h3c路由器怎么设置

h3c路由器怎么设置

-

2023年2月18日发(作者：)

配置telnet登录

telnetserverenable

创建本地账号与密码

local-useradmin

passwordsimplehnjb8013

user-interfacevty04

authentication-modeschema

user-rolelevel-15

配置WAN口地址

system-view

[H3C]interfaceGigabitEthernet0/0

[H3C-GigabitEthernet0/0]ipaddress119.57.73.67255.255.255.248//IP地址和

掩码配置运营商分配的地址

[H3C-GigabitEthernet0/0]quit

2)设置内网网关

[H3C]interfaceGigabitEthernet0/1

[H3C-GigabitEthernet0/1]ipaddress192.168.1.124//内网网关IP地址

[H3C-GigabitEthernet0/1]quit

设置DHCP

system-view

[H3C]dhcpserverip-pool1

[H3C-dhcp-pool-1]network192.168.1.0mask255.255.255.0

[H3C-dhcp-pool-1]gateway-list192.168.1.1

[H3C-dhcp-pool-1]addressrange192.168.1.2192.168.1.200地址池

[H3C-dhcp-pool-1]dns-list202.106.0.20114.114.114.114//具体的运营商DNS

地址

[H3C-dhcp-pool-1]quit

4)在WAN接口配置NAT，实现内网地址上网进行源地址转换。

[H3C]interfaceGigabitEthernet0/0

[H3C-GigabitEthernet0/0]natoutbound

5)配置默认路由

[H3C]iproute-static0.0.0.00.0.0.0119.57.73.65//下一跳地址配置运营商分配的

网关地址

Nat一对一NAT

system-view

[H3C]natstaticoutbound192.168.1.248119.57.73.70

[H3C]interfaceGigabitEthernet0/0

[H3C-GigabitEthernet0/0]ipaddress119.57.73.70255.255.255.248sub

[H3C-GigabitEthernet0/0]natstaticenable

[H3C-GigabitEthernet0/0]quit

NAT端口映射

system-view

[H3C]interfaceGigabitEthernet0/0//进入设备公网接口

[H3C-GigabitEthernet0/0]

natserverprotocoltcpglobal119.57.73.675366inside192.168.1.675366

natserverprotocoltcpglobal119.57.73.675367inside192.168.1.675367

natserverprotocoltcpglobal119.57.73.678081inside192.168.1.2448081

natserverprotocoltcpglobal119.57.73.678123inside192.168.1.2508443

natserverprotocoltcpglobal119.57.73.6733890inside192.168.1.883389

L2TPoveripsec

1.开启L2TP功能。

system-view

[H3C]l2tpenable

2.配置本地用户名和密码，可配置多个用户

[H3C]local-userhnjbclassnetwork//配置拨号用户名

Newlocaluseradded.

[H3C-luser-network-hnjb]passwordsimplehnjb8013//配置拨号密码

[H3C-luser-network-hnjb]service-typeppp

[H3C-luser-network-hnjb]quit

3.配置用户认证方式和IP地址池

[H3C]domainsystem

[H3C-isp-system]authenticationppplocal//配置PPP用户的认证方式为本地认证

[H3C-isp-system]quit

[H3C]ippool1010.1.1.1010.1.1.100//配置为拨入终端分配的IP地址范围

4.创建虚拟模板接口

[H3C]interfaceVirtual-Template0

[H3C-Virtual-Template0]pppauthentication-modechap//配置本端PPP协议对终

端的验证方式为CHAP

[H3C-Virtual-Template0]remoteaddresspool10//在虚模板视图下指定为用户分配

IP的地址池

[H3C-Virtual-Template0]ipaddress10.1.1.124

[H3C-Virtual-Template0]pppipcpdns219.141.140.10114.114.114.114配置

DNS

[H3C-Virtual-Template0]quit

5.创建并配置L2TP组

[H3C]l2tp-group1modelns

[H3C-l2tp1]undotunnelauthentication//取消L2TP隧道验证功能，因为很多终端系

统不支持隧道验证功能。

[H3C-l2tp1]allowl2tpvirtual-template0

[H3C-l2tp1]quit

配置IPsec功能

A.创建并进入一个IKEkeychain视图，该视图用于配置IKE对等体的密钥信息。

[H3C]ikekeychainkeychain1

[H3C-ike-keychain-keychain1]pre-shared-keyaddress0.0.0.00.0.0.0key

simplehnjb2017//配置预共享密钥123456。

[H3C-ike-keychain-keychain1]quit

配置IKE对等体

[H3C]ikeprofileprofile1

[H3C-ike-profile-profile1]keychainkeychain1

[H3C-ike-profile-profile1]local-identityaddress119.57.73.67//指定标识本端身

份的IP地址。

[H3C-ike-profile-profile1]matchremoteidentityaddress0.0.0.00.0.0.0//指定

对端身份FQDN名称。

[H3C-ike-profile-profile1]proposal123456

[H3C-ike-profile-profile1]quit

配置IPsec安全提议

[H3C]ipsectransform-settran1

[H3C-ipsec-transform-set-tran1]espencryption-algorithmdes-cbc

[H3C-ipsec-transform-set-tran1]espauthentication-algorithmmd5

[H3C-ipsec-transform-set-tran1]quit

配置IPSec安全策略模板

[H3C]ipsecpolicy-templatemsr1

[H3C-ipsec-policy-template-msr-1]ike-profileprofile1//引用之前配置的IKE对

等体

[H3C-ipsec-policy-template-msr-1]transform-set123456//引用之前配置的

IPsec安全提议

[H3C-ipsec-policy-template-msr-1]quit

创建IPSec安全策略并引用安全策略模板

[H3C]ipsecpolicy1231isakmptemplatemsr

在公网接口上应用IPsec安全策略。

[H3C]interfaceGigabitEthernet0/0

[H3C-GigabitEthernet0/0]ipsecapplypolicy123

ikeproposal1

encryption-algorithmaes-cbc-128

dhgroup2

authentication-algorithmmd5

ikeproposal2

encryption-algorithm3des-cbc

dhgroup2

authentication-algorithmmd5

ikeproposal3

encryption-algorithm3des-cbc

dhgroup2

ikeproposal4

encryption-algorithmaes-cbc-256

dhgroup2

ikeproposal5

dhgroup2

ikeproposal6

encryption-algorithmaes-cbc-192

dhgroup2

ipsectransform-set1

encapsulation-modetransport

espencryption-algorithm3des-cbc

espauthentication-algorithmmd5

ipsectransform-set2

encapsulation-modetransport

espencryption-algorithmaes-cbc-128

espauthentication-algorithmsha1

ipsectransform-set3

encapsulation-modetransport

espencryption-algorithmaes-cbc-256

espauthentication-algorithmsha1

ipsectransform-set4

encapsulation-modetransport

espencryption-algorithmdes-cbc

espauthentication-algorithmsha1

ipsectransform-set5

encapsulation-modetransport

espencryption-algorithm3des-cbc

espauthentication-algorithmsha1

ipsectransform-set6

encapsulation-modetransport

espencryption-algorithmaes-cbc-192

espauthentication-algorithmsha1