H3C路由器配置

2023年12月31日发(作者：)

H3C路由器配置

整体配置过程与解释：

sys 进入到系统视图 sysname XXX // 修改路由器名字

[H3C]ip https enable #配置https local-user admin #创建用户admin

password simple admin#密码admin service-type https #服务型https

authorization-attribute user-role level-15 #把权限给角色15 quit#退回上级模式

telnet server enable#配置telnet服务 local-user admin #配置telnet 用户名

password simple admin888 #配置明文密码为admin888

server-type telnet #配置用户telnet服务类型

authorization-attribute user-role level-3 #配置用户级别

quit

user interface vty 0 4 #线程模式 authorization-mode scheme #用户名+密码

quit

先配LoopBack 地址再配置ospf

[xian BBB]int LoopBack 10

[xian BBB-LoopBack10]ip address //ip地址

#

router id 1.1.1.1 配置路由id

先配LoopBack 地址再配置ospf

[xian BBB]int LoopBack 10

[xian BBB-LoopBack10]ip address //ip地址

ospf 1 #进程号1

area 0 #骨干区域

network 10.44.251.0 0.0.0.255 network 10.44.253.0 0.0.0.255

VLAN 10 //创建VLAN

int vlan 10 ip add 10.1.1.1 24//配置VLAN 10 的IP地址

int g0/7 port link-type access #交换机模式

#

ospf 1 area 0.0.0.0

import route direct //引入直连路由

network 10.44.251.0 0.0.0.255 network 10.44.253.0 0.0.0.255

interface Vlan-interface1

ip address 192.168.204.204 255.255.255.0

interface GigabitEthernet0/5

port link-mode route//设置接口为路由模式

ip address 10.44.251.45 255.255.255.0

#

interface GigabitEthernet0/7

port link-mode route //设置接口为路由模式

ip address 10.44.253.45 255.255.255.0

[H3C]ip route-static 10.44.251.0 255.255.255.0 10.44.171.5//配置静态目的网段(多个目的路由需配多条)和下一条的出口地址

过，反掩码

#

在外网接口应用上网策略 （outbound是出，inbound是进）

interface GigabitEthernet0/10 port link-mode route

ip address 10.10.10.10 255.255.255.0 packet-filter 3500 outbound

# 县路由器：

acl advanced 3300 //创建ACL 3300访问

rule 0 permit ip source 10.44.200.222 0 //配置允许源ip固定地址，反掩码

rule 11 deny ip source 10.44.200.0 0.0.0.255 //拒绝目的网段通过，反掩码

#

acl advanced 3333 //创建ACL 3333访问

rule 0 permit ip source 10.44.200.0 0.0.0.255 //配置允许源ip段地址，反掩码

#

policy-based-route xxx permit node 1 //创建策略路xxx，节点1

if-match acl 3300 //如果是ACL 3300

apply next-hop 10.10.10.11 //指定下一跳ip地址路由器

#

policy-based-route xxx permit node 11 //创建策略路xxx，节点11

if-match acl 3333 //如果是ACL 3333

apply next-hop 10.44.171.5 //指定下一跳ip地址路由器

在内网口应用策略路由

[H3C]interface Vlan-interface 1 ip address 10.44.200.1

255.255.255.0

[H3C-Vlan-interface1]ip policy-based-route xxx quit

#

在外网接口应用上网策略 （outbound是出，inbound是进）

interface GigabitEthernet0/10 port link-mode route

ip address 10.10.10.10 255.255.255.0 packet-filter 3300 outbound

#

市A静态配置：

dis cu

telnet server enable

#

router id 4.4.4.4

# ospf 1 import-route direc import-route static

area 0.0.0.0 network 10.44.251.0 0.0.0.255

#

ip unreachables enable ip ttl-expires enable

#

policy-based-route xxx permit node 1

if-match acl 3300 apply next-hop 10.10.10.10

#

policy-based-route xxx permit node 11

if-match acl 3333 apply next-hop 10.44.171.6

#

interface GigabitEthernet0/1

port link-mode route

ip address 192.168.204.1 255.255.255.0

#

interface GigabitEthernet0/3

port link-mode route

ip address 10.44.171.5 255.255.255.0

#

interface GigabitEthernet0/5

port link-mode route

ip address 10.44.251.46 255.255.255.0

ip policy-based-route xxx

#

interface GigabitEthernet0/10 port link-mode route

ip address 10.10.10.11 255.255.255.0 packet-filter 3300 outbound

#

ip route-static 10.44.200.0 24 10.44.171.6 、

ip route-static 10.44.200.0 24 10.10.10.10

#

acl advanced 3300

rule 1 permit ip destination 10.44.200.222 0

rule 11 deny ip destination 10.44.200.0 0.0.0.255

#

acl advanced 3333

rule 11 permit ip destination 10.44.200.0 0.0.0.255

#

local-user admin class manage service-type telnet http https

authorization-attribute user-role level-12

authorization-attribute user-role level-15

authorization-attribute user-role network-operator

#

ip http enable

ip https enable

#

县B动态ospf

dis cu

#

telnet server enable

#

router id 10.10.10.10

#

ospf 1

area 0.0.0.1

network 10.10.11.0 0.0.0.255

network 10.44.100.0 0.0.0.255

network 10.44.172.0 0.0.0.255

# ip unreachables enable ip ttl-expires enable

#

policy-based-route yyy permit node 1

if-match acl 3300 apply next-hop 10.10.11.11

#

policy-based-route yyy permit node 11

if-match acl 3333 apply next-hop 10.44.172.5

#

interface Vlan-interface1

ip address 10.44.100.1 255.255.255.0 ip policy-based-route yyy

#

interface GigabitEthernet0/3 port link-mode route

ip address 10.44.172.6 255.255.255.0 ospf cost 2

#

interface GigabitEthernet0/11 port link-mode route

ip address 10.10.11.10 255.255.255.0 packet-filter 3300 outbound

#

acl advanced 3300

rule 1 permit ip source 10.44.100.222 0

rule 11 deny ip source 10.44.100.0 0.0.0.255

#

acl advanced 3333

rule 11 permit ip source 10.44.100.0 0.0.0.255

#

local-user admin class manage

service-type telnet http https

authorization-attribute user-role level-15

authorization-attribute user-role network-operator

#

ip http enable ip https enable

#县A静态

dis cu

#

telnet server enable

#

ip unreachables enabl ip ttl-expires enable

#

policy-based-route xxx permit node 1

if-match acl 3300 apply next-hop 10.10.10.11

#

policy-based-route xxx permit node 2

if-match acl 3333 apply next-hop 10.44.171.5

#

interface Vlan-interface1

ip address 10.44.200.1 255.255.255.0 ip policy-based-route xxx

#

interface GigabitEthernet0/3

port link-mode route ip address 10.44.171.6 255.255.255.0

#

interface GigabitEthernet0/10 port link-mode route

ip address 10.10.10.10 255.255.255.0 packet-filter 3300 outbound

#

line vty 0 4

authentication-mode scheme user-role network-operator

#

line vty 5 63

user-role network-operator

#

ip route-static 10.44.0.0 16 10.44.171.5

ip route-static 10.44.0.0 16 10.10.10.11

#acl advanced 3300

rule 1 permit ip source 10.44.200.222 0

rule 11 deny ip source 10.44.200.0 0.0.0.255

# acl advanced 3333

rule 1 permit ip source 10.44.200.0 0.0.0.255

#

local-user admin class manage

authorization-attribute user-role level-15

authorization-attribute user-role network-operator

#

ip http enable

ip https enable