Network topology diagram
ROS configuration
Step 1: Define Ros's WAN port and LAN port
Define ether1 as WAN port, connect to optical modem
ether2 is defined as a LAN port, connected to a Layer 3 switch
Step 2: Add PPPOE Client on Ros,
In the Interface view, select "+" to add a PPPOE Client
In the General window, modify the two
names of name and Interface : the name of PPPOE (customizable)
Interface: select WAN port (WAN port)
In the Dial Out window, enter user and password
User: PPPOE account
Password: PPPOE password
User peer DNS (DNS server) and Add Default Route (default route) are checked by default. After checking, there is no need to manually add DNS and static routes. You can access the Internet.
In the Addresses window of the IP view, click "+" to add the interface address of ether2-LAN: 192.168.10.1/24
The third step: masquerading (NAT)
In the IP interface view, open the NAT in the Firewall window, and select "+" to add
a NAT for each network segment.
Add a camouflage for the 192.168.200.0/24 network segment
masquerade
Step 4: Add backhaul route
In the IP-Routes view,
DST address (target network segment): 192.168.100.0/24
Gatway (LAN port and LAN port IP), which is equivalent to the next hop address. : LAN
needs to add a return route for each network segment separately (otherwise the traffic cannot reach the VLAN, which will cause the outgoing packets to fail to come back)
H3C Layer 3 switch configuration
交换机配置如下:
#
version 5.20, Release 2222P10
#
sysname H3C
#
irf mac-address persistent timer
irf auto-update enable
undo irf link-delay
#
domain default enable system
#
web idle-timeout 30
#
password-recovery enable
#
vlan 1
#
vlan 10
#
vlan 100
#
vlan 200
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
dhcp server ip-pool 10
network 192.168.10.0 mask 255.255.255.0
gateway-list 192.168.10.1
#
user-group system
group-attribute allow-guest
#
local-user abc
password cipher $c$3$3O3TRePwLP0yAqW37DGX1h4rfkdIGQ==
authorization-attribute level 3
service-type ftp
local-user admin
password cipher $c$3$Zn/sUTHSf0+ria4SnwGKiPjLfdwXUt7C
authorization-attribute level 3
service-type web
local-user root
password cipher $c$3$4eOQFNifn3uQrpYkYQovG6LThLqFT2Rcc0VD
service-type telnet
service-type web
#
vlan-group n1
#
interface NULL0
#
interface Vlan-interface1
ip address 172.16.1.1 255.255.255.0
undo dhcp select server global-pool
#
interface Vlan-interface10
ip address 192.168.10.2 255.255.255.0
#
interface Vlan-interface100
ip address 192.168.100.1 255.255.255.0
#
interface Vlan-interface200
ip address 192.168.200.1 255.255.255.0
#
interface GigabitEthernet1/0/1
#
interface GigabitEthernet1/0/2
#
interface GigabitEthernet1/0/3
#
interface GigabitEthernet1/0/4
#
interface GigabitEthernet1/0/5
#
interface GigabitEthernet1/0/6
#
interface GigabitEthernet1/0/7
#
interface GigabitEthernet1/0/8
#
interface GigabitEthernet1/0/9
#
interface GigabitEthernet1/0/10
#
interface GigabitEthernet1/0/11
port access vlan 200
#
interface GigabitEthernet1/0/12
port access vlan 100
#
interface GigabitEthernet1/0/13
#
interface GigabitEthernet1/0/14
#
interface GigabitEthernet1/0/15
#
interface GigabitEthernet1/0/16
#
interface GigabitEthernet1/0/17
#
interface GigabitEthernet1/0/18
#
interface GigabitEthernet1/0/19
#
interface GigabitEthernet1/0/20
port access vlan 10
#
interface GigabitEthernet1/0/21
#
interface GigabitEthernet1/0/22
#
interface GigabitEthernet1/0/23
#
interface GigabitEthernet1/0/24
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet1/0/25
shutdown
#
interface GigabitEthernet1/0/26
shutdown
#
interface GigabitEthernet1/0/27
shutdown
#
interface GigabitEthernet1/0/28
shutdown
#
rip 1
network 192.168.101.0
network 192.168.102.0
network 192.168.103.0
network 10.0.0.0
#
ip route-static 0.0.0.0 0.0.0.0 10.0.8.1
ip route-static 0.0.0.0 0.0.0.0 192.168.10.1
#
dhcp enable
#
ftp server enable
#
load xml-configuration
#
user-interface aux 0
authentication-mode password
set authentication password cipher $c$3$KcMReVoIeZfuRWS6GZQmpte0jZycfXExsQ==
user-interface vty 0 15
#
return
Finally, test the interoperability of each network segment, all interoperability