-----------单臂路由: 一、在交换机上划分VLAN
1. 划分VLAN 10 并加入端口
[H3C] vlan 10
[H3C] port ethernet 1/0/1 to ethernet 1/0/4 2. 划分VLAN 20 并加入端口 [H3C] vlan 20
[H3C] port ehternet 1/0/5 to ethernet 1/0/8 3. 给连接路由器的端口打 Trunk [H3C] interface ethernet 1/0/24 [H3C] port link-type trunk
[H3C] port trunk permit vlan all
二、 设置路由器子端口,实现三层转发
接口下 undo shut 打开要分划子接口的接口
设置子接口封装类型为VLAN 10 interface ethernet 0/0.10
vlan-type dot1q vid 10 指定VLAN号
ip add 192.168.1.1 255.255.255.0 下面设备的网关 与VLAN 20 必须不能同网段 设置子接口封装类型为VLAN 20 interface ethernet 0/0.20 vlan-type dot1q vid 10
ip add 192.168.2.1 255.255.255.0
-------------DHCP:
[Router] dhcp enable 打开DHCP服务
[Router] dhcp server forbidden-ip 192.168.1.2 [Router] dhcp server ip-pool 10 创建DHCP地址池
[Router-dhcp-pool-0] network 192.168.1.0 mask 255.255.255.0
[Router-dhcp-pool-0] gateway-list 192.168.1.1 配置为DHCP客户端分配的网关地址 [Router-dhcp-pool-0] dns-list 223.130.33.52 223.130.00.60 配置为DHCP客户端分配的DNS服务器地址
[Router-dhcp-pool-0] expired day 7 配置动态分配的IP地址的租用有效期限
每VLAN DHCP池
给Vlan定义地址并配置其工作在服务器模式
interface Vlan-interface11
ip address 172.18.11.1 255.255.255.0 dhcp select server global-pool
定义DHCP实例名称,地址池,网关地址,DNS地址
dhcp server ip-pool vlan11
network 172.18.13.0 mask 255.255.255.0 gateway-list 172.18.13.1
dns-list 172.18.13.1 8.8.8.8 8.8.4.4 202.106.0.20 expired day 7
定义各DHCP地址池禁止分配的IP地址(开始~结束)
dhcp server forbidden-ip 172.18.11.1 172.18.11.200
-------------NAT:
配置一对一静态地址转换 1.
[H3C]nat static local-ip(本地IP) global-ip(通用IP) [H3C]interface (端口号)
[H3C-inter]nat outbound static (把这个端口设置为出站) 2.
[H3C]interface nat interface-number [H3C-NAT]nat static local-ip golbal-ip [H3C-NAT]quit
[H3C]interface (端口号)
[H3C-INT]nat outbound static (把这个端口设置为出站)
cisco:
ip nat inside source static local-ip global-ip int (端口号) ip nat inside int (端口号) ip nat outside
配置网段对静态地址的转换 1.
[H3C]interface nat interface-number
[H3C-NAT]nat static net-to-net local-network global-network [H3C-NAT]quit
[H3C]interface (接口地址号)
[H3C-int]nat outbound static (把这个端口设置为出站) 2.
[H3C]nat static net-to-net local-start-address local-end-address global-network
[H3C]interface (端口号)
[H3C-INT]nat outbound static (把这个端口设置为出站)
配置动态NAT
1.EASY IP
[H3C]interface (端口号)
[H3C-INT]nat outbound acl-number [next-hop ip-address(可选,按设备定)]
2.NOPAT:
[H3C]nat address-group 1 192.168.1.1 192.168.1.100 [H3C]interface (端口号)
[H3C-INT]nat outbound 3000 address-grou 1 nopat
3.NAPT:
[H3C]nat address-group 1 192.168.1.1 192.168.1.100 [H3C]interface (端口号)
[H3C-INT]nat outbound 3000 address-grou 1
NOPAT和NAPT的区别
global
动态地址转换根据是否使用端口信息分为NOPAT和NAPT两种方式: NOPAT为不使用TCP/UDP端口信息实现的多对多地址转换; NAPT为使用TCP/UDP端口信息实现的多对一地址转换。
若直接使用接口的IP地址作为转换后的地址,则可配置EASY IP来实现。
-----------------------Telnet:
用VTY密码登陆
[Router] telnet server enable 开启telnet服务 [Router] user-interface vty 0 4
[Router-ui-vty0-4] authentication-mode password 使用用户密码认证模式
[Router-ui-vty0-4] set authentication password cipher h3c 密码密文显示H3C (simple|cipher )(明文|密文)
[Router-ui-vty0-4] user privilege level 3 设置权限等级
用AAA本地认证登陆
[Router] telnet server enable [Router] user-interface vty 0 4
[Router-ui-vty0-4] authentication-mode scheme [Router-ui-vty0-4] local-user H3C 用户名设定H3C [Router-ui-vty0-4] password cipher H3C
[Router-ui-vty0-4] authorization-attribute level 3 设置权限等级 [Router-ui-vty0-4] service-type telnet 服务类型telnet
--------------------------端口镜像:
创建本地镜像组
[H3C] mirroring-group 1 local
为本地镜像组配置源端口和目的端口
[H3C] mirroring-group 1 mirroring-port Ethernet 1/0/1 both 被镜像的端口 [H3C] mirroring-group 1 monitor-port Ethernet 1/0/3 镜像后的端口
下面也是一样的
[H3C] mirroring-group 1 local
[H3C] interface GigabitEthernet 1/1/4
相关推荐:
loading