Routing learning notes with simple configuration of H3C F100-s

Routing f-100 trust Zone

Each interface of a Cisco router belongs to a different network.

Note that each interface must belong to a different network. Although IOS allows you to configure IP addresses from the same network on two different interfaces, the router does not activate both interfaces.

For example, if the IP address on the network of 192.168.1.0/24 is configured for the fastethernet 0/1 interface of R1, what will happen? Fastethernet 0/0 has been assigned an address on the same network. If you configure the IP address of the network for the interface fastethernet 0/1, you will receive the following message:

R1 (config) # interface fastethernet0/1

R1 (config-If) # IP address 192.168.1.2 255.255.255.0

192.168.1.0 overlaps with fastethernet0/0

If you try to use the no shutdown command to enable this interface, you will receive the following message:

R1 (config-If) # No Shutdown

192.168.1.0 overlaps with fastethernet0/0

Fastethernet0/1: Incorrect IP address assignment

Static Routing should be used in the following situations:

The network only contains several routers. In this case, dynamic routing does not have any practical advantages. On the contrary, dynamic routing may increase the management burden.

The network only accesses the Internet through a single ISP. Because the ISP is the only Internet egress point, dynamic routing protocol is not required between the links.

A large network configured with a centralized star topology. A centralized star topology consists of a central position (central point) and multiple branch locations (Scattered Points). Each scattered point has only one connection to the central point. Because each branch has only one path to reach the destination through the central location, dynamic routing is not required.

Dynamic Routing Protocols include:

* Network discovery

* Update and maintain the route table

The following are the dynamic routing protocols commonly used for IP address data packets:

Rip (route information Protocol)

IGRP (Internal Gateway Routing Protocol)

China site)

OSPF (Open Shortest Path First)

Is-Is (intermediate system to intermediate system)

BGP (Border Gateway Protocol)

A [H3C-F100-S] dis current-Configuration

#

Sysname H3C-F100-S

#

Undo firewall packet-filter enable

Firewall packet-filter default permit

#

Undo connection-limit enable

Connection-limit default deny

Connection-limit default amount upper-limit 50 lower-Limit 20

#

Firewall statistic system enable

#

Radius scheme System

Server-type extended

#

Domain System

#

Interface aux0

Async mode flow

#

Interface ethernet0/0

IP address 10.11.12.10 255.255.255.252

#

Interface ethernet0/1

IP address 10.11.0.1 255.255.255.0

#

Interface ethernet0/2

#

Interface ethernet0/3

#

Interface encrypt1/0

#

Interface null0

#

Firewall zone local

Set priority 100

#

Firewall zone Trust

Add interface ethernet0/0

Add interface ethernet0/1

Set priority 85

#

Firewall zone untrust

Set priority 5

#

Firewall zone DMZ

Set priority 50

#

Firewall Interzone Local Trust

#

Firewall Interzone local untrust

#

Firewall Interzone local DMZ

#

Firewall Interzone trust untrust

#

Firewall Interzone trust DMZ

#

Firewall Interzone DMZ untrust

#

IP route-static 0.0.0.0 0.0.0.0 10.11.12.9 preference 60 // The default route pointing to the Internet

#

User-interface con 0

User-interface aux 0

User-interface vty 0 4

#

Return

PS: I wrote my blog for the first time. I hope to record my learning process. The world on the internet is really too broad. Let's get a little bit of accumulation! I have learned a lot about the configuration in the afternoon. In the past few days, with the help of Teacher Li, I have made great progress (I feel like I am. o) When I learned from him, I found that experience was really useful. When I encountered an error, I had to think of as many reasons as possible and then conduct corresponding tests to troubleshoot the problem, such as ping failure, it may be that the firewall is not closed, set the ping policy, the gateway settings, the H3C-F100-S encountered today for the firewall, you need to add the corresponding port to the trust zone to ping. Remember to use the Save command After configuring H3C Huawei devices. Juniper needs to use commit to prevent configuration loss after power loss. The routing address between devices generally does not affect the network.

This article is from the "from -- 0" blog, please be sure to keep this source http://zch51.blog.51cto.com/9370683/1551383

Routing learning notes with simple configuration of H3C F100-s