一、拓扑图场景介绍:
两条ISP线路分别接入SSG5的E0/0和E0/1口
VLAN1:172.16.1.0/24的流量要求走E0/0口
VLAN2:172.16.2.0/24的流量要求走E0/1口
二、定义ACL(在路由配置模式下)
set vrouter "trust-vr" set access-list extended 10 src-ip 172.16.1.0/24 dst-ip 0.0.0.0/0 src-port 1-65535 dst-port 1-65535 protocol any entry 10 set access-list extended 10 src-ip 172.16.1.0/24 dst-ip 0.0.0.0/0 protocol icmp entry 20 set access-list extended 20 src-ip 172.16.2.0/24 dst-ip 0.0.0.0/0 src-port 1-65535 dst-port 1-65535 protocol any entry 10 set access-list extended 20 src-ip 172.16.2.0/24 dst-ip 0.0.0.0/0 protocol icmp entry 20 exit
三、定义match group(在路由配置模式下)
set vrouter "trust-vr" set match-group name group_10 set match-group group_10 ext-acl 10 match-entry 10 set match-group name group_20 set match-group group_20 ext-acl 20 match-entry 10 exit
四、定义action group(在路由配置模式下)
set vrouter "trust-vr" set action-group name action_10 set action-group action_10 next-interface ethernet0/0 action-entry 10 set action-group name action_20 set action-group action_20 next-interface ethernet0/1 action-entry 10 exit
五、定义policy(在路由配置模式下)
set vrouter "trust-vr" set pbr policy name pbr_trust set pbr policy pbr_trust match-group group_10 action-group action_10 10 set pbr policy pbr_trust match-group group_20 action-group action_20 20 exit
六、配置policy binding(在配置模式下)
set pbr pbr_trust set zone Trust pbr pbr_trust set interface bgroup0 pbr pbr_trust set interface bgroup1 pbr pbr_trust set interface bgroup2 pbr pbr_trustset interface bgroup3 pbr pbr_trust
本文转自yangye1985 51CTO博客,原文链接:http://blog.51cto.com/yangye/1899563,如需转载请自行联系原作者
