H3C二層架構綜合配置

拓撲

還需要補充dhcp

需求

tips

h3c 使用tracert的話，需要在所有設備上啓用
ip unreachables enable
ip ttl-expires enable

參考鏈接

華三H3C端口聚合與鏈路聚合
H3C PBR 參考

access A

sys
sysname accessA

ip unreachables enable
ip ttl-expires enable

# 創建vlan
vlan 10
vlan 20

int g1/0/1
port link-type access
port access vlan 10

int g1/0/2
port link-type access
port access vlan 20


# trunk 鏈路
int g1/0/3
port link-type trunk
port trunk permit vlan all

access B

sys
sysname accessB

ip unreachables enable
ip ttl-expires enable

創建vlan

vlan 10
vlan 20

int g1/0/1
port link-type access
port access vlan 20

int g1/0/2
port link-type access
port access vlan 10

trunk 鏈路

int g1/0/3
port link-type trunk
port trunk permit vlan all

core

sys
sysname core

ip unreachables enable
ip ttl-expires enable

# 創建vlan
vlan 10
vlan 20

# trunk 鏈路
int g1/0/3
port link-type trunk
port trunk permit vlan all

# trunk 鏈路
int g1/0/4
port link-type trunk
port trunk permit vlan all

# 鏈路聚合
int Bridge-Aggregation 1
quit

int g1/0/1
port link-aggregation group 1

int g1/0/2
port link-aggregation group 1

# 鏈路聚合配置trunk
port link-type trunk
port trunk permit vlan all

# telnet 配置，爲了能夠訪問，需要先添加個ip
int vlan 10
ip address 192.168.10.10 24


telnet server enable
line vty 0 15
authentication-mode password
set authentication password simple wlgc

inside 路由器

sys
sysname inside

ip unreachables enable
ip ttl-expires enable

# 鏈路聚合,整理要注意路由和交換機的命令不同
int route-Aggregation 1
quit

int g5/1
port link-aggregation group 1

int g5/0
port link-aggregation group 1

# 子接口 單臂路由 配置
int Route-Aggregation 1.10
vlan-type dot1q vid 10
ip address 192.168.10.254 24

int Route-Aggregation 1.20
vlan-type dot1q vid 20
ip address 192.168.20.254 24

# 對外ip

int g0/0
ip address 10.1.1.2 24
int s1/0
ip address 20.1.1.20 24

# 默認路由
ip route-static 0.0.0.0 0.0.0.0 10.1.1.1
ip route-static 0.0.0.0 0.0.0.0 20.1.1.2

# nat 配置
acl advanced name nat
rule  5 permit ip source 192.168.0.0 0.0.255.255 destination any

int g0/0
nat outbound name nat

# 策略路由pbr internet2
acl advanced name pbr-internet2
# 這句是爲了防止將內網互ping的流量，也轉發出去，造成內網ping不同的情況
rule 3 deny ip source 192.168.0.0 0.0.255.255 destination 192.168.0.0 0.0.255.255
rule 5 permit ip source 192.168.20.0 0.0.0.255 destination any


policy-based-route pbr-internet2  node 5
if-match acl name pbr-internet2
apply next-hop 20.1.1.2 

# 啓用策略路由，這裏需要注意，是在聚合的子接口上進行，並非nat出接口

int Route-Aggregation1.20
ip policy-based-route  pbr-internet2

undo ip fast-forwarding load-sharing
quit

# telnet 配置
acl advanced 3000
rule 5 permit ip source 192.168.10.0 0.0.0.255

quit
telnet server enable 
telnet server  acl 3000

line vty 0 15
authentication-mode password
set authentication password simple wlgc

互聯網部分

internet

sys
sysname internet

ip unreachables enable
ip ttl-expires enable

# ip 配置

int g0/1
[ip address 13.1.1.1 24


int g0/0
ip address 10.1.1.1 24


# ospf 配置
ospf 100
# 重發布直連接口
import-route direct
area 0
network 13.1.1.0 0.0.0.255

internet2

sys
sysname internet2

ip unreachables enable
ip ttl-expires enable

int g0/2
ip address 23.1.1.2 24

int s1/0
ip address 20.1.1.2 24

# ospf 配置
ospf 100
# 重發布直連接口（s1/0）
import-route direct
area 0
network 23.1.1.0 0.0.0.255

remote(3.3.3.3)

sys
sysname remote

ip unreachables enable
ip ttl-expires enable

int LoopBack 0
ip address 3.3.3.3 32


int g0/1
ip address 13.1.1.3 24

int g0/0
ip address 23.1.1.3 24

# ospf 配置
ospf 100
area 0
network 13.1.1.0 0.0.0.255
network 3.3.3.3 0.0.0.0
network 23.1.1.0 0.0.0.255