++++++++++++++++++++++++++++++++++++++
CISCO 与华为交换机 实现基于 源地址 的 策略路由
步骤:
不同于H3C和cisco,华为的是在vlan下作策略的哦
[Quidway]acl number 2000
[Quidway-acl-basic-2000]rule permit source 192.168.30.0
0.0.0.255 //ACL 定义IP 范围
[Quidway-acl-basic-2000]quit
[Quidway]traffic classifier
W3 //流量分类过滤启用
[Quidway-classifier-W3]if-match acl
2000 //配置ACL至W3
[Quidway-classifier-W3]quit
[Quidway]traffic behavior
W3 //流量行为W3启用
[Quidway-behavior-W3]redirect ip-nexthop
2.2.2.1 //流量行为W3下一跳到2.2.2.1
[Quidway-behavior-W3]quit
[Quidway]traffic policy
W3 //流量策略W3启用
[Quidway-trafficpolicy-W3]classifier W3 behavior
W3 //流量策略W3,分类策略W3,按W3行为执行
[Quidway-trafficpolicy-W3]quit
[Quidway]vlan
71 //应用到VLAN
[Quidway-Vlan71]traffic-policy W3
inbound //流量策略W3启用到接口及过滤方向确定
CISCO 配置+++++++++++++
CISCO 源路由、策略路由简配
interface GigabitEthernet1/1 description to Internet no switchport ip address 222.112.123.110 255.255.255.252 ! interface GigabitEthernet1/2 ! interface GigabitEthernet3/1 description to bras1 no switchport ip address 162.153.123.113 255.255.255.252 ip policy route-map isp2 speed nonegotiate ! interface GigabitEthernet3/2 description to bras2 no switchport ip address 162.153.123.117 255.255.255.252 ip policy route-map isp2 speed nonegotiate ! interface GigabitEthernet3/3 ! interface GigabitEthernet3/4 ! interface GigabitEthernet3/5 ! interface GigabitEthernet3/6 ! interface GigabitEthernet4/1 description to isp2 no switchport ip address 211.211.44.254 255.255.255.252 speed nonegotiate ! interface GigabitEthernet4/2 ! interface GigabitEthernet4/3 ! interface GigabitEthernet4/4 ! interface GigabitEthernet4/5 ! interface GigabitEthernet4/6 ! interface Vlan1 no ip address ! ip classless ip route 0.0.0.0 0.0.0.0 222.112.123.109 ip route 211.211.218.0 255.255.252.0
162.153.123.113 ip route 211.211.232.0 255.255.254.0
162.153.123.117 ip route 222.122.16.0 255.255.252.0
162.153.123.113 ip route 221.122.20.0 255.255.252.0
162.153.123.117 no ip http server ! access-list 10 permit 211.211.218.0
0.0.3.255 access-list 10 permit 211.211.232.0
0.0.1.255 route-map isp2 permit 10 match ip address 10 set ip next-hop 211.211.44.253 ! ! ! +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\
基于源地址的策略路由
配置概述:
路由器A将192.1.1.1来的所有数据从接口S0发出,而将从192.1.1.2来的所有数据从接口S1发出。
路由器A定义几个二级接口作为测试点。路由器A和B配置RIP.在A的ETHERNET接口上应用IP策略路由图LAB1,为从192.168.1.1来的数据设置下一跳接口为S0,为从192..1.1.2来的数位设置下一跳接口为S1,所有其他的报文将用基于目的地址的路由。
路由器配置:
ROUTE A:
Version 11.2
No service udp-small-servers
No service tcp-small-servers
Hostname routerA
Interface ethernet0
Ip address 192.1.1.1 255.255.255.0 secondary
Ip address 192.1.1.2 255.255.255.0 secondary
Ip address 192.1.1.3 255.255.255.0 secondary
Ip address 192.1.1.10 255.255.255.0
Ip policy route-map lab1
//策略路由应用于E0口
interface serial0
ip addr 150.1.1.1 255.255.255.0
interface serial1
ip addr 151.1.1.1 255.255.255.0
router rip
network 192.1.1.0
network 150.1.0.0
network 151.1.0.0
ip local policy route-map lab1
//使路由器策略路由本地产生报文
no ip classless
access-list 1 permit 192.1.1.1
access-list 2 permit 192.1.1.2
route-map lab1 permit 10
//定义策略路由图名称:LAB1,10为序号,用来标明被匹配的路由顺序。
Match ip address 1
//匹配地址为访问列表1
Set interface serial0
//匹配下一跳为S0
Route-map lab1 permit 20
Match ip address 2
Set interface serial1
Line con0
Line aux0
Line vty 0 4
Login
End
路由器B为标准配置略。
相关调试命令:
show ip policy
show router-map
debug ip policy
版权说明:如非注明,本站文章均为 扬州驻场服务-网络设备调试-监控维修-南京泽同信息科技有限公司 原创,转载请注明出处和附带本文链接。
请在这里放置你的在线分享代码