路由器网 - 让路由器设置变的简单易学!
高级搜索|网站地图|TAG标签RSS订阅[设为首页] [加入收藏]

192.168.1.1路由器设置 192.168.0.1无线路由器安装-路由器设置网

搜索

热门标签:

当前位置: 主页 > qq个性签名 >

实例解决如何用三层交换机取代路由器的单臂路由

时间:2012-10-22 09:52来源:未知 作者:admin 点击:
有一个朋友问我:单位原来使用H3C MSR30-11E路由器NAT上网,在内网口做了单臂路由,分别为三个楼层的三个VLAN(不同子网)做网关,最近单位又新购进H3C的S7603三层交换机作为外网的主交换,据说单臂路由性能低下,所以准备用7603开VLAN的接口地址做各VLAN内机
有一个朋友问我:单位原来使用H3C MSR30-11E路由器NAT上网,在内网口做了单臂路由,分别为三个楼层的三个VLAN(不同子网)做网关,最近单位又新购进H3C的S7603三层交换机作为外网的主交换,据说单臂路由性能低下,所以准备用7603开VLAN的接口地址做各VLAN内机器的网关,减轻路由器的负担,但是配置后发现问题来了,VLAN内机器无法ping通路由器的内网口地址,配置如下,请大侠们指教:
S7603三层交换机主要配置
[7603-WaiWang]disp cur
#
version 5.20, Release 6616P05
#
sysname 7603-WaiWang
#
domain default enable system
#
switch-mode standard
switch-mode normal slot 2
#
vlan 1
#
vlan 16
#
vlan 1602
#
vlan 1605
#
vlan 1608
.
.
.
#
interface Vlan-interface16
ip address 192.168.16.4 255.255.255.0   //管理地址
#
interface Vlan-interface1602
ip address 192.168.102.254 255.255.255.0   //VLAN1602的接口地址
#
interface Vlan-interface1605
ip address 192.168.105.254 255.255.255.0   //VLAN1605的接口地址
#
interface Vlan-interface1608
ip address 192.168.108.254 255.255.255.0   //VLAN1608的接口地址
.
.
.
#
interface GigabitEthernet2/0/31
port link-mode bridge
#
interface GigabitEthernet2/0/32  //连接到路由器MSR 30-11E的内网口(非直接连,看下面路由器配置有说明)
port link-mode bridge
description To_MSR30-11E
port link-type trunk
port trunk permit vlan 1 16 1602 1605 1608 1610 1614 1616 2001 to 2004   
#
ip route-static 0.0.0.0 0.0.0.0 172.21.209.1  //默认路由到路由器内网口
#
interface M-Ethernet0/0/0
#
load xml-configuration
#
return
MSR 30-11E的主要配置
#
version 5.20, Release 1910L03
#
sysname MSR30-11
#
nat address-group 1 1.2.3.193 1.2.3.193   //NAT地址池
#
domain default enable system
#
dns proxy enable
#
telnet server enable
#
dar p2p signature-file flash:/p2p_default.mtd
#
qos carl 1 source-ip-address range 192.168.102.1 to 192.168.102.253 per-address shared-bandwidth
qos carl 2 source-ip-address range 192.168.105.1 to 192.168.105.253 per-address shared-bandwidth
qos carl 3 source-ip-address range 192.168.108.1 to 192.168.108.253 per-address shared-bandwidth
.
.
.
qos carl 7 source-ip-address range 172.21.209.2 to 172.21.209.253 per-address shared-bandwidth
#
port-security enable
#
ip http port 47
#
acl number 2000
rule 0 permit source 172.21.209.0 0.0.0.255
rule 1 permit source 192.168.102.0 0.0.0.255
rule 2 permit source 192.168.105.0 0.0.0.255
rule 3 permit source 192.168.108.0 0.0.0.255
.
.
.
rule 10 deny
#
acl number 3011
rule 1 permit ip source 192.168.102.0 0.0.0.255
acl number 3012
rule 1 permit ip source 192.168.105.0 0.0.0.255
acl number 3013
rule 1 permit ip source 192.168.108.0 0.0.0.255
#
vlan 1
#
vlan 1602
#
vlan 1605
#
vlan 1608
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
authorization-attribute level 3
service-type telnet
#
cwmp
undo cwmp enable
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Cellular0/0
async mode protocol
link-protocol ppp
dar enable
#
interface Ethernet0/0
port link-mode route
nat outbound address-group 1
ip address 1.2.3.193 255.255.255.252  //外网口地址
#
interface Ethernet0/1
port link-mode route
ip address 172.21.209.1 255.255.255.0  //内网口地址
qos car inbound carl 6 cir 51200 cbs 3200000 ebs 0 green pass red discard

//以下子接口已取消,列出仅供参考
#
interface Ethernet0/1.1
vlan-type dot1q vid 1602
ip address 192.168.102.254 255.255.255.0
qos car inbound carl 1 cir 10240 cbs 640000 ebs 0 green pass red discard
#
interface Ethernet0/1.2
vlan-type dot1q vid 1605
ip address 192.168.105.254 255.255.255.0
qos car inbound carl 2 cir 10240 cbs 640000 ebs 0 green pass red discard
#
interface Ethernet0/1.3
vlan-type dot1q vid 1608
ip address 192.168.108.254 255.255.255.0
qos car inbound carl 3 cir 20480 cbs 640000 ebs 0 green pass red discard
#
interface Ethernet0/1.4
vlan-type dot1q vid 1610
ip address 192.168.110.254 255.255.255.0
qos car inbound carl 4 cir 10240 cbs 640000 ebs 0 green pass red discard
#
interface Ethernet0/1.5
vlan-type dot1q vid 1614
ip address 192.168.114.254 255.255.255.0
qos car inbound carl 5 cir 10240 cbs 640000 ebs 0 green pass red discard
#
interface Ethernet0/1.6
vlan-type dot1q vid 1616
ip address 192.168.116.254 255.255.255.0
qos car inbound carl 6 cir 10240 cbs 640000 ebs 0 green pass red discard
//以上子接口已取消,列出供参考
#
interface NULL0
#
interface Vlan-interface1
undo dhcp select server global-pool
#
interface Ethernet0/2   //路由器自带的24口交换机2口,连接路由器内网口(即上面的1口)
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 1602 1605 1608 1610 1614 1616 2001 to 2004
#
interface Ethernet0/3   //路由器自带的24口交换机3口,连接S7603主交换的32口
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 1602 1605 1608 1610 1614 1616 2001 to 2004
.
.
.
#
interface Ethernet0/24
port link-mode bridge
description abc4M
port access vlan 2001
#
interface Ethernet0/25
port link-mode bridge
description abc4M
port access vlan 2001
#
#
voice-setup
#
sip
#
sip-server
  #
  call-rule-set
  #
  call-route
#
dial-program
#
aaa-client
#
gk-client
#
ip route-static 0.0.0.0 0.0.0.0 1.2.3.194  //路由器默认路由
#
ssh server enable
#
load xml-configuration
#
load tr069-configuration
#
user-interface tty 12
user-interface aux 0
user-interface vty 1 4
#
return
请教我的配置问题出在哪里?另外我原来的单臂路由起到限速的作用了吗?
我是这么回答的:将7603连接路由器的口配置成三层口,然后配IP  172.21.209.2 要是配置二层口的话,交换机应该不知道172.21.209.1这个地址从哪个口出去,所以ping不通。
#
interface GigabitEthernet2/0/32  //连接到路由器MSR 30-11E的内网口
port link-mode route
ip add 172.21.209.2 24
description To_MSR30-11E


若不能配置route模式,可以将这个口划入一个vlan,然后配置intface vlan-int  地址   
  个人想法,没实际试验,不知道能不能行!
然后这个问题就解决了,哈哈。 有一个朋友问我:单位原来使用H3C MSR30-11E路由器NAT上网,在内网口做了单臂路由,分别为三个楼层的三个VLAN(不同子网)做网关,最近单位又新购进H3C的S7603三层交换机作为外网的主交换,据说单臂路由性能低下,所以准备用7603开VLAN的接口地址做各VLAN内机器的网关,减轻路由器的负担,但是配置后发现问题来了,VLAN内机器无法ping通路由器的内网口地址,配置如下,请大侠们指教:
S7603三层交换机主要配置
[7603-WaiWang]disp cur
#
version 5.20, Release 6616P05
#
sysname 7603-WaiWang
#
domain default enable system
#
switch-mode standard
switch-mode normal slot 2
#
vlan 1
#
vlan 16
#
vlan 1602
#
vlan 1605
#
vlan 1608
.
.
.
#
interface Vlan-interface16
ip address 192.168.16.4 255.255.255.0   //管理地址
#
interface Vlan-interface1602
ip address 192.168.102.254 255.255.255.0   //VLAN1602的接口地址
#
interface Vlan-interface1605
本文来自luyouqiwang.net

ip address 192.168.105.254 255.255.255.0   //VLAN1605的接口地址
#
interface Vlan-interface1608
ip address 192.168.108.254 255.255.255.0   //VLAN1608的接口地址
.
.
.
#
interface GigabitEthernet2/0/31
port link-mode bridge
#
interface GigabitEthernet2/0/32  //连接到路由器MSR 30-11E的内网口(非直接连,看下面路由器配置有说明)
port link-mode bridge
description To_MSR30-11E
port link-type trunk
port trunk permit vlan 1 16 1602 1605 1608 1610 1614 1616 2001 to 2004   
#
ip route-static 0.0.0.0 0.0.0.0 172.21.209.1  //默认路由到路由器内网口
#
interface M-Ethernet0/0/0
#
load xml-configuration
#
return
MSR 30-11E的主要配置
#
version 5.20, Release 1910L03
#
sysname MSR30-11
#
nat address-group 1 1.2.3.193 1.2.3.193   //NAT地址池
#
domain default enable system 本文来自luyouqiwang.net
#
dns proxy enable
#
telnet server enable
#
dar p2p signature-file flash:/p2p_default.mtd
#
qos carl 1 source-ip-address range 192.168.102.1 to 192.168.102.253 per-address shared-bandwidth
qos carl 2 source-ip-address range 192.168.105.1 to 192.168.105.253 per-address shared-bandwidth
qos carl 3 source-ip-address range 192.168.108.1 to 192.168.108.253 per-address shared-bandwidth
.
.
.
qos carl 7 source-ip-address range 172.21.209.2 to 172.21.209.253 per-address shared-bandwidth
#
port-security enable
#
ip http port 47
#
acl number 2000
rule 0 permit source 172.21.209.0 0.0.0.255
rule 1 permit source 192.168.102.0 0.0.0.255
rule 2 permit source 192.168.105.0 0.0.0.255
rule 3 permit source 192.168.108.0 0.0.0.255
.
.
.
rule 10 deny
#
acl number 3011
rule 1 permit ip source 192.168.102.0 0.0.0.255
acl number 3012 内容来自luyouqiwang.net
rule 1 permit ip source 192.168.105.0 0.0.0.255
acl number 3013
rule 1 permit ip source 192.168.108.0 0.0.0.255
#
vlan 1
#
vlan 1602
#
vlan 1605
#
vlan 1608
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
authorization-attribute level 3
service-type telnet
#
cwmp
undo cwmp enable
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Cellular0/0
async mode protocol
link-protocol ppp
dar enable
#
interface Ethernet0/0
port link-mode route
nat outbound address-group 1
ip address 1.2.3.193 255.255.255.252  //外网口地址
#
interface Ethernet0/1
port link-mode route
ip address 172.21.209.1 255.255.255.0  //内网口地址 本文来自luyouqiwang.net
qos car inbound carl 6 cir 51200 cbs 3200000 ebs 0 green pass red discard

//以下子接口已取消,列出仅供参考
#
interface Ethernet0/1.1
vlan-type dot1q vid 1602
ip address 192.168.102.254 255.255.255.0
qos car inbound carl 1 cir 10240 cbs 640000 ebs 0 green pass red discard
#
interface Ethernet0/1.2
vlan-type dot1q vid 1605
ip address 192.168.105.254 255.255.255.0
qos car inbound carl 2 cir 10240 cbs 640000 ebs 0 green pass red discard
#
interface Ethernet0/1.3
vlan-type dot1q vid 1608
ip address 192.168.108.254 255.255.255.0
qos car inbound carl 3 cir 20480 cbs 640000 ebs 0 green pass red discard
#
interface Ethernet0/1.4
vlan-type dot1q vid 1610
ip address 192.168.110.254 255.255.255.0
qos car inbound carl 4 cir 10240 cbs 640000 ebs 0 green pass red discard
#
interface Ethernet0/1.5
vlan-type dot1q vid 1614
ip address 192.168.114.254 255.255.255.0
路由器网

qos car inbound carl 5 cir 10240 cbs 640000 ebs 0 green pass red discard
#
interface Ethernet0/1.6
vlan-type dot1q vid 1616
ip address 192.168.116.254 255.255.255.0
qos car inbound carl 6 cir 10240 cbs 640000 ebs 0 green pass red discard
//以上子接口已取消,列出供参考
#
interface NULL0
#
interface Vlan-interface1
undo dhcp select server global-pool
#
interface Ethernet0/2   //路由器自带的24口交换机2口,连接路由器内网口(即上面的1口)
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 1602 1605 1608 1610 1614 1616 2001 to 2004
#
interface Ethernet0/3   //路由器自带的24口交换机3口,连接S7603主交换的32口
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 1602 1605 1608 1610 1614 1616 2001 to 2004
.
.
.
#
interface Ethernet0/24
port link-mode bridge
description abc4M

内容来自luyouqiwang.net


port access vlan 2001
#
interface Ethernet0/25
port link-mode bridge
description abc4M
port access vlan 2001
#
#
voice-setup
#
sip
#
sip-server
  #
  call-rule-set
  #
  call-route
#
dial-program
#
aaa-client
#
gk-client
#
ip route-static 0.0.0.0 0.0.0.0 1.2.3.194  //路由器默认路由
#
ssh server enable
#
load xml-configuration
#
load tr069-configuration
#
user-interface tty 12
user-interface aux 0
user-interface vty 1 4
#
return
请教我的配置问题出在哪里?另外我原来的单臂路由起到限速的作用了吗?
我是这么回答的:将7603连接路由器的口配置成三层口,然后配IP  172.21.209.2 要是配置二层口的话,交换机应该不知道172.21.209.1这个地址从哪个口出去,所以ping不通。
#
interface GigabitEthernet2/0/32  //连接到路由器MSR 30-11E的内网口

内容来自luyouqiwang.net


port link-mode route
ip add 172.21.209.2 24
description To_MSR30-11E


若不能配置route模式,可以将这个口划入一个vlan,然后配置intface vlan-int  地址   
  个人想法,没实际试验,不知道能不能行!
然后这个问题就解决了,哈哈。 (责任编辑:jida2010)
顶一下
(0)
0%
踩一下
(0)
0%
------分隔线----------------------------
栏目推荐
推荐内容
热点内容

Powered by 路由器网 © 2012-2014 www.luyouqiwang.net Inc.

皖ICP备11003822号-4