H3C路由器配置.docx
- 文档编号:6326585
- 上传时间:2023-01-05
- 格式:DOCX
- 页数:8
- 大小:17.51KB
H3C路由器配置.docx
《H3C路由器配置.docx》由会员分享,可在线阅读,更多相关《H3C路由器配置.docx(8页珍藏版)》请在冰豆网上搜索。
H3C路由器配置
整体配置过程与解释:
telnetserverenable#gd.置telnet服务local-useradmin#配置telnet用户名passwordsimpleadmin888#配置明丈密码为admin888
server-typetelnet#配置用户telnet服务类型
authorization-attributeuser-rolelevel-3#配置用户级别
quit
userinterfacevty04#线程核式authorization-modescheme#用户名+密码quit
先配LoopBack地址爵配置ospf
[xianBBB]intLoopBack10
[xianBBB-LoopBack10]ipaddressx.x.x.xx.x.x.x//ip地址
#
routerid1.1.1.1配置路由id
先配LoopBack地址再配置ospf
[xianBBBJintLoopBack10
[xianBBB-LoopBack10]ipaddressx.x.x.xx.x.x.x//ip地址
ospf1#进程号1
area0#肯干区城
network10.44.251.00.0.0.255network10.44.253.00.0.0.255
VLAN10〃创 intvIanlOipadd10」」」24〃配置VLAN10的IP地址 intgO/7portlink-typeaccess#交换机校式 # ospf1area0.0.0.0 importroutedirect//引入直连路由 network10.44.251.00.0.0.255network10.44.253.00.0.0.255 interfaceVian-interface! ipaddress192.168.204.204255.255.255.0 interfaceGigabitEthernetO/5 portlink-moderoute//设置棲d为路由栈式 ipaddress10.44.251.45255.255.255.0 # interfaceGigabitEthernetO/7 portlink-moderoute〃段置接d为路由模式 ipaddress10.44.253.45255.255.255.0 [H3C]iproute-static10.44.251.0255.255.255.010.44.171.5〃配置静态目的网 段(多个目的路由需配多条)和下一条的出D地址 [H3C]iproute-static0.0.0.00.0.0.010.44.171.5//^置缺省路由只需配0.0.0.0 和下一跳 iproute-static10」」・02410.44.171.6preferencce60〃段置优先级为60,数字 越小越优丸 # iphttpenable [H3C-ospf-l]import-routedirect//ospf加入直连 [H3C-ospf-l]import-routestatic//ospf加入挣态路由 # ospf1area0.0.0.0 network10.44.251.00.0.0.255 # ipunreachablesenable显示跟赊ipttl-expiresenable显示跟踪 # iproute-static10.1.1.02410.44.1刀・6iproute-static10.44.171.024 10.44.171.6 iproute-static10.44.200.02410.44.171.6 # 玖链路路由器役置: #市路由器: acladvanced3300〃创建访问控制列表ACL3300 rule0permitipdestination10.44.200.2220〃配置允许目的ip地址或网段 (反掩码丿访问 acladvanced3333〃创建访问控制列表ACL3333 rule0permitipdestination10.44.200.00.0.0.255〃配置允许目的ip网段或固岌地址(反掩码丿 〃创建策略路xxx,节点1 〃如果是ACL3000 〃指灾下一跳ip地址路由容 〃创建策略路XXX,节点11 〃如果是ACL3333 〃指龙下一跳ip地址路由器 policy-based-routexxxpermitnode1if-matchacl3000applynext-hop10.10.10.11 # policy-based-routexxxpermitnode11if-matchacl3333applynext-hop10.44」71.6 >4网d应用策略路由 portlink-moderoute interfaceGigabitEthernet0/5 ippolicy-based-routexxx ipaddress10.44.251.46255.255.255.0 # acladvanced3500〃创 rule1permitipdestination10.44.200.2220〃允许指定目的地址通过,反掩码 rule11denyipdestination10.44.200.00.0.0.255〃拒绝f]的网段通过,反掩 码 >4外网接d应用上网策略(outbound是出,inbound是进丿 ipaddress10」0」0」0255.255.255.0packet-filter3500outbound #县路由器: acladvanced3300〃创 rule0permitipsource10.44.200.2220〃配置允许源ip固定地址,反掩码 rule11denyipsource10.44.200.00.0.0.255〃拒绝目的网段通过,反播码 # acladvanced3333〃创建ACL3333访问 rule0permitipsource10.44.200.00.0.0.255〃配置允许源ip段地址,反掩码 # policy-based-routexxxpermitnode1〃创建策略路xxx,节点1 if-matchacl3300〃如果是ACL3300 applynext-hop10.10.10.11〃指定下一跳ip地址路由容 # policy-based-routexxxpermitnode11〃创建策略路xxx,节点11 if-matchacl3333〃如果是ACL3333 applynext-hop10.44.171.5〃指主下一跳ip地址路由赛 >4网D应用策略路由 [H3C]interfaceVlan-interface1ipaddress10.44.200.1255.255.255.0 [H3C-Vlan-interfacel]ippolicy-based-routexxxquit >4外网接d应用上网策略(outbound是出,inbound是进JinterfaceGigabitEthernet0/10portlink-moderoute outbound ipaddress10.10」0.10255.255.255.0packet-filter3300 # 市A挣态配置: <$hiAAA>discu telnetserverenable # routerid4.4.4.4 #ospf1import-routedirecimport-routestatic area0.0.0.0network10.44.251.00.0.0.255 # ipunreachablesenableipttl-expiresenable # policy-based-routexxxpermitnode1 if-matchacl3300applynext-hop10.10.10.10 # policy-based-routexxxpermitnode11 if-matchacl3333applynext-hop10.44.171.6 # interfaceGigabitEthernetO/1 portlink-moderoute ipaddress192.168.204.1255.255.255.0interfaceGigabitEthernet0/3 portlink-moderoute ipaddress10.44」71.5255.255.255.0 # interfaceGigabitEthernetO/5 portlink-moderoute ipaddress10.44.251.46255.255.255.0 ippolicy-based-routexxx # interfaceGigabitEthernet0/10portlink-moderoute ipaddress10255.255.255.0packet-filter3300outbound # iproute-static10.44.200.02410.44.171.6. iproute-static10.44.200.02410.10.10.10 # acladvaneed3300 rule1permitipdestination10.44.200.2220acladvanced3333 rule11permitipdestination10.44.200.00.0.0.255local-useradminclassmanageservice-typetelnethttphttps authorization-attributeuser-rolelevel-12 authorization-attributeuser-rolelevel-15 authorization-attributeuser-rolenetwork-operator # iphttpenable iphttpsenable # 县B动态ospf # telnetserverenable # routerid10.10.10.10 # ospf1 area0.0.0.1 network10」0」1.00.0.0.255 network10.44.172.00.0.0.255 #ipunreachablesenableipttl-expiresenable# policy-based-routeyyypermitnode1 if-matchacl3300applynext-hop10.10.11.11 # policy-based-routeyyypermitnode11 if-matchacl3333applynext-hop10.44.172.5 # interfaceVian-interface! ipaddress10.44」00」255.255.255.0ippolicy-based-routeyyy # interfaceGigabitEthernet0/3portlink-moderoute ipaddress10.44」72.6255.255.255.0ospfcost2 # interfaceGigabitEthernet0/11portlink-moderoute ipaddress10」0」1」0255.255.255.0packet-filter3300outbound # acladvaneed3300 rule1permitipsource10.44.100.2220acladvaneed3333 rule11permitipsource10.44.100.00.0.0.255local-useradminclassmanage service-typetelnethttphttps authorization-attributeuser-rolelevel-15 authorization-attributeuser-rolenetwork-operator # iphttpenableiphttpsenable #县A挣态 # telnetserverenable # ipunreachablesenablipttl-expiresenable # policy-based-routexxxpermitnode1 if-matchacl3300applynext-hop10.10.10.11 # policy-based-routexxxpermitnode2interfaceVian-interface! ipaddress10.44.200」255.255.255.0ippolicy-based-routexxxinterfaceGigabitEthernet0/3 portlink-moderouteipaddress10.44.171.6255.255.255.0 # interfaceGigabitEthernet0/10portlink-moderoute ipaddress10」0.10」0255.255.255.0packet-filter3300outbound # linevty04 authentication-modeschemeuser-rolenetwork-operator # linevty563 user-rolenetwork-operator # iproute-static10.44.0.01610.44.171.5 iproute-static10.44.0.01610.10.10.11 #acladvanced3300 rule1permitipsource10.44.200.2220 rule11denyipsource10.44.200.00.0.0.255 #acladvanced3333 local-useradminclassmanage authorization-attributeuser-rolelevel-15 authorizatiorvattributeuser«rolenetwork-operator # iphttpenable iphttpsenable
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- H3C 路由器 配置