溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
 interfaceGigabitEthernet0/0/0.2 vlan-type dot1q 2 //vlan2的網關// ip address 192.168.2.254 255.255.255.0 # interfaceGigabitEthernet0/0/0.3 vlan-type dot1q 3 //vlan3的網關// ip address 192.168.3.254 255.255.255.0 # interfaceGigabitEthernet0/0/1 ip address 202.100.1.1 255.255.255.0 # trust priority is 85 interface of the zone is (3): GigabitEthernet0/0/0.2 GigabitEthernet0/0/0.3 # ctc priority is 10 interface of the zone is (1): GigabitEthernet0/0/1 # cnc priority is 20 interface of the zone is (1): GigabitEthernet0/0/2 # ------------------------------------------------------------------------------------ policy interzonetrust ctc outbound policy 0 action permit policy source 192.168.2.0 mask 24 policy source 192.168.3.0 mask 24 # policy interzonetrust cnc outbound policy 0 action permit policy source 192.168.2.0 mask 24 policy source 192.168.3.0 mask 24 # ---------------------------------------------------------------------- nat-policy interzonetrust ctc outbound policy 0 action source-nat policy source 192.168.2.0 mask 24 policy source 192.168.3.0 mask 24 easy-ip GigabitEthernet0/0/1 # nat-policy interzonetrust cnc outbound policy 0 action source-nat policy source 192.168.2.0 mask 24 policy source 192.168.3.0 mask 24 easy-ip GigabitEthernet0/0/2 ---------------------------------------------------------------------------- policy-based-routePBR1 permit node 1 if-match acl 3001 apply ip-address next-hop 202.100.1.2 匹配acl3001的流量設置下一跳為202.100.1.2 # policy-based-route PBR2 permit node 2 if-match acl 3002 apply ip-address next-hop 202.100.2.2 匹配acl3001的流量設置下一跳為202.100.2.2 # acl number 3001 rule 5 deny ip destination192.168.3.0 0.0.0.255 目標到達192.168.3.0的路由不匹配策略 rule 10 permit ip source 192.168.2.0 0.0.0.255 # acl number 3002 rule 1 deny ip destination192.168.2.0 0.0.0.255 目標到達192.168.2.0的路由不匹配策略 rule 5 permit ip source 192.168.3.0 0.0.0.255 ip-link 2destination 202.100.2.2 interface GigabitEthernet 0/0/2 mode icmp ip-link 1destination 202.100.1.2 interface GigabitEthernet 0/0/1 mode icmp ip route-static 0.0.0.0 0.0.0.0 202.100.1.2track ip-link 1 ip route-static 0.0.0.0 0.0.0.0 202.100.2.2track ip-link 2 interfaceGigabitEthernet0/0/0.2 ip policy-based-route PBR1 # interfaceGigabitEthernet0/0/0.3 ip policy-based-route PBR2 假設ip-link檢測目標202.100.1.2失效,則對應的靜態路由失效,對應的PBR1策略路由也失效。所以源地址 192.168.2.0網段選擇下一跳202.100.2.2作為出口路由,當ip-link檢測目標202.100.1.2成功,則對應的靜態路由生效,對應的PBR1策略路由也隨之生效,所以源地址192.168.2.0網段依然選擇下一條202.100.1.2作為出口路由。 綜述:ip-link檢測影響靜態路由,靜態路由影響策略路由。 |
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
