整体配置过程与解释:
[H3C]ip https enable #配置https local-user admin #创建用户admin password simple admin#密码admin service-type https #服务型https authorization-attribute user-role level-15 #把权限给角色15 quit#退回上级模式
telnet server enable#配置telnet服务 local-user admin #配置telnet 用户名password simple admin888 #配置明文密码为admin888
server-type telnet #配置用户telnet服务类型
authorization-attribute user-role level-3 #配置用户级别
quit
user interface vty 0 4 #线程模式 authorization-mode scheme #用户名+密码quit
先配LoopBack 地址再配置ospf
[xian BBB]int LoopBack 10
地址
#
配置路由id
先配LoopBack 地址再配置ospf
[xian BBB]int LoopBack 10
地址
ospf 1 #进程号1
area 0 #骨干区域
VLAN 10 //创建VLAN
int vlan 10 配置VLAN 10 的IP地址
int g0/7 port link-type access #交换机模式
#
ospf 1
import route direct //引入直连路由
5
interface Vlan-interface1
interface GigabitEthernet0/5
port link-mode route//设置接口为路由模式
#
interface GigabitEthernet0/7
port link-mode route //设置接口为路由模式
配置静态目的网段(多个目的路由需配多条)和下一条的出口地址
配置缺省路由只需配和下一跳
设置优先级为60,数字越小越优先
#
ip http enable
[H3C-ospf-1]import-route direct //ospf加入直连
[H3C-ospf-1]import-route static //ospf加入静态路由
#
ospf 1
#
ip unreachables enable 显示跟踪 ip ttl-expires enable 显示跟踪#
#
双链路路由器设置:
#市路由器:
acl advanced 3300 //创建访问控制列表ACL 3300
配置允许目的 ip地址或网段(反掩码)访问
#
acl advanced 3333 //创建访问控制列表ACL 3333
配置允许目的ip网段或固定地址(反掩码)
#
policy-based-route xxx permit node 1 //创建策略路xxx,节点1
if-match acl 3000 //如果是ACL 3000
指定下一跳ip地址路由器
#
policy-based-route xxx permit node 11 //创建策略路xxx,节点11
if-match acl 3333 //如果是ACL3333
指定下一跳ip地址路由器
在内网口应用策略路由
interface GigabitEthernet0/5 port link-mode route
ip policy-based-route xxx
#
acl advanced 3500 //创建ACL 3500
允许指定目的地址通过,反掩码
拒绝目的网段通过,反掩码
#
在外网接口应用上网策略(outbound是出,inbound是进)
interface GigabitEthernet0/10 port link-mode route
packet-filter 3500 outbound
# 县路由器:
acl advanced 3300 //创建ACL 3300访问
配置允许源ip固定地址,反掩码
拒绝目的网段通过,反掩码
#
acl advanced 3333 //创建ACL 3333访问
配置允许源ip段地址,反掩码
#
policy-based-route xxx permit node 1 //创建策略路xxx,节点1
if-match acl 3300 //如果是ACL 3300
指定下一跳ip地址路由器
#
policy-based-route xxx permit node 11 //创建策略路xxx,节点11 if-match acl 3333 //如果是ACL 3333
指定下一跳ip地址路由器
在内网口应用策略路由
[H3C]interface Vlan-interface 1
[H3C-Vlan-interface1]ip policy-based-route xxx quit
#
在外网接口应用上网策略(outbound是出,inbound是进)
interface GigabitEthernet0/10 port link-mode route
packet-filter 3300 outbound
#
市A静态配置:
telnet server enable
#
# ospf 1 import-route direc import-route static
#
ip unreachables enable ip ttl-expires enable
#
policy-based-route xxx permit node 1
if-match acl 3300
#
policy-based-route xxx permit node 11
if-match acl 3333
#
interface GigabitEthernet0/1
port link-mode route
#
interface GigabitEthernet0/3
port link-mode route
#
interface GigabitEthernet0/5
port link-mode route
ip policy-based-route xxx
#
interface GigabitEthernet0/10 port link-mode route
packet-filter 3300 outbound
#
、
#
acl advanced 3300
#
acl advanced 3333
#
local-user admin class manage service-type telnet http https
authorization-attribute user-role level-12
authorization-attribute user-role level-15
authorization-attribute user-role network-operator #
ip http enable
ip https enable
#
县B动态ospf
#
telnet server enable
#
#
ospf 1
# ip unreachables enable ip ttl-expires enable #
policy-based-route yyy permit node 1
if-match acl 3300
#
policy-based-route yyy permit node 11
if-match acl 3333
#
interface Vlan-interface1
ip policy-based-route yyy
#
interface GigabitEthernet0/3 port link-mode route ospf cost 2
#
interface GigabitEthernet0/11 port link-mode route packet-filter 3300 outbound
#
acl advanced 3300
#
acl advanced 3333
#
local-user admin class manage
service-type telnet http https
authorization-attribute user-role level-15
authorization-attribute user-role network-operator #
ip http enable ip https enable
#县A静态
#
telnet server enable
#
ip unreachables enabl ip ttl-expires enable
#
policy-based-route xxx permit node 1
if-match acl 3300
#
policy-based-route xxx permit node 2
if-match acl 3333
#
interface Vlan-interface1
ip policy-based-route xxx
#
interface GigabitEthernet0/3
port link-mode route
#
interface GigabitEthernet0/10 port link-mode route
packet-filter 3300 outbound
#
line vty 0 4
authentication-mode scheme user-role network-operator #
line vty 5 63
user-role network-operator
#
#acl advanced 3300
# acl advanced 3333
#
local-user admin class manage
authorization-attribute user-role level-15
authorization-attribute user-role network-operator
#
ip http enable
ip https enable