您现在的位置是:首页 > 文章详情

H3C校园双出口配置案例,可跟做!

日期:2019-10-29点击:389

关于H3C的路由器、交换机基础理论知识,可以参看博文:H3C产品简介及基础配置命令

1.案例拓补

H3C校园双出口配置案例,可跟做!

该拓扑图中的校园网内部分为两个网段:一个为学生校舍网段(192.168.2.0),主要访问电信提供的internet服务器;另外一个网段为校园办公和教学用网段(192.168.3.0),主要访问教育网。校园网出口路由器连接了电信提供的internet20m光纤,同时也连接了教育网的20m光纤(由于H3C的模拟器无法模拟出PC和server,所以只好使用路由器来代替了)。

本次案例使用的模拟器是H3C Cloud Lab,网盘链接:链接:https://pan.baidu.com/s/1MK-nw5MpkroXvhf-kFgG3w
提取码:xfup

2.案例需求

(1)路由器配置要求:当其中任意一条外部光纤中断时,另一条光纤可备份其下属的网段访问internet服务或教育网资源。
(2)Nat配置要求:出口路由器的两个出口都能同时使用校园内网的私有网段做nat后访问外部资源。教育网出口接口处还配置了nat server,使内部的教学网段的某个ip服务器对教育网提供telnet访问服务。
(3)策略路由配置要求:校园网内的教学用网段192.168.3.0/24主要通过教育网访问外部资源,而校舍网段192.168.2.0/24主要通过电信出口访问Internet资源。当教育专网的光纤故障时,校舍网段可以通过电信出口访问相关教育网资源,当电信的光纤线路故障时,校舍网段可以通过专网出口访问相关资源。

3.案例实施

(1)基本配置

PC1的配置:

Automatic configuration is running, press CTRL_D to break. //每个设备开机时,都需使用组合键Ctrl+D才可进行配置 [PC1]int g0/0 [PC1-GigabitEthernet0/0]ip add 192.168.2.100 255.255.255.0 [PC1-GigabitEthernet0/0]undo shutdown [PC1-GigabitEthernet0/0]quit [PC1]ip route-static 0.0.0.0 0.0.0.0 192.168.2.1 //配置默认路由(网关)

PC2的配置:

[PC2]int g0/0 [PC2-GigabitEthernet0/0]ip add 192.168.3.100 255.255.255.0 [PC2-GigabitEthernet0/0]undo shutdown [PC2-GigabitEthernet0/0]quit [PC2]ip route-static 0.0.0.0 0.0.0.0 192.168.3.1

server的配置:

[server]int g0/0 [server-GigabitEthernet0/0]ip add 192.168.3.250 255.255.255.0 [server-GigabitEthernet0/0]undo shutdown [server-GigabitEthernet0/0]quit [server]ip route-static 0.0.0.0 0.0.0.0 192.168.3.1

SW1的配置:

[sw1]vlan 2 [sw1-vlan2]vlan 3 //创建vlan2、vlan3 [sw1-vlan3]quit [sw1]int vlan 1 [sw1-Vlan-interface1]ip add 192.168.1.2 255.255.255.0 [sw1-Vlan-interface1]undo shutdown [sw1-Vlan-interface1]int vlan 2 [sw1-Vlan-interface2]ip add 192.168.2.1 255.255.255.0 [sw1-Vlan-interface2]undo shutdown [sw1-Vlan-interface2]int vlan 3 [sw1-Vlan-interface3]ip add 192.168.3.1 255.255.255.0 [sw1-Vlan-interface3]undo shutdown [sw1-Vlan-interface3]int g1/0/6 [sw1-GigabitEthernet1/0/6]port access vlan 2 [sw1-GigabitEthernet1/0/6]int g1/0/7 [sw1-GigabitEthernet1/0/7]port access vlan 3 [sw1-GigabitEthernet1/0/7]int g1/0/8 [sw1-GigabitEthernet1/0/8]port access vlan 3 //将接口加入指定vlan中

R1的配置:

[R1]int g0/0 [R1-GigabitEthernet0/0]ip add 202.202.202.2 255.255.255.252 [R1-GigabitEthernet0/0]undo shutdown [R1-GigabitEthernet0/0]int g0/1 [R1-GigabitEthernet0/1]ip add 200.200.200.2 29 //子网掩码也支持数值 [R1-GigabitEthernet0/1]undo shutdown [R1-GigabitEthernet0/1]int g0/2 [R1-GigabitEthernet0/2]port link-mode bridge //将接口改为bridge类型 //所有接口默认属于vlan1,所以相当于G0/2的接口IP已经是vlan 1的IP地址了 [R1-GigabitEthernet0/2]int vlan 1 [R1-Vlan-interface1]ip add 192.168.1.1 24 [R1-Vlan-interface1]undo shutdown

R2的配置:

[R2]int g0/0 [R2-GigabitEthernet0/0]ip add 202.202.202.1 30 [R2-GigabitEthernet0/0]undo shutdown [R2-GigabitEthernet0/0]int g0/1 [R2-GigabitEthernet0/1]ip add 222.222.222.1 30 [R2-GigabitEthernet0/1]undo shutdown [R2-GigabitEthernet0/1]int loop 0 [R2-LoopBack0]ip add 202.202.0.1 32

R3的配置:

[R3]int g0/0 [R3-GigabitEthernet0/0]ip add 222.222.222.2 30 [R3-GigabitEthernet0/0]undo shutdown [R3-GigabitEthernet0/0]int g0/1 [R3-GigabitEthernet0/1]ip add 200.200.200.1 29 [R3-GigabitEthernet0/1]undo shutdown [R3-GigabitEthernet0/1]int g0/2 [R3-GigabitEthernet0/2]ip add 202.1.1.1 24 [R3-GigabitEthernet0/2]undo shutdown

PC3的配置:

[pc3]int g0/0 [pc3-GigabitEthernet0/0]ip add 202.1.1.2 24 [pc3-GigabitEthernet0/0]undo shutdown [pc3-GigabitEthernet0/0]quit [pc3]ip route-static 0.0.0.0 0.0.0.0 202.1.1.1

(2)路由配置

sw1配置默认路由:

[sw1]ip route-static 0.0.0.0 0.0.0.0 192.168.1.1 //配置一条默认路由指向R1

R1配置静态路由和ospf:

[R1]ip route-static 192.168.3.0 255.255.255.0 192.168.1.2 [R1]ip route-static 192.168.2.0 255.255.255.0 192.168.1.2 [R1]ospf 1 [R1-ospf-1]area 0 [R1-ospf-1-area-0.0.0.0]net 0.0.0.0 255.255.255.255

R2配置ospf:

[R2]ospf 1 [R2-ospf-1]area 0 [R2-ospf-1-area-0.0.0.0]net 0.0.0.0 255.255.255.255

R3配置ospf:

[R3]ospf 1 [R3-ospf-1]area 0 [R3-ospf-1-area-0.0.0.0]net 0.0.0.0 255.255.255.255

(3)配置NAT

R1的配置NAT:

[R1]acl basic 2001 //创建ACL,编号为2001 [R1-acl-ipv4-basic-2001]rule 0 permit source 192.168.2.0 0.0.0.255 [R1-acl-ipv4-basic-2001]rule 5 permit source 192.168.3.0 0.0.0.255 [R1-acl-ipv4-basic-2001]rule 10 deny [R1-acl-ipv4-basic-2001]int g0/0 [R1-GigabitEthernet0/0]port link-mode route [R1-GigabitEthernet0/0]description link_to_tel [R1-GigabitEthernet0/0]nat outbound 2001 [R1-GigabitEthernet0/0]int g0/1 [R1-GigabitEthernet0/1]port link-mode route [R1-GigabitEthernet0/1]description link_to_end [R1-GigabitEthernet0/1]nat outbound 2001 //将ACL应用到两个出接口上,匹配到ACL2001的,都进行nat转换

验证PC1是否能够ping通R2路由器上的loopback接口地址:
H3C校园双出口配置案例,可跟做!

验证PC1是否能够ping通PC3:
H3C校园双出口配置案例,可跟做!

在R1路由器查看NAT转换表:

[R1]display nat session verbose Slot 0: Initiator: Source IP/port: 192.168.2.100/44032 //源地址是192.168.2.100 Destination IP/port: 202.202.0.1/2048 //目标地址是202.202.0.1 DS-Lite tunnel peer: - instance/VLAN ID/VLL ID: -/-/- Protocol: ICMP(1) Inbound interface: Vlan-interface1 Responder: Source IP/port: 202.202.0.1/3 //202.202.0.1的返回流量 Destination IP/port: 202.202.202.2/0 //200.200.200.2接口进入内网 DS-Lite tunnel peer: - instance/VLAN ID/VLL ID: -/-/- Protocol: ICMP(1) Inbound interface: GigabitEthernet0/0 State: ICMP_REPLY Application: OTHER Start time: 2019-10-29 07:48:16 TTL: 28s Initiator->Responder: 0 packets 0 bytes Responder->Initiator: 0 packets 0 bytes Initiator: Source IP/port: 192.168.2.100/43776 //源地址是192.168.2.100 Destination IP/port: 202.1.1.2/2048 //目标地址是200.1.1.2 DS-Lite tunnel peer: - instance/VLAN ID/VLL ID: -/-/- Protocol: ICMP(1) Inbound interface: Vlan-interface1 Responder: Source IP/port: 202.1.1.2/3 //202.1.1.2的返回流量 Destination IP/port: 200.200.200.2/0 //200.200.200.2接口进入内网 DS-Lite tunnel peer: - instance/VLAN ID/VLL ID: -/-/- Protocol: ICMP(1) Inbound interface: GigabitEthernet0/1 State: ICMP_REPLY Application: OTHER Start time: 2019-10-29 07:47:47 TTL: 0s Initiator->Responder: 0 packets 0 bytes Responder->Initiator: 0 packets 0 bytes Total sessions found: 2

(4)配置策略路由

R1配置策略路由:

[R1]acl advanced 3001 //定义扩展ACL,编号为3001 [R1-acl-ipv4-adv-3001]rule 0 permit ip source 192.168.3.0 0.0.0.255 [R1-acl-ipv4-adv-3001]quit [R1]policy-based-route al permit node 10 //配置策略路由 [R1-pbr-al-10]if-match acl 3001 //如果匹配acl 3001 [R1-pbr-al-10]apply next-hop 200.200.200.1 //下一跳指向200.200.200.1 [R1-pbr-al-10]quit [R1]policy-based-route al permit node 20 //空节点,放行其他流量 [R1-pbr-al-20]quit [R1]int Vlan-interface 1 [R1-Vlan-interface1]ip policy-based-route al //在此接口下应用路由策略,因为需要做策略路由的数据包都是从这个接口下转发过来的

测试pc1pingpc3,并查看nat转换表

[R1]display nat session verbose Slot 0: Initiator: Source IP/port: 192.168.2.100/45824 Destination IP/port: 202.1.1.2/2048 DS-Lite tunnel peer: - instance/VLAN ID/VLL ID: -/-/- Protocol: ICMP(1) Inbound interface: Vlan-interface1 Responder: Source IP/port: 202.1.1.2/4 Destination IP/port: 200.200.200.2/0 //注意看这里 DS-Lite tunnel peer: - instance/VLAN ID/VLL ID: -/-/- Protocol: ICMP(1) Inbound interface: GigabitEthernet0/1 State: ICMP_REPLY Application: OTHER Start time: 2019-10-29 08:01:58 TTL: 27s Initiator->Responder: 0 packets 0 bytes Responder->Initiator: 0 packets 0 bytes Total sessions found: 1

测试pc2pingpc3,并查看nat转换表

[R1]display nat session verbose Slot 0: Initiator: Source IP/port: 192.168.3.100/43008 Destination IP/port: 202.1.1.2/2048 DS-Lite tunnel peer: - instance/VLAN ID/VLL ID: -/-/- Protocol: ICMP(1) Inbound interface: Vlan-interface1 Responder: Source IP/port: 202.1.1.2/6 Destination IP/port: 200.200.200.2/0 DS-Lite tunnel peer: - instance/VLAN ID/VLL ID: -/-/- Protocol: ICMP(1) Inbound interface: GigabitEthernet0/1 State: ICMP_REPLY Application: OTHER Start time: 2019-10-29 08:04:55 TTL: 27s Initiator->Responder: 0 packets 0 bytes Responder->Initiator: 0 packets 0 bytes Total sessions found: 1

可以看到策略路由已经生效了,并且现在关闭R1路由器的G0/0和G0/1中的任何一个接口,都不会影响内网与外网的通信,可自行测试。

(5)配置NAT server映射

R1配置NAT server:

[R1]int g0/1 [R1-GigabitEthernet0/1]nat server protocol tcp global 200.200.200.2 23 inside 192.168.3.250 23 //配置NAT映射,将内部的服务器192.168.3.250的23端口映射到全局地址200.200.200.2的23端口上

server开启Telnet:

[server]telnet server enable //默认就是开启,可以省略 [server]local-user admin //创建本地用户admin New local user added. [server-luser-manage-admin]password simple benet //配置明文密码“benet” [server-luser-manage-admin]service-type telnet //指定服务类型为telnet [server-luser-manage-admin]authorization-attribute user-role level-3 //指定命令级别为3 [server-luser-manage-admin]quit [server]user-interface vty 0 4 //进入vty线路 [server-line-vty0-4]authentication-mode scheme //配置用户的认证方式 [server-line-vty0-4]protocol inbound telnet //支持telnet [server-line-vty0-4]quit

PC3开始测试telnet server:

<pc3>Telnet 200.200.200.2 //注意是在用户视图下 //测试使用server映射出的外部地址(也就是路由器的接口地址) Trying 200.200.200.2 ... Press CTRL+K to abort Connected to 200.200.200.2 ... ****************************************************************************** * Copyright (c) 2004-2014 Hangzhou H3C Tech. Co., Ltd. All rights reserved. * * Without the owner's prior written consent, * * no decompiling or reverse-engineering shall be allowed. * ****************************************************************************** login: admin Password: <server> //登录成功

———————— 本文至此结束,感谢阅读 ————————

原文链接:https://blog.51cto.com/14157628/2446293
关注公众号

低调大师中文资讯倾力打造互联网数据资讯、行业资源、电子商务、移动互联网、网络营销平台。

持续更新报道IT业界、互联网、市场资讯、驱动更新,是最及时权威的产业资讯及硬件资讯报道平台。

转载内容版权归作者及来源网站所有,本站原创内容转载请注明来源。

文章评论

共有0条评论来说两句吧...

文章二维码

扫描即可查看该文章

点击排行

推荐阅读

最新文章