使用traffic policy重定向,实现vlan10的流量走联通,vlan20的流量走电信
sw1配置
vlan batch 10 20
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
interface GigabitEthernet0/0/2
port link-type access
port default vlan 20
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
1,AR1单臂路由配置
interface GigabitEthernet0/0/2.10
dot1q termination vid 10
ip address 192.168.10.1 255.255.255.0
arp broadcast enable
interface GigabitEthernet0/0/2.20
dot1q termination vid 20
ip address 192.168.20.1 255.255.255.0
arp broadcast enable
2,NAT配置
acl number 2000
rule 5 permit
interface GigabitEthernet0/0/0
ip address 10.1.12.2 255.255.255.0
nat outbound 2000
interface GigabitEthernet0/0/1
ip address 10.1.13.2 255.255.255.0
nat outbound 2000
3,配置缺省路由
ip route-static 0.0.0.0 0.0.0.0 10.1.12.1
ip route-static 0.0.0.0 0.0.0.0 10.1.13.1
4,配置acl匹配网段 acl number 3000 rule 10 permit ip source 192.168.10.0 0.0.0.255 acl number 3001 rule 10 permit ip source 192.168.20.0 0.0.0.255 acl number 3002 #这条是用来实现两个内网段互访,因为流策略会将内网的流量也进行重定向 rule 5 permit ip source 192.168.10.0 0.0.0.255 destination 192.168.20.0 0.0.0.255 rule 10 permit ip source 192.168.20.0 0.0.0.255 destination 192.168.10.0 0.0.0.255
5,策略路由配置 1,配置流分类 traffic classifier v10 operator or if-match acl 3000 traffic classifier v12 operator or if-match acl 3002 traffic classifier v20 operator or if-match acl 3001 2,配置流行为 traffic behavior v10 redirect ip-nexthop 10.1.12.1 traffic behavior v12 traffic behavior v20 redirect ip-nexthop 10.1.13.1 traffic behavior v13 3,配置流策略p1 traffic policy p1 classifier v12 behavior v12 #这条策略是内网互访流量,所以得放在第一条来匹配,放在后面会造成内网无法互访 classifier v10 behavior v10 classifier v20 behavior v20
效果演示:
PC1流量走了10.1.12.1
PC2流量走了10.1.13.1
内网互访
标签:10.1,网段,重定向,0.0,192.168,acl,traffic,ip,路由 From: https://www.cnblogs.com/cj1698/p/17182886.html