解释:
接口策略路由的配置:
仅对转发的报文起作用,对本地下发的报文不起作用。
看AR1 g0/0/0 g0/0/1 抓包
之后 PC1 PC2 ping 6.6.6.6
看wireshark里面
-------------- ---------R1-------------------
sys
sys AR1
int g0/0/0
ip a 1.0.0.1 24
int g0/0/1
ip a 2.0.0.1 24
int g0/0/2
ip a 192.168.1.254 24
int g4/0/0
ip a 192.168.2.254 24
q
ip route-static 6.6.6.6 32 1.0.0.2
ip route-static 7.7.7.7 32 2.0.0.2
ospf 1 router-id 1.1.1.1
area 0
network 1.0.0.1 0.0.0.0
network 2.0.0.1 0.0.0.0
network 192.168.1.254 0.0.0.0
network 192.168.2.254 0.0.0.0
-------------- ---------R2-------------------
sys
sys AR2
int g0/0/0
ip a 1.0.0.2 24
int g0/0/1
ip a 2.0.0.2 24
int loop 1
ip a 6.6.6.6 32
int loop 2
ip a 7.7.7.7 32
q
ip route-static 192.168.1.0 24 1.0.0.1
ip route-static 192.168.2.0 24 2.0.0.1
ospf 1 router-id 2.2.2.2
area 0
network 1.0.0.2 0.0.0.0
network 2.0.0.2 0.0.0.0
network 6.6.6.6 0.0.0.0
network 7.7.7.7 0.0.0.0
AR2:
int g0/0/0
arp-proxy enable
int g0/0/1
arp-proxy enable
---------------------策略路由-----------------------
AR1:
#创建流分类,匹配 ACL 命中的流量
acl 2015
rule 5 permit source 192.168.1.0 0.255.255.255
acl 2016
rule 5 permit source 192.168.2.0 0.255.255.255
q
traffic classifier c1
if-match acl 2015
q
traffic classifier c2
if-match acl 2016
#创建流行为,配置重定向
traffic behavior b1
redirect ip-nexthop 1.0.0.2
q
traffic behavior b2
redirect ip-nexthop 2.0.0.2
#创建流策略,在接口上应用流策略
traffic policy p1
classifier c1 behavior b2
q
traffic policy p2
classifier c2 behavior b1
int g0/0/2
traffic-policy p1 inbound
int g4/0/0
traffic-policy p2 inbound
解释(检查)
dis acl all
dis traffic classifie
dis traffic behavior(流行为)
1.在AR3四个acl,分四类
2.四个流分类分别匹配 ACL
3.两条路R3-R2-R4 下面,R3-R1-R4 上面(做了两个流行为 )
4.创建了两个流策略,将流分类与流行为关联起来(市场部和销售部是两个流策略)
------------------------------------------------AR1----------------------------------------
sys
sys AR1
int g0/0/0
ip a 13.0.0.1 24
int g0/0/1
ip a 14.0.0.1 24
ospf 1 router-id 1.1.1.1
area 0
network 13.0.0.1 0.0.0.0
network 14.0.0.1 0.0.0.0
-------------------------------------------------AR4---------------------------------------------
sys
sys AR4
int g0/0/0
ip a 100.0.0.254 24
int g0/0/1
ip a 14.0.0.4 24
int g0/0/2
ip a 24.0.0.4 24
ospf 1 router-id 4.4.4.4
area 0
network 100.0.0.254 0.0.0.0
network 14.0.0.4 0.0.0.0
network 24.0.0.4 0.0.0.0
-------------------------------------------AR3--------------------
sys
sys AR3
int g0/0/0
ip a 192.168.1.254 24
int g0/0/1
ip a 192.168.2.254 24
int g0/0/2
ip a 13.0.0.3 24
int g4/0/0
ip a 23.0.0.3 24
ospf 1 router-id 3.3.3.3
area 0
network 192.168.1.254 0.0.0.0
network 192.168.2.254 0.0.0.0
network 13.0.0.3 0.0.0.0
network 23.0.0.3 0.0.0.0
---------------------------AR2-----------------------------------
sys
sys AR2
int g0/0/0
ip a 23.0.0.2 24
int g0/0/1
ip a 24.0.0.2 24
ospf 1 router-id 2.2.2.2
area 0
network 23.0.0.2 0.0.0.0
network 24.0.0.2 0.0.0.0
-------------------------------------AR3策略路由-----------------------
acl 3000
rule permit tcp source 192.168.1.0 0 destination 100.1.1.1 0 destination-port eq 21
acl 3001
rule permit tcp source 192.168.1.0 0 destination 100.1.1.1 0 destination-port eq 80
acl 3002
rule deny tcp source 192.168.2.0 0 destination 100.1.1.1 0 destination-port eq 21
acl 3003
rule permit tcp source 192.168.2.0 0 destination 100.1.1.1 0 destination-port eq 80
q
#流行为,配置重定向
traffic classifier 121
if-match acl 3000
q
traffic classifier 180
if-match acl 3001
q
traffic classifier 221
if-match acl 3002
q
traffic classifier 280
if-match acl 3003
q
#创建流策略,在接口上应用流策略
traffic behavior 314
redirect ip-nexthop 13.0.0.2
q
traffic behavior 324
redirect ip-nexthop 23.0.0.2
q
traffic policy 11
classifier 121 behavior 324
classifier 180 behavior 314
q
traffic policy 21
classifier 221 behavior 314
classifier 280 behavior 324
int g0/0/0
traffic-policy 11 inbound
int g0/0/1
traffic-policy 21 inbound
扫一扫
3667
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
