本文格式为Word版,下载可任意编辑双出口组网典型配置 MSR常见应用场景配置指导(双出口组网典型配置篇) 适用产品: H3CMSR20、MSR30、MSR50各系列的全体产品 适应版本: 2022.8.15日之后正式发布的版本绝大片面配置也适用之前发布的版本 使用方法: 根据实际应用场景,在本文配置指导根基上,做定制化修改后使用 实际组网中可能存在特殊要求,建议由专业人员或在专业人员指导下操作 本文以MSR2022产品,2022.8.15日ESS1710软件版本为案例(1710以后的版本同样支持) H3CComwarePlatformSoftware ComwareSoftware,Version5.20,ESS1710 ComwarePlatformSoftwareVersionCOMWAREV500R002B58D001SP01 H3CMSR2022SoftwareVersionV300R003B01D004SP01 Copyright(c)2022-2022HangzhouH3CTech.Co.,Ltd.Allrightsreserved. CompiledAug15202213:57:11,RELEASESOFTWARE 1.1双出口组网典型配置 用户为了同时实现负载分担和链路备份,一般会选择双WAN接入的组网方式。
当两条链路都正常的处境下为负载分担,当任意一条链路展现故障时,全体流量可以转发到另外一条链路举行转发,实现动态备份下面就两种常见的组网给出配置实例 1.1.1MSR5006双以太网链路接入 网络拓扑图如图3所示,MSR5006有两条到同一运营商的链路,G1/0网络地址为142.1.1.0/30,G2/0网络地址为162.1.1.0/30正常工作时流量分别从两个接口发出,当任意一条链路展现故障时,流量全部转移到另外一条链路发送配置需求如下: 1、对内网主机举行限速,上行限制512kbps,下行限制1024kbps; 2、启用防火墙对攻击报文举行过虑; 3、启动ARP防攻击功能和ARP绑定功能,防止ARP坑骗攻击; 4、优化NAT表项老化时间; 5、启用自动侦测功能,检测WAN链路状态; 6、启用基于用户负载分担功能,对流量举行负载分担; 图4双以太网链路接入拓扑图 [H3C]discur # sysnameH3C # firewallpacket-filterenable # nataging-timetcp300 nataging-timeudp180 nataging-timepptp300 nataging-timeftp-ctrl300 # ipuser-based-sharingenable ipuser-based-sharingroute0.0.0.00.0.0.0 # qoscarl1source-ip-addressrange192.168.1.1to192.168.1.254per-address qoscarl2destination-ip-addressrange192.168.1.1to192.168.1.254per-address # radiusschemesystem # domainsystem # local-useradmin passwordcipher.]@USE=B,53Q=^Q`MAF4<1!! service-typetelnet level3 # detect-group1 detect-list1ipaddress142.1.1.1nexthop142.1.1.1 # detect-group2 detect-list1ipaddress162.1.1.1nexthop162.1.1.1 # aclnumber3000 rule0permitipsource192.168.1.00.0.0.255 rule1000denyip aclnumber3001nameWAN1Defend rule0denyudpdestination-porteqtftp rule1denytcpdestination-porteq4444 rule2denytcpdestination-porteq135 rule3denyudpdestination-porteq135 rule4denyudpdestination-porteqnetbios-ns rule5denyudpdestination-porteqnetbios-dgm rule6denytcpdestination-porteq139 rule7denyudpdestination-porteqnetbios-ssn rule8denytcpdestination-porteq445 rule9denyudpdestination-porteq445 rule10denyudpdestination-porteq593 rule11denytcpdestination-porteq593 rule12denytcpdestination-porteq5554 rule13denytcpdestination-porteq9995 rule14denytcpdestination-porteq9996 rule15denyudpdestination-porteq1434 rule16denytcpdestination-porteq1068 rule17denytcpdestination-porteq5800 rule18denytcpdestination-porteq5900 rule19denytcpdestination-porteq10080 rule22denytcpdestination-porteq3208 rule23denytcpdestination-porteq1871 rule24denytcpdestination-porteq4510 rule25denyudpdestination-porteq4334 rule26denytcpdestination-porteq4331 rule27denytcpdestination-porteq4557 rule28denyudpdestination-porteq4444 rule29denyudpdestination-porteq1314 rule30denytcpdestination-porteq6969 rule31denytcpdestination-porteq137 rule32denytcpdestination-porteq389 rule33denytcpdestination-porteq138 rule34denyudpdestination-porteq136 rule35denytcpdestination-porteq1025 rule36denytcpdestination-porteq6129 rule37denytcpdestination-porteq1029 rule38denytcpdestination-porteq20228 rule39denytcpdestination-porteq4899 rule40denytcpdestination-porteq45576 rule41denytcpdestination-porteq1433 rule42denytcpdestination-porteq1434 rule43denyudpdestination-porteq1433 rule200permiticmpicmp-typeecho rule201permiticmpicmp-typeecho-reply rule202permiticmpicmp-typettl-exceeded rule210denyicmp rule300permitudpsource-porteqdns rule310permittcpdestination-porteqtelnet rule1000permitipdestination192.168.1.00.0.0.255 rule2000denyip aclnumber3002nameWAN2Defend rule0denyudpdestination-porteqtftp rule1denytcpdestination-porteq4444 rule2denytcpdestination-porteq135 rule3denyudpdestination-porteq135 rule4denyudpdestination-porteqnetbios-ns rule5denyudpdestination-porteqnetbios-dgm rule6denytcpdestination-porteq139 rule7denyudpdestination-porteqnetbios-ssn rule8denytcpdestination-porteq445 rule9denyudpdestination-porteq445 rule10denyudpdestination-porteq593 rule11denytcpdestination-porteq593 rule12denytcpdestination-porteq5554 rule13denytcpdestination-porteq9995 rule14denytcpdestination-porteq9996 rule15denyudpdestination-porteq1434 rule16denytcpdestination-porteq1068 rule17denytcpdestination-porteq5800 rule18denytcpdestination-porteq5900 rule19denytcpdestination-porteq10080 rule22denytcpdestination-porteq3208 rule23denytcpdestination-porteq1871 rule24denytcpdestination-porteq4510 rule25denyudpdestination-porteq4334 rule26denytcpdestination-porteq4331 rule27denytcpdestination-porteq4557 rule28denyudpdestination-porteq4444 rule29denyudpdestination-porteq1314 rule30denytcpdestination-porteq6969 rule31denytcpdestination-porteq137 rule32denytcpdestination-porteq389 rule33denytcpdestination-porteq138 rule34denyudpdestination-porteq136 rule35denytcpdestination-porteq1025 rule36denyt。