华为AR1220路由器配置参数实际应用实例解说一

Huawei AR100,AR120 and AR200 SeriesEnterprise Routers DatasheetRealize Your PotentialHuawei AR100, AR120 and AR200 Series Enterprise Routers DatasheetHuawei's next-generation routers, the AR100, AR120 and AR200 series are designed for enterprisebranch offices and small businesses, delivering a comprehensive set of services, including routing,switching, voice, security, and wireless access.Product OverviewThe AR100, AR120 and AR200 series are fixed interface routers that provide a comprehensive platform fora variety of network topologies, including IMS, NGN, WAN and PSTN. The AR100, AR120 and AR200 alsoemploy embedded hardware encryption for security as well as a voice Digital Signal Processor (DSP) for voiceservices.The AR100, AR120 and AR200 series are mature, stable and quiet routers that offer high performancefunctionality for small networks, enabling small businesses to greatly increase productivity at a lower cost.AR100s, AR120s and AR200s are easy to deploy, configure and customize, greatly reducing cost ofdeployment and maintenance, while offering maximum value to customers. These models allow networkadministrators to expand their networks easily and quickly, saving time and costs. The routers supportfirewalls, call processing, and application program functionalities. The AR100, AR120 and AR200 seriesincludes the following models:• AR109, AR109W, AR109GW-L• A R129CVW, AR129CGVW-L, AR121,AR129CV• AR201,AR207The specifications for these models are shown in the following table.Product Features and Benefits• More applications: Huawei series routers use the dual-core processor that isolates the control plane from the forwarding plane and processes more enterprise applications. Huawei series routers improve user experience for multimedia service when streams overlap.• Higher performance: The AR100s, AR120s and AR200s can process various enterprise applications, and its service processing capability is four times that in the industry.• Greater potential: Huawei series routers provide the capability to migrate services to the 3G and LTE networks.Small Size and High Performance1• Maturity and Stableness: The AR100s, AR120s and AR200s uses the Huawei VRP operating system and VSP voice platform. In addition, the AR100s, AR120s and AR200s uses modularized hardware design, which brings good user experience.• L ow-noise office: Huawei series routers have no fan, which brings low noise and good user experience. • Secure environment: The lightning failure rate AR100s, AR120s and AR200s is only 3% of industry average. The AR100s, AR120s and AR200s can be applied in the harsh environment.Small footprint on a Comprehensive Platform3• Easy to construct: The AR100s, AR120s and AR200s supports plug-and-play, intelligent configuration, and deployment using the USB flash drive. It can function immediately after being installed. Users do not need to configure an IP address manually. The PPP and VPN indicators show the status of corresponding services. The AR100s, AR120s and AR200s helps to quickly construct an enterprise IT network.• Simplified solution: Huawei provides an all-around solution that integrates the routing, switching, voice, security, and wireless services. Customers can customize solutions as required.• Easy to expand: Huawei series routers have four/eight FE/GE ports, can access more employee for small enterprises. The two uplink WAN ports implement load balancing and link protection, maximizing the return on investments.Low Investment with High Returns2Example deployment in branch networks for WAN access. In this example, the AR100s, AR120s and AR200s function as the egress routers on enterprise branch networks and provide multiple access methods, including Ethernet, xDSL, 3G, LTE and WLAN.WAN AccessSample DeploymentsEnterprise Voice Services DeploymentIP PBX with WAN and PSTN AccessThis illustration shows AR120 series router deployed at an enterprise branch with access to a WAN and a PSTN. If a fault occurs on the WAN, the PSTN acts as a backup to the WAN and ensures that call services remain uninterrupted.AR120s are deployed at enterprise branch offices to provide intelligent, integrated dialing across the network. When deployed as voice service gateways, AR120s can function as IP PBX boxes and SIP access gateways.IP PBX.AR120s have a built-in PBX, which supports the enterprise main number, interactive voice response (IVR), and billing query functions. These features help enhance the corporate image of small businesses by allowing them to look more professional to their customers, while simultaneously improving the efficiency of their enterprise communications.SIP Server. AR120s have a built-in SIP server that ensures reliability of voice services. If the SIP server at the headquarters office becomes unreachable, the local built-in SIP server at the branch office ensures that communication remains uninterrupted between branch offices and the PSTN network.Mid-scale branchThe AR120 series routers provide integrated voice, fax, and IP services. The AR120s can function as SIP access gateways for enterprise branch offices that transform traditional phone signals into Voice over IP (VoIP). Typically, AR120s are connected upstream from the IMS and NGN networks to enable anytime voice communication on any media, such as phones, handsets, and computers.VPNs Connecting Branches and Partners to HeadquartersVPN Deployment for Secure Enterprise CommunicationsThis illustration shows how to deploy AR100s, AR120s and AR200s using VPNs to connect branches and partners to headquarters.AR100s, AR120s and AR200s provide various VPN tunnel protocols to ensure secure communications between:• Enterprise branches andother branch offices • Enterprise branchesand headquarters • Partners and enterpriseresourcesAR100s, AR120s and AR200s support the following VPN tunnel protocols:• GRE VPN • I PSEC VPN• DSVPN • L2TP VPNAR100s, AR120s and AR200s support fast tunnel set-up and authentication.IPSEC VPN DSVPNGRE VPNAR3200VPN ClientL2TP VPN3G/LTE and Wi-Fi Wireless Access applicationWireless Access and Management in BranchThe AR100s, AR120s routers complied with 3G and LTE standards including HSPA+ and FDD LTE, meeting or LTE data link can be used as a backup for wired link to protect the xDSL, FE/GE, uplinks. The backup link improves network stability and reduces network construction costs. Some models of AR100s, AR120s routers are dual SIM devices, providing dual SIM standby. Thecustomers can switch the SIMcard manually according to 3G/LTE network standards. In addition, the device can switch to the backup SIM card when signal is weak to avoid link interruption.The AR100s, AR120s routers integrated WLAN wireless access capabilities, support 802.11a/b/g/nstandard communication, Built-in AC function make the deployment and management more conveniently. Its wireless features can meet users' demand for wireless access, and help enterprises to build a branch network flexibly.AR3200HeadquartersBranch 1Branch 2Wireless AC ManagementapplicationThe AR120s and AR200s routers integrated AC (Access Controller, a wireless controller) functionality, which can manage the wireless AP (Access Point, Access Point) in wireless LAN. AR supported rich certification and flexible user access control, which can provide security access guarantee for Wi-Fi users. The rich wireless capabilities integrated in one device, this can realize centralized management of wired and wireless network,meet the customers' requirements of building different scale enterprises networks.Branch 1Branch 2Technical SpecificationsTable1: AR100s Technical SpecificationsTable 2: AR120s Technical SpecificationsTable 3: AR200 Technical SpecificationsHardware*Service performance depending on specific feature configuration. Ordering InformationThe AR100, AR120 and AR200 series routers are configured by selecting and installing the appropriate configuration module. The configuration module ordering information and descriptions are shown in the following table4-7.Table 4: Chassis OptionsTable 5: Power Module OptionsTable 7: SD Card and USB Disk OptionsTable 6: License OptionsProfessional Service and SupportHuawei Professional Services provides expert network design and service optimization tasks, helping customers design and deploy a high-performance network that is reliable and secure, maximizing return on investment as well as reducing operational expenses.Company AddendumFor more information, please visit /en/ or contact your local Huawei office.Copyright © Huawei Technologies Co., Ltd. 2017. All rights reserved.No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.Trademark Notice, HUAWEI, and are trademarks or registered trademarks of Huawei Technologies Co., Ltd.Other trademarks, product, service and company names mentioned are the property of their respective owners.General DisclaimerThe information in this document may contain predictive statements including,without limitation, statements regarding the future financial and operating results,future product portfolio, new technology, etc. There are a number of factors thatcould cause actual results and developments to differ materially from thoseexpressed or implied in the predictive statements. Therefore, such information isprovided for reference purpose only and constitutes neither an offer nor anacceptance. Huawei may change the information at any time without notice.。

置ACL包过滤防火墙典型示例ACL包过滤防火墙在具体组网中的应用。

根据数据流的源、目的IP地址，源、目的端口号，协议类型五元组过滤数据流，提高数据流的安全性。

组网需求如图1所示，Router的接口Ethernet0/0/0连接一个高安全优先级的内部网络，接口GE0/0/1连接低安全优先级的外部网络，需要对内部网络和外部网络之间的通信实施包过滤。

具体要求如下：∙外部特定主机（202.39.2.3）允许访问内部网络中的服务器。

∙ 其余的访问均不允许。

图1 配置ACL包过滤组网图配置思路采用如下思路配置ACL包过滤防火墙：1. 配置安全区域和安全域间。

2. 将接口加入安全区域。

3. 配置ACL。

4. 在安全域间配置基于ACL的包过滤。

操作步骤1. 在Router上配置安全区域和安全域间。

2. <Huawei> system-view3. [Huawei] firewall zone trust4. [Huawei-zone-trust] priority 155. [Huawei-zone-trust] quit6. [Huawei] firewall zone untrust7. [Huawei-zone-untrust] priority 18. [Huawei-zone-untrust] quit9. [Huawei] firewall interzone trust untrust10. [Huawei-interzone-trust-untrust] firewall enable11. [Huawei-interzone-trust-untrust] quit12. 在Router上将接口加入安全区域。

13. [Huawei] vlan 10014. [Huawei-vlan100] quit15. [Huawei] interface vlanif 10016. [Huawei-Vlanif100] ip address 129.38.1.1 2417. [Huawei-Vlanif100] quit18. [Huawei] interface Ethernet 0/0/019. [Huawei-Ethernet0/0/0] port link-type access20. [Huawei-Ethernet0/0/0] port default vlan 10021. [Huawei-Ethernet0/0/0] quit22. [Huawei] interface vlanif 10023. [Huawei-Vlanif100] zone trust24. [Huawei-Vlanif100] quit25. [Huawei] interface gigabitethernet 0/0/126. [Huawei-GigabitEthernet0/0/1] ip address 202.39.2.1 2427. [Huawei-GigabitEthernet0/0/1] zoneuntrust[Huawei-GigabitEthernet0/0/1] quit28. 在Router上配置ACL。

华为单臂路由的配置方法步骤图部署了VLAN的交换机可以实现在同一广播域内不同主机之间的通信，但是要想实现不同VLAN间主机通信，就要引入路由技术，可以通过二层交换机配合路由器来实现路由转发。

下面是店铺给大家整理的一些有关华为单臂路由配置方法，希望对大家有帮助!华为单臂路由配置方法首先利用华为模拟器eNSP来设计逻辑网络拓朴图，有一台路由器AR1220，一台二层交换机S3700，二台PC主机。

其之间用线缆连接并作好标注。

在华为模拟器eNSP中打开终端配置交换机S3700,配置内容截图如下system-viewsysname SW1 //设置交换机名字为SW1vlan batch 2 3 //连续创建vlan 2 3interface Ethernet 0/0/1port link-type access //设置端口类型为accessport default vlan 2 //将接口划分到vlan 2quitinterface Ethernet 0/0/2port link-type accessport default vlan 3quitinterface Ethernet 0/0/3port link-type trunk //设置端口类型为trunkport trunk allow-pass vlan 2 3 //华为交换机默认不支持其他vlan通过，除去vlan 1,允许trunk端口通过vlan 2 3[SW1-Ethernet0/0/3] //按CTRL+Z返回用户视图system-viewdisplay vlan //显示vlandisplay interface brief //显示接口概save在打开终端配置路由器AR1220，配置内容截图如下system-viewsysname R1 //设置路由器名字R1display interface brief //显示接口概要interface GigabitEthernet 0/0/0.1dot1q termination vid 2 //封装dot1q协议,该子接口对应vlan 2ip address 192.168.2.254 24 //设置子接口IP地址和子网掩码arp broadcast enable //开启子接口的ARP广播quitinterface GigabitEthernet 0/0/0.2dot1q termination vid 3ip address 192.168.3.254 24arp broadcast enablequitdisplay ip interface brief //显示接口IP的简要状态信息ping 192.168.2.2ping 192.168.3.3quitsave分别在PC1和PC2用ping命令测试连通性，对方收到报文后会反馈时间等信息，如图本实验通过结合AR1220路由器和S3700交换机完成了单臂路由配置，实现局域网内不同vlan主机之间通信。

AR1220E-S系列企业路由器完整技术规格及组网应用AR1200-S系列企业路由器是华为公司推出的面向中小型办公室或中小型企业分支的多合一路由器，提供包括有线和无线的Internet接入、专线接入、融合通信及安全等功能，广泛部署于中小型园区网出口、中小型企业总部或分支等场景。

产品概述AR1200-S系列路由器采用嵌入式硬件加密，支持防火墙以及应用程序服务，覆盖业界最广泛的有线和无线连接模式，如E1/T1、xDSL、xPON、WiFi、3G等。

AR1220-S系列路由器通过微软的Lync server认证，能够与微软统一通信方案无缝集成。

AR1200-S系列包含以下几款设备：AR1220-S、AR1220E-S、AR1220F-S，其外观如下：AR1220-S •••••AR1220E-S •••••AR1220F-S •••••AR1200-S支持多种接口卡，包括以太网接口卡、E1/T1/PRI/VE1接口卡、同异步接口卡、ADSL2+/G.SHDSL接口卡、ISDN接口卡、EPON/GPON接口卡等。

按使用槽位的不同，可分为SIC 卡（灵活接口卡）和WSIC卡（双宽SIC卡）。

产品特性与价值3AR1200-S系列企业路由器采用多核CPU和无阻塞交换架构，产品性能业界领先，充分满足企业及分支机构网络未来多元化扩展、不断增长的业务需求。

•使用多核CPU，提高数据、语音的并发处理能力，为大容量业务的全方位部署创造条件•无阻塞交换，业务转发无瓶颈•协议管理、业务处理、数据交换独立分布处理，性能更高，业务更可靠•路由交换一体化，跨板卡交换效率高，配置维护灵活简单•板卡热插拔，风扇等关键硬件冗余设计，保证业务安全稳定移动模式固定模式通过OSP与第三方IT系统集成和对接，为企业客户实现统一通信的业务体验，使客户、代理商、第三方和厂家都可以是开发者和使用者，真正实现业务价值链的共赢。

•快速集成与定制业务，满足用户个性化需求•深度融合各类业务，无需部署专门服务器，节省投资，易于管理•与云侧业务实时刷新和同步，本地业务由本地处理，提高质量和效率安全业务接入AR1200-S在业务顺利开展的同时有效地保障企业网的安全，从用户接入控制、报文检测、到主动防御形成一套完整的安全防护机制，实现用户投资回报最大化。

华为 AR1220路由器配置参数实际应用实例解说一1. 配置参数[GZ]dis cu[V200R001C00SPC200] //路由器软件版本,可从官方网站下载#sysname GZ //路由器名字 GZftp server enable //ftp 服务开通以便拷贝出配置文件备份#voice#http server port 1025 //httpundo http server enable#drop illegal-mac alarm#l2tp aging 0#vlan batch 10 20 30 40 50 //本路由器设置的 VLAN ID#igmp global limit 256#multicast routing-enable //开启组播#dhcp enable //全局下开启 DHCP 服务然后在各 VLAN 上开启单独的 DHCP #ip vpn-instance 1ipv4-family#acl number 2000rule 10 permit#acl number 2001 //以太网访问规则列表。

rule 6 permit source 172.23.68.0 0.0.0.255 //允许此网段访问外网rule 7 permit source 172.23.69.0 0.0.0.255 //允许此网段访问外网rule 8 permit source 172.23.65.0 0.0.0.3 //允许此网段的前三个 IP 访问外网 rule 9 deny //不允许其他网段访问外网#acl number 3000 //此规则并未应用rule 40 permit ip source 172.23.65.0 0.0.0.255 destination 172.23.69.0 0.0.0.25 5#acl number 3001//定义两个网段主机互不访问,学生不能访问 65网段。

1接口基础配置关于本章通过了解常见接口类型、接口编号规则以及各种可配置的接口参数等内容，方便用户对接口进行管理。

1.1 接口基础简介通过本小节，您可以了解到设备的接口分类和接口编号规则。

1.2 接口配置注意事项介绍接口的配置注意事项。

1.3 配置接口基本参数配置接口基本参数，包括接口描述信息、接口流量统计时间间隔功能以及开启或关闭接口。

1.4 清除接口统计信息1.1 接口基础简介通过本小节，您可以了解到设备的接口分类和接口编号规则。

1.1.1 接口分类接口是设备与网络中的其它设备交换数据并相互作用的部件，分为物理接口和逻辑接口两类，其中：●物理接口物理接口是真实存在、有器件支持的接口。

物理接口分为管理接口、业务接口和GPIO接口三种：–管理接口管理接口主要为用户提供配置管理支持，也就是用户通过此类接口可以登录到设备，并进行配置和管理操作。

管理接口不承担业务传输。

说明本章仅具体介绍业务接口、GPIO接口和逻辑接口，关于管理接口的详细配置，请参见《Huawei AR系列物联网关配置指南-基础配置》。

设备支持的管理接口如表1-1所示：表1-1各管理接口介绍说明Console接口和MiniUSB接口互斥，同一时刻只能使用其中的1个接口。

默认情况下，串口使用Console接口。

–业务接口业务接口需要承担业务传输，分为两种：▪LAN侧接口：路由器可以通过它与局域网中的网络设备交换数据。

▪WAN侧接口：路由器可以通过它与远距离的外部网络设备交换数据。

设备支持的业务接口如表1-2所示：表1-2业务接口说明业务接口有时也被称为端口，为便于描述，在本手册中，统一描述为接口。

–GPIO接口GPIO接口与外接设备相连，可以作为DI接口监控外接设备的电平信号状态，也可以作为DO接口输出高低电平，控制外接设备的开关。

设备支持的GPIO接口如表1-3所示：表1-3 GPIO接口●逻辑接口逻辑接口是指能够实现数据交换功能但物理上不存在、需要通过配置建立的接口。

一、WAN口ip地址的配置方法[R26-AR1220]interface GigabitEthernet 0/0/0[R26-AR1220-GigabitEthernet0/0/0]ip address 10.3.210.2 30（公网地址1）[R26-AR1220-GigabitEthernet0/0/0]quit二、OSPF的配置方法[R26-AR1220]ospf 1[R26-AR1220-ospf-1]area 0[R26-AR1220-ospf-1-area-0.0.0.0]network 10.3.210.0 0.0.0.3[R26-AR1220-ospf-1-area-0.0.0.0]network 10.210.0.0 0.0.255.255[R26-AR1220-ospf-1-area-0.0.0.0]quit[R26-AR1220-ospf-1]quit三、由于将该16位的路由直接发布在ospf中，则不需要配置静态路由四、LAN口的配置方法第一步：创建vlan[R26-AR1220]vlan 10 ///*创建vlan10*//[R26-AR1220-vlan10]q第二步：将内网口加入vlan[R26-AR1220]interface Ethernet 0/0/1 //进入内网以太接口//[R26-AR1220-Ethernet0/0/4]port link-type access //配置为access模式// [R26-AR1220-Ethernet0/0/4] port default vlan 10 //将接口加入vlan10// [R26-AR1220-Ethernet0/0/4]q（如果其他接口也想直连pc，则须进入相应的接口采用相同的配置即可）第三步：配置vlanif网关地址[R26-AR1220]interface Vlanif 10[R26-AR1220-Vlanif10]ip address 192.168.1.1 255.255.255.0[R26-AR1220-Vlanif10]quit--------------------------------------------------------------------------------陈乾坤Chenqiankun华为企业业务安捷信交付与服务业务部Agisson, Delivery & Service Dept, Huawei Enterprise Business GroupMobile:186****1186Contact: 400-830-2118呼叫座席号：938E-mail:**********************北京市海淀区中关村北清路156号实创科技示范园华为公司L05Huawei building,No.156,Beiqing Road,Haidian District,Beijing 100095, P.R.China。

配置内网用户通过NAT地址池方式访问Internet外网的示例规格适用于所有版本、所有形态的AR路由器。

组网需求如图1所示，内网用户通过路由器的NAT地址池方式来访问Internet。

图1 配置通过NAT地址池方式访问Internet操作步骤1.配置Router。

2.#3. vlan batch 1004.#5.acl number 2000 //配置允许进行NAT转换的内网地址段6. rule 5 permit source 192.168.20.0 0.0.0.2557.#8. nat address-group 1 202.169.10.100 202.169.10.200 //配置NAT地址池9.#10.interface vlanif100 //配置内网网关的IP地址11. ip address 192.168.20.1 255.255.255.012.#13.interface Ethernet2/0/014. port link-type access15. port default vlan 10016.#17.interface GigabitEthernet3/0/018. ip address 202.169.10.1 255.255.255.019. nat outbound 2000 address-group 1 //在出接口上配置NAT Outbound20.#21. ip route-static 0.0.0.0 0.0.0.0 202.169.10.2 //配置默认路由22.验证配置结果。

# 执行命令display nat outbound，查看NAT Outbound的配置信息。

# 内网用户可以通过路由器的NAT地址池方式来访问Internet。

配置注意事项无(如果还有其他的需要注意的请致电我们或者找我们的工程师直接给你解决)。

<Huawei>dis cur 显示当前配置[V200R001C01SPC500]#board add 0/3 2SAboard add 0/4 2SAboard add 0/5 8FE1GE#snmp-agent local-engineid 800007DB0300464BAB5FD4snmp-agent#voice#drop illegal-mac alarm#acl number 2000 基本 acl 2000rule 5 permit 规则 5 允许所有#acl number 3000 高级acl 3000rule 5 permit ip source 172.21.34.2 0 规则 5 允许源 ip 172.21.34.2 0代表0.0.0.0 精确匹配rule 10 permit ip source 172.21.34.221 0规则 10 允许源 ip 172.21.34.221 0代表0.0.0.0 精确匹配#traffic classifier test operator orif-match acl 3000#traffic behavior teststatistic enabletraffic behavior tet#traffic policy testclassifier test behavior test#aaa 三A认证authentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain defaultdomain default_adminlocal-user admin password simple admin 本地用户账号admin 密码明文 adminlocal-user admin service-type http 本地用户admin 服务类型 http 也就是 WEB#interface Ethernet5/0/0#interface Ethernet5/0/1#interface Ethernet5/0/2#interface Ethernet5/0/3#interface Ethernet5/0/4#interface Ethernet5/0/5#interface Ethernet5/0/6#interface Ethernet5/0/7#interface Serial3/0/0link-protocol fr 封装帧中继协议fr lmi type q933a帧中继 lmi 类型 q933afr dlci 700 帧中继dlci 号 700description link-Beijing 描述链接北京ip address 172.31.1.6 255.255.255.252 ip地址 172.31.1.6 子网掩码255.255.255.252 #interface Serial3/0/1 串口link-protocol ppp 封装ppp 点对点协议#interface Serial4/0/0link-protocol ppp封装ppp 点对点协议#interface Serial4/0/1link-protocol ppp封装ppp 点对点协议#interface GigabitEthernet0/0/0traffic-policy test inbound#interface GigabitEthernet0/0/0.2description server_vlan 2 描述服务器 vlan 2control-vid 2 dot1q-terminationdot1q termination vid 2这个应该是子接口封装的802.1q协议对应vlan 2ip address 172.21.34.254 255.255.255.0arp broadcast enable 使能ARP广播#interface GigabitEthernet0/0/0.4description fanghuoqiang_vlan4control-vid 4 dot1q-terminationdot1q termination vid 4这个应该是子接口封装的802.1q协议对应vlan 4ip address 172.21.36.254 255.255.255.0arp broadcast enable使能ARP广播#interface GigabitEthernet0/0/0.10description guanli_vlan 10 描述管理 vlan 10control-vid 10 dot1q-terminationdot1q termination vid 10 这个应该是子接口封装的802.1q协议对应vlan 10 ip address 172.21.42.254 255.255.255.0arp broadcast enable使能ARP广播#interface GigabitEthernet0/0/1#interface GigabitEthernet0/0/2#interface GigabitEthernet5/0/0#interface Cellular0/0/0link-protocol ppp 封装ppp协议#interface Cellular0/0/1link-protocol ppp封装ppp协议#interface NULL0#ip route-static 0.0.0.0 0.0.0.0 172.31.1.5 静态默认路由这是一条#user-interface con 0user-interface vty 0 4user-interface vty 16 20#return<Huawei>460510895清水无香。

智能流控路由器华为AR1220华为技术有限公司是全球领先的电信解决方案供应商，有着强大的研发能力，提供多元化的产品和服务，做为产生路由器的老牌企业，华为这次专为网吧、工厂、学校等单位而研发的AR1200路由器，更是体现了华为的科技力量。

下面是店铺整理的一些关于智能流控路由器华为AR1220的相关资料，供你参考。

智能流控路由器华为AR1220介绍一、华为AR1220路由器采用多核CPU和无阻塞交换结构，拥有强大的数据处理能力，支持多种网络管理模式，支持多种宽带接入技术，并且内置防火墙功能，能够有效防止病毒攻击及非法入侵。

凭借领先于业界的系统性能和可扩展能力，充分满足未来业务扩展的多元化应用需求。

二、路由器接口卡安装在业务槽位内，包含SIC和WSIC两种接口卡。

两个SIC槽位通过拆卸滑道可以组合成一个WSIC槽位。

华为AR1220路由器采用多种接口卡，包括以太网接口卡、ADSL2+/G.SHDSL接口卡、E1/T1/PRI/VE1/VT1接口卡、同异步接口卡、FXS/FXO语音卡、ISDN接口卡等。

三、华为AR1220路由器的软件分为基础软件和功能License软件。

基础软件包含路由、交换、语音、安全等基础特性。

功能License 软件包括特色功能包，如PBX等。

四、采用嵌入式硬件加密、支持防火墙，覆盖业界最广泛的有线和无线连接模式，如E1/T1、xDSL、3G等。

它的转发性能为350Kpps，有8个FE和2个GE端口，有2个SIC插槽，外形尺寸(WxDxH)为390mmx220mmx44.5mm。

华为AR1220路由器是华为专门为中小型企业单位推出的高性价比，智能型宽带路由器，它融入了华为第三代AR、采用多核CPU、无阻塞交换架构、双模网络。

具有开放业务平台，安全业务接入，智能业务部署，业务管理简单等特性。

华为AR1220重要参数Qos支持：支持支持：支持产品内存：DRAM内存：512MB FLASH内存：25...网络安全：ACL、防火墙、802.1x认证、MAC地...电源功率：54W华为AR1220基本参数路由器类型：企业级路由器端口结构：模块化其它端口：8个FE，2个GE接口2个USB2.0端口1个Mini-USB控制台端口1个串行辅助/控制台端口扩展模块：2个SIC插槽华为AR1220功能参数防火墙：内置防火墙Qos支持：支持支持：支持网络安全：ACL、防火墙、802.1x认证、MAC地址认证、Web 认证、AAA认证、RADIUS认证、HWTACACS认证、广播风暴抑制、ARP安全、ICMP反攻击、URPF、IP Source Guard、DHCP Snooping、CPCAR、黑名单、攻击源追踪网络管理：升级管理、设备管理、Web网管、GTL、SNMP、RMON、RMON2、NTP、CWMP、Auto-Config、U盘开局、NetConf华为AR1220其他参数产品内存：DRAM内存：512MBFLASH内存：256MB电源电压：AC 100-240V，50/60Hz电源功率：54W产品尺寸：390×220×44.5mm产品重量：2.9kg环境标准：工作温度：0-40℃工作湿度：5%-90%(不结露)其它性能：整机交换容量：8Gbps[1]。

华为 AR1220路由器配置参数实际应用实例解说一1. 配置参数[GZ]dis cu[V200R001C00SPC200] //路由器软件版本,可从官方网站下载#sysname GZ //路由器名字 GZftp server enable //ftp 服务开通以便拷贝出配置文件备份#voice#http server port 1025 //httpundo http server enable#drop illegal-mac alarm#l2tp aging 0#vlan batch 10 20 30 40 50 //本路由器设置的 VLAN ID#igmp global limit 256#multicast routing-enable //开启组播#dhcp enable //全局下开启 DHCP 服务然后在各 VLAN 上开启单独的 DHCP #ip vpn-instance 1ipv4-family#acl number 2000rule 10 permit#acl number 2001 //以太网访问规则列表。

rule 6 permit source 172.23.68.0 0.0.0.255 //允许此网段访问外网rule 7 permit source 172.23.69.0 0.0.0.255 //允许此网段访问外网rule 8 permit source 172.23.65.0 0.0.0.3 //允许此网段的前三个 IP 访问外网 rule 9 deny //不允许其他网段访问外网#acl number 3000 //此规则并未应用rule 40 permit ip source 172.23.65.0 0.0.0.255 destination 172.23.69.0 0.0.0.25 5#acl number 3001//定义两个网段主机互不访问,学生不能访问 65网段。

实验4-4 默认路由项配置一、实验背景二、实验目的（1）了解默认路由项的适用环境；（2）掌握默认路由项的配置过程；（3）了解默认路由项可能存在的问题。

三、实验设备路由器AR1220两台，交换机S5700八台，PC八台。

四、实验步骤1、新建拓扑图2、PC配置IP地址、子网掩码、网关如上图3、路由器AR1配置<Huawei>system-view[Huawei]undo info-center enable[Huawei]sysn AR1[AR1]interface GigabitEthernet 0/0/0[AR1-GigabitEthernet0/0/0]ip address 192.168.1.254 24 [AR1-GigabitEthernet0/0/0]quit[AR1]interface GigabitEthernet 0/0/1[AR1-GigabitEthernet0/0/1]ip address 200.33.1.254 24[AR1-GigabitEthernet0/0/1]quit[AR1]interface GigabitEthernet 2/0/0[AR1-GigabitEthernet2/0/0]ip address 10.2.1.254 24 [AR1-GigabitEthernet2/0/0]quit[AR1]interface GigabitEthernet 2/0/1[AR1-GigabitEthernet2/0/1]ip address 202.2.1.254 24 [AR1-GigabitEthernet2/0/1]quit[AR1]interface GigabitEthernet 2/0/2[AR1-GigabitEthernet2/0/2]ip address 192.1.2.1 24 [AR1-GigabitEthernet2/0/2]quit[AR1]ip route-static 0.0.0.0 0 192.1.2.24、路由器AR2配置<Huawei>system-view[Huawei]undo info-center enable[Huawei]sysn AR2[AR2]interface GigabitEthernet 0/0/0[AR2-GigabitEthernet0/0/0]ip address 198.168.1.254 24 [AR2-GigabitEthernet0/0/0]quit[AR2]interface GigabitEthernet 0/0/1[AR2-GigabitEthernet0/0/1]ip address 207.2.1.254 24 [AR2-GigabitEthernet0/0/1]quit[AR2]interface GigabitEthernet 2/0/0[AR2-GigabitEthernet2/0/0]ip address 66.2.1.254 24 [AR2-GigabitEthernet2/0/0]quit[AR2]interface GigabitEthernet 2/0/1[AR2-GigabitEthernet2/0/1]ip address 102.2.2.254 24 [AR2-GigabitEthernet2/0/1]quit[AR2]interface GigabitEthernet 2/0/2[AR2-GigabitEthernet2/0/2]ip address 192.1.2.2 24 [AR2-GigabitEthernet2/0/2]quit[AR2]ip route-static 0.0.0.0 0 192.1.2.15、通过ping检测网络连通性通过PC1去ping检测与所有PC的网络连通情况注意：如果以上ping结果显示PC1与所有PC可以通信，，则说明已经达到了实验结果要求。