℡劉立軍,我公司用2台路由器,想实现内网的电脑同时能上内外网...
我公司用2台H3C MSR2
内网是公司总部分配的IP地址段。
组网及组网描述:
version 5.2
#
sysname JS-DX
#
undo password-control aging enable
#
firewall enable
#
domain default enable system
#
router id 1
#
telnet server enable
#
dar p2p sigNATure-file flash:/p2p_default.mtd
#
port-security enable
#
password-recovery enable
#
acl number 3
rule
rule 5 permit ip destination 192.168.118.
rule 1
rule 15 permit ip
acl number 3
rule
rule 5 deny ip destination 192.168.118.
rule 1
rule 15 permit ip
acl number 36
rule
rule 5 permit ip source 1
rule 1
rule 15 permit ip destination 1
rule 2
rule 25 permit ip destination 1
rule 3
rule 35 permit ip destination 1
acl number 36
rule
rule 5 deny ip source 1
rule 1
rule 15 deny ip destination 1
rule 2
rule 25 deny ip destination 1
rule 3
rule 35 deny ip destination 1
#
acl number 4999
rule 1 permit
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
traffic classifier others operator and
if-match acl 3
traffic classifier pos&sap operator and
if-match acl 3
traffic classifier acl398
if-match acl 398
#
traffic behavior others
queue af bandwidth 6
traffic behavior pos&sap
queue af bandwidth 4
traffic behavior acldeny
filter deny
#
qos policy pos&sap
classifier pos&sap behavior pos&sap
classifier others behavior others
qos policy PolicyLimit
#
user-group system
group-attribute allow-guest
#
local-user JS-DX
local-user LYGXXB
password cipher ************
authorization-attribute level 3
service-type ssh telnet
service-type web
local-user admin
password cipher ***************
authorization-attribute level 3
service-type ssh telnet
service-type web
password-control length 4
password-control composition type-number 1
local-user user
password cipher ********
authorization-attribute level 3
service-type ssh telnet
#
cwmp
undo cwmp enable
#
controller E1
using e1
#
interface Aux
async mode flow
link-protocol ppp
#
interface Cellular
async mode protocol
link-protocol ppp
qos apply policy PolicyLimit outbound
firewall packet-filter 4999 outbound
#
interface Ethernet
port link-mode route
firewall packet-filter 4999 outbound
ip address 1
ospf cost 1
vrrp vrid 1 virtual-ip 1
vrrp vrid 1 priority 12
vrrp vrid 1 preempt-mode timer delay 2
qos apply policy PolicyLimit outbound
#
interface Ethernet
port link-mode route
firewall packet-filter 4999 outbound
ip address 1
ospf network-type broadcast
qos apply policy PolicyLimit outbound
ip netstream inbound
ip netstream outbound
undo ip fast-forwarding
ip flow-ordering internal
#
interface Ethernet
port link-mode route
firewall packet-filter 4999 outbound
qos max-bandwidth 512
ospf network-type p2p
qos flow-interval 1
qos apply policy PolicyLimit outbound
undo ip fast-forwarding
#
interface Serial
link-protocol ppp
qos max-bandwidth 512
ospf network-type p2p
qos flow-interval 1
qos apply policy PolicyLimit outbound
undo ip fast-forwarding
#
interface NULL
#
interface Vlan-interface1
#
interface Ethernet
port link-mode bridge
#
interface Ethernet
port link-mode bridge
#
ospf 1
peer 1
area
network 1
network 1
nssa
#
#
voice-setup
#
sip
#
sip-server
#
call-rule-set
#
call-route
#
dial-program
#
aaa-client
#
gk-client
#
snmp-agent
snmp-agent local-engineid 8
snmp-agent community read yunshang1
snmp-agent sys-info version v2c
#
ip netstream export host 192.168.132.142 2
ip netstream export source interface Ethernet
#
ntp-service unicast-server 192.168.132.2
#
ssh server enable
ssh server authentication-timeout 3
ssh user admin service-type stelnet authentication-type password
#
load xml-configuration
#
load tr
#
user-interface tty 12
user-interface aux
authentication-mode password
user-interface vty
authentication-mode scheme
user privilege level 3
idle-timeout 1
#
return
外网路由配置信息如下:
sysname H3C
#
domain default enable system
#
dns proxy enable
#
bridge enable
#
telnet server enable
#
dar p2p signature-file flash:/p2p_default.mtd
#
port-security enable
#
acl number 3
rule
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
dhcp server ip-pool vlan1 extended
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher $c$3$MDxVKXl9Q2F9eQLHJWWtAuZrDugOuI3CErkebQ==
authorization-attribute level 3
service-type telnet
local-user xuyisuning
password cipher $c$3$4GbNByYqHDH+y/2F+oyn8pGsOY2rXGtzNb8gEQ==
authorization-attribute level 3
service-type telnet
service-type web
#
cwmp
undo cwmp enable
#
attack-defense policy 1
signature-detect action drop-packet
signature-detect fraggle enable
defense icmp-flood enable
defense icmp-flood action drop-packet
#
controller E1
#
interface Aux
async mode flow
link-protocol ppp
#
interface Cellular
async mode protocol
link-protocol ppp
nat outbound static
#
interface Ethernet
port link-mode route
nat outbound static
nat outbound 3
ip address 1
dns server 1
#
interface NULL
#
interface Vlan-interface1
ip address 192.1.1.1 255.255.255.
undo dhcp select server global-pool
dhcp server apply ip-pool vlan1
attack-defense apply policy 1
#
interface Ethernet
port link-mode bridge
#
interface Ethernet
port link-mode bridge
#
interface Ethernet
port link-mode bridge
#
ip route-static
#
dhcp server forbidden-ip 192.1.1.1
#
dhcp enable
#
nms primary monitor-interface Ethernet
#
load xml-configuration
#
load tr
#
user-interface tty 12
user-interface aux
user-interface vty
authentication-mode scheme
#
return
2
使用PBR,如果访问的是内部地址,丢给内网那台MSR设备。
其他地址走公网那台MSR
使用PBR是在路由器上设置的吗?还是要在加一台三层交换机啊!
℡劉立軍 发表时间:2外网加台三层交换机吧,用一台三层交换机,将两个网连起来,些一条去往1
2
请问没有三层交换机怎么配置啊
℡劉立軍 发表时间:2个人认为,不加三层交换机实现不了,没有三层交换,终端网关如何设定?
寂东 发表时间:2使用PBR是在路由器上设置的吗?还是要在加一台三层交换机啊!
2CRM论坛(CRMbbs.com)——一个让用户更懂CRM的垂直性行业内容平台,CRM论坛致力于互联网、客户管理、销售管理、SCRM私域流量内容输出5年。 如果您有好的内容,欢迎向我们投稿,共建CRM多元化生态体系,创建CRM客户管理一体化生态解决方案。,我公司用2台路由器,想实现内网的电脑同时能上内外网...
