cisco思科策略路由的概念原理配置实例
思科路由器原理及配置
Router(config-if)#clock rate 64000 Router(config-if)#
配置串型接口封装类型
关闭或打开一个接口
Router#configure terminal Router(config)#interface serial 0 Router(config-if)#shutdown %LINK-5-CHANGED: Interface Serial0, changed state to administratively down %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to down
© 2001,
Security Overview (Rev 1.1 Oct.. 2001) -40
显示 running-config 显示 startup-config Commands
In RAM
wg_ro_c#show running-config Building configuration... Current configuration: ! version 12.0 ! -- More --
访问控制列表
访问控制列表的作用 工作过程 访问控制列表的分类
配置访问控制列表
访问表类型按编号定义
编号 1~99 100~199 200~299 300~399 600~699 700~799 800~899 900~999 1000~1099 协议 IP IP Ethernet Type Codes DECnet AppleTalk Ethernet Addresses IPX IPX IPX 类型 标准 扩展 N/A 两者 两者 N/A 标准 扩展 SAP过滤
Cisco交换机做策略路由
Cisco交换机做策略路由Cisco交换机做策略路由阅读:980次时间:2011-07-12 20:29:23字体:[大中小]以节约成本、合理利用现有设备为原则,笔者制定了一个解决方案:利用MikroTikRouterOS,改造了几台办公淘汰下来的普通PC做成软路由,分担原来防火墙的流量来共同承担网络的出口任务,在三层交换机上做策略路由实现数据的不同流向,从而达到分流的目的。
关于软路由(ROS)的安装配置等问题本文不做阐述,本文主要针对策略路由的实现及做策略路由时碰到的问题及优化进行详细阐述。
策略路由中所谓策略的制定依赖于访问控制列表(ACL),因此策略路由中策略的制定是方便而又灵活的,可以满足不同方面的需求。
这样,在vlan201接口下符合access-list100的数据就被转发到以10.10.3.2为内网接口的软路由上了,从而实现了分流。
关键词:策略路由,分流,ACL,软路由0 .引言校园网是高校信息化建设的基础设施,也是教学管理信息化现代化的必要平台。
随着笔者所在学院的发展、网络应用的不断增加,原来的网络日益无法满足需求。
后虽升级了网络核心三层交换机,但购买于早期的出口防火墙,因性能有限,越来越成为校园网络的瓶颈。
升级网络出口设备当然是解决这一瓶颈比较好的方法,但一款高性能的路由器或防火墙往往价格不菲,而且还可能存在单点失效问题,不能完全解决问题。
为此,以节约成本、合理利用现有设备为原则,笔者制定了一个解决方案:利用MikroTik RouterOS,改造了几台办公淘汰下来的普通PC做成软路由,分担原来防火墙的流量来共同承担网络的出口任务,在三层交换机上做策略路由实现数据的不同流向,从而达到分流的目的。
关于软路由(ROS)的安装配置等问题本文不做阐述,本文主要针对策略路由的实现及做策略路由时碰到的问题及优化进行详细阐述。
1.策略路由简介策略路由是一种比利用目标网络进行路由更加灵活的数据包路由转发机制,策略路由的优先级别高于普通路由。
思科CCNP认证PBR策略路由与BGP协议详解
思科CCNP认证PBR策略路由与BGP协议详解本⽂讲述了思科CCNP认证PBR策略路由与BGP协议。
分享给⼤家供⼤家参考,具体如下:PBR——策略路由定义:通过流量策略来执⾏选路的⼀种转发⼿段。
控制层⾯——给路由的转发做指导数据层⾯——在路由表中找到路由的出接⼝或者下⼀跳传统的路由表转发只能通过数据的⽬标地址做策略。
策略路由可以根据源地址、⽬的地址、源端⼝、⽬的端⼝、协议、TOS等流量特征来做决策提供路由——灵活性⾼,但速度慢,需要⼀个⼀个抓,操作相对⿇烦。
路由表与策略路由的关系:策略路由是先于路由表执⾏的,策略路由没有捕获的流量依然会去执⾏路由表。
两种配置:1:接⼝下配置access-list 100 permit ip host 1.1.1.1 any //⽤ACL捕获流量route-map pbr permit 10 //定义route-mapnatch ip address 10 //调⽤被ACL捕获的流量set ip next-hop 10.1.1.1 //设置下⼀跳int f0/1ip policy route-map pbr //接⼝下调⽤只能捕获该接⼝的⼊接⼝流量做策略(不能处理本路由器产⽣的流量)。
2:全局配置access-list 100 permit ip host 1.1.1.1 any //⽤ACL捕获流量route-map pbr permit 10 //定义route-mapmatch ip address 10 //调⽤被ACL捕获的流量set ip next-hop 10.1.1.1 //设置下⼀跳ip local policy route-map pbr能够捕获所有接⼝⼊接⼝流量以及本路由器产⽣的流量(源地址是本路由器地址)3:策略路由的冗余设置route-map pbr permit 10match ip address 1ip next-hop verify-availability 10.1.24.2 1 track 1 //track 成功则本条⽣效,track失败则执⾏下⼀条set语句track ip next-hop 10.1.34.3track 1 ip sla 1 //定义⼀个track监控sla的探测结果ip sla 1 //定义⼀个slaip icmp-echo 10.1.12.1 source-ip 10.4.4.4 //设置其探针ip sla schedule 1 life forever start-time now //设置sla 1的执⾏时间4:default 语句在route-map的set ip default这个位置输⼊,定义被捕获的流量为先查路由表。
思科CISCO实验记录一:路由器基本配置原理与命令小结
思科CISCO实验记录⼀:路由器基本配置原理与命令⼩结本⽂讲述了思科CISCO实验中的路由器基本配置原理与命令。
分享给⼤家供⼤家参考,具体如下:⼀、路由器基本配置要求1、设置路由器名为:hehe2、设置特权模式下password为ccna,secret为ccnp,vty线路密码为ccie3、所有明⽂密码都加密⼆、路由器基本配置命令1、设置路由器名为:heheRouter#configure terminal //进⼊配置模式Enter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname hehe //设置hostnamehehe(config)#2、设置特权模式下password为ccna,secret为ccnp,vty线路密码为cciehehe#configure terminalEnter configuration commands, one per line. End with CNTL/Z.hehe(config)#enable password ccna //特权模式的password密码hehe(config)#enable secret ccnp //特权模式的secret密码hehe(config)#line vty 0 4 //启⽤0-4号5个vtyhehe(config-line)#password ccie //登录的passwordhehe(config-line)#login //启⽤密码验证,no login关闭密码验证3、所有明⽂密码都加密hehe(config)#service password-encryption三、路由器基本配置解析1、新设备如何连接新到的路由器可以通过console⼝与电脑连接,默认波特率为9600即可⾃动与设备连接2、password、secretpassword是早期设备的密码协议,默认是明⽂保存的secret是最常⽤的密码⽅式,是MD5加密的3、vtyvty⽀持多种协议,常见的有ssh、telnet等,默认telnet协议。
思科路由器配置命令详解及实例
CISCO路由器配置命令详解及实例目录CISCO路由器配置命令详解及实例 (1)第一章:路由器配置基础 (2)一、基本设置方式 (2)二、命令状态 (2)三、设置对话过程 (3)四、常用命令 (5)五、配置IP寻址 (6)六、配置静态路由 (8)第二章:广域网协议设置 (8)一、HDLC (8)二、PPP (11)三、x.25 (12)四、Frame Relay (15)五. Cisco765M通过ISDN拨号上263 (18)六、PSTN (19)第三章:路由协议设置 (30)一、RIP协议 (30)三、OSPF协议 (31)四、重新分配路由 (34)五、IPX协议设置 (36)第四章:服务质量及访问控制 (37)一、协议优先级设置 (37)二、队列定制 (38)三、访问控制 (38)第五章:虚拟局域网(VLAN)路由 (39)一、虚拟局域网(VLAN) (39)二、交换机间链路(ISL)协议 (39)三、虚拟局域网(VLAN)路由实例 (39)第六章:知识参考 (44)一、路由器初始化 (44)二、IP分配 (45)第一章:路由器配置基础一、基本设置方式一般来说,可以用5种方式来设置路由器:1.Console口接终端或运行终端仿真软件的微机;2.AUX口接MODEM,通过电话线与远方的终端或运行终端仿真软件的微机相连;3.通过Ethernet上的TFTP服务器;4.通过Ethernet上的TELNET程序;5.通过Ethernet上的SNMP网管工作站。
但路由器的第一次设置必须通过第一种方式进行,此时终端的硬件设置如下:波特率:9600数据位:8停止位:1奇偶校验: 无二、命令状态1. router>路由器处于用户命令状态,这时用户可以看路由器的连接状态,访问其它网络和主机,但不能看到和更改路由器的设置内容。
2. router#在router>提示符下键入enable,路由器进入特权命令状态router#,这时不但可以执行所有的用户命令,还可以看到和更改路由器的设置内容。
思科Cisco策略路由与路由策略实例详解
思科Cisco策略路由与路由策略实例详解本⽂讲述了思科Cisco策略路由与路由策略。
分享给⼤家供⼤家参考,具体如下:⼀、策略路由1. 路由策略与策略路由2. 策略路由的特点3.策略路由的配置3.1 接⼝下配置3.2 全局配置3.3 策略路由的冗余设置3.4 default语句3.5 为流量打ToS标记⼆、路由策略1.抓取流量的列表1.1 ACL访问控制列表1.2 prefix-list前缀列表2. 路由策略⼯具2.1 distribute-list分发列表2.2 route-map路由镜像2.3 OSPF filter-list⼀、策略路由1. 路由策略与策略路由路由策略是对路由信息本⾝的参数进⾏修改、控制等,最终影响路由表的⽣成,说⽩了路由策略就是告诉设备怎么学,⼀般与BGP结合使⽤⽐较多。
策略路由PBR,策略基于路由重点在路由,就是通过策略控制数据包的转发⽅向。
也有⼈把策略路由称之为⼀个复杂的静态路由。
⼀般来讲,策略路由是先于路由表执⾏的。
即设备在转发报⽂时,⾸先将报⽂与策略路由的匹配规则进⾏⽐较。
若符合匹配条件,则按策略路由进⾏转发;如果报⽂⽆法匹配策略路由的条件,再按照普通路由进⾏转发。
策略路由在转化层⾯不如路由表。
原因是匹配的东西过多,底层芯⽚处理⽀持有限。
使⽤原则是能不⽤就不⽤。
如果出现⾮⽬的地址的转发策略,果断⽤。
2. 策略路由的特点传统的路由表转发只能通过数据的⽬标地址做决策;策略路由可以根据源地址、⽬的地址、源端⼝、⽬的端⼝、协议、TOS等流量特征来做策略提供路由,灵活性⾼。
为QoS服务。
使⽤route-map及策略路由可以根据数据包的特征修改其相关QoS项,进⾏为QoS服务。
负载均衡。
使⽤策略路由可以设置数据包的⾏为,⽐如下⼀跳、下⼀接⼝等,这样在存在多条链路的情况下,可以根据数据包的应⽤不同⽽使⽤不同的链路,进⽽提供⾼效的负载均衡能⼒。
策略路由PBR默认只对穿越流量⽣效,不能处理本路由器产⽣流量3.策略路由的配置3.1 接⼝下配置接⼝下只能捕获该接⼝的⼊接⼝流量做策略(不能处理本路由器产⽣流量)R1(config)#access-list 100 permit ip host 1.1.1.1 any //⽤ACL捕获流量R1(config)#route-map pbr permit 10 //定义route-mapR1(config-route-map)#match ip add 100 //调⽤被ACL捕获的流量R1(config-route-map)#set ip next-hop 10.1.1.1 //设置下⼀跳R1(config-route-map)#exitR1(config)#int f0/0R1(config-if)#ip policy route-map pbr //接⼝下调⽤3.2 全局配置能够捕获所有⼊接⼝流量以及本路由器产⽣的流量(源地址是本路由器流量)R1(config)#access-list 100 permit ip host 1.1.1.1 any //⽤ACL捕获流量R1(config)#route-map pbr permit 10 //定义route-mapR1(config-route-map)#match ip add 100 //调⽤被ACL捕获的流量R1(config-route-map)#set ip next-hop 10.1.1.1 //设置下⼀跳R1(config-route-map)#exitR1(config)#ip local policy route-map pbr //全局下调⽤3.3 策略路由的冗余设置R1(config)#route-map PBR permit 10R1(config-route-map)#set ip next-hop verify-availability 10.1.24.2 1 track 1 //设置track监控,若track监控成功,执⾏该语句;若失败,则转为执⾏下条语句R1(config-route-map)#set ip next-hop 10.1.34.3R1(config-route-map)#exitR1(config)#ip local policy route-map PBRR1(config)#track 1 ip sla 1 //定义⼀个track监控 sla的探测结果R1(config-track)#ip sla 1 //定义⼀个slaR1(config-ip-sla)#icmp-echo 10.1.12.1 source-ip 10.4.4.4 //设置其探针R1(config)#ip sla schedule 1 life forever start-time now //设置sla 1的执⾏时间3.4 default语句在route-map的set ip default这个位置输⼊,定义为被捕获的流量先查路由表,如果能精确匹配(如果抓的为10.5.5.5,路由表中有10.5.5.5/24这不叫精确匹配;如果10.5.5.5/32则叫精确匹配)就执⾏路由表;如果不能则执⾏策略路由。
思科Cisco路由器RIP动态路由配置实验案例详解
思科Cisco路由器RIP动态路由配置实验案例详解本⽂讲述了思科Cisco路由器RIP动态路由配置实验。
分享给⼤家供⼤家参考,具体如下:实验九 路由器RIP动态路由配置⼀、实验⽬的1. 掌握RIP协议的配置⽅法:2. 掌握查看通过动态路由协议RIP学习产⽣的路由;3. 熟悉⼴域⽹线缆的链接⽅式;⼆、实验背景 假设校园⽹通过⼀台三层交换机连到校园⽹出⼝路由器上,路由器再和校园外的另⼀台路由器连接。
现要做适当配置,实现校园⽹内部主机与校园⽹外部主机之间的相互通信。
为了简化⽹管的管理维护⼯作,学校决定采⽤RIPV2协议实现互通。
三、技术原理1. RIP(Routing Information Protocols,路由信息协议)是应⽤较早、使⽤较普遍的IGP内部⽹管协议,使⽤于⼩型同类⽹络,是距离⽮量协议;2. RIP协议跳数作为衡量路径开销的,RIP协议⾥规定最⼤跳数为15;3. RIP协议有两个版本:RIPv1和RIPv2,RIPv1属于有类路由协议,不⽀持VLSM,以⼴播形式进⾏路由信息的更新,更新周期为30秒;RIPv2属于⽆类路由协议,⽀持VLSM,以组播形式进⾏路由更细。
四、实验步骤 建⽴建⽴packet tracer拓扑图 (1)在本实验中的三层交换机上划分VLAN10和VLAN20,其中VLAN10⽤于连接校园⽹主机,VLAN20⽤于连接R1。
(2)路由器之间通过V.35电缆通过串⼝连接,DCE端连接在R1上,配置其时钟频率64000。
(3)主机和交换机通过直连线,主机与路由器通过交叉线连接。
(4)在S3560上配置RIPV2路由协议。
(5)在路由器R1、R2上配置RIPV2路由协议。
(6)将PC1、PC2主机默认⽹关设置为与直连⽹路设备接⼝IP地址。
(7)验证PC1、PC2主机之间可以互相同信;五、实验设备 PC 2台;Switch_3560 1台;Router-PT 2台;直连线;交叉线;DCE 串⼝线六、实验拓扑图七、实验命令PC1IP: 192.168.1.2Submask: 255.255.255.0Gateway: 192.168.1.1 PC2IP: 192.168.2.2Submask: 255.255.255.0Gateway: 192.168.2.1S3560enconf thostname S3560vlan 10exitvlan 20exitinterface fa 0/10switchport access vlan 10exitinterface fa 0/20switchport access valn 20exitendshow vlanconf tinterface vlan 10ip address 192.168.1.1 255.255.255.0no shutdownexitinterface vlan 20ip address 192.168.3.1 255.255.255.0no shutdownendshow ip routeshow runingconf trouter ripnetwork 192.168.1.0network 192.168.3.0version 2endshow ip routeR1enconf thostname R1interface fa 0/0no shutdownip address 192.168.3.2 255.255.255.0interface serial 2/0no shutdownip address 192.168.4.1 255.255.255.0clock rate 64000endshow ip routeconf trouter ripnetwork 192.168.3.0network 192.168.4.0version 2exitR2enconf thostname R2interface fa 0/0no shutdownip address 192.168.2.1 255.255.255.0interface serial 2/0no shutdownip address 192.168.4.2 255.255.255.0endshow ip routeconf trouter ripnetwork 192.168.2.0netword 192.168.4.0version 2end⼋、实验结果 配置PC0、PC1的IP地址: 配置S3560: 配置R1: 配置R2: PC0 ping PC1:。
思科路由器配置命令详解及实例(免积分)之欧阳语创编
CISCO路由器配置命令详解及实例目录CISCO路由器配置命令详解及实例1第一章:路由器配置基础2一、基本设置方式2二、命令状态3三、设置对话过程4四、常用命令9五、配置IP寻址11六、配置静态路由15第二章:广域网协议设置17一、HDLC17二、PPP23三、x.2525四、Frame Relay31五. Cisco765M通过ISDN拨号上26337六、PSTN39第三章:路由协议设置62一、RIP协议62三、OSPF协议64四、重新分配路由71五、IPX协议设置74第四章:服务质量及访问控制77一、协议优先级设置77二、队列定制78三、访问控制79第五章:虚拟局域网(VLAN)路由79一、虚拟局域网(VLAN)79二、交换机间链路(ISL)协议80三、虚拟局域网(VLAN)路由实例80第六章:知识参考90一、路由器初始化90二、IP分配92第一章:路由器配置基础一、基本设置方式一般来说,可以用5种方式来设置路由器:1.Console口接终端或运行终端仿真软件的微机;2.AUX口接MODEM,通过电话线与远方的终端或运行终端仿真软件的微机相连;3.通过Ethernet上的TFTP服务器;4.通过Ethernet上的TELNET程序;5.通过Ethernet上的SNMP网管工作站。
但路由器的第一次设置必须通过第一种方式进行,此时终端的硬件设置如下:波特率:9600数据位:8停止位:1奇偶校验: 无二、命令状态1. router>路由器处于用户命令状态,这时用户可以看路由器的连接状态,访问其它网络和主机,但不能看到和更改路由器的设置内容。
2. router#在router>提示符下键入enable,路由器进入特权命令状态router#,这时不但可以执行所有的用户命令,还可以看到和更改路由器的设置内容。
3. router(config)#在router#提示符下键入configure terminal,出现提示符router(config)#,此时路由器处于全局设置状态,这时可以设置路由器的全局参数。
Cisco路由器静态RIP和策略路由配置系列之八RIP路由配置基础
RIP路由配置基础RIP(Routing Information Protocol,路由信息协议)是一种动态路由协议,通常是用于小到中型TCP/IP网络中,是一个使用距离矢量计算路由的可靠协议。
但动态路由协议不是仅RIP一种,本书后面介绍的OSPF、EIGRP、IS-IS和BGP等。
在此先简单了解一下路由协议的分类。
动态路由协议可分为内部网关协议IGP(Interior Gateway Protocol)和外部网关协议EGP (Exterior Gateway Protocol);按照所执行的算法,动态路由协议可分为距离失量路由协议(Distance Vector)、链路状态路由协议(Link State),以及思科公司开发的混合型路由协【经验之谈】动态路由与静态路由最大的不同就是,动态路由无需手动配置一跳跳的路由,且可在网络通信流量或者网络拓扑结构发生变化时能自动调整路由路径,实现持续路由服务,而无需管理员手动调整。
而且动态路由的改变会与网络中的其他路由器共享。
这就使得路由的配置更加简单,只需要把各路由器上所连接的网络向邻居路由器宣告即可,然后再由邻居路由器向它的其他邻居路由进行宣告,一级级地传递下去,就使得整个网络中的每台路由器都有对应动态路由网络中到达所连接的所有网络的路由。
这就是为什么动态路由配置(无论是本章介绍的RIP动态路由,还是OSPF、EIGRP、BGP、IS-IS等动态路由)最基本的配置就是创建一个对应动态路由协议的进程,然后把各路由器所连接的网络通过network 命令进行宣告。
对于可以划分区域的动态路由(如OSPF、EIGRP、IS-IS等)还需要创建所需的区域。
基本的配置就这么简单,根本无需为到达每个外部网络或者外部网络中的主机配置专门的路由。
这也是本篇中你看到的每个动态路由协议基本配置过程都很简单,并没有复杂的路由创建过程的根本原因RIP路由更新和度量计算RIP协议使用UDP数据包来交换路由信息的。
cisco双线双路网络路由器怎么设置
cisco双线双路网络路由器怎么设置思科cisco是全球领先且顶尖的通讯厂商,出产的路由器功能也是很出色的,那么你知道cisco双线双路网络路由器怎么设置吗?下面是店铺整理的一些关于cisco双线双路网络路由器怎么设置的相关资料,供你参考。
cisco双线双路网络路由器设置一,路由策略的优势:经常关注我们IT168网络频道的读者都知道之前我们介绍过如何从本地计算机的路由信息入手解决这种双线双路的实际网络问题,然而该方法只限于在单台计算机上操作,如果企业的员工计算机非常多,一台一台机器的设置肯定不太现实,这时我们就可以通过路由策略实现对企业网络路由器设置出口的统筹管理,将出口网络路由器设置合理的路由策略,从而让网络数据包可以根据不同需求转发到不同的线路。
总体说来路由策略各个命令只需要我们在企业连接网络外部出口的网络路由器设置即可,该路由器实际连接的是双线双路,即一个接口连接通往中国网通的网络,一个接口连接抵达中国电信的网络。
cisco双线双路网络路由器设置二,路由策略命令简单讲解:路由策略的意义在于他可以让路由器根据一定的规则选择下一跳路由信息,这样就可以自动的根据接收来的网络数据包的基本信息,判断其应该按照哪个路由表中的信息进行转发了。
通过路由策略我们可以为一台路由器指定多个下一跳转发路由地址。
下面我们来看一段路由策略指令,然后根据其后面的指示信息来了解他的意义。
(1)路由策略基本信息的设置:route-map src80 permit 10//建立一个策略路由,名字为src80,序号为10,规则为容许。
match ip address 151//设置match满足条件,意思是只有满足ip address符合访问控制列表151中规定的才进行后面的set操作,否则直接跳过。
set ip next-hop 10.91.31.254//满足上面条件的话就将这些数据的下一跳路由信息修改为10.91.31.254。
策略路由-交换机配置
1.1.1CISCO交换机配置方法一、(不具备逃生方案)建立ACLip access-list extended policy-route-aclpermit ip any anyexit配置route-map路由图route-map policy-routematch ip address policy-route-aclset ip next-hop 192.168.100.123exit在接口上应用route-mapinterface vlan 54ip policy route-map policy-routeexit方法二、(具备逃生方案)建立ACLaccess-list 101 permit ip 192.168.36.0 0.0.0.255 anyip access-list extended policy-route-aclpermit ip any anyexit配置带下跳检测的route-map路由图ip sla monitor 1type echo protocol ipIcmpEcho 172.28.1.11frequency 8ip sla monitor schedule 1 life forever start-time nowtrack 123 rtr 1 reachabilityip sla monitor 2type echo protocol ipIcmpEcho 172.28.1.12frequency 8ip sla monitor schedule 2 life forever start-time nowtrack 223 rtr 2 reachabilityroute-map policy_routematch ip address policy-route-aclset ip next-hop verify-availability 172.28.1.11 10 track 123 set ip next-hop verify-availability 172.28.1.12 20 track 223 在接口上应用route-mapinterface vlan 200ip policy route-map policy-routeCISCO EEM逃生方案#创建一个event managerevent manager applet PBR#您那边的event manager如果版本是3.0的话应该支持#event track 1的用法,我们这里只支持syslog进行模式匹配event syslog pattern "Interface FastEthernet0/3, changed state to down" action 1.0 syslog msg "PBR to shutdown the interface vlan 112"action 1.1 cli command "en"action 1.3 cli command "config term"action 1.5 cli command "int vlan 112"action 1.7 cli command "shutdown"1.1.2H3C交换机配置1.2.2.1policy-based-route方法配置建立ACLacl number 3040rule 0 permit ip source anyquit配置policy-based-route路由图policy-based-route policy-route permit node 10if-match acl 3040apply ip-address next-hop 192.168.100.123quit在接口应用policy-based-routeinterface Ethernet0/3.40ip policy-based-route policy-routequit1.2.2.2qos policy方法配置配置ACL策略[H3C7506E]acl number 3040[H3C7506E-acl-adv-3040] rule 10 permit ip source any[H3C7506E-acl-adv-3040]quit配置匹配ACL的流分类1[H3C7506E] traffic classifier 1[H3C7506E-classifier-1] if-match acl 3040[H3C7506E-classifier-1] quit配置刚才定义的流分类1的行为,定义如果匹配就下一跳至192.168.100.123 [H3C7506E] traffic behavior 1[H3C7506E-behavior-1] redirect next-hop 192.168.100.123[H3C7506E-behavior-1] quit将刚才设置的流分类及行为应用至QOS策略中,定义policy 1[H3C7506E] qos policy 1[H3C7506E-qospolicy-1] classifier 1[H3C7506E-qospolicy-1] behavior 1[H3C7506E-qospolicy-1] quit在接口上应用定义的QOS策略policy 1[H3C7506E] interface GigabitEthernet 2/0/11[H3C7506E-GigabitEthernet2/0/11] qos apply policy 1 inbound[H3C7506E-GigabitEthernet2/0/11] quit1.2.2.3route policy方法配置建立ACLacl number 3000rule 0 permit ip source anyquit配置route policy路由图route-policy policy-route permit node 1if-match acl 3000apply ip-address next-hop 192.168.100.123quit在接口应用route policyinterface Ethernet1/0ip policy route-policy policy-routequit1.2.2.4traffic-redirect方法配置建立ACLacl number 3000rule 0 permit ip source anyquit在接口应用traffic-redirecinterface GigabitEthernet6/1/1traffic-redirect inbound ip-group 3000 rule 0 next-hop 192.168.100.123quit逃生方案:traffic-redirect inbound ip-group 3000 rule 0 next-hop 192.168.100.123 in forword1.1.3华为交换机配置1.2.3.1traffic-policy方法配置配置ACL策略acl number 3040rule 10 permit ip source anyquit配置匹配ACL的流分类1traffic classifier 1if-match acl 3040quit配置刚才定义的流分类1的行为,定义如果匹配就下一跳至192.168.100.123 traffic behavior 1redirect next-hop 192.168.100.123quit将刚才设置的流分类及行为应用至traffic-policy策略中,定义policy 1traffic policy 1classifier 1 behavior 1quit在接口上应用定义的QOS策略policy 1interface GigabitEthernet 2/0/11traffic-policy 1 inboundquit1.2.3.2traffic-redirect方法配置建立ACLacl number 3000rule 0 permit ip source anyquit在接口应用traffic-redirecinterface GigabitEthernet6/1/1traffic-redirect inbound ip-group 3000 rule 0 next-hop 192.168.100.123quit1.2.3.3route policy方法配置建立ACLacl number 3000rule 0 permit ip source anyquit配置route policy路由图route-policy policy-route permit node 1if-match acl 3000apply ip-address next-hop 192.168.100.123quit在接口应用route policyinterface Ethernet1/0ip policy route-policy policy-routequit。
思科CISCO路由原理与静态路由详解
路由原理与静态路由在互连网上,每时每刻有数以万计的路由器为数据的转发而忙碌。
路由器转发数包,必须依靠一张表-----路由表。
路由:指导路由器进行数据转发的路径信息。
路由器根据路由表,选择最佳路径,将数据包转发到目标网段。
路由器收到数据包后,会根据目的IP选择一条最优的路径,将数据包转到下一跳路由器,路径上最后的路由器负责将数据包送交目的主机。
(类似于体育运动中的接力赛一样,每一个路由器负责将数据包按照最优的路径向下一跳路由器进行转发,通过多个路由器一站一站的接力,最终将数据包转到目的地。
)路由表的主要参数:( 以R1为例)目标网段下一跳出接口度量值201.1.1.0 / 24 R2S1/0 3202.1.1.0 / 24 R2S1/0 3路由表中包含了可以到达的目的网络,目的网络在路由表中不存在的数据包会被丢弃。
为了保障数据的正常通信,要求网络中所有的路由器都有正确的、完整的路由表。
数据通信是双向的,所有路由器要有前往目标的路由,同时还要有返回数据源的路由。
数据转发1.同一网段:直接封装对方的MAC地址,直接发送。
(不需要R)2.不同网段:封装网关的MAC地址,由网关路由器进行转发。
(需要R)说明:对于PC来说,当与不同网段通信时,必须要设置默认网关。
默认网关就是自己直连的路由器的以太口。
路由表的建立根据来源的不同,路由表的路由通常可分为以下三类:直连路由:链路层协议发现的路由(接口双UP,正确配置IP地址)静态路由:手工设置动态路由:动态学习,依靠各种路由协议,如RIP、OSPF、BGP等。
一、静态路由人工静态设置的路由信息。
分析:在路由器R1上,只要为F0/0和S1/0 配置IP地址,并且激活接口,路由器R1便可以自动建立直连的路由条目。
对于3.0网段R1是不能直接感觉到的,所以需要人工去告诉它。
可以告诉路由器R1:3.0网段在它的S1/0口方向,下一跳是192.168.2.2.格式:R1(config)# ip route 目标网段子网掩码下一跳命令配置:R1(config)#ip route 192.168.3.0 255.255.255.0 192.168.2.2r1#sh ip route // 查看路由表说明:静态路由的优缺点优点:静态存在,稳定,不占用网络带宽和路由器CPU资源。
Cisco路由器配置实例(经典)
实训报告实训一路由基本配置1、实验目的:路由器基本配置及ip设置2、拓扑结构图Router0 fa0/0: 192.168.11.1Fa0/1:192.168.1.1Router1 fa0/0: 192.168.11.2Fa0/1:192.168.2.1Znn1:192.168.1.2Znn2:192.168.2.23、实验步骤Router1Router>en 用户模式进入特权模式Router#conf t 特权模式进入全局模式Enter configuration commands, one per line. End with CNTL/Z.Router(config)#host rznn1 改名字为rznn1rznn1(config)#int fa0/0 进入fa0/0端口rznn1(config-if)#ip add 192.168.11.1 255.255.255.0 设置ip地址rznn1(config-if)#no sh 激活rznn1(config)#int fa0/1rznn1(config-if)#ip add 192.168.1.1 255.255.255.0rznn1(config-if)#no shrznn1(config-if)#exitrznn1(config)#exitrznn1#copy running-config startup-config 保存Destination filename [startup-config]? startup-configrznn1#conf trznn1(config)#enable secret password 222 设置密文rznn1#show ip interface b 显示Interface IP-Address OK? Method Status Protocol FastEthernet0/0 192.168.11.1 YES manual up up FastEthernet0/1 192.168.1.1 YES manual up upVlan1 unassigned YES manual administratively down downrouter 2outer>enRouter#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#host rznn2rznn2(config)#int fa0/0rznn2(config-if)#ip add 192.168.11.2 255.255.255.0rznn2(config-if)#no shrznn2(config)#int fa0/1rznn2(config-if)#ip add 192.168.2.1 255.255.255.0rznn2(config-if)#no shRznn2#copy running-config startup-config 保存Destination filename [startup-config]? startup-configrznn2(config-if)#exitrznn2(config)#exitrznn2#conf trznn2(config)#enable secret 222rznn2#show ip interface bInterface IP-Address OK? Method Status Protocol FastEthernet0/0 192.168.11.2 YES manual up up FastEthernet0/1 192.168.2.1 YES manual up upVlan1 unassigned YES manual administratively down down实训二1、远程登录、密码设置及验证为路由器开设telnet端口,PC机可以远程登陆到Rznn3(Router 1)拓扑结构图Router0:192.168.1.1Pc:192.168.1.2步骤rznn3>rznn3>enrznn3#conf tEnter configuration commands, one per line. End with CNTL/Z.rznn3(config)#no ip domain lookuprznn3(config)#line cons 0rznn3(config-line)#password znnrznn3(config-line)#loginrznn3(config-line)#no exec-trznn3(config-line)#logg syncrznn3(config-line)#exitrznn3(config)#int fa0/0rznn3(config-if)#ip add 192.168.1.1 255.255.255.0rznn3(config-if)#no shrznn3(config-if)#exitrznn3(config)#line vty 0 4 打通五个端口rznn3(config-line)#password cisco 设置密码rznn3(config-line)#login 保存rznn3(config-line)#exit4、测试:实训三命令组1、目的:八条命令(no ip domain lookup\line cons 0\password\login\no exec-t\logg sync\show version\reload\copy running-config startup-config)\show cdp neighbors)2、拓扑结构图Router0 fa0/0: 192.168.11.1Router1 fa0/0: 192.168.11.23、步骤rznn1#conf tEnter configuration commands, one per line. End with CNTL/Z.1、rznn1(config)#no ip domain lookup 取消域名查找转换2、rznn1(config)#line cons 0 打开cons 0端口3、rznn1(config-line)#password znn 设置密码为znnrznn1(config-line)#login 保存rznn1(config-line)#no exec-t 设置永不超时4、rznn1(config-line)#logg sync 产生日志5、rznn1#show version 显示思科路由系统版本信息Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(15)T1, RELEASE SOFTWARE (fc2)Technical Support: /techsupportCopyright (c) 1986-2007 by Cisco Systems, Inc.Compiled Wed 18-Jul-07 06:21 by pt_rel_team6、rznn1#show cdp neighbors 查看路由器连接的相邻路由器的相关信息Capability Codes: R - Router, T - Trans Bridge, B - Source Route BridgeS - Switch, H - Host, I - IGMP, r - Repeater, P - PhoneDevice ID Local Intrfce Holdtme Capability Platform Port IDrznn2 Fas 0/0 139 R C2800 Fas 0/07、rznn1#copy running-config startup-config 保存刚才指令Destination filename [startup-config]? startup-configBuilding configuration...[OK]8、rznn1#reload 重启路由器Proceed with reload? [confirm]System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)Copyright (c) 2000 by cisco Systems, Inc.cisco 2811 (MPC860) processor (revision 0x200) with 60416K/5120K bytes of memorySelf decompressing the image :########################################################################## [OK] Restricted Rights Legendrznn1#show ip interface bInterface IP-Address OK? Method Status Protocol FastEthernet0/0 192.168.11.1 YES manual up up FastEthernet0/1 192.168.1.1 YES manual up upVlan1 unassigned YES manual administratively down down9、rznn1(config-if)#ip add 192.168.3.1 255.255.255.0 重置ip地址rznn1#show ip interface bInterface IP-Address OK? Method Status Protocol FastEthernet0/0 192.168.3.1 YES manual up up FastEthernet0/1 192.168.1.1 YES manual up up Vlan1 unassigned YES manual administratively down down实训四发现协议1、实训目的通过发现协议显示路由器相邻路由的端口信息2、拓扑结构Router0:192.168.11.1Router1:fa0/0 192.168.11.2Fa0/1 192.168.12.1Router2:192.168.12.23、步骤R1路由器Router>enRouter#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#host r1r1(config)#int fa0/0r1(config-if)#ip add 192.168.11.1 255.255.255.0r1(config-if)#no sh%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to upr1(config-if)#r1(config-if)#exitr1(config)#exitr1#%SYS-5-CONFIG_I: Configured from console by consoler1#show ip interface bInterface IP-Address OK? Method Status Protocol FastEthernet0/0 192.168.11.1 YES manual up down FastEthernet0/1 unassigned YES manual administratively down downVlan1 unassigned YES manual administratively down downR2 路由器Router>enRouter#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#host r2r2(config)#int fa0/0r2(config-if)#ip add 192.168.11.2 255.255.255.0r2(config-if)#no sh%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up r2(config-if)#exitr2(config)#exitr2#%SYS-5-CONFIG_I: Configured from console by consoler2#conf tEnter configuration commands, one per line. End with CNTL/Z.r2(config)#int fa0/0r2(config-if)#int fa0/1r2(config-if)#ip add 192.168.12.1 255.255.255.0r2(config-if)#no sh%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to upr2(config-if)#exitr2(config)#exitr2#%SYS-5-CONFIG_I: Configured from console by consoler2#show ip interface bInterface IP-Address OK? Method Status Protocol FastEthernet0/0 192.168.11.2 YES manual up upFastEthernet0/1 192.168.12.1 YES manual up down Vlan1 unassigned YES manual administratively down downR3路由器Router>enRouter#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#host r3r3(config)#int fa0/0r3(config-if)#ip add 192.168.12.2 255.255.255.0r3(config-if)#no sh%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up r3(config-if)#exitr3(config)#exitr3#%SYS-5-CONFIG_I: Configured from console by consoler3#show ip interface bInterface IP-Address OK? Method Status Protocol FastEthernet0/0 192.168.12.2 YES manual up up FastEthernet0/1 unassigned YES manual administratively down downVlan1 unassigned YES manual administratively down downR1发现邻居r1#show cdp neighborsCapability Codes: R - Router, T - Trans Bridge, B - Source Route BridgeS - Switch, H - Host, I - IGMP, r - Repeater, P - PhoneDevice ID Local Intrfce Holdtme Capability Platform Port IDr2 Fas 0/0 165 R C2800 Fas 0/0R2发现邻居r2#show cdp neighborsCapability Codes: R - Router, T - Trans Bridge, B - Source Route BridgeS - Switch, H - Host, I - IGMP, r - Repeater, P - PhoneDevice ID Local Intrfce Holdtme Capability Platform Port IDr1 Fas 0/0 176 R C1841 Fas 0/0r3 Fas 0/1 130 R C1841 Fas 0/0R3发现邻居r3#show cdp neighborsCapability Codes: R - Router, T - Trans Bridge, B - Source Route BridgeS - Switch, H - Host, I - IGMP, r - Repeater, P - PhoneDevice ID Local Intrfce Holdtme Capability Platform Port IDr2 Fas 0/0 166 R C2800 Fas 0/14、总结show 命令(1)show ip interface b (显示端口ip信息)(2)show version (显示ios版本信息)(3)show running-config (显示刚才使用的命令配置信息)(4)show cdp neighbors (显示发现邻居直连设备信息)(5)show interface (显示所有端口详细信息)实训五静态路由1、实验目的:将不同网段的网络配通(ip route)Ip route语法:ip route 目标地址子网掩码相邻路由器接口地址Show ip route2、试验拓扑:Router0:192.168.11.1Router1:fa0/0 192.168.11.2Fa0/1 192.168.12.1Router2:192.168.12.23、实验步骤:Router1Router>enRouter#conf tRouter(config)#host r1r1(config)#int fa0/0r1(config-if)#ip add 192.168.11.1 255.255.255.0r1(config-if)#no sh%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to upr1(config-if)#exitr1(config)#exitr1#show ip interface bInterface IP-Address OK? Method Status ProtocolFastEthernet0/0 192.168.11.1 YES manual up downFastEthernet0/1 unassigned YES manual administratively down downVlan1 unassigned YES manual administratively down downr1#%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up r1#ping 192.168.12.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:.....Success rate is 0 percent (0/5)r1#conf tEnter configuration commands, one per line. End with CNTL/Z.r1(config)#ip route 192.168.12.0 255.255.255.0 192.168.11.2r1(config)#exitr1#ping 192.168.12.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:Success rate is 100 percent (5/5), round-trip min/avg/max = 31/31/32 msr1#ping 192.168.12.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.168.12.2, timeout is 2 seconds:.....Success rate is 0 percent (0/5)r1#ping 192.168.12.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.168.12.2, timeout is 2 seconds:Success rate is 100 percent (5/5), round-trip min/avg/max = 47/62/78 msr1#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is not setC 192.168.11.0/24 is directly connected, FastEthernet0/0S 192.168.12.0/24 [1/0] via 192.168.11.2Router3Router>enRouter#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#host r3r3(config)#int fa0/0r3(config-if)#ip add 192.168.12.2 255.255.255.0r3(config-if)#no sh%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up r3(config-if)#exitr3(config)#exitr3#%SYS-5-CONFIG_I: Configured from console by consoler3#show ip interface bInterface IP-Address OK? Method Status Protocol FastEthernet0/0 192.168.12.2 YES manual up up FastEthernet0/1 unassigned YES manual administratively down downVlan1 unassigned YES manual administratively down downr3#conf tEnter configuration commands, one per line. End with CNTL/Z.r3(config)#ip route 192.168.11.0 255.255.255.0 192.168.12.1r3(config)#exitr3#ping 192.168.11.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.168.11.2, timeout is 2 seconds:Success rate is 100 percent (5/5), round-trip min/avg/max = 31/31/32 msr3#ping 192.168.11.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.168.11.1, timeout is 2 seconds:Success rate is 100 percent (5/5), round-trip min/avg/max = 62/62/63 msr3#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is not setS 192.168.11.0/24 [1/0] via 192.168.12.1C 192.168.12.0/24 is directly connected, FastEthernet0/04、默认路由Route 1r1>enr1#conf tEnter configuration commands, one per line. End with CNTL/Z.r1(config)#no ip route 192.168.12.0 255.255.255.0 192.168.11.2%No matching route to deleter1(config)#exitr1#%SYS-5-CONFIG_I: Configured from console by consoler1#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is not setC 192.168.11.0/24 is directly connected, FastEthernet0/0r1#conf tEnter configuration commands, one per line. End with CNTL/Z.r1(config)#ip route 0.0.0.0 0.0.0.0 192.168.11.2r1(config)#exitr1#%SYS-5-CONFIG_I: Configured from console by consoler1#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is 192.168.11.2 to network 0.0.0.0C 192.168.11.0/24 is directly connected, FastEthernet0/0S* 0.0.0.0/0 [1/0] via 192.168.11.2r1#ping 192.168.12.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:Success rate is 100 percent (5/5), round-trip min/avg/max = 16/28/31 msr1#ping 192.168.12.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.168.12.2, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avg/max = 62/62/63 msRoute 3r1>enr1#conf tEnter configuration commands, one per line. End with CNTL/Z.r1(config)#no ip route 192.168.12.0 255.255.255.0 192.168.11.2%No matching route to deleter1(config)#exitr1#%SYS-5-CONFIG_I: Configured from console by consoler1#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is not setC 192.168.11.0/24 is directly connected, FastEthernet0/0r1#conf tEnter configuration commands, one per line. End with CNTL/Z.r1(config)#ip route 0.0.0.0 0.0.0.0 192.168.11.2r1(config)#exitr1#%SYS-5-CONFIG_I: Configured from console by consoler1#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is 192.168.11.2 to network 0.0.0.0C 192.168.11.0/24 is directly connected, FastEthernet0/0S* 0.0.0.0/0 [1/0] via 192.168.11.2r3#ping 192.168.11.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.168.11.1, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avg/max = 62/62/63 ms实训六动态路由RIP 协议1、实验目的使用配置动态路由启动Rip协议使用到的命令(router rip/network/show ip protocols/show ip route)2、实验拓扑R1 fa0/0 192.168.11.1R2 fa0/0 192.168.11.2fa0/1 192.168.12.1R3 fa0/0 192.168.12.23、实验步骤R1Router>enRouter#conf tEnter configuration commands, one per line. End with CNTL/Z. Router(config)#host r1r1(config)#int fa0/0r1(config-if)#ip add 192.168.11.1 255.255.255.0r1(config-if)#no shr1(config-if)#exitr1(config)#router ripr1(config-router)#network 192.168.11.0r1(config-router)#exitr1(config)#exitr1#%SYS-5-CONFIG_I: Configured from console by consoleR2Router>enRouter#conf tEnter configuration commands, one per line. End with CNTL/Z. Router(config)#host r2r2(config)#int fa0/0r2(config-if)#ip add 192.168.11.2 255.255.255.0r2(config-if)#no shr2(config-if)#exitr2(config)#int fa0/1r2(config-if)#ip add 192.168.12.1 255.255.255.0r2(config-if)#no shr2(config-if)#exitr2(config)#router ripr2(config-router)#network 192.168.11.0r2(config-router)#network 192.168.12.0r2(config-router)#exitr2(config)#exitr2#R3Router>enRouter#conf tEnter configuration commands, one per line. End with CNTL/Z. Router(config)#host r3r3(config)#int fa0/0r3(config-if)#ip add 192.168.12.2 255.255.255.0r3(config-if)#no shr3(config-if)#exitr3(config)#router ripr3(config-router)#network 192.168.12.0r3(config-router)#exitr3(config)#exitr3#%SYS-5-CONFIG_I: Configured from console by console4、实验测试R1r1#show ip protocolsRouting Protocol is "rip"Sending updates every 30 seconds, next due in 10 secondsInvalid after 180 seconds, hold down 180, flushed after 240 Outgoing update filter list for all interfaces is not setIncoming update filter list for all interfaces is not set Redistributing: ripDefault version control: send version 1, receive any version Interface Send Recv Triggered RIP Key-chain FastEthernet0/0 1 2 1Automatic network summarization is in effectMaximum path: 4Routing for Networks:192.168.11.0Passive Interface(s):Routing Information Sources:Gateway Distance Last UpdateDistance: (default is 120)r1#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is not setC 192.168.11.0/24 is directly connected, FastEthernet0/0R 192.168.12.0/24 [120/1] via 192.168.11.2, 00:00:24, FastEthernet0/0 r1#ping 192.168.12.0Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.168.12.0, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avg/max = 31/31/32 msR2r2#show ip protocolsRouting Protocol is "rip"Sending updates every 30 seconds, next due in 21 secondsInvalid after 180 seconds, hold down 180, flushed after 240Outgoing update filter list for all interfaces is not setIncoming update filter list for all interfaces is not setRedistributing: ripDefault version control: send version 1, receive any versionInterface Send Recv Triggered RIP Key-chain FastEthernet0/0 1 2 1FastEthernet0/1 1 2 1Automatic network summarization is in effectMaximum path: 4Routing for Networks:192.168.11.0192.168.12.0Passive Interface(s):Routing Information Sources:Gateway Distance Last UpdateDistance: (default is 120)r2#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is not setC 192.168.11.0/24 is directly connected, FastEthernet0/0C 192.168.12.0/24 is directly connected, FastEthernet0/1R3r3#show ip protocolsRouting Protocol is "rip"Sending updates every 30 seconds, next due in 15 secondsInvalid after 180 seconds, hold down 180, flushed after 240Outgoing update filter list for all interfaces is not setIncoming update filter list for all interfaces is not setRedistributing: ripDefault version control: send version 1, receive any versionInterface Send Recv Triggered RIP Key-chain FastEthernet0/0 1 2 1Automatic network summarization is in effectMaximum path: 4Routing for Networks:192.168.12.0Passive Interface(s):Routing Information Sources:Gateway Distance Last UpdateDistance: (default is 120)r3#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is not setR 192.168.11.0/24 [120/1] via 192.168.12.1, 00:00:04, FastEthernet0/0 C 192.168.12.0/24 is directly connected, FastEthernet0/0r3#ping 192.168.11.0Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.168.11.0, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avg/max = 31/31/32 ms实训七负载平衡试训目的实现负载平衡实训拓扑R1 fa0/0 192.168.11.1R2 eth0/0/0 192.168.11.2Fa0/0 192.168.12.1Fa0/0 192.168.13.1R3 fa0/0 192.168.12.2Fa0/1 192.168.14.1R4 fa0/0 192.168.13.2Fa0/1 192.168.15.1R5 fa0/0 192.168.14.2Fa0/1 192.168.15.2实训步骤(R1 )r1>enR1#conf tR1(config)#ip route 0.0.0.0 0.0.0.0 192.168.11.2R1(config)#exitr1#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is 192.168.11.2 to network 0.0.0.0C 192.168.11.0/24 is directly connected, FastEthernet0/0S* 0.0.0.0/0 [1/0] via 192.168.11.2(R2)r2>enr2(config)#ip route 0.0.0.0 0.0.0.0 192.168.12.2r2(config)#ip route 0.0.0.0 0.0.0.0 192.168.13.2r2(config)#exitr2#%SYS-5-CONFIG_I: Configured from console by consoles% Ambiguous command: "s"r2#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is 192.168.12.2 to network 0.0.0.0C 192.168.11.0/24 is directly connected, Ethernet0/0/0C 192.168.12.0/24 is directly connected, FastEthernet0/0C 192.168.13.0/24 is directly connected, FastEthernet0/1S* 0.0.0.0/0 [1/0] via 192.168.12.2[1/0] via 192.168.13.2(R3)r3>enr3#conf tEnter configuration commands, one per line. End with CNTL/Z.r3(config)#ip route 0.0.0.0 0.0.0.0 192.168.12.1r3(config)#exitr3#%SYS-5-CONFIG_I: Configured from console by consoler3#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is 192.168.12.1 to network 0.0.0.0C 192.168.12.0/24 is directly connected, FastEthernet0/0C 192.168.14.0/24 is directly connected, FastEthernet0/1S* 0.0.0.0/0 [1/0] via 192.168.12.1(R4)r4>enr4#conf tEnter configuration commands, one per line. End with CNTL/Z.r4(config)#ip route 0.0.0.0 0.0.0.0 192.168.13.1r4(config)#exitr4#%SYS-5-CONFIG_I: Configured from console by consoler4#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is 192.168.13.1 to network 0.0.0.0C 192.168.13.0/24 is directly connected, FastEthernet0/0C 192.168.15.0/24 is directly connected, FastEthernet0/1S* 0.0.0.0/0 [1/0] via 192.168.13.1(R5)r5>enr5#conf tEnter configuration commands, one per line. End with CNTL/Z.r5(config)#ip route 0.0.0.0 0.0.0.0 192.168.14.1r5(config)#ip route 0.0.0.0 0.0.0.0 192.168.15.1r5(config)#exitr5#%SYS-5-CONFIG_I: Configured from console by consoler5#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is 192.168.14.1 to network 0.0.0.0C 192.168.14.0/24 is directly connected, FastEthernet0/0C 192.168.15.0/24 is directly connected, FastEthernet0/1S* 0.0.0.0/0 [1/0] via 192.168.14.1[1/0] via 192.168.15.1实训测试(R1)r1#ping 192.168.14.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.168.14.1, timeout is 2 seconds:Success rate is 100 percent (5/5), round-trip min/avg/max = 62/84/94 ms (R5)r5#ping 192.168.11.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.168.11.1, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avg/max = 79/91/94 ms实训八DHCP 协议配置实训目的全网配通实训拓扑Fa0/0 192.168.11.1Fa0/1 192.168.12.1实训步骤Router>enRouter#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#host r1r1(config)#int fa0/0r1(config-if)#ip add 192.168.11.1 255.255.255.0r1(config-if)#no shr1(config-if)#exitr1(config)#int fa0/1r1(config-if)#ip add 192.168.12.1 255.255.255.0r1(config-if)#no shr1(config-if)#exitr1(config)#ip dhcp pool znn //配置一个根地址池znnr1(dhcp-config)#network 192.168.11.0 255.255.255.0 //为所有客户机动态分配的地址段r1(dhcp-config)#default-router 192.168.11.1 //为客户机配置默认的网关r1(dhcp-config)#dns-server 192.168.11.1 //为客户机配置DNS服务器r1(dhcp-config)#exitr1(config)#ip dhcp pool znn1r1(dhcp-config)#network 192.168.12.0 255.255.255.0r1(dhcp-config)#default-router 192.168.12.1r1(dhcp-config)#dns-server 192.168.12.1r1(dhcp-config)#exit。
CISCO路由器配置命令详解及实例
CISCO路由器配置命令详解及实例目录CISCO路由器配置命令详解及实例................................................................................................ 第一章:路由器配置基础.................................................................................................................一、基本设置方式.....................................................................................................................二、命令状态.............................................................................................................................三、设置对话过程.....................................................................................................................四、常用命令.............................................................................................................................五、配置IP寻址 .......................................................................................................................六、配置静态路由..................................................................................................................... 第二章:广域网协议设置.................................................................................................................一、HDLC..................................................................................................................................二、PPP......................................................................................................................................三、.............................................................................................................................................四、Frame Relay ........................................................................................................................五. Cisco765M通过ISDN拨号上263.....................................................................................六、PSTN................................................................................................................................... 第三章:路由协议设置.....................................................................................................................一、RIP协议 .............................................................................................................................三、OSPF协议 ..........................................................................................................................四、重新分配路由.....................................................................................................................五、IPX协议设置 ..................................................................................................................... 第四章?:服务质量及访问控制.......................................................................................................一、协议优先级设置.................................................................................................................二、队列定制.............................................................................................................................三、访问控制............................................................................................................................. 第五章:虚拟局域网(VLAN)路由..............................................................................................一、虚拟局域网(VLAN)...........................................................................................................二、交换机间链路(ISL)协议...............................................................................................三、虚拟局域网(VLAN)路由实例...................................................................................... 第六章:知识参考.............................................................................................................................一、路由器初始化.....................................................................................................................二、IP分配................................................................................................................................第一章:路由器配置基础一、基本设置方式一般来说,可以用5种方式来设置路由器:1.Console口接终端或运行终端仿真软件的微机;2.AUX口接MODEM,通过电话线与远方的终端或运行终端仿真软件的微机相连;3.通过Ethernet上的TFTP服务器;4.通过Ethernet上的TELNET程序;5.通过Ethernet上的SNMP网管工作站。
思科Cisco策略路由(policyroute)详细介绍
思科Cisco策略路由(policyroute)详细介绍注:PBR以前是CISCO⽤来丢弃报⽂的⼀个主要⼿段。
⽐如:设置set interface null 0,按CISCO说法这样会⽐ACL的deny要节省⼀些开销。
这⾥我提醒:interface null 0no ip unreachable //加⼊这个命令这样避免因为丢弃⼤量的报⽂⽽导致很多ICMP的不可达消息返回。
三层设备在转发数据包时⼀般都基于数据包的⽬的地址(⽬的⽹络进⾏转发),那么策略路由有什么特点呢?1、可以不仅仅依据⽬的地址转发数据包,它可以基于源地址、数据应⽤、数据包长度等。
这样转发数据包更灵活。
2、为QoS服务。
使⽤route-map及策略路由可以根据数据包的特征修改其相关QoS项,进⾏为QoS服务。
3、负载平衡。
使⽤策略路由可以设置数据包的⾏为,⽐如下⼀跳、下⼀接⼝等,这样在存在多条链路的情况下,可以根据数据包的应⽤不同⽽使⽤不同的链路,进⽽提供⾼效的负载平衡能⼒。
策略路由影响的只是本地的⾏为,所以可能会引起“不对称路由”形式的流量。
⽐如⼀个单位有两条上⾏链路A与B,该单位想把所有HTTP流量分担到A 链路,FTP流量分担到B链路,这是没有问题的,但在其上⾏设备上,⽆法保证下⾏的HTTP流量分担到A链路,FTP流量分担到B链路。
策略路由⼀般针对的是接⼝⼊(in)⽅向的数据包,但也可在启⽤相关配置的情况下对本地所发出的数据包也进⾏策略路由。
本⽂就策略路由的以下四个⽅⾯做相关讲解:1、启⽤策略路由2、启⽤Fast-Switched PBR3、启⽤Local PBR4、启⽤CEF-Switched PBR启⽤策略路由:开始配置route-map。
使⽤route-map map-tag [permit | deny] [sequence-number]进⼊route-map的配置模式。
使⽤match语句定义感兴趣的流量,如果不定义则指全部流量。
cisco怎么策略路由实现定向路由
cisco怎么策略路由实现定向路由思科公司已成为公认的全球网络互联解决方案的领先厂商,其公司出产的一系列路由器更是引领全球,那么你知道cisco怎么策略路由实现定向路由吗?下面是店铺整理的一些关于cisco怎么策略路由实现定向路由的相关资料,供你参考。
cisco策略路由实现定向路由的方法:拓扑图由于设计需要,必须将汇聚层上来的不同地址段路由到核心层不同入口,实现类似负载均衡效果。
这里没有把拓扑给全,实际上在NE40和3550之间的两个网段上各有一个认证网关。
这里通过cisco3550上的策略路由功能实现。
首先创建两个ACL,定义源地址:access-list 100 permit ip 10.200.0.0 0.3.255.255 anyaccess-list 104 permit ip 10.204.0.0 0.3.255.255 any注意:这两条ACL我们只是要定义源地址用的。
只是7650下连的地址。
然后定义策略路由:route-map lygcatv permit 10match ip address 100set ip next-hop 172.255.0.1!route-map lygcatv permit 20match ip address 104set ip next-hop 172.255.0.9注意:两个策略名字一样实际上是一个策略,后面的10和20是索引号,或者叫优先级号,实际应用中先比较10号,不匹配再比较20号。
100和104对应上面的两个ACL,最后定义下一跳地址,就是NE40上和3550相连的地址。
最后应用到接口上:interface FastEthernet0/12no switchportip address 172.255.0.17 255.255.255.248ip policy route-map lygcatv注意:策略只能应用到入口上,否则不成功,只是经过痛苦的失败得到的结果,后来一查资料果然如此。
策略路由的配置详解和实例
策略路由的配置详解和实例Routemap和ACL很类似,它可以用于路由的再发布和策略路由,还经常使用在BGP中.策略路由(policyroute)实际上是复杂的静态路由,静态路由是基于数据包的目标地址并转发到指定的下一跳路由器,策略路由还利用和扩展IPACL链接,这样就可以提供更多功能的过滤和分类。
策略路由配置实例:ROUTEA:Verion11.2Noerviceudp-mall-erverNoervicetcp-mall-erverHotnamerouterAInterfaceethernet0Ipaddre192.1.1.1255.255.255.0econdaryIpaddre192.1.1.2255.255.255.0econdaryIpaddre192.1.1.3255.255.255.0econdaryIpaddre192.1.1.10255.255.255.0Ippolicyroute-maplab1//策略路由应用于E0口interfaceerial0ipaddr150.1.1.1255.255.255.0interfaceerial1ipaddr151.1.1.1255.255.255.0routerripnetwork192.1.1.0network150.1.0.0network151.1.0.0iplocalpolicyroute-maplab1//使路由器策略路由本地产生报文noipclaleacce-lit1permit192.1.1.1acce-lit2permit192.1.1.2route-maplab1permit10//定义策略路由图名称:LAB1,10为序号,用来标明被匹配的路由顺序。
Matchipaddre1//匹配地址为访问列表1Setinterfaceerial0//匹配下一跳为S0Route-maplab1permit20Matchipaddre2Setinterfaceerial1Linecon0Lineau某0Linevty04LoginEnd路由器B为标准配置略。
CISCO交换机策略路由配置说明
Configuring Policy-Based RoutingYou can use policy-based routing (PBR) to configure a defined policy for traffic flows. By using PBR, you can have more control over routing by reducing the reliance on routes derived from routing protocols. PBR can specify and implement routing policies that allow or deny paths based on:•Identity of a particular end system•Application•ProtocolYou can use PBR to provide equal-access and source-sensitive routing, routing based on interactive versus batch traffic, or routing based on dedicated links. For example, you could transfer stock records to a corporate office on a high-bandwidth, high-cost link for a short time while transmitting routine application data such as e-mail over a low-bandwidth, low-cost link.With PBR, you classif y traffic using access control lists (ACLs) and then make traffic go through a different path. PBR is applied to incoming packets. All packets received on an interface with PBR enabled are passed through route maps. Based on the criteria defined in the route maps, packets are forwarded (routed) to the appropriate next hop.•If packets do not match any route map statements, all set clauses are applied.•If a statement is marked as permit and the packets do not match any route-map statements, the packets are sent through the normal forwarding channels, and destination-based routing is performed.•For PBR, route-map statements marked as deny are not supported.For more information about configuring route maps, see the "Using Route Maps to Redistribute Routing Information" section.You can use standard IP ACLs to specify match criteria for a source address or extended IP ACLs to specify match criteria based on an application, a protocol type, or an end station. The process proceeds through the route map until a match is found. If no match is found, normaldestination-based routing occurs. There is an implicit deny at the end of the list of match statements.If match clauses are satisfied, you can use a set clause to specify the IP addresses identifying the next hop router in the path.For details about PBR commands and keywords, see the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2. For a list of PBR commands that are visible but not supported by the switch, see Appendix C, "Unsupported Commands inCisco IOS Release 12.2(35)SE,"Note This software release does not support PBR when processing IPv4 and IPv6 traffic.PBR Configuration GuidelinesBefore configuring PBR, you should be aware of this information:•To use PBR, you must have the IP services image installed on the switch.•Multicast traffic is not policy-routed. PBR applies to only to unicast traffic.•You can enable PBR on a routed port or an SVI.•The switch does not support route-map deny statements for PBR.•You can apply a policy route map to an EtherChannel port channel in Layer 3 mode, but you cannot apply a policy route map to a physical interface that is a member of the EtherChannel. If you try to do so, the command is rejected. When a policy route map is applied to a physical interface, that interface cannot become a member of an EtherChannel.•You can define a maximum of 246 IP policy route maps on the switch.•You can define a maximum of 512 access control entries (ACEs) for PBR on the switch.•When configuring match criteria in a route map, follow these guidelines:–Do not match ACLs that permit packets destined for a local address. PBR would forward these packets, which could cause ping or Telnet failure or route protocol flapping.–Do not match ACLs with deny ACEs. Packets that match a deny ACE are sent to the CPU, which could cause high CPU utilization.•To use PBR, you must first enable the routing template by using the sdm prefer routing global configuration command. PBR is not supported with the VLAN or default template. For more information on the SDM templates, see Chapter 7, "Configuring SDM Templates."•VRF and PBR are mutually exclusive on a switch interface. You cannot enable VRF when PBR is enabled on an interface. In contrast, you cannot enable PBR when VRF is enabled on an interface.•The number of TCAM entries used by PBR depends on the route map itself, the ACLs used, and the order of the ACLs and route-map entries.•Policy-based routing based on packet length, TOS, set interface, set default next hop, or set default interface are not supported. Policy maps with no valid set actions or with set action set to Don't Fragment are not supported.•Beginning with Cisco IOS Release 12.2(35)SE, the switch supports quality of service (QoS) DSCP and IP precedence matching in PBR route maps with these limitations:–You cannot apply QoS DSCP mutation maps and PBR route maps to the same interface.–You cannot configure DSCP transparency and PBR DSCP route maps on the same switch.–When you configure PBR with QoS DSCP, you can set QoS to be enabled (by entering the mls qos global configuration command) or disabled (by entering the no mls qos command). When QoS is enabled, to ensure that the DSCP value of the traffic is unchanged, you should configure DSCP trust state on the port where traffic enters the switch by entering the mls qos trust dscp interface configuration command. If the trust state is not DSCP, by default all nontrusted traffic would have the DSCP value marked to 0.Enabling PBRBy default, PBR is disabled on the switch. To enable PBR, you must create a route map that specifies the match criteria and the resulting action if all of the match clauses are met. Then, you must enable PBR for that route map on an interface. All packets arriving on the specified interface matching the match clauses are subject to PBR.PBR can be fast-switched or implemented at speeds that do not slow down the switch.Fast-switched PBR supports most match and set commands. PBR must be enabled before you enable fast-switched PBR. Fast-switched PBR is disabled by default.Packets that are generated by the switch, or local packets, are not normally policy-routed. When you globally enable local PBR on the switch, all packets that originate on the switch are subject to local PBR. Local PBR is disabled by default.Note To enable PBR, the switch must be running the IP services image.Beginning in privileged EX EC mode, follow these steps to configure PBR:•••Use the no route-map map-tag global configuration command or the no match or no setroute-map configuration commands to delete an entry. Use the no ip policy route-map map-tag interface configuration command to disable PBR on an interface. Use the no ip route-cache policyinterface configuration command to disable fast-switching PBR. Use the no ip local policy route-map map-tag global configuration command to disable policy-based routing on packets originating on the switch.。
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
策略路由1策略路由概述..............................................1.1普通路由的概念 .....................................1.2 策略路由的概念.....................................1.2.1 策略路由.....................................1.2.2 路由策略.....................................2 策略路由的实现原理.......................................2.1 策略路由的好处.....................................2.2 策略路由的流程.....................................2.3策略路由的处理流程 .................................2.3.1 流模式和逐包模式.............................2.3.2 流模式流程图.................................2.3.2 路由器流模式及逐包模式切换命令...............2.4 Route-map原理与执行 ...............................2.4.1 Route-map概念 ...............................2.4.2 理解Route-map ...............................2.4.3 Route-map 的执行语句........................3 策略路由的规划设计.......................................3.1 策略路由的适用环境.................................3.2 策略路由的配置.....................................3.2.1 路由器基本配置...............................3.2.2 交换机基本配置...............................3.3 策略路由的验证和调试...............................4 策略路由部署应用案例.....................................4.1 策略路由配置案例一.................................4.1.1网络拓扑 .....................................4.1.2功能需求: ...................................4.1.3配置实现: ..................................4.2 策略路由配置案例二.................................4.2.1网络拓扑 .....................................4.2.2功能需求: ...................................4.2.3配置实现: ..................................4.3 策略路由配置案例三.................................4.3.1网络拓扑 .....................................4.3.2功能需求: ...................................4.3.3配置实现: ..................................4.3.4配置优化: .................................. 1策略路由概述1.1普通路由的概念普通路由转发基于路由表进行报文的转发;路由表的建立直联路由、主机路由;静态配置路由条目;动态路由协议学习生成;查看命令——show ip route对于同一目的网段,可能存在多条distance不等的路由条目1.2 策略路由的概念1.2.1 策略路由所谓策略路由,顾名思义,即是根据一定的策略进行报文转发,因此策略路由是一种比目的路由更灵活的路由机制。
在路由器转发一个数据报文时,首先根据配置的规则对报文进行过滤,匹配成功则按照一定的转发策略进行报文转发。
这种规则可以是基于标准和扩展访问控制列表,也可以基于报文的长度;而转发策略则是控制报文按照指定的策略路由表进行转发,也可以修改报文的IP优先字段。
因此,策略路由是对传统IP 路由机制的有效增强。
策略路由能满足基于源IP地址、目的IP址、协议字段,甚至于TCP、UDP的源、目的端口等多种组合进行选路。
简单点来说,只要IP standard/extended ACL(IP标准/扩展ACL) 能设置的,都可以做为策略路由的匹配规则进行转发。
策略路由(Policy Route)是指在决定一个IP包的下一跳转发地址或是下一跳缺省IP地址时,不是简单的根据目的IP地址决定,而是综合考虑多种因素来决定。
如可以根据DSCP字段、源和目的端口号,源IP地址等来为数据包选择路径。
策略路由可以在一定程度上实现流量工程,使不同服务质量的流或者不同性质的数据(语音、FTP)走不同的路径。
基于策略的路由为网络管理者提供了比传统路由协议对报文的转发和存储更强的控制能力。
传统上,路由器用从路由协议派生出来的路由表,根据目的地址进行报文的转发。
基于策略的路由比传统路由能力更强,使用更灵活,它使网络管理者不仅能够根据目的地址而且能够根据协议类型、报文大小、应用或I P源地址来选择转发路径。
策略可以定义为通过多路由器的负载平衡或根据总流量在各线上进行报文转发的服务质量(Q o S )。
本交换机所支持的策略路由是与QOS的流分类标准相结合的。
针对简单流分类和复杂流分类,可以根据到来的数据包的匹配的以下特征,来设定策略路由:⏹802.1p优先级⏹VLAN ID⏹源/目的MAC地址⏹源/目的的IP地址(包括IP MASK部分)⏹TCP/UDP源/目的端口号⏹IP优先级⏹DSCP的优先级DSCP差分服务代码点(Differentiated Services Code Point),IETF于1998年12月发布了Diff-Serv(Differentiated Service)的QoS分类标准。
它在每个数据包IP头部的服务类别TOS标识字节中,利用已使用的6比特和未使用的2比特,通过编码值来区分优先级·简介DSCP差分服务代码点(Differentiated Services Code Point),IETF于1998年12月发布了Diff-Serv(Differentiated Service)的QoS分类标准。
它在每个数据包IP头部的服务类别TOS标识字节中,利用已使用的6比特和未使用的2比特,通过编码值来区分优先级.DSCP 使用6个bit,DSCP的值得范围为0~63。
DSCP 是“IP 优先”和“服务类型”字段的组合。
为了利用只支持“IP 优先”的旧路由器,会使用DSCP 值,因为DSCP 值与“IP 优先”字段兼容。
每一个DSCP编码值都被映射到一个已定义的PHB(Per-Hop-Behavior)标识码。
通过键入DSCP值,电话、Windows客户和服务器等终端设备也可对流量进行标识。
支持设备大部分ONU/MDU/OLT设备都会支持。
四种PHB的分类1、Default PHB (FIFO,tail drop) DSCP值为02、Expedited Forwarding PHB(急速转发,提供延时的保证) 主要针对于延时PQDSCP的默认为前3个bit为101,后3个bit为1103、Assured Forwarding PHB(确保转发,提供带宽保证) 确保带宽,用于带宽保证。
CBWFQAF1 001 dd 0 每个AF的大类中有会分为3个小类,dd中定义的类型,dd为丢弃概率,值越大丢弃率越高。
三个小类为(AF11 01 LOW,AF12 10 Medium, AF13 11 High)4、class-selector(ip precedence) PHB 用于和老的优先级做兼容,后3个bit都为0。
*********************************************************************************************************************************************************⏹IP的协议类型字段可以对匹配以上特征的流,设定以下两种策略路由:下一跳I P 地址: 这条配置命令标示了那些符合匹配语句的输出报文将进行下一跳I P 地址。
下一跳缺省I P 地址: 这条配置命令设定缺省的下一跳。
如果路由表中没有明确的路径,则路由器使用缺省的下一跳。
这个过程经常应用于在两个不同的服务提供商之间进行负载平衡。
当使用这条命令时,也是首先用路由表进行路由。
如果路由表中没有明确的路径,则路由器根据制定的策略使用缺省值。
策略路由使网络管理者能根据它提供的机制指定一个报文采取的具体路径。
而在当今高性能的网络中,这种选择的自由性是很需要的。
需要明确策略路由是设置在接收报文接口而不是发送接口。
当在接收报文的接口设定了策略路由后,交换机在该接口,检测到来的数据报文,当检测到有匹配相应流分类特征的数据数据报文经过时,就查找相应的策略路由表项,按照策略路由表项所指定的下一跳IP地址或是缺省路由IP地址,来选择转发路径。
策略路由功能是与流分类和流策略紧密相关的,关于流分类和流策略的基本配置命令见QOS配置部分。
1.2.2 路由策略路由策略通过路由策略控制路由的接收、发布、引入的方法,实现对路由的优化2 策略路由的实现原理2.1 策略路由的好处基于源的路由可以使不同的用户选择不同的ISP通过设置IP Precedence或Tos来实现QOS实现负载均衡2.2 策略路由的流程使用Route-map来配置策略路由的流程策略路由只对入口数据包有效。
应用策略路由,必须要指定策略路由使用的路由映射,并且要创建路由映射。
一个路由映射由很多条策略组成,每个策略都定义了1个或多个的匹配规则和对应操作。
一个接口应用策略路由后,将对该接口接收到的所有包进行检查,不符合路由映射任何策略的数据包将按照通常的路由转发进行处理,符合路由映射中某个策略的数据包就按照该策略中定义的操作进行处理。