移动、联通、电信三网接入要求源进源出。-三层

联通、电信、移动，三网同时接入内网，要求源进源出。

分配的公网IP：

CTC联通IP：119.188.113.96/28

CNC电信IP：150.138.201.248/30

CMB-1移动1IP：111.14.208.48/29

CMB-2移动2IP：111.14.200.0/27

  SW1为三层交换机（受环境模拟限制，SW1、SW2都是路由器模拟的三层交换机）

  CTC、CNC、CMB-1、CMB-2四个路由器都是模拟的运营商环境。

一、网络环境配置：

CNC：

interface GigabitEthernet0/0/0

 ip address 10.10.10.1 255.255.255.0

#

interface GigabitEthernet0/0/1

 ip address 100.100.100.254 255.255.255.0

#

ip route-static 0.0.0.0 0.0.0.0 100.100.100.1

ip route-static 119.188.113.96 255.255.255.240 10.10.10.254

CTC：

interface GigabitEthernet0/0/0

 ip address 20.20.20.1 255.255.255.0

#

interface GigabitEthernet0/0/1

 ip address 200.200.200.254 255.255.255.0

#

ip route-static 0.0.0.0 0.0.0.0 200.200.200.1

ip route-static 150.138.201.248 255.255.255.252 20.20.20.254

CMB-1：

interface GigabitEthernet0/0/0

 ip address 30.30.30.1 255.255.255.0

#

interface GigabitEthernet0/0/1

 ip address 130.130.130.254 255.255.255.0

#

ip route-static 0.0.0.0 0.0.0.0 130.130.130.1

ip route-static 111.14.208.48 255.255.255.248 30.30.30.254

CMB-2：

interface GigabitEthernet0/0/0

 ip address 40.40.40.1 255.255.255.0

#

interface GigabitEthernet0/0/1

 ip address 140.140.140.254 255.255.255.0

#

ip route-static 0.0.0.0 0.0.0.0 140.140.140.1

ip route-static 111.14.200.0 255.255.255.224 40.40.40.254

SW2：划分VLAN把接口加入相应VLAN   连接SW1的接口起trunk，并允许相应VLAN通过。

vlan batch 100 200 300 400

#

interface Ethernet0/0/0

 port link-type trunk

 port trunk allow-pass vlan 100 200 300 400

#

interface Ethernet0/0/1

 port link-type access

 port default vlan 100

#

interface Ethernet0/0/2

 port link-type access

 port default vlan 200

#

interface Ethernet0/0/3

 port link-type access

 port default vlan 300

#

interface Ethernet0/0/4

 port link-type access

 port default vlan 400

#

SW1：划分VLAN把接口加入相应VLAN   连接SW2的接口起trunk，并允许相应VLAN通过，配置VLAN IP

vlan batch 100 200 300 400

#

interface Vlanif100

 ip address 119.188.113.97 255.255.255.240

 ip address 10.10.10.254 255.255.255.0 sub

#

interface Vlanif200

 ip address 150.138.201.249 255.255.255.252

 ip address 20.20.20.254 255.255.255.0 sub

#

interface Vlanif300

 ip address 111.14.208.49 255.255.255.248

 ip address 30.30.30.254 255.255.255.0 sub

#

interface Vlanif400

 ip address 111.14.200.1 255.255.255.224

 ip address 40.40.40.254 255.255.255.0 sub

#

interface Ethernet0/0/0

 port link-type trunk

 port trunk allow-pass vlan 100 200 300 400

#

interface Ethernet0/0/1

 port link-type access

 port default vlan 100

 #

interface Ethernet0/0/2

 port link-type access

 port default vlan 200

#

interface Ethernet0/0/3

 port link-type access

 port default vlan 300

 #

interface Ethernet0/0/4

 port link-type access

 port default vlan 400

#

ip route-static 0.0.0.0 0.0.0.0 40.40.40.1

二、策略配置及应用接口（也可以应用到VLAN）：只需要配置三个策略，CMB-2走的默认路由。

SW1：

acl number 3001  

 rule 5 permit ip source 119.188.113.96 0.0.0.15

acl number 3002  

 rule 5 permit ip source 150.138.201.248 0.0.0.3

acl number 3003  

 rule 5 permit ip source 111.14.208.48 0.0.0.7

 #

traffic classifier liantong operator or

 if-match acl 3001

traffic classifier yidong operator or

 if-match acl 3003

traffic classifier dianxin operator or

 if-match acl 3002

#

traffic behavior liantong

 redirect ip-nexthop 10.10.10.1

traffic behavior yidong

 redirect ip-nexthop 30.30.30.1

traffic behavior dianxin

 redirect ip-nexthop 20.20.20.1

#

traffic policy liantong

 classifier liantong behavior liantong

traffic policy yidong

 classifier yidong behavior yidong

traffic policy dianxin

 classifier dianxin behavior dianxin

#

应用到SW1下联接口：

interface Ethernet0/0/1

 port link-type access

 port default vlan 100

 traffic-policy liantong inbound

#

interface Ethernet0/0/2

 port link-type access

 port default vlan 200

 traffic-policy dianxin inbound

#

interface Ethernet0/0/3

 port link-type access

 port default vlan 300

 traffic-policy yidong inbound

#

interface Ethernet0/0/4

 port link-type access

 port default vlan 400

#