H3C MSR路由器 PPPOE+NAT+策略路由+QOS 配置实例
[H3C]display current-configuration
#
version 5.20, Release 1719, Basic
#
sysname H3C
#
undo cryptoengine enable
#
firewall enable
#
domain default enable system
#
telnet server enable
#
qos carl 1 destination-ip-address range 192.168.3.2 to 192.168.3.254 per-addres
s
qos carl 2 source-ip-address range 192.168.3.2 to 192.168.3.254 per-address
qos carl 3 destination-ip-address range 192.168.2.1 to 192.168.2.254 per-addres
s
qos carl 10 source-ip-address subnet 192.168.3.0 24 per-address
qos carl 20 destination-ip-address subnet 192.168.3.0 24 per-address
#
acl number 2000
rule 0 permit source 192.168.3.0 0.0.0.255
acl number 2222
rule 0 permit source 192.168.3.0 0.0.0.255
rule 5 permit source 192.168.2.0 0.0.0.255
#
acl number 3001
rule 0 permit ip source 192.168.3.1 0.0.0.254
acl number 3002
rule 0 permit ip source 10.0.1.1 0.0.0.254
acl number 3111
rule 0 permit ip source 192.168.3.0 0.0.0.254
acl number 3112
rule 0 permit ip source 192.168.3.1 0.0.0.254
acl number 3113
rule 0 permit ip destination 192.168.2.0 0.0.0.255
acl number 3114
rule 5 permit ip source 192.168.3.180 0.0.0.3
acl number 3333
#
vlan 1
#
connection-limit policy 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
#
local-user huawei
password cipher N`C55QK<`=/Q=^Q`MAF4<1!!
authorization-attribute level 3
service-type telnet
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Dialer1
nat outbound 2000
link-protocol ppp
ppp pap local-user **************
ip address ppp-negotiate
load-bandwidth 2000
tcp mss 1024
dialer user ****************
dialer-group 1
dialer bundle 1
#
interface Dialer2
nat outbound 2000
link-protocol ppp
ppp pap local-user ****************
ip address ppp-negotiate
load-bandwidth 2000
tcp mss 1024
dialer user **************
dialer-group 1
dialer bundle 2
#
interface Dialer3
nat outbound 2000
link-protocol ppp
ppp pap local-user ****************
ip address ppp-negotiate
load-bandwidth 2000
tcp mss 1024
dialer user *************
dialer-group 1
dialer bundle 3
#
interface Ethernet0/0
port link-mode route
pppoe-client dial-bundle-number 3
#
interface Ethernet0/1
port link-mode route
pppoe-client dial-bundle-number 2
#
interface Ethernet1/0
port link-mode route
pppoe-client dial-bundle-number 1
#
interface NULL0
#
interface LoopBack10
ip address 192.168.2.253 255.255.255.255
#
interface Vlan-interface1
ip address 192.168.3.1 255.255.255.0
ip address 192.168.2.254 255.255.255.0 sub
qos car inbound carl 10 cir 1000 cbs 1000 ebs 1000 green pass red discard
qos car outbound carl 20 cir 1000 cbs 1000 ebs 1000 green pass red pass
ip policy-based-route fz1
#
interface Ethernet0/2
port link-mode bridge
#
interface Ethernet0/3
port link-mode bridge
#
interface Ethernet0/4
port link-mode bridge
#
interface Ethernet0/5
port link-mode bridge
#
interface Ethernet0/6
port link-mode bridge
#
interface Ethernet0/7
port link-mode bridge
#
interface Ethernet0/8
port link-mode bridge
#
interface Ethernet0/9
port link-mode bridge
#
policy-based-route fz1 permit node 0
if-match acl 3113
apply output-interface Vlan-interface1
policy-based-route fz1 permit node 1
if-match acl 3114
apply output-interface Dialer3
policy-based-route fz1 permit node 2
if-match acl 3112
apply output-interface Dialer2
policy-based-route fz1 permit node 3
if-match acl 3111
apply output-interface Dialer1
#
policy-based-route fz2 permit node 0
if-match acl 3111
apply output-interface Dialer1
policy-based-route fz2 permit node 1
if-match acl 3112
apply output-interface Dialer2
#
ip route-static 0.0.0.0 0.0.0.0 Dialer3
#
nat connection-limit-policy 1
#
telnet client source ip 192.168.2.254
#
dialer-rule 1 ip permit
dialer-rule 2 ip permit
dialer-rule 3 ip permit
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
acl 2222 inbound
authentication-mode scheme
user privilege level 3
set authentication password simple huawei
#
return
#
version 5.20, Release 1719, Basic
#
sysname H3C
#
undo cryptoengine enable
#
firewall enable
#
domain default enable system
#
telnet server enable
#
qos carl 1 destination-ip-address range 192.168.3.2 to 192.168.3.254 per-addres
s
qos carl 2 source-ip-address range 192.168.3.2 to 192.168.3.254 per-address
qos carl 3 destination-ip-address range 192.168.2.1 to 192.168.2.254 per-addres
s
qos carl 10 source-ip-address subnet 192.168.3.0 24 per-address
qos carl 20 destination-ip-address subnet 192.168.3.0 24 per-address
#
acl number 2000
rule 0 permit source 192.168.3.0 0.0.0.255
acl number 2222
rule 0 permit source 192.168.3.0 0.0.0.255
rule 5 permit source 192.168.2.0 0.0.0.255
#
acl number 3001
rule 0 permit ip source 192.168.3.1 0.0.0.254
acl number 3002
rule 0 permit ip source 10.0.1.1 0.0.0.254
acl number 3111
rule 0 permit ip source 192.168.3.0 0.0.0.254
acl number 3112
rule 0 permit ip source 192.168.3.1 0.0.0.254
acl number 3113
rule 0 permit ip destination 192.168.2.0 0.0.0.255
acl number 3114
rule 5 permit ip source 192.168.3.180 0.0.0.3
acl number 3333
#
vlan 1
#
connection-limit policy 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
#
local-user huawei
password cipher N`C55QK<`=/Q=^Q`MAF4<1!!
authorization-attribute level 3
service-type telnet
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Dialer1
nat outbound 2000
link-protocol ppp
ppp pap local-user **************
ip address ppp-negotiate
load-bandwidth 2000
tcp mss 1024
dialer user ****************
dialer-group 1
dialer bundle 1
#
interface Dialer2
nat outbound 2000
link-protocol ppp
ppp pap local-user ****************
ip address ppp-negotiate
load-bandwidth 2000
tcp mss 1024
dialer user **************
dialer-group 1
dialer bundle 2
#
interface Dialer3
nat outbound 2000
link-protocol ppp
ppp pap local-user ****************
ip address ppp-negotiate
load-bandwidth 2000
tcp mss 1024
dialer user *************
dialer-group 1
dialer bundle 3
#
interface Ethernet0/0
port link-mode route
pppoe-client dial-bundle-number 3
#
interface Ethernet0/1
port link-mode route
pppoe-client dial-bundle-number 2
#
interface Ethernet1/0
port link-mode route
pppoe-client dial-bundle-number 1
#
interface NULL0
#
interface LoopBack10
ip address 192.168.2.253 255.255.255.255
#
interface Vlan-interface1
ip address 192.168.3.1 255.255.255.0
ip address 192.168.2.254 255.255.255.0 sub
qos car inbound carl 10 cir 1000 cbs 1000 ebs 1000 green pass red discard
qos car outbound carl 20 cir 1000 cbs 1000 ebs 1000 green pass red pass
ip policy-based-route fz1
#
interface Ethernet0/2
port link-mode bridge
#
interface Ethernet0/3
port link-mode bridge
#
interface Ethernet0/4
port link-mode bridge
#
interface Ethernet0/5
port link-mode bridge
#
interface Ethernet0/6
port link-mode bridge
#
interface Ethernet0/7
port link-mode bridge
#
interface Ethernet0/8
port link-mode bridge
#
interface Ethernet0/9
port link-mode bridge
#
policy-based-route fz1 permit node 0
if-match acl 3113
apply output-interface Vlan-interface1
policy-based-route fz1 permit node 1
if-match acl 3114
apply output-interface Dialer3
policy-based-route fz1 permit node 2
if-match acl 3112
apply output-interface Dialer2
policy-based-route fz1 permit node 3
if-match acl 3111
apply output-interface Dialer1
#
policy-based-route fz2 permit node 0
if-match acl 3111
apply output-interface Dialer1
policy-based-route fz2 permit node 1
if-match acl 3112
apply output-interface Dialer2
#
ip route-static 0.0.0.0 0.0.0.0 Dialer3
#
nat connection-limit-policy 1
#
telnet client source ip 192.168.2.254
#
dialer-rule 1 ip permit
dialer-rule 2 ip permit
dialer-rule 3 ip permit
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
acl 2222 inbound
authentication-mode scheme
user privilege level 3
set authentication password simple huawei
#
return
本文出自 “陈高儒的博客” 博客,谢绝转载!