带VPN实例的策略路由配置案例
关键配置:
SW:
#
ip vpn-instance VPM1
#
ip vpn-instance VPN1
#
ip vpn-instance VPN2
#
ip vpn-instance VPN3
#
acl advanced 3999
rule 1 permit ip vpn-instance VPN1 source 192.168.10.1 0
#
policy-based-route aaa permit node 10
if-match acl 3999
apply next-hop vpn-instance VPN3 2.2.2.1
#
interface GigabitEthernet1/0/1
port link-mode route
combo enable fiber
ip binding vpn-instance VPN1
ip address 192.168.10.254 255.255.255.0
ip policy-based-route aaa
#
interface GigabitEthernet1/0/2
port link-mode route
combo enable fiber
ip binding vpn-instance VPN2
ip address 1.1.1.2 255.255.255.252
#
interface GigabitEthernet1/0/3
port link-mode route
combo enable fiber
ip binding vpn-instance VPN3
ip address 2.2.2.2 255.255.255.252
#
ip route-static vpn-instance VPN1 0.0.0.0 0 vpn-instance VPN2 1.1.1.1
ip route-static vpn-instance VPN1 0.0.0.0 0 vpn-instance VPN3 2.2.2.1 preference 70
ip route-static vpn-instance VPN2 192.168.10.1 32 vpn-instance VPN1 192.168.10.1
ip route-static vpn-instance VPN3 192.168.10.1 32 vpn-instance VPN1 192.168.10.1
1、
2、
ip route-static vpn-instance VPN1 0.0.0.0 0 vpn-instance VPN2 1.1.1.1
ip route-static vpn-instance VPN1 0.0.0.0 0 vpn-instance VPN3 2.2.2.1 preference 70
删除后策略路由仍生效可以将数据从VPN1转发到VPN2的下一跳,不过此时注意回包的静态路由还需写。
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作