静态路由的管理距离和优先级
2012-12-21 16:53:20 来源: 评论:0 点击:
描述:该文档描述Fortigate如何处理有着不同管理距离或优先级的默认路由Network scenario used for this example : [ FortiGate ][ PC ] --- LAN ------ [ switch port16 ] --- ...
描述:
该文档描述Fortigate如何处理有着不同管理距离或优先级的默认路由
Network scenario used for this example :
[ FortiGate ]
[ PC ] --- LAN ------ [ switch port16 ] --- ISP1 (192.168.182.0/23)
(10.160.0.0/16) [ port13 ] --- ISP2 (172.31.224.0/23)
优先选择:
优先级:较低值在路由表中优先被选择
管理距离: 较低值在路由表中优先被选择
Example 1 : 同样的管理距离和优先级
config router static
edit 1
set device "port16"
set gateway 192.168.183.254
next
edit 2
set device "port14"
set gateway 172.31.225.254
next
end
路由表中包含两条默认路由,以上情况等价多路由ECMP将被应用
FGT# get router info routing-table static
S* 0.0.0.0/0 [10/0] via 172.31.225.254, port13 [10/0] via 192.168.183.254, port16 |
Example 2 : 不同的管理距离,相同优先级
config router static
edit 1
set device "port16"
set gateway 192.168.183.254
next
edit 2
set device "port13"
set distance 5
set gateway 172.31.225.254
next
end
这种情况路由表中仅包含管理距离最低的那条路由
FGT# get router info routing-table static
S* 0.0.0.0/0 [5/0] via 172.31.225.254, port13 |
Example 3 : 相同管理距离,不同的优先级
config router static
edit 1
set device "port16"
set gateway 192.168.183.254
set priority 2
next
edit 2
set device "port13"
set gateway 172.31.225.254
set priority 5
next
end
该情况路由表中包含2条静态路由,但仅有最低优先级(port16)用于出口路由,第二条用于接受流入流量
FGT# get router info routing-table static
S* 0.0.0.0/0 [10/0] via 192.168.183.254, port16, [2/0] [10/0] via 172.31.225.254, port13, [5/0] |
验证出口 ping 10.70.202.225 :
FGT# diagnose sniffer packet any "icmp" 4
3.518463 switch in 10.160.0.93 -> 10.70.202.225: icmp: echo request 3.518481 port16 out 192.168.182.200 -> 10.70.202.225: icmp: echo request |
Example 4 : 相同管理距离,相同优先级,策略路由
该配置目的是将所有http流量导入Port13
config router static
edit 1
set device "port16"
set gateway 192.168.183.254
next
edit 2
set device "port14"
set gateway 172.31.225.254
next
end
config router policy
edit 1
set input-device "switch"
set protocol 6
set start-port 80
set end-port 80
set output-device "port13"
next
end
路由表中包含2条静态路由并使用等价路由处理流量,http流量将路由至port13
FGT# get router info routing-table static
S* 0.0.0.0/0 [10/0] via 172.31.225.254, port13 [10/0] via 192.168.183.254, port16 |
验证出口流量 ping and HTTP 10.70.202.225 :
FGT# diagnose sniffer packet any "icmp or port 80" 4
8.488361 switch in 10.160.0.93 -> 10.70.202.225: icmp: echo request 8.488409 port16 out 192.168.182.200 -> 10.70.202.225: icmp: echo request 19.346273 switch in 10.160.0.93.4090 -> 10.70.202.225.80: syn 3171174784 19.346326 port13 out 172.31.224.200.53106 -> 10.70.202.225.80: syn 3171174784 |
Example 5 : 相同管理距离,不同的优先级,策略路由
该配置目的是在port13比port16优先级的情况下将http流量路由至port13
config router static
edit 1
set device "port16"
set gateway 192.168.183.254
set priority 2
next
edit 2
set device "port13"
set gateway 172.31.225.254
set priority 5
next
end
config router policy
edit 1
set input-device "switch"
set protocol 6
set start-port 80
set end-port 80
set output-device "port13"
next
end
路由表中包含两条路由,其中Port16 这条路由用做出口路由,而只有匹配策略路由的http流量将路由至Port13
FGT# get router info routing-table static
S* 0.0.0.0/0 [10/0] via 192.168.183.254, port16, [2/0] [10/0] via 172.31.225.254, port13, [5/0] |
验证出口流量ping and HTTP 10.70.202.225
FG200B3909600137 # diagnose sniffer packet any "icmp or port 80" 4
8.412794 switch in 10.160.0.93 -> 10.70.202.225: icmp: echo request 8.412839 port16 out 192.168.182.200 -> 10.70.202.225: icmp: echo request 14.282070 switch in 10.160.0.93.4102 -> 10.70.202.225.80: syn 4033500215 14.290198 port13 out 172.31.224.200.28814 -> 10.70.202.225.80: syn 4033500215 |
相关热词搜索:
上一篇:如何过滤或控制重发布路由
下一篇:设置FortiGate 双网关
分享到:
收藏
收藏
评论排行
- ·VMware部署FortiGate VM和VMX详解(66)
- ·FortiClient Windows系统安装包(21)
- ·SSL VPN Client For Windows(SSL ...(10)
- ·FortiClient Mac系统安装包(4)
- ·FortiClient 安卓安装包(3)
- ·FortiOS 5.6系统演示(2)
- ·飞塔防火墙配置手册5.0(2)
- ·给拨号VPN的用户分配固定IP地址(2)
- ·Fortinet无线网络接入配置步骤 4.2(2)
- ·FortiGate FortiOS最佳版本建议书(1)
- ·FortiWLC控制器系统恢复操作介绍(1)
- ·FortiClient 安卓系统安装包(1)
- ·设置FortiGate 双网关(1)
- ·FortiGate产品实施中文一本通7.0(1)
- ·SSL VPN Client for Linux(SSL VP...(1)
- ·如何配置FortiGate双出口(1)
- ·FortiConvertor配置转换工具(1)
- ·FortiGate 4.2 中文管理员使用手册(1)
- ·设置FortiGate DHCP地址保留(1)
- ·Fortinet技术服务和支持体系(1)
