×××专线与互联网切换问题

       分公司有一条专线连到集团公司，但是分公司不能通过专线上互联网，现在想能连上专线同时又能上互联网，应该如何实现？请高手指教

如下是网络拓扑图、三层交换机、防火墙的配置：

1、网络拓扑图：

 

2、三层交换机配置：

<zuan>dis cu
 telnet server enable
#
ip ***-instance PIN
 route-distinguisher 65290:100
 ***-target 65290:311 export-extcommunity
 ***-target 65290:322 import-extcommunity
#
ip ***-instance ×××III
 route-distinguisher 65290:300
 ***-target 65290:321 export-extcommunity
 ***-target 65290:321 import-extcommunity
#
ip ***-instance ×××IV
 route-distinguisher 65290:400
***-target 65290:421 export-extcommunity
 ***-target 65290:421 import-extcommunity
#
ip ***-instance HE
 route-distinguisher 65290:200
 ***-target 65290:322 export-extcommunity
 ***-target 65290:322 import-extcommunity
#
vlan 1
#
vlan 10
#
vlan 100 to 101
#
vlan 2
#
vlan 200 to 201
#
vlan 300
#
vlan 400 to 401
#
domain system
access-limit disable
 state active
 idle-cut disable
 self-service-url disable
#
user-group system
#
interface NULL0
#
interface LoopBack0
 ip address 10.79.250.222 255.255.255.255
#
interface Vlan-interface10
 description ce manager
 ip address 10.79.168.82 255.255.255.252
#
interface Vlan-interface100
 description to *** PIN
 ip binding ***-instance PIN
 ip address 10.71.128.46 255.255.255.252
 ospf cost 100
#
interface Vlan-interface101
description to ***  PIN
 ip binding ***-instance  PIN
 ip address 10.75.24.174 255.255.255.240
 ospf cost 100
#
interface Vlan-interface111
 ip address 192.168.3.1 255.255.255.0
#
interface Vlan-interface200
 description to ***  GHE
 ip binding ***-instance  GHE
 ip address 10.71.130.46 255.255.255.252
 ospf cost 100
#
interface Vlan-interface201
 description to ***  GHE
 ip binding ***-instance  GHE
 ip address 10.70.138.254 255.255.255.0
 ospf cost 100
#
interface Vlan-interface300
 description to *** ×××III
 ip binding ***-instance ×××III
 ip address 10.71.132.46 255.255.255.252
 ospf cost 100
#
interface Vlan-interface400
 description to *** ×××IV
 ip binding ***-instance ×××IV
 ip address 10.71.134.46 255.255.255.252
 ospf cost 100
#
interface Vlan-interface401
 description to *** ×××IV
 ip binding ***-instance ×××IV
 ip address 172.30.37.254 255.255.255.0
 ospf cost 100
#
interface Ethernet1/0/1
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan 1 10 100
 description TO  AR2-1_GE0/0
#
interface Ethernet1/0/2
 port link-mode bridge
port access vlan 101
#
interface Ethernet1/0/3
 port link-mode bridge
 port access vlan 101
#
interface Ethernet1/0/4
 port link-mode bridge
 port access vlan 101
#
interface Ethernet1/0/5
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan 1 200 300 400
 description TO  FW2-1_ETH1
#
interface Ethernet1/0/6
 port link-mode bridge
 port access vlan 201
#
interface Ethernet1/0/7
 port link-mode bridge
 port access vlan 201
#
interface Ethernet1/0/8
 port link-mode bridge
 port access vlan 201
#
interface Ethernet1/0/9
 port link-mode bridge
#
interface Ethernet1/0/10
 port link-mode bridge
 port access vlan 111
#
interface Ethernet1/0/11
 port link-mode bridge
 port access vlan 111
#
interface Ethernet1/0/12
 port link-mode bridge
 port access vlan 111
#
interface Ethernet1/0/13
 port link-mode bridge
 port access vlan 111
#
interface Ethernet1/0/14
 port link-mode bridge
#
interface Ethernet1/0/15
 port link-mode bridge
#
interface Ethernet1/0/16
 port link-mode bridge
#
interface Ethernet1/0/17
 port link-mode bridge
#
interface Ethernet1/0/18
 port link-mode bridge
#
interface Ethernet1/0/19
 port link-mode bridge
 port access vlan 401
#
interface Ethernet1/0/20
 port link-mode bridge
 port access vlan 401
#
interface Ethernet1/0/21
 port link-mode bridge
 port access vlan 401
#
interface Ethernet1/0/22
 port link-mode bridge
 port access vlan 401
#
interface Ethernet1/0/23
 port link-mode bridge
#
interface Ethernet1/0/24
 port link-mode bridge
 port access vlan 2
#
interface GigabitEthernet1/1/1
 port link-mode bridge
#
interface GigabitEthernet1/1/2
 port link-mode bridge
#
interface GigabitEthernet1/1/3
 port link-mode bridge
#
interface GigabitEthernet1/1/4
 port link-mode bridge
#
ospf 1
 area 0.0.0.22
  network 10.79.250.222 0.0.0.0
  network 10.79.168.80 0.0.0.3
#
ospf 100 router-id 10.79.250.222 ***-instance  PIN
 ***-instance-capability simple
 area 0.0.0.0
  network 10.75.24.160 0.0.0.15
  network 10.71.128.44 0.0.0.3
#
ospf 111
 area 0.0.0.111
#
ospf 200 router-id 10.79.250.222 ***-instance  GHE
 ***-instance-capability simple
 area 0.0.0.0
  network 10.70.138.0 0.0.0.255
  network 10.71.130.44 0.0.0.3
#
ospf 300 router-id 10.79.250.222 ***-instance ×××III
 ***-instance-capability simple
 area 0.0.0.0
  network 10.71.132.44 0.0.0.3
#
ospf 400 router-id 10.79.250.222 ***-instance ×××IV
 ***-instance-capability simple
 area 0.0.0.0
  network 10.71.134.44 0.0.0.3
  network 172.30.37.0 0.0.0.255
#
 ip route-static 0.0.0.0 0.0.0.0 192.168.2.2
#
 snmp-agent
 snmp-agent local-engineid 800063A2033822D6E2E8F0
 snmp-agent community write acd
 snmp-agent community read acdT
 snmp-agent sys-info version all
 snmp-agent target-host trap address udp-domain 10.79.1.178 params securityname
acd
 snmp-agent trap source LoopBack0
#

#
return

转载于:https://blog.51cto.com/warhar/953788