华为路由器交换机实现单臂路由的方法
合集下载
相关主题
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
华为路由器交换机实现单臂路由的方法
连接如上图,ROUTET的F1/0与SWITCH的F0/24相连,SWITCH的F0/1,F0/2,F0/11分别与PC1,PC2,PC3相连接,PC1,PC2分到VLAN2,
PC3分到VLAN 3
1.路由器的配置
[Router][Router]inter e0[Router-Ethernet0]inter e 0.1 //定义子接口E0.1[Router-Ethernet0.1]ip add 192.168.1.254 255.255.255.0[Router-Ethernet0.1]vlan-type dot1q vid 2 //指定以太网子接口属于VLAN2,此命令应用在以太网子接口上。[Router-Ethernet0.1]inter e0.2 //定义子接口E0.2
tcp mss 1024
ip address 192.168.10.1 255.255.255.0
firewall packet-filter 3000 inbound
vlan-type dot1q vid 10
#
interface Ethernet1/0.2终结交换机上的VLAN20
tcp mss 1024
rule 2 deny udp destination-port eq 135
rule 3 deny udp destination-port eq netbios-ns
rule 4 deny udp destination-port eq netbios-dgm
rule 5 deny tcp destination-port eq 139
Router>enable
Router#configure terminal
Router(config)#int f1/0
Router(config-if)#no shut
Router(config)#int f 1/0.1
Router(config-subif)#encapsulation dot1q 10//描术子接口的类型为dot1q
rule 6 deny udp destination-port eq netbios-ssn
rule 7 deny tcp destination-port eq 445
rule 8 deny udp destination-port eq 445
rule 9 deny tcp destination-port eq 539
PC2: IP地址:192.168.2.1子网掩码:255.255.255.0默认网关:192.168.2.254
PC3: IP地址:192.168.2.2子网掩码:255.255.255.0默认网关:192.168.2.254
4配置成功后的测试
华为路由器单臂路由配置实例2009-04-05 14:20组网描述:
Switch(config)#int f0/3
Switch(config-if)#switchport access vlan 20
Switch(config-if)#exit
3.PC机的配置
PC1: IP地址:192.168.1.1子网掩码:255.255.255.0默认网关:192.168.1.254
2.PC机的配置
PC1: IP地址:192.168.1.1子网掩码:255.255.255.0默认网关:192.168.1.254
PC2: IP地址:192.168.2.1子网掩码:255.255.255.0默认网关:192.168.2.254
PC3: IP地址:192.168.2.2子网掩码:255.255.255.0默认网关:192.168.2.254
Switch(config-if)#switchport access vlan 10
Switch(config-if)#exit
Switch(config)#int f0/2
Switch(config-if)#switchport accesБайду номын сангаас vlan 20
Switch(config-if)#exit
ip address 192.168.20.1 255.255.255.0
firewall packet-filter 3000 inbound
vlan-type dot1q vid 20
#
interface Ethernet1/0.3终结交换机上的VLAN30
tcp mss 1024
ip address 192.168.30.1 255.255.255.0
[AR28-31]dis cu
#
sysname Quidway
#
FTP server enable
#
nat address-group 0 222.222.222.2 222.222.222.10用于上公网的地址池
#
radius scheme system
#
domain system
#
local-user admin
2.交换机的配置
<Quidway><Quidway>sysEnter system view , return user view with Ctrl Z.
[Quidway]vlan 2[Quidway-vlan2]port ethernet 0/1 to eth 0/2 eth 0/22 //将第1至2端口,加入到VLAN2
Router(config-subif)#ip add 192.168.1.254 255.255.255.0
Router(config-subif)#exit
Router(config)#int f1/0.2
Router(config-subif)#encapsulation dot1q 20//描术子接口的类型为dot1q
Router(config-subif)#ip add 192.168.2.254 255.255.255.0
Router(config-subif)#exit
Router#copy run star
2交换机的配置
Switch>enable
Switch#vlan database
Switch(vlan)#vlan 10
rule 0 permit source 192.168.0.0 0.0.255.255
rule 1 deny
#
acl number 3000
rule 0 deny udp destination-port eq tftp
rule 1 deny tcp destination-port eq 135
vlan-type dot1q vid 40
#
interface Ethernet2/0
ip address 222.222.222.1 255.255.255.0
nat outbound 2000 address-group 0进行私网到公网的地址转换
#
interface NULL0
#
acl number 2000允许192.168.0.0这个网段的地址进行地址转换
firewall packet-filter 3000 inbound
vlan-type dot1q vid 30
#
interface Ethernet1/0.4终结交换机上的VLAN40
tcp mss 1024
ip address 192.168.40.1 255.255.255.0
firewall packet-filter 3000 inbound
level 3
#
dhcp server ip-pool 10为VLAN10分配IP地址
network 192.168.10.0 mask 255.255.255.0
gateway-list 192.168.10.1
dns-list 100.100.100.100
#
dhcp server ip-pool 20为VLAN20分配IP地址
rule 10 deny udp destination-port eq 539
rule 11 deny udp destination-port eq 593
rule 12 deny tcp destination-port eq 593
rule 13 deny udp destination-port eq 1434
Switch(vlan)#vlan 20
Switch(vlan)#exit
Switch#configure terminal
Switch(config)#int f0/0
Switch(config-if)#switchport mode trunk//把接品设成trunk模式,
Switch(config)#int f0/1
[Router-Ethernet0.2]ip add 192.168.2.254 255.255.255.0[Router-Ethernet0.2]vlan-type dot1q vid 3 //指定以太网子接口属于VLAN3[Router-Ethernet0.3]inter e0[Router-Ethernet0]undo shut
[Quidway-vlan2]vlan 3[Quidway-vlan3]port eth 0/11 //将第11端口加入VLAN3[Quidway-vlan3]inter e0/24[Quidway-Ethernet0/24]port link-type trunk //将第24端口设为trunk口[Quidway-Ethernet0/24]port trunk permit vlan all//允许所有VLAN流量通过,这里与CISCO的交换机有所不同的是CISCO交换机默认是允许所有VLAN的流里通过Please wait........................................... Done.
network 192.168.20.0 mask 255.255.255.0
gateway-list 192.168.20.1
dns-list 100.100.100.100
#
dhcp server ip-pool 30为VLAN30分配IP地址
network 192.168.30.0 mask 255.255.255.0
gateway-list 192.168.30.1
dns-list 100.100.100.100
#
dhcp server ip-pool 40为VLAN40分配IP地址
network 192.168.40.0 mask 255.255.255.0
gateway-list 192.168.40.1
dns-list 100.100.100.100
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
service-type telnet terminal
level 3
service-type ftp
local-user huawei telnet用户,用于远程管理
password simple huawei
service-type telnet
#
interface Aux0
async mode flow
#
interface Ethernet1/0用于与交换机的管理IP互通
ip address 192.168.100.1 255.255.255.0
firewall packet-filter 3000 inbound
#
interface Ethernet1/0.1终结交换机上的VLAN10
思科路由器交换机实现单臂路由的方法
CISCO路由器实现单臂路由的配置方法
连接如上图,ROUTET的F1/0与SWITCH的F0/0相连,SWITCH的F0/1,F0/2,F0/3分别与PC1,PC2,PC3相连接,PC1分到VLAN10,
PC2,PC3分到VLAN 20
1.路由器的配置
注意的地方,在子接口先要先描术DOT1Q,再配IP地址,DOT1Q后面的数字是VLAN的号码,根据交换机的配置不同有所不同
PC---------------------3050C-------------------------AR28-31-------------------------INTERNET
组网实现:
3050C上划分多个VLAN,在AR28-31上终结VLAN信息,下面的所有VLAN中的PC都可以上公网,所有的PC机都通过AR28-31分配IP地址和DNS
连接如上图,ROUTET的F1/0与SWITCH的F0/24相连,SWITCH的F0/1,F0/2,F0/11分别与PC1,PC2,PC3相连接,PC1,PC2分到VLAN2,
PC3分到VLAN 3
1.路由器的配置
[Router][Router]inter e0[Router-Ethernet0]inter e 0.1 //定义子接口E0.1[Router-Ethernet0.1]ip add 192.168.1.254 255.255.255.0[Router-Ethernet0.1]vlan-type dot1q vid 2 //指定以太网子接口属于VLAN2,此命令应用在以太网子接口上。[Router-Ethernet0.1]inter e0.2 //定义子接口E0.2
tcp mss 1024
ip address 192.168.10.1 255.255.255.0
firewall packet-filter 3000 inbound
vlan-type dot1q vid 10
#
interface Ethernet1/0.2终结交换机上的VLAN20
tcp mss 1024
rule 2 deny udp destination-port eq 135
rule 3 deny udp destination-port eq netbios-ns
rule 4 deny udp destination-port eq netbios-dgm
rule 5 deny tcp destination-port eq 139
Router>enable
Router#configure terminal
Router(config)#int f1/0
Router(config-if)#no shut
Router(config)#int f 1/0.1
Router(config-subif)#encapsulation dot1q 10//描术子接口的类型为dot1q
rule 6 deny udp destination-port eq netbios-ssn
rule 7 deny tcp destination-port eq 445
rule 8 deny udp destination-port eq 445
rule 9 deny tcp destination-port eq 539
PC2: IP地址:192.168.2.1子网掩码:255.255.255.0默认网关:192.168.2.254
PC3: IP地址:192.168.2.2子网掩码:255.255.255.0默认网关:192.168.2.254
4配置成功后的测试
华为路由器单臂路由配置实例2009-04-05 14:20组网描述:
Switch(config)#int f0/3
Switch(config-if)#switchport access vlan 20
Switch(config-if)#exit
3.PC机的配置
PC1: IP地址:192.168.1.1子网掩码:255.255.255.0默认网关:192.168.1.254
2.PC机的配置
PC1: IP地址:192.168.1.1子网掩码:255.255.255.0默认网关:192.168.1.254
PC2: IP地址:192.168.2.1子网掩码:255.255.255.0默认网关:192.168.2.254
PC3: IP地址:192.168.2.2子网掩码:255.255.255.0默认网关:192.168.2.254
Switch(config-if)#switchport access vlan 10
Switch(config-if)#exit
Switch(config)#int f0/2
Switch(config-if)#switchport accesБайду номын сангаас vlan 20
Switch(config-if)#exit
ip address 192.168.20.1 255.255.255.0
firewall packet-filter 3000 inbound
vlan-type dot1q vid 20
#
interface Ethernet1/0.3终结交换机上的VLAN30
tcp mss 1024
ip address 192.168.30.1 255.255.255.0
[AR28-31]dis cu
#
sysname Quidway
#
FTP server enable
#
nat address-group 0 222.222.222.2 222.222.222.10用于上公网的地址池
#
radius scheme system
#
domain system
#
local-user admin
2.交换机的配置
<Quidway><Quidway>sysEnter system view , return user view with Ctrl Z.
[Quidway]vlan 2[Quidway-vlan2]port ethernet 0/1 to eth 0/2 eth 0/22 //将第1至2端口,加入到VLAN2
Router(config-subif)#ip add 192.168.1.254 255.255.255.0
Router(config-subif)#exit
Router(config)#int f1/0.2
Router(config-subif)#encapsulation dot1q 20//描术子接口的类型为dot1q
Router(config-subif)#ip add 192.168.2.254 255.255.255.0
Router(config-subif)#exit
Router#copy run star
2交换机的配置
Switch>enable
Switch#vlan database
Switch(vlan)#vlan 10
rule 0 permit source 192.168.0.0 0.0.255.255
rule 1 deny
#
acl number 3000
rule 0 deny udp destination-port eq tftp
rule 1 deny tcp destination-port eq 135
vlan-type dot1q vid 40
#
interface Ethernet2/0
ip address 222.222.222.1 255.255.255.0
nat outbound 2000 address-group 0进行私网到公网的地址转换
#
interface NULL0
#
acl number 2000允许192.168.0.0这个网段的地址进行地址转换
firewall packet-filter 3000 inbound
vlan-type dot1q vid 30
#
interface Ethernet1/0.4终结交换机上的VLAN40
tcp mss 1024
ip address 192.168.40.1 255.255.255.0
firewall packet-filter 3000 inbound
level 3
#
dhcp server ip-pool 10为VLAN10分配IP地址
network 192.168.10.0 mask 255.255.255.0
gateway-list 192.168.10.1
dns-list 100.100.100.100
#
dhcp server ip-pool 20为VLAN20分配IP地址
rule 10 deny udp destination-port eq 539
rule 11 deny udp destination-port eq 593
rule 12 deny tcp destination-port eq 593
rule 13 deny udp destination-port eq 1434
Switch(vlan)#vlan 20
Switch(vlan)#exit
Switch#configure terminal
Switch(config)#int f0/0
Switch(config-if)#switchport mode trunk//把接品设成trunk模式,
Switch(config)#int f0/1
[Router-Ethernet0.2]ip add 192.168.2.254 255.255.255.0[Router-Ethernet0.2]vlan-type dot1q vid 3 //指定以太网子接口属于VLAN3[Router-Ethernet0.3]inter e0[Router-Ethernet0]undo shut
[Quidway-vlan2]vlan 3[Quidway-vlan3]port eth 0/11 //将第11端口加入VLAN3[Quidway-vlan3]inter e0/24[Quidway-Ethernet0/24]port link-type trunk //将第24端口设为trunk口[Quidway-Ethernet0/24]port trunk permit vlan all//允许所有VLAN流量通过,这里与CISCO的交换机有所不同的是CISCO交换机默认是允许所有VLAN的流里通过Please wait........................................... Done.
network 192.168.20.0 mask 255.255.255.0
gateway-list 192.168.20.1
dns-list 100.100.100.100
#
dhcp server ip-pool 30为VLAN30分配IP地址
network 192.168.30.0 mask 255.255.255.0
gateway-list 192.168.30.1
dns-list 100.100.100.100
#
dhcp server ip-pool 40为VLAN40分配IP地址
network 192.168.40.0 mask 255.255.255.0
gateway-list 192.168.40.1
dns-list 100.100.100.100
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
service-type telnet terminal
level 3
service-type ftp
local-user huawei telnet用户,用于远程管理
password simple huawei
service-type telnet
#
interface Aux0
async mode flow
#
interface Ethernet1/0用于与交换机的管理IP互通
ip address 192.168.100.1 255.255.255.0
firewall packet-filter 3000 inbound
#
interface Ethernet1/0.1终结交换机上的VLAN10
思科路由器交换机实现单臂路由的方法
CISCO路由器实现单臂路由的配置方法
连接如上图,ROUTET的F1/0与SWITCH的F0/0相连,SWITCH的F0/1,F0/2,F0/3分别与PC1,PC2,PC3相连接,PC1分到VLAN10,
PC2,PC3分到VLAN 20
1.路由器的配置
注意的地方,在子接口先要先描术DOT1Q,再配IP地址,DOT1Q后面的数字是VLAN的号码,根据交换机的配置不同有所不同
PC---------------------3050C-------------------------AR28-31-------------------------INTERNET
组网实现:
3050C上划分多个VLAN,在AR28-31上终结VLAN信息,下面的所有VLAN中的PC都可以上公网,所有的PC机都通过AR28-31分配IP地址和DNS