问题描述:
例如vlan15下的用户指定int Dialer 15这个wan出口。
目前情况是, 当Dialer 15接口断开时,会自动路由到Dialer 13。
想问下怎么强制vlan15下的用户强制outbound接口走Dialer 15 WAN出口, 不使用其他接口。
组网及组网描述:
- 2023-05-24提问
- 举报
-
(0)
目前使用的配置如下:
#
version 7.1.064, Release 6728P25
#
ip pool 2 172.16.2.50 172.16.2.250
ip pool 3 172.16.3.50 172.16.3.250
#
vlan 1
#
vlan 2 to 3
#
vlan 13 to 15
#
dhcp server ip-pool ap_and_router_pool
gateway-list 10.3.0.11
network 10.3.0.0 mask 255.255.0.0
#
dhcp server ip-pool china_mobile_user_pool
gateway-list 10.15.0.11
network 10.15.0.0 mask 255.255.0.0
dns-list 10.15.0.11
#
dhcp server ip-pool china_unicom_user_pool
gateway-list 10.14.0.11
network 10.14.0.0 mask 255.255.0.0
dns-list 10.14.0.11
#
dhcp server ip-pool lan_pool
gateway-list 192.168.11.11
network 192.168.0.0 mask 255.255.0.0
dns-list 192.168.11.11
#
dhcp server ip-pool wifi_user_pool
gateway-list 10.13.0.11
network 10.13.0.0 mask 255.255.0.0
dns-list 10.13.0.11
#
policy-based-route rt_china_mobile permit node 15
if-match acl 2015
apply output-interface Dialer15
#
policy-based-route rt_china_telecom permit node 13
if-match acl 2013
apply output-interface Dialer13
#
policy-based-route rt_china_unicom permit node 14
if-match acl 2014
apply output-interface Dialer14 track 1
#
interface Dialer13
mtu 1492
ppp chap password cipher $c$3$kYT/vziyH1U0YQ6Of
ppp chap user 60307
ppp ipcp dns admit-any
ppp ipcp dns request
ppp pap local-user 6043 password cipher $c$3$kKrChAaZqyIedKqbXFE81
dialer bundle enable
dialer timer idle 0
dialer timer autodial 20
ip address ppp-negotiate
tcp mss 1400
nat outbound 2010
#
interface Dialer14
mtu 1492
ppp chap password cipher $c$3$OvuGLhL
ppp chap user 90343
ppp ipcp dns admit-any
ppp ipcp dns request
ppp pap local-user 9034 password cipher $c$3$bc1t3mITnj1AG
dialer bundle enable
dialer timer idle 0
dialer timer autodial 20
ip address ppp-negotiate
tcp mss 1400
nat outbound 2010
#
interface Dialer15
mtu 1492
ppp chap password cipher $c$3$BooQRFUDlwy/gNHBpK
ppp chap user 1382606
ppp ipcp dns admit-any
ppp ipcp dns request
ppp pap local-user 1382606 password cipher $c$3$uksBRWgUYPzZy
dialer bundle enable
dialer timer idle 0
dialer timer autodial 20
ip address ppp-negotiate
tcp mss 1400
nat outbound 2010
#
interface Virtual-Template2
ppp authentication-mode pap domain chap_auth_domain
ppp ipcp dns 172.16.2.11
remote address pool 2
ppp account-statistics enable
ip address 172.16.2.11 255.255.255.0
#
interface Virtual-Template3
ppp authentication-mode chap domain chap_auth_domain
ppp ipcp dns 172.16.3.11
remote address pool 3
ppp account-statistics enable
ip address 172.16.3.11 255.255.255.0
#
interface Vlan-interface1
ip address 192.168.11.11 255.255.0.0
#
interface Vlan-interface2
description interface ip as PAP gateway to dhcp for user
ip address 10.2.0.11 255.255.0.0
pppoe-server bind virtual-template 2
#
interface Vlan-interface3
description interface ip as CHAP gateway to dhcp for user
ip address 10.3.0.11 255.255.0.0
pppoe-server bind virtual-template 3
#
interface Vlan-interface13
ip address 10.13.0.11 255.255.0.0
#
interface Vlan-interface14
ip address 10.14.0.11 255.255.0.0
ip policy-based-route rt_china_unicom
#
interface Vlan-interface15
ip address 10.15.0.11 255.255.0.0
ip policy-based-route rt_china_mobile
#
interface GigabitEthernet0/0
port link-mode route
description China-Telecom wan
pppoe-client dial-bundle-number 13
#
interface GigabitEthernet0/1
port link-mode route
description China-Unicom wan
pppoe-client dial-bundle-number 14
#
interface GigabitEthernet0/2
port link-mode route
description China-Mobile wan
pppoe-client dial-bundle-number 15
#
ip route-static 0.0.0.0 0 Dialer13 preference 30
ip route-static 0.0.0.0 0 Dialer14 preference 40
ip route-static 0.0.0.0 0 Dialer15 preference 50
#
acl number 2010
description Allow WAN NAT
rule 0 permit source 192.168.0.0 0.0.255.255
rule 13 permit source 10.13.0.0 0.0.255.255
rule 14 permit source 10.14.0.0 0.0.255.255
rule 15 permit source 10.15.0.0 0.0.255.255
rule 20 permit source 172.16.2.0 0.0.0.255
rule 30 permit source 172.16.3.0 0.0.0.255
rule 100 deny
#
acl number 2013
description allow any SSID source ip packet
rule 13 permit source 10.13.0.0 0.0.255.255
#
acl number 2014
description allow any SSID source ip packet
rule 14 permit source 10.14.0.0 0.0.255.255
#
acl number 2015
description allow any SSID source ip packet
rule 15 permit source 10.15.0.0 0.0.255.255
- 2023-05-24回答
- 评论(0)
- 举报
-
(0)
编辑答案
➤
✖
亲~登录后才可以操作哦!
确定
✖
✖
你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
✖
举报
×
侵犯我的权益
>
对根叔社区有害的内容
>
辱骂、歧视、挑衅等(不友善)
侵犯我的权益
×
侵犯了我企业的权益
>
抄袭了我的内容
>
诽谤我
>
辱骂、歧视、挑衅等(不友善)
骚扰我
侵犯了我企业的权益
×
您好,当您发现根叔知了上有关于您企业的造谣与诽谤、商业侵权等内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到 pub.zhiliao@h3c.com 邮箱,我们会在审核后尽快给您答复。
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。
抄袭了我的内容
×
原文链接或出处
诽谤我
×
您好,当您发现根叔知了上有诽谤您的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。
对根叔社区有害的内容
×
垃圾广告信息
色情、暴力、血腥等违反法律法规的内容
政治敏感
不规范转载
>
辱骂、歧视、挑衅等(不友善)
骚扰我
诱导投票
不规范转载
×
举报说明
暂无评论