校园网双网出口实验案例

SW1的配置

< SW1>sys

< SW1>system-view

[SW1-vlan1]vlan 2

[SW1-vlan2]port g1/0/6

[SW1-vlan2]vlan 3

[SW1-vlan3]port g1/0/7 g1/0/5

[SW1-vlan3]quit

[SW1]int vlan 2

[SW1-Vlan-interface2]ip add 192.168.2.1 24

[SW1-Vlan-interface2]int vlan 3

[SW1-Vlan-interface3]ip add 192.168.3.1 24

[SW1-Vlan-interface3]int g1/0/1

[SW1-GigabitEthernet1/0/1]port link-mode route

[SW1- GigabitEthernet1/0/1]ip add 192.168.1.2 30

RT1个端口的ip

< RT1>system-view

[RT1]int GigabitEthernet 0/2

[RT1-GigabitEthernet0/2]ip add 222.222.222.1 30

[RT1-GigabitEthernet0/2]undo shutdown

[RT1-GigabitEthernet0/2]quit

[RT1]interface g0/0

[RT1-GigabitEthernet0/0]ip add 202.202.202.1 30

[RT1-GigabitEthernet0/0]undo shutdown

[RT1-GigabitEthernet0/2]quit

[RT1]int loop0

[RT1-LoopBack0]ip add 202.202.0.1 32

[RT1-LoopBack0]

RT2各个端口的ip

< RT2>system-view

[RT2]int g0/2

[RT2-GigabitEthernet0/2]ip add 222.222.222.2 30

[RT2-GigabitEthernet0/2]undo shutdown

[RT2-GigabitEthernet0/2]quit

[RT2]int g0/1

[RT2-GigabitEthernet0/1]ip add 200.200.200.1 29

[RT2-GigabitEthernet0/1]undo shutdown

[RT2-GigabitEthernet0/1]quit

[H3C]int g0/0

[RT2-GigabitEthernet0/]ip add 172.16.0.1 16

[RT2-GigabitEthernet0/0]undo shutdown

[RT2-GigabitEthernet0/0]quit

[RT2]int loop0

[RT2-LoopBack0]ip add 200.200.0.1 32

[RT2-LoopBack0]

RT3各端口的ip

< RT3>sys

< RT3>system-view

[RT3]int g0/0

[RT3-GigabitEthernet0/0]ip add 202.202.202.2 30

[RT3-GigabitEthernet0/0]undo shutdown

[RT3-GigabitEthernet0/0]quit

[RT3]int g0/1

[RT3-GigabitEthernet0/1]ip add 200.200.200.2 29

[RT3-GigabitEthernet0/1]undo shutdown

[RT3-GigabitEthernet0/1]quit

[RT3]int g0/2

[RT3-GigabitEthernet0/2]ip add 192.168.1.1 30

三个路由器的路由设置

RT3

< RT3>system-view

[RT3]ip route-static 0.0.0.0 0.0.0.0 202.202.202.1

[RT3]ip route-static 0.0.0.0 0.0.0.0 200.200.200.1 preference 70

preference：优先级，值越小，优先级越高，下图是各种路由协议默认的优先级

 

[RT3]ip route-static 192.168.0.0 255.255.0.0 192.168.1.2

RT1

< RT1>system-view

[RT1]ip route-static 172.16.0.0 16 222.222.222.2

[RT1]ip route-static 200.200.0.0 255.255.0.0 222.222.222.2

RT2

< RT2>system-view

[RT2]ip route-static 202.202.0.0 255.255.0.0 222.222.222.1

sw1

[SW1]ip route 0.0.0.0 0.0.0.0 192.168.1.1

RT3的nat配置

[RT3]acl basic 2001

[RT3-acl-basic-2001]rule 0 permit source 192.168.2.0 0.0.0.255

[RT3-acl-basic-2001]rule 5 permit source 192.168.3.0 0.0.0.255

[RT3-acl-basic-2001]rule 10 deny

[RT3-acl-ipv4-basic-2001]int g0/0

[RT3-GigabitEthernet0/0]port link-mode route

[RT3-GigabitEthernet0/0]description link_to_TEL

[RT3-GigabitEthernet0/0]nat outbound 2001

[RT3-GigabitEthernet0/0]int g0/1

[RT3-GigabitEthernet0/1]port link-mode route

[RT3-GigabitEthernet0/1]description link_to_EDU

[RT3-GigabitEthernet0/1]nat outbound 2001

[RT3-GigabitEthernet0/1]nat server protocol tcp global 200.200.200.2 80 inside 192.168.3.250 80

RT3上配置策略路由

要求3.0的网络走电信网

     2.0的网络走教育网

[H3C]acl advanced 3000

[RT3-acl-adv-3000]rule 0 permit ip source 192.168.3.0 0.0.0.255

[RT3-acl-adv-3000]quit

[RT3]policy-based-route aaa permit node 10 

[RT3-pbr-al-10]if-match acl 3000

[RT3-pbr-al-10]apply next-hop 200.200.200.1

[RT3-pbr-al-10]quit

[RT3]policy-based-route aaa permit node 20

[RT3-pbr-al-20]int g0/2

[RT3-GigabitEthernet0/2]ip policy-based-route aaa

[RT3-GigabitEthernet0/2]

测试

用192.168.3.10ping172.16.0.2

[RT3]dis nat sess

Initiator:

  Source      IP/port: 192.168.3.10/170

  Destination IP/port: 172.16.0.2/2048

  DS-Lite tunnel peer: -

  VPN instance/VLAN ID/VLL ID: -/-/-

  Protocol: ICMP(1)

  Inbound interface: GigabitEthernet0/2

[H3C]dis nat session verbose

Slot 0:

Initiator:

  Source      IP/port: 192.168.3.10/162

  Destination IP/port: 172.16.0.2/2048

  DS-Lite tunnel peer: -

  VPN instance/VLAN ID/VLL ID: -/-/-

  Protocol: ICMP(1)

  Inbound interface: GigabitEthernet0/2

Responder:

  Source      IP/port: 172.16.0.2/5

  Destination IP/port: 200.200.200.2/0

  DS-Lite tunnel peer: -

  VPN instance/VLAN ID/VLL ID: -/-/-

  Protocol: ICMP(1)

  Inbound interface: GigabitEthernet0/1

State: ICMP_REPLY

Application: OTHER

Start time: 2017-11-10 14:32:25  TTL: 22s

Initiator->Responder:            0 packets          0 bytes

Responder->Initiator:            0 packets          0 bytes

Total sessions found: 1

用192.168.2.10去ping172.16.0.2

[RT3]dis nat sess

Initiator:

  Source      IP/port: 192.168.2.10/169

  Destination IP/port: 172.16.0.2/2048

  DS-Lite tunnel peer: -

  VPN instance/VLAN ID/VLL ID: -/-/-

  Protocol: ICMP(1)

  Inbound interface: GigabitEthernet0/2

[H3C]dis nat session verbose

Slot 0:

Initiator:

  Source      IP/port: 192.168.2.10/153

  Destination IP/port: 172.16.0.2/2048

  DS-Lite tunnel peer: -

  VPN instance/VLAN ID/VLL ID: -/-/-

  Protocol: ICMP(1)

  Inbound interface: GigabitEthernet0/2

Responder:

  Source      IP/port: 172.16.0.2/2

  Destination IP/port: 202.202.202.2/0

  DS-Lite tunnel peer: -

  VPN instance/VLAN ID/VLL ID: -/-/-

  Protocol: ICMP(1)

  Inbound interface: GigabitEthernet0/0

State: ICMP_REPLY

Application: OTHER

Start time: 2017-11-10 14:31:59  TTL: 27s

Initiator->Responder:            0 packets          0 bytes

Responder->Initiator:            0 packets          0 bytes

Total sessions found: 1