当前位置：首页 > news >正文

综合实验：DHCP、VLAN、NAT、BDF、策略路由等

news 2025/9/2 9:49:54

掩码与反掩码总结

使用掩码的场景：IP地址强相关
- 场景一：IP地址配置 ip address 192.168.1.1 255.255.255.0 或 ip address192.168.1.1 24
- 场景二：DHCP配置network 192.168.1.0 mask 255.255.255.0 或network 192.168.1.0 mask 24
使用反掩码的场景
- 场景一:ACL rule 10 permit source 192.168.1.1 0 或 rule 10 permit source 192.168.1.1 0.0.0.0
  rule 10 permit source 192.168.1.0 0.0.0.255
- 场景二：OSPF路由宣告
- network 192.168.1.0 0.0.0.255 //宣告192.168.1.0网段
RIP路由宣告不需要掩码或反掩码，宣告主类网络（ABC类主类IP地址掩码分别为/8/16/24）：
- network 10.0.0.0
- network 172.16.0.0
- network 192.168.1.0

综合实验

1.拓扑图

外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传

配置VLAN

配置truck口
<acsw>
<acsw>sys
[acsw]interface GigabitEthernet 0/0/3
[acsw-GigabitEthernet0/0/3]port link-type ?access        Access portdot1q-tunnel  QinQ porthybrid        Hybrid porttrunk         Trunk port[acsw-GigabitEthernet0/0/3]port link-type trunk 
[acsw-GigabitEthernet0/0/3]port trunk allow-pass vlan ?INTEGER<1-4094>  VLAN IDall              All[acsw-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 20

<Huawei>sys
[Huawei]sysname acsw
[acsw]undo info-center enable 
批量创建VLAN
[acsw]vlan batch 10 20
[acsw]dis vlan summary 
[acsw]
进入VLAN10视图
[acsw]interface Vlanif 10
配置VLAN10的IP地址网关
[acsw-Vlanif10]ip address 192.168.10.254 24
[acsw-Vlanif10]q
进入VLAN20视图
[acsw]interface Vlanif 20
配置VLAN20的IP地址网关
[acsw-Vlanif20]ip address 192.168.20.254 24
[acsw-Vlanif20]q
进入接口视图
[acsw]int g0/0/1
配置接口类型
[acsw-GigabitEthernet0/0/1]port link-type access 
配置接口默认VLAN
[acsw-GigabitEthernet0/0/1]port default vlan 10[acsw-GigabitEthernet0/0/1]int g0/0/2
[acsw-GigabitEthernet0/0/2]port link-type access 
[acsw-GigabitEthernet0/0/2]port default vlan 20
[acsw-GigabitEthernet0/0/2]q
[acsw]q
<acsw>save
<acsw>ping 192.168.10.1<acsw>dis ip routing-table 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: PublicDestinations : 6        Routes : 6        Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0192.168.10.0/24  Direct  0    0           D   192.168.10.254  Vlanif10192.168.10.254/32  Direct  0    0           D   127.0.0.1       Vlanif10192.168.20.0/24  Direct  0    0           D   192.168.20.254  Vlanif20192.168.20.254/32  Direct  0    0           D   127.0.0.1       Vlanif20<acsw>

测试PC1和PC2是否连通。

2.DHCP配置（自己做实验时在接入交换机配置）

基于接口的DHCP配置

<acsw>sys
[acsw]dhcp enable
[acsw]interface Vlanif 10
[acsw-Vlanif10]dhcp select interface 
[acsw-Vlanif10]dhcp server dns-list 8.8.8.8
[acsw-Vlanif10]dhcp server excluded-ip-address 192.168.10.11 192.168.10.252
[acsw-Vlanif10]dhcp server lease day 30
[acsw-Vlanif10]display this
#
interface Vlanif10ip address 192.168.10.254 255.255.255.0dhcp select interfacedhcp server excluded-ip-address 192.168.10.11 192.168.10.253dhcp server lease day 30 hour 0 minute 0dhcp server dns-list 8.8.8.8
#
return
[acsw-Vlanif10]

查看PC1的地址信息
PC>ipconfig /renewIP ConfigurationLink local IPv6 address...........: fe80::5689:98ff:fe9a:822
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.10.10
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.10.254
Physical address..................: 54-89-98-9A-08-22
DNS server........................: 8.8.8.8

基于全局的DHCP配置

<acsw>sys
[acsw]interface Vlanif 20
[acsw-Vlanif20]dhcp select global 
[acsw-Vlanif20]q
[acsw]ip pool 20
Info:It's successful to create an IP address pool.
[acsw-ip-pool-20]network 192.168.20.0 mask 24
[acsw-ip-pool-20]gateway-list 192.168.20.254
[acsw-ip-pool-20]dns-list 8.8.8.8
[acsw-ip-pool-20]lease 30
[acsw-ip-pool-20]excluded-ip-address 192.168.20.11 192.168.20.253
[acsw-ip-pool-20]q
[acsw]interface Vlanif 20
[acsw-Vlanif20]dis this
#
interface Vlanif20ip address 192.168.20.254 255.255.255.0dhcp select global
#
return
[acsw-Vlanif20]

查看PC2的IP信息
PC>ipconfigLink local IPv6 address...........: fe80::5689:98ff:fe3c:6cdd
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.20.10
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.20.254
Physical address..................: 54-89-98-3C-6C-DD
DNS server........................: 8.8.8.8

3.DHCP配置（课程是在核心交换机中配置）

配置truck口
<Huawei>system-view 
[Huawei]sysname coresw
[coresw]undo info-center enable 
[coresw]vlan batch 10 20 30
[coresw]int g0/0/1
[coresw-GigabitEthernet0/0/1]port link-type trunk 
[coresw-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20
[coresw-GigabitEthernet0/0/1]q

配置VLAN
[coresw]interface vlan	
[coresw]interface Vlanif 10
[coresw-Vlanif10]ip address 192.168.10.254 24
[coresw-Vlanif10]int vlan 20
[coresw-Vlanif20]ip add 192.168.20.254 24
[coresw-Vlanif20]int vlan 30
[coresw-Vlanif30]ip add 192.168.30.254 24
[coresw-Vlanif30]

删除acsw的DHCP配置<acsw>sys
Enter system view, return user view with Ctrl+Z.
[acsw]int vlan 10
[acsw-Vlanif10]undo dhcp select interface 
[acsw-Vlanif10]q[acsw]int vlan 20
[acsw-Vlanif20]undo dhcp select global 
[acsw-Vlanif20]q

配置DHCP
[coresw]dhcp enable 
[coresw]ip pool vlan10
[coresw-ip-pool-vlan10]network 192.168.10.0 mask 24
[coresw-ip-pool-vlan10]gateway-list 8.8.8.8
[coresw-ip-pool-vlan10]lease day 30
[coresw-ip-pool-vlan10]excluded-ip-address 192.168.10.2 192.168.10.253
[coresw-ip-pool-vlan10]q
[coresw]int vlanif 10
[coresw-Vlanif10]dhcp select global 
[coresw-Vlanif10]q<coresw>system-view 
[coresw]ip pool vlan20
[coresw-ip-pool-vlan20]network 192.168.20.0 mask 24
[coresw-ip-pool-vlan20]gateway-list 192.168.20.254
[coresw-ip-pool-vlan20]dns-list 8.8.8.8
[coresw-ip-pool-vlan20]lease day 30
[coresw-ip-pool-vlan20]excluded-ip-address 192.168.20.2 192.168.20.253
[coresw-ip-pool-vlan20]q
[coresw]int vlanif 20
[coresw-Vlanif20]dhcp select global 
[coresw-Vlanif20]q

PC1获得的新IP地址PC>ipconfig /renewIP ConfigurationLink local IPv6 address...........: fe80::5689:98ff:fe9a:822
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.10.1
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.10.254
Physical address..................: 54-89-98-9A-08-22
DNS server........................: 8.8.8.8

PC2获得的新IP地址
PC>ipconfig /renewIP ConfigurationLink local IPv6 address...........: fe80::5689:98ff:fe3c:6cdd
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.20.1
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.20.254
Physical address..................: 54-89-98-3C-6C-DD
DNS server........................: 8.8.8.8

PC1 ping PC2的通信过程是怎样的？

1.PC1判断目的IP是否在同一个网段。

192.168.10.1 ping 192.168.20.1的原理

192.168.20.1 /24 = 192.168.20.0

192.168.10.1/24 = 192.168.10.0

判断不在同一个网段，扔给网关（核心交换机）作判断，查询路由表dis ip routing-table

2.PC2进行回包。

原理同上。

4.配置出口路由器（router)

4.1配置出口路由器IP地址

在核心交换机中进行配置：
[coresw]int g0/0/2
[coresw-GigabitEthernet0/0/2]port link-type access 
[coresw-GigabitEthernet0/0/2]port default vlan 30
[coresw-GigabitEthernet0/0/2]q[coresw]int vlan 30
[coresw-Vlanif30]ip add 192.168.30.254 24

在router中配置IP地址
[router]int g0/0/0
[router-GigabitEthernet0/0/0]ip add 192.168.30.3 24
[router-GigabitEthernet0/0/0]int g0/0/1
[router-GigabitEthernet0/0/1]ip add 12.1.1.3 24
[router-GigabitEthernet0/0/1]int g0/0/2
[router-GigabitEthernet0/0/2]ip add 23.1.1.3 24
[router-GigabitEthernet0/0/2]q

测试一下直连
[coresw]ping 192.168.30.254PING 192.168.30.254: 56  data bytes, press CTRL_C to breakReply from 192.168.30.254: bytes=56 Sequence=1 ttl=255 time=10 ms

5.连通路由器和核心交换机

在PC1中ping 192.168.30.3 报文可以到达router 但是没有回去的路由，下面查看router和核心交换机的路由表

查看router的路由表:没有10.0和20.0网段的路由<router>dis ip routing-table 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: PublicDestinations : 13       Routes : 13       Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface12.1.1.0/24  Direct  0    0           D   12.1.1.3        GigabitEthernet
0/0/112.1.1.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/112.1.1.255/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/123.1.1.0/24  Direct  0    0           D   23.1.1.3        GigabitEthernet
0/0/223.1.1.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/223.1.1.255/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/2127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0192.168.30.0/24  Direct  0    0           D   192.168.30.3    GigabitEthernet
0/0/0192.168.30.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/0192.168.30.255/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/0
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0

核心交换机的路由表：[coresw]dis ip routing-table 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: PublicDestinations : 8        Routes : 8        Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0192.168.10.0/24  Direct  0    0           D   192.168.10.254  Vlanif10192.168.10.254/32  Direct  0    0           D   127.0.0.1       Vlanif10192.168.20.0/24  Direct  0    0           D   192.168.20.254  Vlanif20192.168.20.254/32  Direct  0    0           D   127.0.0.1       Vlanif20192.168.30.0/24  Direct  0    0           D   192.168.30.254  Vlanif30192.168.30.254/32  Direct  0    0           D   127.0.0.1       Vlanif30

方法一：在router中配置静态路由
[router]ip route-static 192.168.10.0 24 192.168.30.254
[router]ip route-static 192.168.20.0 24 192.168.30.254[router]dis ip routing-table 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: PublicDestinations : 14       Routes : 14       Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface12.1.1.0/24  Direct  0    0           D   12.1.1.3        GigabitEthernet
0/0/112.1.1.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/112.1.1.255/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/123.1.1.0/24  Direct  0    0           D   23.1.1.3        GigabitEthernet
0/0/223.1.1.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/223.1.1.255/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/2127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0192.168.10.0/24  Static  60   0          RD   192.168.30.254  GigabitEthernet
0/0/0192.168.30.0/24  Direct  0    0           D   192.168.30.3    GigabitEthernet
0/0/0192.168.30.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/0192.168.30.255/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/0
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0

方法二：使用动态路由之RIP
先删除之前的静态路由
[router]undo ip route-static 192.168.10.0 24 192.168.30.254
在出口路由器中配置
[router]rip 1
[router-rip-1]version 2
[router-rip-1]network 192.168.30.0 在核心交换机中配置
[coresw]rip
[coresw-rip-1]version 2
[coresw-rip-1]network 192.168.10.0
[coresw-rip-1]network 192.168.20.0
[coresw-rip-1]network 192.168.30.0
[coresw-rip-1]q

测试：PC>ping 192.168.30.3Ping 192.168.30.3: 32 data bytes, Press Ctrl_C to break
From 192.168.30.3: bytes=32 seq=1 ttl=254 time=63 ms
From 192.168.30.3: bytes=32 seq=2 ttl=254 time=78 ms

数据通信的本质就是有路由信息

方法三：使用动态路由之OSPF
先删除之前的RIP配置
[router]undo rip 1
Warning: The RIP process will be deleted. Continue?[Y/N]y
[router][coresw]undo rip 1
Warning: The RIP process will be deleted. Continue?[Y/N]y
[coresw]配置OSPF
1.核心交换机配置OSPF
[coresw]ospf
[coresw-ospf-1]area 0
[coresw-ospf-1-area-0.0.0.0]network 192.168.10.0 0.0.0.255
[coresw-ospf-1-area-0.0.0.0]network 192.168.20.0 0.0.0.255
[coresw-ospf-1-area-0.0.0.0]network 192.168.30.0 0.0.0.255
[coresw-ospf-1-area-0.0.0.0]q2.在出口路由器上配置OSPF
[router]ospf 1
[router-ospf-1]area 0
[router-ospf-1-area-0.0.0.0]network 192.168.30.0 0.0.0.255
[router-ospf-1-area-0.0.0.0]q[router]dis ospf peer brief OSPF Process 1 with Router ID 192.168.30.3Peer Statistic Information----------------------------------------------------------------------------Area Id          Interface                        Neighbor id      State    0.0.0.0          GigabitEthernet0/0/0             192.168.10.254   Full        ----------------------------------------------------------------------------
[router]

在PC中测试
PC>ping 192.168.30.3 -tPing 192.168.30.3: 32 data bytes, Press Ctrl_C to break
From 192.168.30.3: bytes=32 seq=1 ttl=254 time=63 ms
From 192.168.30.3: bytes=32 seq=2 ttl=254 time=62 ms

经过上述的配置，内外部分已经配置完成。

6.配置外网部分

6.1.配置IP地址

配置电信dianxin的IP地址
<Huawei>sys
[Huawei]undo info-center enable 
[Huawei]sysname dianxin
[dianxin]int g0/0/0
[dianxin-GigabitEthernet0/0/0]ip add 12.1.1.1 24
[dianxin-GigabitEthernet0/0/0]int g0/0/1
[dianxin-GigabitEthernet0/0/1]ip add 100.1.1.1 24
[dianxin-GigabitEthernet0/0/1]q
配置测试地址，回环口
[dianxin]int LoopBack 0
[dianxin-LoopBack0]ip add 1.1.1.1 24
[dianxin-LoopBack0]q

配置联通liantong的IP地址
<Huawei>sys
[Huawei]sysname liantong
[liantong]int g0/0/0
[liantong-GigabitEthernet0/0/0]ip add 23.1.1.2 24
[liantong-GigabitEthernet0/0/0]int g0/0/1
[liantong-GigabitEthernet0/0/1]ip add 100.1.1.2 24
[liantong-GigabitEthernet0/0/1]q[liantong]int LoopBack 0
[liantong-LoopBack0]ip add 2.2.2.2 24
[liantong-LoopBack0]q

配置完毕之后测试直连是否连通。

6.2配置电信、联通之间的路由

实现彼此之间能学到路由信息

通过RIP协议实现路由自动学习
[dianxin]rip
[dianxin-rip-1]version 2
[dianxin-rip-1]network 100.0.0.0
[dianxin-rip-1]network 12.0.0.0
[dianxin-rip-1]undo network 2.0.0.0
[dianxin-rip-1]network 1.0.0.0
[dianxin-rip-1]q

[liantong]rip 1
[liantong-rip-1]ver 2
[liantong-rip-1]net 100.0.0.0
[liantong-rip-1]network 23.0.0.0
[liantong-rip-1]network 2.0.0.0
[liantong-rip-1]q

6.3配置NAT

在出口路由器上配置
[router]acl 2000
[router-acl-basic-2000]rule 10 permit source 192.168.10.0 0.0.0.255
[router-acl-basic-2000]rule 20 permit source 192.168.20.0 0.0.0.255
[router-acl-basic-2000]q
[router]int g0/0/1
[router-GigabitEthernet0/0/1]nat outbound 2000
[router-GigabitEthernet0/0/1]int g0/0/2
[router-GigabitEthernet0/0/2]nat outbound 2000
[router-GigabitEthernet0/0/2]q

测试：PC>ping 1.1.1.1Ping 1.1.1.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
Request timeout!不通的原因：
在核心交换机中查询路由信息，没有1.1.1.1的路由
<coresw>dis ip routing-table 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: PublicDestinations : 8        Routes : 8        Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0192.168.10.0/24  Direct  0    0           D   192.168.10.254  Vlanif10192.168.10.254/32  Direct  0    0           D   127.0.0.1       Vlanif10192.168.20.0/24  Direct  0    0           D   192.168.20.254  Vlanif20192.168.20.254/32  Direct  0    0           D   127.0.0.1       Vlanif20192.168.30.0/24  Direct  0    0           D   192.168.30.254  Vlanif30192.168.30.254/32  Direct  0    0           D   127.0.0.1       Vlanif30

解决方案第一步：在核心交换机配置静态路由
[coresw]ip route-static 0.0.0.0 0 192.168.30.3

测试之后还是不通，查看出口路由表，没有1.1.1.1的路由信息<router>dis ip routing-table 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: PublicDestinations : 15       Routes : 15       Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface12.1.1.0/24  Direct  0    0           D   12.1.1.3        GigabitEthernet0/0/112.1.1.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/112.1.1.255/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/123.1.1.0/24  Direct  0    0           D   23.1.1.3        GigabitEthernet0/0/223.1.1.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/223.1.1.255/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/2127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
192.168.10.0/24  OSPF    10   2           D   192.168.30.254  GigabitEthernet0/0/0192.168.20.0/24  OSPF    10   2           D   192.168.30.254  GigabitEthernet0/0/0192.168.30.0/24  Direct  0    0           D   192.168.30.3    GigabitEthernet0/0/0192.168.30.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0192.168.30.255/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0<router>

在出口路由器配置静态路由，默认优先级是60，修改成50更加优先，默认走dianxin这条路由
[router]ip route-static 0.0.0.0 0 12.1.1.1 preference 50
[router]ip route-static 0.0.0.0 0 23.1.1.2[router]dis ip routing-table 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: PublicDestinations : 16       Routes : 16       Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface0.0.0.0/0   Static  50   0          RD   12.1.1.1        GigabitEthernet0/0/112.1.1.0/24  Direct  0    0           D   12.1.1.3        GigabitEthernet0/0/112.1.1.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/112.1.1.255/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/123.1.1.0/24  Direct  0    0           D   23.1.1.3        GigabitEthernet0/0/223.1.1.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/223.1.1.255/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/2127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0192.168.10.0/24  OSPF    10   2           D   192.168.30.254  GigabitEthernet0/0/0192.168.20.0/24  OSPF    10   2           D   192.168.30.254  GigabitEthernet0/0/0192.168.30.0/24  Direct  0    0           D   192.168.30.3    GigabitEthernet0/0/0192.168.30.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0192.168.30.255/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0

测试之后：PC>ping 1.1.1.1 -tPing 1.1.1.1: 32 data bytes, Press Ctrl_C to break
From 1.1.1.1: bytes=32 seq=1 ttl=253 time=62 ms
From 1.1.1.1: bytes=32 seq=2 ttl=253 time=47 ms
From 1.1.1.1: bytes=32 seq=3 ttl=253 time=62 ms

6.4配置BFD监测

在出口路由器配置
[router]bfd
[router-bfd]q	
[router]bfd dianxin bind peer-ip 12.1.1.1 source-ip 12.1.1.3 ?auto  Auto-negotiate discriminator<cr>  Please press ENTER to execute command 
[router]bfd dianxin bind peer-ip 12.1.1.1 source-ip 12.1.1.3 auto
[router-bfd-session-dianxin]q

模拟器不支持单边监测，需要配置双边
[dianxin]bfd
[dianxin-bfd]q
[dianxin]bfd dianxin bind peer-ip 12.1.1.3 source-ip 12.1.1.1 auto 
[dianxin-bfd-session-dianxin]q[dianxin]dis bfd session all 
--------------------------------------------------------------------------------
Local Remote     PeerIpAddr      State     Type        InterfaceName            
--------------------------------------------------------------------------------8192  8192       12.1.1.3        Up        S_AUTO_PEER       -                  
--------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0

在出口路由器进行跟踪
[router]ip route-static 0.0.0.0 0 12.1.1.1 preference 50 track bfd-session dianxin[router]dis ip routing-table 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: PublicDestinations : 16       Routes : 16       Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface0.0.0.0/0   Static  50   0          RD   12.1.1.1        GigabitEthernet0/0/112.1.1.0/24  Direct  0    0           D   12.1.1.3        GigabitEthernet0/0/112.1.1.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/112.1.1.255/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/123.1.1.0/24  Direct  0    0           D   23.1.1.3        GigabitEthernet0/0/223.1.1.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/223.1.1.255/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/2127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0192.168.10.0/24  OSPF    10   2           D   192.168.30.254  GigabitEthernet0/0/0192.168.20.0/24  OSPF    10   2           D   192.168.30.254  GigabitEthernet0/0/0192.168.30.0/24  Direct  0    0           D   192.168.30.3    GigabitEthernet0/0/0192.168.30.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0192.168.30.255/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0

在PC上测试PC>tracert 1.1.1.1traceroute to 1.1.1.1, 8 hops max
(ICMP), press Ctrl+C to stop1  192.168.10.254   32 ms  47 ms  46 ms2    *  *  *3  1.1.1.1   63 ms  62 ms  63 msPC>tracert 2.2.2.2traceroute to 2.2.2.2, 8 hops max
(ICMP), press Ctrl+C to stop1  192.168.10.254   47 ms  31 ms  47 ms2    *  *  *3  12.1.1.1   62 ms  63 ms  62 ms4  2.2.2.2   78 ms  94 ms  63 ms

修改IP地址之后，状况BFD状态变为down
[dianxin]int g0/0/0
[dianxin-GigabitEthernet0/0/0]ip add 12.1.1.100 24
[dianxin-GigabitEthernet0/0/0]q[dianxin]dis bfd session all
--------------------------------------------------------------------------------
Local Remote     PeerIpAddr      State     Type        InterfaceName            
--------------------------------------------------------------------------------8192  0          12.1.1.3        Down      S_AUTO_PEER       -                  
--------------------------------------------------------------------------------Total UP/DOWN Session Number : 0/1

出口路由器路由表改变，优先级为60的静态路由信息
[router]dis ip routing-table 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: PublicDestinations : 17       Routes : 16       Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface0.0.0.0/0   Static  60   0          RD   23.1.1.2        GigabitEthernet0/0/212.1.1.0/24  Direct  0    0           D   12.1.1.3        GigabitEthernet0/0/112.1.1.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/1

在PC上测试
PC>tracert 1.1.1.1traceroute to 1.1.1.1, 8 hops max
(ICMP), press Ctrl+C to stop1  192.168.10.254   31 ms  32 ms  47 ms2    *  *  *3  23.1.1.2   46 ms  79 ms  62 ms4  1.1.1.1   78 ms  94 ms  62 msPC>tracert 2.2.2.2traceroute to 2.2.2.2, 8 hops max
(ICMP), press Ctrl+C to stop1  192.168.10.254   31 ms  47 ms  31 ms2    *  *  *3  2.2.2.2   47 ms  94 ms  62 ms

恢复配置
[dianxin-GigabitEthernet0/0/0]ip add 12.1.1.1 24
[dianxin-GigabitEthernet0/0/0]q[dianxin]dis bfd session all 
--------------------------------------------------------------------------------
Local Remote     PeerIpAddr      State     Type        InterfaceName            
--------------------------------------------------------------------------------8192  8192       12.1.1.3        Up        S_AUTO_PEER       -                  
--------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0

[router]undo ip route-static 0.0.0.0 0 23.1.1.2
[router]undo ip route-static 0.0.0.0 0 12.1.1.1

7.策略路由配置

场景2：教学楼流量走电信出口，宿舍楼流量走联通出口。

场景3：访问电信的服务器走电信出口，访问联通的服务器走联通出口。

7.1配置场景2

步骤1：配置ACL，匹配流量

[router]acl 2010
[router-acl-basic-2010]rule 10 permit source 192.168.10.0 0.0.0.255
[router-acl-basic-2010]acl 2020
[router-acl-basic-2020]rule 10 permit source 192.168.20.0 0.0.0.255
[router-acl-basic-2020]q

步骤2：流分类

[router]traffic cla	
[router]traffic classifier ?STRING<1-31>  Name of classifier
[router]traffic classifier jiaoxue
[router-classifier-jiaoxue]if-match acl 2010
[router-classifier-jiaoxue]q
[router]traffic classifier sushe
[router-classifier-sushe]if-match acl 2020
[router-classifier-sushe]q

步骤3：流行为

[router]traffic behavior ?STRING<1-31>  Name of behavior
[router]traffic behavior re-dianxin
[router-behavior-re-dianxin]redirect ip-nexthop 12.1.1.1
[router-behavior-re-dianxin]q
[router]traffic behavior re-liantong
[router-behavior-re-liantong]redirect ip-nexthop 23.1.1.2
[router-behavior-re-liantong]q

步骤4：流策略

[router]traffic policy p
[router-trafficpolicy-p]classifier jiaoxue behavior re-dianxin
[router-trafficpolicy-p]classifier sushe behavior re-liantong

步骤5：入接口应用策略路由

[router]int g0/0/1
[router-GigabitEthernet0/0/1]traffic-policy p inbound

在PC上测试，结果不通，下面配置出错
#
interface GigabitEthernet0/0/1ip address 12.1.1.3 255.255.255.0 traffic-policy p inboundnat outbound 2000删除相应的配置[router]int g0/0/1
[router-GigabitEthernet0/0/1]undo traffic-policy inbound
[router-GigabitEthernet0/0/1]q

重新配置：换一个接口
[router]int g0/0/0
[router-GigabitEthernet0/0/0]traffic-policy p inbound 
[router-GigabitEthernet0/0/0]q

PC1重新测试：
PC>tracert 1.1.1.1traceroute to 1.1.1.1, 8 hops max
(ICMP), press Ctrl+C to stop1  192.168.10.254   47 ms  31 ms  47 ms2    *  *  *3  1.1.1.1   63 ms  62 ms  63 msPC>tracert 2.2.2.2traceroute to 2.2.2.2, 8 hops max
(ICMP), press Ctrl+C to stop1  192.168.10.254   46 ms  47 ms  47 ms2    *  *  *3  12.1.1.1   47 ms  63 ms  78 ms4  2.2.2.2   93 ms  94 ms  63 ms

PC2测试：
PC>tracert 1.1.1.1traceroute to 1.1.1.1, 8 hops max
(ICMP), press Ctrl+C to stop1  192.168.20.254   31 ms  47 ms  31 ms2    *  *  *3  23.1.1.2   78 ms  94 ms  63 ms4  1.1.1.1   78 ms  94 ms  62 msPC>tracert 2.2.2.2traceroute to 2.2.2.2, 8 hops max
(ICMP), press Ctrl+C to stop1  192.168.20.254   47 ms  63 ms  47 ms2    *  *  *3  2.2.2.2   62 ms  63 ms  62 ms

7.2配置场景3

本实验与场景2高度雷同，唯一不同的是，ACL基于目的地址进行匹配，那么需要高级ACL。

步骤1：配置ACL，匹配流量

[router]acl 3010
匹配任意源地址去往电信服务器1.1.1.1的流量
[router-acl-adv-3010]rule 10 permit ip source any destination 1.1.1.0 0.0.0.255
[router-acl-adv-3010]acl 3020
匹配任意源地址去往联通服务器2.2.2.2的流量
[router-acl-adv-3020]rule 10 permit ip source any destination 2.2.2.0 0.0.0.255
[router-acl-adv-3020]q

其他配置与场景2配置一样

查看全文

http://www.dtcms.com/a/361810.html