项目场景/要求:
实验合集:
① 路由策略:使得左侧pc去往右侧pc走R2
② filter-policy:使得R1及其所连接pc不可访问pc7,其它设备不受影响
③策略路由配置——本地方式(不常用):只让R1从r3去右侧
④策略路由-接口方式:让pc1走r2,让pc2走r3
实搭拓扑图:
基础配置:
##R1:
[R1]int g0/0/2
[R1-GigabitEthernet0/0/2]ip add 1.1.1.1 24
[R1-GigabitEthernet0/0/2]int g0/0/1
[R1-GigabitEthernet0/0/1]ip add 13.1.1.1 24
[R1-GigabitEthernet0/0/1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 12.1.1.1 24
[R1]ospf 1 router-id 1.1.1.1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 12.1.1.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]network 13.1.1.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]network 1.1.1.0 0.0.0.255
##R2:
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 12.1.1.2 24
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]ip add 24.1.1.2 24
[R2-GigabitEthernet0/0/1]int loo0
[R2-LoopBack0]ip add 2.2.2.2 24
[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 12.1.1.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]network 24.1.1.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]network 2.2.2.0 0.0.0.255
##R3:
[R3]int g0/0/1
[R3-GigabitEthernet0/0/1]ip add 13.1.1.3 24
[R3-GigabitEthernet0/0/1]int g0/0/0
[R3-GigabitEthernet0/0/0]ip add 34.1.1.3 24
[R3-GigabitEthernet0/0/0]int loo0
[R3-LoopBack0]ip add 3.3.3.3 24
[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]network 13.1.1.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]network 34.1.1.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]network 3.3.3.0 0.0.0.255
##R4:
[R4]int gi0/0/0
[R4-GigabitEthernet0/0/0]ip add 24.1.1.4 24
[R4-GigabitEthernet0/0/0]int g0/0/1
[R4-GigabitEthernet0/0/1]ip add 34.1.1.4 24
[R4-GigabitEthernet0/0/1]int g0/0/2
[R4-GigabitEthernet0/0/2]ip add 4.4.4.1 24
[R4-GigabitEthernet0/0/1]int g4/0/0
[R4-GigabitEthernet4/0/0]ip add 7.7.7.1 24
[R4]ospf 1 router-id 4.4.4.4
[R4-ospf-1]area 0
[R4-ospf-1-area-0.0.0.0]network 24.1.1.0 0.0.0.255
[R4-ospf-1-area-0.0.0.0]network 34.1.1.0 0.0.0.255
[R4-ospf-1-area-0.0.0.0]network 4.4.4.0 0.0.0.255
[R4-ospf-1-area-0.0.0.0]network 7.7.7.0 0.0.0.255
核心配置:
一:路由策略:
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]ospf cost 2 ospf默认开销为1.使得去往4.4.4.0走gi0/0/0口
===============================================
二:filter-policy:
[R1]acl 2019
[R1-acl-basic-2019]rule deny source 7.7.7.0 0.0.0.255
[R1-acl-basic-2019]rule permit
[R1]ospf 1
[R1-ospf-1]filter-policy 2019 import
===============================================
三:策略路由配置——本地方式
只能对由本机主动触发的流量生效。对流经本机的(转发流量)无效
R1:
acl number 3000
rule 5 permit ip destination 4.4.4.4 0
[ ]policy-based-route aa permit node 10
if-match acl 3000
apply ip-address next-hop 13.1.1.3 (强制下一跳)
[R1]ip local policy-based-route aa 本地调用
===============================================
四:策略路由-接口方式
让pc1走r2,让pc2走r3
① 分类
acl number 2006
rule 5 permit source 1.1.1.2 0
acl number 2007
rule 5 permit source 1.1.1.3 0
traffic classifier caiwubu
if-match acl 2007
traffic classifier gongcheng
if-match acl 2006
② 动作
traffic behavior caiwu
redirect ip-nexthop 13.1.1.3
traffic behavior gongcheng
redirect ip-nexthop 12.1.1.2
③ 关联 (策略)
traffic policy bb
classifier gongcheng behavior gongcheng #前者是分类,后者是动作,相关联。
classifier caiwubu behavior caiwu
④ 接口调用
interface GigabitEthernet0/0/2
ip address 1.1.1.1 255.255.255.0
traffic-policy bb inbound
注意:目前基于接口的策略路由只针对入方向生效