打开APP
userphoto
未登录

开通VIP,畅享免费电子书等14项超值服

开通VIP

首页

好书

留言交流

下载APP

联系客服
策略路由【cisco设备】
userphoto 关注

作者:Proty

拓扑:

前言:1.这里我用R5来模拟pc1,R6模拟pc2;R1用来模拟一台傻瓜交换机;
           2.四台路由器之间运行ospf,在R2的路由表中默认pc2的流量是从R2的s0/0出去经由R4到达R7的loopback0.
           3.我们用策略路由把从pc2来的流量从R2的s0/1口发出去经由R3到达R7的loopback0.
           4.R1作为一台交换机;
               R7的loopback地址是7.7.7.7
               pc1的地址是192.168.1.1
               pc2的地址是192.168.1.2
                R2的f1/0地址是192.168.1.3
一、基于策略的路由--PBR(简称策略路由)
1.PBR影响ip数据层面,他改变路由器做出的路由决策,但不会修改ip路由表。
实验要求:这里的pbr配置识别pc2发给r7的环回地址的分组。并通过s0/1将这些分组转发至r3,分组沿r2的s0/1口前往r3。而不按r2的ip路由表指定的那样转发给r4.
2.在以上实验中,来看看set命令不包括和包括default参数的情况
  a.若将set命令改为:set ip default next-hop 23.0.0.3
结果:r2首先查找(并找到)一条经由r4的路由,并将pc2发送的分组转发至r4.
总结:
1.省略default参数时,逻辑类似于:首先尝试pbr,如果pbr路由不可用,则尝试通常那样进行转发。
2.含default参数时,逻辑类似于:首先尝试通常那样转发分组,但不考虑默认路由。如果常规路由失败,则进行pbr转发。
以下是相关配置:
pc1:
pc1#sh run
Building configuration...
Current configuration : 664 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname pc1
no ip routing
!
!
no ip domain lookup
!
!
interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 no ip route-cache
 duplex auto
 speed auto
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
!
!
end
pc1# 
pc1#
pc1#
pc1#ping 7.7.7.7
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 108/130/148 ms
pc1#
pc1#
pc1#
pc1#trac
pc1#traceroute 7.7.7.7
Type escape sequence to abort.
Tracing the route to 7.7.7.7
  1 192.168.1.3 88 msec 16 msec 84 msec
  2 24.0.0.4 104 msec 72 msec 56 msec
  3 47.0.0.7 92 msec *  124 msec
pc1#
pc1#
pc1#
pc1#

PC2:
pc2#
pc2#
pc2#sh run
Building configuration...
Current configuration : 664 bytes
!
version 12.3
hostname pc2
!
no ip routing
!
!
no ip domain lookup
!
!
interface FastEthernet0/0
 ip address 192.168.1.2 255.255.255.0
 no ip route-cache
 duplex auto
 speed auto
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
!
!
end
pc2# 
pc2#
pc2#ping 7.7.7.7
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 80/117/168 ms
pc2#
pc2#
pc2#
pc2#trac
pc2#traceroute 7.7.7.7
Type escape sequence to abort.
Tracing the route to 7.7.7.7
  1 192.168.1.3 60 msec 128 msec 28 msec
  2 23.0.0.3 96 msec 60 msec 64 msec
  3 37.0.0.7 124 msec *  88 msec
pc2#
pc2#
pc2#ping 7.7.7.7
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
pc2#ping 7.7.7.7
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 92/148/236 ms
pc2#
pc2#
pc2#
pc2#ping 7.7.7.7
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/117/152 ms
pc2#
pc2#
pc2#
pc2#trac
pc2#traceroute 7.7.7.7
Type escape sequence to abort.
Tracing the route to 7.7.7.7
  1 192.168.1.3 108 msec 48 msec 40 msec
  2 23.0.0.3 48 msec 64 msec 60 msec
  3 37.0.0.7 96 msec *  136 msec
pc2#traceroute 7.7.7.7
Type escape sequence to abort.
Tracing the route to 7.7.7.7
  1 192.168.1.3 104 msec 92 msec 64 msec
  2  *  *
pc2#ping 7.7.7.7     
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
pc2#ping 7.7.7.7
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/127/176 ms
pc2#traceroute 7.7.7.7
Type escape sequence to abort.
Tracing the route to 7.7.7.7
  1 192.168.1.3 60 msec 120 msec 80 msec
  2 24.0.0.4 96 msec 64 msec 220 msec
  3 47.0.0.7 168 msec *  104 msec
pc2#
pc2#
pc2#
pc2#
pc2#
pc2#
SW(模拟交换机):

 sw1#
sw1#
sw1#sh run
Building configuration...

Current configuration : 1394 bytes
!
version 12.3
hostname sw1
!
!
!
no ip domain lookup
!
interface FastEthernet0/0
 no ip address
!
interface FastEthernet0/1
 no ip address
!
interface FastEthernet0/2
 no ip address
!
interface Vlan1
 no ip address
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
!
!
end

sw1# 

 

R2:

r2#sh run
Building configuration...

Current configuration : 1367 bytes
!
version 12.3
hostname r2
!
!
no ip domain lookup
!
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.0
!
interface Serial0/0
 ip address 24.0.0.2 255.255.255.0
 serial restart-delay 0
!
interface Serial0/1
 ip address 23.0.0.2 255.255.255.0
 serial restart-delay 0
!
interface Serial0/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial0/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface FastEthernet1/0
 ip address 192.168.1.3 255.255.255.0
 ip policy route-map pc2-liuliang
 duplex auto
 speed auto
!
router ospf 110
 router-id 2.2.2.2
 log-adjacency-changes
 network 2.2.2.0 0.0.0.255 area 0
 network 23.0.0.0 0.0.0.255 area 0
 network 24.0.0.0 0.0.0.255 area 0
 network 192.168.1.0 0.0.0.255 area 0
!
ip http server
no ip http secure-server
ip classless
!
!
!
access-list 101 permit ip host 192.168.1.2 7.7.7.0 0.0.0.255
!
route-map pc2-liuliang permit 10
 match ip address 101
 set ip next-hop 23.0.0.3
!
!        
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
!
!
end

r2#
r2#
r2#
r2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     2.0.0.0/24 is subnetted, 1 subnets
C       2.2.2.0 is directly connected, Loopback0
     3.0.0.0/32 is subnetted, 1 subnets
O       3.3.3.3 [110/65] via 23.0.0.3, 00:03:46, Serial0/1
     4.0.0.0/32 is subnetted, 1 subnets
O       4.4.4.4 [110/65] via 24.0.0.4, 00:03:46, Serial0/0
     23.0.0.0/24 is subnetted, 1 subnets
C       23.0.0.0 is directly connected, Serial0/1
     37.0.0.0/24 is subnetted, 1 subnets
O       37.0.0.0 [110/128] via 23.0.0.3, 00:03:46, Serial0/1
     7.0.0.0/32 is subnetted, 1 subnets
O       7.7.7.7 [110/129] via 24.0.0.4, 00:03:46, Serial0/0
                [110/129] via 23.0.0.3, 00:03:46, Serial0/1
     24.0.0.0/24 is subnetted, 1 subnets
C       24.0.0.0 is directly connected, Serial0/0
C    192.168.1.0/24 is directly connected, FastEthernet1/0
     47.0.0.0/24 is subnetted, 1 subnets
O       47.0.0.0 [110/128] via 24.0.0.4, 00:03:48, Serial0/0
r2#
r2#
r2#sh ip poli
r2#sh ip policy
Interface      Route map
Fa1/0          pc2-liuliang
r2#sh rout
r2#sh route-map ?
  WORD     route-map name
  all      static and dynamic route-map information
  dynamic  dynamic route-map information
  |        Output modifiers
  <cr>

r2#sh route-map
route-map pc2-liuliang, permit, sequence 10
  Match clauses:
    ip address (access-lists): 101
  Set clauses:
    ip next-hop 23.0.0.3
  Policy routing matches: 11 packets, 930 bytes
r2#
r2#
r2#
r2#
*Mar  1 00:27:01.571: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to down
*Mar  1 00:27:01.575: %OSPF-5-ADJCHG: Process 110, Nbr 3.3.3.3 on Serial0/1 from INIT to DOWN, Neighbor Down: Interface down or detached
r2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
r2(config)#route
*Mar  1 00:27:11.555: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to up
r2(config)#route-m
r2(config)#route-map pc2-liuli
r2(config-route-map)#match ip address 101
r2(config-route-map)#set
r2(config-route-map)#set ip ?
  address     Specify IP address
  default     Set default information
  df          Set DF bit
  next-hop    Next hop address
  precedence  Set precedence field
  qos-group   Set QOS Group ID
  tos         Set type of service field

r2(config-route-map)#set ip def
r2(config-route-map)#set ip default ?
  next-hop  Next hop along path

r2(config-route-map)#set ip default ne
r2(config-route-map)#set ip default next-hop ?
  A.B.C.D              Default next hop IP address
  verify-availability  Verify if default nexthop is a CDP neighbor
  <cr>

r2(config-route-map)#set ip default next-hop 23.0.0.3 ?
  A.B.C.D  Default next hop IP address
  <cr>

r2(config-route-map)#set ip default next-hop 23.0.0.3
r2(config-route-map)#
r2(config-route-map)#
r2(config-route-map)#
r2(config-route-map)#^Z
r2#
r2#
r2#
r2#
r2#
r2#
*Mar  1 00:27:53.051: %SYS-5-CONFIG_I: Configured from console by console
r2#
*Mar  1 00:28:58.911: %OSPF-5-ADJCHG: Process 110, Nbr 3.3.3.3 on Serial0/1 from FULL to DOWN, Neighbor Down: Dead timer expired
r2#
*Mar  1 00:29:01.571: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to down

 

R3:

r3#sh run
Building configuration...

Current configuration : 1138 bytes
!
hostname r3
!
no ip domain lookup
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.0
!
interface Serial0/0
 ip address 37.0.0.3 255.255.255.0
 serial restart-delay 0
!
interface Serial0/1
 ip address 23.0.0.3 255.255.255.0
 serial restart-delay 0
!
interface Serial0/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial0/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface FastEthernet1/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
router ospf 110
 router-id 3.3.3.3
 log-adjacency-changes
 network 3.3.3.0 0.0.0.255 area 0
 network 23.0.0.0 0.0.0.255 area 0
 network 37.0.0.0 0.0.0.255 area 0
!
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
!
!
end

r3#
r3#
r3#
r3#
r3#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/65] via 23.0.0.2, 00:04:41, Serial0/1
     3.0.0.0/24 is subnetted, 1 subnets
C       3.3.3.0 is directly connected, Loopback0
     4.0.0.0/32 is subnetted, 1 subnets
O       4.4.4.4 [110/129] via 37.0.0.7, 00:04:41, Serial0/0
                [110/129] via 23.0.0.2, 00:04:41, Serial0/1
     23.0.0.0/24 is subnetted, 1 subnets
C       23.0.0.0 is directly connected, Serial0/1
     37.0.0.0/24 is subnetted, 1 subnets
C       37.0.0.0 is directly connected, Serial0/0
     7.0.0.0/32 is subnetted, 1 subnets
O       7.7.7.7 [110/65] via 37.0.0.7, 00:04:41, Serial0/0
     24.0.0.0/24 is subnetted, 1 subnets
O       24.0.0.0 [110/128] via 23.0.0.2, 00:04:42, Serial0/1
O    192.168.1.0/24 [110/65] via 23.0.0.2, 00:04:42, Serial0/1
     47.0.0.0/24 is subnetted, 1 subnets
O       47.0.0.0 [110/128] via 37.0.0.7, 00:04:42, Serial0/0
r3#
r3#
r3#
r3#
r3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
r3(config)#int s0/1
r3(config-if)#shu
r3(config-if)#
*Mar  1 00:26:46.591: %OSPF-5-ADJCHG: Process 110, Nbr 2.2.2.2 on Serial0/1 from FULL to DOWN, Neighbor Down: Interface down or detached
r3(config-if)#
*Mar  1 00:26:48.575: %LINK-5-CHANGED: Interface Serial0/1, changed state to administratively down
*Mar  1 00:26:49.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to down
r3(config-if)#no shu
r3(config-if)#
*Mar  1 00:27:21.027: %LINK-3-UPDOWN: Interface Serial0/1, changed state to up
*Mar  1 00:27:22.027: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to up
r3(config-if)#
*Mar  1 00:27:41.315: %OSPF-5-ADJCHG: Process 110, Nbr 2.2.2.2 on Serial0/1 from LOADING to FULL, Loading Done
r3(config-if)#  
r3(config-if)#
r3(config-if)#shu
r3(config-if)#
*Mar  1 00:28:49.159: %OSPF-5-ADJCHG: Process 110, Nbr 2.2.2.2 on Serial0/1 from FULL to DOWN, Neighbor Down: Interface down or detached
r3(config-if)#
*Mar  1 00:28:51.143: %LINK-5-CHANGED: Interface Serial0/1, changed state to administratively down
*Mar  1 00:28:52.143: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to down

 

R4:

r4#
r4#
r4#sh run
Building configuration...

Current configuration : 1138 bytes
!
version 12.3
hostname r4
!
no ip domain lookup
!
!
!
!
interface Loopback0
 ip address 4.4.4.4 255.255.255.0
!
interface Serial0/0
 ip address 24.0.0.4 255.255.255.0
 serial restart-delay 0
!
interface Serial0/1
 ip address 47.0.0.4 255.255.255.0
 serial restart-delay 0
!
interface Serial0/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial0/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface FastEthernet1/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
router ospf 110
 router-id 4.4.4.4
 log-adjacency-changes
 network 4.4.4.0 0.0.0.255 area 0
 network 24.0.0.0 0.0.0.255 area 0
 network 47.0.0.0 0.0.0.255 area 0
!
!        
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
!
!
end

r4#
r4#
r4#
r4# sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/65] via 24.0.0.2, 00:05:21, Serial0/0
     3.0.0.0/32 is subnetted, 1 subnets
O       3.3.3.3 [110/129] via 47.0.0.7, 00:05:21, Serial0/1
                [110/129] via 24.0.0.2, 00:05:21, Serial0/0
     4.0.0.0/24 is subnetted, 1 subnets
C       4.4.4.0 is directly connected, Loopback0
     23.0.0.0/24 is subnetted, 1 subnets
O       23.0.0.0 [110/128] via 24.0.0.2, 00:05:21, Serial0/0
     37.0.0.0/24 is subnetted, 1 subnets
O       37.0.0.0 [110/128] via 47.0.0.7, 00:05:21, Serial0/1
     7.0.0.0/32 is subnetted, 1 subnets
O       7.7.7.7 [110/65] via 47.0.0.7, 00:05:21, Serial0/1
     24.0.0.0/24 is subnetted, 1 subnets
C       24.0.0.0 is directly connected, Serial0/0
O    192.168.1.0/24 [110/65] via 24.0.0.2, 00:05:22, Serial0/0
     47.0.0.0/24 is subnetted, 1 subnets
C       47.0.0.0 is directly connected, Serial0/1
r4#
r4#
r4#
r4#

R7:

R7#sh run
Building configuration...

Current configuration : 1138 bytes
!
version 12.3
hostname R7
!
!
!
no ip domain lookup
!      
interface Loopback0
 ip address 7.7.7.7 255.255.255.0
!
interface Serial0/0
 ip address 37.0.0.7 255.255.255.0
 serial restart-delay 0
!
interface Serial0/1
 ip address 47.0.0.7 255.255.255.0
 serial restart-delay 0
!
interface Serial0/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial0/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface FastEthernet1/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
router ospf 110
 router-id 7.7.7.7
 log-adjacency-changes
 network 7.7.7.0 0.0.0.255 area 0
 network 37.0.0.0 0.0.0.255 area 0
 network 47.0.0.0 0.0.0.255 area 0
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
!
!
end

R7#
R7#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/129] via 47.0.0.4, 00:07:14, Serial0/1
                [110/129] via 37.0.0.3, 00:07:14, Serial0/0
     3.0.0.0/32 is subnetted, 1 subnets
O       3.3.3.3 [110/65] via 37.0.0.3, 00:07:14, Serial0/0
     4.0.0.0/32 is subnetted, 1 subnets
O       4.4.4.4 [110/65] via 47.0.0.4, 00:07:14, Serial0/1
     23.0.0.0/24 is subnetted, 1 subnets
O       23.0.0.0 [110/128] via 37.0.0.3, 00:07:14, Serial0/0
     37.0.0.0/24 is subnetted, 1 subnets
C       37.0.0.0 is directly connected, Serial0/0
     7.0.0.0/24 is subnetted, 1 subnets
C       7.7.7.0 is directly connected, Loopback0
     24.0.0.0/24 is subnetted, 1 subnets
O       24.0.0.0 [110/128] via 47.0.0.4, 00:07:15, Serial0/1
O    192.168.1.0/24 [110/129] via 47.0.0.4, 00:07:15, Serial0/1
                    [110/129] via 37.0.0.3, 00:07:15, Serial0/0
     47.0.0.0/24 is subnetted, 1 subnets
C       47.0.0.0 is directly connected, Serial0/1
R7#
R7#
R7#sh ip po,l
R7#sh ip p  
R7#sh ip poli
R7#sh ip policy
Interface      Route map
R7#
R7#

THE END!

本站仅提供存储服务,所有内容均由用户发布,如发现有害或侵权内容,请点击举报
打开APP,阅读全文并永久保存 查看更多类似文章
猜你喜欢
类似文章
【热】打开小程序,算一算2024你的财运
双出口nat配置(一主一备)
[原创] ipsec高可用性试验
GRE封装时出现tunnel recursive routing
为什么有些 OSPF 路由在数据库里但不在路由表里?
专用Cisco路由器的替代品 Zebra二
CCIE学习(34)—— EIGRP配置
更多类似文章 >>
生活服务
热点新闻
留言交流
回顶部
联系我们
分享 收藏 导长图 关注 下载文章
绑定账号成功
后续可登录账号畅享VIP特权!
如果VIP功能使用有故障,
可点击这里联系客服!

联系客服