双isp小型局域网

原创

shipenlo 2016-11-24 14:55:02 博主文章分类：网络 ©著作权

©著作权归作者所有：来自51CTO博客作者shipenlo的原创作品，谢绝转载，否则将追究法律责任

说明：R1相当于AC，R2、R3代表两个ISP

undo terminal m
sys
sysname S1
vlan batch 1 to 8
stp bpdu-protection
inter g0/0/1
port link-type trunk
port trunk allow-pass vlan all
bpdu enable
inter e0/0/1
port link-type access
port default vlan 2
stp edged-port enable
q

-------------------------------
undo terminal m
sys
sysname S2
vlan batch 1 to 8
stp bpdu-protection
inter g0/0/1
port link-type trunk
port trunk allow-pass vlan all
bpdu enable
inter e0/0/1
port link-type access
port default vlan 3
stp edged-port enable

q

-----------------------------
sys
sysname S3
vlan batch 1 to 8
stp bpdu-protection
inter g0/0/1
port link-type trunk
port trunk allow-pass vlan all
bpdu enable
inter g0/0/2
port link-type trunk
port trunk allow-pass vlan all
bpdu enable
inter g0/0/3
port link-type access
port default vlan 4
stp edged-port enable
inter g0/0/4
port link-type access
port default vlan 5
stp edged-port enable
q
inter vlan 2
ip add 172.16.2.1 24
inter vlan 3
ip add 172.16.3.1 24
inter vlan 4
ip add 172.16.4.1 24
inter vlan 5
ip add 172.16.0.6 30
q
ip route-static 0.0.0.0 0.0.0.0 172.16.0.5
--------------------------------------
sys
sysname R1
inter g0/0/0
ip add 172.16.0.5 30
inter g0/0/1
ip add 172.16.0.2 30
q
ip route-static 172.16.2.0 24 g0/0/0 172.16.0.6
ip route-static 172.16.3.0 24 g0/0/0 172.16.0.6
ip route-static 172.16.4.0 24 g0/0/0 172.16.0.6
ip route-static 0.0.0.0 0.0.0.0 g0/0/1 172.16.0.1
--------------------------------------
sys
sysname R2
inter g0/0/0
ip add 11.10.10.4 24
inter s0/0/0
ip add 13.10.10.2 24
inter loop0
ip add 10.0.0.1 32
q
ip route-static 0.0.0.0 0.0.0.0 g0/0/0
ip route-static 10.0.0.2 32 s0/0/0
------------------------------------------
sys
sysname R3
inter g0/0/0
ip add 12.10.10.4 24
inter s0/0/0
ip add 13.10.10.3 24
inter loop0
ip add 10.0.0.2 32
q
ip route-static 0.0.0.0 0.0.0.0 g0/0/0
ip route-static 10.0.0.1 32 s0/0/0
-------------------------------------------------
防火墙
sys
inter g0/0/0
ip add 172.16.0.1 30
inter g0/0/1
ip add 11.10.10.1 24
inter g0/0/2
ip add 12.10.10.1 24
q

firewall zone trust
add interface g0/0/0
q
firewall zone name isp11
set priority 15
add interface g0/0/1
q
firewall zone name isp12
set priority 20
add interface g0/0/2
q

policy interzone trust isp11 outbound
policy 1
policy source 172.16.2.0 0.0.0.255
action permit
q
q
policy interzone trust isp12 outbound
policy 1
policy source 172.16.0.0 0.0.255.255

action permit
q
q

nat address-group 1 11.10.10.1 11.10.10.1
nat address-group 2 12.10.10.1 12.10.10.1

nat-policy interzone trust isp11 outbound
policy 1
policy source 172.16.0.0 0.0.255.255

action source-nat
address-group 1
q
q
nat-policy interzone trust isp12 outbound
policy 1
policy source 172.16.0.0 0.0.255.255
action source-nat
address-group 2
q
q
ip-link check enable
ip-link 1 destination 11.10.10.4 mode icmp
ip-link 2 destination 12.10.10.4 mode icmp
ip route-static 0.0.0.0 0.0.0.0 g0/0/1 track ip-link 1
ip route-static 0.0.0.0 0.0.0.0 g0/0/2 track ip-link 2
ip route-static 172.16.0.0 16 172.16.0.2
firewall defend syn-flood enable
firewall defend udp-flood enable
firewall defend icmp-flood enable
firewall defend icmp-flood base-session max-rate 5