#
interface Vlanif2
ip address 192.168.1.1 255.255.255.0
traffic-policy 1 inbound5：接口inbound方向应用流策略
dhcp select interface
dhcp server dns-list 219.141.136.10 8.8.8.8
local-user admin1 privilege level 15
local-user admin1 service-type telnet terminal ssh ftp x25-pad http
#
firewall zone Local
priority 16
#
interface Vlanif1
stelnet server enable
telnet server enable
#
http secure-server ssl-policy default_policy
http server enable
http secure-server enable
#
ip route-static 0.0.0.0 0.0.0.0 222.249.226.137
#
interface GigabitEthernet0/0/5
port link-type access
port default vlan 2
#
interface GigabitEthernet0/0/6
port link-type access
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
#
interface GigabitEthernet0/0/2
port link-type access
classifier 1 behavior 1
注意：
策略路由与网段互通必须是网段互通在前否则 网段互通策略不生效
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
rule 0 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.1.1 0
rule 5 permit ip source 192.168.1.0 0.0.0.255 destination 172.16.10.0 0.0.1.255
local-user admin service-type telnet terminal ssh http
local-user admin1 password irreversible-cipher %^%#44VeXSBB2MGdR2*R)Y'(TQ15+Q_5*Lx3gD(C#<6$.nB[AHyOo&WU}7>!W%^0%^%#
华为AR1200 路由器策略路由配置
[Huawei]display current-configuration
[V200R007C00SPC900]
#
drop illegal-mac alarm
#
l2tp enable
#
ipv6
#
ip load-balance hash src-ip
#
dns resolve
#
user-interface con 0
authentication-mode aaa
user-interface vty 0
authentication-mode aaa
user privilege level 15
protocol inbound ssh
user-interface vty 1 4
pki-realm default
#
aclnumber2999
rule 5 permit source 172.16.10.0 0.0.1.255
#
acl number 30001;创建用于策略路由的ACL
rule 5 permit ip source 192.168.1.0 0.0.0.255
acl number 3001用于策略路由及默认路由两个网段之间互通的ACL
#
interface Cellular0/0/1
#
interface NULL0
#
snmp-agent local-engineid 800007DB03F02FA78A2C38
#
ssh user admin authentication-type all
ssh client first-time enable
dns server 219.141.136.10
dns server 219.141.140.10
dns proxy enable
#
vlan batch 2
#
dhcp enable
#
pki realm default
enrollment self-signed
#
ssl policy default_policy type server
domain default_admin
local-user admin password irreversible-cipher %^%#>GaX7&}u@XhKK_N|+BPYHB|'&(|*K+fdf)C8]CsCZ35JIRYkI5{qq1J+r~*U%^%#
local-user admin privilege level 15
authentication-mode aaa
protocol inbound ssh
#
wlan ac
#
ops
#
autostart
#
return
ip address 172.16.10.1 255.255.254.0
dhcp select interface
dhcp server excluded-ip-address 172.16.10.2
dhcp server dns-list 219.141.136.10 219.141.140.10
tcp adjust-mss 1200
ip address 172.16.201.146 255.255.255.252
nat outbound 3000
#
interface GigabitEthernet0/0/10
description VirtualPort
#
interface Cellular0/0/0
#
traffic classifier 2 operator or2;创建trafficclassifier匹配acl两个网段互通
if-match acl 3001
traffic classifier 1 operator or创建trafficclassifier匹配acl策略路由
if-match acl 3000
port link-type access
#
interface GigabitEthernet0/0/8
tcp adjust-mss 1200
ip address 222.249.226.138 255.255.255.248
nat outbound 2999
#
interface GigabitEtherneior 23创建流行为网段互通不做任何行为
traffic behavior 1流行为策略路由重定向吓一跳
redirect ip-nexthop 172.16.201.145
#
traffic policy 14：创建流策略绑定traffic classifier与流行为
classifier 2 behavior 2默认生效优先级按顺序来
port default vlan 2
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 2
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 2