本地策略路由只对配置策略的设备有效

本地策略路由只对配置策略的设备有效

​对设备R1配置了本地策略路由​

1）配置R1静态路由通过10.1.1.2，访问路由器r2的环回接口0 6.6.6.6

2）配置R1静态路由通过10.1.2.2，访问路由R2的环回接口1 7.7.7.7

3）通过本地策略路由，R1通过10.1.2.2 ，访问访问路由器r2的环回接口0 6.6.6.6

3）通过本地策略路由，R1通过10.1.1.2 ，访问访问路由器r2的环回接口1 7.7.7.7

​本地策略路由对PC无效​

实例如下：

instance：

​R1：​

display current-configuration [V200R003C00]

sysname r1

snmp-agent local-engineid 800007DB03000000000000 snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load portalpage.zip

drop illegal-mac alarm

​//第三步：本地策略路由应用​

ip local policy-based-route pbr_1

set cpu-usage threshold 80 restore 75

​//重点步骤1：访问控制列表​

acl number 3001 rule 5 permit ip destination 6.6.6.6 0 acl number 3002 rule 5 permit ip destination 7.7.7.7 0

aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type zone Local priority 15

interface GigabitEthernet0/0/0 ip address 10.1.1.1 255.255.255.252

interface GigabitEthernet0/0/1 ip address 10.1.2.1 255.255.255.252

interface GigabitEthernet0/0/2 ip address 192.168.1.1 255.255.255.0

interface NULL0

ip route-static 6.6.6.6 255.255.255.255 10.1.1.2ip route-static 7.7.7.7 255.255.255.255 10.1.2.2

user-interface con 0 authentication-mode passworduser-interface vty 0 4user-interface vty 16 20

​//第二步：配置本地策略​

policy-based-route pbr_1 permit node 10 if-match acl 3001 apply ip-address next-hop 10.1.2.2 policy-based-route pbr_1 permit node 20 if-match acl 3002 apply ip-address next-hop 10.1.1.2

wlan ac

return

​R2:​

display current-configuration [V200R003C00]

sysname r2

snmp-agent local-engineid 800007DB03000000000000 snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load portalpage.zip

drop illegal-mac alarm

set cpu-usage threshold 80 restore 75

aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type zone Local priority 15

interface GigabitEthernet0/0/0 ip address 10.1.1.2 255.255.255.252

interface GigabitEthernet0/0/1 ip address 10.1.2.2 255.255.255.252

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0 ip address 6.6.6.6 255.255.255.255

interface LoopBack1 ip address 7.7.7.7 255.255.255.255

ip route-static 192.168.1.0 255.255.255.0 10.1.1.1ip route-static 192.168.1.0 255.255.255.0 10.1.2.1

user-interface con 0 authentication-mode passworduser-interface vty 0 4user-interface vty 16 20

wlan ac

return

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。