首页 科技问答 ℡劉立軍,我公司用2台路由器,想实现内网的电脑同时能上内外网...

℡劉立軍,我公司用2台路由器,想实现内网的电脑同时能上内外网...

科技问答 184
1676431106,

我公司用2台H3C MSR2

内网是公司总部分配的IP地址段。

组网及组网描述:

 version 5.2

#

 sysname JS-DX

#

 undo password-control aging enable

#

 firewall enable

#

 domain default enable system

#

 router id 1

#

 telnet server enable

#

 dar p2p sigNATure-file flash:/p2p_default.mtd

#

 port-security enable

#

 password-recovery enable

#

acl number 3

 rule

 rule 5 permit ip destination 192.168.118.

 rule 1

 rule 15 permit ip

acl number 3

 rule

 rule 5 deny ip destination 192.168.118.

 rule 1

 rule 15 permit ip

acl number 36

 rule

 rule 5 permit ip source 1

 rule 1

 rule 15 permit ip destination 1

 rule 2

 rule 25 permit ip destination 1

 rule 3

 rule 35 permit ip destination 1

acl number 36

 rule

 rule 5 deny ip source 1

 rule 1

 rule 15 deny ip destination 1

 rule 2

 rule 25 deny ip destination 1

 rule 3

 rule 35 deny ip destination 1

#

acl number 4999

 rule 1 permit

#

vlan 1

#

domain system

 access-limit disable

 state active

 idle-cut disable

 self-service-url disable

#

traffic classifier others operator and

 if-match acl 3

traffic classifier pos&sap operator and

 if-match acl 3

traffic classifier acl398

 if-match acl 398

#

traffic behavior others

 queue af bandwidth 6

traffic behavior pos&sap

 queue af bandwidth 4

traffic behavior acldeny

 filter deny

#

qos policy pos&sap

 classifier pos&sap behavior pos&sap

 classifier others behavior others

qos policy PolicyLimit

#

user-group system

 group-attribute allow-guest

#

local-user JS-DX

local-user LYGXXB

 password cipher ************

 authorization-attribute level 3

 service-type ssh telnet

 service-type web

local-user admin

 password cipher ***************

 authorization-attribute level 3

 service-type ssh telnet

 service-type web

 password-control length 4

 password-control composition type-number 1

local-user user

 password cipher ********

 authorization-attribute level 3

 service-type ssh telnet

#

cwmp

 undo cwmp enable

#

controller E1

 using e1

#

interface Aux

 async mode flow

 link-protocol ppp

#

interface Cellular

 async mode protocol

 link-protocol ppp

 qos apply policy PolicyLimit outbound

 firewall packet-filter 4999 outbound

#

interface Ethernet

 port link-mode route

 firewall packet-filter 4999 outbound

 ip address 1

 ospf cost 1

 vrrp vrid 1 virtual-ip 1

 vrrp vrid 1 priority 12

 vrrp vrid 1 preempt-mode timer delay 2

 qos apply policy PolicyLimit outbound

#

interface Ethernet

 port link-mode route

 firewall packet-filter 4999 outbound

 ip address 1

 ospf network-type broadcast

 qos apply policy PolicyLimit outbound

 ip netstream inbound

 ip netstream outbound

 undo ip fast-forwarding

 ip flow-ordering internal

#

interface Ethernet

 port link-mode route

 firewall packet-filter 4999 outbound

 qos max-bandwidth 512

 ospf network-type p2p

 qos flow-interval 1

 qos apply policy PolicyLimit outbound

 undo ip fast-forwarding

#

interface Serial

 link-protocol ppp

 qos max-bandwidth 512

 ospf network-type p2p

 qos flow-interval 1

 qos apply policy PolicyLimit outbound

 undo ip fast-forwarding

#

interface NULL

#

interface Vlan-interface1

#

interface Ethernet

 port link-mode bridge

#

interface Ethernet

 port link-mode bridge

#

ospf 1

 peer 1

 area

  network 1

  network 1

  nssa

#

#

voice-setup

 #

 sip

 #

 sip-server

  #

  call-rule-set

  #

  call-route

 #

 dial-program

 #

 aaa-client

 #

 gk-client

#

 snmp-agent

 snmp-agent local-engineid 8

 snmp-agent community read yunshang1

 snmp-agent sys-info version v2c

#

 ip netstream export host 192.168.132.142 2

 ip netstream export source interface Ethernet

#

 ntp-service unicast-server 192.168.132.2

#

 ssh server enable

 ssh server authentication-timeout 3

 ssh user admin service-type stelnet authentication-type password

#

 load xml-configuration

#

 load tr

#

user-interface tty 12

user-interface aux

 authentication-mode password

user-interface vty

 authentication-mode scheme

 user privilege level 3

 idle-timeout 1

#

return

外网路由配置信息如下:

 sysname H3C

#

 domain default enable system

#

 dns proxy enable

#

 bridge enable

#

 telnet server enable

#

 dar p2p signature-file flash:/p2p_default.mtd

#

 port-security enable

#

acl number 3

 rule

#

vlan 1

#

domain system

 access-limit disable

 state active

 idle-cut disable

 self-service-url disable

#

dhcp server ip-pool vlan1 extended

#

user-group system

 group-attribute allow-guest

#

local-user admin

 password cipher $c$3$MDxVKXl9Q2F9eQLHJWWtAuZrDugOuI3CErkebQ==

 authorization-attribute level 3

 service-type telnet

local-user xuyisuning

 password cipher $c$3$4GbNByYqHDH+y/2F+oyn8pGsOY2rXGtzNb8gEQ==

 authorization-attribute level 3

 service-type telnet

 service-type web

#

cwmp

 undo cwmp enable

#

attack-defense policy 1

 signature-detect action drop-packet

 signature-detect fraggle enable

 defense icmp-flood enable

  defense icmp-flood action drop-packet

#

controller E1

#

interface Aux

 async mode flow

 link-protocol ppp

#

interface Cellular

 async mode protocol

 link-protocol ppp

 nat outbound static

#

interface Ethernet

 port link-mode route

 nat outbound static

 nat outbound 3

 ip address 1

 dns server 1

#

interface NULL

#

interface Vlan-interface1

 ip address 192.1.1.1 255.255.255.

 undo dhcp select server global-pool

 dhcp server apply ip-pool vlan1

 attack-defense apply policy 1

#

interface Ethernet

 port link-mode bridge

#

interface Ethernet

 port link-mode bridge

#

interface Ethernet

 port link-mode bridge

#

 ip route-static

#

 dhcp server forbidden-ip 192.1.1.1

#

 dhcp enable

#

 nms primary monitor-interface Ethernet

#

 load xml-configuration

#

 load tr

#

user-interface tty 12

user-interface aux

user-interface vty

 authentication-mode scheme

#

return

2

使用PBR,如果访问的是内部地址,丢给内网那台MSR设备。

其他地址走公网那台MSR

2

使用PBR是在路由器上设置的吗?还是要在加一台三层交换机啊!

℡劉立軍 发表时间:2

外网加台三层交换机吧,用一台三层交换机,将两个网连起来,些一条去往1

2

请问没有三层交换机怎么配置啊

℡劉立軍 发表时间:2

个人认为,不加三层交换机实现不了,没有三层交换,终端网关如何设定?

寂东 发表时间:2

使用PBR是在路由器上设置的吗?还是要在加一台三层交换机啊!

2

CRM论坛(CRMbbs.com)——一个让用户更懂CRM的垂直性行业内容平台,CRM论坛致力于互联网、客户管理、销售管理、SCRM私域流量内容输出5年。 如果您有好的内容,欢迎向我们投稿,共建CRM多元化生态体系,创建CRM客户管理一体化生态解决方案。,我公司用2台路由器,想实现内网的电脑同时能上内外网...