组网要求:缺省情况下,AR2的接口GE0/0/0上收到的所有访问Server的报文根据路由表转发的下一跳均为10.4.1.2。现要求在Router上配置接口策略路由,对于访问Server的报文实现如下要求:
· 匹配接口GE0/0/0上收到的源IP地址为192.168.20.1的报文,将该报文的下一跳重定向到10.5.1.2,此接口的流策略调用优先级较高。
· 匹配接口GE0/0/0上收到的HTTP报文,将该报文的下一跳重定向到10.3.1.2。
一、华为模拟器实际操作视频:
二、IP设置:
PC1:192.168.10.1/24
PC2:192.168.20.1/24
AR1:192.168.10.2/24,192.168.20.2/24,10.1.1.1/24
AR2:10.1.1.2/24,10.3.1.1/24,10.4.1.1/24,10.5.1.1/24
AR3:10.3.1.2/24
AR4:10.4.1.2/24
AR5:10.5.1.2/24
三、AR1的主要配置文件:
#
sysname AR1
#
interface GigabitEthernet0/0/0
ip address 192.168.10.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 192.168.20.2 255.255.255.0
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 10.1.1.2
#
return
四、AR2的主要配置:
#
sysname AR2
#
board add 0/4 1GEC
#
acl number 3001
rule 5 permit ip source 192.168.20.1 0
acl number 3002
rule 5 permit tcp destination-port eq www
#
traffic classifier c2 operator or
if-match acl 3002
traffic classifier c1 operator or
if-match acl 3001
#
traffic behavior b2
redirect ip-nexthop 10.3.1.2
traffic behavior b1
redirect ip-nexthop 10.5.1.2
#
traffic policy p1
classifier c1 behavior b1
classifier c2 behavior b2
#
interface GigabitEthernet0/0/0
ip address 10.1.1.2 255.255.255.0
traffic-policy p1 inbound
#
interface GigabitEthernet0/0/1
ip address 10.3.1.1 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 10.4.1.1 255.255.255.0
#
interface GigabitEthernet4/0/0
ip address 10.5.1.1 255.255.255.0
#
interface NULL0
#
ip route-static 192.168.1.0 255.255.255.0 10.3.1.2
ip route-static 192.168.1.0 255.255.255.0 10.4.1.2 preference 40
ip route-static 192.168.1.0 255.255.255.0 10.5.1.2
#
return
五、验证配置结果:
1、 通过display traffic classifieruser-defined命令查看已配置的流分类信息。
display traffic classifier user-defined
User Defined Classifier Information:
Classifier: c2
Operator: OR
Rule(s) :
if-match acl 3002
Classifier: c1
Operator: OR
Rule(s) :
if-match acl 3001
2、通过display traffic behavioruser-defined命令查看已配置的流行为信息。
display traffic behavior user-defined
User Defined Behavior Information:
Behavior: b2
Redirect:
Redirect ip-nexthop 10.3.1.2
Behavior: b1
Redirect:
Redirect ip-nexthop 10.5.1.2
3、通过display traffic policyuser-defined命令查看流策略的配置信息。
display traffic policy user-defined
User Defined Traffic Policy Information:
Policy: p1
Classifier: c1
Operator: OR
Behavior: b1
Redirect:
Redirect ip-nexthop 10.5.1.2
Classifier: c2
Operator: OR
Behavior: b2
Redirect:
Redirect ip-nexthop 10.3.1.2
4、通过display traffic-policyapplied-record命令查看指定流策略的应用记录。
disp traffic-policy ?
applied-record Applied record
disp traffic-policy app
disp traffic-policy applied-record
-------------------------------------------------
Policy Name: p1
Policy Index: 0
Classifier:c1 Behavior:b1
Classifier:c2 Behavior:b2
-------------------------------------------------
*interface GigabitEthernet0/0/0
traffic-policy p1 inbound
slot 0 : success
-------------------------------------------------
领取专属 10元无门槛券
私享最新 技术干货