华为设备配置(八)策略路由配置
一、网络拓扑
二、IP地址配置
PC 配置
PC1:192.168.10.1 255.255.255.0 192.168.10.254
PC2:192.168.20.1 255.255.255.0 192.168.20.254R1 配置
[R1]interface g0/0/0
[R1-GigabitEthernet0/0/0]ip address 192.168.10.254 24
[R1]interface g0/0/1
[R1-GigabitEthernet0/0/1]ip address 192.168.20.254 24
[R1]interface g0/0/2
[R1-GigabitEthernet0/0/2]ip address 12.1.1.1 30
[R1]interface g4/0/0
[R1-GigabitEthernet4/0/0]ip address 13.1.1.1 30R2 配置
[R2]interface g0/0/0
[R2-GigabitEthernet0/0/0]ip address 12.1.1.2 30
[R2]interface g0/0/1
[R2-GigabitEthernet0/0/1]ip address 100.1.1.1 30
[R2]interface LoopBack 0
[R2-LoopBack0]ip address 1.1.1.1 32R3 配置
[R3]interface g0/0/0
[R3-GigabitEthernet0/0/0]ip address 13.1.1.2 30
[R3]interface g0/0/1
[R3-GigabitEthernet0/0/1]ip address 100.1.1.2 30
[R3]interface LoopBack 0
[R3-LoopBack0]ip address 2.2.2.2 32三、路由配置
R1 配置
[R1]ip route-static 0.0.0.0 0.0.0.0 12.1.1.2
[R1]ip route-static 0.0.0.0 0.0.0.0 13.1.1.2R2 配置
[R2]ospf 1
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 12.1.1.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]network 100.1.1.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0R3 配置
[R3]ospf 1
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]network 13.1.1.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]network 100.1.1.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0路由配置验证
[R2]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
2.2.2.2/32 OSPF 10 1 D 100.1.1.2 GigabitEthernet
0/0/1
12.1.1.0/30 Direct 0 0 D 12.1.1.2 GigabitEthernet
0/0/0
12.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
12.1.1.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
13.1.1.0/30 OSPF 10 2 D 100.1.1.2 GigabitEthernet
0/0/1
100.1.1.0/30 Direct 0 0 D 100.1.1.1 GigabitEthernet
0/0/1
100.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
100.1.1.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0四、NAT配置
[R1]acl 2000
[R1-acl-basic-2000]rule 5 permit source 192.168.10.0 0.0.0.255
[R1-acl-basic-2000]rule 6 permit source 192.168.20.0 0.0.0.255
[R1]interface g0/0/2
[R1-GigabitEthernet0/0/2]nat outbound 2000
[R1]interface g4/0/0
[R1-GigabitEthernet4/0/0]nat outbound 2000五、流策略配置
1. 流 配置
[R1]acl 2010
[R1-acl-basic-2010]rule 5 permit source 192.168.10.0 0.0.0.255
[R1]acl 2020
[R1-acl-basic-2020]rule 5 permit source 192.168.20.0 0.0.0.2552. 流分类 配置
[R1]traffic classifier jiaoxue
[R1-classifier-jiaoxue]if-match acl 2010
[R1]traffic classifier sushe
[R1-classifier-sushe]if-match acl 20203. 流行为 配置
R1traffic behavior dianxin
R1-behavior-dianxinredirect ip-nexthop 12.1.1.2
R1traffic behavior liantong
R1-behavior-liantongredirect ip-nexthop 13.1.1.2
4. 流策略 配置
[R1]traffic policy p
[R1-trafficpolicy-p]classifier jiaoxue behavior dianxin
[R1]traffic policy q
[R1-trafficpolicy-q]classifier sushe behavior liantong5. 调用流策略
[R1]interface g0/0/0
[R1-GigabitEthernet0/0/0]traffic-policy p inbound
[R1]interface g0/0/1
[R1-GigabitEthernet0/0/1]traffic-policy q inbound配置验证
PC2上测试去往R2(1.1.1.1)的路径
PC>tracert 1.1.1.1
traceroute to 1.1.1.1, 8 hops max
(ICMP), press Ctrl+C to stop
1 * * *
2 13.1.1.2 47 ms 16 ms 15 ms
3 1.1.1.1 32 ms 31 ms 15 ms