组网需求
如图1所示,汇聚层Switch做三层转发设备,接入层设备LSW做用户网关,接入层LSW和汇聚层Switch之间路由可达。汇聚层Switch通过两条链路连接到两个核心路由器上,一条是高速链路,网关为10.1.20.1/24;另外一条是低速链路,网关为10.1.30.1/24。
公司希望汇聚层Switch上送到核心层设备的报文中,源IP地址为192.168.100.0/24的报文通过高速链路传输,而源IP地址为192.168.101.0/24的报文则通过低速链路传输。
配置思路
采用重定向方式实现策略路由,进而提供差分服务,具体配置思路如下:
- 创建VLAN并配置各接口,实现公司和外部网络设备互连。
- 配置ACL规则,分别匹配源IP地址为192.168.100.0/24和192.168.101.0/24的报文。
- 配置流分类,匹配规则为上述ACL规则,使设备可以对报文进行区分。
- 配置流行为,使满足不同规则的报文分别被重定向到10.1.20.1/24和10.1.30.1/24。
- 配置流策略,绑定上述流分类和流行为,并应用到接口GE0/0/3的入方向上,实现策略路由
操作步骤
创建VLAN并配置各接口
# 在Switch上创建VLAN100和VLAN200。
[zhongwanzhisw]vlan batch 100 200# 配置Switch上接口GE0/0/1、GE0/0/2和GE0/0/3的接口类型为Trunk,并加入VLAN100和VLAN200。
[zhongwanzhisw]interface GigabitEthernet 0/0/1
[zhongwanzhisw-GigabitEthernet0/0/1]port link-type trunk
[zhongwanzhisw-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 200
[zhongwanzhisw-GigabitEthernet0/0/1]quit
[zhongwanzhisw]interface GigabitEthernet 0/0/2
[zhongwanzhisw-GigabitEthernet0/0/2]port link-type trunk
[zhongwanzhisw-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 200
[zhongwanzhisw-GigabitEthernet0/0/2]quit
[zhongwanzhisw]interface GigabitEthernet 0/0/3
[zhongwanzhisw-GigabitEthernet0/0/3]port link-type trunk
[zhongwanzhisw-GigabitEthernet0/0/3]port trunk allow-pass vlan 100 200
[zhongwanzhisw-GigabitEthernet0/0/3]quit# 创建VLANIF100和VLANIF200,并配置各虚拟接口IP地址。
[zhongwanzhisw]interface Vlanif 100
[zhongwanzhisw-Vlanif100]ip address 10.1.20.2 24
[zhongwanzhisw-Vlanif100]quit
[zhongwanzhisw]interface Vlanif 200
[zhongwanzhisw-Vlanif200]ip address 10.1.30.2 24
[zhongwanzhisw-Vlanif200]quit配置ACL规则
# 在Switch上创建编码为3001、3002的高级ACL,规则分别为允许源IP地址为192.168.100.0/24和192.168.101.0/24的报文通过。
[zhongwanzhisw]acl 3001
[zhongwanzhisw-acl-adv-3001]rule permit ip source 192.168.100.0 0.0.0.255
[zhongwanzhisw-acl-adv-3001]quit
[zhongwanzhisw]acl 3002
[zhongwanzhisw-acl-adv-3002]rule permit ip source 192.168.101.0 0.0.0.255
[zhongwanzhisw-acl-adv-3002]quit配置流分类
在Switch上
创建流分类c1、c2,匹配规则分别为ACL 3001和ACL 3002。
[zhongwanzhisw]traffic classifier c1 operator or
[zhongwanzhisw-classifier-c1]if-match acl 3001
[zhongwanzhisw-classifier-c1]quit
[zhongwanzhisw]traffic classifier c2 operator or
[zhongwanzhisw-classifier-c2]if-match acl 3002
[zhongwanzhisw-classifier-c2]quit配置流行为
# 在Switch上创建流行为b1、b2,并分别指定重定向到10.1.20.1/24和10.1.30.1/24的动作
[zhongwanzhisw]traffic behavior b1
[zhongwanzhisw-behavior-b1]redirect ip-nexthop 10.1.20.1
[zhongwanzhisw-behavior-b1]quit
[zhongwanzhisw]traffic behavior b2
[zhongwanzhisw-behavior-b2]redirect ip-nexthop 10.1.30.1
[zhongwanzhisw-behavior-b2]quit配置流策略并应用到接口上
# 在Switch上创建流策略p1,将流分类和对应的流行为进行绑定。
[zhongwanzhisw]traffic policy p1
[zhongwanzhisw-trafficpolicy-p1]classifier c1 behavior b1
[zhongwanzhisw-trafficpolicy-p1]classifier c2 behavior b2
[zhongwanzhisw-trafficpolicy-p1]quit# 将流策略p1应用到接口GE0/0/3的入方向上。
[zhongwanzhisw]interface GigabitEthernet 0/0/3
[zhongwanzhisw-GigabitEthernet0/0/3]traffic-policy p1 inbound
[zhongwanzhisw-GigabitEthernet0/0/3]return 验证配置结果
# 查看ACL规则的配置信息。
<zhongwanzhisw>display acl 3001
Advanced ACL 3001, 1 rule
Acl's step is 5
rule 5 permit ip source 192.168.100.0 0.0.0.255
<zhongwanzhisw>display acl 3002
Advanced ACL 3002, 1 rule
Acl's step is 5
rule 5 permit ip source 192.168.101.0 0.0.0.255
<zhongwanzhisw># 查看流分类的配置信息
<zhongwanzhisw>display traffic classifier user-defined
User Defined Classifier Information:
Classifier: c2
Operator: OR
Rule(s) : if-match acl 3002
Classifier: c1
Operator: OR
Rule(s) : if-match acl 3001
Total classifier number is 2
<zhongwanzhisw># 查看流策略的配置信息。
<zhongwanzhisw>display traffic policy user-defined p1
User Defined Traffic Policy Information:
Policy: p1
Classifier: c1
Operator: OR
Behavior: b1
Redirect: no forced
Redirect ip-nexthop
10.1.20.1
Classifier: c2
Operator: OR
Behavior: b2
Redirect: no forced
Redirect ip-nexthop
10.1.30.1
<zhongwanzhisw>
