当前位置：首页 > news >正文

H3C华三：单臂路由配置

news 来源：原创 2025/4/29 9:32:35

H3C华三：单臂路由配置

防火墙转发流量，路由器配置DHCP，为不同vlan分配ip地址。
实验采用静态路由。

一、拓扑图：

在这里插入图片描述

二、防火墙配置

1、防火墙接口配置

interface GigabitEthernet1/0/1port link-mode routecombo enable copperip address 192.168.0.1 255.255.255.0
#
interface GigabitEthernet1/0/2port link-mode routecombo enable copperip address 172.16.50.2 255.255.255.252#
interface GigabitEthernet1/0/23port link-mode routecombo enable copperip address 2.2.2.2 255.255.255.252#

2、划分防火墙安全区域。

security-zone name Local
#
security-zone name Trustimport interface GigabitEthernet1/0/2
#
security-zone name DMZ
#
security-zone name Untrustimport interface GigabitEthernet1/0/23

3、配置出口静态路由和到路由器的静态路由。

ip route-static 0.0.0.0 0 2.2.2.1ip route-static 172.16.0.0 12 172.16.50.1

4、配置防火墙安全策略

security-policy iprule 0 name trust2untrustaction passsource-zone trustdestination-zone untrustrule 1 name trust2loaclaction passsource-zone trustdestination-zone localrule 2 name local2trustaction passsource-zone localdestination-zone trust
#

三、路由器配置DHCP和到防火墙的静态路由。

1、配置到防火墙的静态路由

ip route-static 0.0.0.0 0 172.16.50.2

2、配置dhcp服务

 dhcp enable
#
dhcp server ip-pool vlan10gateway-list 172.16.10.254network 172.16.10.0 mask 255.255.255.0dns-list 8.8.8.8forbidden-ip 172.16.10.1
#
dhcp server ip-pool vlan40gateway-list 172.16.40.254network 172.16.40.0 mask 255.255.255.0dns-list 8.8.8.8
#

3、配置子接口ip、给接口打上vlan、绑定地址池。

vlan 10
vlan 40
#
interface GigabitEthernet0/0.10ip address 172.16.10.254 255.255.255.0vlan-type dot1q vid 10dhcp server apply ip-pool vlan10
#
interface GigabitEthernet0/2.40ip address 172.16.40.254 255.255.255.0vlan-type dot1q vid 40dhcp server apply ip-pool vlan40
#
interface GigabitEthernet0/1port link-mode routecombo enable copperip address 172.16.50.1 255.255.255.252
#

四、交换机S5配置

1、核心汇聚交换机配置端口为trunk模式，放通所有vlan

vlan 10
#
interface GigabitEthernet1/0/1port link-mode bridgeport link-type trunkport trunk permit vlan allcombo enable fiber
#
interface GigabitEthernet1/0/2port link-mode bridgeport link-type trunkport trunk permit vlan allcombo enable fiber
#
interface GigabitEthernet1/0/3port link-mode bridgeport link-type trunkport trunk permit vlan allcombo enable fiber

五、交换机S6配置

1、核心汇聚交换机配置端口为trunk模式，放通所有vlan。

vlan40
#
interface GigabitEthernet1/0/1port link-mode bridgeport link-type trunkport trunk permit vlan allcombo enable fiber
#
interface GigabitEthernet1/0/2port link-mode bridgeport link-type trunkport trunk permit vlan allcombo enable fiber
#
interface GigabitEthernet1/0/3port link-mode bridgeport link-type trunkport trunk permit vlan allcombo enable fiber

六、S7配置

1、S7、S8配置一样，上行口为trunk模式、下行口为access模式。

interface GigabitEthernet1/0/1port link-mode bridgeport link-type trunkport trunk permit vlan 1 10combo enable fiber
#
interface GigabitEthernet1/0/2port link-mode bridgeport access vlan 10combo enable fiber
#

七、S8配置

interface GigabitEthernet1/0/2port link-mode bridgeport link-type trunkport trunk permit vlan allcombo enable fiber
#
interface GigabitEthernet1/0/3port link-mode bridgeport access vlan 40combo enable fiber
#