h3c msr800策略路由实验

(1)定义PBR(policy-based-route):一个名字一个或多个节点,每节点匹配ACL和动作,也可不匹配ACL和动作

(2)内网物理或VLAN虚接口应用PBR

(3)其它NAT/接口/路由正常配置,多线路下注意默认路由的优先级差异的配置,默认60,值越大优先级越低

 

92.168.30.11, DHCP client hardware address = 000e-c6d2-2d62, DHCP client lease = 86400.
<MSR800>
<MSR800>
<MSR800>
<MSR800>dis cur
#
version 5.20, Release 2514P04
#
sysname MSR800
#
domain default enable system
#
dar p2p signature-file flash:/p2p_default.mtd
#
port-security enable
#
password-recovery enable
#用来匹配内网不同网段的数据流
acl number 2020
rule 0 permit source 192.168.20.0 0.0.0.255
rule 5 deny
acl number 2030
rule 0 permit source 192.168.30.0 0.0.0.255
rule 5 deny
#
vlan 1
#
vlan 20
#
vlan 30
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
dhcp server ip-pool 20
network 192.168.20.0 mask 255.255.255.0
gateway-list 192.168.20.1
dns-list 222.222.222.222 202.99.166.4
#
dhcp server ip-pool 30
network 192.168.30.0 mask 255.255.255.0
gateway-list 192.168.30.1
dns-list 222.222.222.222 202.99.166.4
#
policy-based-route pbr1 permit node 10---------创建(定义)名为pbr1的策略路由有3个节点,10节点匹配vlan20的出口数据流根据动作apply下一跳去哪
if-match acl 2020
apply ip-address next-hop 172.16.11.254
policy-based-route pbr1 permit node 20---------20节点匹配vlan30的出口数据流 动作apply是下一跳去哪
if-match acl 2030
apply ip-address next-hop 172.16.30.254
policy-based-route pbr1 permit node 30----内部vlan间流量 无acl无apply 则数据转发根据路由表来转发
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher $c$3$40gC1cxf/wIJNa1ufFPJsjKAof+QP5aV
authorization-attribute level 3
service-type telnet
service-type web
#
cwmp
undo cwmp enable
#
interface Cellular0/0
async mode protocol
link-protocol ppp
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.1.1 255.255.255.0
#
interface Vlan-interface20-----------应用(生效)策略路,在以下2个内网虚接口(也可实接口)
ip address 192.168.20.1 255.255.255.0
ip policy-based-route pbr1
#
interface Vlan-interface30
ip address 192.168.30.1 255.255.255.0
ip policy-based-route pbr1
#
interface GigabitEthernet0/0------出口1正常配置nat
port link-mode route
nat outbound
ip address 172.16.11.9 255.255.255.0
#
interface GigabitEthernet0/1------出口2正常配置nat
port link-mode route
nat outbound
ip address 172.16.30.9 255.255.255.0
#
interface GigabitEthernet0/2
port link-mode bridge
#
interface GigabitEthernet0/3
port link-mode bridge
#
interface GigabitEthernet0/4
port link-mode bridge
#
interface GigabitEthernet0/5
port link-mode bridge
#
interface GigabitEthernet0/6
port link-mode bridge
#
interface GigabitEthernet0/7
port link-mode bridge
#
interface GigabitEthernet0/8----测试用不同vlan的端口,测试是否不同vlan走不同出口
port link-mode bridge
port access vlan 20
#
interface GigabitEthernet0/9
port link-mode bridge
port access vlan 30
#
ip route-static 0.0.0.0 0.0.0.0 172.16.11.254-----------静态路由,优先级默认60,号越大级别越低,即不优先走
ip route-static 0.0.0.0 0.0.0.0 172.16.30.254 preference 80
#
dhcp server forbidden-ip 192.168.20.1 192.168.20.10
dhcp server forbidden-ip 192.168.30.1 192.168.30.10
#
dhcp enable
#
load xml-configuration
#
load tr069-configuration
#
user-interface con 0
user-interface tty 13
user-interface vty 0 4
authentication-mode scheme
#
return
<MSR800>dis ip inter brief
*down: administratively down
(s): spoofing (l): loopback
Interface Physical Protocol IP Address Description
Cellular0/0 down down -- --
GE0/0 up up 172.16.11.9 --
GE0/1 down down 172.16.30.9 --
Vlan1 down down 192.168.1.1 --
Vlan20 down down 192.168.20.1 --
Vlan30 up up 192.168.30.1 --
<MSR800>dis inter brief
The brief information of interface(s) under route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Main IP Description
Cellular0/0 DOWN DOWN --
GE0/0 UP UP 172.16.11.9
GE0/1 DOWN DOWN 172.16.30.9
NULL0 UP UP(s) --
Vlan1 DOWN DOWN 192.168.1.1
Vlan20 DOWN DOWN 192.168.20.1
Vlan30 UP UP 192.168.30.1

The brief information of interface(s) under bridge mode:
Link: ADM - administratively down; Stby - standby
Speed or Duplex: (a)/A - auto; H - half; F - full
Type: A - access; T - trunk; H - hybrid
Interface Link Speed Duplex Type PVID Description
GE0/2 DOWN auto A A 1
GE0/3 DOWN auto A A 1
GE0/4 DOWN auto A A 1
GE0/5 DOWN auto A A 1
GE0/6 DOWN auto A A 1
GE0/7 DOWN auto A A 1
GE0/8 DOWN auto A A 20
GE0/9 UP 100M(a) F(a) A 30

<MSR800>dis vlan all
VLAN ID: 1
VLAN Type: static
Route Interface: configured
IP Address: 192.168.1.1
Subnet Mask: 255.255.255.0
Description: VLAN 0001
Name: VLAN 0001
Tagged Ports: none
Untagged Ports:
GigabitEthernet0/2 GigabitEthernet0/3 GigabitEthernet0/4
GigabitEthernet0/5 GigabitEthernet0/6 GigabitEthernet0/7

VLAN ID: 20
VLAN Type: static
Route Interface: configured
IP Address: 192.168.20.1
Subnet Mask: 255.255.255.0
Description: VLAN 0020
Name: VLAN 0020
Tagged Ports: none
Untagged Ports:
GigabitEthernet0/8

VLAN ID: 30
VLAN Type: static
Route Interface: configured
IP Address: 192.168.30.1
Subnet Mask: 255.255.255.0
Description: VLAN 0030
Name: VLAN 0030
Tagged Ports: none
Untagged Ports:
GigabitEthernet0/9

<MSR800>dis poli
<MSR800>dis policy-based-route
Policy based routing configuration information:
policy-based-route : pbr1
Node 10 permit :
if-match acl 2020
apply ip-address next-hop 172.16.11.254
Node 20 permit :
if-match acl 2030
apply ip-address next-hop 172.16.30.254
Node 30 permit :
<MSR800>dis policy-based-route ?
STRING<1-19> Policy based routing name
| Matching output
<cr>

<MSR800>dis policy-based-route pbr1
Policy based routing configuration information:
policy-based-route : pbr1
Node 10 permit :
if-match acl 2020
apply ip-address next-hop 172.16.11.254
Node 20 permit :
if-match acl 2030
apply ip-address next-hop 172.16.30.254
Node 30 permit :
<MSR800>dis ip poli
<MSR800>dis ip policy-based-route ?
setup Display policy based routing configuration information
statistics Display packet statistics of the policy based routing
| Matching output
<cr>

<MSR800>dis ip policy-based-route
policy Name interface
pbr1 Vlan-interface20
pbr1 Vlan-interface30
<MSR800>dis ip policy-based-route setup ?
STRING<1-19> Policy based routing name
interface Interface policy based routing information
local Local policy based routing information

<MSR800>dis ip policy-based-route setup pbr1
policy Name interface
pbr1 Vlan-interface20
pbr1 Vlan-interface30
<MSR800>dis version
H3C Comware Platform Software
Comware Software, Version 5.20, Release 2514P04
Copyright (c) 2004-2015 Hangzhou H3C Tech. Co., Ltd. All rights reserved.
H3C MSR800 uptime is 0 week, 0 day, 0 hour, 9 minutes
Last reboot 2013/01/01 00:00:16
System returned to ROM By Power-up.

CPU ID: 0xa
256M bytes DDR3 SDRAM Memory
10M bytes Flash Memory
PCB Version: 2.0
Logic Version: 0.0
Basic BootWare Version: 5.01
Extended BootWare Version: 5.01
[SLOT 0]CON (Hardware)2.0, (Driver)1.0, (CPLD)0.0
[SLOT 0]GE0/0 (Hardware)2.0, (Driver)1.0, (CPLD)0.0
[SLOT 0]GE0/1 (Hardware)2.0, (Driver)1.0, (CPLD)0.0
[SLOT 0]GE0/2 (Hardware)2.0, (Driver)1.0, (CPLD)0.0
[SLOT 0]GE0/3 (Hardware)2.0, (Driver)1.0, (CPLD)0.0
[SLOT 0]GE0/4 (Hardware)2.0, (Driver)1.0, (CPLD)0.0
[SLOT 0]GE0/5 (Hardware)2.0, (Driver)1.0, (CPLD)0.0
[SLOT 0]GE0/6 (Hardware)2.0, (Driver)1.0, (CPLD)0.0
[SLOT 0]GE0/7 (Hardware)2.0, (Driver)1.0, (CPLD)0.0
[SLOT 0]GE0/8 (Hardware)2.0, (Driver)1.0, (CPLD)0.0
[SLOT 0]GE0/9 (Hardware)2.0, (Driver)1.0, (CPLD)0.0
[SLOT 0]CELLULAR0/0 (Hardware)2.0, (Driver)1.0, (CPLD)0.0

实验测试:
pc接g0/8 获取20段IP 走11出口
pc接g0/9 获取30段IP 走30出口
断一出口线 自动走另一线出去
总结:
根据内网源IP 走不同的路 充分利用线路带宽
断一路用另一路 自动切换出口线路 冗余备份