eNSP: 华为路由器配置 接口策略路由（多个动作） 的基本功能示例（策略路由、PBR、NQA）（不涉及到建立邻居）

eNSP: 华为路由器配置 接口策略路由（多个动作） 的基本功能示例（策略路由、PBR、NQA）（不涉及到建立邻居）

项目需求：
1、服务器192.168.1.11从固定ip线路（R3方向）访问互联网
2、192.168.1.x段除192.168.1.11外，其他ip全部从PPPoE拔号线路（R4方向）访问互联网
3、192.168.168.0/23段与服务器192.168.1.11互通
4、192.168.168.0/23段从第3条ISP线路（P6方向）访问互联网
5、服务器192.168.1.11可以ping通（网关）R1和R2路由器的全部地址。

拓扑图：

[R1-Wired]display current-configuration
#
acl number 3001  
 rule 10 permit ip source 192.168.1.11 0 destination 192.168.168.0 0.0.1.255
 rule 20 permit ip source 192.168.1.11 0 destination 192.168.167.3 0
acl number 3002  
 rule 10 permit ip source 192.168.1.11 0 destination 192.168.1.2 0
acl number 3003
 rule 10 permit ip source 192.168.1.11 0 
#

traffic classifier 3 operator or
 if-match acl 3003

traffic classifier 2 operator or
 if-match acl 3002
traffic classifier 1 operator or
 if-match acl 3001
#

traffic behavior 3
 redirect ip-nexthop 11.11.11.11 track nqa admin 11.11.11.11
traffic behavior 2
 redirect ip-nexthop 192.168.1.2 track nqa admin 192.168.1.2
traffic behavior 1
 redirect ip-nexthop 192.168.167.3 track nqa admin 192.168.167.3

#
traffic policy 1
 classifier 1 behavior 1   preference 10  #eNSP模拟器上没有这个优先级，但是真机上有
 classifier 2 behavior 2   preference 15

 classifier 3 behavior 3   preference 20
#
interface GigabitEthernet0/0/0
 ip address 192.168.1.2 255.255.255.0
 traffic-policy 1 inbound
#
interface GigabitEthernet0/0/1
 ip address 100.100.100.1 255.255.255.0
#
interface GigabitEthernet0/0/2
 ip address 192.168.167.2 255.255.255.0
#
interface GigabitEthernet8/0/0
 ip address 11.11.11.1 255.255.255.0
#                                         
ip route-static 0.0.0.0 0.0.0.0 100.100.100.100
ip route-static 0.0.0.0 0.0.0.0 11.11.11.11 preference 80
ip route-static 192.168.168.0 255.255.254.0 192.168.167.3

#
nqa test-instance admin 11.11.11.11
 test-type icmp
 destination-address ipv4 11.11.11.11
 frequency 15
 probe-count 2
 start now

nqa test-instance admin 192.168.1.2
 test-type icmp
 destination-address ipv4 192.168.1.2
 frequency 15
 probe-count 2
 start now

nqa test-instance admin 192.168.167.3
 test-type icmp
 destination-address ipv4 192.168.167.3
 frequency 15
 probe-count 2
 start now

#    
[R1-Wired]

[R2-Wireless]dis current-configuration
#
interface GigabitEthernet0/0/0
 ip address 192.168.168.2 255.255.255.0
#
interface GigabitEthernet0/0/1
 ip address 200.200.200.1 255.255.255.0
#
interface GigabitEthernet0/0/2
 ip address 192.168.167.3 255.255.255.0                          
#
ip route-static 0.0.0.0 0.0.0.0 200.200.200.200
ip route-static 192.168.1.0 255.255.255.0 192.168.167.2
#
[R2-Wireless] 

<R3>dis current-configuration
#
interface GigabitEthernet0/0/0
 ip address 11.11.11.11 255.255.255.0
#
interface GigabitEthernet0/0/1
 ip address 192.168.7.11 255.255.255.0
#
ip route-static 192.168.1.0 255.255.255.0 11.11.11.1
ip route-static 192.168.168.0 255.255.254.0 11.11.11.1
#                
<R3>

<R4>dis current-configuration
#
interface GigabitEthernet0/0/0
 ip address 100.100.100.100 255.255.255.0
#
interface GigabitEthernet0/0/1
 ip address 192.168.5.100 255.255.255.0
#
ip route-static 0.0.0.0 0.0.0.0 100.100.100.1
#       
<R4>

r1的配置：

r1的配置.txt

r2的配置：

r2的配置.txt

下一跳重定向为路由器本身，实现利用路由表转发：
acl number 3001  
 rule 10 permit ip source 192.168.1.11 0 destination 192.168.168.0 0.0.1.255
 rule 20 permit ip source 192.168.1.11 0 destination 192.168.167.3 0
traffic classifier 1 operator or
 if-match acl 3001
traffic behavior 1
 redirect ip-nexthop 192.168.167.3
traffic policy 1
 classifier 1 behavior 1   preference 10  #eNSP模拟器上没有这个优先级，但是真机上有
 classifier 2 behavior 2   preference 15
 classifier 3 behavior 3   preference 20

如果把到达192.168.168.0/23的流量的下一跳重定向为192.168.1.2也是一样可以达到目的（需要路由器本身有路由可达即可）。
traffic policy 1
 classifier 1 behavior 2   preference 10  #动作匹配behavior 2 , 不再匹配behavior 1
 classifier 2 behavior 2   preference 15
 classifier 3 behavior 3   preference 20

PBR策略路由（列表、list、全）策略路由list、pbrlist
http://www.zh-cjh.com/wenzhangguilei/975.html
文章归类、所有文章列表、LISTLIST
http://www.zh-cjh.com/wangzhangonggao/2195.html