核心路由器

1、外部接口

1)外部接口配置

int g0/0/1

ip address 100.1.1.1 24

int g0/0/2

ip address 200.1.1.1 24

2)感应兴趣流

acl number 2000

rule 5 permit source any

默认有一条rule 10 deny source any,这是一条隐含命令

acl number 2001

rule 5 permit source any

默认有一条rule 10 deny source any,这是一条隐含命令

3)配置接口

int g0/0/1

nat outbound 2000

int g0/0/2

nat outbound 2001

4)配置缺省路由

ip route-static 0.0.0.0 0 100.1.1.2

ip route-static 0.0.0.0 0 200.1.1.2

2、 内部接口

1)int g0/0/0

ip address 10.1.1.1 24

2)定义感应兴趣流

acl number 3000

rule 5 permit ip source 192.168.1.0 0.0.0.255

rule 10 deny ip source any

acl number 3001

rule permit ip source 192.168.2.0 0.0.0.255

rule 10 deny ip source 192.168.2.0 0.0.0.255

3)流分类

traffic classifier c1 operator or

if-match acl 3000

traffic classifier c2 operator or

if-match acl 3001

4)流行为(behavior)

traffic behavior b1

redirect ip-nexthop 100.1.1.2 //运营商接口IP

traffic behavior b2

redirect ip-nexthop 200.1.1.2 //运营商接口IP

5)流策略

traffic policy p1

classifier c1 behavior b1

classifier c2 behavior b2

6)接口应用

int g0/0/0

traffic-policy p1 inbouind

7)路由

ip route-static 192.168.1.0 24 10.1.1.2

ip route-static 192.168.2.0 255.255.255.0 10.1.1.2

注意:路由保证须非直连网段的全部具有路由(静态或者动态)