1、拓扑图
2、客户需求
云电脑网段10.16.77.0/24走电信1出口
云电脑网段10.16.73.0/24走电信2出口
所有的外网出口都是家宽,配置pppoe拨号,家宽对回话连接数有限制,所有开多条家宽分担用户回话连接数
3、主要设备配置
AR路由器配置
策略路由,acl流策略配置
acl number 2000
rule 5 permit source 10.16.73.0 0.0.0.255
acl number 2001
rule 5 permit source 10.16.77.0 0.0.0.255
acl number 2002
rule 5 permit source 10.16.79.0 0.0.0.255
#
traffic classifier DX2-C operator or
if-match acl 2001
traffic classifier DX1-C operator or
if-match acl 2000
traffic classifier DX3-C operator or
if-match acl 2002
#
traffic behavior DX2-B
redirect interface Dialer2
traffic behavior DX1-B
redirect interface Dialer1
traffic behavior DX3-B
redirect interface Dialer3
#
traffic policy DX2-P
classifier DX2-C behavior DX2-B
traffic policy DX1-P
classifier DX1-C behavior DX1-B
traffic policy DX3-P
classifier DX3-C behavior DX3-B
#
策略应用到对应的内网接口
interface Vlanif102
ip address 10.16.73.1 255.255.255.0
traffic-policy DX1-P inbound
#
interface Vlanif105
ip address 10.16.79.1 255.255.255.0
traffic-policy DX3-P inbound
#
interface Vlanif108
ip address 10.16.77.1 255.255.255.0
traffic-policy DX2-P inbound
配置pppoe动态拨号
interface Dialer1
des DX1
link-protocol ppp
ppp chap user t539fzy021870087
ppp chap password cipher %^%#Nq^eHWnK})YCI+Qai{@CIdC#/dG{$;&MG'4V"EK;%^%#
ppp pap local-user t539fzy021870087 password cipher %^%#~WtW#68S28_T'a1StVd39p7g(ZM~*@|8Y]PAB|a)%^%#
ppp ipcp dns admit-any
ppp ipcp dns request
tcp adjust-mss 1200
ip address ppp-negotiate
dialer user arweb
dialer bundle 1
dialer-group 1
nat outbound 2000
#
interface Dialer2
des DX2
link-protocol ppp
ppp chap user t539fzy021869365
ppp chap password cipher %^%#Yf{<6;R^_@\-V_XbmT"8rsmL>6sT9G#obWJ$l)=,%^%#
ppp pap local-user t539fzy021869365 password cipher %^%#a(4Y7tYfVRiDJLTwjkcDin>}='g":Fp}~06>wA)R%^%#
ppp ipcp dns admit-any
ppp ipcp dns request
tcp adjust-mss 1200
ip address ppp-negotiate
dialer user arweb
dialer bundle 2
dialer-group 2
nat outbound 2001
#
interface Dialer3
des DX3
link-protocol ppp
ppp chap user t539fzy021869909
ppp chap password cipher %^%#L,ee;lQR16$|mdK^+G#({P\R8lv2b5VRcb~e)']S%^%#
ppp pap local-user t539fzy021869909 password cipher %^%#`F;t=lc1`0qUSW&FzjzGQ[Y{2+IIo,ohGvJ^s_6T%^%#
ppp ipcp dns admit-any
ppp ipcp dns request
tcp adjust-mss 1200
ip address ppp-negotiate
dialer user arweb
dialer bundle 3
dialer-group 3
nat outbound 2002
interface GigabitEthernet0/0/5
des DX1
undo portswitch
pppoe-client dial-bundle-number 1
mac-address 28a6-db00-44c0
#
interface GigabitEthernet0/0/6
des DX2
undo portswitch
pppoe-client dial-bundle-number 2
mac-address 28a6-db00-44c1
#
interface GigabitEthernet0/0/7
des DX3
undo portswitch
pppoe-client dial-bundle-number 3
mac-address 28a6-db00-44c2
拨号用的物理网口,必须mac地址修改为mac地址不一致,否则无法拨号
dialer-rule
dialer-rule 1 ip permit
dialer-rule 2 ip permit
dialer-rule 3 ip permit
配置默认路由
ip route-static 0.0.0.0 0.0.0.0 Dialer1
ip route-static 0.0.0.0 0.0.0.0 Dialer2
ip route-static 0.0.0.0 0.0.0.0 Dialer3
4、业务验证
查看拨号获取的地址
Dialer1 100.70.48.156/32 up up(s)
Dialer2 100.70.36.39/32 up up(s)
Dialer3 100.70.51.36/32 up up(s)
GigabitEthernet0/0/5 unassigned up down
GigabitEthernet0/0/6 unassigned up down
GigabitEthernet0/0/7 unassigned up down
GigabitEthernet0/0/8 unassigned down down
GigabitEthernet0/0/9 172.16.1.1/24 down down
GigabitEthernet0/0/10 unassigned up down
NULL0 unassigned up up(s)
Vlanif102 10.16.73.1/24 up up
Vlanif105 10.16.79.1/24 up up
Vlanif108 10.16.77.1/24 up up
5、配置策略路由出现的一些问题
配置策略路由生效后,出现所有电脑ping不通网关的情况。经过排查发
https://support.huawei.com/enterprise/zh/knowledge/EKB1000086865
需要修改策略路由使用的网段,要排除终端电脑访问网关的流量
