组网需求
如图1所示,汇聚层Switch做三层转发设备,接入层设备LSW做用户网关,接入层LSW和汇聚层Switch之间路由可达。汇聚层Switch通过两条链路连接到两个核心路由器上,一条是高速链路,网关为10.1.20.1/24;另外一条是低速链路,网关为10.1.30.1/24。
公司希望汇聚层Switch上送到核心层设备的报文中,源IP地址为192.168.100.0/24的报文通过高速链路传输,而源IP地址为192.168.101.0/24的报文则通过低速链路传输
配置思路
采用重定向方式实现策略路由,进而提供差分服务,具体配置思路如下:
- 创建VLAN并配置各接口,实现公司和外部网络设备互连。
- 配置ACL规则,分别匹配源IP地址为192.168.100.0/24和192.168.101.0/24的报文。
- 配置流分类,匹配规则为上述ACL规则,使设备可以对报文进行区分。
- 配置流行为,使满足不同规则的报文分别被重定向到10.1.20.1/24和10.1.30.1/24。
- 配置流策略,绑定上述流分类和流行为,并应用到接口GE0/0/3的入方向上,实现策略路由。
操作步骤
创建VLAN并配置各接口
# 在Switch上创建VLAN100和VLAN200。
[zhongwanzhiSW]vlan batch 100 200# 配置Switch上接口GE0/0/1、GE0/0/2和GE0/0/3的接口类型为Trunk,并加入VLAN100和VLAN200
[zhongwanzhiSW]interface GigabitEthernet 0/0/1
[zhongwanzhiSW-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 200
[zhongwanzhiSW-GigabitEthernet0/0/1]quit
[zhongwanzhiSW]interface GigabitEthernet 0/0/2
[zhongwanzhiSW-GigabitEthernet0/0/2]port link-type trunk
[zhongwanzhiSW-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 200
[zhongwanzhiSW-GigabitEthernet0/0/2]quit
[zhongwanzhiSW]interface GigabitEthernet 0/0/3
[zhongwanzhiSW-GigabitEthernet0/0/3]port link-type trunk
[zhongwanzhiSW-GigabitEthernet0/0/3]port trunk allow-pass vlan 100 200
[zhongwanzhiSW-GigabitEthernet0/0/3]quit# 创建VLANIF100和VLANIF200,并配置各虚拟接口IP地址
[zhongwanzhiSW]interface Vlanif 100
[zhongwanzhiSW-Vlanif100]ip address 10.1.20.2 24
[zhongwanzhiSW-Vlanif100]quit
[zhongwanzhiSW]interface Vlanif 200
[zhongwanzhiSW-Vlanif200]ip address 10.1.30.2 24
[zhongwanzhiSW-Vlanif200]quit配置ACL规则
# 在Switch上创建编码为3001、3002的高级ACL,规则分别为允许源IP地址为192.168.100.0/24和192.168.101.0/24的报文通过。
[zhongwanzhiSW]acl 3001
[zhongwanzhiSW-acl-adv-3001]rule permit ip source 192.168.100.0 0.0.0.255
[zhongwanzhiSW-acl-adv-3001]quit
[zhongwanzhiSW]acl 3002
[zhongwanzhiSW-acl-adv-3002]rule permit ip source 192.168.101.0 0.0.0.255
[zhongwanzhiSW-acl-adv-3002]quit配置流分类
在Switch上创建流分类c1、c2,匹配规则分别为ACL 3001和ACL 3002
[zhongwanzhiSW]traffic classifier c1 operator or
[zhongwanzhiSW-classifier-c1]if-match acl 3001
[zhongwanzhiSW-classifier-c1]quit
[zhongwanzhiSW]traffic classifier c2 operator or
[zhongwanzhiSW-classifier-c2]if-match acl 3002
[zhongwanzhiSW-classifier-c2]quit配置流行为
# 在Switch上创建流行为b1、b2,并分别指定重定向到10.1.20.1/24和10.1.30.1/24的动作。
[zhongwanzhiSW]traffic behavior b1
[zhongwanzhiSW-behavior-b1]redirect ip-nexthop 10.1.20.1
[zhongwanzhiSW-behavior-b1]quit
[zhongwanzhiSW]traffic behavior b2
[zhongwanzhiSW-behavior-b2]redirect ip-nexthop 10.1.30.1
[zhongwanzhiSW-behavior-b2]quit配置流策略并应用到接口上
# 在Switch上创建流策略p1,将流分类和对应的流行为进行绑定。
[zhongwanzhiSW]traffic policy p1
[zhongwanzhiSW-trafficpolicy-p1]classifier c1 behavior b1
[zhongwanzhiSW-trafficpolicy-p1]classifier c2 behavior b2
[zhongwanzhiSW-trafficpolicy-p1]quit# 将流策略p1应用到接口GE0/0/3的入方向上。
[zhongwanzhiSW]interface GigabitEthernet 0/0/3
[zhongwanzhiSW-GigabitEthernet0/0/3]traffic-policy p1 inbound
[zhongwanzhiSW-GigabitEthernet0/0/3]quit验证配置结果
# 查看ACL规则的配置信息。
[zhongwanzhiSW]display acl 3001
Advanced ACL 3001, 1 rule
Acl's step is 5rule 5 permit ip source 192.168.100.0 0.0.0.255 [zhongwanzhiSW]display acl 3002
Advanced ACL 3002, 1 rule
Acl's step is 5rule 5 permit ip source 192.168.101.0 0.0.0.25# 查看流分类的配置信息
[zhongwanzhiSW]display traffic classifier user-defined User Defined Classifier Information:Classifier: c2Operator: ORRule(s) : if-match acl 3002Classifier: c1Operator: ORRule(s) : if-match acl 3001Total classifier number is 2 # 查看流策略的配置信息。
[zhongwanzhiSW]display traffic policy user-defined p1User Defined Traffic Policy Information:Policy: p1Classifier: c1Operator: ORBehavior: b1Redirect: no forcedRedirect ip-nexthop10.1.20.1Classifier: c2Operator: ORBehavior: b2Redirect: no forcedRedirect ip-nexthop10.1.30.1
