Cisco路由器配置策略路由

网络工程配置策略路由

网络工程师配置策略路由

【实验名称】
Cisco路由器配置策略路由Route-map

【实验目的】
掌握网络工程师策略路由的配置(Route map)。

【背景描述】
你是公司的网络工程师,公司分别和两个ISP建立了到公网的连接,由R3的S0与外界连接的线路速度比另一条快,老总让你把财务部门的向外的连接,统一在速度较快的线路上传输,其他部门的向外的连接,通过速度较慢的线路传输。

【实现功能】
通过策略实现对数据流向上的控制。
【实验设备】
实验设备R2624(3台)V35DCE(2根)、V35DTE(2根)

【实验步骤】

第一步:基本配置
Red-Giant(config)#hos R3
R3(config)#int s0
R3(config-if)#ip add 192.168.13.3 255.255.255.0
R3(config-if)#clock rate 64000
R3(config-if)#no sh
R3(config-if)#int f0
R3(config-if)#ip add 192.168.4.1 255.255.255.0
R3(config-if)#no sh
R3(config)#int f1
R3(config-if)#ip add 192.168.3.1 255.255.255.0
R3(config-if)#no sh
R3(config)#int s1
R3(config-if)#ip add 192.168.23.3 255.255.255.0
R3(config-if)#cl ra 64000
R3(config-if)#no sh
R3(config-if)#end
Red-Giant#conf t
Red-Giant(config)#hos R2
R2(config)#int s0
R2(config-if)#ip add 192.168.23.2 255.255.255.0
R2(config-if)#no sh
R2(config-if)#end
Red-Giant#conf t
Red-Giant(config)#hos R1
R1(config)#int s0
R1(config-if)#ip add 192.168.13.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#end

验证测试:
R1#ping 192.168.13.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echoes to 192.168.13.3, timeout is 2 seconds:
!!!!!
R2#ping 192.168.23.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echoes to 192.168.23.3, timeout is 2 seconds:
!!!!!
第二步:配置策略路由

R3(config)#access-list 1 permit 192.168.4.0 0.0.0.255
R3(config)#access-list 2 per 192.168.3.0 0.0.0.255
R3(config)# route-map to-fast permit 10 ! 定义route-map 允许的流量
R3(config-route-map)#mat ip address 1 !定义该route-map中调用的访问控制列表
R3(config-route-map)#set ip next-hop 192.168.13.1 ! 定义特定网段的流向
R3(config-route-map)#exi
R3(config)#route-map to-slow per 10
R3(config-route-map)#match ip address 2
R3(config-route-map)#set ip next-hop 192.168.23.2

验证测试:R3#sh route-map
route-map to-slow, permit, sequence 10
Match clauses:
ip address (access-lists): 2
Set clauses:
ip next-hop 192.168.23.2
Policy routing matches: 0 packets, 0 bytes
route-map to-fast, permit, sequence 10
Match clauses:
ip address (access-lists): 1
Set clauses:
ip next-hop 192.168.13.1
Policy routing matches: 0 packets, 0 bytes

第三步:在接口下应用
R3(config)#int s0
R3(config-if)#ip policy route-map to-fast ! 在接口下应用route-map
R3(config-if)#exi
R3(config)#int s1
R3(config-if)#ip policy route-map to-slow
R3(config-if)#end

验证测试:R3#sh ip int s0
Serial0 is up, line protocol is up
Internet address is 192.168.13.3/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP multicast fast switching is enabled
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
Policy routing is enabled, using route map to-fast

【注意事项】
在接口下应用;
控制列表要写准确,如果应用了deny,需要通过其他流量,记得末尾要用permit any 。

【参考配置】
R3#sh run

成为第一个发表评论的人

发表评论

您的电子邮件地址不会被公开.


*