策略路由是一种比基于目标网络进行路由更加灵活的数据包路由转发机制。应用了策 策略路由,路由器将通过路由图决定如何对需要路由的数据包进行处理,路由图决定了一个数据包的下一跳转发路由器。
1. 应用策略路由,必须要指定策略路由使用的路由图,并且要创建路由图。一个路由图由很多条策略组成,每个策略都定义了1 个或多个的匹配规则和对应操作。
2 .一个接口应用策略路由后,将对该接口接收到的所有包进行检查,不符合路由图任何策略的数据包将按照通常的路由转发进行处理,符合路由图中某个策略的数据包,就按照该策略中定义的操作进行处理。
3. 策略路由可以使数据包按照用户指定的策略进行转发。对于某些管理目的,如QoS需求或×××拓扑结构,要求某些路由必须经过特定的路径,就可以使用策略路由。例如,一个策略可以指定从某个网络发出的数据包只能转发到某个特定的接口。
废话不说我们看图说话
要求: 1.要求 20.101 走 2.2 30.102 走2.3 用标准列表做
2 .使用扩张列表要求把任意子网到10.10 2.2 10.11走2.3
3.192.168.10.0/24的FTP流量走 2.3 ,其他的流量走2.2
4. 基于数据包长度的策略路由,0-400走 2.2 400 ——1000 走2.3 ,其他的正常路由
技术要点:OSPF多区域 VLAN间路由 FR ACL ROUTER MAP 单臂路由 2L交换
我们首先在R2 R3 R4 起个FR ,在pc间做vlan间路由,首先我们完成初始配置
R1:interface Loopback0
ip address 1.1.1.1 255.255.255.0
ip ospf network point-to-point
interface FastEthernet0/8
switchport access vlan 10
!
interface FastEthernet0/9
switchport access vlan 20
interface Serial1/0
ip address 192.168.1.1 255.255.255.0
serial restart-delay 0
clock rate 64000
interface Vlan10
ip address 192.168.20.1 255.255.255.0
!
interface Vlan20
ip address 192.168.30.1 255.255.255.0
!
router ospf 10
router-id 1.1.1.1
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 1
network 192.168.1.0 0.0.0.255 area 1
network 192.168.20.0 0.0.0.255 area 1
network 192.168.30.0 0.0.0.255 area 1
r2 ;interface Loopback0
ip address 2.2.2.2 255.255.255.0
ip ospf network point-to-point
interface Serial0/0
ip address 192.168.1.2 255.255.255.0
serial restart-delay 0
clock rate 64000
interface Serial0/1
ip address 192.168.2.1 255.255.255.0
encapsulation frame-relay
ip ospf network broadcast
ip ospf priority 15
serial restart-delay 0
no arp frame-relay
frame-relay map ip 192.168.2.2 203 broadcast
frame-relay map ip 192.168.2.3 204 broadcast
no frame-relay inverse-arp
router ospf 10
router-id 2.2.2.2
log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 0
network 192.168.1.0 0.0.0.255 area 1
network 192.168.2.0 0.0.0.255 area 0
r5: interface Loopback0
ip address 5.5.5.5 255.255.255.0
ip ospf network point-to-point
interface Serial0/1
ip address 192.168.3.5 255.255.255.0
serial restart-delay 0
clock rate 64000
!
interface Serial0/2
ip address 192.168.4.5 255.255.255.0
interface FastEthernet1/0
no switchport
ip address 192.168.6.5 255.255.255.0
router ospf 10
router-id 5.5.5.5
log-adjacency-changes
network 5.5.5.5 0.0.0.0 area 2
network 192.168.3.0 0.0.0.255 area 2
network 192.168.4.0 0.0.0.255 area 2
network 192.168.6.0 0.0.0.255 area 2
FR : interface Serial0/0
no ip address
encapsulation frame-relay
serial restart-delay 0
clock rate 64000
no fair-queue
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 203 interface Serial0/1 302
frame-relay route 204 interface Serial0/2 402
!
interface Serial0/1
no ip address
encapsulation frame-relay
serial restart-delay 0
clock rate 64000
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 302 interface Serial0/0 203
!
interface Serial0/2
no ip address
encapsulation frame-relay
serial restart-delay 0
clock rate 64000
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 402 interface Serial0/0 204
r4:
interface Loopback0
ip address 4.4.4.4 255.255.255.0
ip ospf network point-to-point
interface Serial0/1
ip address 192.168.4.4 255.255.255.0
serial restart-delay 0
!
interface Serial0/2
ip address 192.168.2.3 255.255.255.0
encapsulation frame-relay
ip ospf network broadcast
ip ospf priority 0
serial restart-delay 0
no arp frame-relay
frame-relay map ip 192.168.2.1 402 broadcast
frame-relay map ip 192.168.2.2 402 broadcast
no frame-relay inverse-arp
router ospf 10
router-id 4.4.4.4
log-adjacency-changes
network 4.4.4.4 0.0.0.0 area 0
network 192.168.2.0 0.0.0.255 area 0
network 192.168.4.0 0.0.0.255 area 2
我这只是列举了几个路由的配置条目,我们看下路由表
r11#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
O IA 1.1.1.0 [110/194] via 192.168.6.5, 00:14:47, FastEthernet0/1
2.0.0.0/24 is subnetted, 1 subnets
O IA 2.2.2.0 [110/130] via 192.168.6.5, 00:14:47, FastEthernet0/1
3.0.0.0/24 is subnetted, 1 subnets
O IA 3.3.3.0 [110/66] via 192.168.6.5, 00:14:47, FastEthernet0/1
O IA 192.168.30.0/24 [110/194] via 192.168.6.5, 00:14:47, FastEthernet0/1
4.0.0.0/24 is subnetted, 1 subnets
O IA 4.4.4.0 [110/66] via 192.168.6.5, 00:14:47, FastEthernet0/1
5.0.0.0/24 is subnetted, 1 subnets
O 5.5.5.0 [110/2] via 192.168.6.5, 00:14:47, FastEthernet0/1
C 192.168.10.0/24 is directly connected, Vlan10
我们在web1 192.168.10.10 ping 192.168.20.101
web1#ping 192.168.20.101
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.101, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 340/682/860 ms
我们首先完成第一个题目要求,在r2上做路由map
r2(config-if)#ip policy route-map liang
r2(config)#access-list 1 permit 192.168.20.0 0.0.0.255
r2(config)#acc
r2(config)#access-list 2 per
r2(config)#access-list 2 permit 192.168.30.0 0.0.0.255
r2(config)#route-map liang permit 10
r2(config-route-map)#match ip add 1
r2(config-route-map)#set ip next-hop ver
r2(config-route-map)#set ip next-hop 192.168.2.2
r2(config)#route-map liang permit 15
r2(config-route-map)#match ip add 2
r2(config-route-map)#set ip next-hop verify-availability
r2(config-route-map)#set ip next-hop 192.168.2.3
第二个要求
r2(config-if)#ip policy route-map 51cto
r2(config)#access-list 101 permit ip any host 192.168.10.10
r2(config)#access-list 102 permit ip host 192.168.30.101 host 192.168.10.11
r2(config)#route-map 51cto permit 20
r2(config-route-map)#match ip add 1
r2(config-route-map)#set ip next-hop verify-availability
r2(config-route-map)#set ip next-hop 192.168.2.2
r2(config)#route-map 51cto permit 25
r2(config-route-map)#match ip add 2
r2(config-route-map)#set ip next-hop verify-availability
r2(config-route-map)#set ip next-hop 192.168.2.3
第三个要求 r5的入接口
r5(config)#int f1/0
r5(config-if)#ip policy route-map laoliang
r5(config)#access-list 104 permit tcp 192.168.10.0 0.0.0.255 any eq ftp
r5(config)#access-list 104 permit tcp 192.168.10.0 0.0.0.255 any eq ftp-data
r5(config)#access-list 105 permit tcp 192.168.10.0 0.0.0.255 any eq 23
r5(config)#access-list 105 permit tcp 192.168.10.0 0.0.0.255 any eq 80
r5(config)#access-list 105 permit tcp 192.168.10.0 0.0.0.255 any eq 443
r5(config)#access-list 105 permit tcp 192.168.10.0 0.0.0.255 any eq sm
r5(config)#access-list 105 permit tcp 192.168.10.0 0.0.0.255 any eq smtp
r5(config)#access-list 105 permit tcp 192.168.10.0 0.0.0.255 any eq o
r5(config)#access-list 105 permit tcp 192.168.10.0 0.0.0.255 any eq po
r5(config)#access-list 105 permit tcp 192.168.10.0 0.0.0.255 any eq pop3
r5(config)#route-map laoliang permit 30
r5(config-route-map)#match ip add 104
r5(config-route-map)#set ip next-hop verify-availability
r5(config-route-map)#set ip next-hop 192.168.2.3
r5(config)#route-map laoliang permit 35
r5(config-route-map)#match ip add 105
r5(config-route-map)#set ip next-hop ver
r5(config-route-map)#set ip next-hop verify-availability
r5(config-route-map)#set ip ne
r5(config-route-map)#set ip next-hop 192.168.2.2
第四个要求:
r5(config-if)#ip policy route-map liang
r5(config-route-map)#match length 0 400
r5(config-route-map)#set ip next-hop 192.168.2.2
r5(config)#route-map liang permit 45
r5(config-route-map)#match length 400 1000
r5(config-route-map)#set ip next-hop 192.168.2.3
ok完成!我再写点这个环境的配置问题大家看一看这个图,这样配置就好明白了