电信移动双光纤接入,请求AR1220E-S的策略路由配置

新人帖[复制链接]
发表于 : 2018-7-3 12:28:42 最新回复:2018-07-12 08:46:12
1358 8
ar1220es    

[V200R006C10SPC300]
#
drop illegal-mac alarm
#
ipv6
#
dns resolve
dns server 219.141.136.10
dns server 211.136.192.6
dns proxy enable
#
dhcp enable
#
ip accounting mismatched-threshold 4096
#
update schedule daily 00:32
#
pki realm default
enrollment self-signed
#
ssl policy default_policy type server
pki-realm default
#
acl number 2000
rule 5 permit source 192.168.22.0 0.0.0.255
rule 15 permit source 192.168.27.0 0.0.0.255
rule 20 permit source 192.168.26.0 0.0.0.255
rule 30 permit source 192.168.24.0 0.0.0.255
rule 35 permit source 192.168.23.0 0.0.0.255
rule 40 permit source 192.168.21.0 0.0.0.255
acl number 2005
description chinatelecom
rule 0 permit source 192.168.25.0 0.0.0.255
acl name GigabitEthernet0/0/8 2998
rule 5 permit
acl name GigabitEthernet0/0/2 2999
rule 5 permit
#
traffic classifier chinatelecom operator or
if-match acl 2005
#
traffic behavior chinatelecom
redirect ip-nexthop 192.168.1.1
#
traffic policy telecom
classifier chinatelecom behavior chinatelecom
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user jack password irreversible-cipher %^%#c&&8NAJlYGs_"]Xq[\P%gY747Qap6-0g"G2dHDNJ'pf"H~t:[,orm/Y~Ts|M%^%#
local-user jack privilege level 15
local-user jack service-type http
local-user admin password irreversible-cipher %^%#(|72F88m:,zp[<!1cF6NDAf!$hO;[Re=.l9+\;bU*%4_,vu>#1Lg{0R2WK5@%^%#
local-user admin privilege level 15
local-user admin service-type http
local-user tcjack password irreversible-cipher %^%#o]_HF<VXmU/}VeR3U|EW7eSc.Z7Fq~f7tZB$[J4L\$wa-j;43I&$}`*2e2{O%^%#
local-user tcjack privilege level 15
local-user tcjack service-type telnet
#
firewall zone Local
priority 16
#
interface Vlanif1
shutdown
ip address 192.168.66.1 255.255.255.0
dhcp select interface
dhcp server excluded-ip-address 192.168.66.2 192.168.66.20
dhcp server dns-list 192.168.66.1
#
interface GigabitEthernet0/0/0
undo portswitch
tcp adjust-mss 1460
ip address 192.168.2.1 255.255.255.0
dhcp select interface
dhcp server dns-list 211.136.192.6
#
interface GigabitEthernet0/0/1
undo portswitch
tcp adjust-mss 1460
ip address 192.168.21.1 255.255.255.0
undo negotiation auto
speed 1000
dhcp select interface
dhcp server dns-list 211.136.192.6
#
interface GigabitEthernet0/0/2
undo portswitch
tcp adjust-mss 1460
ip address 192.168.22.1 255.255.255.0
undo negotiation auto
speed 1000
nat outbound 2999
dhcp select interface
dhcp server dns-list 211.136.192.6
#
interface GigabitEthernet0/0/3
undo portswitch
tcp adjust-mss 1460
ip address 192.168.23.1 255.255.255.0
undo negotiation auto
speed 1000
dhcp select interface
dhcp server dns-list 211.136.192.6
#
interface GigabitEthernet0/0/4
undo portswitch
ip address 192.168.24.1 255.255.255.0
dhcp select interface
dhcp server dns-list 211.136.192.6
#
interface GigabitEthernet0/0/5
undo portswitch
ip address 192.168.25.1 255.255.255.0
traffic-policy telecom inbound
dhcp select interface
dhcp server dns-list 211.136.192.6
#
interface GigabitEthernet0/0/6
undo portswitch
tcp adjust-mss 1460
ip address 192.168.26.1 255.255.255.0
undo negotiation auto
speed 1000
dhcp select interface
dhcp server dns-list 211.136.192.6
#
interface GigabitEthernet0/0/7
undo portswitch
ip address 192.168.27.1 255.255.255.0
dhcp select interface
dhcp server dns-list 211.136.192.6
#
interface GigabitEthernet0/0/8
description chinamobile
ip address 183.236.75.97 255.255.255.192
nat outbound 2998
ip accounting input-packets
ip accounting output-packets
#
interface GigabitEthernet0/0/9
description chinatelecom
tcp adjust-mss 1460
undo negotiation auto
speed 1000
ip address dhcp-alloc
#
interface GigabitEthernet0/0/10
description VirtualPort
#
interface Cellular0/0/0
#
interface Cellular0/0/1
#
interface NULL0
#
info-center timestamp log format-date
#
snmp-agent local-engineid 800007DB039C37F4933C59
#
telnet server enable
telnet server port 10000
#
http secure-server ssl-policy default_policy
http server enable
http secure-server enable
#
ip route-static 0.0.0.0 0.0.0.0 183.236.75.254
ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0/8 183.236.75.65 preference 90
ip route-static 0.0.0.0 0.0.0.0 192.168.1.1
#
nqa test-instance admin icmp
test-type icmp
destination-address ipv4 183.236.75.65
sendpacket passroute
frequency 10
probe-count 2
source-interface GigabitEthernet0/0/8
nqa test-instance admin icmp2
test-type icmp
destination-address ipv4 192.168.1.1
sendpacket passroute
frequency 10
probe-count 2
source-interface GigabitEthernet0/0/9
#
user-interface con 0
authentication-mode password
set authentication password cipher %@%@t@r!@S1Fz4RmR'4;-,.\p{8{79l+0S@`C(PTjDRGK.\s,%@%@
user-interface vty 0
authentication-mode aaa
user privilege level 15
user-interface vty 1 4
authentication-mode aaa
#
port-group help
#
port-group link0-
#
wlan ac
#
return

配置文件如上配好以后上不了网。

目前状态是
8口接移动光纤固定IP地址。
9口接电信光猫自动获取IP地址光猫是192.168.1.1接口获取的地址是192.168.1.2
其他几个口用作局域网内部交换。
其中
7口下接一个华为三层交换机。
剩下几个口直接接到工位上面。
目前的想法是让5口6口走电信其他口走移动。
求教感激不尽
  • x
  • 常规:

点评 回复

跳转到指定楼层
网络管理员木头  管理员   发表于 2018-7-3 15:57:54 已赞(0) 赞(0)

ding~~~~~~~
  • x
  • 常规:

点评 回复

ar1220es     发表于 2018-7-3 17:30:30 已赞(0) 赞(0)

现在遇到一个问题。
8口是固定IP地址,183.x.x.x的公网IP
9口是自动获取IP地址,从电信光猫获得192.168.1.2这样的地址。
如果启用9口自动获取IP,立刻就全部上不了网了,why?
  • x
  • 常规:

点评 回复

过于走心选择困难  版主   发表于 2018-7-3 17:59:57 已赞(0) 赞(0)

9口上没有配置NAT, 这个是上方的设备帮你做地址转换,还是要在AR的出口上做地址转换?
还有2口上配置了NAT outbound,从你的描述看,这个不接外网接口,这个口是没启用,还是配置有错误?
  • x
  • 常规:

点评 回复

ar1220es     发表于 2018-7-3 18:03:01 已赞(0) 赞(0)

2口没用。
9口需要配置一个NAT才可以吗?
  • x
  • 常规:

点评 回复

ar1220es     发表于 2018-7-3 22:12:41 已赞(0) 赞(0)

自己DIY搞定了,回头我把配置贴上来。
  • x
  • 常规:

点评 回复

qtcpl     发表于 2018-7-9 21:02:42 已赞(0) 赞(0)

你的Diy呢?搞定了怎么不把方法拿出来?
怎么说你还有个三层,
我这里只有一个ar2204-s 其他都是傻瓜式交换机,还在寻找资料中
  • x
  • 常规:

点评 回复

nash_gjy  新锐   发表于 2018-7-10 00:36:24 已赞(0) 赞(0)

类似这种双线路,一般要么用IP地址区分,要么用vlan区分,比较简单些
  • x
  • 常规:

点评 回复

共祝愿祖国好     发表于 2018-7-12 08:46:12 已赞(0) 赞(0)

学习了,感谢分享
  • x
  • 常规:

点评 回复

不忘初心  方得始终——只有不忘记自己最初的想法,才能有始有终地去完成自己的梦想。时刻记着当初自己开始这段路的目的或原因,就可以劈荆斩棘一心向前实现目标
发表回复
您需要登录后才可以回帖 登录 | 注册

如果附件按钮无法使用,请将Adobe Flash Player 更新到最新版本!
快速回复 返回顶部