问题描述:
大家好!内网用户上网怎么只走移动线路?不走电信线路?要怎么设置才会走电信线路?
H3C F-1000-S-AI 部分配置如下:
#
acl number 2000
rule 0 permit source 192.168.8.44 0
acl number 2002
rule 0 permit source 192.168.19.0 0.0.0.255
acl number 2005
description deny wan
rule 10 deny source 192.168.21.0 0.0.0.255
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
pki domain default
crl check disable
#
traffic classifier classifier_1 operator and
if-match acl 2002
traffic classifier test operator and
if-match acl 2002
#
traffic behavior behavior_1
#
policy-based-route test1 permit node 2
if-match acl 2002
apply ip-precedence network
apply output-interface GigabitEthernet0/3
apply ip-address next-hop 183.64.3.1
apply default output-interface GigabitEthernet0/1
apply ip-address default next-hop 183.183.2.1
#
interface Vlan-interface1000
ip address 172.168.10.254 255.255.255.0
#
interface GigabitEthernet0/0
port link-mode route
ip address 192.168.0.1 255.255.255.0
#
interface GigabitEthernet0/1
port link-mode route
description TO-yidongchukou
nat outbound 2005
nat outbound 2000
nat server protocol tcp global 183.183.2.2 443 inside 10.0.0.77 443
nat server protocol tcp global 183.183.2.2 4430 inside 10.0.0.77 4430
nat server protocol tcp global 183.183.2.2 8080 inside 10.0.0.99 8080
nat server 1 protocol udp global current-interface 500 inside 10.0.0.222 500
nat server 2 protocol udp global current-interface 4500 inside 10.0.0.222 4500
nat server 3 protocol tcp global current-interface 10443 inside 10.0.0.222 443
nat server 4 protocol tcp global current-interface 2222 inside 10.0.0.222 2222
nat server protocol tcp global 183.183.2.2 9090 inside 10.0.0.66 9090
nat server protocol tcp global 183.183.2.2 9080 inside 10.0.0.66 9080
nat server protocol tcp global 183.183.2.2 60080 inside 10.0.0.67 www
ip address 183.183.2.2 255.255.255.0
#
interface GigabitEthernet0/2
port link-mode route
description TO-S7506e
ip address 100.100.100.2 255.255.255.0
#
interface GigabitEthernet0/3
port link-mode route
description TO-dianxinchukou
nat outbound 2005
nat outbound 2000
nat server protocol tcp global 183.64.3.3 4430 inside 10.0.0.77 4430
nat server protocol tcp global 183.64.3.3 8080 inside 10.0.0.99 8080
nat server protocol tcp global 183.64.3.3 443 inside 10.0.0.77 443
nat server protocol tcp global 183.64.3.3 5000 inside 10.0.0.99 8080
nat server protocol tcp global 183.64.3.3 9090 inside 10.0.0.66 9090
nat server protocol tcp global 183.64.3.3 9080 inside 10.0.0.66 9080
ip address 183.64.3.3 255.255.255.248
#
- 2018-10-18提问
- 举报
-
(0)
最佳答案
PBR配置错误
#
policy-based-route test1 permit node 2
if-match acl 2002
apply ip-precedence network
apply output-interface GigabitEthernet0/3
apply ip-address next-hop 183.64.3.1
apply default output-interface GigabitEthernet0/1
apply ip-address default next-hop 183.183.2.1
#
写两个节点匹配不同的ACL 和下一跳
- 2018-10-18回答
- 评论(3)
- 举报
-
(0)
内网接口没有调用PBR吧
好像没有,内网接口是这个GigabitEthernet0/2,要怎样配置?
你好!能不能配置大部分用户使用移动上网,部份IP或是IP段用电信上网?
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
你好!能不能配置大部分用户使用移动上网,部份IP或是IP段用电信上网?