策略路由
- 0关注
- 1收藏,1307浏览
问题描述:
专线 IP 123.149.207.94 服务器IP 192.168.10.224
专线已经插到MS830 的GigabitEthernet0/4 GET4那个口上了
需要让原先MS830 分配的内网主机能访问 192.168.10.224的服务器 但是上网走原来的拨号不走专线的网 只让服务器外网走专线
希望大神能针对以上IP 写下命令
- 2019-08-13提问
- 举报
-
(0)
最佳答案
内网终端访问内网地址 192.168.10.224,走二层单播,不经过路由器,出外网选路问题,得配置pbr,实现哪些源地址走哪个出口上互联网,例如:
policy-based-route p1 permit node 1
if-match acl 2001
apply default-output-interface dialer 1
policy-based-route p1 permit node 2
if-match acl 2002
apply default-next-hop 2.1.1.1 /专线的下一跳/
acl number 2001
rule 1 permit source 192.168.1.0 0.0.0.255
acl number 2002
rule 1 permit source 192.168.2.0.0 0.0.0.255
acl number 2000 (将ACL 2000 应用到3个wan口做acl转发,nat out 2000)
rule 1 permit source 192.168.1.0 0.0.0.255
rule 2 permit source 192.168.2.0 0.0.0.255
interface GigabitEthernet0/0
description link-lan
ip policy-based-route p1
然后配置两条外线的缺省路由
ip route-static 0.0.0.0 0 1.1.1.1
ip route-static 0.0.0.0 0 2.1.1.1
- 2019-08-13回答
- 评论(5)
- 举报
-
(0)
配置后192.16810.224 能通外网 但是其他的192.168.10.XX上不了外网 专线的ip内网也能ping通 acl number 3010 rule 5 permit ip source 192.168.1.0 0.0.0.255 rule 10 permit ip source 192.168.2.0 0.0.0.255 rule 15 permit ip source 192.168.10.0 0.0.0.255 acl number 3011 rule 20 permit ip source 192.168.10.244 255.255.255.255 [H3C-acl-adv-3011]acl number 3012 [H3C-acl-adv-3012]rule 5 permit ip source 192.168.1.0 0.0.0.255 [H3C-acl-adv-3012]rule 10 permit ip source 192.168.2.0 0.0.0.255 [H3C-acl-adv-3012]rule 15 permit ip source 192.168.10.0 0.0.0.255 [H3C]policy-based-route aaa permit node 5 % New sequence of this list. [H3C-pbr-aaa-5]if-match acl 3012 [H3C-pbr-aaa-5]policy-based-route aaa permit node 10 % New sequence of this list. [H3C-pbr-aaa-10]if-match acl 3011 [H3C-pbr-aaa-10]apply ip-address next-hop 192.168.10.224 [H3C-pbr-aaa-10]quit [H3C]interface GigabitEthernet0/4 [H3C-GigabitEthernet0/4]ip address 123.149.207.94 255.255.255.0 [H3C-GigabitEthernet0/4]dhcp select relay [H3C-GigabitEthernet0/4]dhcp relay server-select 1 [H3C-GigabitEthernet0/4]ip policy-based-route aaa [H3C-GigabitEthernet0/4]quit
acl number 3010 rule 5 permit ip source 192.168.1.0 0.0.0.255 rule 10 permit ip source 192.168.2.0 0.0.0.255 rule 15 permit ip source 192.168.10.0 0.0.0.255 acl number 3011 rule 20 permit ip source 192.168.10.244 255.255.255.255 [H3C-acl-adv-3011]acl number 3012 [H3C-acl-adv-3012]rule 5 permit ip source 192.168.1.0 0.0.0.255 [H3C-acl-adv-3012]rule 10 permit ip source 192.168.2.0 0.0.0.255 [H3C-acl-adv-3012]rule 15 permit ip source 192.168.10.0 0.0.0.255 [H3C]policy-based-route aaa permit node 5 % New sequence of this list. [H3C-pbr-aaa-5]if-match acl 3012 [H3C-pbr-aaa-5]policy-based-route aaa permit node 10 % New sequence of this list. [H3C-pbr-aaa-10]if-match acl 3011 [H3C-pbr-aaa-10]apply ip-address next-hop 192.168.10.224 [H3C-pbr-aaa-10]quit [H3C]interface GigabitEthernet0/4 [H3C-GigabitEthernet0/4]ip address 123.149.207.94 255.255.255.0 [H3C-GigabitEthernet0/4]dhcp select relay [H3C-GigabitEthernet0/4]dhcp relay server-select 1 [H3C-GigabitEthernet0/4]ip policy-based-route aaa [H3C-GigabitEthernet0/4]quit
我发答案上了
基本功能,哪里有问题吗?做配置的话,建议看看配置手册。
- 2019-08-13回答
- 评论(1)
- 举报
-
(0)
专线插上去了 看着手册配置了几次不成功
专线插上去了 看着手册配置了几次不成功
acl number 3010
rule 5 permit ip source 192.168.1.0 0.0.0.255
rule 10 permit ip source 192.168.2.0 0.0.0.255
rule 15 permit ip source 192.168.10.0 0.0.0.255
acl number 3011
rule 20 permit ip source 192.168.10.244 255.255.255.255
[H3C-acl-adv-3011]acl number 3012
[H3C-acl-adv-3012]rule 5 permit ip source 192.168.1.0 0.0.0.255 [H3C-acl-adv-3012]rule 10 permit ip source 192.168.2.0 0.0.0.255 [H3C-acl-adv-3012]rule 15 permit ip source 192.168.10.0 0.0.0.255 [H3C]policy-based-route aaa permit node 5 % New sequence of this list. [H3C-pbr-aaa-5]if-match acl 3012
[H3C-pbr-aaa-5]policy-based-route aaa permit node 10 % New sequence of this list.
[H3C-pbr-aaa-10]if-match acl 3011
[H3C-pbr-aaa-10]apply ip-address next-hop 192.168.10.224 [H3C-pbr-aaa-10]quit
[H3C]interface GigabitEthernet0/4
[H3C-GigabitEthernet0/4]ip address 123.149.207.94 255.255.255.0
[H3C-GigabitEthernet0/4]dhcp select relay
[H3C-GigabitEthernet0/4]dhcp relay server-select 1
[H3C-GigabitEthernet0/4]ip policy-based-route aaa
[H3C-GigabitEthernet0/4]quit
- 2019-08-13回答
- 评论(0)
- 举报
-
(0)
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
我发答案上了