设为首页收藏本站
开启辅助访问 切换到宽版
监控安装 ERP

系统集成论坛

 找回密码
 注册通行证

QQ登录

只需一步,快速开始

系统集成论坛»系统集成论坛 计算机信息系统集成 网络技术 H3C 7500做DHCP Realy、策略路由、Qos典型配置案例
路由器交换机防火墙系统集成商城 优质产品采购平台
返回列表 发新帖
查看: 5117|回复: 2
打印 上一主题 下一主题

H3C 7500做DHCP Realy、策略路由、Qos典型配置案例

[复制链接]
跳转到指定楼层
1
发表于 2011-7-20 11:12:05 | 只看该作者 回帖奖励 |正序浏览 |阅读模式
华为金牌代理


1、图中间为分公司S1,左下方为分公司S2,左上方为总公司S1、S2;

2、总公司通过互联网2M带宽连接到S1;

3、总公司S2通过10M带宽连到分公司S2,最终连接分公司S1;

4、分公司S1和分公司S2中间只有2芯单模光缆,同时要传输总公司10M线路业务和分公司S1和分公司S2的用户业务;

5、分公司所有用户通过2M线路和10M线路与总公司通讯,要求全部从总公司DHCP server 1地址服务器获得ip;

6、要求2M和10M线路做流量分担,qos优先保证视频会议流;

7、以下是分公司是S1和分公司S2的配置文档



version 5.20, Release 6105

#

sysname 分公司S1

#

dhcp relay server-group 1 ip ××.20.1.21   (DHCP中继服务器号设置)

#

domain default enable system

#

ip host 集团 172.21.254.18

#

router id 172.21.254.18

#

telnet server enable

#

switch-mode standard

#

vlan 1

#

vlan 2

description ManagerVlan

#

vlan 820

description TO-SX_S1(连接总公司S1)

#

vlan 854

description TO-分公司S2

#

vlan 1360

#

vlan 1370

#

vlan 1380

#

vlan 1390

#

vlan 1400

#

vlan 1410

#

domain system

access-limit disable

state active

idle-cut disable

self-service-url disable

#

traffic classifier 2 operator and       (策略路由)

if-match acl 3002

traffic classifier 1 operator and

if-match acl 3001

#

traffic behavior 2

filter permit

traffic behavior 1

filter deny

#

qos policy 1

classifier 1 behavior 1

classifier 2 behavior 2

#

local-user whb

password cipher B"#@O$+^='^TDGQB,DATQ1!!

service-type telnet

level 3

local-user zzp

password cipher N`C55QK<`=/Q=^Q`MAF4<1!!

service-type telnet

level 3

#

acl number 3001 name virus  安全策略

rule 0 deny tcp source-port eq 3127

rule 1 deny tcp source-port eq 1025

rule 2 deny tcp source-port eq 5554

rule 3 deny tcp source-port eq 9996

rule 4 deny tcp source-port eq 1068

rule 5 deny tcp source-port eq 135

rule 6 deny udp source-port eq 135

rule 7 deny tcp source-port eq 137

rule 8 deny udp source-port eq netbios-ns

rule 9 deny tcp source-port eq 138

rule 10 deny udp source-port eq netbios-dgm

rule 11 deny tcp source-port eq 139

rule 12 deny udp source-port eq netbios-ssn

rule 13 deny tcp source-port eq 593

rule 14 deny tcp source-port eq 4444

rule 15 deny tcp source-port eq 5800

rule 16 deny tcp source-port eq 5900

rule 18 deny tcp source-port eq 8998

rule 19 deny tcp source-port eq 445

rule 20 deny udp source-port eq 445

rule 21 deny udp source-port eq 1434

rule 30 deny tcp destination-port eq 3127

rule 31 deny tcp destination-port eq 1025

rule 32 deny tcp destination-port eq 5554

rule 33 deny tcp destination-port eq 9996

rule 34 deny tcp destination-port eq 1068

rule 35 deny tcp destination-port eq 135

rule 36 deny udp destination-port eq 135

rule 37 deny tcp destination-port eq 137

rule 38 deny udp destination-port eq netbios-ns

rule 39 deny tcp destination-port eq 138

rule 40 deny udp destination-port eq netbios-dgm

rule 41 deny tcp destination-port eq 139

rule 42 deny udp destination-port eq netbios-ssn

rule 43 deny tcp destination-port eq 593

rule 44 deny tcp destination-port eq 4444

rule 45 deny tcp destination-port eq 5800

rule 46 deny tcp destination-port eq 5900

rule 48 deny tcp destination-port eq 8998

rule 49 deny tcp destination-port eq 445

rule 50 deny udp destination-port eq 445

rule 51 deny udp destination-port eq 1434

acl number 3002 name vido&erp  (视频会议ip地址)

rule 0 permit ip source ××.20.140.1 0 precedence network

rule 1 permit ip destination 0.0.0.0 255.255.255.0 precedence internet

#               

interface NULL0

#

interface LoopBack0

ip address 172.21.254.18 255.255.255.255

#

interface Vlan-interface2   

description ManagerVlan

ip address 172.21.252.190 255.255.255.224

#

interface Vlan-interface820     (连接总公司S1)

description TO-SX_S1

ip address 172.21.246.42 255.255.255.252

ospf cost 50

#

interface Vlan-interface854     (通过分公司S2连接总公司S2,这里是物理连接到分公司S2)

description TO-SX_S2

ip address 172.21.246.94 255.255.255.252

dhcp select relay                              (DHCP中继设置)

#

interface Vlan-interface1360     (DHCP中继设置,要在每个用户VLAN启用DHCP中继)

ip address 192.168.136.254 255.255.255.0

dhcp select relay

dhcp relay server-select 1

#

interface Vlan-interface1370

ip address 192.168.137.254 255.255.255.0

dhcp select relay

dhcp relay server-select 1

#

interface Vlan-interface1380

ip address 192.168.138.254 255.255.255.0

dhcp select relay

dhcp relay server-select 1

#

interface Vlan-interface1390

description CaiWu

ip address 192.168.139.254 255.255.255.0

dhcp select relay

dhcp relay server-select 1

#

interface Vlan-interface1400

ip address 192.168.140.254 255.255.255.0

dhcp select relay

dhcp relay server-select 1

#

interface Ethernet4/0/1

port link-type trunk

port trunk permit vlan 1 to 2 1360 to 1400

speed 100

duplex full

description erqichejian

#

interface Ethernet4/0/2

port link-type trunk

port trunk permit vlan 1 to 2 1360 to 1400

speed 100

duplex full

description erqichejian

#

interface Ethernet4/0/3

port link-type trunk

port trunk permit vlan 1 to 2 1360 to 1400

speed 100

duplex full

description erqichejian

#

interface Ethernet4/0/4

port link-type trunk

port trunk permit vlan 1 to 2 1360 to 1400

speed 100

duplex full

description erqichejian

#

interface Ethernet4/0/5

port link-type trunk

port trunk permit vlan 1 to 2 1360 to 1400

speed 100

duplex full

description erqichejian

#

interface Ethernet4/0/6

port link-type trunk

port trunk permit vlan 1 to 2 1360 to 1400

speed 100

duplex full

description erqichejian

#

interface Ethernet4/0/7

port link-type trunk

port trunk permit vlan 1 to 2 1360 to 1400

speed 100

duplex full   

description erqichejian

#

interface Ethernet4/0/8

port link-type trunk

port trunk permit vlan 1 to 2 1360 to 1400

speed 100

duplex full

description erqichejian

#

interface Ethernet4/0/9

port link-type trunk

port trunk permit vlan 1 to 2 1360 to 1400

speed 100

duplex full

description erqichejian

#

interface Ethernet4/0/10

port link-type trunk

port trunk permit vlan 1 to 2 1360 to 1400

speed 100

duplex full

description erqichejian

#               

interface Ethernet4/0/11

port link-type trunk

port trunk permit vlan 1 to 2 1360 to 1400

speed 100

duplex full

description erqichejian

#

interface Ethernet4/0/12

port link-type trunk

port trunk permit vlan 1 to 2 1360 to 1400

speed 100

duplex full

description erqichejian

#

interface Ethernet4/0/13

port link-type trunk

port trunk permit vlan 1 to 2 1360 to 1400

speed 100

duplex full

description erqichejian

#

interface Ethernet4/0/14

port link-type trunk

port trunk permit vlan 1 to 2 1360 to 1400

speed 100

duplex full

description erqichejian

#

interface Ethernet4/0/15

port link-type trunk

port trunk permit vlan 1 to 2 1360 to 1400

speed 100

duplex full

description erqichejian

#

interface Ethernet4/0/16

port link-type trunk

port trunk permit vlan 1 to 2 1360 to 1400

speed 100

duplex full

description erqichejian

#

interface Ethernet4/0/17

#

#

interface GigabitEthernet2/0/1

port link-type trunk

port trunk permit vlan 1 to 2 820 850 854 1360 1370 1380 1390 1400 1410

description TO-分公司S2

#

interface GigabitEthernet2/0/2

port link-type trunk

port trunk permit vlan all

description TO-分公司S3

#

interface GigabitEthernet2/0/3

port link-type trunk

port trunk permit vlan all

description TO-分公司JR1

#

interface GigabitEthernet2/0/4

description TO-分公司JR2

#

#

interface GigabitEthernet3/0/1

port link-type trunk

port trunk permit vlan all

#

interface GigabitEthernet3/0/2

#

interface GigabitEthernet3/0/3

port access vlan 820

description TO-SX_S1

qos apply policy 1 inbound                 (QOS应用)

qos apply policy 1 outbound

#

interface GigabitEthernet3/0/4

#

#

interface GigabitEthernet3/0/23

port access vlan 1360

#

interface GigabitEthernet3/0/24

port access vlan 1360

#

interface M-Ethernet0/0/0

#

ospf 1

area 0.0.0.3

  network 192.168.136.0 0.0.0.255

  network 192.168.137.0 0.0.0.255

  network 192.168.138.0 0.0.0.255

  network 192.168.139.0 0.0.0.255

  network 192.168.140.0 0.0.0.255

  network 172.21.246.40 0.0.0.3

  network 172.21.246.92 0.0.0.3

  network 172.21.254.18 0.0.0.0

  network 172.21.246.48 0.0.0.7

  network 172.21.246.104 0.0.0.3

  nssa

#

snmp-agent

snmp-agent local-engineid 800063A203000FE26B8280

snmp-agent community read public

snmp-agent community write private

snmp-agent sys-info version all

#

dhcp enable

#

user-interface aux 0

user-interface vty 0 4

authentication-mode scheme

set authentication password cipher N`C55QK<`=/Q=^Q`MAF4<1!!

#

Return



sysname 分公司S2

#

local-server nas-ip 127.0.0.1 key h3c

#

domain default enable system

#

ip host 分公司S2 172.21.254.19

#

dhcp-server 1 ip  192.168.1.21

#

router id 172.21.254.19

#

temperature-limit 0 10 70

#

poe power max-value 2400

#

radius scheme system

primary authentication 127.0.0.1 1645

primary accounting 127.0.0.1 1646

user-name-format without-domain

#

domain icu

vlan-assignment-mode integer

access-limit disable

state active

idle-cut disable

self-service-url disable

messenger time disable

domain system

vlan-assignment-mode integer

access-limit disable

state active

idle-cut disable

self-service-url disable

messenger time disable

#

local-user whb

password cipher B"#@O$+^='^TDGQB,DATQ1!!

service-type telnet terminal

level 3

local-user zzp

password cipher N`C55QK<`=/Q=^Q`MAF4<1!!

service-type telnet

level 3

#

stp TC-protection enable

#

acl number 3001

rule 0 deny tcp source-port eq 3127

rule 1 deny tcp source-port eq 1025

rule 2 deny tcp source-port eq 5554

rule 3 deny tcp source-port eq 9996

rule 4 deny tcp source-port eq 1068

rule 5 deny tcp source-port eq 135

rule 6 deny udp source-port eq 135

rule 7 deny tcp source-port eq 137

rule 8 deny udp source-port eq netbios-ns

rule 9 deny tcp source-port eq 138

rule 10 deny udp source-port eq netbios-dgm

rule 11 deny tcp source-port eq 139

rule 12 deny udp source-port eq netbios-ssn

rule 13 deny tcp source-port eq 593

rule 14 deny tcp source-port eq 4444

rule 15 deny tcp source-port eq 5800

rule 16 deny tcp source-port eq 5900

rule 18 deny tcp source-port eq 8998

rule 19 deny tcp source-port eq 445

rule 20 deny udp source-port eq 445

rule 21 deny udp source-port eq 1434

rule 30 deny tcp destination-port eq 3127

rule 31 deny tcp destination-port eq 1025

rule 32 deny tcp destination-port eq 5554

rule 33 deny tcp destination-port eq 9996

rule 34 deny tcp destination-port eq 1068

rule 35 deny tcp destination-port eq 135

rule 36 deny udp destination-port eq 135

rule 37 deny tcp destination-port eq 137

rule 38 deny udp destination-port eq netbios-ns

rule 39 deny tcp destination-port eq 138

rule 40 deny udp destination-port eq netbios-dgm

rule 41 deny tcp destination-port eq 139

rule 42 deny udp destination-port eq netbios-ssn

rule 43 deny tcp destination-port eq 593

rule 44 deny tcp destination-port eq 4444

rule 45 deny tcp destination-port eq 5800

rule 46 deny tcp destination-port eq 5900

rule 48 deny tcp destination-port eq 8998

rule 49 deny tcp destination-port eq 445

rule 50 deny udp destination-port eq 445

rule 51 deny udp destination-port eq 1434

acl number 3002

rule 0 permit ip source 192.168.140.1 0

rule 1 permit ip destination 0.0.0.0 255.255.255.0

#

vlan 1

#

vlan 2

#

vlan 850

description TO-SX_S2

#

vlan 854

description TO-分公司S1

#

vlan 1360

#

vlan 1370

#

vlan 1380

#

vlan 1390

#

vlan 1400

#

vlan 1410

#

interface Vlan-interface2

description ManagerVlan

ip address 172.21.252.206 255.255.255.240

#

interface Vlan-interface850

description TO-SX_S2

ip address 172.21.246.106 255.255.255.252

ospf cost 10

#

interface Vlan-interface854

description TO-分公司S1

ip address 172.21.246.93 255.255.255.252

dhcp-server 1

#

interface Vlan-interface1410

ip address 192.168.141.254 255.255.255.0

dhcp-server 1

#

interface Aux0/0/0

#

interface M-Ethernet0/0/0

#

interface GigabitEthernet0/0/1

description TO-SX_S2

port access vlan 850

qos

packet-filter inbound ip-group 3001 rule 0 system-index 1

packet-filter inbound ip-group 3001 rule 1 system-index 2

packet-filter inbound ip-group 3001 rule 2 system-index 3

packet-filter inbound ip-group 3001 rule 3 system-index 4

packet-filter inbound ip-group 3001 rule 4 system-index 5

packet-filter inbound ip-group 3001 rule 5 system-index 6

packet-filter inbound ip-group 3001 rule 6 system-index 7

packet-filter inbound ip-group 3001 rule 7 system-index 8

packet-filter inbound ip-group 3001 rule 8 system-index 9

packet-filter inbound ip-group 3001 rule 9 system-index 10

packet-filter inbound ip-group 3001 rule 10 system-index 11

packet-filter inbound ip-group 3001 rule 11 system-index 12

packet-filter inbound ip-group 3001 rule 12 system-index 13

packet-filter inbound ip-group 3001 rule 13 system-index 14

packet-filter inbound ip-group 3001 rule 14 system-index 15

packet-filter inbound ip-group 3001 rule 15 system-index 16

packet-filter inbound ip-group 3001 rule 16 system-index 17

packet-filter inbound ip-group 3001 rule 18 system-index 18

packet-filter inbound ip-group 3001 rule 19 system-index 19

packet-filter inbound ip-group 3001 rule 20 system-index 20

packet-filter inbound ip-group 3001 rule 21 system-index 21

packet-filter inbound ip-group 3001 rule 30 system-index 22

packet-filter inbound ip-group 3001 rule 31 system-index 23

packet-filter inbound ip-group 3001 rule 32 system-index 24

packet-filter inbound ip-group 3001 rule 33 system-index 25

packet-filter inbound ip-group 3001 rule 34 system-index 26

packet-filter inbound ip-group 3001 rule 35 system-index 27

packet-filter inbound ip-group 3001 rule 36 system-index 28

packet-filter inbound ip-group 3001 rule 37 system-index 29

packet-filter inbound ip-group 3001 rule 38 system-index 30

packet-filter inbound ip-group 3001 rule 39 system-index 31

packet-filter inbound ip-group 3001 rule 40 system-index 32

packet-filter inbound ip-group 3001 rule 41 system-index 33

packet-filter inbound ip-group 3001 rule 42 system-index 34

packet-filter inbound ip-group 3001 rule 43 system-index 35

packet-filter inbound ip-group 3001 rule 44 system-index 36

packet-filter inbound ip-group 3001 rule 45 system-index 37

packet-filter inbound ip-group 3001 rule 46 system-index 38

packet-filter inbound ip-group 3001 rule 48 system-index 39

packet-filter inbound ip-group 3001 rule 49 system-index 40

packet-filter inbound ip-group 3001 rule 50 system-index 41

packet-filter inbound ip-group 3001 rule 51 system-index 42

traffic-priority inbound ip-group 3002 rule 0 system-index 43 ip-precedence net

work

traffic-priority inbound ip-group 3002 rule 1 system-index 44 ip-precedence int

ernet

#

interface GigabitEthernet0/0/2

#

interface GigabitEthernet0/0/3

#

interface GigabitEthernet0/0/4

#

interface GigabitEthernet0/0/5

#

interface GigabitEthernet0/0/6

description TO-分公司S1

port link-type trunk

port trunk permit vlan 1 to 2 820 850 854 1360 1370 1380 1390 1400 1410

#

interface GigabitEthernet0/0/7

description TO-分公司JR5

port link-type trunk

port trunk permit vlan 1 to 853 855 to 4094

#

interface GigabitEthernet0/0/8

#

interface GigabitEthernet0/0/9

#

interface GigabitEthernet0/0/10

#

#

interface NULL0

#

interface LoopBack0

ip address 172.21.254.19 255.255.255.255

#

ospf 1

area 0.0.0.3

  network 192.168.141.0 0.0.0.255

  network 172.21.246.92 0.0.0.3

  network 172.21.246.104 0.0.0.3

  network 172.21.252.192 0.0.0.15

  network 172.21.254.19 0.0.0.0

  nssa

#

snmp-agent

snmp-agent local-engineid 800063A2000FE26B3E006877

snmp-agent community read public

snmp-agent community write private

snmp-agent sys-info version all

#

user-interface aux 0

authentication-mode scheme

user-interface vty 0 4

authentication-mode scheme

#

Return
H3C, QoS

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?注册通行证

x

相关帖子

我分享,我成长!系统集成 XTJC.COM
回复

使用道具 举报

IT民工

35

主题

552

帖子

963

积分

正式员工
3
发表于 2011-7-26 09:36:52 | 只看该作者
华为金牌代理
感谢分享。
回复 支持 反对

使用道具 举报

2
发表于 2011-7-22 11:02:25 | 只看该作者
华为金牌代理
好资料,学习了
回复 支持 反对

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册通行证

本版积分规则

联系我们| 手机版|系统集成论坛 ( 京ICP备11008917号 )

GMT+8, 2024-11-23 05:32 , Processed in 0.092777 second(s), 29 queries .

系统集成论坛

BBS.XTJC.COM

快速回复 返回顶部 返回列表