华为路由器配置实例:策略路由配置例子来源: 发布时间:星期日, 2008年12月14日 浏览:61次 评论:0
问题描述 您可以定义自己 ![]() ![]() ![]() ![]() 您可以学到如何使用基于策略 ![]() ![]() ![]() 在具体 ![]() ![]() ![]() ☆ 基于源IP地址 ![]() ☆ 基于数据包大小 ![]() ☆ 基于应用 ![]() ☆ 通过缺省路由平衡负载 这里 ![]() ![]() ![]() ![]() 举例 在这个例子中 ![]() ![]() ![]() .255.0/24子网地址 ![]() 下面 ![]() ![]() ![]() ![]() ![]() 里 ![]() ![]() ![]() ![]() ![]() ![]() 配置如下: ! ip nat pool net-10 172.16.255.1 172.16.255.254 prefix-length 24 ip nat inside source list 1 pool net-10 ! ![]() ip address 172.16.20.2 255.255.255.0 ip nat outside ! ![]() ip address 172.16.39.2 255.255.255.0 ip nat inside ! router eigrp 1 redistribute ![]() network 172.16.0.0 default-metric 10000 100 255 1 1500 ! ip route 172.16.255.0 255.255.255.0 Null0 access-list 1 permit 10.0.0.0 0.255.255.255 ! end 在我们 ![]() ![]() ![]() P数据包被发送到防火墙去 ![]() ![]() ![]() 10.0.0.0/8网络来 ![]() ![]() ![]() ![]() ![]() ![]() ![]() 下: ! ![]() ip address 172.16.187.3 255.255.255.0 no ip directed-broadcast ! ![]() ip address 172.16.39.3 255.255.255.0 no ip directed-broadcast ! ![]() ip address 172.16.79.3 255.255.255.0 no ip directed-broadcast ip policy route-map net-10 ! router eigrp 1 network 172.16.0.0 ! access-list 110 permit ip 10.0.0.0 0.255.255.255 172.16.36.0 0.0.0.255 access-list 111 permit ip 10.0.0.0 0.255.255.255 any ! route-map net-10 permit 10 match ip address 111 ![]() ![]() ! route-map net-10 permit 20 ! end 我们可以这样测试我们所做 ![]() ![]() ![]() 令到Internet上 ![]() ![]() ![]() ![]() ![]() ![]() ![]() 其中 ![]() ![]() 结果: Results of ping from Cisco-1 to 192.1.1.1/ ![]() outer: Pakcet never makes it to Internet_Router 正如您所看到 ![]() ![]() ![]() 由器上 ![]() Debug commands run from Cisco_WAN_Router: "debug ip policy" 2d15h: IP: s=10.1.1.1 (Ethernet3/0), d=192.1.1.1, len 100, policy match 2d15h: IP: route map net-10, item 10, permit 2d15h: IP: s=10.1.1.1 (Ethernet3/0), d=192.1.1.1 (Ethernet0/1), len 100, policy routed 2d15h: IP: Ethernet3/0 to Ethernet0/1 192.1.1.1 这里 ![]() ![]() ![]() ![]() 期 ![]() ![]() ![]() ![]() "debug arp" 2d15h: IP ARP: sent req src 172.16.39.3 0010.7bcf.5b02, dst 192.1.1.1 0000.0000.0000 Ethernet0/1 2d15h: IP ARP rep filtered src 192.1.1.1 00e0.b064.243d, dst 172.16.39.3 0010.7bcf.5b02 wrong cable, ![]() debug arp ![]() ![]() ![]() ![]() 据包发向Ethernet0/1接口 ![]() ![]() ![]() 析操作 ![]() ![]() ![]() ![]() ![]() 发生封装 ![]() ![]() ![]() ![]() 我们怎样避免这个问题呢?修改路由图使防火墙地址为下 ![]() ![]() Config changed _disibledevent=192.1.1.1 (Ethernet0/1), len 100, policy routed 2d15h: IP: Ethernet3/0 to Ethernet0/1 172.16.39.2 0
相关文章读者评论发表评论 |