策略路由与前缀列表试验解析

1、实验十一 策略路由和前缀列表的配置一、实验目的通过本实验掌握以下内容：（1 ）用route-map定义路由策略（2 ）在接口下应用路由策略（3）基于源IP地址的策略路由的调试（4）基于报文大小的策略路由的调试（5 ）前缀列表的配置二、实验内容-route-map和列表实验任务一基于源IP地址的策略路由（PBR）实验拓扑150-1_1.0/24实验步骤及配置命令1. R1、R2和R3的配置R1(co nfig)#i nterface f0/0R1(config-if)#ip address 192.1.1.3 255.255.255.0R1(config)#interface serial 1/

2、0R1(co nfig-if)#ip address 150.1.1.1 255.255.255.0R1(c on fig-if)# no shutdow nR1(c on fig)# in terface serial 1/1R1(co nfig-if)#ip address 151.1.1.1 255.255.255.0R1(c on fig-if)# no shutdow nR1(con fig)#router ripR1(co nfig-router)# network 192.1.1.0R1(co nfig-router)# network 150.1.0.0R1(co nfig-r

3、outer)# network 151.1.0.0R1(c on fig-router)#exitR2( config)#interface s0/1R2(config-if)#ip address 150.1.1.2 255.255.255.0R2(config-if)#no shutdownR2(config-if)#clock rate 64000R2(config-if)#exitR2(config)#interface s0/2R2(config-if)#ip address 151.1.1.2 255.255.255.0R2(config-if)#clock rate 64000R

4、2(config-if)#no shutdownR2(co nfig-if)#exitR2(c on fig)# in terface loopback 0R2(config-if)#ip address 152.1.1.1 255.255.255.0R2(co nfig-if)#exitR2(con fig)#router ripR2(co nfig-router)# network 150.1.0.0R2(co nfig-router)# network 151.1.0.0R2(co nfig-router)# network 152.1.0.0R2(co nfig)#do wrR3(co

5、nfig)#interface f1/0R3(config-if)#ip address 192.1.1.1 255.255.255.0R3(config-if)#ip address 192.1.1.2 255.255.255.0 secondary 2. R1(co nfig)#access-list 1 permit 192.1.1.1 0.0.0.0R1(co nfig)#access-list 2 permit 192.1.1.2 0.0.0.0定义两台服务器的IPR1(c on fig)#route-map lab1 permit 10R1(c on fig-route-map)#

6、match ip address 1R1(config-route-map)#set ip next-hop 150.1.1.2R1(c on fig-route-map)#exitRoute Map表lab1的第一条语句，服务器192.1.1.1的数据经过下一跳地址是150.1.1.2即s0/1发送，条件语句嵌套ACL1R1(co nfig)#route-map lab1 permit 20R1(c on fig-route-map)#match ip address 2R1(config-route-map)#set ip next-hop 151.1.1.2R1(c on fig-rou

7、te-map)#exitRoute Map表lab1的第二条语句，服务器192.1.1.2的数据经过下一跳地址是151.1.1.2即s0/2发送，条件语句嵌套ACL2R1(config)#interface f 0/0R1(c on fig-if)#ip policy route-map lab1 在f 0/0接口上应用名字是Iab1的Route Map表R1(c on fig)#ip local policy route-map lab1要求路由器本身产生的数据包也接受策略路由的管理2.测试扩展的traceroute命令R3#traceroute ipTarget IP address: 1

8、52.1.1.1Source address: 192.1.1.1Numeric display n:Timeout in seconds 3:Probe count 3:Minimum Time to Live 1:Maximum Time to Live 30:Port Number 33434:Loose, Strict, Record, Timestamp, Verbosenone: Type escape sequence to abort.Tracing the route to 152.1.1.11 150.1.1.2 56 msec * 72 msecR3#traceroute

9、 ipTarget IP address: 152.1.1.1Source address: 192.1.1.2Numeric display n:Timeout in seconds 3:Probe count 3:Minimum Time to Live 1:Maximum Time to Live 30:Port Number 33434:Loose, Strict, Record, Timestamp, Verbosenone: Type escape sequence to abort.Tracing the route to 152.1.1.11 151.1.1.2 56 msec

10、 * 52 msec另一种测试源 IP 地址的策略路由使用 debug ip policy 命令来监视策略路由R1#debug ip policyPolicy routing debugging is onR3#pingProtocol ip:Target IP address: 152.1.1.1Repeat count 5:Datagram size 100:Timeout in seconds 2:Extended commands n: ySource address or interface: 192.1.1.1Type of service 0:Set DF bit in IP h

11、eader? n o:Validate reply data? n o:Data pattern OxABCD:Loose, Strict, Record, Timestamp, Verbose non e:Sweep range of sizes n:Type escape seque nee to abort.Sen di ng 5, 100-byte ICMP Echos to 152.1.1.1, timeout is 2 seco nds:Packet sent with a source address of 192.1.1.1!Success rate is 100 percen

12、t (5/5), round-trip min/avg/max = 4/51/128 ms这样路由器R1会输出debug ip policy监视所得的结果，截图 该命令显示定义的所有路由策略及路由策略匹配的情况。R3#traceroute ipTarget ip address: 152*1.1*1source address: 192.1.1.1Numeric disp1 ay n:Titneout in seconds 3:probe count 3:Mn ni mum Time to Live 1:Maximum Time to Live 30:port Number S3434:Loo

13、se, Strn ct , Recor d , Ti mestamp, verbose noiType escape sequence to abort.Traci ng the route to 152<1.1.11 192* 1.1* 3 52 msec 40 msec 16 msec2 150.1.1,2 8 msec *96 msecR3#traceroute ipTarget IP address: 152source address 192.1.1,2Numeric dn splay n:Timeout in seconds 3:Probe count 3:Mini mum

14、Time to Live 1:Maxi mum ti me to Live 30:Port Number 33434:Loose, strict, Record, Timestamp, verbosenone:Type escape sequence to abort,Traci ng tne route to 152.l.l11 192.1.1.3 40 msec 44 msec 8 msec2 151.1.1.2 4 msec *104 msecR1#show route-map查看定义的所有路由策略及路由策略匹配的情况Rl#show roure-map route-map serverl

15、, permit( sequentE 10Match clauses:ip address (access-lists): 1 ser clauses:i p next-hop 150.1.1.2Policy routing hin工匚hes: 14 packers, 1146 bytes route-map serverl, permit( sequence 20Match 匚lauwES:ip address (access-lists): 25er clauses:1p next-hop 151.1.1.2Policy routing matches: 5 packets, 587 by

16、tes Rl|R1#show ip policy 查看策略路由及作用的接口" _J " r f n IE h MW V =HI#show ip policy interfaceRoute maplocalserverlFaO/Oserverl实验任务二基于报文大小的策略路由(PBR) 实验拓扑同上64-1nOByte150. 1. 1. 0/24192. 1. E 0/24151. 1. 1. 0/24101-lDQOByte本实验设计如下：在路由器R1的f0/0接口应用IP策略路由CCNP,使得对大小为64-100字节的数据包设置出接口为S1/0;大小为101-1000字

17、节的数据包设置出接口为s1/1,所有其它的数据包正常转发，整个网络运行EIGRP路由协议。请自己按照实际拓扑的描述设计实验模拟拓扑实验参考命令步骤1:先去掉上一个任务中R1的策略路由的相关配置R1(c on fig)# no ip local policy route-map Iab1R1(config)#interface f 0/0R1(c on fig-if)# no ip policy route-map lab1R1(c on fig)# no route-map lab1R1(c on fig)# no access-list 1R1(c on fig)# no access-li

18、st 2步骤2：配置路由器R1R1(co nfig)#route-map CCNP permit 10R1(co nfig-route-m ap)#match len gth 64 100R1(c on fig-route-map)#set in terface s1/0R1(co nfig)#route-map CCNP permit 20R1(co nfig-route-m ap)#match len gth 101 1000R1(config-route-map)#set interface s1/1R1(config)#interface f0/0R1(co nfig-if)#ip p

19、olicy route-map CCNPR1(c on fig)#router eigrp 1R1(c on fig-router)# no auto-summaryR1(co nfig-router)# network 10.1.1.0 255.255.255.0R1(co nfig-router)# network 192.168.12.0R1(co nfig-router)# network 192.168.21.0实验调试(1 )执行扩展ping命令，数据包的长度为90,源地址为192.1.1.1 (路由器R3的以太口地址)：R3#pingProtocol ip:Target IP a

20、ddress: 152.1.1.1Repeat count 5: 1Datagram size 100: 90Timeout in seconds 2:Extended commands n: ySource address or interface: 192.1.1.1Type of service 0:Set DF bit in IP header? no:Validate reply data? no:Data pattern OxABCD:Loose, Strict, Record, Timestamp, Verbosenone:Sweep range of sizes n:Type

21、escape sequence to abortflMar101:15:04, 507:IP： s-192.1.1.1 CFa5rEthrneftO/03, d-152, lr 1.1, len 90, FIH policymatchflwar10丄tn： s-192.1.1.1 CFasrEthernei：o/o)H d-152 1.1.1 (serial 1/0) . len Fie policyroutedKl*l路由器R1上显示调试信息，仔细分析其含义。R1#debug ip policyRiff*Mar 1 DI :O7:51. 319 - HP ： s=ll92,1-1 (Fas-

22、tEthernhetO/O) d=l 52/1.1*1, len M., FIB pel i cy matchMar 1 01:07:51. 319: IP： s->19Z. 1.1.1 (FastEtherr»etO/0) B d-152.1.1.1 (Seriall/O) B len 90. FIB policy rout(2)执行扩展ping命令，数据包的长度为300,源地址为192.1.1.1R3#pingpolicy watchen 500 FIB pollicv routedRl#*Mar 1 01:20:05.211: IP： 5-192.1.1.1 (FastE

23、therretO/O)a d-153El,l,la-Mar 1 01:2O:OS.211i IP: 5=192.1.1.1 CFastEthernetO/O). d=152.1.1.1(3)执行扩展ping命令，数据包的长度为1200,源地址为192.1.1.1R3#pingIH4-V*war 1 012103.023 ? ip: 5-19*2.lrl,l (F«iEthern«i:O/O) P d-L52B 1.1,1, len 12 WR fib polUcy rejeci«d(no mat ch) - z Rai forwardi ng(4)show rou

24、te-map该命令显示定义的所有路由策略及路由策略匹配的情况。Rl#show route-Tiiaproute-map typet permit, sequence 10 Match clauses:1ength 64 100Set clauses:i nterface seriall/0policy routing matches: 17 packetsT 1868 bytes route-map TYPE, permit, sequence 20Match clauses: length 101 1000Set clauses:i nterface Seriall/1 policy rou

25、ting mat匚hms: 2 pa匚kets, 628 byres(5) show ip policy 查看策略路由及作用的接口Rl#show ip poI1cyinterfaceRoute mapFa0/0typen.1 jxH实验任务三使用前缀列表实现下图所示功能。实验拓扑路由器R1和R3环回接口的子网掩码都是 24位。10.1 XS'O1 (J. s£.<Ja u10.3.0.0RJPV210.110.2.0.010.3,01010.4,0,1310 .C.G.0/3PR210.1O.Q.O1O 1 1 O O10.&.0.O10.9.0 O1 1O-S

26、.O OOSPFiocjo13.0 O10.10.0 込1-0 OJ10.0. 0/24OSPF10. 0. 0. B/3010. 1'6. 0. 0/24«10. 8'11. 0. 0/24实验内容及步骤1配置三台路由器的IP地址 2配置路由协议3配置路由重分发 4查看R1和R3路由表的信息，截图。RlffSHOW IP RauCodes: C - connected f 3 - Statd e(, R - R.IP, M - mobi 1 e j E 一 EGPD - EI<GRP P EX - EIGiRP *ternal Q - QSPF, 14 - O

27、SPF inter areaN1 - OSPF nssa external type 1, m2 - OSPF NSSA external type 2El - OSPF external type 1P E2 - OSPF external type 2i - IS-IS. 5U IS-IS summary. Ll - IS-I5 level -i. LZ I5-IS level-2 la - IS-IS Inter areap * - caindldaire default, U - per-us«static route - odr. p - pftriadlc dcmnloa

28、ded static sure：Gateway of last re?口厂t is not seti.1 巩 i j-flllM KTAR _R R R R R R 0,0.0/8 10PllB 01/32 10.10 01/32 10.9.0.1/32 10. Q. 0. S/ 30 10.6-0.1/3? 10.13,0.1/32 10.12,0.1/32 _10r2.00/24 is directly 10B 3.0.0/24 is directly 10. o.o.o/M is directly 10.1.0*0/24 Is directly 10,6.0+ Q/24 is direc

29、tly 10P4a0,0/24 is directly 10.5.0.0/24 B ，B 亠is variably subnettedF 14 subnets,. 3 masks 120/10 via 10.0.0.2. 00:00:12, Serial1/0 120/10 via 10B0L2. 00:00:12, Seri al 1/0 120/10 via io.0.0-2, 00:00:12, seriali/o '120/1 via iclclcl 為 m：oo：12, seriall/o 120/10 via 10亠0.CL 2. 00:00:12, Seriall/D 1

30、20/10 via 10.0,0.2, 00:00:12, Seriall/0 l?0/10 via 10.0.0.2. 00:00:12, Serial1/0 一 con n 絶 皀 cl. connected, connected, connected connected connected, connected.is directlyLoopback2 LD0pbaick3 serial 1/0 Loopbackl LoapbackiB Loopback4 LoopbackSR3*SH0W IP ROUcodes: 一 connecteds 5 - sraticr - iripb w -

31、 mobile b -d - eigrp F ex - EiiGRP external p o * ospf, - os PF inter areaN1 - 05PF NSSA external type 1B N2 - OSPF N5SA external type 2El 一 ospp external type 1P £2 - o-spf external type 2i - IS-I5, su - 15-15 summary, iLl - IS-IS level-1, L2 - IS-IS level-2 ia - 15-15 inter areaP * - candidat

32、e defauHtr U - per-wser static route o 一 odr p - periodic downloaded st<aiiic roureGateway of last resort is not siet2 2 2 2 2 2 2clUJEEEEEUj#3 3 Cr-CCCOOOOOOORR.o. o. o/a*”10.10,0T0/i4 is directly conrectedz LoupbacklO 10.11.0.0/24 is direculy connected.! Loopbaickll 10.8.0.0/24 is direct 1 y co

33、nnectedp Loopbacks 10i0.0.8/30 IS directly connected, Seriall/1 "y connectedLoopback9 ly connected, lv conrected.,10- CL CL% ZLD.D.O®. 10,0,0,9a 10 . CL CL *10. 0-0.5.10,0, 0.9,10. CL 0®is variably subnettedr 14 5ubners4 2 maskslo.g.o.0/24 1s direct! 10.12.0.0/24 is direcr 10.13, 0,0/

34、24 direct LO.2.D.O/Z4 r 110/2 00' 10.3.0.0/24 110/200n 10.0.0.0/30 110/200' LO.1.D.O/Z4 110/200' 10.6.0.0/24 110/200n 10.4.0.0/24 110/200' 10. S. 0.0/24 110/200':L via via via via via viaLoopbacklZ LQpbacklS 00：Da：28p 00:00;28, 000028, OC：Oa：28, 00:00;2S.QQ;0Q：29, serial1/1 00:00

35、:25, seriall/1Seriall/1Seriall/1 列211/1 5eriall/l Seriall/1RUN 5TA5在R2上配置前缀列表ip prefix-list pfxl permit 10.0.0.0/14 ge 24 le 24p prefix-list pfx2 permit 10.8.0.0/14 ge 32 注：OSPF是只识别32bit的子网掩码。思考还有没有其它前缀列表匹配命令6在R2上配置路由映射表，弓I用前缀列表route-map in to_ospf permit 10match ip address prefix-list pfx1route-map

36、 in to_rip permit 10match ip address prefix-list pfx27在R2上进行重分发时调用路由映射表，进行路由过滤。router ospf 1redistribute rip sub nets route-map in to_ospfrouter ripredistribute ospf 1 metric 5 route-map into rip8查看R1和R3路由表的信息，截图。cooes : c 一 connecrea ? 、 一 sxaT：icf k 一mi 一 mioci i e, u - bpD - eigrp, ex - eigrp ext

37、ernal, o - ospf, ia - ospf Inter areaN1 - OSpf nSsa external typ 1, N2 - O5PF nssa external type 2El - ospf external type 1, E2 - O5PF external type 2i - is-is, su - rs-is summary, Ll - is-is level-1, l2 - is-is level-2 ia - 15-15 inter area, « - candidate default, u - pmr-uwEr static rdutE - O

38、DR1 p - pariodic downloaded static routeGateway crF 1 ast resort is not set10.0,0.0/8只口 HRRLJ匚匸匚匚匸匚Rlis vmriably subnetted, 1210.10,0,0/34 120/31 via 10.0.0,2 10.11-0.0/24 120/5J Via 10.0.0,210.8.0.0/2410.0.0.8/3010.9. 0.0/2410.2.0.0/2410*3.0.0/2410.0.0.0/3010.1.0.0/2410.6.0.0/2410.4.0.0/2110*5.0.0/

39、24120/5 via'120AJ via.120/5 v1a10. 0. 0. 2,10-0.0.2.1 5151 Sisch r ectlydirectly 出 r ectly directlydirectlych r ectlyill；' i 1 y10. 0.0.2, connect eel, connected, connectedf connected, connected, connectedf connected.subnets, 2 masks00:00:03, seria.U/0 00:00:03, serial1/0 00:00:03, 左riall/0

40、00:00:03, Seri a11/0 00:00:03, Seriall/0LoopbacksLoopback3Seri all/OLoopbacklLoopbacksLoopback4LoopbacksR3#5hW ipOUCodies: C - EorHiBEtEhdI； S - static ft - ftlPp M - rwbilep E - BGPD - ieigrp4 ex - EIGR.P external B o - 05PFB ia - ospf inter ar 亠 qspf hssa 电xternal type 1. n2 - osff电nzm typeEL - O&

41、amp;pf external tyipe iB EZ - OSPF external type 21 - IS-IS, su - IS-TS surmary, Ll - 15-IS level-1 L2 - IS-I ia - is-is 1m er area, * - carididate d-efault f u - per-user s o - QD艮.P - periodic downloaded smile roureGateway of 1 ast re sort is irhot setcccccccooo10,0,0,0/8 is variably subnerredP 10 subrwTSB 2 rusks10,10,0,0/24 is diriectly connected, LcmpbacklOIO-11- 0- 0/24 "is dir