双isp小型局域网

双isp小型局域网

说明：R1相当于AC，R2、R3代表两个ISP

undo terminal msyssysname S1vlan batch 1 to 8stp bpdu-protectioninter g0/0/1port link-type trunk port trunk allow-pass vlan allbpdu enableinter e0/0/1port link-type accessport default vlan 2stp edged-port enableq-------------------------------undo terminal msyssysname S2vlan batch 1 to 8stp bpdu-protectioninter g0/0/1port link-type trunk port trunk allow-pass vlan allbpdu enableinter e0/0/1port link-type accessport default vlan 3stp edged-port enableq-----------------------------syssysname S3vlan batch 1 to 8stp bpdu-protectioninter g0/0/1port link-type trunk port trunk allow-pass vlan allbpdu enableinter g0/0/2port link-type trunk port trunk allow-pass vlan allbpdu enableinter g0/0/3port link-type accessport default vlan 4stp edged-port enableinter g0/0/4port link-type accessport default vlan 5stp edged-port enableqinter vlan 2ip add 172.16.2.1 24inter vlan 3ip add 172.16.3.1 24inter vlan 4ip add 172.16.4.1 24inter vlan 5ip add 172.16.0.6 30qip route-static 0.0.0.0 0.0.0.0 172.16.0.5--------------------------------------sys sysname R1inter g0/0/0ip add 172.16.0.5 30inter g0/0/1ip add 172.16.0.2 30qip route-static 172.16.2.0 24 g0/0/0 172.16.0.6ip route-static 172.16.3.0 24 g0/0/0 172.16.0.6ip route-static 172.16.4.0 24 g0/0/0 172.16.0.6ip route-static 0.0.0.0 0.0.0.0 g0/0/1 172.16.0.1--------------------------------------sys sysname  R2inter g0/0/0ip add 11.10.10.4 24inter s0/0/0ip add 13.10.10.2 24inter loop0ip add 10.0.0.1 32qip route-static 0.0.0.0 0.0.0.0 g0/0/0 ip route-static 10.0.0.2 32 s0/0/0 ------------------------------------------sys sysname R3inter g0/0/0ip add 12.10.10.4 24inter s0/0/0ip add 13.10.10.3 24inter loop0ip add 10.0.0.2 32qip route-static 0.0.0.0 0.0.0.0 g0/0/0 ip route-static 10.0.0.1 32 s0/0/0 -------------------------------------------------防火墙sysinter g0/0/0ip add 172.16.0.1 30inter g0/0/1ip add 11.10.10.1 24inter g0/0/2ip add 12.10.10.1 24qfirewall zone trust  add interface g0/0/0qfirewall zone name isp11 set priority 15  add interface g0/0/1qfirewall zone name isp12 set priority 20 add interface g0/0/2qpolicy interzone trust isp11 outbound policy 1 policy source 172.16.2.0 0.0.0.255 action permit qqpolicy interzone trust isp12 outbound policy 1 policy source 172.16.0.0 0.0.255.255

action permit qqnat address-group 1 11.10.10.1 11.10.10.1nat address-group 2 12.10.10.1 12.10.10.1nat-policy interzone trust isp11 outbound  policy 1 policy source 172.16.0.0 0.0.255.255

action source-nat address-group 1 q qnat-policy interzone trust isp12 outbound  policy 1 policy source 172.16.0.0 0.0.255.255 action source-nat address-group 2 q q ip-link check enable ip-link 1 destination 11.10.10.4 mode icmpip-link 2 destination 12.10.10.4 mode icmpip route-static 0.0.0.0 0.0.0.0 g0/0/1 track ip-link 1ip route-static 0.0.0.0 0.0.0.0 g0/0/2 track ip-link 2ip route-static 172.16.0.0 16 172.16.0.2firewall defend syn-flood enablefirewall defend udp-flood enablefirewall defend icmp-flood enablefirewall defend icmp-flood base-session max-rate 5

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。