双出口,(用基于源地址和目标地址结合的)策略路由方式

时间:2007-03-16 19:30:26   来源:  作者:  点击:次  出处:技术无忧
关键字:内网 交换机 公网 教育网

公网(60.XX.145.213/30)----------(60.XX.145.214/30)AR28-11(211.XX.30.114/29)---------(211.XX.30.113/29)教育网
(ET 0) | Serial0
|
|
| 192.168.16.1/24
|(ET 1) 192.168.17.1/24
内网交换机(纯二层交换机)

总体要求很简单-------内网的计算机只要是192.168.16.X的计算机既可以上公网,有可以上教育网,而且上公网要走ET0 口,上教育网要走Serial 0 口. 内网IP是192.168.17.X的就只能上教育网.


sysname CRBYY-R2611
firewall enable
aaa-enable
aaa accounting-scheme optional
!
acl 2000 match-order auto
rule normal permit source any
!
acl 2001 match-order auto
rule normal permit source 192.168.17.0 0.0.0.255
!
acl 2002 match-order auto
rule normal permit source 192.168.16.0 0.0.0.255
!
acl 3000 match-order auto
rule normal permit ip source any destination 211.81.24.0 0.0.0.255
rule normal permit ip source any destination 211.81.25.0 0.0.0.255
rule normal permit ip source any destination 211.81.26.0 0.0.0.255
rule normal permit ip source any destination 211.81.27.0 0.0.0.255
rule normal permit ip source any destination 211.81.28.0 0.0.0.255
rule normal permit ip source any destination 211.81.29.0 0.0.0.255
rule normal permit ip source any destination 211.81.30.0 0.0.0.255
rule normal permit ip source any destination 211.81.31.0 0.0.0.255
rule normal permit ip source any destination 211.68.112.0 0.0.7.255
!
interface Aux0
async mode flow
link-protocol ppp
!
interface Ethernet0
ip address 60.28.145.214 255.255.255.252
nat outbound 2002 interface
!
interface Ethernet1
ip address 192.168.16.1 255.255.255.0
ip address 192.168.17.1 255.255.255.0 sub
ip policy route-policy edu
!
interface Serial0
clock DTECLK1
link-protocol ppp
ip address 211.81.30.114 255.255.255.248
nat outbound 3000 interface
!
quit
route-policy edu permit 10
if-match ip address 3000
apply interface Serial0
quit
route-policy edu permit 20
if-match ip address 2002
apply ip next-hop 60.28.145.213
!
quit
ip route-static 0.0.0.0 0.0.0.0 60.28.145.213 preference 60
ip route-static 0.0.0.0 0.0.0.0 Serial 0 preference 60
ip route-static 211.68.112.0 255.255.248.0 Serial 0 preference 60
ip route-static 211.81.24.0 255.255.255.0 Serial 0 preference 60
ip route-static 211.81.25.0 255.255.255.0 Serial 0 preference 60
ip route-static 211.81.26.0 255.255.255.0 Serial 0 preference 60
ip route-static 211.81.27.0 255.255.255.0 Serial 0 preference 60
ip route-static 211.81.28.0 255.255.255.0 Serial 0 preference 60
ip route-static 211.81.29.0 255.255.255.0 Serial 0 preference 60
ip route-static 211.81.31.0 255.255.255.0 Serial 0 preference 60
!
return

访问技术无忧网,软硬件通吃保你技术无忧!中文网址http://www.技术无忧.com 或 http://www.技术无忧.net


顶一下

文章评论

共有 0 位网友发表了评论 此处只显示部分留言 点击查看完整评论页面

特别推荐

最新信息