策略路由是一種比基於目標網絡進行路由更加靈活的數據包路由轉發機制。應用了策 策略路由,路由器將通過路由圖決定如何對需要路由的數據包進行處理,路由圖決定了一個數據包的下一跳轉發路由器。
1. 應用策略路由,必須要指定策略路由使用的路由圖,並且要創建路由圖。一個路由圖由很多條策略組成,每個策略都定義了1 個或多個的匹配規則和對應操作。
2 .一個接口應用策略路由後,將對該接口接收到的所有包進行檢查,不符合路由圖任何策略的數據包將按照通常的路由轉發進行處理,符合路由圖中某個策略的數據包,就按照該策略中定義的操作進行處理。
3. 策略路由可以使數據包按照用戶指定的策略進行轉發。對於某些管理目的,如QoS需求或***拓撲結構,要求某些路由必須經過特定的路徑,就可以使用策略路由。例如,一個策略可以指定從某個網絡發出的數據包只能轉發到某個特定的接口。
廢話不說我們看圖說話
要求: 1.要求 20.101 走 2.2 30.102 走2.3 用標準列表做
2 .使用擴張列表要求把任意子網到10.10 2.2 10.11走2.3
3.192.168.10.0/24的FTP流量走 2.3 ,其他的流量走2.2
4. 基於數據包長度的策略路由,0-400走 2.2 400 ——1000 走2.3 ,其他的正常路由
技術要點:OSPF多區域 VLAN間路由 FR ACL ROUTER MAP 單臂路由 2L交換
我們首先在R2 R3 R4 起個FR ,在pc間做vlan間路由,首先我們完成初始配置
R1:interface Loopback0
ip address 1.1.1.1 255.255.255.0
ip ospf network point-to-point
interface FastEthernet0/8
switchport access vlan 10
!
interface FastEthernet0/9
switchport access vlan 20
interface Serial1/0
ip address 192.168.1.1 255.255.255.0
serial restart-delay 0
clock rate 64000
interface Vlan10
ip address 192.168.20.1 255.255.255.0
!
interface Vlan20
ip address 192.168.30.1 255.255.255.0
!
router ospf 10
router-id 1.1.1.1
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 1
network 192.168.1.0 0.0.0.255 area 1
network 192.168.20.0 0.0.0.255 area 1
network 192.168.30.0 0.0.0.255 area 1
r2 ;interface Loopback0
ip address 2.2.2.2 255.255.255.0
ip ospf network point-to-point
interface Serial0/0
ip address 192.168.1.2 255.255.255.0
serial restart-delay 0
clock rate 64000
interface Serial0/1
ip address 192.168.2.1 255.255.255.0
encapsulation frame-relay
ip ospf network broadcast
ip ospf priority 15
serial restart-delay 0
no arp frame-relay
frame-relay map ip 192.168.2.2 203 broadcast
frame-relay map ip 192.168.2.3 204 broadcast
no frame-relay inverse-arp
router ospf 10
router-id 2.2.2.2
log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 0
network 192.168.1.0 0.0.0.255 area 1
network 192.168.2.0 0.0.0.255 area 0
r5: interface Loopback0
ip address 5.5.5.5 255.255.255.0
ip ospf network point-to-point
interface Serial0/1
ip address 192.168.3.5 255.255.255.0
serial restart-delay 0
clock rate 64000
!
interface Serial0/2
ip address 192.168.4.5 255.255.255.0
interface FastEthernet1/0
no switchport
ip address 192.168.6.5 255.255.255.0
router ospf 10
router-id 5.5.5.5
log-adjacency-changes
network 5.5.5.5 0.0.0.0 area 2
network 192.168.3.0 0.0.0.255 area 2
network 192.168.4.0 0.0.0.255 area 2
network 192.168.6.0 0.0.0.255 area 2
FR : interface Serial0/0
no ip address
encapsulation frame-relay
serial restart-delay 0
clock rate 64000
no fair-queue
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 203 interface Serial0/1 302
frame-relay route 204 interface Serial0/2 402
!
interface Serial0/1
no ip address
encapsulation frame-relay
serial restart-delay 0
clock rate 64000
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 302 interface Serial0/0 203
!
interface Serial0/2
no ip address
encapsulation frame-relay
serial restart-delay 0
clock rate 64000
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 402 interface Serial0/0 204
r4:
interface Loopback0
ip address 4.4.4.4 255.255.255.0
ip ospf network point-to-point
interface Serial0/1
ip address 192.168.4.4 255.255.255.0
serial restart-delay 0
!
interface Serial0/2
ip address 192.168.2.3 255.255.255.0
encapsulation frame-relay
ip ospf network broadcast
ip ospf priority 0
serial restart-delay 0
no arp frame-relay
frame-relay map ip 192.168.2.1 402 broadcast
frame-relay map ip 192.168.2.2 402 broadcast
no frame-relay inverse-arp
router ospf 10
router-id 4.4.4.4
log-adjacency-changes
network 4.4.4.4 0.0.0.0 area 0
network 192.168.2.0 0.0.0.255 area 0
network 192.168.4.0 0.0.0.255 area 2
我這只是列舉了幾個路由的配置條目,我們看下路由表
r11#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
O IA 1.1.1.0 [110/194] via 192.168.6.5, 00:14:47, FastEthernet0/1
2.0.0.0/24 is subnetted, 1 subnets
O IA 2.2.2.0 [110/130] via 192.168.6.5, 00:14:47, FastEthernet0/1
3.0.0.0/24 is subnetted, 1 subnets
O IA 3.3.3.0 [110/66] via 192.168.6.5, 00:14:47, FastEthernet0/1
O IA 192.168.30.0/24 [110/194] via 192.168.6.5, 00:14:47, FastEthernet0/1
4.0.0.0/24 is subnetted, 1 subnets
O IA 4.4.4.0 [110/66] via 192.168.6.5, 00:14:47, FastEthernet0/1
5.0.0.0/24 is subnetted, 1 subnets
O 5.5.5.0 [110/2] via 192.168.6.5, 00:14:47, FastEthernet0/1
C 192.168.10.0/24 is directly connected, Vlan10
我們在web1 192.168.10.10 ping 192.168.20.101
web1#ping 192.168.20.101
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.101, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 340/682/860 ms
我們首先完成第一個題目要求,在r2上做路由map
r2(config-if)#ip policy route-map liang
r2(config)#access-list 1 permit 192.168.20.0 0.0.0.255
r2(config)#acc
r2(config)#access-list 2 per
r2(config)#access-list 2 permit 192.168.30.0 0.0.0.255
r2(config)#route-map liang permit 10
r2(config-route-map)#match ip add 1
r2(config-route-map)#set ip next-hop ver
r2(config-route-map)#set ip next-hop 192.168.2.2
r2(config)#route-map liang permit 15
r2(config-route-map)#match ip add 2
r2(config-route-map)#set ip next-hop verify-availability
r2(config-route-map)#set ip next-hop 192.168.2.3
第二個要求
r2(config-if)#ip policy route-map 51cto
r2(config)#access-list 101 permit ip any host 192.168.10.10
r2(config)#access-list 102 permit ip host 192.168.30.101 host 192.168.10.11
r2(config)#route-map 51cto permit 20
r2(config-route-map)#match ip add 1
r2(config-route-map)#set ip next-hop verify-availability
r2(config-route-map)#set ip next-hop 192.168.2.2
r2(config)#route-map 51cto permit 25
r2(config-route-map)#match ip add 2
r2(config-route-map)#set ip next-hop verify-availability
r2(config-route-map)#set ip next-hop 192.168.2.3
第三個要求 r5的入接口
r5(config)#int f1/0
r5(config-if)#ip policy route-map laoliang
r5(config)#access-list 104 permit tcp 192.168.10.0 0.0.0.255 any eq ftp
r5(config)#access-list 104 permit tcp 192.168.10.0 0.0.0.255 any eq ftp-data
r5(config)#access-list 105 permit tcp 192.168.10.0 0.0.0.255 any eq 23
r5(config)#access-list 105 permit tcp 192.168.10.0 0.0.0.255 any eq 80
r5(config)#access-list 105 permit tcp 192.168.10.0 0.0.0.255 any eq 443
r5(config)#access-list 105 permit tcp 192.168.10.0 0.0.0.255 any eq sm
r5(config)#access-list 105 permit tcp 192.168.10.0 0.0.0.255 any eq smtp
r5(config)#access-list 105 permit tcp 192.168.10.0 0.0.0.255 any eq o
r5(config)#access-list 105 permit tcp 192.168.10.0 0.0.0.255 any eq po
r5(config)#access-list 105 permit tcp 192.168.10.0 0.0.0.255 any eq pop3
r5(config)#route-map laoliang permit 30
r5(config-route-map)#match ip add 104
r5(config-route-map)#set ip next-hop verify-availability
r5(config-route-map)#set ip next-hop 192.168.2.3
r5(config)#route-map laoliang permit 35
r5(config-route-map)#match ip add 105
r5(config-route-map)#set ip next-hop ver
r5(config-route-map)#set ip next-hop verify-availability
r5(config-route-map)#set ip ne
r5(config-route-map)#set ip next-hop 192.168.2.2
第四個要求:
r5(config-if)#ip policy route-map liang
r5(config-route-map)#match length 0 400
r5(config-route-map)#set ip next-hop 192.168.2.2
r5(config)#route-map liang permit 45
r5(config-route-map)#match length 400 1000
r5(config-route-map)#set ip next-hop 192.168.2.3
ok完成!我再寫點這個環境的配置問題大家看一看這個圖,這樣配置就好明白了
