策略路由

拓扑

技术部走电信宽带，商务部走联通宽带。LSW1做核心，充当网关，若此处只有二层交换机，用路由器当网关（路由器当网关看上一篇）。

LSW2

#

vlan batch 10 20

#

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 10 20

#

interface GigabitEthernet0/0/2

port link-type access

port default vlan 10

#

interface GigabitEthernet0/0/3

port link-type access

port default vlan 20

#

LSW1

#

vlan batch 10 20 30

#

interface Vlanif10

ip address 192.168.10.254 255.255.255.0

dhcp select interface

dhcp server dns-list 223.5.5.5

#

interface Vlanif20

ip address 192.168.20.254 255.255.255.0

dhcp select interface

dhcp server dns-list 223.5.5.5

#

interface Vlanif30

ip address 192.168.30.254 255.255.255.0

#

interface MEth0/0/1

#

interface GigabitEthernet0/0/1

port link-type access

port default vlan 30

#

interface GigabitEthernet0/0/2

port link-type trunk

port trunk allow-pass vlan 10 20

#

ip route-static 0.0.0.0 0.0.0.0 192.168.30.1

#

R1

#

acl number 2000

rule 5 permit source 192.168.10.0 0.0.0.255

rule 10 permit source 192.168.20.0 0.0.0.255

#

acl number 2100

rule 5 permit source 192.168.10.0 0.0.0.255

#

acl number 2200

rule 5 permit source 192.168.20.0 0.0.0.255

#

interface GigabitEthernet0/0/0

ip address 192.168.30.1 255.255.255.0

ip policy-based-route liantong

#

interface GigabitEthernet0/0/1

ip address 1.1.1.2 255.255.255.0

nat outbound 2000

#

interface GigabitEthernet0/0/2

ip address 2.1.1.2 255.255.255.0

nat outbound 2000

#

ip route-static 100.1.1.0 255.255.255.0 1.1.1.1

ip route-static 100.1.1.0 255.255.255.0 2.1.1.1

ip route-static 192.168.0.0 255.255.0.0 192.168.30.254

#

policy-based-route dianxin permit node 10

if-match acl 2100

apply ip-address next-hop 1.1.1.1

policy-based-route liantong permit node 10

if-match acl 2200

apply ip-address next-hop 2.1.1.1

#

R2

#

interface GigabitEthernet0/0/0

ip address 1.1.1.1 255.255.255.0

#

interface GigabitEthernet0/0/1

ip address 2.1.1.1 255.255.255.0

#

interface GigabitEthernet0/0/2

ip address 100.1.1.254 255.255.255.0

#

interface GigabitEthernet0/0/3

#

ip route-static 0.0.0.0 0.0.0.0 2.1.1.2

ip route-static 0.0.0.0 0.0.0.0 1.1.1.2

#

过程中遇到的问题

类似本实验如果有两条宽带出口，可以写两条指向外网的缺省静态路由，只需要把其中一条的优先级改一下（默认优先级60，越小越优先），默认就先走高优先级线路（具体表现在路由表默认路由变成一条）。

配置策略路由前

配置策略路由后

MQC

流分类

[router]traffic classifier jishu

[router-classifier-jishu]if-match acl 2100

[router-classifier-jishu]quit

[router]traffic classifier shangwu

[router-classifier-shangwu]if-match acl 2200

[router-classifier-shangwu]quit

流行为

[router]traffic behavior dianxin

[router-behavior-dianxin]redirect ip-nexthop 1.1.1.1

[router-behavior-dianxin]quit

[router]traffic behavior liantong

[router-behavior-liantong]redirect ip-nexthop 2.1.1.1

[router-behavior-liantong]quit

流策略

把流分类和流行为绑定

[router]traffic policy policy_1

[router-trafficpolicy-policy_1]classifier jishu behavior dianxin

[router-trafficpolicy-policy_1]classifier shangwu behavior liantong

[router-trafficpolicy-policy_1]quit

在入接口应用

[router]int g0/0/0

[router-GigabitEthernet0/0/0]traffic-policy policy_1 inbound