H3C交换机S5500策略路由配置-白红宇

H3C交换机S5500策略路由配置

阅读量：7126 次

发布时间：2019-06-28

本文共 2818 字，大约阅读时间需要 9 分钟。

网络情况如下：

用户1网络：172.16.1.0/24
用户2网络： 192.168.1.0/24
至出口1网络：172.16.100.0/24
至出口2网络：192.168.100.0/24

实现功能：用户1通过互联网出口1，用户2通过互联网出口2。

功能实现：在三层交换台机上配置默认路由，将数据包丢向192.168.100.253，再利用策略路由，凡是用户2网络IP192.168.1.0/24的地址都丢向172.16.100.253。

配置步骤：

说明：这里接口的配置等操作略。

1、首先建立默认路由，将所有的数据包都丢往出口2的下一节点192.168.100.253

[H3C5500] ip route-static 0.0.0.0 0.0.0.0 192.168.100.253

2、配置流分类1，对象为172.16.1.0/24的数据

[H3C5500]acl number 3001

[H3C5500-acl-adv-3001] rule 0 permit ip source 172.16.1.0 0.0.0.255

[H3C5500] quit

[H3C5500] traffic classifier 1

[H3C5500-classifier-1] if-match acl 3001

[H3C5500-classifier-1] quit

3、配置刚才定义的流分类的行为，定义如果匹配就下一跳至出口1即172.16.100.253

[H3C5500] traffic behavior 1

[H3C5500-behavior-1] redirect next-hop 172.16.100.253

[H3C5500-behavior-1] quit

4、将刚才设置的应用至QOS策略中，定义policy 1

[H3C5500] qos policy 1

[H3C5500-qospolicy-1] classifier 1 behavior 1

[H3C5500-qospolicy-1] quit

5、在接口上应用定义的QOS策略policy 1

[H3C5500] interface GigabitEthernet 1/0/15

[H3C5500-GigabitEthernet1/0/15] qos apply policy 1 inbound

[H3C5500-GigabitEthernet1/0/15] quit

至此，配置已完成。

配置文件（略过一些接口配置信息）：

version 5.20, Release 2102P02
#
sysname H3C5500
#
domain default enable system
#
telnet server enable
#
vlan 1
#
vlan 100 to 103
#
traffic classifier 1 operator and
if-match acl 3001
#
traffic behavior 1
redirect next-hop 172.16.100.253
#
qos policy 1
classifier 1 behavior 1
#
dhcp server ip-pool 1
network 192.168.1.0 mask 255.255.255.0
gateway-list 192.168.1.254
dns-list 221.228.255.1
#
dhcp server ip-pool 2
network 172.16.1.0 mask 255.255.255.0
gateway-list 172.16.1.254
dns-list 221.228.255.1
#
local-user huawei
password cipher .]@USE=B,53Q=^Q`M<1!!
service-type telnet terminal
level 3
#
acl number 3001
rule 0 permit ip source 172.16.1.0 0.0.0.255
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.0.254 255.255.255.0
#
interface Vlan-interface100
ip address 192.168.100.254 255.255.255.0
#
interface Vlan-interface101
ip address 192.168.1.254 255.255.255.0
#
interface Vlan-interface102
ip address 172.16.100.254 255.255.255.0
#
interface Vlan-interface103
ip address 172.16.1.254 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-type access
port access vlan 100
speed 1000
duplex full
#
interface GigabitEthernet1/0/2
port link-type access
port access vlan 102
speed 1000
duplex full
#
interface GigabitEthernet1/0/15
port link-type trunk
port trunk permit vlan 1 101 103
speed 1000
duplex full
qos apply policy 1 inbound
#
interface GigabitEthernet1/0/16
port link-type trunk
port trunk permit vlan 1 101 103
speed 1000
duplex full
qos apply policy 1 inbound
#
ip route-static 0.0.0.0 0.0.0.0 192.168.100.253
#
dhcp enable
#
load xml-configuration
#
user-interface aux 0
authentication-mode scheme
user-interface vty 0 4
authentication-mode scheme
user privilege level 3
#
return