H3C基本配置

一、基本配置 pc1配置 <h3c>system-view [h3c]sysname pc1 [h3c]int g0/0 [pc1-GigabitEthernet0/0]ip add 192.168.2.100 255.255.255.0 [pc1-GigabitEthernet0/0]undosh [pc1-GigabitEthernet0/0]quit [pc1]ip route-static 0.0.0.0 0.0.0.0 192.168.2.1 [pc1]displayip routing-table pc2配置 <h3c>system-view [h3c]sysname pc2 [pc2]int g0/0 [pc2-GigabitEthernet0/0]ip add 192.168.3.100 255.255.255.0 [pc2-GigabitEthernet0/0]undosh [pc2-GigabitEthernet0/0]quit [pc2]ip route-static 0.0.0.0 0.0.0.0 192.168.3.1 [pc2]displayip routing-table 服务器配置 <h3c>system-view [h3c]sysname server [server]int g0/0 [server -GigabitEthernet0/0]ip add 192.168.3.250 255.255.255.0 [server -GigabitEthernet0/0]undosh [server -GigabitEthernet0/0]quit [server]ip route-static 0.0.0.0 0.0.0.0 192.168.3.1 [server]display ip routing-table pc3配置 <h3c>system-view [h3c]sysname pc3 [pc3]int g0/0 [pc3-GigabitEthernet0/0]ip add 202.1.1.2 55.255.255.0 [pc3-GigabitEthernet0/0]undosh [pc3-GigabitEthernet0/0]quit [pc3]ip route-static 0.0.0.0 0.0.0.0 202.1.1.1 [pc3]displayip routing-table r1配置 <H3C>system-view [H3C]sysname r1 [r1]int g0/0 [r1-GigabitEthernet0/0]ip add 202.202.202.2 255.255.255.252 [r1-GigabitEthernet0/0]undosh [r1-GigabitEthernet0/0]int g0/1 [r1-GigabitEthernet0/1]ip add 200.200.200.2 255.255.255.252 [r1-GigabitEthernet0/1]undosh 将g0/2口改为桥接模式 [r1-GigabitEthernet0/1]int g0/2 [r1-GigabitEthernet0/2]port link-mode bridge [r1-GigabitEthernet0/2]int vlan 1 [r1-Vlan-interface1]ip add 192.168.1.1 255.255.255.0 [r1-Vlan-interface1]undosh r2配置 <H3C>system-view System View: return to User View with Ctrl+Z. [H3C]sysname r2 [r2]int g0/0 [r2-GigabitEthernet0/0]ip add 202.202.202.1 255.255.255.252 [r2-GigabitEthernet0/0]undosh [r2-GigabitEthernet0/0]int g0/1 [r2-GigabitEthernet0/1]ip add 222.222.222.1 255.255.255.252 [r2-GigabitEthernet0/1]undosh [r2-GigabitEthernet0/1]int loopback 0 [r2-LoopBack0]ip add 202.202.0.1 255.255.255.255 [r2-LoopBack0] r3配置 <H3C>system-view [H3C]sysname r3 [r3]int g0/1 [r3-GigabitEthernet0/1]ip add 200.200.200.1 255.255.255.252 [r3-GigabitEthernet0/1]undosh [r3-GigabitEthernet0/1]int g0/0 [r3-GigabitEthernet0/0]ip add 222.222.222.2 255.255.255.252 [r3-GigabitEthernet0/0]undosh [r3-GigabitEthernet0/0] [r3-GigabitEthernet0/0]int g0/2 [r3-GigabitEthernet0/2] ip add 202.1.1.1 255.255.255.0 [r3-GigabitEthernet0/2]undosh sw1配置 [H3C]sysname sw1 [sw1]int vlan 1 [sw1-Vlan-interface1]ip add 192.168.1.2 255.255.255.0 [sw1-Vlan-interface1]undosh [sw1]vlan 2 [sw1-vlan2]vlan 3 [sw1-vlan3]int vlan 2 [sw1-Vlan-interface2]ip add 192.168.2.1 255.255.255.0 [sw1-Vlan-interface2]undosh [sw1-Vlan-interface2]int vlan 3 [sw1-Vlan-interface3]ip add 192.168.3.1 255.255.255.0 [sw1-Vlan-interface3]undosh [sw1]int g1/0/6 [sw1-GigabitEthernet1/0/6]port access vlan 2 [sw1-GigabitEthernet1/0/6]int g1/0/7 [sw1-GigabitEthernet1/0/7]port access vlan 3 [sw1-GigabitEthernet1/0/7]int g1/0/8 [sw1-GigabitEthernet1/0/8]port access vlan 3 二、路由配置 1.sw1配置默认路由 [sw1-GigabitEthernet1/0/8]ip route-static 0.0.0.0 0.0.0.0 192.168.1.1 2.r1上配置静态路由和ospf <r1>system-view [r1]ip route-static 192.168.2.0 255.255.255.0 192.168.1.2 [r1]ip route-static 192.168.3.0 255.255.255.0 192.168.1.2 [r1]ospf 1 [r1-ospf-1]area 0 [r2-ospf-1-area-0.0.0.0]net 0.0.0.0 255.255.255.255 3.r2上配置ospf <r2>system-view [r2]ospf 1 [r2-ospf-1]area 0 [r2-ospf-1-area-0.0.0.0]net 0.0.0.0 255.255.255.255 4.r3上配置ospf <r2>system-view [r3]ospf 1 [r3-ospf-1]area 0 [r3-ospf-1-area-0.0.0.0]net 0.0.0.0 255.255.255.255 说明： 三、nat配置 [r1]acl basic 2001 [r1-acl-ipv4-basic-2001]rule 0 permit source 192.168.2.0 0.0.0.255 [r1-acl-ipv4-basic-2001]rule 5 permit source 192.168.3.0 0.0.0.255 [r1-acl-ipv4-basic-2001]rule 10 deny [r1-acl-ipv4-basic-2001]int g0/0 [r1-GigabitEthernet0/0]port link-mode route [r1-GigabitEthernet0/0]descriptionlink_to_tel [r1-GigabitEthernet0/0]nat outbound 2001 [r1-GigabitEthernet0/0]int g0/1 [r1-GigabitEthernet0/1]port link-mode route [r1-GigabitEthernet0/1]desclink_to_end [r1-GigabitEthernet0/1]nat outbound 2001 [r1-GigabitEthernet0/1]nat server protocol tcp global 200.200.200.2 23 inside 19 2.168.3.250 23 [r1-GigabitEthernet0/1] 验证：从pc1 ping 202.202.0.1
display nat session 四、策略路由配置 [r1]acl advanced 3001 [r1-acl-ipv4-adv-3001]rule 0 permit ip source 192.168.3.0 0.0.0.255 [r1-acl-ipv4-adv-3001]quit [r1]policy-based-route a1 permit node 10 [r1-pbr-a1-10]if-match acl 3001 [r1-pbr-a1-10]apply next-hop 200.200.200.1 [r1-pbr-a1-10]quit [r1]policy-based-route a1 permit node 20 //空节点，即不匹配acl3001的流量都放行，正常查路由表 [r1-pbr-a1-20]quit 在接口vlan上应用策略路由（此处使用的是基于接口的策略路由） [r1]int Vlan-interface 1 [r1-Vlan-interface1]ip policy-based-route a1 [r1-Vlan-interface1] 五、验证 1.验证nat，在server上开启telnet <server>system-view [server]telnet server enable //默认开启 [server]local-user admin //创建用户admin [server-luser-manage-admin]password simple benet //配置密码 [server-luser-manage-admin]service-type telnet //指定服务类型为telnet [server-luser-manage-admin]authorization-attribute user-role level-3 //指定命令级别为3级 [server-luser-manage-admin]quit [server]user-interface vty 0 //进入vty线路 [server-line-vty0]authentication-mode scheme //配置用户的认证方式 [server-line-vty0]protocol inbound telnet //支持telnet [server-line-vty0]quit 在pc3上telnet服务器 <pc3>telnet 200.200.200.2 login: admin Password: <server> <server>