2 个网关的 L3 交换机静态路由

网络工程 思科 路由 ipv4
2021-07-22 07:19:51

在我的网络中,我使用 L3-3650x 作为核心交换机来路由内部网络。我有 2 个互联网网关,一个用于本地互联网 [192.168.2.1],另一个用于日本连接 [172.17.138.1]。两个路由器都提供互联网连接,但我想通过源地址将网络中的互联网使用分开,比如来自网络 172.17.138.0/24 或 172.17.160.0/24 通过路由器 172.17.138.1 连接互联网,如果来自 192.168.2.0/24 网络通过 192.168.2.1 连接

点击图片查看大图在此处输入图片说明

可以这样设置吗?

任何想法将不胜感激。

下面是显示版本命令的结果。

[为我的英语不好道歉]

SEPT_L3#show version
Cisco IOS Software, C3560E Software (C3560E-UNIVERSALK9-M), Version 12.2(55)SE3,                                                                                  RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Thu 05-May-11 15:57 by prod_rel_team
Image text-base: 0x00003000, data-base: 0x02800000

ROM: Bootstrap program is C3560E boot loader
BOOTLDR: C3560E Boot Loader (C3560X-HBOOT-M) Version 12.2(53r)SE2, RELEASE     SOFTW                                                                             ARE (fc1)

SEPT_L3 uptime is 4 weeks, 2 days, 1 hour, 51 minutes
System returned to ROM by power-on
System image file is "flash:/c3560e-universalk9-mz.122-55.SE3/c3560e-universalk9         -mz.122-55.SE3.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

License Level: ipbase
License Type: Permanent
Next reload license Level: ipbase

cisco WS-C3560X-24 (PowerPC405) processor (revision A0) with 262144K bytes of memory.
Processor board ID FDO1629P186
Last reset from power-on
4 Virtual Ethernet interfaces
1 FastEthernet interface
28 Gigabit Ethernet interfaces
2 Ten Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address       : 60:73:5C:00:78:00
Motherboard assembly number     : 73-12554-06
Motherboard serial number       : FDO162911ZG
Model revision number           : A0
Motherboard revision number     : A0
Model number                    : WS-C3560X-24T-S
1个回答

您喜欢执行的是基于策略的路由默认情况下,L3 设备根据目的 IP 定义下一跳。在 cisco 路由器上,PBR 允许您通过 Route-map 根据策略路由数据包。因此,您可以创建路由映射并将流量与 ACL 匹配并设置下一跳,之后您必须应用该策略应在哪个接口中处于活动状态。

不幸的是,在 Packet Tracer 上,此功能不可用,因此您无法在您的场景中实现该功能。

如果您有机会在真实设备实验室中实施您的场景,以下是根据您的拓扑配置 PBR 的命令。

route-map ISP-Outside permit 10
match ip address INTERNET-ACCESS_192
set ip next-hop 192.168.2.1 
route-map ISP-Outside permit 20
match ip address INTERNET-ACCESS_172
set ip next-hop 172.17.138.1

interface GigabitEthernet0/1 ! in all interface you want to implement this policy 
ip policy route-map ISP-Outside

ip access-list extended INTERNET-ACCESS_192
permit ip 192.168.2.0 0.0.0.255 any
deny ip any any

ip access-list extended INTERNET-ACCESS_172
permit ip 172.17.0.0 0.0.255.255 any
deny ip any any

另请参阅Cisco 文档站点上的基于策略的路由

其它你可能感兴趣的问题
上一篇反向 DNS 是 DNS 协议的一部分吗? 下一篇服务器是否应该拥有自己的 VLAN?