策略路由（实现不同内网段重定向到不同的出接口）

 

 

使用traffic policy重定向，实现vlan10的流量走联通，vlan20的流量走电信

sw1配置

vlan batch 10 20

interface GigabitEthernet0/0/1
port link-type access
port default vlan 10

interface GigabitEthernet0/0/2
port link-type access
port default vlan 20

interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094

 

1，AR1单臂路由配置

interface GigabitEthernet0/0/2.10
dot1q termination vid 10
ip address 192.168.10.1 255.255.255.0
arp broadcast enable

interface GigabitEthernet0/0/2.20
dot1q termination vid 20
ip address 192.168.20.1 255.255.255.0
arp broadcast enable

 

2，NAT配置

acl number 2000
rule 5 permit

interface GigabitEthernet0/0/0
ip address 10.1.12.2 255.255.255.0
nat outbound 2000

interface GigabitEthernet0/0/1
ip address 10.1.13.2 255.255.255.0
nat outbound 2000

3，配置缺省路由

ip route-static 0.0.0.0 0.0.0.0 10.1.12.1
ip route-static 0.0.0.0 0.0.0.0 10.1.13.1

 

4,配置acl匹配网段

acl number 3000
rule 10 permit ip source 192.168.10.0 0.0.0.255
acl number 3001
rule 10 permit ip source 192.168.20.0 0.0.0.255
acl number 3002　　#这条是用来实现两个内网段互访，因为流策略会将内网的流量也进行重定向
rule 5 permit ip source 192.168.10.0 0.0.0.255 destination 192.168.20.0 0.0.0.255
rule 10 permit ip source 192.168.20.0 0.0.0.255 destination 192.168.10.0 0.0.0.255

5,策略路由配置

1，配置流分类
traffic classifier v10 operator or
if-match acl 3000
traffic classifier v12 operator or
if-match acl 3002
traffic classifier v20 operator or
if-match acl 3001

2，配置流行为
traffic behavior v10
redirect ip-nexthop 10.1.12.1
traffic behavior v12
traffic behavior v20
redirect ip-nexthop 10.1.13.1
traffic behavior v13

 3，配置流策略p1
traffic policy p1
classifier v12 behavior v12　　#这条策略是内网互访流量，所以得放在第一条来匹配，放在后面会造成内网无法互访
classifier v10 behavior v10
classifier v20 behavior v20

 

效果演示：

PC1流量走了10.1.12.1

  PC2流量走了10.1.13.1

 内网互访