需求1:主機10.151.19.20/24訪問外網把下一跳改為10.151.200.10再出去
(10.151.19.20/24訪問外網,原來的下一跳是什么?)
需求2:主機10.151.19.20/24訪問內網直接走原來的下一跳
(這個原來的下一跳,要保證內網可路由)
網段10.60.100.0/24和主機10.151.19.20/24之間互訪直接轉發
主機10.151.19.20 訪問其他所有都跳轉到10.151.200.10
——這個實現了。但可能內網訪問有個限制,每增加一個內網網段,就要在前面再添加一個優先級高於5的條目
acl number 3002
rule 6 permit ip source 192.168.0.0 0.0.255.255 destination 10.151.19.20 0
rule 7 permit ip source 10.151.19.20 0 destination 192.168.0.0 0.0.255.255
acl number 3003
rule 8 permit ip source 172.16.0.0 0.15.255.255 destination 10.151.19.20 0
rule 9 permit ip source 10.151.19.20 0 destination 172.16.0.0 0.15.255.255
acl number 3004
rule 10 permit ip source 10.0.0.0 0.255.255.255 destination 10.151.19.20 0
rule 11 permit ip source 10.151.19.20 0 destination 10.0.0.0 0.255.255.255
acl number 3005
rule 5 permit ip source 10.151.19.20 0
traffic classifier c2 type or
if-match acl 3002
traffic classifier c3 type or
if-match acl 3003
traffic classifier c0 type or
if-match acl 3004
traffic classifier c1 type or
if-match acl 3005
trarric behavior b0
trarric behavior b1
redirect nexthop 10.151.200.10
traffic policy p1
classifier c2 behavior b0 precedence 1
classifier c3 behavior b0 precedence 1
classifier c0 behavior b0 precedence 1
classifier c1 behavior b1 precedence 5
感謝朋友做的總結。