如图:实现 要求:
1、当流量正常时PC1---LSW1----FW1----LSP_CNCC(lo0);PC2---LSW1----FW1----LSP_CMCC(lo0)
2、当LSP_CNCC(lo0)挂掉时;PC1与CP2流量全部切换至LSP_CMCC(lo0)反之当LSP_CMCC(lo0)挂掉时;PC1与CP2流量全部切换至LSP_CNCC(lo0)
3、注意配置ACL中deny意思为当实行内部网段通信时不匹配策略,如匹配策略的话,就会进行NAT导致内部通信中断!
4、实际案例中根据实际情况去绑定检测机制如NQA,BFD等实现更快去检测链路故障实现流量的切换保证流量可达性!
FW1配置:
<SRG>dis current-configuration
23:04:18 2017/07/12
#
stp region-configuration
region-name e81582044529
active region-configuration
#
acl number 3000
rule 2 deny ip destination 192.168.20.0 0.0.0.255 //实现内部通信,不让其匹配策略!
rule 5 permit ip source 192.168.10.0 0.0.0.255
rule 10 deny ip
#
acl number 3001
rule 2 deny ip destination 192.168.10.0 0.0.0.255
rule 5 permit ip source 192.168.20.0 0.0.0.255
rule 10 deny ip
#
interface GigabitEthernet0/0/0
alias GE0/MGMT
ip address 192.168.0.1 255.255.255.0
dhcp select interface
dhcp server gateway-list 192.168.0.1
#
interface GigabitEthernet0/0/1
ip address 210.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 220.1.1.1 255.255.255.0
#
interface Gigabi