简单叙述:两个路由器CISCO2610(因为此路由器只有一个ETH口,要不也不会有以下方案)和H3C-3020E通过两条线路连接省局两个路由器,2610和3020E的内网口连接H3C 3652P交换机第一口和第二口,交换机第四十八口连接防火墙外网口,地四十六口连接防火墙内网口,第四十七口连接视频系统!
具体IP规划不用我说,自己慢慢看配置,很明了!!
最终实现:
1,业务系统走H3C 3020E,视频系统走2610
2,任何线路或者设备问题,切换到另外一条
。(xaosky原创,转载请著名出处!)
以下为详细配置:
<ayjh3c-sw>display current-configuration
#
sysname ayjh3c-sw
#
super password level 3 cipher V!W`J$BB!`#:C:"-501K]!!!
#
undo info-center enable
#
radius scheme system
#
domain system
#
acl number 2100
rule 5 permit source 0.0.0.0 0
#
vlan 1
#
vlan 100
name link-route
#
vlan 200
name link-fw
#
vlan 300
name link-shipin
#
interface Vlan-interface100
ip address 10.41.24.246 255.255.255.248
#
interface Vlan-interface200
ip address 10.41.24.254 255.255.255.252
#
interface Vlan-interface300
ip address 10.41.200.97 255.255.255.248
#
interface Aux1/0/0
#
interface Ethernet1/0/1
duplex full
speed 10
port access vlan 100
#
interface Ethernet1/0/2
port access vlan 100
#
interface Ethernet1/0/3
#
。。。。。。
#
sysname ayjh3c-sw
#
super password level 3 cipher V!W`J$BB!`#:C:"-501K]!!!
#
undo info-center enable
#
radius scheme system
#
domain system
#
acl number 2100
rule 5 permit source 0.0.0.0 0
#
vlan 1
#
vlan 100
name link-route
#
vlan 200
name link-fw
#
vlan 300
name link-shipin
#
interface Vlan-interface100
ip address 10.41.24.246 255.255.255.248
#
interface Vlan-interface200
ip address 10.41.24.254 255.255.255.252
#
interface Vlan-interface300
ip address 10.41.200.97 255.255.255.248
#
interface Aux1/0/0
#
interface Ethernet1/0/1
duplex full
speed 10
port access vlan 100
#
interface Ethernet1/0/2
port access vlan 100
#
interface Ethernet1/0/3
#
。。。。。。
。。。。。。
#
interface Ethernet1/0/46
duplex full
speed 100
port access vlan 300
#
interface Ethernet1/0/47
#
interface Ethernet1/0/48
duplex full
speed 100
port access vlan 200
#
interface GigabitEthernet1/1/1
#
interface GigabitEthernet1/1/2
#
interface GigabitEthernet1/1/3
#
interface GigabitEthernet1/1/4
#
undo irf-fabric authentication-mode
#
interface NULL0
#
ospf 1
import-route direct type 1
import-route static type 1
filter-policy 2100 import
area 0.0.0.41
network 10.41.0.0 0.0.255.255
#
voice vlan mac-address 0001-e300-0000 mask ffff-ff00-0000
#
ip route-static 10.41.24.0 255.255.255.128 10.41.24.253 preference 60
ip route-static 10.41.200.0 255.255.255.0 10.41.24.241 preference 60
#
user-interface aux 0 7
user-interface vty 0 4
set authentication password cipher ==):`XGIJTKQ=^Q`MAF4<1!!
#
return
<ayjh3c-sw>
#
interface Ethernet1/0/46
duplex full
speed 100
port access vlan 300
#
interface Ethernet1/0/47
#
interface Ethernet1/0/48
duplex full
speed 100
port access vlan 200
#
interface GigabitEthernet1/1/1
#
interface GigabitEthernet1/1/2
#
interface GigabitEthernet1/1/3
#
interface GigabitEthernet1/1/4
#
undo irf-fabric authentication-mode
#
interface NULL0
#
ospf 1
import-route direct type 1
import-route static type 1
filter-policy 2100 import
area 0.0.0.41
network 10.41.0.0 0.0.255.255
#
voice vlan mac-address 0001-e300-0000 mask ffff-ff00-0000
#
ip route-static 10.41.24.0 255.255.255.128 10.41.24.253 preference 60
ip route-static 10.41.200.0 255.255.255.0 10.41.24.241 preference 60
#
user-interface aux 0 7
user-interface vty 0 4
set authentication password cipher ==):`XGIJTKQ=^Q`MAF4<1!!
#
return
<ayjh3c-sw>
-------------------------------------------------------------------------------------------------
<ayjh3c-rou>display current-configuration
#
version 5.20, Beta 1202, Standard
#
sysname ayjh3c-rou
#
super password level 3 cipher V!W`J$BB!`!ZS/B[60=.]!!!
#
info-center logfile size-quota 0
#
domain default enable system
#
telnet server enable
#
vlan 1
#
radius scheme system
server-type extended
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
acl number 2100
rule 5 permit source 0.0.0.0 0
rule 10 permit source 10.41.0.0 0.0.255.255
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Serial1/0
fe1 unframed
link-protocol ppp
ip address 10.41.252.30 255.255.255.252
#
interface NULL0
#
interface LoopBack0
ip address 10.41.252.233 255.255.255.255
#
interface GigabitEthernet0/0
port link-mode route
duplex full
speed 100
ip address 10.41.24.242 255.255.255.248
#
interface GigabitEthernet0/1
port link-mode route
#
ospf 1
filter-policy 2100 import
import-route direct
import-route static
area 0.0.0.41
network 10.41.0.0 0.0.255.255
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
set authentication password cipher ==):`XGIJTKQ=^Q`MAF4<1!!
#
return
<ayjh3c-rou>
#
version 5.20, Beta 1202, Standard
#
sysname ayjh3c-rou
#
super password level 3 cipher V!W`J$BB!`!ZS/B[60=.]!!!
#
info-center logfile size-quota 0
#
domain default enable system
#
telnet server enable
#
vlan 1
#
radius scheme system
server-type extended
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
acl number 2100
rule 5 permit source 0.0.0.0 0
rule 10 permit source 10.41.0.0 0.0.255.255
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Serial1/0
fe1 unframed
link-protocol ppp
ip address 10.41.252.30 255.255.255.252
#
interface NULL0
#
interface LoopBack0
ip address 10.41.252.233 255.255.255.255
#
interface GigabitEthernet0/0
port link-mode route
duplex full
speed 100
ip address 10.41.24.242 255.255.255.248
#
interface GigabitEthernet0/1
port link-mode route
#
ospf 1
filter-policy 2100 import
import-route direct
import-route static
area 0.0.0.41
network 10.41.0.0 0.0.255.255
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
set authentication password cipher ==):`XGIJTKQ=^Q`MAF4<1!!
#
return
<ayjh3c-rou>
------------------------------------------------------------------------------------
ayj2610#sho running-config
Building configuration...
Building configuration...
Current configuration : 4176 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname ayj2610
!
logging rate-limit console 10 except errors
enable secret 5 $1$M7jN$SGzJ/0.satwTRMdJLyqIo.
!
clock timezone China 8
ip subnet-zero
!
!
no ip finger
no ip domain-lookup
!
!
class-map match-all c-sql
match access-group 101
!
!
policy-map p-sql
class c-sql
bandwidth percent 30
!
call rsvp-sync
cns event-service server
!
voice class codec 729
codec preference 1 g729r8
!
!
!
!
interface Loopback0
ip address 10.41.252.249 255.255.255.255
!
interface Ethernet0/0
ip address 10.41.24.241 255.255.255.248
full-duplex
!
interface Serial0/0
ip address 10.41.252.30 255.255.255.252 //失效
encapsulation ppp //失效
!
interface Serial0/1
no ip address
encapsulation frame-relay
frame-relay lmi-type ansi
!
interface Serial0/1.1 point-to-point
ip address 10.41.252.26 255.255.255.252
ip ospf network point-to-point
ip ospf cost 200
frame-relay interface-dlci 16 IETF
!
router eigrp 100
network 10.41.0.0 0.0.255.255
no auto-summary
no eigrp log-neighbor-changes
!
router ospf 41
log-adjacency-changes
redistribute connected metric 50 subnets
redistribute static metric 100 subnets
network 10.41.0.0 0.0.255.255 area 41
distribute-list 20 in
!
ip kerberos source-interface any
ip nat translation timeout never
ip nat translation tcp-timeout never
ip nat translation udp-timeout never
ip nat translation finrst-timeout never
ip nat translation syn-timeout never
ip nat translation dns-timeout never
ip nat translation icmp-timeout never
ip classless
ip route 10.41.200.0 255.255.255.0 10.41.252.25
ip route 10.41.200.96 255.255.255.248 10.41.24.246
no ip http server
!
!
map-class frame-relay 128k
frame-relay cir 128000
frame-relay bc 1280
frame-relay be 0
frame-relay mincir 128000
no frame-relay adaptive-shaping
frame-relay fair-queue
frame-relay fragment 160
frame-relay ip rtp priority 16384 16383 100
access-list 10 permit 0.0.0.0
access-list 10 permit 10.41.0.0 0.0.255.255
access-list 11 permit 10.0.0.0 0.255.255.255
access-list 20 permit 0.0.0.0
access-list 101 permit ip 10.41.0.0 0.0.255.255 host 10.41.0.1
access-list 110 deny udp any any eq bootps
access-list 110 deny udp any any eq bootpc
access-list 110 deny udp any any eq tftp
access-list 110 deny udp any any eq 135
access-list 110 deny udp any any eq netbios-ns
access-list 110 deny udp any any eq netbios-dgm
access-list 110 deny udp any any eq netbios-ss
access-list 110 deny tcp any any eq 135
access-list 110 deny tcp any any eq 137
access-list 110 deny tcp any any eq 139
access-list 110 deny tcp any any eq 4444
access-list 110 permit ip any any
access-list 150 permit ip any 10.0.0.0 0.255.255.255
access-list 160 permit ip 10.0.0.0 0.255.255.255 any
!
snmp-server community 2611snmp RO
!
voice-port 1/0/0
cptone CN
!
voice-port 1/0/1
cptone CN
!
dial-peer cor custom
!
!
!
。。。。。。
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname ayj2610
!
logging rate-limit console 10 except errors
enable secret 5 $1$M7jN$SGzJ/0.satwTRMdJLyqIo.
!
clock timezone China 8
ip subnet-zero
!
!
no ip finger
no ip domain-lookup
!
!
class-map match-all c-sql
match access-group 101
!
!
policy-map p-sql
class c-sql
bandwidth percent 30
!
call rsvp-sync
cns event-service server
!
voice class codec 729
codec preference 1 g729r8
!
!
!
!
interface Loopback0
ip address 10.41.252.249 255.255.255.255
!
interface Ethernet0/0
ip address 10.41.24.241 255.255.255.248
full-duplex
!
interface Serial0/0
ip address 10.41.252.30 255.255.255.252 //失效
encapsulation ppp //失效
!
interface Serial0/1
no ip address
encapsulation frame-relay
frame-relay lmi-type ansi
!
interface Serial0/1.1 point-to-point
ip address 10.41.252.26 255.255.255.252
ip ospf network point-to-point
ip ospf cost 200
frame-relay interface-dlci 16 IETF
!
router eigrp 100
network 10.41.0.0 0.0.255.255
no auto-summary
no eigrp log-neighbor-changes
!
router ospf 41
log-adjacency-changes
redistribute connected metric 50 subnets
redistribute static metric 100 subnets
network 10.41.0.0 0.0.255.255 area 41
distribute-list 20 in
!
ip kerberos source-interface any
ip nat translation timeout never
ip nat translation tcp-timeout never
ip nat translation udp-timeout never
ip nat translation finrst-timeout never
ip nat translation syn-timeout never
ip nat translation dns-timeout never
ip nat translation icmp-timeout never
ip classless
ip route 10.41.200.0 255.255.255.0 10.41.252.25
ip route 10.41.200.96 255.255.255.248 10.41.24.246
no ip http server
!
!
map-class frame-relay 128k
frame-relay cir 128000
frame-relay bc 1280
frame-relay be 0
frame-relay mincir 128000
no frame-relay adaptive-shaping
frame-relay fair-queue
frame-relay fragment 160
frame-relay ip rtp priority 16384 16383 100
access-list 10 permit 0.0.0.0
access-list 10 permit 10.41.0.0 0.0.255.255
access-list 11 permit 10.0.0.0 0.255.255.255
access-list 20 permit 0.0.0.0
access-list 101 permit ip 10.41.0.0 0.0.255.255 host 10.41.0.1
access-list 110 deny udp any any eq bootps
access-list 110 deny udp any any eq bootpc
access-list 110 deny udp any any eq tftp
access-list 110 deny udp any any eq 135
access-list 110 deny udp any any eq netbios-ns
access-list 110 deny udp any any eq netbios-dgm
access-list 110 deny udp any any eq netbios-ss
access-list 110 deny tcp any any eq 135
access-list 110 deny tcp any any eq 137
access-list 110 deny tcp any any eq 139
access-list 110 deny tcp any any eq 4444
access-list 110 permit ip any any
access-list 150 permit ip any 10.0.0.0 0.255.255.255
access-list 160 permit ip 10.0.0.0 0.255.255.255 any
!
snmp-server community 2611snmp RO
!
voice-port 1/0/0
cptone CN
!
voice-port 1/0/1
cptone CN
!
dial-peer cor custom
!
!
!
。。。。。。
。。。。。。
!
line con 0
transport input none
line aux 0
line vty 0 4
password 7 094F4718312B
login
!
ntp clock-period 17208174
ntp server 10.41.0.99 source Ethernet0/0
end
!
line con 0
transport input none
line aux 0
line vty 0 4
password 7 094F4718312B
login
!
ntp clock-period 17208174
ntp server 10.41.0.99 source Ethernet0/0
end
ayj2610#
(xaosky原创,转载请著名出处!)
转载于:https://blog.51cto.com/xaosky/19350