1、拓撲圖

2、客戶需求

雲電腦網段10.16.77.0/24走電信1出口

雲電腦網段10.16.73.0/24走電信2出口

所有的外網出口都是家寬，配置pppoe撥號，家寬對回話連線數有限制，所有開多條家寬分擔使用者回話連線數

3、主要裝置配置

AR路由器配置

策略路由，acl流策略配置

acl number 2000

rule 5 permit source 10.16.73.0 0.0.0.255

acl number 2001

rule 5 permit source 10.16.77.0 0.0.0.255

acl number 2002

rule 5 permit source 10.16.79.0 0.0.0.255

#

traffic classifier DX2-C operator or

if-match acl 2001

traffic classifier DX1-C operator or

if-match acl 2000

traffic classifier DX3-C operator or

if-match acl 2002

#

traffic behavior DX2-B

redirect interface Dialer2

traffic behavior DX1-B

redirect interface Dialer1

traffic behavior DX3-B

redirect interface Dialer3

#

traffic policy DX2-P

classifier DX2-C behavior DX2-B

traffic policy DX1-P

classifier DX1-C behavior DX1-B

traffic policy DX3-P

classifier DX3-C behavior DX3-B

#

策略應用到對應的內網介面

interface Vlanif102

ip address 10.16.73.1 255.255.255.0

traffic-policy DX1-P inbound

#

interface Vlanif105

ip address 10.16.79.1 255.255.255.0

traffic-policy DX3-P inbound

#

interface Vlanif108

ip address 10.16.77.1 255.255.255.0

traffic-policy DX2-P inbound

配置pppoe動態撥號

interface Dialer1

des DX1

link-protocol ppp

ppp chap user t539fzy021870087

ppp chap password cipher %^%#Nq^eHWnK})YCI+Qai{@CIdC#/dG{$;&MG'4V"EK;%^%#

ppp pap local-user t539fzy021870087 password cipher %^%#~WtW#68S28_T'a1StVd39p7g(ZM~*@|8Y]PAB|a)%^%#

ppp ipcp dns admit-any

ppp ipcp dns request

tcp adjust-mss 1200

ip address ppp-negotiate

dialer user arweb

dialer bundle 1

dialer-group 1

nat outbound 2000

#

interface Dialer2

des DX2

link-protocol ppp

ppp chap user t539fzy021869365

ppp chap password cipher %^%#Yf{<6;R^_@\-V_XbmT"8rsmL>6sT9G#obWJ$l)=,%^%#

ppp pap local-user t539fzy021869365 password cipher %^%#a(4Y7tYfVRiDJLTwjkcDin>}='g":Fp}~06>wA)R%^%#

ppp ipcp dns admit-any

ppp ipcp dns request

tcp adjust-mss 1200

ip address ppp-negotiate

dialer user arweb

dialer bundle 2

dialer-group 2

nat outbound 2001

#

interface Dialer3

des DX3

link-protocol ppp

ppp chap user t539fzy021869909

ppp chap password cipher %^%#L,ee;lQR16$|mdK^+G#({P\R8lv2b5VRcb~e)']S%^%#

ppp pap local-user t539fzy021869909 password cipher %^%#`F;t=lc1`0qUSW&FzjzGQ[Y{2+IIo,ohGvJ^s_6T%^%#

ppp ipcp dns admit-any

ppp ipcp dns request

tcp adjust-mss 1200

ip address ppp-negotiate

dialer user arweb

dialer bundle 3

dialer-group 3

nat outbound 2002

interface GigabitEthernet0/0/5

des DX1

undo portswitch

pppoe-client dial-bundle-number 1

mac-address 28a6-db00-44c0

#

interface GigabitEthernet0/0/6

des DX2

undo portswitch

pppoe-client dial-bundle-number 2

mac-address 28a6-db00-44c1

#

interface GigabitEthernet0/0/7

des DX3

undo portswitch

pppoe-client dial-bundle-number 3

mac-address 28a6-db00-44c2

撥號用的物理網口，必須mac地址修改為mac地址不一致，否則無法撥號

dialer-rule

dialer-rule 1 ip permit

dialer-rule 2 ip permit

dialer-rule 3 ip permit

配置預設路由

ip route-static 0.0.0.0 0.0.0.0 Dialer1

ip route-static 0.0.0.0 0.0.0.0 Dialer2

ip route-static 0.0.0.0 0.0.0.0 Dialer3

4、業務驗證

檢視撥號獲取的地址

Dialer1 100.70.48.156/32 up up(s)

Dialer2 100.70.36.39/32 up up(s)

Dialer3 100.70.51.36/32 up up(s)

GigabitEthernet0/0/5 unassigned up down

GigabitEthernet0/0/6 unassigned up down

GigabitEthernet0/0/7 unassigned up down

GigabitEthernet0/0/8 unassigned down down

GigabitEthernet0/0/9 172.16.1.1/24 down down

GigabitEthernet0/0/10 unassigned up down

NULL0 unassigned up up(s)

Vlanif102 10.16.73.1/24 up up

Vlanif105 10.16.79.1/24 up up

Vlanif108 10.16.77.1/24 up up

5、配置策略路由出現的一些問題

配置策略路由生效後，出現所有電腦ping不通閘道器的情況。經過排查發

-----------------------------------

某學校雲電腦專案策略路由實際使用案例

https://blog.51cto.com/u_1823203/5027526

某學校雲電腦專案策略路由實際使用案例

相關文章