H3CNE的配置
拓扑图:
R1
[R1]dis cu
#
version 5.20, Alpha 1011
#
sysname R1
#
password-control login-attempt 3 exceed lock-time 120
#
undo voice vlan mac-address 00e0-bb00-0000
#
ipsec cpu-backup enable
#
undo cryptoengine enable
#
nat address-group 0 10.1.1.3 10.1.1.3
#
domain default enable system
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
acl number 3001
rule 0 deny ip source 192.168.100.0 0.0.0.255 destination 40.1.1.0 0.0.0.255
rule 5 permit ip
#
interface Ethernet0/1/0
port link-mode route
#
interface Serial0/2/0
link-protocol ppp
nat outbound 3001 address-group 0
ip address 10.1.1.1 255.255.255.0
#
interface NULL0
#
interface LoopBack0
ip address 192.168.100.1 255.255.255.255
#
ip route-static 0.0.0.0 0.0.0.0 10.1.1.2
#
load xml-configuration
#
user-interface con 0
user-interface vty 0 4
#
Return
[R1]dis nat session
There are currently 4 NAT sessions:
Protocol GlobalAddr Port InsideAddr Port DestAddr Port
1 10.1.1.3 12291 192.168.100.1 11264 30.1.1.2 11264
×××: 0, status: 11, TTL: 00:01:00, Left: 00:00:52
[R1]dis ip routing-table
Routing Tables: Public
Destinations : 7 Routes : 7
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/0 Static 60 0 10.1.1.2 S0/2/0
10.1.1.0/24 Direct 0 0 10.1.1.1 S0/2/0
10.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
10.1.1.2/32 Direct 0 0 10.1.1.2 S0/2/0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.100.1/32 Direct 0 0 127.0.0.1 InLoop0
[R2]dis cu
#
version 5.20, Alpha 1011
#
sysname R2
#
password-control login-attempt 3 exceed lock-time 120
#
undo voice vlan mac-address 00e0-bb00-0000
#
ipsec cpu-backup enable
#
undo cryptoengine enable
#
domain default enable system
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
local-user R3
password cipher 7-CZB#/YX]KQ=^Q`MAF4<1!!
service-type ppp
#
interface Ethernet0/1/0
port link-mode route
#
interface Serial0/2/0
link-protocol ppp
ip address 10.1.1.2 255.255.255.0
#
interface Serial0/2/1
link-protocol ppp
ip address 20.1.1.1 255.255.255.0
ppp authentication-mode chap
ppp chap user R2
ppp password cipher 7-CZB#/YX]KQ=^Q`MAF4<1!!
#
interface NULL0
#
rip 1
undo summary
version 2
network 20.0.0.0
import-route direct
#
load xml-configuration
#
user-interface con 0
user-interface vty 0 4
#
Return
[R2]dis ip routing-table
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost NextHop Interface
10.1.1.0/24 Direct 0 0 10.1.1.2 S0/2/0
10.1.1.1/32 Direct 0 0 10.1.1.1 S0/2/0
10.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
20.1.1.0/24 Direct 0 0 20.1.1.1 S0/2/1
20.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
20.1.1.2/32 Direct 0 0 20.1.1.2 S0/2/1
30.1.1.0/24 RIP 100 1 20.1.1.2 S0/2/1
40.1.1.1/32 RIP 100 2 20.1.1.2 S0/2/1
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
[R3]dis cu
#
version 5.20, Alpha 1011
#
sysname R3
#
password-control login-attempt 3 exceed lock-time 120
#
undo voice vlan mac-address 00e0-bb00-0000
#
ipsec cpu-backup enable
#
undo cryptoengine enable
#
domain default enable system
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
local-user R2
password cipher 7-CZB#/YX]KQ=^Q`MAF4<1!!
service-type ppp
#
interface Ethernet0/1/0
port link-mode route
#
interface Serial0/2/0
link-protocol ppp
ip address 20.1.1.2 255.255.255.0
ppp chap user R3
ppp password cipher 7-CZB#/YX]KQ=^Q`MAF4<1!!
#
interface Serial0/2/1
ip address 30.1.1.1 255.255.255.0
link-protocol fr
fr interface-type dce
fr dlci 20
#
interface NULL0
#
rip 1
undo summary
version 2
network 20.0.0.0
network 30.0.0.0
#
load xml-configuration
#
user-interface con 0
user-interface vty 0 4
#
Return
[R3] dis ip routing-table
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost NextHop Interface
10.1.1.0/24 RIP 100 1 20.1.1.1 S0/2/0
10.1.1.1/32 RIP 100 1 20.1.1.1 S0/2/0
20.1.1.0/24 Direct 0 0 20.1.1.2 S0/2/0
20.1.1.1/32 Direct 0 0 20.1.1.1 S0/2/0
20.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
30.1.1.0/24 Direct 0 0 30.1.1.1 S0/2/1
30.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
30.1.1.2/32 Direct 0 0 30.1.1.2 S0/2/1
40.1.1.1/32 RIP 100 1 30.1.1.2 S0/2/1
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
[R4]dis cu
#
version 5.20, Alpha 1011
#
sysname R4
#
password-control login-attempt 3 exceed lock-time 120
#
undo voice vlan mac-address 00e0-bb00-0000
#
ipsec cpu-backup enable
#
undo cryptoengine enable
#
domain default enable system
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
interface Ethernet0/1/0
port link-mode route
#
interface Serial0/2/0
link-protocol fr
ip address 30.1.1.2 255.255.255.0
#
interface NULL0
#
interface LoopBack0
ip address 40.1.1.1 255.255.255.255
#
rip 1
undo summary
version 2
network 30.0.0.0
network 40.0.0.0
#
load xml-configuration
#
user-interface con 0
user-interface vty 0 4
#
Return
[R4] dis ip routing-table
Routing Tables: Public
Destinations : 9 Routes : 9
Destination/Mask Proto Pre Cost NextHop Interface
10.1.1.0/24 RIP 100 2 30.1.1.1 S0/2/0
10.1.1.1/32 RIP 100 2 30.1.1.1 S0/2/0
20.1.1.0/24 RIP 100 1 30.1.1.1 S0/2/0
30.1.1.0/24 Direct 0 0 30.1.1.2 S0/2/0
30.1.1.1/32 Direct 0 0 30.1.1.1 S0/2/0
30.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
40.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
转载于:https://blog.51cto.com/wangh3c/620148