策略路由建立:
分建ACL 定义哪些数据流
建立下一跳 就是网关
建立策略与ACL对应
建立策略路由 将策略与下一跳对应
建ACL
acl number 3003
description CTT-B default to dx-NAT
rule 5 permit ip source 123.64.128.0 0.0.127.255 反掩码
acl number 3080
description to zhdx_huixintonglian
rule 1 permit ip source 123.88.127.48 0
rule 5 permit ip source 123.88.127.176 0.0.0.7
acl number 3650 空的匹配全部
配置下一跳
traffic behavior dx-NAT
redirect ip-nexthop 10.33.1.1
traffic behavior zhdx_huixintonglian
redirect ip-nexthop 220.243.0.217
traffic behavior ROUTE3004 没有设置吓一跳匹配路由表
配置策略前将相关的acl与一名称相对应
traffic classifier CDX3003(cnc-to-dx-2) operator and
if-match acl 3003
traffic classifier CDX3308(FSRJ1) operator and
if-match acl 3080
traffic classifier ROUTE3004 operator and
if-match acl 3650
建立策略路由(从上至下依次执行)
traffic policy CDX-dx
share-mode
classifier CDX3003(cnc-to-dx-2) behavior dx-NAT
classifier CDX3308(FSRJ1) behavior zhdx_huixintonglian
classifier ROUTE3004 behavior ROUTE3004 所有没有命中的数据包都匹配路由
在端口入向启用该策略
interface GigabitEthernet4/1/0
traffic-policy CDX-dx inbound
traffic classifier 520M operator or
if-match any
#
traffic behavior 520M
car cir 532480 pir 532480 cbs 532480 pbs 532480 green pass yellow pass red discard
#
traffic policy 520M
classifier 520M behavior 520M
interface GigabitEthernet0/0/14 qos lr inbound cir 530000 cbs 1000000
traffic-policy 520M outbound
阅读(819) | 评论(0) | 转发(0) |