AR1200使用策略路由配置双wan(isp)接入

 

AR1200配置如下：

#

acl number 3000           用于NAT

 rule 10 permit ip

#

acl number 3001             用于NAT

 rule 10 permit ip

#

acl number 3002                       （策略）定义基于端口的acl

 rule 10 permit ip source 192.168.10.0 0.0.0.255

#

traffic classifier c1              （策略） 定义流量配置

if-match acl 3002

#

traffic behavior b1               （策略）定义流量动作

redirect ip-nexthop 2.2.2.1      移动的网关地址

#

traffic policy p1               （策略）组成流量策略

classifier c1 behavior b1

#

interface Ethernet0/0/0               与S5700互联的IP地址

 ip address 192.168.30.2 255.255.255.0  配置内网与S5700互联IP地址

traffic-policy p1 inbound       （策略）应用流量策略，如果IP-nexthop地址不可达，策略路由将失效

#

interface GigabitEthernet0/0/0

 ip address 1.1.1.50 255.255.255.0　　模拟电信IP地址

 nat outbound 3000             做Nat转换

#

interface GigabitEthernet0/0/1

 ip address 2.2.2.10 255.255.255.0    模拟移动IP地址

 nat outbound 3001

#

ip route-static 0.0.0.0 0.0.0.0 1.1.1.1   默认路由指向电信的网关地址

ip route-static 0.0.0.0 0.0.0.0 2.2.2.1 preference 150

       如果电信断了，会切到移动

ip route-static 192.168.10.0 255.255.255.0 192.168.30.1

 指向S5700的明细路由

ip route-static 192.168.20.0 255.255.255.0 192.168.30.1

指向S5700的明细路由

 

#

S5700配置示例如下：

#

ip route-static 0.0.0.0 0.0.0.0 192.168.30.2   配置将所有流量转给路由器

#

interface Vlanif10                        vlan 10下接PC

 ip address 192.168.10.1 255.255.255.0   配置vlan10的网关地址

 dhcp select interface                     配置接于接口的dhcp

 dhcp server dns-list 8.8.8.8            配置dns

#

interface Vlanif20                          vlan20是会下挂PC

 ip address 192.168.20.1 255.255.255.0

#

interface Vlanif30                            vlan30作为与路由器互联的vlan

 ip address 192.168.30.1 255.255.255.0     与路由器互联的Ip地址

#

interface GigabitEthernet0/0/1          配置与路由器互联的IP接口

 port link-type access

 port default vlan 30