g1/0/1属于neiwang实例,g1/0/2属于waiwang实例
neiwang实例引入waiwang实例全部直连路由,waiwang实例引入neiwang实例部分直连路由
neiwang实例路由表正常
外网实例路由表引入不成功
分析配置
[H3C]dis cu configuration vpn
#
ip vpn-instance neiwang
#
address-family ipv4
route-replicate from vpn-instance waiwang protocol direct
#
ip vpn-instance waiwang
#
address-family ipv4
route-replicate from vpn-instance neiwang protocol direct route-policy neiwang
#
[H3C]dis cu configuration route-policy
#
route-policy neiwang permit node 10
if-match ip address acl 3001
#
[H3C]dis acl 3001
Advanced IPv4 ACL 3001, 1 rule,
ACL"s step is 5
rule 0 permit ip vpn-instance neiwang source 1.1.1.0 0.0.0.255
乍一看没什么问题,但是查询手册路由策略章节会发现if-match语句
路由策略使用非VPN的ACL进行路由过滤
重新改写acl 3001
[H3C]acl advanced 3001
[H3C-acl-ipv4-adv-3001]rule 10 permit ip source 1.1.1.0 0.0.0.0
此时查看waiwang实例路由表
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作