組網情況:
Msr3600-28-xs是一台出口路由器(路由交換一體機,有20多個口作交換機用)
另有2個wan口,之前GE0 接【線路1】這條寬帶,固定ip上網
共有vlan4 機房用 192.168.4.0/24
vlan5 、6、7 固定pc機 網線接入 對應ip段都是 192.168.x.0/24
vlan8 無線ap接入 192.168.8.0/24
各vlan可以互相ping通。
路由器下連了一台POE交換機S5120V3。
需求:
新增了【線路2】,就是GE1口,撥號 Dialer1 的寬帶。
需要修改路由策略,讓(vlan4 機房用 192.168.4.0/24)走(【線路1】這條寬帶,固定ip)出去。
其它vlan都走【線路2】
同時,各vlan在內網保持互通。
問題描述:
之前網上請教和搜索,拚湊配置了策略路由。
配置完以後。vlan5 6 7各試了一台,都是按預期,走的【線路1】
但vlan4 4.0網段,機房有不少服務器,有的ip如4.132走的【線路1】,有的走的【線路2】,不一定,怎麼辦?
測試方法 windows cmd下 : tracert 163.com
~~~~~~~~~~~~~~~~~~~~~~~~
8.0網段比較特殊,在交換機上配置的
怎麼配?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
我擬定的,部分策略路由的配置:
vlan 5 6 7 8 走319寬帶 Dialer1
acl advanced 3100
description Allow traffic for policy-based routing and exclude internal traffic
rule 0 deny ip source 192.168.0.0 0.0.15.255 destination 192.168.0.0 0.0.15.255
rule 5 permit ip source 192.168.5.0 0.0.0.255
rule 10 permit ip source 192.168.6.0 0.0.0.255
rule 15 permit ip source 192.168.7.0 0.0.0.255
quit
policy-based-route neiwang node 10
if-match acl 3100
apply output-interface Dialer1
quit
interface Vlan-interface6
ip policy-based-route neiwang
quit
vlan5 和 7 也是這樣配置
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
vlan4 走默認【線路1】這條寬帶
acl advanced 3200
description Allow traffic for policy-based routing and exclude internal traffic
rule 0 deny ip source 192.168.0.0 0.0.15.255 destination 192.168.0.0 0.0.15.255
rule 5 permit ip source 192.168.4.0 0.0.0.255
quit
policy-based-route neiwang4.0 node 20
if-match acl 3200
apply output-interface GigabitEthernet0/0
quit
interface Vlan-interface4
ip policy-based-route neiwang4.0
quit
~~~~~~~~~~~~~~~~~~~~~~~~
配置策略路由之前的 【路由表】
[msr3600]display ip routing-table
Destinations : 39 Routes : 39
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/0 Static 60 0 125.81.1.1 GE0/0
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
125.81.1.0/24 Direct 0 0 125.81.1.29 GE0/0
125.81.1.29/32 Direct 0 0 127.0.0.1 InLoop0
125.81.1.255/32 Direct 0 0 125.81.1.29 GE0/0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
192.168.0.0/23 Direct 0 0 192.168.0.1 Vlan1
192.168.0.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.1.255/32 Direct 0 0 192.168.0.1 Vlan1
192.168.4.0/24 Direct 0 0 192.168.4.1 Vlan4
192.168.4.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.4.255/32 Direct 0 0 192.168.4.1 Vlan4
192.168.5.0/24 Direct 0 0 192.168.5.1 Vlan5
192.168.5.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.5.255/32 Direct 0 0 192.168.5.1 Vlan5
192.168.6.0/24 Direct 0 0 192.168.6.1 Vlan6
192.168.6.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.6.255/32 Direct 0 0 192.168.6.1 Vlan6
192.168.7.0/24 Direct 0 0 192.168.7.1 Vlan7
192.168.7.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.7.255/32 Direct 0 0 192.168.7.1 Vlan7
192.168.8.0/24 Direct 0 0 192.168.8.253 Vlan8
192.168.8.253/32 Direct 0 0 127.0.0.1 InLoop0
192.168.8.255/32 Direct 0 0 192.168.8.253 Vlan8
192.168.9.0/24 Static 60 0 192.168.10.2 Vlan10
192.168.10.0/24 Direct 0 0 192.168.10.1 Vlan10
192.168.10.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.10.255/32 Direct 0 0 192.168.10.1 Vlan10
192.168.11.0/24 Direct 0 0 192.168.11.253 Vlan11
192.168.11.253/32 Direct 0 0 127.0.0.1 InLoop0
192.168.11.255/32 Direct 0 0 192.168.11.253 Vlan11
192.168.172.0/24 Direct 0 0 192.168.172.1 SSLVPN-AC1
192.168.172.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.172.255/32 Direct 0 0 192.168.172.1 SSLVPN-AC1
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
[msr3600]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
附,配置後的整體配置,dis curr
~~~~~~~~~~~~~~~~~~~~~~~~~
以下是配置原文
#
version 7.1.064, Release 6749P2102
#
sysname msr3600
#
clock timezone Beijing add 08:00:00
clock protocol ntp
#
wlan global-configuration
#
qos carl 1 source-ip-address object-group temp1 per-address shared-bandwidth
qos carl 2 destination-ip-address object-group temp1 per-address shared-bandwidth
qos carl 3 source-ip-address object-group temp2 per-address
qos carl 4 destination-ip-address object-group temp2 per-address
qos carl 5 source-ip-address object-group temp2 per-address
qos carl 6 destination-ip-address object-group temp2 per-address
qos carl 7 source-ip-address object-group temp1 per-address shared-bandwidth
qos carl 8 destination-ip-address object-group temp1 per-address shared-bandwidth
qos carl 9 source-ip-address object-group temp3 per-address
qos carl 10 destination-ip-address object-group temp3 per-address
qos carl 11 source-ip-address object-group temp1 per-address shared-bandwidth
qos carl 12 destination-ip-address object-group temp1 per-address shared-bandwidth
qos carl 13 source-ip-address object-group temp1 per-address shared-bandwidth
qos carl 14 destination-ip-address object-group temp1 per-address shared-bandwidth
qos carl 15 source-ip-address object-group temp1 per-address shared-bandwidth
qos carl 16 destination-ip-address object-group temp1 per-address shared-bandwidth
#
security-policy disable
#
dialer-group 2 rule ip permit
#
dhcp enable
dhcp server forbidden-ip 192.168.5.1 192.168.5.150
dhcp server forbidden-ip 192.168.6.1 192.168.6.150
dhcp server forbidden-ip 192.168.7.1 192.168.7.150
#
dns proxy enable
dns server 114.114.114.114
dns server 218.6.200.139
dns server 223.6.6.6
#
lldp global enable
#
system-working-mode standard
password-recovery enable
#
vlan 1
#
vlan 4 to 8
#
vlan 10 to 11
#
object-group ip address 10.0
0 network range 192.168.10.2 192.168.10.254
#
object-group ip address 4.0
0 network range 192.168.4.1 192.168.4.254
#
object-group ip address 5.0
0 network range 192.168.5.1 192.168.5.254
#
object-group ip address 6.0
0 network range 192.168.6.1 192.168.6.254
#
object-group ip address 7.0
0 network range 192.168.7.1 192.168.7.254
0 network exclude 192.168.7.69
#
object-group ip address 8.0
0 network range 192.168.8.1 192.168.8.254
#
object-group ip address temp1
description 臨時占用用於限速排行
#
object-group ip address temp2
description 臨時占位用於限速排行
#
object-group ip address temp3
description 臨時占用用於限速排行
0 network host address 172.16.111.112
#
stp instance 0 root primary
stp global enable
#
dhcp server ip-pool lan1
gateway-list 192.168.0.1
network 192.168.0.0 mask 255.255.254.0
address range 192.168.1.3 192.168.1.254
dns-list 192.168.0.1
#
dhcp server ip-pool vlan5
gateway-list 192.168.5.1
network 192.168.5.0 mask 255.255.255.0
address range 192.168.5.150 192.168.5.250
dns-list 192.168.5.1
#
dhcp server ip-pool vlan6
gateway-list 192.168.6.1
network 192.168.6.0 mask 255.255.255.0
address range 192.168.6.150 192.168.6.250
dns-list 192.168.6.1
#
dhcp server ip-pool vlan7
gateway-list 192.168.7.1
network 192.168.7.0 mask 255.255.255.0
address range 192.168.7.150 192.168.7.250
dns-list 192.168.7.1
#
dhcp server ip-pool vlan-interface11
gateway-list 192.168.11.253
network 192.168.11.0 mask 255.255.255.0
address range 192.168.11.150 192.168.11.250
dns-list 192.168.11.253
forbidden-ip-range 192.168.11.253 192.168.11.253
#
policy-based-route neiwang permit node 10
if-match acl 3100
apply output-interface Dialer1
#
policy-based-route neiwang4.0 permit node 20
if-match acl 3200
apply output-interface GigabitEthernet0/0
#
wlan service-template h3c
ssid H3C
service-template enable
#
wlan service-template h3c_5g
ssid H3C_5G
service-template enable
#
controller Cellular0/0
#
interface Bridge-Aggregation1
port access vlan 4
#
interface Bridge-Aggregation2
port access vlan 4
#
interface Bridge-Aggregation3
port access vlan 4
#
interface Dialer0
mtu 1492
#
interface Dialer1
mtu 1492
ppp chap password cipher $c$3$Bwfyq2k7kf7HnGJX+EMjPYoMYNu3O1YSfII5
ppp chap user CD02833025248351
ppp ipcp dns admit-any
ppp ipcp dns request
ppp pap local-user CD02833025248351 password cipher $c$3$Ri71gxU5B8VAaO6UUzF4Cfgk1fA/DHUE+TtH
dialer bundle enable
dialer-group 2
dialer timer idle 0
dialer timer autodial 5
ip address ppp-negotiate
tcp mss 1280
nat outbound
#
interface NULL0
#
interface Vlan-interface1
description LAN-interface
ip address 192.168.0.1 255.255.254.0
tcp mss 1280
nat hairpin enable
#
interface Vlan-interface4
description LAN-interface
ip address 192.168.4.1 255.255.255.0
packet-filter 3001 inbound
packet-filter 3001 outbound
nat hairpin enable
ip policy-based-route neiwang4.0
#
interface Vlan-interface5
description LAN-interface
ip address 192.168.5.1 255.255.255.0
packet-filter 3001 inbound
packet-filter 3001 outbound
nat hairpin enable
ip policy-based-route neiwang
#
interface Vlan-interface6
description LAN-interface
ip address 192.168.6.1 255.255.255.0
packet-filter 3001 inbound
packet-filter 3001 outbound
nat hairpin enable
ip policy-based-route neiwang
#
interface Vlan-interface7
description LAN-interface
ip address 192.168.7.1 255.255.255.0
packet-filter 3001 inbound
packet-filter 3001 outbound
nat hairpin enable
ip policy-based-route neiwang
#
interface Vlan-interface8
ip address 192.168.8.253 255.255.255.0
tcp mss 1280
nat hairpin enable
undo dhcp select server
#
interface Vlan-interface10
ip address 192.168.10.1 255.255.255.0
packet-filter name Vlan-interface10 inbound
packet-filter 3001 inbound
packet-filter 3001 outbound
nat hairpin enable
#
interface Vlan-interface11
description LAN-interface
ip address 192.168.11.253 255.255.255.0
tcp mss 1280
nat hairpin enable
#
interface GigabitEthernet0/0
port link-mode route
description Double_Line1
ip address 125.81.1.29 255.255.255.0
dns server 218.6.200.139
dns server 223.6.6.6
tcp mss 1280
packet-filter name GigabitEthernet0/0 inbound
qos car inbound carl 4 cir 10 cbs 1000 ebs 0 green pass red discard yellow pass
qos car inbound carl 6 cir 5123 cbs 320187 ebs 0 green pass red discard yellow pass
qos car inbound carl 10 cir 5123 cbs 320187 ebs 0 green pass red discard yellow pass
qos car inbound carl 2 cir 60123 cbs 3757687 ebs 0 green pass red discard yellow pass
qos car inbound carl 8 cir 60123 cbs 3757687 ebs 0 green pass red discard yellow pass
qos car inbound carl 12 cir 60123 cbs 3757687 ebs 0 green pass red discard yellow pass
qos car inbound carl 14 cir 60123 cbs 3757687 ebs 0 green pass red discard yellow pass
qos car inbound carl 16 cir 60123 cbs 3757687 ebs 0 green pass red discard yellow pass
qos car outbound carl 3 cir 10 cbs 1000 ebs 0 green pass red discard yellow pass
qos car outbound carl 5 cir 5123 cbs 320187 ebs 0 green pass red discard yellow pass
qos car outbound carl 9 cir 5123 cbs 320187 ebs 0 green pass red discard yellow pass
qos car outbound carl 1 cir 60123 cbs 3757687 ebs 0 green pass red discard yellow pass
qos car outbound carl 7 cir 60123 cbs 3757687 ebs 0 green pass red discard yellow pass
qos car outbound carl 11 cir 60123 cbs 3757687 ebs 0 green pass red discard yellow pass
qos car outbound carl 13 cir 60123 cbs 3757687 ebs 0 green pass red discard yellow pass
qos car outbound carl 15 cir 60123 cbs 3757687 ebs 0 green pass red discard yellow pass
nat outbound
……
……
#
interface GigabitEthernet0/1
port link-mode route
description Double_Line2
pppoe-client dial-bundle-number 1
#
interface GigabitEthernet0/2
port link-mode route
#
interface GigabitEthernet0/27
port link-mode route
#
interface GigabitEthernet0/28
port link-mode route
#
interface GigabitEthernet0/3
port link-mode bridge
port access vlan 7
#
interface GigabitEthernet0/4
port link-mode bridge
port access vlan 7
#
interface GigabitEthernet0/5
port link-mode bridge
port access vlan 7
#
interface GigabitEthernet0/6
port link-mode bridge
port access vlan 7
#
interface GigabitEthernet0/7
port link-mode bridge
port access vlan 7
#
interface GigabitEthernet0/8
port link-mode bridge
port access vlan 7
#
interface GigabitEthernet0/9
port link-mode bridge
port access vlan 7
#
interface GigabitEthernet0/10
port link-mode bridge
port access vlan 7
#
interface GigabitEthernet0/11
port link-mode bridge
port access vlan 6
#
interface GigabitEthernet0/12
port link-mode bridge
port access vlan 6
#
interface GigabitEthernet0/13
port link-mode bridge
port access vlan 6
#
interface GigabitEthernet0/14
port link-mode bridge
port access vlan 6
#
interface GigabitEthernet0/15
port link-mode bridge
port access vlan 6
#
interface GigabitEthernet0/16
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 6
port trunk pvid vlan 6
#
interface GigabitEthernet0/17
port link-mode bridge
port access vlan 5
#
interface GigabitEthernet0/18
port link-mode bridge
port access vlan 5
#
interface GigabitEthernet0/19
port link-mode bridge
port access vlan 5
#
interface GigabitEthernet0/20
port link-mode bridge
port access vlan 5
#
interface GigabitEthernet0/21
port link-mode bridge
port access vlan 4
port link-aggregation group 1
#
interface GigabitEthernet0/22
port link-mode bridge
port access vlan 4
port link-aggregation group 1
#
interface GigabitEthernet0/23
port link-mode bridge
port access vlan 10
#
interface GigabitEthernet0/24
port link-mode bridge
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet0/25
port link-mode bridge
port access vlan 4
port link-aggregation group 3
#
interface GigabitEthernet0/26
port link-mode bridge
port access vlan 4
port link-aggregation group 3
#
interface SSLVPN-AC1
ip address 192.168.172.1 255.255.255.0
#
object-policy ip Any-Any
rule 65533 inspect 8048_url_profile_global disable
rule 65534 pass
#
security-zone name Local
#
security-zone name Trust
#
security-zone name DMZ
#
security-zone name Untrust
#
security-zone name Management
#
scheduler logfile size 16
#
line class console
user-role network-admin
#
line class tty
user-role network-operator
#
line class vty
user-role network-operator
#
line con 0
user-role network-admin
set authentication password hash y0MForAn$Cvw/vyAUts1IRfR5FfOI/aFl1yf0mmdsmgSP6HGu
#
line vty 0 63
authentication-mode scheme
user-role network-operator
#
ip route-static 0.0.0.0 0 GigabitEthernet0/0 125.81.1.1
ip route-static 0.0.0.0 0 Dialer1
ip route-static 192.168.8.0 24 192.168.10.2
ip route-static 192.168.9.0 24 192.168.10.2
ip route-static 192.168.10.0 24 192.168.10.2
ip route-static 192.168.11.0 24 192.168.10.2
#
info-center source CFGLOG loghost level informational
#
performance-management
#
ssh server enable
#
ntp-service enable
ntp-service unicast-server ***.***
ntp-service unicast-server registry.h3c.com
ntp-service unicast-server ***.***
ntp-service unicast-server ***.***
#
acl advanced 3001
rule 0 deny ip source 192.168.11.0 0.0.0.255 destination 192.168.4.0 0.0.0.255
rule 5 deny ip source 192.168.11.0 0.0.0.255 destination 192.168.5.0 0.0.0.255
rule 10 deny ip source 192.168.11.0 0.0.0.255 destination 192.168.6.0 0.0.0.255
rule 15 deny ip source 192.168.11.0 0.0.0.255 destination 192.168.7.0 0.0.0.255
rule 20 deny ip source 192.168.11.0 0.0.0.255 destination 192.168.8.0 0.0.0.255
rule 25 deny ip source 192.168.11.0 0.0.0.255 destination 192.168.9.0 0.0.0.255
rule 30 deny ip source 192.168.11.0 0.0.0.255 destination 192.168.10.1 0
rule 35 deny ip source 192.168.11.0 0.0.0.255 destination 192.168.10.2 0
rule 40 deny ip source 192.168.11.0 0.0.0.255 destination 192.168.10.3 0
rule 45 deny ip source 192.168.11.0 0.0.0.255 destination 192.168.10.4 0
rule 50 deny ip source 192.168.11.0 0.0.0.255 destination 192.168.10.5 0
#
acl advanced 3100
description Allow traffic for policy-based routing and exclude internal traffic
rule 0 deny ip source 192.168.0.0 0.0.15.255 destination 192.168.0.0 0.0.15.255
rule 5 permit ip source 192.168.5.0 0.0.0.255
rule 10 permit ip source 192.168.6.0 0.0.0.255
rule 15 permit ip source 192.168.7.0 0.0.0.255
#
acl advanced 3200
description Allow traffic for policy-based routing and exclude internal traffic
rule 0 deny ip source 192.168.0.0 0.0.15.255 destination 192.168.0.0 0.0.15.255
rule 5 permit ip source 192.168.4.0 0.0.0.255
#
acl advanced 3888
rule 5 permit ip
#
acl advanced name GigabitEthernet0/0
rule 9 permit ip source 125.81.1.29 0 destination 125.81.1.29 0
rule 9 comment permit myself
……
#
acl advanced name SWXWSGL
rule 1 permit ip
#
acl advanced name Vlan-interface10
rule 10 permit ip source 192.168.8.87 0
rule 10 comment 允許打印機
……
#
acl mac 4999
rule 10 permit
#
undo password-control aging enable
undo password-control length enable
undo password-control composition enable
undo password-control history enable
password-control length 6
undo password-control complexity user-name check
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user admin class manage
password hash ……
service-type ssh telnet terminal http https
authorization-attribute user-role level-15
authorization-attribute user-role network-admin
#
local-user system class manage
password hash ……
service-type ftp
service-type ssh telnet terminal http https
authorization-attribute user-role level-15
authorization-attribute user-role network-operator
#
security-enhanced level 1
#
ssl version gm-tls1.1 disable
undo ssl renegotiation disable
undo ssl version ssl3.0 disable
undo ssl version tls1.0 disable
undo ssl version tls1.1 disable
undo ssl version tls1.2 disable
undo ssl version tls1.3 disable
#
netconf soap http enable
#
ip http enable
ip https enable
web idle-timeout 999
web new-style
#
url-filter category custom severity 65535
#
app-profile recordurl
url-filter apply policy recordurl
#
wlan auto-ap enable
#
wlan ap-group default-group
vlan 1
ap-model WA2610H
radio 1
radio enable
service-template h3c
ethernet 1
ethernet 2
ethernet 3
ap-model WA2610H-LI
radio 1
radio enable
service-template h3c
ethernet 1
ethernet 2
ethernet 3
ap-model WA4320-ACN-C
radio 1
radio enable
service-template h3c_5g
radio 2
radio enable
service-template h3c
gigabitethernet 1
ap-model WA4320-ACN-D
radio 1
radio enable
service-template h3c_5g
radio 2
radio enable
service-template h3c
gigabitethernet 1
ap-model WA4320-ACN-E
radio 1
radio enable
service-template h3c_5g
radio 2
radio enable
service-template h3c
gigabitethernet 1
ap-model WA4320H
radio 1
radio enable
service-template h3c_5g
radio 2
radio enable
service-template h3c
gigabitethernet 1
gigabitethernet 2
gigabitethernet 3
gigabitethernet 4
gigabitethernet 5
ap-model WA4320H-SI
radio 1
radio enable
service-template h3c_5g
radio 2
radio enable
service-template h3c
ethernet 1
ethernet 2
ethernet 3
ap-model WA4320i-X
radio 1
radio enable
service-template h3c_5g
radio 2
radio enable
service-template h3c
gigabitethernet 1
gigabitethernet 2
ap-model WA5320
radio 1
radio enable
service-template h3c_5g
radio 2
radio enable
service-template h3c
gigabitethernet 1
gigabitethernet 2
ap-model WA5320-C
radio 1
radio enable
service-template h3c_5g
radio 2
radio enable
service-template h3c
gigabitethernet 1
gigabitethernet 2
ap-model WA5320-C-EI
radio 1
radio enable
service-template h3c_5g
radio 2
radio enable
service-template h3c
gigabitethernet 1
gigabitethernet 2
ap-model WA5320-C-IOT
radio 1
radio enable
service-template h3c_5g
radio 2
radio enable
service-template h3c
gigabitethernet 1
gigabitethernet 2
ap-model WA5320-D
radio 1
radio enable
service-template h3c_5g
radio 2
radio enable
service-template h3c
gigabitethernet 1
ap-model WA5320H
radio 1
radio enable
service-template h3c_5g
radio 2
radio enable
service-template h3c
gigabitethernet 1
gigabitethernet 2
gigabitethernet 3
gigabitethernet 4
ap-model WA5320H-LI
radio 1
radio enable
service-template h3c_5g
radio 2
radio enable
service-template h3c
gigabitethernet 1
gigabitethernet 2
gigabitethernet 3
gigabitethernet 4
gigabitethernet 5
ap-model WA5320X
radio 1
radio enable
service-template h3c_5g
radio 2
radio enable
service-template h3c
gigabitethernet 1
gigabitethernet 2
gigabitethernet 3
ap-model WA5320X-E
radio 1
radio enable
service-template h3c_5g
radio 2
radio enable
service-template h3c
gigabitethernet 1
gigabitethernet 2
ap-model WA5320X-LI
radio 1
radio enable
service-template h3c_5g
radio 2
radio enable
service-template h3c
gigabitethernet 1
gigabitethernet 2
gigabitethernet 3
ap-model WA5320X-SI
radio 1
radio enable
service-template h3c_5g
radio 2
radio enable
service-template h3c
gigabitethernet 1
gigabitethernet 2
gigabitethernet 3
ap-model WA5320i-LI
radio 1
radio enable
service-template h3c_5g
radio 2
radio enable
service-template h3c
gigabitethernet 1
gigabitethernet 2
ap-model WA5530
radio 1
radio enable
service-template h3c_5g
radio 2
radio enable
service-template h3c_5g
radio 3
radio enable
service-template h3c
gigabitethernet 1
gigabitethernet 2
ap-model WA5530-LI
radio 1
radio enable
service-template h3c_5g
radio 2
radio enable
service-template h3c_5g
radio 3
radio enable
service-template h3c
gigabitethernet 1
gigabitethernet 2
ap-model WA5530S
radio 1
radio enable
service-template h3c_5g
radio 2
radio enable
service-template h3c_5g
radio 3
radio enable
service-template h3c
gigabitethernet 1
gigabitethernet 2
#
sslvpn ip address-pool ssl 192.168.172.2 192.168.172.254
#
sslvpn gateway ssl
ip address 125.81.1.29 port 2000
service enable
#
sslvpn context ssl
gateway ssl domain domainip
ip-tunnel interface SSLVPN-AC1
ip-tunnel address-pool ssl mask 255.255.255.0
ip-tunnel dns-server primary 114.114.114.114
ip-route-list 10
include 192.168.4.0 255.255.255.0
include 192.168.5.0 255.255.255.0
include 192.168.6.0 255.255.255.0
include 192.168.7.0 255.255.255.0
include 192.168.8.0 255.255.255.0
policy-group ssl
filter ip-tunnel acl 3888
ip-tunnel access-route ip-route-list 10
timeout idle 1440
#
undo dac log-collect service dpi audit enable
undo dac log-collect service dpi url-filter enable
#
return
(0)
謝謝,我周六來試試。
這幾天工作日不敢動。
~~~~~~~~~~~~~~~~~~~~~~~~~~~
V2版的策略路由:
vlan 5 6 7 8 走【線路2】 Dialer1
acl advanced 3100
description Allow traffic for policy-based routing and exclude internal traffic
rule 5 permit ip source 192.168.5.0 0.0.0.255
rule 10 permit ip source 192.168.6.0 0.0.0.255
rule 15 permit ip source 192.168.7.0 0.0.0.255
rule 80 deny ip source 192.168.0.0 0.0.15.255 destination 192.168.0.0 0.0.15.255quit
policy-based-route neiwang node 10
if-match acl 3100
apply output-interface Dialer1
quit
interface Vlan-interface6
ip policy-based-route neiwang
quit
vlan5 和 7 也是這樣配置
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
vlan4 走默認【線路1】這條寬帶
acl advanced 3200
description Allow traffic for policy-based routing and exclude internal traffic
rule 5 permit ip source 192.168.4.0 0.0.0.255
rule 80 deny ip source 192.168.0.0 0.0.15.255 destination 192.168.0.0 0.0.15.255
quit
policy-based-route neiwang4.0 node 20
if-match acl 3200
apply output-interface GigabitEthernet0/0
quit
interface Vlan-interface4
ip policy-based-route neiwang4.0
quit
(0)
親~登錄後才可以操作哦!
確定你的郵箱還未認證,請認證郵箱或綁定手機後進行當前操作
舉報
×
侵犯我的權益
×
侵犯了我企業的權益
×
抄襲了我的內容
×
原文鏈接或出處
誹謗我
×
對根叔社區有害的內容
×
不規範轉載
×
舉報說明
好的,感謝感謝