H3C's predecessor with double outlet configuration

A, Introduction H3C
H3C Huawei 3COM's predecessor company, Huawei 3COM Corporation and the US company, in 2007, the company officially changed its name to "Hangzhou H3C Technologies Co., Ltd." referred to as "H3C".
Current data communication market is divided into telecom operators and enterprise network market, Huawei has focused on the carrier market, H3C and mainly focus on the enterprise network market. Cisco's business is across carrier and enterprise network market, and maintain a certain leading position in both markets. In the carrier market Huawei is Cisco's main rival in the H3C enterprise network market is Cisco's main rival

* H3C product system

ER series routers, MSR series routers, SR Series Routers

* Routers

* Switch Products

* Data Center Switches

• H3C contrast with the Cisco command

• Differences command

Two, NAT

• Static NAT: address mapping relationship between the external network and internal network in the configuration. Apply a small amount fixed network access requirements between internal and external networks. Static NAT supports two modes: one static conversion mapping, mapping segment net static converters

• Dynamic Address Translation: Address mapping relationships between external and internal networks, Hello packets are dynamically determined. By configuring the access control list and address pool (or interface address) association, a "having certain characteristics IP packets" selection using the "pool of addresses in the address (or addresses Interface)", thereby establishing a dynamic address mappings. Suitable for a large number of internal network users need to access external networks. In this case, the address specified in the associated pool resources within the network packets as needed to choose to use,

• Easy_ip: Easy ip configure function, using the direct interface ip address as the source address of the packet conversion.

• NAT_SERVER: configure an internal server, it may be appropriate external interface address and port mapped to the private address and port of the internal server, allowing an external network user to access the internal server, the internal server and the external network mapping table via the interface configuration nat server command execution.

三，策略路由
依据用户制定的策略进行路由选择的机制，改变路由表的默认转发机制。路由策略就是按照路由表的设置转发,策略路由分接口策略路由和本地策略路由

• 策略路由分为两种：ip单播策略路由和ip组播策略路由。不管是单播策略路由还是组播策略路由，其配置需要做两方面的工作：一是定义哪些需要使用策略路由的报文；二是为这些报文指定路由，这可以通过对一个route-policy的定义来实现

• Ip单播策略路由可以分为接口策略路由和本地策略路由两种

四，案例拓扑

1）路由器配置要求：当其中任意一条外部光纤中断时，另一条光纤可备份其下属的网段访问internet服务或教育网资源。

（2）Nat配置要求：出口路由器的两个出口都能同时使用校园内网的私有网段做nat后访问外部资源。教育网出口接口处还配置了nat server，使内部的教学网段的某个ip服务器对教育网提供telnet访问服务。

（3）策略路由配置要求：校园网内的教学用网段192.168.3.0/24主要通过教育网访问外部资源，而校舍网段192.168.2.0/24主要通过电信出口访问Internet资源。当教育专网的光纤故障时，校舍网段可以通过电信出口访问相关教育网资源，当电信的光纤线路故障时，校舍网段可以通过专网出口访问相关资源

1.配置pc1
（每个设备第一次开启需要按下ctrl+d才可配置）

[PC1]int g0/0
[PC1-GigabitEthernet0/0]ip add 192.168.2.100 255.255.255.0
[PC1-GigabitEthernet0/0]undo shutdown
[PC1-GigabitEthernet0/0]quit
[PC1]ip route-static 0.0.0.0 0.0.0.0 192.168.2.1 //配置默认网关

2.pc2配置

[PC2]int g0/0
[PC2-GigabitEthernet0/0]ip add 192.168.3.100 255.255.255.0
[PC2-GigabitEthernet0/0]undo shutdown
[PC2-GigabitEthernet0/0]quit
[PC2]ip route-static 0.0.0.0 0.0.0.0 192.168.3.1

3.server服务器配置

[server]int g0/0
[server-GigabitEthernet0/0]ip add 192.168.3.250 255.255.255.0
[server-GigabitEthernet0/0]undo shutdown
[server-GigabitEthernet0/0]quit
[server]ip route-static 0.0.0.0 0.0.0.0 192.168.3.1

4.SW1配置

[sw1]vlan 2
[sw1-vlan2]vlan 3             //创建VLAN       
[sw1-vlan3]quit
[sw1]int vlan 1                   //待会用VLAN1与R1互通
[sw1-Vlan-interface1]ip add 192.168.1.2 255.255.255.0
[sw1-Vlan-interface1]undo shutdown
[sw1-Vlan-interface1]int vlan 2
[sw1-Vlan-interface2]ip add 192.168.2.1 255.255.255.0
[sw1-Vlan-interface2]undo shutdown
[sw1-Vlan-interface2]int vlan 3
[sw1-Vlan-interface3]ip add 192.168.3.1 255.255.255.0
[sw1-Vlan-interface3]undo shutdown
[sw1-Vlan-interface3]int g1/0/6
[sw1-GigabitEthernet1/0/6]port access vlan 2
[sw1-GigabitEthernet1/0/6]int g1/0/7
[sw1-GigabitEthernet1/0/7]port access vlan 3
[sw1-GigabitEthernet1/0/7]int g1/0/8
[sw1-GigabitEthernet1/0/8]port access vlan 3       //将接口加入相应的vlan中

5。配置R1

[R1]int g0/0
[R1-GigabitEthernet0/0]ip add 202.202.202.2 255.255.255.252
[R1-GigabitEthernet0/0]undo shutdown
[R1-GigabitEthernet0/0]int g0/1
[R1-GigabitEthernet0/1]ip add 200.200.200.2 29          
[R1-GigabitEthernet0/1]undo shutdown
[R1-GigabitEthernet0/1]int g0/2
[R1-GigabitEthernet0/2]port link-mode bridge   将接口改为桥接模式
[R1-GigabitEthernet0/2]int vlan 1
[R1-Vlan-interface1]ip add 192.168.1.1 24
[R1-Vlan-interface1]undo shutdown

6.配置R2

[R2]int g0/0
[R2-GigabitEthernet0/0]ip add 202.202.202.1 30
[R2-GigabitEthernet0/0]undo shutdown
[R2-GigabitEthernet0/0]int g0/1
[R2-GigabitEthernet0/1]ip add 222.222.222.1 30
[R2-GigabitEthernet0/1]undo shutdown
[R2-GigabitEthernet0/1]int loop 0
[R2-LoopBack0]ip add 202.202.0.1 32

7.配置R3

[R3]int g0/0
[R3-GigabitEthernet0/0]ip add 222.222.222.2 30
[R3-GigabitEthernet0/0]undo shutdown
[R3-GigabitEthernet0/0]int g0/1
[R3-GigabitEthernet0/1]ip add 200.200.200.1 29
[R3-GigabitEthernet0/1]undo shutdown
[R3-GigabitEthernet0/1]int g0/2
[R3-GigabitEthernet0/2]ip add 202.1.1.1 24
[R3-GigabitEthernet0/2]undo shutdown

8.配置PC3

[pc3]int g0/0
[pc3-GigabitEthernet0/0]ip add 202.1.1.2 24
[pc3-GigabitEthernet0/0]undo shutdown
[pc3-GigabitEthernet0/0]quit
[pc3]ip route-static 0.0.0.0 0.0.0.0 202.1.1.1

9.sw1配置默认路由

[sw1] ip route-static 0.0.0.0 0.0.0.0 192.168.1.1
指向R1 vlan1 的ip

10.R1配置静态路由和ospf

[R1]ip route-static 192.168.3.0 255.255.255.0 192.168.1.2
[R1]ip route-static 192.168.2.0 255.255.255.0 192.168.1.2
[R1]ospf 1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]net 0.0.0.0 255.255.255.255

11.R2配置ospf

[R2]ospf 1
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]net 0.0.0.0 255.255.255.255

12.R3配置ospf

[R3]ospf 1
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]net 0.0.0.0 255.255.255.255

13.R1配置NAT

[R1]acl basic 2001          //基本ACL，编号范围为2000~29999                  
[R1-acl-ipv4-basic-2001]rule 0 permit source 192.168.2.0 0.0.0.255
[R1-acl-ipv4-basic-2001]rule 5 permit source 192.168.3.0 0.0.0.255
[R1-acl-ipv4-basic-2001]rule 10 deny
[R1-acl-ipv4-basic-2001]int g0/0
[R1-GigabitEthernet0/0]port link-mode route
[R1-GigabitEthernet0/0]description link_to_tel
[R1-GigabitEthernet0/0]nat outbound 2001
[R1-GigabitEthernet0/0]int g0/1
[R1-GigabitEthernet0/1]port link-mode route
[R1-GigabitEthernet0/1]description link_to_end
[R1-GigabitEthernet0/1]nat outbound 2001

14.验证PC1是否能够ping通R2路由器上的loopback接口地址

Verify PC1pingPC3

See conversion table 15. The NAT router R1

[R1]display nat session verbose
Slot 0:
Initiator:
  Source      IP/port: 192.168.2.100/44032           //源地址是192.168.2.100
  Destination IP/port: 202.202.0.1/2048            //目标地址是202.202.0.1
  DS-Lite tunnel peer: -
 instance/VLAN ID/VLL ID: -/-/-
  Protocol: ICMP(1)
  Inbound interface: Vlan-interface1
Responder:
  Source      IP/port: 202.202.0.1/3               //202.202.0.1的返回流量
  Destination IP/port: 202.202.202.2/0         //200.200.200.2接口进入内网
  DS-Lite tunnel peer: -
   instance/VLAN ID/VLL ID: -/-/-
  Protocol: ICMP(1)
  Inbound interface: GigabitEthernet0/0
State: ICMP_REPLY
Application: OTHER
Start time: 2019-10-29 07:48:16  TTL: 28s
Initiator->Responder:            0 packets          0 bytes
Responder->Initiator:            0 packets          0 bytes

Initiator:
  Source      IP/port: 192.168.2.100/43776          //源地址是192.168.2.100
  Destination IP/port: 202.1.1.2/2048                  //目标地址是200.1.1.2
  DS-Lite tunnel peer: -
  instance/VLAN ID/VLL ID: -/-/-
  Protocol: ICMP(1)
  Inbound interface: Vlan-interface1
Responder:
  Source      IP/port: 202.1.1.2/3                         //202.1.1.2的返回流量
  Destination IP/port: 200.200.200.2/0               //200.200.200.2接口进入内网
  DS-Lite tunnel peer: -
   instance/VLAN ID/VLL ID: -/-/-
  Protocol: ICMP(1)
  Inbound interface: GigabitEthernet0/1
State: ICMP_REPLY
Application: OTHER
Start time: 2019-10-29 07:47:47  TTL: 0s
Initiator->Responder:            0 packets          0 bytes
Responder->Initiator:            0 packets          0 bytes

Total sessions found: 2

16.R1 PBR

[R1]acl advanced 3001        //高级ACL，标号范围为3000~3999      
[R1-acl-ipv4-adv-3001]rule 0 permit ip source 192.168.3.0 0.0.0.255
//抓取192.168.3.0/24网段的数据流
[R1-acl-ipv4-adv-3001]quit
[R1]policy-based-route al permit node 10  //配置策略路由        
[R1-pbr-al-10]if-match acl 3001            
[R1-pbr-al-10]apply next-hop 200.200.200.1  //执行此动作，下一跳指向200.200.200.1           
[R1-pbr-al-10]quit
[R1]policy-based-route al permit node 20  //空结点，放行其他不匹配的数据流         
[R1-pbr-al-20]quit
[R1]int Vlan-interface 1
[R1-Vlan-interface1]ip policy-based-route al
//在此接口下应用策略路由，因为需要做策略路由的数据包都是从这个接口下转发过来的

17. Test pc1pingpc3, and view nat translation table

[R1]display nat session verbose

** 18.R1 configure NAT server ***

[R1]int g0/1
[R1-GigabitEthernet0/1]nat server protocol tcp global 200.200.200.2 23 inside 192.168.3.250 23

19.server open Telnet

[server]telnet server enable               //默认就是开启，可以省略
[server]local-user admin                  //创建本地用户admin
New local user added.
[server-luser-manage-admin]password simple benet         //配置明文密码“benet”
[server-luser-manage-admin]service-type telnet             //指定服务类型为telnet
[server-luser-manage-admin]authorization-attribute user-role level-3
//指定命令级别为3
[server-luser-manage-admin]quit
[server]user-interface vty 0 4                     //进入vty线路
[server-line-vty0-4]authentication-mode scheme         //配置用户的认证方式
[server-line-vty0-4]protocol inbound telnet                //支持telnet
[server-line-vty0-4]quit

20.PC3 begin testing telnet server

Telnet 200.200.200.2