MSR路由器策略路由配置

發(fā)布日期:2018/11/27 08:00:00

  場(chǎng)景:MSR路由器雙WAN口上網(wǎng),一個(gè)接口采用靜態(tài)地址,一個(gè)接口采用PPPoE撥號(hào)上網(wǎng)。兩個(gè)接口的帶寬相近,實(shí)現(xiàn)內(nèi)網(wǎng)192.168.1.0網(wǎng)段IP最后為奇數(shù)的主機(jī)上網(wǎng)走一個(gè)WAN口,IP最后為偶數(shù)的主機(jī)上網(wǎng)走另一個(gè)WAN口。

  1. 定義訪問(wèn)控制列表,用來(lái)匹配內(nèi)網(wǎng)數(shù)據(jù)報(bào)文

  system-view

  System View: return to User View with Ctrl+Z.

  [H3C]acl number 3000 //Comware V7平臺(tái)路由器命令為acl advanced 3000,下同

  [H3C-acl-adv-3000]rule 0 permit ip source 192.168.1.1 0.0.0.254 //匹配IP地址最后一位為奇數(shù)的IP地址

  [H3C-acl-adv-3000]quit

  [H3C]acl number 3001

  [H3C-acl-adv-3001]rule 0 permit ip source 192.168.1.0 0.0.0.254 //匹配IP地址最后一位為偶數(shù)的IP地址

  [H3C-acl-adv-3001]quit

  2. 創(chuàng)建策略路由aaa,節(jié)點(diǎn)1

  [H3C]policy-based-route aaa permit node 1

  [H3C-pbr-aaa-1]if-match acl 3000

  [H3C-pbr-aaa-1]apply output-interface dialer 10 //如果要指定的出口是PPPoE撥號(hào)的,這里需要指定出接口為Dialer口

  3. 創(chuàng)建策略路由aaa,節(jié)點(diǎn)2

  [H3C]policy-based-route aaa permit node 2

  [H3C-pbr-aaa-2]if-match acl 3001

  [H3C-pbr-aaa-2] apply ip-address next-hop 100.0.0.2 //如果要指定的出口是靜態(tài)地址的,這里指定下一跳地址

  4. 在內(nèi)網(wǎng)口應(yīng)用策略路由

  [H3C]interface Vlan-interface 1

  [H3C-Vlan-interface1]ip policy-based-route aaa

  [H3C-Vlan-interface1]quit

  魔力百聚配置:

  說(shuō)明:新建了兩個(gè)VLAN 10、20,vlan10走聯(lián)通線路,vlan20走電信線路。

  配置:

  #

  version 5.20, Release 2514P14

  #

  sysname H3C

  #

  domain default enable system

  #

  dns proxy enable

  #

  telnet server enable

  #

  dar p2p signature-file flash:/p2p_default.mtd

  #

  ndp enable

  #

  ntdp enable

  #

  cluster enable

  #

  port-security enable

  #

  password-recovery enable

  #

  acl number 3010

  rule 0 permit ip source 172.16.10.0 0.0.0.255

  acl number 3020

  rule 0 permit ip source 172.16.20.0 0.0.0.255

  acl number 3970

  rule 0 permit ip source 0.0.0.1 172.16.10.254

  #

  vlan 1

  #

  vlan 10

  #

  vlan 20

  #

  domain system

  access-limit disable

  state active

  idle-cut disable

  self-service-url disable

  #

  traffic classifier AdvWeb3970 operator and

  if-match acl 3970

  #

  traffic behavior AdvWeb3970

  queue af bandwidth 10240

  #

  qos policy PolicyLimit-1048576

  classifier AdvWeb3970 behavior AdvWeb3970

  #

  dhcp server ip-pool vlan1 extended

  network ip range 172.16.1.1 172.16.1.254

  network mask 255.255.255.0

  gateway-list 172.16.1.1

  dns-list 172.16.1.1

  #

  dhcp server ip-pool vlan10 extended

  network ip range 172.16.10.1 172.16.10.254

  network mask 255.255.255.0

  gateway-list 172.16.10.1

  dns-list 172.16.10.1

  #

  dhcp server ip-pool vlan20 extended

  network ip range 172.16.20.50 172.16.20.254

  network mask 255.255.255.0

  gateway-list 172.16.20.1

  dns-list 172.16.20.1

  #

  policy-based-route dianxin permit node 0

  if-match acl 3020

  apply output-interface Dialer10

  #

  policy-based-route liantong permit node 1

  if-match acl 3010

  apply ip-address next-hop 101.207.125.1

  #

  user-group system

  group-attribute allow-guest

  #

  local-user admin

  password cipher $c$3$40gC1cxf/wIJNa1ufFPJsjKAof+QP5aV

  authorization-attribute level 3

  service-type telnet

  service-type web

  #

  cwmp

  undo cwmp enable

  #

  interface Aux0

  async mode flow

  link-protocol ppp

  #

  interface Cellular0/0

  async mode protocol

  link-protocol ppp

  tcp mss 1024

  #

  interface Dialer10

  nat outbound

  link-protocol ppp

  ppp chap user CD0283360438579

  ppp chap password cipher $c$3$CVlByK1jzIUy9CYQEhAeXHXwmG1tsYhK1jIl

  ppp pap local-user CD0283360438579 password cipher $c$3$g+hpGg+/PR8lh5+OVPOcc8wvo1zCaRRcn+JC

  ppp ipcp dns admit-any

  ppp ipcp dns request

  mtu 1492

  ip address ppp-negotiate

  tcp mss 1024

  dialer user username

  dialer-group 10

  dialer bundle 10

  #

  interface NULL0

  #

  interface Vlan-interface1

  ip address 172.16.1.1 255.255.255.0

  tcp mss 1024

  dhcp server apply ip-pool vlan1

  #

  interface Vlan-interface10

  ip address 172.16.10.1 255.255.255.0

  dhcp server apply ip-pool vlan10

  ip policy-based-route liantong

  #

  interface Vlan-interface20

  ip address 172.16.20.1 255.255.255.0

  dhcp server apply ip-pool vlan20

  ip policy-based-route dianxin

  #

  interface GigabitEthernet0/0

  port link-mode route

  nat outbound

  ip address 101.207.125.82 255.255.255.0

  tcp mss 1024

  qos apply policy PolicyLimit-1048576 outbound

  dns server 208.67.222.222

  dns server 208.67.222.220

  #

  interface GigabitEthernet0/1

  port link-mode route

  nat outbound

  pppoe-client dial-bundle-number 10

  #

  interface GigabitEthernet0/2

  port link-mode bridge

  port access vlan 10

  #

  interface GigabitEthernet0/3

  port link-mode bridge

  port access vlan 20

  #

  interface GigabitEthernet0/4

  port link-mode bridge

  port access vlan 20

  #

  interface GigabitEthernet0/5

  port link-mode bridge

  #

  interface GigabitEthernet0/6

  port link-mode bridge

  port access vlan 20

  #

  interface GigabitEthernet0/7

  port link-mode bridge

  port access vlan 20

  #

  interface GigabitEthernet0/8

  port link-mode bridge

  #

  interface GigabitEthernet0/9

  port link-mode bridge

  port access vlan 20

  #

  ip route-static 0.0.0.0 0.0.0.0 Dialer10

  ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0 101.207.125.1

  #

  dhcp enable

  #

  dialer-rule 10 ip permit

  #

  nms primary monitor-interface GigabitEthernet0/0

  #

  load xml-configuration

  #

  load tr069-configuration

  #

  user-interface tty 12

  user-interface aux 0

  user-interface vty 0 4

  authentication-mode scheme

  #

  return


同創(chuàng)雙子為企業(yè)保駕護(hù)航

專注數(shù)字化方案建設(shè),推動(dòng)智慧企業(yè)生態(tài)圈的升級(jí)發(fā)展

三台县| 环江| 宁城县| 桐乡市| 施甸县| 平凉市| 通河县| 连江县| 渝北区| 桐乡市| 九龙县| 南岸区| 吉木萨尔县| 明星| 闻喜县| 灵石县| 穆棱市| 宾阳县| 阳城县| 新余市| 阳城县| 德安县| 新安县| 柳河县| 南召县| 板桥市| 无棣县| 姚安县| 河间市| 上犹县| 铜山县| 湘乡市| 白山市| 凤凰县| 双柏县| 安康市| 太仓市| 开江县| 剑川县| 安平县| 玉田县|