【案例分享】路由策略典型配置
发布作者:微思网络 发布时间:2022-07-20 浏览量:0次
组网需求: Router A与Router B通信,都运行RIP协议。 使能Router A上的RIP协议,配置三条静态路由。 设置在引入静态路由时应用路由策略,使三条静态路由部分引入、部分被屏蔽掉——20.1.1.1/32和40.1.1.1/32网段的路由是可见的,30.1.1.1/32网段的路由则被屏蔽。 通过在Router B上查看RIP路由表,验证路由策略是否生效。 组网图: 图1-2 在RIP中引入静态路由时应用路由策略配置举例 配置步骤: (1)配置Router A (2)配置Router B 验证配置: 组网需求: Router B与Router A之间通过OSPF协议交换路由信息,与Router C之间通过IS-IS协议交换路由信息。 要求在Router B上配置路由引入,将IS-IS路由引入到OSPF中去,并同时使用路由策略设置路由的属性。其中,设置172.17.1.0/24的路由的开销为100,设置172.17.2.0/24的路由的Tag属性为20。 组网图: 图1-3 在OSPF中引入IS-IS路由时应用路由策略配置组网图 配置步骤: (1)配置各接口的IP地址(略) (2)配置IS-IS路由协议 (3)配置OSPF路由协议及路由引入 (4)配置过滤列表 (5)配置路由策略 (6)在路由引入时应用路由策略 组网需求: Router A与Router B通信,都运行RIPng协议。 使能Router A上的RIPng协议,配置三条静态路由。 设置在引入静态路由时应用路由策略,使三条静态路由部分引入、部分被屏蔽掉——20::/32和40::/32网段的路由是可见的,30::/32网段的路由则被屏蔽。 通过在Router B上查看RIPng路由表,验证路由策略是否生效。 组网图: 图1-4 在IPv6路由引入中应用路由策略配置组网图 配置步骤: (1)配置Router A (2)配置Router B 验证配置:# 配置接口GigabitEthernet1/0/1和GigabitEthernet1/0/2的IP地址。
<RouterA> system-view
[RouterA] interface gigabitethernet 1/0/1
[RouterA-GigabitEthernet1/0/1] ip address 10.1.1.1 30
[RouterA-GigabitEthernet1/0/1] quit
[RouterA] interface gigabitethernet 1/0/2
[RouterA-GigabitEthernet1/0/2] ip address 11.1.1.1 30
[RouterA-GigabitEthernet1/0/2] quit
# 在接口GigabitEthernet1/0/1下使能RIP。
[RouterA] interface gigabitethernet 1/0/1
[RouterA-GigabitEthernet1/0/1] rip 1 enable
[RouterA-GigabitEthernet1/0/1] quit
# 配置三条静态路由,其下一跳为11.1.1.2,保证静态路由为active状态。
[RouterA] ip route-static 20.1.1.1 32 11.1.1.2
[RouterA] ip route-static 30.1.1.1 32 11.1.1.2
[RouterA] ip route-static 40.1.1.1 32 11.1.1.2
# 配置路由策略。
[RouterA] ip prefix-list a index 10 permit 30.1.1.1 32
[RouterA] route-policy static2rip deny node 0
[RouterA-route-policy-static2rip-0] if-match ip address prefix-list a
[RouterA-route-policy-static2rip-0] quit
[RouterA] route-policy static2rip permit node 10
[RouterA-route-policy-static2rip-10] quit
# 启动RIP协议,同时应用路由策略static2rip对引入的静态路由进行过滤。
[RouterA] rip
[RouterA-rip-1] import-route static route-policy static2ri# 配置接口GigabitEthernet1/0/1的IP地址。
<RouterB> system-view
[RouterB] interface gigabitethernet 1/0/1
[RouterB-GigabitEthernet1/0/1] ip address 10.1.1.2 30
# 启动RIP协议。
[RouterB] rip
[RouterB-rip-1] quit
# 在接口下使能RIP。
[RouterB] interface gigabitethernet 1/0/1
[RouterB-GigabitEthernet1/0/1] rip 1 enable
[RouterB-GigabitEthernet1/0/1] qui# 查看Router B的RIP路由表。
<Sysname> display ip routing-table
Destinations : 14 Routes : 14
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
10.1.1.0/30 Direct 0 0 10.1.1.2 GE1/0/1
10.1.1.0/32 Direct 0 0 10.1.1.2 GE1/0/1
10.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
10.1.1.3/32 Direct 0 0 10.1.1.2 GE1/0/1
20.0.0.0/8 RIP 100 1 10.1.1.1 GE1/0/1
40.0.0.0/8 RIP 100 1 10.1.1.1 GE1/0/1
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop# 配置Router C。
<RouterC> system-view
[RouterC] isis
[RouterC-isis-1] is-level level-2
[RouterC-isis-1] network-entity 10.0000.0000.0001.00
[RouterC-isis-1] quit
[RouterC] interface gigabitethernet 1/0/1
[RouterC-GigabitEthernet1/0/1] isis enable
[RouterC-GigabitEthernet1/0/1] quit
[RouterC] interface gigabitethernet 1/0/2
[RouterC-GigabitEthernet1/0/2] isis enable
[RouterC-GigabitEthernet1/0/2] quit
[RouterC] interface gigabitethernet 1/0/3
[RouterC-GigabitEthernet1/0/3] isis enable
[RouterC-GigabitEthernet1/0/3] quit
[RouterC] interface gigabitethernet 1/0/4
[RouterC-GigabitEthernet1/0/4] isis enable
[RouterC-GigabitEthernet1/0/4] quit
# 配置Router B。
<RouterB> system-view
[RouterB] isis
[RouterB-isis-1] is-level level-2
[RouterB-isis-1] network-entity 10.0000.0000.0002.00
[RouterB-isis-1] quit
[RouterB] interface gigabitethernet 1/0/2
[RouterB-GigabitEthernet1/0/2] isis enable
[RouterB-GigabitEthernet1/0/2] qui# 配置Router A,启动OSPF。
<RouterA> system-view
[RouterA] ospf
[RouterA-ospf-1] area 0
[RouterA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[RouterA-ospf-1-area-0.0.0.0] quit
[RouterA-ospf-1] quit
# 配置RouterB,启动OSPF,并引入IS-IS路由。
[RouterB] ospf
[RouterB-ospf-1] area 0
[RouterB-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[RouterB-ospf-1-area-0.0.0.0] quit
[RouterB-ospf-1] import-route isis 1
[RouterB-ospf-1] quit
# 查看Router A的OSPF路由表,可以看到引入的路由。
[RouterA] display ospf routing
OSPF Process 1 with Router ID 192.168.1.1
Routing Tables
Routing for Network
Destination Cost Type NextHop AdvRouter Area
192.168.1.0/24 1 Transit 192.168.1.1 192.168.1.1 0.0.0.0
Routing for ASEs
Destination Cost Type Tag NextHop AdvRouter
172.17.1.0/24 1 Type2 1 192.168.1.2 192.168.2.2
172.17.2.0/24 1 Type2 1 192.168.1.2 192.168.2.2
172.17.3.0/24 1 Type2 1 192.168.1.2 192.168.2.2
Total Nets: 4
Intra Area: 1 Inter Area: 0 ASE: 3 NSSA: # 配置编号为2002的基本ACL,允许172.17.2.0/24的路由通过。
[RouterB] acl basic 2002
[RouterB-acl-ipv4-basic-2002] rule permit source 172.17.2.0 0.0.0.255
[RouterB-acl-ipv4-basic-2002] quit
# 配置名为prefix-a的地址前缀列表,允许172.17.1.0/24的路由通过。
[RouterB] ip prefix-list prefix-a index 10 permit 172.17.1.0 2[RouterB] route-policy isis2ospf permit node 10
[RouterB-route-policy-isis2ospf-10] if-match ip address prefix-list prefix-a
[RouterB-route-policy-isis2ospf-10] apply cost 100
[RouterB-route-policy-isis2ospf-10] quit
[RouterB] route-policy isis2ospf permit node 20
[RouterB-route-policy-isis2ospf-20] if-match ip address acl 2002
[RouterB-route-policy-isis2ospf-20] apply tag 20
[RouterB-route-policy-isis2ospf-20] quit
[RouterB] route-policy isis2ospf permit node 30
[RouterB-route-policy-isis2ospf-30] qui# 配置Router B,设置在路由引入时应用路由策略。
[RouterB] ospf
[RouterB-ospf-1] import-route isis 1 route-policy isis2ospf
[RouterB-ospf-1] quit
# 查看Router A的OSPF路由表,可以看到目的地址为172.17.1.0/24的路由的开销为100,目的地址为172.17.2.0/24的路由的标记域(Tag)为20,而其他外部路由没有变化。
[RouterA] display ospf routing
OSPF Process 1 with Router ID 192.168.1.1
Routing Tables
Routing for Network
Destination Cost Type NextHop AdvRouter Area
192.168.1.0/24 1 Transit 192.168.1.1 192.168.1.1 0.0.0.0
Routing for ASEs
Destination Cost Type Tag NextHop AdvRouter
172.17.1.0/24 100 Type2 1 192.168.1.2 192.168.2.2
172.17.2.0/24 1 Type2 20 192.168.1.2 192.168.2.2
172.17.3.0/24 1 Type2 1 192.168.1.2 192.168.2.2
Total Nets: 4
Intra Area: 1 Inter Area: 0 ASE: 3 NSSA: # 配置接口GigabitEthernet1/0/1和GigabitEthernet1/0/2的IPv6地址。
<RouterA> system-view
[RouterA] interface gigabitethernet 1/0/1
[RouterA-GigabitEthernet1/0/1] ipv6 address 10::1 32
[RouterA-GigabitEthernet1/0/1] quit
[RouterA] interface gigabitethernet 1/0/2
[RouterA-GigabitEthernet1/0/2] ipv6 address 11::1 32
[RouterA-GigabitEthernet1/0/2] quit
# 在接口GigabitEthernet1/0/1下使能RIPng。
[RouterA] interface gigabitethernet 1/0/1
[RouterA-GigabitEthernet1/0/1] ripng 1 enable
[RouterA-GigabitEthernet1/0/1] quit
# 配置三条静态路由,其下一跳为11::2,保证静态路由为active状态。
[RouterA] ipv6 route-static 20:: 32 11::2
[RouterA] ipv6 route-static 30:: 32 11::2
[RouterA] ipv6 route-static 40:: 32 11::2
# 配置路由策略。
[RouterA] ipv6 prefix-list a index 10 permit 30:: 32
[RouterA] route-policy static2ripng deny node 0
[RouterA-route-policy-static2ripng-0] if-match ipv6 address prefix-list a
[RouterA-route-policy-static2ripng-0] quit
[RouterA] route-policy static2ripng permit node 10
[RouterA-route-policy-static2ripng-10] quit
# 启动RIPng协议,同时应用路由策略static2ripng对引入的静态路由进行过滤。
[RouterA] ripng
[RouterA-ripng-1] import-route static route-policy static2ripn# 配置接口GigabitEthernet1/0/1的IPv6地址。
<RouterB> system-view
[RouterB] interface gigabitethernet 1/0/1
[RouterB-GigabitEthernet1/0/1] ipv6 address 10::2 32
# 启动RIPng协议。
[RouterB] ripng
[RouterB-ripng-1] quit
# 在接口下使能RIPng。
[RouterB] interface gigabitethernet 1/0/1
[RouterB-GigabitEthernet1/0/1] ripng 1 enable
[RouterB-GigabitEthernet1/0/1] qui# 配置接口GigabitEthernet1/0/1的IPv6地址。
<RouterB> system-view
[RouterB] interface gigabitethernet 1/0/1
[RouterB-GigabitEthernet1/0/1] ipv6 address 10::2 32
# 启动RIPng协议。
[RouterB] ripng
[RouterB-ripng-1] quit
# 在接口下使能RIPng。
[RouterB] interface gigabitethernet 1/0/1
[RouterB-GigabitEthernet1/0/1] ripng 1 enable
[RouterB-GigabitEthernet1/0/1] quit
# 查看Router B的RIPng路由表。
[RouterB] display ripng 1 route
Route Flags: A - Aging, S - Suppressed, G - Garbage-collect
----------------------------------------------------------------
Peer FE80::7D58:0:CA03:1 on GigabitEthernet1/0/1
Destination 20::/32,
via FE80::7D58:0:CA03:1, cost 1, tag 0, A, 8 secs
Destination 40::/32,
via FE80::7D58:0:CA03:1, cost 1, tag 0, A, 3 secs
Local route
Destination 10::/32,
via ::, cost 0, tag 0, DOF
