问题描述:
[HX-H3C-F5000-A]DISP CURR
#
version 5.20, Feature 3210P20
#
sysname HX-H3C-F5000-A
#
undo voice vlan mac-address 00e0-bb00-0000
#
nat address-group 1 42.247.1.200 42.247.1.201 level 1
#
domain default enable system
#
telnet server enable
#
ip ttl-expires enable
ip unreachables enable
#
undo ip http enable
#
multicast routing-enable
#
undo alg dns
#
acl number 2000
rule 1 permit source 10.0.1.0 0.0.0.255
rule 2 permit source 10.0.3.0 0.0.0.255
rule 3 permit source 10.0.4.0 0.0.0.255
rule 4 permit source 10.0.5.0 0.0.0.255
rule 5 permit source 10.0.6.0 0.0.0.255
rule 6 permit source 10.0.7.0 0.0.0.255
rule 7 permit source 10.0.8.0 0.0.0.255
rule 8 permit source 10.0.9.0 0.0.0.255
rule 9 permit source 10.0.10.0 0.0.0.255
rule 10 permit source 192.168.1.0 0.0.0.255
rule 11 permit source 10.10.10.0 0.0.0.255
rule 12 permit source 10.0.43.248 0.0.0.7
rule 13 permit source 10.100.1.0 0.0.0.255
rule 14 permit source 10.0.20.0 0.0.0.7
rule 15 permit source 10.0.34.66 0.0.0.1
rule 17 permit source 10.0.42.253 0
rule 21 permit source 10.1.2.0 0.0.0.255
rule 23 permit source 10.0.45.0 0.0.0.255
rule 24 permit source 10.0.21.252 0.0.0.1
rule 25 permit source 10.10.41.0 0.0.0.255
rule 26 permit source 10.10.42.0 0.0.0.225
rule 27 permit source 10.10.43.0 0.0.0.255
rule 28 permit source 10.10.44.0 0.0.0.255
rule 29 permit source 10.10.45.0 0.0.0.255
rule 30 permit source 10.0.50.0 0.0.0.255
rule 31 permit source 10.0.57.0 0.0.0.255
rule 32 permit source 10.10.46.0 0.0.0.255
rule 33 permit source 10.10.47.0 0.0.0.255
rule 35 permit source 10.0.58.0 0.0.0.255
rule 36 permit source 10.10.49.0 0.0.0.255
rule 38 permit source 10.10.51.0 0.0.0.255
rule 39 permit source 10.0.48.0 0.0.0.255
rule 41 permit source 100.0.1.0 0.0.0.255
rule 42 permit source 10.10.9.4 0
rule 43 permit source 100.0.2.0 0.0.0.255
rule 44 permit source 100.0.4.0 0.0.0.255
rule 45 permit source 100.0.7.0 0.0.0.255
rule 46 permit source 100.0.9.0 0.0.0.255
rule 47 permit source 10.0.46.0 0.0.0.255
rule 48 permit source 10.0.69.0 0.0.0.255
rule 49 permit source 10.0.70.0 0.0.0.255
rule 50 permit source 10.0.71.0 0.0.0.255
rule 51 permit source 10.0.72.0 0.0.0.255
rule 52 permit source 10.0.73.0 0.0.0.255
rule 53 permit source 10.0.74.0 0.0.0.255
rule 54 permit source 10.0.75.0 0.0.0.255
rule 63 permit source 10.0.77.0 0.0.0.255
rule 64 permit source 10.0.88.0 0.0.0.255
rule 100 permit source 10.0.0.0 0.255.255.255
rule 105 permit source 10.0.47.0 0.0.0.255
acl number 2002
rule 1 permit source 10.0.10.252 0
rule 2 permit source 10.0.9.253 0
rule 3 permit source 10.0.58.133 0
rule 4 permit source 10.0.58.29 0
rule 5 permit source 10.10.10.1 0
#
acl number 3001
rule 1 permit ip source 0.0.0.0 255.255.0.0 destination 10.10.10.12 0
acl number 3010
rule 0 permit ip source 10.10.10.81 0
rule 1 permit ip source 10.10.10.90 0
acl number 3200
rule 1 permit ip source 10.10.0.0 0.0.255.255 destination 10.10.10.12 0
rule 2 permit ip source 10.0.0.0 0.255.255.255 destination 10.10.10.52 0
rule 3 permit ip source 10.0.0.0 0.255.255.255 destination 10.10.10.53 0
rule 4 permit ip source 10.10.10.0 0.0.0.255 destination 10.10.10.90 0
rule 5 permit ip source 10.10.10.81 0
rule 7 permit ip source 10.10.10.0 0.0.0.255 destination 10.10.10.81 0
rule 8 permit ip source 10.0.0.0 0.255.255.255 destination 10.10.10.90 0
rule 9 permit ip source 100.0.0.0 0.255.255.255 destination 10.10.10.90 0
acl number 3998
rule 10 permit ip source 10.0.244.0 0.0.0.255
acl number 3999
rule 5 permit ip source 10.0.79.0 0.0.0.255
rule 10 permit ip source 10.0.80.0 0.0.0.255
rule 15 permit ip source 10.0.81.0 0.0.0.255
rule 20 permit ip source 10.0.82.0 0.0.0.255
rule 25 permit ip source 10.0.83.0 0.0.0.255
rule 30 permit ip source 10.0.84.0 0.0.0.255
rule 35 permit ip source 10.0.85.0 0.0.0.255
rule 45 permit ip source 10.0.78.0 0.0.0.255
#
vlan 1
#
vlan 101 to 513
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
pki domain default
crl check disable
#
traffic classifier icmp operator and
if-match acl 3002
traffic classifier dianxin operator and
#
traffic behavior icmp
filter deny
traffic behavior dianxin
#
qos policy icmp
classifier icmp behavior icmp
qos policy dianxin
classifier dianxin behavior dianxin
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher $c$3$jlroQ0W360X+2B58kqtOvzMpYmcpuOPskrRmp2s=
authorization-attribute level 3
service-type telnet
service-type web
local-user test001
password cipher $c$3$MaQIq0mnhBA/UpWTA8BU7rQWWX2AOLT/erAf
authorization-attribute level 3
service-type ssh
#
ssl server-policy access-policy
pki-domain default
#
interface Aux0
async mode flow
link-protocol ppp
#
interface NULL0
#
interface GigabitEthernet2/0
port link-mode route
description TO_hexin 12508
nat outbound 2002
nat outbound 2000
nat server protocol tcp global 122.194.115.XXX any inside 100.0.1.1 any
nat server protocol tcp global 122.194.115.XXX any inside 100.0.1.2 any
shutdown
ip policy-based-route xin
#
interface GigabitEthernet2/2
port link-mode route
description fuwuqi
nat outbound 3001
duplex full
ip address 10.10.9.1 255.255.255.0
#
interface GigabitEthernet2/3
port link-mode route
description dianxin
nat outbound 3999
nat outbound 3998
ip address 61.132.42.XXX 255.255.255.252
#
interface GigabitEthernet2/4
port link-mode route
#
interface GigabitEthernet2/5
port link-mode route
#
interface GigabitEthernet2/6
port link-mode route
#
interface GigabitEthernet2/7
port link-mode route
#
interface GigabitEthernet2/8
port link-mode route
description TO_hexin 12508
nat outbound 3500
nat server protocol tcp global 122.194.115.XXX any inside 100.0.1.2 any
nat server protocol tcp global 122.194.115.XXX any inside 100.0.1.1 any
nat server protocol tcp global 122.194.115.XXX www inside 10.10.10.81 www
nat server protocol tcp global 122.194.115.XXX www inside 10.10.10.52 www
nat server protocol tcp global 122.194.115.XXX 81 inside 10.10.10.52 81
nat server protocol tcp global 122.194.115.XXX 2202 inside 10.10.10.52 22
nat server protocol tcp global 122.194.115.XXX 2203 inside 10.10.10.53 22
nat server protocol tcp global 122.194.115.XXX 3100 inside 10.10.10.53 1521
nat server protocol tcp global 122.194.115.XXX 5421 inside 10.10.10.11 1521
nat server protocol tcp global 122.194.115.XXX www inside 10.10.10.12 www
nat server protocol tcp global 122.194.115./// 1220 inside 10.10.10.90 22
nat server protocol tcp global 122.194.115.XXX 1220 inside 10.10.10.91 22
nat server protocol tcp global 122.194.115.XXX 1202 inside 10.10.10.12 22
nat server protocol tcp global 122.194.115.XXX www inside 10.10.10.64 www
nat server protocol tcp global 122.194.115.XXX 866 inside 10.10.10.64 866
nat server protocol tcp global 122.194.115.XXX 800 inside 10.10.10.64 800
nat server protocol tcp global 122.194.115./// 800 inside 10.10.10.90 www
nat server protocol tcp global 122.194.115.XXX 8000 inside 10.10.10.91 8080
nat server protocol tcp global 122.194.115./// www inside 10.10.10.90 www
nat server protocol tcp global 122.194.115.XXX 2200 inside 10.10.10.93 22
nat server protocol tcp global 122.194.115.XXX 8080 inside 10.10.10.93 8080
nat server protocol tcp global 122.194.115.XXX 3389 inside 10.1.2.1 3389
combo enable fiber
ip address 192.168.10.2 255.255.255.248
ip policy-based-route xin
#
interface GigabitEthernet2/9
port link-mode route
description jiaoyuwang
nat outbound 2002 address-group 1
ip address 219.219.150.XXX 255.255.255.240
ip address 42.247.1.XXX 255.255.255.248 sub
ip address 42.247.1.XXX 255.255.255.248 sub
#
interface GigabitEthernet2/10
port link-mode route
nat outbound 2000
combo enable fiber
duplex full
speed 1000
shutdown
#
interface GigabitEthernet2/11
port link-mode route
description liantong
nat outbound 2000
nat server protocol tcp global 122.194.115.XXX 3389 inside 10.1.2.1 3389
nat server protocol tcp global 122.194.115.XXX any inside 100.0.1.2 any
nat server protocol tcp global 122.194.115.XXX any inside 100.0.1.1 any
nat server protocol tcp global 122.194.115.XXX www inside 10.10.10.81 www
nat server protocol tcp global 122.194.115.XXX www inside 10.10.10.52 www
nat server protocol tcp global 122.194.115.XXX 81 inside 10.10.10.52 81
nat server protocol tcp global 122.194.115.XXX 2202 inside 10.10.10.52 22
nat server protocol tcp global 122.194.115.XXX 2203 inside 10.10.10.53 22
nat server protocol tcp global 122.194.115.XXX 3100 inside 10.10.10.53 1521
nat server protocol tcp global 122.194.115.XXX 5421 inside 10.10.10.11 1521
nat server protocol tcp global 122.194.115.XXX www inside 10.10.10.12 www
nat server protocol tcp global 122.194.115./// 1220 inside 10.10.10.90 22
nat server protocol tcp global 122.194.115.XXX 1220 inside 10.10.10.91 22
nat server protocol tcp global 122.194.115./// www inside 10.10.10.90 www
nat server protocol tcp global 122.194.115.XXX www inside 10.10.10.64 www
nat server protocol tcp global 122.194.115.XXX 866 inside 10.10.10.64 866
nat server protocol tcp global 122.194.115.XXX 800 inside 10.10.10.64 800
nat server protocol tcp global 122.194.115./// 800 inside 10.10.10.90 www
nat server protocol tcp global 122.194.115.XXX 8000 inside 10.10.10.91 8080
nat server protocol tcp global 122.194.115.XXX 2200 inside 10.10.10.93 22
nat server protocol tcp global 122.194.115.XXX 8080 inside 10.10.10.93 8080
combo enable fiber
duplex full
speed 1000
ip address 122.194.115.XXX 255.255.255.240
ip address 122.194.115.XXX 255.255.255.240 sub
#
interface GigabitEthernet2/1
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 101 to 513
#
interface M-GigabitEthernet0/0
ip address 172.16.2.1 255.255.255.0
#
policy-based-route xin permit node 5
if-match acl 3998
apply ip-address next-hop 61.132.42.XXX
policy-based-route xin permit node 10
if-match acl 2003
apply ip-address next-hop 58.222.186.XXX
policy-based-route xin permit node 11
if-match acl 3000
apply ip-address next-hop 58.222.186.XXX
policy-based-route xin permit node 20
if-match acl 2002
apply ip-address next-hop 219.219.150.XXX
#
ip route-static 0.0.0.0 0.0.0.0 122.194.115.XXX
ip route-static 0.0.0.0 0.0.0.0 61.132.42.XXXpreference 70
ip route-static 10.0.0.0 255.0.0.0 192.168.10.1
ip route-static 10.10.9.0 255.255.255.0 10.10.9.2
ip route-static 100.0.0.0 255.255.240.0 192.168.10.1
ip route-static 192.168.1.0 255.255.255.0 192.168.10.1
组网及组网描述:
三条出口线路:GigabitEthernet2/3为电信线路,GigabitEthernet2/9为教育网线路,GigabitEthernet2/11为联通线路,服务器地址映射为联通的公网地址122.194.115.///
做了策略路由让10.0.244.0网段从电信出口走,但是此网段访问不了服务器122.194.115.///(能ping通)
- 2017-09-18提问
- 举报
-
(0)
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
好多多余的配置,看的好晕