Soft routing ROS and H3C three-layer switch networking configuration

Network topology diagram

ROS configuration

Step 1: Define Ros's WAN port and LAN port

Define ether1 as WAN port, connect to optical modem

ether2 is defined as a LAN port, connected to a Layer 3 switch

Step 2: Add PPPOE Client on Ros,

In the Interface view, select "+" to add a PPPOE Client

In the General window, modify the two
names of name and Interface : the name of PPPOE (customizable)
Interface: select WAN port (WAN port)

In the Dial Out window, enter user and password
User: PPPOE account
Password: PPPOE password
User peer DNS (DNS server) and Add Default Route (default route) are checked by default. After checking, there is no need to manually add DNS and static routes. You can access the Internet.

In the Addresses window of the IP view, click "+" to add the interface address of ether2-LAN: 192.168.10.1/24

The third step: masquerading (NAT)

In the IP interface view, open the NAT in the Firewall window, and select "+" to add
a NAT for each network segment.

Add a camouflage for the 192.168.200.0/24 network segment

masquerade

Step 4: Add backhaul route

In the IP-Routes view,
DST address (target network segment): 192.168.100.0/24
Gatway (LAN port and LAN port IP), which is equivalent to the next hop address. : LAN
needs to add a return route for each network segment separately (otherwise the traffic cannot reach the VLAN, which will cause the outgoing packets to fail to come back)

H3C Layer 3 switch configuration

交换机配置如下：

#
 version 5.20, Release 2222P10
#
 sysname H3C
#
 irf mac-address persistent timer
 irf auto-update enable
 undo irf link-delay
#
 domain default enable system
#
 web idle-timeout 30
#
 password-recovery enable
#
vlan 1
#
vlan 10
#
vlan 100
#
vlan 200
#
domain system   
 access-limit disable
 state active   
 idle-cut disable
 self-service-url disable
#               
dhcp server ip-pool 10
 network 192.168.10.0 mask 255.255.255.0
 gateway-list 192.168.10.1
#               
user-group system
 group-attribute allow-guest
#               
local-user abc  
 password cipher $c$3$3O3TRePwLP0yAqW37DGX1h4rfkdIGQ==
 authorization-attribute level 3
 service-type ftp
local-user admin
 password cipher $c$3$Zn/sUTHSf0+ria4SnwGKiPjLfdwXUt7C
 authorization-attribute level 3
 service-type web
local-user root 
 password cipher $c$3$4eOQFNifn3uQrpYkYQovG6LThLqFT2Rcc0VD
 service-type telnet
 service-type web
#               
vlan-group n1   
#               
interface NULL0 
#               
interface Vlan-interface1
 ip address 172.16.1.1 255.255.255.0
 undo dhcp select server global-pool
#               
interface Vlan-interface10
 ip address 192.168.10.2 255.255.255.0
#               
interface Vlan-interface100
 ip address 192.168.100.1 255.255.255.0
#               
interface Vlan-interface200
 ip address 192.168.200.1 255.255.255.0
#               
interface GigabitEthernet1/0/1
#               
interface GigabitEthernet1/0/2
#               
interface GigabitEthernet1/0/3
#               
interface GigabitEthernet1/0/4
#               
interface GigabitEthernet1/0/5
#               
interface GigabitEthernet1/0/6
#               
interface GigabitEthernet1/0/7
#               
interface GigabitEthernet1/0/8
#               
interface GigabitEthernet1/0/9
#               
interface GigabitEthernet1/0/10
#               
interface GigabitEthernet1/0/11
 port access vlan 200
#               
interface GigabitEthernet1/0/12
 port access vlan 100
#               
interface GigabitEthernet1/0/13
#               
interface GigabitEthernet1/0/14
#               
interface GigabitEthernet1/0/15
#               
interface GigabitEthernet1/0/16
#               
interface GigabitEthernet1/0/17
#               
interface GigabitEthernet1/0/18
#               
interface GigabitEthernet1/0/19
#               
interface GigabitEthernet1/0/20
 port access vlan 10
#               
interface GigabitEthernet1/0/21
#               
interface GigabitEthernet1/0/22
#               
interface GigabitEthernet1/0/23
#               
interface GigabitEthernet1/0/24
 port link-type trunk
 port trunk permit vlan all
#               
interface GigabitEthernet1/0/25
 shutdown       
#               
interface GigabitEthernet1/0/26
 shutdown       
#               
interface GigabitEthernet1/0/27
 shutdown       
#               
interface GigabitEthernet1/0/28
 shutdown       
#               
rip 1           
 network 192.168.101.0
 network 192.168.102.0
 network 192.168.103.0
 network 10.0.0.0
#               
 ip route-static 0.0.0.0 0.0.0.0 10.0.8.1
 ip route-static 0.0.0.0 0.0.0.0 192.168.10.1
#               
 dhcp enable    
#               
 ftp server enable
#               
 load xml-configuration
#               
user-interface aux 0
 authentication-mode password
 set authentication password cipher $c$3$KcMReVoIeZfuRWS6GZQmpte0jZycfXExsQ==
user-interface vty 0 15
#               
return   

Finally, test the interoperability of each network segment, all interoperability