AR路由器双WAN出口配置备忘

公司的华为AR路由器，2个千兆口各接入一条电信宽带，万兆光口接另一台交换机。

[AR]display ip routing-table       
Route Flags: R - relay, D - download to fib, T - to vpn-instance
----------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 15       Routes : 16       

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

        0.0.0.0/0   Static  60   0           D   1*.*.*.245  Dialer1
                    Static  60   0           D   1*.*.*.164  Dialer2

[AR]display ip routing-table

Route Flags: R - relay, D - download to fib, T - to vpn-instance

----------------------------------------------------------------------------

Routing Tables: Public

Destinations : 15 Routes : 16

Destination/Mask Proto Pre Cost Flags NextHop Interface

0.0.0.0/0 Static 60 0 D 1*.*.*.245 Dialer1

Static 60 0 D 1*.*.*.164 Dialer2

发现默认都走Dialer2的IP，想把万兆光口（XGigabitEthernet 0/0/2）下某IP指定走Dialer1的wan，鼓捣了下于是有了这个记录

一开始听AI的尝试使用PBR（policy-based-route），然后发现不行（不生效），最后使用traffic-policy+ACL实现：

[AR]dis acl 3001
Advanced ACL 3001, 1 rule
Acl's step is 5
 rule 10 permit ip source 192.168.10.XXX 0 (14019702 matches)

[AR]dis traffic policy user-defined
  User Defined Traffic Policy Information:
  Policy: if3001tod1
   Classifier: 2
    Operator: OR
     Behavior: 2
     Precedence: 0
   Classifier: if3001
    Operator: OR
     Behavior: tod1
      Redirect: 
        redirect interface Dialer1
     Precedence: 5

[AR]dis acl 3001

Advanced ACL 3001, 1 rule

Acl's step is 5

rule 10 permit ip source 192.168.10.XXX 0 (14019702 matches)

[AR]dis traffic policy user-defined

User Defined Traffic Policy Information:

Policy: if3001tod1

Classifier: 2

Operator: OR

Behavior: 2

Precedence: 0

Classifier: if3001

Operator: OR

Behavior: tod1

Redirect:

redirect interface Dialer1

Precedence: 5

这里的意思大概就是，源为192.168.10.XXX这个IP的，跳转到Dialer1

然后再在XGigabitEthernet0/0/2里进行设置：

traffic-policy if3001tod1 inbound

1	traffic-policy if3001tod1 inbound

interface XGigabitEthernet0/0/2进入接口设置后，直接输入上面的指令，就完成了。

我自己的理解是inbound方向且为192.168.10.XXX的流量全部走Dialer1接口实现要求。

但是这样之后有个问题，无法经过192.168.10.233访问交换机本身（192.168.10.1）了，因为流量都被转到Dialer1去了。

所以上面的policy中有一条 Classifier 2 Behavior 2

[AR-classifier-2]dis th
[V300R019C10SPC300]
#
traffic classifier 2 operator or
 if-match acl 3000
#
return

[AR-behavior-2]dis th
[V300R019C10SPC300]
#
traffic behavior 2
#
return

[AR]dis acl 3000
Advanced ACL 3000, 2 rules
Acl's step is 5
 rule 95 permit ip destination 192.168.10.1 0 (18456 matches)

[AR-classifier-2]dis th

[V300R019C10SPC300]

traffic classifier 2 operator or

if-match acl 3000

return

[AR-behavior-2]dis th

[V300R019C10SPC300]

traffic behavior 2

return

[AR]dis acl 3000

Advanced ACL 3000, 2 rules

Acl's step is 5

rule 95 permit ip destination 192.168.10.1 0 (18456 matches)

我在这里加了个判断，大致作用就是目标为192.168.10.1的流量，匹配acl 3000，behavior内容为空，就是不做处理。

这一组Classifier+Behavior的优先级为precedence 0，所以高于ACL3001跳转Dialer1的规则，这样这组规则先被匹配到了。

Hiwbb.com

Hi，您需要填写昵称和邮箱！