H3C交換機（S5500）策略路由配置筆記

寫過華爲S8508的策略路由，這次碰到一臺H3C S5500，在配置上和華爲交換機有些不同。大致配置如下：

拓撲圖：

網絡情況如下：

用戶1網絡：172.16.1.0/24
用戶2網絡： 192.168.1.0/24
至出口1網絡：172.16.100.0/24
至出口2網絡：192.168.100.0/24

實現功能：用戶1通過互聯網出口1，用戶2通過互聯網出口2。
功能實現：在三層交換臺機上配置默認路由，將數據包丟向192.168.100.253，再利用策略路由，凡是用戶2網絡IP192.168.1.0/24的地址都丟向172.16.100.253。

配置步驟：

說明：這裏接口的配置等操作就不在寫了。

1、首先建立默認路由，將所有的數據包都丟往出口2的下一節點192.168.100.253

[H3C5500] ip route-static 0.0.0.0 0.0.0.0 192.168.100.253

2、配置流分類1，對象爲172.16.1.0/24的數據

[H3C5500]acl number 3001

[H3C5500-acl-adv-3001] rule 0 permit ip source 172.16.1.0 0.0.0.255

[H3C5500] quit

[H3C5500] traffic classifier 1

[H3C5500-classifier-1] if-match acl 3001

[H3C5500-classifier-1] quit

3、配置剛纔定義的流分類的行爲，定義如果匹配就下一跳至出口1即172.16.100.253

[H3C5500] traffic behavior 1

[H3C5500-behavior-1] redirect next-hop 172.16.100.253

[H3C5500-behavior-1] quit

4、將剛纔設置的應用至QOS策略中，定義policy 1

[H3C5500] qos policy 1

[H3C5500-qospolicy-1] classifier 1 behavior 1

[H3C5500-qospolicy-1] quit

5、在接口上應用定義的QOS策略policy 1

[H3C5500] interface GigabitEthernet 1/0/15

[H3C5500-GigabitEthernet1/0/15] qos apply policy 1 inbound

[H3C5500-GigabitEthernet1/0/15] quit

至此，配置已完成。

配置文件（略過一些接口配置信息）：

version 5.20, Release 2102P02
#
sysname H3C5500
#
domain default enable system
#
telnet server enable
#
vlan 1
#
vlan 100 to 103
#
traffic classifier 1 operator and
if-match acl 3001
#
traffic behavior 1
redirect next-hop 172.16.100.253
#
qos policy 1
classifier 1 behavior 1
#
dhcp server ip-pool 1
network 192.168.1.0 mask 255.255.255.0
gateway-list 192.168.1.254
dns-list 221.228.255.1
#
dhcp server ip-pool 2
network 172.16.1.0 mask 255.255.255.0
gateway-list 172.16.1.254
dns-list 221.228.255.1
#
local-user huawei
password cipher .]@USE=B,53Q=^Q`M<1!!
service-type telnet terminal
level 3
#
acl number 3001
rule 0 permit ip source 172.16.1.0 0.0.0.255
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.0.254 255.255.255.0
#
interface Vlan-interface100
ip address 192.168.100.254 255.255.255.0
#
interface Vlan-interface101
ip address 192.168.1.254 255.255.255.0
#
interface Vlan-interface102
ip address 172.16.100.254 255.255.255.0
#
interface Vlan-interface103
ip address 172.16.1.254 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-type access
port access vlan 100
speed 1000
duplex full
#
interface GigabitEthernet1/0/2
port link-type access
port access vlan 102
speed 1000
duplex full
#
interface GigabitEthernet1/0/15
port link-type trunk
port trunk permit vlan 1 101 103
speed 1000
duplex full
qos apply policy 1 inbound
#
interface GigabitEthernet1/0/16
port link-type trunk
port trunk permit vlan 1 101 103
speed 1000
duplex full
qos apply policy 1 inbound
#
ip route-static 0.0.0.0 0.0.0.0 192.168.100.253
#
dhcp enable
#
load xml-configuration
#
user-interface aux 0
authentication-mode scheme
user-interface vty 0 4
authentication-mode scheme
user privilege level 3
#
return