我公司用2台H3C MSR20-12路由器。一台是公司内网使用(数据专线),一台外网使用(互联网专线),现在想要实现内网的电脑同时能上内外网。 两台路由配置如下,请大神帮忙给修改一下配置,谢谢!
内网是公司总部分配的IP地址段。
version 5.20, Release 2511P02
#
sysname JS-DX
#
undo password-control aging enable
#
firewall enable
#
domain default enable system
#
router id 10.17.112.86 上级公司专线分配地址
#
telnet server enable
#
dar p2p signature-file flash:/p2p_default.mtd
#
port-security enable
#
password-recovery enable
#
acl number 3000
rule 0 permit ip destination 192.168.100.0 0.0.0.255
rule 5 permit ip destination 192.168.118.0 0.0.0.255
rule 10 permit ip destination 192.168.122.0 0.0.0.255
rule 15 permit ip
acl number 3001
rule 0 deny ip destination 192.168.100.0 0.0.0.255
rule 5 deny ip destination 192.168.118.0 0.0.0.255
rule 10 deny ip destination 192.168.122.0 0.0.0.255
rule 15 permit ip
acl number 3602
rule 0 permit ip source 10.104.249.65 0
rule 5 permit ip source 10.104.254.101 0
rule 10 permit ip source 10.104.249.143 0
rule 15 permit ip destination 10.104.249.65 0
rule 20 permit ip destination 10.104.254.101 0
rule 25 permit ip destination 10.104.249.143 0
rule 30 permit ip source 10.104.254.11 0
rule 35 permit ip destination 10.104.254.11 0
acl number 3608
rule 0 deny ip source 10.104.249.65 0
rule 5 deny ip source 10.104.254.101 0
rule 10 deny ip source 10.104.249.143 0
rule 15 deny ip destination 10.104.249.65 0
rule 20 deny ip destination 10.104.254.101 0
rule 25 deny ip destination 10.104.249.143 0
rule 30 deny ip source 10.104.254.11 0
rule 35 deny ip destination 10.104.254.11 0
#
acl number 4999
rule 1 permit
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
traffic classifier others operator and
if-match acl 3001
traffic classifier pos&sap operator and
if-match acl 3000
traffic classifier acl3980deny operator or
if-match acl 3980
#
traffic behavior others
queue af bandwidth 6000
traffic behavior pos&sap
queue af bandwidth 4000
traffic behavior acldeny
filter deny
#
qos policy pos&sap
classifier pos&sap behavior pos&sap
classifier others behavior others
qos policy PolicyLimit
#
user-group system
group-attribute allow-guest
#
local-user JS-DX
local-user LYGXXB
password cipher ************
authorization-attribute level 3
service-type ssh telnet
service-type web
local-user admin
password cipher ***************
authorization-attribute level 3
service-type ssh telnet
service-type web
password-control length 4
password-control composition type-number 1
local-user user
password cipher ********
authorization-attribute level 3
service-type ssh telnet
#
cwmp
undo cwmp enable
#
controller E1 0/0
using e1
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Cellular0/0
async mode protocol
link-protocol ppp
qos apply policy PolicyLimit outbound
firewall packet-filter 4999 outbound
#
interface Ethernet0/0
port link-mode route
firewall packet-filter 4999 outbound
ip address 10.17.123.253 255.255.255.0
ospf cost 1000
vrrp vrid 1 virtual-ip 10.17.123.254
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode timer delay 2
qos apply policy PolicyLimit outbound
#
interface Ethernet0/1
port link-mode route
firewall packet-filter 4999 outbound
ip address 10.17.112.86 255.255.255.252 上级公司专线分配地址
ospf network-type broadcast
qos apply policy PolicyLimit outbound
ip netstream inbound
ip netstream outbound
undo ip fast-forwarding
ip flow-ordering internal
#
interface Ethernet0/2
port link-mode route
firewall packet-filter 4999 outbound
qos max-bandwidth 5120
ospf network-type p2p
qos flow-interval 1
qos apply policy PolicyLimit outbound
undo ip fast-forwarding
#
interface Serial0/0:0
link-protocol ppp
qos max-bandwidth 5120
ospf network-type p2p
qos flow-interval 1
qos apply policy PolicyLimit outbound
undo ip fast-forwarding
#
interface NULL0
#
interface Vlan-interface1
#
interface Ethernet0/3
port link-mode bridge
#
interface Ethernet0/4
port link-mode bridge
#
ospf 100
peer 10.17.112.85 上级公司专线分配地址
area 0.0.2.5
network 10.17.112.84 0.0.0.3
network 10.17.123.0 0.0.0.255
nssa
#
#
voice-setup
#
sip
#
sip-server
#
call-rule-set
#
call-route
#
dial-program
#
aaa-client
#
gk-client
#
snmp-agent
snmp-agent local-engineid 800063A20370F96D1A8D7E
snmp-agent community read yunshang1
snmp-agent sys-info version v2c
#
ip netstream export host 192.168.132.142 2055
ip netstream export source interface Ethernet0/1
#
ntp-service unicast-server 192.168.132.201
#
ssh server enable
ssh server authentication-timeout 30
ssh user admin service-type stelnet authentication-type password
#
load xml-configuration
#
load tr069-configuration
#
user-interface tty 12
user-interface aux 0
authentication-mode password
user-interface vty 0 4
authentication-mode scheme
user privilege level 3
idle-timeout 100 0
#
return
外网路由配置信息如下:
sysname H3C
#
domain default enable system
#
dns proxy enable
#
bridge enable
#
telnet server enable
#
dar p2p signature-file flash:/p2p_default.mtd
#
port-security enable
#
acl number 3000
rule 0 permit ip
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
dhcp server ip-pool vlan1 extended
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher $c$3$MDxVKXl9Q2F9eQLHJWWtAuZrDugOuI3CErkebQ==
authorization-attribute level 3
service-type telnet
local-user xuyisuning
password cipher $c$3$4GbNByYqHDH+y/2F+oyn8pGsOY2rXGtzNb8gEQ==
authorization-attribute level 3
service-type telnet
service-type web
#
cwmp
undo cwmp enable
#
attack-defense policy 1
signature-detect action drop-packet
signature-detect fraggle enable
defense icmp-flood enable
defense icmp-flood action drop-packet
#
controller E1 0/0
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Cellular0/0
async mode protocol
link-protocol ppp
nat outbound static
#
interface Ethernet0/0
port link-mode route
nat outbound static
nat outbound 3000
ip address 108.1.27.4 255.255.255.0
dns server 108.4.0.55
#
interface NULL0
#
interface Vlan-interface1
ip address 192.1.1.1 255.255.255.0
undo dhcp select server global-pool
dhcp server apply ip-pool vlan1
attack-defense apply policy 1
#
interface Ethernet0/1
port link-mode bridge
#
interface Ethernet0/2
port link-mode bridge
#
interface Ethernet0/3
port link-mode bridge
#
ip route-static 0.0.0.0 0.0.0.0 Ethernet0/0 108.1.27.1
#
dhcp server forbidden-ip 192.1.1.10 192.1.1.254
#
dhcp enable
#
nms primary monitor-interface Ethernet0/0
#
load xml-configuration
#
load tr069-configuration
#
user-interface tty 12
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
(0)
最佳答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
使用PBR是在路由器上设置的吗?还是要在加一台三层交换机啊!