需要符合如下要求:
1.不同IP段走不同接口,指定IP的流量可以通过指定WAN,或者多WAN下自动选路/负载均衡(自动选路/负载均衡已配置好,略)。
2.指定接口后实现内网的隔离/互联互通
操作环境:
路由:AR1220E-S 软件版本V200R007C00SPCc00
Dialer1 电信PPPoE拨号
Dialer2 联通PPPoE拨号
GE0/0/6 内网接口
内网网段:192.168.100.1/24 192.168.200.1/24
配置过程如下:
acl number 3100 //创建ACL 3100 acl number 3101 //ACL 3101 指定IP 流量指定Dialer1接口 rule 5 permit ip source 192.168.100.233 0.0.0.0 acl number 3102 //ACL 3102 指定IP 流量指定Dialer2接口 rule 5 permit ip source 192.168.200.233 0.0.0.0 acl number 3111 //ACL 3111 指定IP段 流量指定Dialer1接口 rule 5 permit ip source 192.168.100.0 0.0.0.255 acl number 3112 //ACL 3111 指定IP段 流量指定Dialer1接口 rule 5 permit ip source 192.168.200.0 0.0.0.255 acl number 3121 //ACL 3121 配置192.168.100.1/24允许访问内网 rule 10 permit ip source 192.168.100.0 0.0.0.255 destination 192.168.100.1 0 //允许访问网关 rule 20 permit ip source 192.168.100.0 0.0.0.255 destination 192.168.200.0 0.0.0.255 //允许访问192.168.200.0/24 acl number 3122 //ACL 3122 配置192.168.200.1/24允许访问内网 rule 10 permit ip source 192.168.200.0 0.0.0.255 destination 192.168.200.1 0 //允许访问网关 rule 20 permit ip source 192.168.200.0 0.0.0.255 destination 192.168.100.0 0.0.0.255 //允许访问192.168.100.0/24 # traffic classifier tc0 //创建流分类tc1 if-match acl 3100 //绑定ACL 3100 if-match acl 3121 //绑定ACL 3121 if-match acl 3122 //绑定ACL 3122 traffic classifier tc1 //创建流分类tc2 if-match acl 3101 //绑定ACL 3101 traffic classifier tc2 //创建流分类tc2 if-match acl 3102 //绑定ACL 3102 traffic classifier tc11 //创建流分类tc11 if-match acl 3111 //绑定ACL 3111 traffic classifier tc12 //创建流分类tc12 if-match acl 3112 //绑定ACL 3112 traffic behavior tb0 //创建流行为tb0 traffic behavior tb1 //创建流行为tb1 redirect interface Dialer1 //重定向至接口Dialer1 redirect ip-nexthop 223.3.3.3 //如果是静态IP则使用此条命令 若无不需要使用 traffic behavior tb2 //创建流行为tb2 redirect interface Dialer2 //重定向至接口Dialer2 traffic behavior tb11 //创建流行为tb11 redirect interface Dialer1 //重定向至接口Dialer1 traffic behavior tb12 //创建流行为tb12 redirect interface Dialer2 //重定向至接口Dialer2 traffic policy tp1 //规则下按顺序执行(重要),创建策略tp1 classifier tc0 behavior tb0 //分配匹配行为,允许访问网关,内网其他网段等。 classifier tc1 behavior tb1 //分配匹配行为,优先匹配指定IP访问指定接口,不受后续规则制约 classifier tc2 behavior tb2 //分配匹配行为,优先匹配指定IP访问指定接口,不受后续规则制约 classifier tc11 behavior tb11 //分配匹配行为,匹配指定网段和指定接口通信 classifier tc12 behavior tb12 //分配匹配行为,匹配指定网段和指定接口通信 interface GigabitEthernet0/0/6 traffic-policy tp1 inbound //内网接口方向应用该策略
具体代码如下:
sys Enter system view, return user view with Ctrl+Z. [Huawei] [Huawei]acl number 3100 [Huawei-acl-adv-3100]acl number 3101 [Huawei-acl-adv-3101]rule 5 permit ip source 192.168.100.233 0.0.0.0 [Huawei-acl-adv-3101]quit [Huawei]acl number 3102 [Huawei-acl-adv-3102]rule 5 permit ip source 192.168.200.233 0.0.0.0 [Huawei-acl-adv-3102]quit [Huawei]acl number 3111 [Huawei-acl-adv-3111]rule 5 permit ip source 192.168.100.0 0.0.0.255 [Huawei-acl-adv-3111]quit [Huawei]acl number 3112 [Huawei-acl-adv-3112]rule 5 permit ip source 192.168.200.0 0.0.0.255 [Huawei-acl-adv-3112]quit [Huawei]acl number 3121 [Huawei-acl-adv-3121]rule 10 permit ip source 192.168.100.0 0.0.0.255 destinatio n 192.168.100.1 0 [Huawei-acl-adv-3121]rule 20 permit ip source 192.168.100.0 0.0.0.255 destinatio n 192.168.200.0 0.0.0.255 [Huawei-acl-adv-3121]quit [Huawei]acl number 3122 [Huawei-acl-adv-3122]rule 10 permit ip source 192.168.200.0 0.0.0.255 destinatio n 192.168.200.1 0 [Huawei-acl-adv-3122]rule 20 permit ip source 192.168.200.0 0.0.0.255 destinatio n 192.168.100.0 0.0.0.255 [Huawei-acl-adv-3122]traffic classifier tc0 [Huawei-classifier-tc0]if-match acl 3121 [Huawei-classifier-tc0]if-match acl 3122 [Huawei-classifier-tc0]traffic classifier tc1 [Huawei-classifier-tc1]if-match acl 3101 [Huawei-classifier-tc1]quit [Huawei]traffic classifier tc2 [Huawei-classifier-tc2]if-match acl 3102 [Huawei-classifier-tc2]quit [Huawei]traffic classifier tc11 [Huawei-classifier-tc11]if-match acl 3111 [Huawei-classifier-tc11]quit [Huawei]traffic classifier tc12 [Huawei-classifier-tc12]if-match acl 3112 [Huawei-classifier-tc12]quit [Huawei]traffic behavior tb0 [Huawei-behavior-tb0]quit [Huawei]traffic behavior tb1 [Huawei-behavior-tb1]redirect interface Dialer1 [Huawei-behavior-tb1]quit [Huawei]traffic behavior tb2 [Huawei-behavior-tb2]redirect interface Dialer2 [Huawei-behavior-tb2]quit [Huawei]traffic behavior tb11 [Huawei-behavior-tb11]redirect interface Dialer1 [Huawei-behavior-tb11]quit [Huawei]traffic behavior tb12 [Huawei-behavior-tb12]redirect interface Dialer2 [Huawei-behavior-tb12]quit [Huawei]traffic policy tp1 [Huawei-trafficpolicy-tp1]classifier tc0 behavior tb0 [Huawei-trafficpolicy-tp1]classifier tc1 behavior tb1 [Huawei-trafficpolicy-tp1]classifier tc2 behavior tb2 [Huawei-trafficpolicy-tp1]classifier tc11 behavior tb11 [Huawei-trafficpolicy-tp1]classifier tc12 behavior tb12 [Huawei-trafficpolicy-tp1]quit