基于Vlan的策略路由

实验目标:

pc1 访问资源将数据重定向到SW3,pc2访问公网资源走sw2,并且保证pc1和pc2 之间访问不受影响

搭建网络环境:
LSW1

vlan batch 10 20 30 40 100 200

interface Vlanif10
 ip address 172.30.0.1 255.255.255.0

interface Vlanif20
 ip address 172.16.0.1 255.255.255.0

interface Vlanif30
 ip address 30.0.0.1 255.255.255.0

interface Vlanif40
 ip address 40.0.0.1 255.255.255.0

interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 30

interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 40

interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094

ip route-static 0.0.0.0 0.0.0.0 40.0.0.2

LSW2:

vlan batch 30

interface Vlanif30
 ip address 30.0.0.2 255.255.255.0

interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 30

LSW3

vlan batch 40

interface Vlanif40
 ip address 40.0.0.2 255.255.255.0

interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 40

ip route-static 0.0.0.0 0.0.0.0 40.0.0.1

LSW4

vlan batch 10 20

interface Ethernet0/0/1
 port link-type access
 port default vlan 10

interface Ethernet0/0/2
 port link-type access
 port default vlan 20

interface Ethernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094

---

关键配置:
LSW1

acl number 3000
 rule 5 permit ip source 172.30.0.0 0.0.0.255 destination 172.16.0.0 0.0.0.255
 rule 10 permit ip source 172.16.0.0 0.0.0.255 destination 172.30.0.0 0.0.0.255
#防止172.30 发起的内网间通讯被重定向
acl number 3000
 rule 5 permit ip source 172.30.0.0 0.0.0.255 destination 172.16.0.0 0.0.0.255
 rule 10 permit ip source 172.16.0.0 0.0.0.255 destination 172.30.0.0 0.0.0.255
#
traffic classifier c0 operator and
 if-match acl 3000

traffic behavior b0
 permit
 
 
 traffic classifier c1 operator and
 if-match acl 3001
 
traffic behavior b1
 redirect ip-nexthop 30.0.0.2

 
traffic policy p0
 classifier c0 behavior b0
 classifier c1 behavior b1
 
interface GigabitEthernet0/0/4
 traffic-policy p0 inbound

结果验证:
pc1 ping 40.0.0.2 在LSW2 上抓包