路由策略和策略路由实践

于 2024-06-17 16:04:52 发布
阅读量934 收藏 10
点赞数 24
文章标签: 网络
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_47592482/article/details/139746675
版权

文章目录

路由策略&策略路由实验

一、实验概述

  • 实验拓扑图:

在这里插入图片描述

(1)、实验要求

要求:

  • ①.通过使用策略路由(MQC)的办法让PC1访问外部网络的流量走AR2,PC2的流量走AR3

    PC4AR4, PC5AR5

  • ②.LSW1上使用traffic-filter,要求PC2PC3不能互访

    LSW2上设置相同,要求PC4PC5不能互访

  • ③.在三层设备上配置路由策略保证PC1-PC2-PC3只能访问PC4

    PC4只能访问PC2

二、实验实施

(1)、路由器配置-AR1

  • AR1
接口IP地址
[AR1]display ip interface brief 
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 5
The number of interface that is DOWN in Physical is 0
The number of interface that is UP in Protocol is 5
The number of interface that is DOWN in Protocol is 0

Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              172.17.1.1/30        up         up        
GigabitEthernet0/0/1              10.0.12.1/24         up         up        
GigabitEthernet0/0/2              10.0.13.1/24         up         up        
LoopBack0                         1.1.1.1/32           up         up(s)     
NULL0                             unassigned           up         up(s)
OSPF配置
[AR1]display current-configuration configuration ospf
[V200R003C00]
#
ospf 1 router-id 1.1.1.1 
 area 0.0.0.0 
  network 1.1.1.1 0.0.0.0 
  network 10.0.12.1 0.0.0.0 
  network 10.0.13.1 0.0.0.0 
  network 172.17.1.1 0.0.0.0 
#
return
策略路由

为了保证PC1和PC3之间互相访问的流量不被重定向下一跳,所以我们再加一条ACL3000.允许192.168.1.0/24网段访问192.168.3.0/24

并设置traffic classifier绑定ACL3000, traffic behavior 绑定动作设置为permit

[AR1]display current-configuration configuration acl-basic 
[V200R003C00]
#
acl number 2000  
 rule 5 permit source 192.168.10.0 0.0.0.255 
acl number 2001  
 rule 5 permit source 192.168.30.0 0.0.0.255

[AR1]display current-configuration configuration acl-adv 
[V200R003C00]
#
acl number 3000  
 rule 5 permit ip source 192.168.10.0 0.0.0.255 destination 192.168.30.0 0.0.0.2
55 
 rule 10 permit ip source 192.168.30.0 0.0.0.255 destination 192.168.10.0 0.0.0.
255 
#
return

[AR1]display current-configuration configuration classifier 
[V200R003C00]
#
traffic classifier permit operator or
 if-match acl 3000
traffic classifier vlan10 operator or
 if-match acl 2000
traffic classifier vlan20 operator or
 if-match acl 2001
#
return
       
[AR1]display current-configuration configuration behavior 
[V200R003C00]
#
traffic behavior permit
traffic behavior vlan10
 redirect ip-nexthop 10.0.12.2
traffic behavior vlan20
 redirect ip-nexthop 10.0.13.3
#
return  

[AR1]display current-configuration configuration trafficpolicy
[V200R003C00]
#
traffic policy PBR
 classifier vlan10 behavior vlan10
 classifier vlan20 behavior vlan20
 classifier permit behavior permit
#
return

[AR1]int g0/0/0
[AR1-GigabitEthernet0/0/0]traffic-policy PBR inbound
路由策略
[AR1]display acl 2002
Basic ACL 2002, 2 rules
Acl's step is 5'
 rule 5 deny source 192.168.50.0 0.0.0.255 (6 matches)
 rule 10 permit (87 matches)
 
 [AR1]display current-configuration configuration ospf
[V200R003C00]
#
ospf 1 router-id 1.1.1.1 
 filter-policy 2002 import

(2)、路由器配置-AR2

接口IP地址
  • AR2
[AR2]display ip interfaces brief 
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 4
The number of interface that is DOWN in Protocol is 1

Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              10.0.12.2/24         up         up        
GigabitEthernet0/0/1              10.0.23.2/24         up         up        
GigabitEthernet0/0/2              unassigned           down       down      
LoopBack0                         2.2.2.2/32           up         up(s)     
NULL0                             unassigned           up         up(s)
OSPF配置
[AR2]display current-configuration configuration ospf
[V200R003C00]
#
ospf 1 router-id 2.2.2.2 
 area 0.0.0.0 
  network 2.2.2.2 0.0.0.0 
  network 10.0.12.2 0.0.0.0 
  network 10.0.23.2 0.0.0.0 
#
return

(3)、路由器配置-AR3

接口IP地址
[AR3]display ip interface brief 
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 5
The number of interface that is DOWN in Physical is 0
The number of interface that is UP in Protocol is 5
The number of interface that is DOWN in Protocol is 0

Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              10.0.13.3/24         up         up        
GigabitEthernet0/0/1              10.0.23.3/24         up         up        
GigabitEthernet0/0/2              10.0.34.3/24         up         up        
LoopBack0                         3.3.3.3/32           up         up(s)     
NULL0                             unassigned           up         up(s)
OSPF配置
[AR3]display current-configuration configuration ospf
[V200R003C00]
#
ospf 1 router-id 3.3.3.3 
 area 0.0.0.0 
  network 3.3.3.3 0.0.0.0 
  network 10.0.13.3 0.0.0.0 
  network 10.0.23.3 0.0.0.0 
  network 10.0.34.3 0.0.0.0 
#
return

(4)、路由器配置-AR4

接口IP地址
[AR4]display ip interface brief 
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 5
The number of interface that is DOWN in Physical is 0
The number of interface that is UP in Protocol is 5
The number of interface that is DOWN in Protocol is 0

Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              10.0.34.4/24         up         up        
GigabitEthernet0/0/1              10.0.45.4/24         up         up        
GigabitEthernet0/0/2              10.0.46.4/24         up         up        
LoopBack0                         4.4.4.4/32           up         up(s)     
NULL0                             unassigned           up         up(s)
OSPF配置
[AR4]display current-configuration configuration ospf
[V200R003C00]
#
ospf 1 router-id 4.4.4.4 
 area 0.0.0.0 
  network 4.4.4.4 0.0.0.0 
  network 10.0.34.4 0.0.0.0 
  network 10.0.45.4 0.0.0.0 
  network 10.0.46.4 0.0.0.0 
#
return

(5)、路由器配置-AR5

接口IP地址
[AR5]display ip interfaces brief 
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 4
The number of interface that is DOWN in Protocol is 1

Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              10.0.45.5/24         up         up        
GigabitEthernet0/0/1              10.0.56.5/24         up         up        
GigabitEthernet0/0/2              unassigned           down       down      
LoopBack0                         5.5.5.5/32           up         up(s)     
NULL0                             unassigned           up         up(s)
OSPF配置
[AR5]display current-configuration configuration ospf
[V200R003C00]
#
ospf 1 router-id 5.5.5.5 
 area 0.0.0.0 
  network 5.5.5.5 0.0.0.0 
  network 10.0.45.5 0.0.0.0 
  network 10.0.56.5 0.0.0.0 
#
return

(6)、路由器配置-AR6

接口IP地址
[AR6]display ip interface brief 
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 5
The number of interface that is DOWN in Physical is 0
The number of interface that is UP in Protocol is 5
The number of interface that is DOWN in Protocol is 0

Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              10.0.46.6/24         up         up        
GigabitEthernet0/0/1              10.0.56.6/24         up         up        
GigabitEthernet0/0/2              172.16.1.1/30        up         up        
LoopBack0                         6.6.6.6/32           up         up(s)     
NULL0                             unassigned           up         up(s)
OSPF配置
[AR6]display current-configuration configuration ospf
[V200R003C00]
#
ospf 1 router-id 6.6.6.6 
 area 0.0.0.0 
  network 6.6.6.6 0.0.0.0 
  network 10.0.46.6 0.0.0.0 
  network 10.0.56.6 0.0.0.0 
  network 172.16.1.1 0.0.0.0 
#
return
策略路由
[AR6]display current-configuration configuration acl
[V200R003C00]
#
acl number 2000  
 rule 5 permit source 192.168.40.0 0.0.0.255 
#
acl number 2002  
 rule 5 permit source 192.168.50.0 0.0.0.255 
#
return

[AR6]display current-configuration configuration classifier 
[V200R003C00]
#
traffic classifier vlan40 operator or
 if-match acl 2000
traffic classifier vlan50 operator or
 if-match acl 2002
#
return
       
[AR6]display current-configuration configuration behavior 
[V200R003C00]
#
traffic behavior vlan40
 redirect ip-nexthop 10.0.46.4
traffic behavior vlan50
 redirect ip-nexthop 10.0.56.5
#
return

[AR6]display current-configuration configuration trafficpolicy 
[V200R003C00]
#
traffic policy PBR
 classifier vlan40 behavior vlan40
 classifier vlan50 behavior vlan50
#
return

[AR6]int g0/0/2
[AR6-GigabitEthernet0/0/2]traffic-policy PBR inbound
路由策略
[AR6]display acl 2001
Basic ACL 2001, 3 rules
Acl's step is 5'
 rule 15 deny source 192.168.10.0 0.0.0.255 (8 matches)
 rule 20 deny source 192.168.30.0 0.0.0.255 (21 matches)
 rule 25 permit (68 matches)
 
 [AR6]display current-configuration configuration ospf
[V200R003C00]
#
ospf 1 router-id 6.6.6.6 
 filter-policy 2001 import

(7)、LSW1

基础配置
[LSW1]display ip interface brief 
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 5
The number of interface that is DOWN in Physical is 2
The number of interface that is UP in Protocol is 5
The number of interface that is DOWN in Protocol is 2

Interface                         IP Address/Mask      Physical   Protocol  
MEth0/0/1                         unassigned           down       down      
NULL0                             unassigned           up         up(s)     
Vlanif1                           unassigned           down       down      
Vlanif10                          192.168.10.254/24    up         up        
Vlanif17                          172.17.1.2/30        up         up        
Vlanif20                          192.168.20.254/24    up         up        
Vlanif30                          192.168.30.254/24    up         up
OSPF配置
[LSW1]display current-configuration configuration ospf
#
ospf 1
 area 0.0.0.0
  network 192.168.10.0 0.0.0.255
  network 192.168.20.0 0.0.0.255
  network 192.168.30.0 0.0.0.255
  network 172.17.1.2 0.0.0.0
#
return
traffic-filter
[LSW1]display acl 3000
Advanced ACL 3000, 2 rules
Acl's step is 5'
 rule 5 deny ip source 192.168.20.0 0.0.0.255 destination 192.168.30.0 0.0.0.255

 rule 10 permit ip 

[LSW1]traffic-filter inbound acl 3000
路由策略
[LSW1]display acl 2000
Basic ACL 2000, 2 rules
Acl's step is 5'
 rule 5 deny source 192.168.50.0 0.0.0.255
 rule 10 permit

 [LSW1]display current-configuration configuration ospf
#
ospf 1
 filter-policy 2000 import

(8)、LSW2

基础配置
[LSW2]display ip interface brief 
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 2
The number of interface that is UP in Protocol is 4
The number of interface that is DOWN in Protocol is 2

Interface                         IP Address/Mask      Physical   Protocol  
MEth0/0/1                         unassigned           down       down      
NULL0                             unassigned           up         up(s)     
Vlanif1                           unassigned           down       down      
Vlanif16                          172.16.1.2/30        up         up        
Vlanif40                          192.168.40.254/24    up         up        
Vlanif50                          192.168.50.254/24    up         up
OSPF配置
[LSW2]display current-configuration configuration ospf
#
ospf 1
 area 0.0.0.0
  network 172.16.1.2 0.0.0.0
  network 192.168.40.0 0.0.0.255
  network 192.168.50.0 0.0.0.255
#
return
traffic-filter
[LSW2]display acl 3000
Advanced ACL 3000, 2 rules
Acl's step is 5'
 rule 5 deny ip source 192.168.40.0 0.0.0.255 destination 192.168.50.0 0.0.0.255
 
 rule 10 permit ip 

[LSW2]traffic-filter inbound acl 3000
路由策略
[LSW2]display acl 2000
Basic ACL 2000, 3 rules
Acl's step is 5'
 rule 5 deny source 192.168.10.0 0.0.0.255 
 rule 10 deny source 192.168.30.0 0.0.0.255 
 rule 15 permit 
 
 [LSW2]display current-configuration configuration ospf
#
ospf 1
 filter-policy 2000 import

三、验证

(1)、路由检查

  • AR1
[AR1]display ip routing-table 192.168.50.0
  • LSW1
[LSW1]display ip routing-table 192.168.50.0
  • AR6
[AR6]display ip routing-table 192.168.10.0
[AR6]display ip routing-table 192.168.30.0
  • LSW2
[LSW2]display ip routing-table 192.168.10.0
[LSW2]display ip routing-table 192.168.30.0

(2)、路由策略检查

PC1-PC2-PC3只能访问PC4

  • PC1

在这里插入图片描述

在这里插入图片描述

  • PC2

在这里插入图片描述

  • PC3

在这里插入图片描述

PC4只能访问PC2

  • PC4

在这里插入图片描述

在这里插入图片描述

(3)、traffic-filter

PC2不能访问PC3

在这里插入图片描述

PC4不能访问PC5

在这里插入图片描述

(4)、策略路由验证

PC1访问外网走AR2,PC3访问外网走AR3

在这里插入图片描述

在这里插入图片描述

PC4访问外网走AR4,PC5访问外网走AR5

在这里插入图片描述

在这里插入图片描述

HaLo_Grace肄繇
关注
  • 24
    点赞
  • 10
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
路由策略实验
zero_smile的博客
01-19 1926
实验要求: 1、两个协议间进行多点双向重发布。 2、R7环回没有宣告在OPSF中,而是后期重发布进入。 3、解决环路,所有路径选择最优,且存在备份。 1、拓扑搭建 2、配置底层IP地址 R1: R2: R3: 因为RIP只能宣告主类,而OSPF中学到R4的环回是3.3.3.3/32,而RIP学到的是3.3.3.0/24,所以会导致R1/2/3中会出现3.3.3.3/32和3.3.3.0/24的路由条目。因此将R3环回接口地址配成3.3.3.3/32。 也可将R3环回接口类型改为broadcast。
路由策略实验
最新发布
2201_75588145的博客
04-22 278
做完后查看是否成功,此时发现我们过滤掉了R4的路由。等待路由之间关系转变为full开始制作路由引路。注意,此时制作路由引路是在R2上制作。ospf区域中不能出现rip协议报文。检查端口配置是否正确。
路由重发布+路由策略(RP)+策略路由(PBR)实验(ip)
PAOMIAN_HAOCHI的博客
12-02 323
[r1]rip [r1-rip-1]VER [r1-rip-1]version ^ Error:Incomplete command found at '^' position. [r1-rip-1]ver [r1-rip-1]verify-source [r1-rip-1]version 2 [r1-rip-1]un [r1-rip-1]undo su [r1-rip-1]undo summary [r1-rip-1]net 1.0.0.0 [r1-rip-.
HCIE策略路由典型配置试验
09-06
在IT领域,HCIE(Huawei Certified ICT Expert)是华为公司认证的最高级别的专家级认证,专注于各种网络技术。策略路由(Policy-Based Routing,PBR)...通过实践和学习,你将能够更好地理解和运用这一强大的网络工具。
一种无标度网络上的局部路由策略
10-21
【局部路由策略】在复杂网络,尤其是以互联网为代表的大型通信网络中,路由策略的设计至关重要,因为这些网络往往具有小世界网络特性和无标度(scale-free)的连接特性。局部路由策略是解决信息流传输问题的一种有效...
华为 NE20E-S V800R010C10SPC500 配置指南 - 路由策略配置
04-20
总结,华为NE20E-S路由器的路由策略配置是一项关键的网络管理任务,涉及路由的过滤、发布、接收和属性设置,有效地利用路由策略能显著提升网络的效率和稳定性。在配置时,理解并遵循相关的配置注意事项和最佳实践是...
策略路由综合实验
04-30
这个实验旨在模拟实际网络环境中可能遇到的问题,提供了一个练习策略路由、接口配置、DHCP和NAT部署的平台,对于理解和掌握这些网络基础技术十分有益。通过这样的实践网络管理员可以更好地理解网络流量控制、地址...
路由策略学生实验-路由策略控制.rar
06-09
通过阅读和理解这个配置文件,学习者能够实际操作和实践路由策略的配置。 5. 实验步骤与技巧: - 定义路由策略:根据实验要求,创建匹配条件和动作的route map。 - 应用路由策略:将route map应用到相应的接口或...
策略路由路由策略原理
03-03
本文介绍网络技术中策略路由路由策略的原理及区别,详细介绍策略路由路由策略具体的配置命令及实验案例演示。
路由策略(1-ACL基础实验
padefe123的博客
11-29 3204
路由策略是通过一系列工具或方法对路由进行各种控制的“策略”,该策略可影响到路由产生、发布、选择等,进而影响报文的转发路径。
路由 策略
Suexiao7的博客
02-10 1122
ensp--路由策略实验
策略路由实验
could1的博客
06-21 721
首先实现全网互通,在SW2和SW3上创建telnet用户,pc可以正常登录telnet,过配置策略路由来实现pc可以telnet SW2但是不能telnet SW3第一步配置IP,然后配置vlan,配置静态路由实现全网互通,创建telnet用户,并在pc上telnet测试。 2.策略路由配置 代码如下(示例): 三、实验结果 1.首先未配置策略路由时,PC4都能正常telnet登录S2和S3 配置策略路由后,PC与S3就不能telent登录了,但是可以ping通 实验过程中可能遇到的问题: 无法实现全网
【HCNP】策略路由(小实验
weixin_44901204的博客
07-25 1017
1.策略路由路由策略的区别? 路由策略:影响路由表 策略路由:不看路由表 2.本地策略路由实验(只对本机有效,对转发无效) (1)基础配置如图,查看A1路由表/通过wireshark抓包可得,去6.6.6.6走g0/0/1 (2)创建acl,匹配目的地址 (3)策略路由配置:创建策略路由,匹配特定acl并指定出接口,并让策略生效 (4)ping6.6.6.6 g0/0/1抓包可得出接口已改变 为何发送ARP?假如配置策略路由的时候使用的是出接口而不是下一跳,则路由器会认为这条路由是直连的,而两个
H3C PBR(策略路由)实验
h320758724的博客
04-26 5963
实验拓扑 PBR(策略路由)实验 图 1-1 注:如无特别说明,描述中的 R1 或 SW1 对应拓扑中设备名称末尾数字为 1 的设备,R2 或 SW2 对应拓扑中设备名称末尾数字为 2 的设备,以此类推;另外,同一网段中,IP 地址的主机位为其设备编号,如 R3 的 g0/0 接口若在192.168.1.0/24网段,则其 IP 地址为192.168.1.3/24,以此类推 实验需求 按照图示配置 IP 地址,公司分别通过电信和联通线路接入互联网 公司内网配置...
二、路由策略配置实验
u012451051的博客
07-01 3705
路由策略
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值