A-A+

如何配置思科cisco交换机策略路由

2015年08月11日 度娘知道 评论 1 条 阅读 1,016 views 次

在很多时候企业单位的核心交换机上需要配置策略路由,最常见的例子是做网络双出口,也就是对企业网络上网用户进行链路分流,这是截取了思科cisco三层路由交换机上的部分配置,语法如下:

interface FastEthernet0/24
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
!
interface Vlan10
description "server "
ip address 192.168.1.1 255.255.255.0
ip dnsoso route-map dnsoso2  在vlan子接口中去生效策略路由
!
interface Vlan20
description "yanfa"
ip address 192.168.2.1 255.255.255.0
ip dnsoso route-map dnsoso
!
interface Vlan30
description "market"
ip address 192.168.3.1 255.255.255.0
ip dnsoso route-map dnsoso2
!
interface Vlan40
description "caiwu&xingzheng"
ip address 192.168.4.1 255.255.255.0
ip dnsoso route-map dnsoso2
!
interface Vlan50
description "technology"
ip address 192.168.5.1 255.255.255.0
ip dnsoso route-map dnsoso
!
interface Vlan60
description "boss"
ip address 192.168.6.1 255.255.255.0
ip dnsoso route-map dnsoso
!
interface Vlan80
ip address 192.168.70.240 255.255.255.0
!
interface Vlan100
description "to-internet-1" 这是internet出口1的vlan,当然,也可以通过建立非交换端口,在某个接口上配IP
ip address 192.168.20.2 255.255.255.0
!
interface Vlan200
description "to-internet-2" 这是internet出口2的vlan
ip address 192.168.21.2 255.255.255.0
!
ip http server
ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 192.168.20.1
!
logging esm config
access-list 10 permit 192.168.1.0 0.0.0.255    策略路由需要提前配置好所需的访问控制列表
access-list 10 permit 192.168.3.0 0.0.0.255
access-list 10 permit 192.168.4.0 0.0.0.255
access-list 20 permit 192.168.2.0 0.0.0.255
access-list 20 permit 192.168.5.0 0.0.0.255
access-list 20 permit 192.168.6.0 0.0.0.255
access-list 100 deny ip any 192.168.0.0 0.0.255.255
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 100 permit ip 192.168.3.0 0.0.0.255 any
access-list 100 permit ip 192.168.4.0 0.0.0.255 any
access-list 150 deny ip 192.168.0.0 0.0.255.255 any
access-list 150 permit ip 192.168.2.0 0.0.0.255 any
access-list 150 permit ip 192.168.5.0 0.0.0.255 any
access-list 150 permit ip 192.168.6.0 0.0.0.255 any
route-map dnsoso permit 10  策略路由1
match ip address 150
set ip next-hop 192.168.21.1
!
route-map dnsoso2 permit 20  策略路由2
match ip address 100
set ip next-hop 192.168.20.1
!
!
!
!
line con 0
line vty 0 4
password dnsoso.com
login
line vty 5 15
password dnsoso.com
login
!
end

Copyright © 度娘搜搜 保留所有权利.   鲁ICP备15005183号-1

用户登录

分享到: