当前位置:文档之家› 华为路由器交换机实现单臂路由的方法

华为路由器交换机实现单臂路由的方法

[AR28-31]dis cu
#
sysname Quidway
#
FTP server enable
#
nat address-group 0 222.222.222.2 222.222.222.10用于上公网的地址池
#
radius scheme system
#
domain system
#
local-user admin
Router(config-subif)#ip add 192.168.1.254 255.255.255.0
Router(config-subif)#exit
Router(config)#int f1/0.2
Router(config-subif)#encapsulation dot1q 20//描术子接口的类型为dot1q
level 3
#
dhcp server ip-pool 10为VLAN10分配IP地址
network 192.168.10.0 mask 255.255.255.0
gateway-list 192.168.10.1
dns-list 100.100.100.100
#
dhcp server ip-P地址:192.168.2.1子网掩码:255.255.255.0默认网关:192.168.2.254
PC3: IP地址:192.168.2.2子网掩码:255.255.255.0默认网关:192.168.2.254
4配置成功后的测试
华为路由器单臂路由配置实例2009-04-05 14:20组网描述:
华为路由器交换机实现单臂路由的方法
连接如上图,ROUTET的F1/0与SWITCH的F0/24相连,SWITCH的F0/1,F0/2,F0/11分别与PC1,PC2,PC3相连接,PC1,PC2分到VLAN2,
PC3分到VLAN 3
1.路由器的配置
[Router][Router]inter e0[Router-Ethernet0]inter e 0.1 //定义子接口E0.1[Router-Ethernet0.1]ip add 192.168.1.254 255.255.255.0[Router-Ethernet0.1]vlan-type dot1q vid 2 //指定以太网子接口属于VLAN2,此命令应用在以太网子接口上。[Router-Ethernet0.1]inter e0.2 //定义子接口E0.2
Router>enable
Router#configure terminal
Router(config)#int f1/0
Router(config-if)#no shut
Router(config)#int f 1/0.1
Router(config-subif)#encapsulation dot1q 10//描术子接口的类型为dot1q
rule 10 deny udp destination-port eq 539
rule 11 deny udp destination-port eq 593
rule 12 deny tcp destination-port eq 593
rule 13 deny udp destination-port eq 1434
Router(config-subif)#ip add 192.168.2.254 255.255.255.0
Router(config-subif)#exit
Router#copy run star
2交换机的配置
Switch>enable
Switch#vlan database
Switch(vlan)#vlan 10
rule 0 permit source 192.168.0.0 0.0.255.255
rule 1 deny
#
acl number 3000
rule 0 deny udp destination-port eq tftp
rule 1 deny tcp destination-port eq 135
[Router-Ethernet0.2]ip add 192.168.2.254 255.255.255.0[Router-Ethernet0.2]vlan-type dot1q vid 3 //指定以太网子接口属于VLAN3[Router-Ethernet0.3]inter e0[Router-Ethernet0]undo shut
firewall packet-filter 3000 inbound
vlan-type dot1q vid 30
#
interface Ethernet1/0.4终结交换机上的VLAN40
tcp mss 1024
ip address 192.168.40.1 255.255.255.0
firewall packet-filter 3000 inbound
Switch(config)#int f0/3
Switch(config-if)#switchport access vlan 20
Switch(config-if)#exit
3.PC机的配置
PC1: IP地址:192.168.1.1子网掩码:255.255.255.0默认网关:192.168.1.254
#
interface Aux0
async mode flow
#
interface Ethernet1/0用于与交换机的管理IP互通
ip address 192.168.100.1 255.255.255.0
firewall packet-filter 3000 inbound
#
interface Ethernet1/0.1终结交换机上的VLAN10
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
service-type telnet terminal
level 3
service-type ftp
local-user huawei telnet用户,用于远程管理
password simple huawei
service-type telnet
Switch(vlan)#vlan 20
Switch(vlan)#exit
Switch#configure terminal
Switch(config)#int f0/0
Switch(config-if)#switchport mode trunk//把接品设成trunk模式,
Switch(config)#int f0/1
rule 2 deny udp destination-port eq 135
rule 3 deny udp destination-port eq netbios-ns
rule 4 deny udp destination-port eq netbios-dgm
rule 5 deny tcp destination-port eq 139
2.PC机的配置
PC1: IP地址:192.168.1.1子网掩码:255.255.255.0默认网关:192.168.1.254
PC2: IP地址:192.168.2.1子网掩码:255.255.255.0默认网关:192.168.2.254
PC3: IP地址:192.168.2.2子网掩码:255.255.255.0默认网关:192.168.2.254
Switch(config-if)#switchport access vlan 10
Switch(config-if)#exit
Switch(config)#int f0/2
Switch(config-if)#switchport access vlan 20
Switch(config-if)#exit
[Quidway-vlan2]vlan 3[Quidway-vlan3]port eth 0/11 //将第11端口加入VLAN3[Quidway-vlan3]inter e0/24[Quidway-Ethernet0/24]port link-type trunk //将第24端口设为trunk口[Quidway-Ethernet0/24]port trunk permit vlan all//允许所有VLAN流量通过,这里与CISCO的交换机有所不同的是CISCO交换机默认是允许所有VLAN的流里通过Please wait........................................... Done.
network 192.168.20.0 mask 255.255.255.0
gateway-list 192.168.20.1
dns-list 100.100.100.100
#
dhcp server ip-pool 30为VLAN30分配IP地址
network 192.168.30.0 mask 255.255.255.0
PC---------------------3050C-------------------------AR28-31-------------------------INTERNET
组网实现:
3050C上划分多个VLAN,在AR28-31上终结VLAN信息,下面的所有VLAN中的PC都可以上公网,所有的PC机都通过AR28-31分配IP地址和DNS
gateway-list 192.168.30.1
dns-list 100.100.100.100
#
dhcp server ip-pool 40为VLAN40分配IP地址
network 192.168.40.0 mask 255.255.255.0
相关主题

相关文档推荐: