到备用链路,主用链路恢复后会自动重新启用。
主链路启用60秒后PPPOE连接会自动挂断。
图4以太网链路+PPPOE链路进行主备备份拓扑图
[Quidway]displaycurrent-configuration
sysnameQuidway
clocksummer-timeBJrepeating00:
00:
0006/01/200023:
59:
5908/31/200001:
00
clocktimezonePekingadd08:
FTPserverenable
flow-interval5
webset-packageforceflash:
/http.zip
radiusschemesystem
local-useradmin
passwordcipher.]@USE=B,53Q=^Q`MAF4<
service-typetelnetterminal
level3
service-typeftp
#配置自动侦测组1,侦测主用链路的对端地址是否可达,侦测间隔为5s。
detect-group1
detect-list1ipaddress142.1.1.1
timerloop5
#配置接口应用NAT时引用的ACL。
aclnumber2001
rule10permitsource192.168.1.00.0.0.255
#配置在接口上应用的过滤规则,主要用于攻击防范,强烈建议配置。
rule10denytcpdestination-porteq445
rule11denyudpdestination-porteq445
rule20denytcpdestination-porteq135
rule21denyudpdestination-porteq135
rule30denytcpdestination-porteq137
rule31denyudpdestination-porteqnetbios-ns
rule40denytcpdestination-porteq138
rule41denyudpdestination-porteqnetbios-dgm
rule50denytcpdestination-porteq139
rule51denyudpdestination-porteqnetbios-ssn
rule61denyudpdestination-porteqtftp
rule70denytcpdestination-porteq593
rule80denytcpdestination-porteq4444
rule90denytcpdestination-porteq707
rule100denytcpdestination-porteq1433
rule101denyudpdestination-porteq1433
rule110denytcpdestination-porteq1434
rule111denyudpdestination-porteq1434
rule120denytcpdestination-porteq5554
rule130denytcpdestination-porteq9996
rule141denyudpsource-porteqbootps
rule160permiticmpicmp-typeecho
rule161permiticmpicmp-typeecho-reply
rule162permiticmpicmp-typettl-exceeded
rule165denyicmp
rule2002permitipdestination142.1.1.20
rule3000denyip
rule2000permitip
aclnumber3003
rule2010denyipsource192.168.1.10
rule2030permitipsource192.168.1.00.0.0.255
rule3000denyip
#配置广域网接口Dialer0,拨号的用户名和口令均为test,对入报文进行过滤(所有出报文均需要做NAT时可以不对入报文进行过滤),对出报文进行NAT。
interfaceDialer0
ppppaplocal-usertestpasswordsimpletest
dialerusertest
natoutbound2001
firewallpacket-filter3002inbound
#配置广域网接口E1/0,对入报文进行过滤(所有出报文均需要做NAT时可以不对入报文进行过滤),对出报文进行NAT。
ipaddress142.1.1.2255.255.255.252
firewallpacket-filter3001inbound
#配置广域网接口E2/0,做为拨号接口,链路空闲60秒钟后自动切断。
interfaceEthernet2/0
pppoe-clientdial-bundle-number1idle-timeout60
#配置局域网接口E3/0,对入报文进行过滤。
interfaceEthernet3/0
ipaddress192.168.1.1255.255.255.0
firewallpacket-filter3003inbound
interfaceEthernet3/1
interfaceEthernet3/2
interfaceEthernet3/3
interfaceEthernet3/4
interfaceEthernet3/5
interfaceEthernet3/6
interfaceEthernet3/7
interfaceEthernet3/8
interfaceEthernet3/9
interfaceEthernet3/10
interfaceEthernet3/11
interfaceEthernet3/12
interfaceEthernet3/13
interfaceEthernet3/14
interfaceEthernet3/15
interfaceEthernet3/16
interfaceEthernet3/17
interfaceEthernet3/18
interfaceEthernet3/19
interfaceEthernet3/20
interfaceEthernet3/21
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- H3C MSR路由器 PPPOE NAT 策略路由 QOS 配置实例 MSR 路由器 策略 路由 配置 实例