问题描述:
H3C 同一台路由如何实现同时上内外网(两个内网专线地址段为10.17.123.0 网关10.17 .123.254与10.17.124.0 网关10.17.124.254)另外一台连接外网的路由地址为192.1.1.254
目前两个内网地址不能互通 ,外网的路由只能访问本地的10.17.123.0段的地址,请问如何能实现配置的10.17.124.0段地址的电脑可以同时访问内外网。
电脑配置为192段外网地址只能ping本地10.17.123.0网段,无法访问总部的各个项目的服务器。
两台路由配置如下:
请大神帮忙修改一下配置。
组网及组网描述:
内网路由
#
version 5.20, Release 2511P02
#
sysname JS-DX
#
undo password-control aging enable
#
firewall enable
#
domain default enable system
#
router id 10.17.112.86 上级公司专线分配地址
#
telnet server enable
#
dar p2p signature-file flash:/p2p_default.mtd
#
port-security enable
#
password-recovery enable
#
acl number 3000
rule 0 permit ip destination 192.168.100.0 0.0.0.255
rule 5 permit ip destination 192.168.118.0 0.0.0.255
rule 10 permit ip destination 192.168.122.0 0.0.0.255
rule 15 permit ip
acl number 3001
rule 0 deny ip destination 192.168.100.0 0.0.0.255
rule 5 deny ip destination 192.168.118.0 0.0.0.255
rule 10 deny ip destination 192.168.122.0 0.0.0.255
rule 15 permit ip
acl number 3602
rule 0 permit ip source 10.104.249.65 0
rule 5 permit ip source 10.104.254.101 0
rule 10 permit ip source 10.104.249.143 0
rule 15 permit ip destination 10.104.249.65 0
rule 20 permit ip destination 10.104.254.101 0
rule 25 permit ip destination 10.104.249.143 0
rule 30 permit ip source 10.104.254.11 0
rule 35 permit ip destination 10.104.254.11 0
acl number 3608
rule 0 deny ip source 10.104.249.65 0
rule 5 deny ip source 10.104.254.101 0
rule 10 deny ip source 10.104.249.143 0
rule 15 deny ip destination 10.104.249.65 0
rule 20 deny ip destination 10.104.254.101 0
rule 25 deny ip destination 10.104.249.143 0
rule 30 deny ip source 10.104.254.11 0
rule 35 deny ip destination 10.104.254.11 0
#
acl number 4999
rule 1 permit
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
traffic classifier others operator and
if-match acl 3001
traffic classifier pos&sap operator and
if-match acl 3000
traffic classifier acl3980deny operator or
if-match acl 3980
#
traffic behavior others
queue af bandwidth 6000
traffic behavior pos&sap
queue af bandwidth 4000
traffic behavior acldeny
filter deny
#
qos policy pos&sap
classifier pos&sap behavior pos&sap
classifier others behavior others
qos policy PolicyLimit
#
user-group system
group-attribute allow-guest
#
local-user JS-DX
local-user LYGXXB
password cipher ************
authorization-attribute level 3
service-type ssh telnet
service-type web
local-user admin
password cipher ***************
authorization-attribute level 3
service-type ssh telnet
service-type web
password-control length 4
password-control composition type-number 1
local-user user
password cipher ********
authorization-attribute level 3
service-type ssh telnet
#
cwmp
undo cwmp enable
#
controller E1 0/0
using e1
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Cellular0/0
async mode protocol
link-protocol ppp
qos apply policy PolicyLimit outbound
firewall packet-filter 4999 outbound
#
interface Ethernet0/0
port link-mode route
firewall packet-filter 4999 outbound
ip address 10.17.123.253 255.255.255.0
ip address 10.17.124.253 255.255.255.128 sub
ospf cost 1000
vrrp vrid 1 virtual-ip 10.17.123.254
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode timer delay 2
vrrp vrid 2 virtual-ip 10.17.124.254
vrrp vrid 2 priority 120
vrrp vrid 2 preempt-mode timer delay 2
qos apply policy PolicyLimit outbound
#
interface Ethernet0/1
port link-mode route
firewall packet-filter 4999 outbound
ip address 10.17.112.86 255.255.255.252 上级公司专线分配地址
ospf network-type broadcast
qos apply policy PolicyLimit outbound
ip netstream inbound
ip netstream outbound
undo ip fast-forwarding
ip flow-ordering internal
#
interface Ethernet0/2
port link-mode route
firewall packet-filter 4999 outbound
qos max-bandwidth 5120
ospf network-type p2p
qos flow-interval 1
qos apply policy PolicyLimit outbound
undo ip fast-forwarding
#
interface Serial0/0:0
link-protocol ppp
qos max-bandwidth 5120
ospf network-type p2p
qos flow-interval 1
qos apply policy PolicyLimit outbound
undo ip fast-forwarding
#
interface NULL0
#
interface Vlan-interface1
#
interface Ethernet0/3
port link-mode bridge
#
interface Ethernet0/4
port link-mode bridge
#
ospf 100
peer 10.17.112.85 上级公司专线分配地址
area 0.0.2.5
network 10.17.112.84 0.0.0.3
network 10.17.123.0 0.0.0.255
network 10.17.124.0 0.0.0.255
nssa
#
#
voice-setup
#
sip
#
sip-server
#
call-rule-set
#
call-route
#
dial-program
#
aaa-client
#
gk-client
#
snmp-agent
snmp-agent local-engineid 800063A20370F96D1A8D7E
snmp-agent community read yunshang1
snmp-agent sys-info version v2c
#
ip netstream export host 192.168.132.142 2055
ip netstream export source interface Ethernet0/1
#
ntp-service unicast-server 192.168.132.201
#
ssh server enable
ssh server authentication-timeout 30
ssh user admin service-type stelnet authentication-type password
#
load xml-configuration
#
load tr069-configuration
#
user-interface tty 12
user-interface aux 0
authentication-mode password
user-interface vty 0 4
authentication-mode scheme
user privilege level 3
idle-timeout 100 0
#
return
外网路由配置信息如下:
version 5.20, Release 2311
#
sysname H3C
#
domain default enable system
#
dns proxy enable
#
bridge enable
#
telnet server enable
#
dar p2p signature-file flash:/p2p_default.mtd
#
port-security enable
#
acl number 3000
rule 0 permit ip
#
vlan 1
#
vlan 6
description tp NeiWang 10.17.123.254
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
dhcp server ip-pool vlan1 extended
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher $c$3$MDxVKXl9Q2F9eQLHJWWtAuZrDugOuI3CErkebQ==
authorization-attribute level 3
service-type telnet
local-user xuyisuning
password cipher $c$3$4GbNByYqHDH+y/2F+oyn8pGsOY2rXGtzNb8gEQ==
authorization-attribute level 3
service-type telnet
service-type web
#
cwmp
undo cwmp enable
#
attack-defense policy 1
signature-detect action drop-packet
signature-detect fraggle enable
signature-detect land enable
signature-detect winnuke enable
signature-detect tcp-flag enable
signature-detect icmp-unreachable enable
signature-detect icmp-redirect enable
signature-detect tracert enable
signature-detect smurf enable
signature-detect source-route enable
signature-detect route-record enable
signature-detect large-icmp enable
defense scan enable
defense scan add-to-blacklist
defense syn-flood enable
defense syn-flood action drop-packet
defense udp-flood enable
defense udp-flood action drop-packet
defense icmp-flood enable
defense icmp-flood action drop-packet
#
controller E1 0/0
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Cellular0/0
async mode protocol
link-protocol ppp
nat outbound static
attack-defense apply policy 1
#
interface Ethernet0/0
port link-mode route
nat outbound static
nat outbound 3000
ip address 117.1.27.9 255.255.255.0
attack-defense apply policy 1
dns server 117.4.0.55
#
interface Ethernet0/4
port link-mode route
nat outbound static
nat outbound 3000
ip address 10.17.123.223 255.255.255.0
#
interface NULL0
#
interface Vlan-interface1
ip address 192.1.1.254 255.255.255.0
undo dhcp select server global-pool
dhcp server apply ip-pool vlan1
attack-defense apply policy 1
#
interface Vlan-interface6
nat outbound
#
interface Ethernet0/1
port link-mode bridge
#
interface Ethernet0/2
port link-mode bridge
#
interface Ethernet0/3
port link-mode bridge
#
ip route-static 0.0.0.0 0.0.0.0 Ethernet0/0 117.1.27.1
#
dhcp server forbidden-ip 192.1.1.10 192.1.1.254
#
dhcp enable
#
nms primary monitor-interface Ethernet0/0
#
load xml-configuration
#
load tr069-configuration
#
user-interface tty 12
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
- 2017-09-04提问
- 举报
-
(0)
最佳答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
能给写个具体的配置吗?