问题描述
内网存在两个网段,网段 1:10.1.1.0/24,网段 2:10.1.2.0/24,在 RTA 的 GE0/0/0 接口部署 PBR,实现网段 1 访问 Internet 通过 ISP1、网段 2 访问 Internet 通过 ISP2;
RTA 上旁挂了一台服务器,要求在 RTA 上部署的策略路由不影响内网用户访问该服务器;
/2.1.3_L3,_Packet_Forwarding_(Routing)/Policy-Based_Routing/Huawei,_policy-based-route/PBR,_Two_ISP,_One_Server/pasted_image.png)
解决方案
// 10.1.1.0 [RTA] acl number 3000 [RTA-acl-adv-3000] rule 1 deny ip source 10.1.1.0 0.0.0.255 destination 10.1.3.254 0 # 放行去往 Server 的流量 [RTA-acl-adv-3000] rule 2 permit ip source 10.1.1.0 0.0.0.255 destination 0.0.0.0 0 [RTA] policy-based-route hcip permit node 10 [RTA-policy-based-route-hcip-10] if-match acl 3000 [RTA-policy-based-route-hcip-10] apply ip-address next-hop 202.1.2.3 // 10.1.2.0 [RTA] acl number 3001 [RTA-acl-adv-3001] rule 1 deny ip source 10.1.2.0 0.0.0.255 destination 10.1.3.254 0 [RTA-acl-adv-3001] rule 2 permit ip source 10.1.2.0 0.0.0.255 destination 0.0.0.0 0 [RTA] policy-based-route hcip permit node 20 [RTA-policy-based-route-hcip-20] if-match acl 3001 [RTA-policy-based-route-hcip-20] apply ip-address next-hop 154.1.2.3 // Interface PBR [RTA-GigabitEthernet0/0/0] ip policy-based-route hcip