思科同时匹配源和目标地址进行策略路由配置测试
生活随笔
收集整理的這篇文章主要介紹了
思科同时匹配源和目标地址进行策略路由配置测试
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
1.測試拓撲:
??
2.基本配置:
R1:
interface FastEthernet0/0
?ip address 12.1.1.1 255.255.255.0
?no shutdown
interface Loopback0
?ip address 1.1.1.1 255.255.255.0
R2:
interface Ethernet0/0
?ip address 12.1.1.2 255.255.255.0
?no shutdown
!
interface Ethernet0/1
?ip address 23.1.1.2 255.255.255.0
?no shutdown
!
interface Ethernet0/2
?ip address 24.1.1.2 255.255.255.0
?no shutdown
R3:
interface FastEthernet0/0
?ip address 23.1.1.3 255.255.255.0
?no shutdown
!
interface FastEthernet0/1
?ip address 50.1.1.3 255.255.255.0
?no shutdown
R4:
interface FastEthernet0/0
?ip address 24.1.1.4 255.255.255.0
?no shutdown
!
interface FastEthernet0/1
?ip address 50.1.1.4 255.255.255.0
?no shutdown
R5:
interface Loopback0
?ip address 5.5.5.5 255.255.255.0
!
interface FastEthernet0/0
?ip address 50.1.1.5 255.255.255.0
?no shutdown
3.靜態路由配置:
R1:
ip route 0.0.0.0 0.0.0.0 12.1.1.2
R2:
ip route 0.0.0.0 0.0.0.0 23.1.1.3
ip route 1.1.1.0 255.255.255.0 12.1.1.1
R3:
ip route 5.5.5.0 255.255.255.0 50.1.1.5
ip route 12.1.1.0 255.255.255.0 23.1.1.2
R4:
ip route 1.1.1.0 255.255.255.0 24.1.1.2
ip route 5.5.5.0 255.255.255.0 50.1.1.5
R5:
ip route 0.0.0.0 0.0.0.0 50.1.1.3
ip route 1.1.1.0 255.255.255.0 50.1.1.4
4.R2策略路由配置:
A.配置訪問控制列表,匹配流量:
access-list 110 permit ip 1.1.1.0 0.0.0.255 5.5.5.0 0.0.0.255
B.配置route-map,匹配流量后,設置下一跳
route-map net5 permit 10
?match ip address 110
?set ip next-hop 24.1.1.4
!
route-map net5 permit 20
C.在訪問控制列表對應流量的進入接口應用route-map
interface Ethernet0/0
?ip policy route-map net5
5.效果測試:
A.R1直接traceroute 5.5.5.5 ,這時的源地址為12.1.1.1
R1#traceroute 5.5.5.5??????????????????????
Type escape sequence to abort.
Tracing the route to 5.5.5.5
? 1 12.1.1.2 36 msec 80 msec 44 msec
? 2 23.1.1.3 92 msec 96 msec 60 msec
? 3 50.1.1.5 160 msec *? 184 msec
R1#
-----可以看到R2根據默認路由配置,將去往5.5.5.5的數據包下一跳扔給了R3。
B.R1指定源地址為1.1.1.1來traceroute 5.5.5.5
R1#traceroute 5.5.5.5 source 1.1.1.1
Type escape sequence to abort.
Tracing the route to 5.5.5.5
? 1 12.1.1.2 44 msec 100 msec 56 msec
? 2 24.1.1.4 68 msec 64 msec 96 msec
? 3 50.1.1.5 124 msec *? 140 msec
R1#
??
2.基本配置:
R1:
interface FastEthernet0/0
?ip address 12.1.1.1 255.255.255.0
?no shutdown
interface Loopback0
?ip address 1.1.1.1 255.255.255.0
R2:
interface Ethernet0/0
?ip address 12.1.1.2 255.255.255.0
?no shutdown
!
interface Ethernet0/1
?ip address 23.1.1.2 255.255.255.0
?no shutdown
!
interface Ethernet0/2
?ip address 24.1.1.2 255.255.255.0
?no shutdown
R3:
interface FastEthernet0/0
?ip address 23.1.1.3 255.255.255.0
?no shutdown
!
interface FastEthernet0/1
?ip address 50.1.1.3 255.255.255.0
?no shutdown
R4:
interface FastEthernet0/0
?ip address 24.1.1.4 255.255.255.0
?no shutdown
!
interface FastEthernet0/1
?ip address 50.1.1.4 255.255.255.0
?no shutdown
R5:
interface Loopback0
?ip address 5.5.5.5 255.255.255.0
!
interface FastEthernet0/0
?ip address 50.1.1.5 255.255.255.0
?no shutdown
3.靜態路由配置:
R1:
ip route 0.0.0.0 0.0.0.0 12.1.1.2
R2:
ip route 0.0.0.0 0.0.0.0 23.1.1.3
ip route 1.1.1.0 255.255.255.0 12.1.1.1
R3:
ip route 5.5.5.0 255.255.255.0 50.1.1.5
ip route 12.1.1.0 255.255.255.0 23.1.1.2
R4:
ip route 1.1.1.0 255.255.255.0 24.1.1.2
ip route 5.5.5.0 255.255.255.0 50.1.1.5
R5:
ip route 0.0.0.0 0.0.0.0 50.1.1.3
ip route 1.1.1.0 255.255.255.0 50.1.1.4
4.R2策略路由配置:
A.配置訪問控制列表,匹配流量:
access-list 110 permit ip 1.1.1.0 0.0.0.255 5.5.5.0 0.0.0.255
B.配置route-map,匹配流量后,設置下一跳
route-map net5 permit 10
?match ip address 110
?set ip next-hop 24.1.1.4
!
route-map net5 permit 20
C.在訪問控制列表對應流量的進入接口應用route-map
interface Ethernet0/0
?ip policy route-map net5
5.效果測試:
A.R1直接traceroute 5.5.5.5 ,這時的源地址為12.1.1.1
R1#traceroute 5.5.5.5??????????????????????
Type escape sequence to abort.
Tracing the route to 5.5.5.5
? 1 12.1.1.2 36 msec 80 msec 44 msec
? 2 23.1.1.3 92 msec 96 msec 60 msec
? 3 50.1.1.5 160 msec *? 184 msec
R1#
-----可以看到R2根據默認路由配置,將去往5.5.5.5的數據包下一跳扔給了R3。
B.R1指定源地址為1.1.1.1來traceroute 5.5.5.5
R1#traceroute 5.5.5.5 source 1.1.1.1
Type escape sequence to abort.
Tracing the route to 5.5.5.5
? 1 12.1.1.2 44 msec 100 msec 56 msec
? 2 24.1.1.4 68 msec 64 msec 96 msec
? 3 50.1.1.5 124 msec *? 140 msec
R1#
----可以看到,R2根據策略路由配置,將源地址為1.1.1.1目標地址為5.5.5.5的下一跳扔給了R4。
本文轉自 碧云天 51CTO博客,原文鏈接:http://blog.51cto.com/333234/1066640,如需轉載請自行聯系原作者
總結
以上是生活随笔為你收集整理的思科同时匹配源和目标地址进行策略路由配置测试的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 多线程知识总结
- 下一篇: seo高手已经掌握的秒收教程