关于本实验:本实验主要介绍了路由选择工具ACL和IP-Prefix的配置,路由引入的配置以及路由策略的配置方法及注意事项。
实验目的:掌握路由选择工具的配置方法,路由策略与策略路由的配置与注意事项。
实验组网介绍:
实验规划:
某公司网络如实验拓扑所示,公司总部运行OSPF协议,分部运行ISIS协议,总部和分部中各有若干业务网段,其中奇数网段为业务A网段,偶数网段为业务B网段,请根据如下需求对网络进行部署:
1)按照拓扑分别搭建总部OSPF网络与分部ISIS网络,并尽量减少OSPF Area 1中设备需要维护的路由条目(不做路由聚合);
2)网络管理员在R1上将ISIS路由引入到OSPF中,在R2上将OSPF路由引入到ISIS中,并通过适当调测使得业务网段间能够正常通信;
3)为了避免由于总部与分部网络间单点故障而造成的断网,网络管理员在R1、R2上部署双向引入,并通过适当调测使得业务网段间能够正常通信;
4)在总部网络中,使得总部网段A和B业务各使用一条链路以实现负载(不能使用路由策略);
| 设备 | 接口 | IP地址 | 子网掩码 |
| R1 | G 0/0/0 | 13.1.1.1 | 255.255.255.252 |
| G 0/0/1 | 41.1.1.2 | 255.255.255.252 | |
| Loopback 0 | 1.1.1.1 | 255.255.255.255 | |
| R2 | G 0/0/0 | 23.1.1.1 | 255.255.255.252 |
| G 0/0/1 | 42.1.1.2 | 255.255.255.252 | |
| Loopback 0 | 2.2.2.2 | 255.255.255.255 | |
| R3 | G 0/0/0 | 13.1.1.2 | 255.255.255.252 |
| G 0/0/1 | 23.1.1.2 | 255.255.255.252 | |
| Loopback 0 | 3.3.3.3 | 255.255.255.255 | |
| R4 | G 0/0/0 | 41.1.1.1 | 255.255.255.252 |
| G 0/0/1 | 42.1.1.1 | 255.255.255.252 | |
| S 1/0/0 | 54.1.1.2 | 255.255.255.252 | |
| S 1/0/1 | 54.2.2.2 | 255.255.255.252 | |
| Loopback 0 | 4.4.4.4 | 255.255.255.255 | |
| R5 | S 1/0/0 | 54.1.1.1 | 255.255.255.252 |
| S 1/0/1 | 54.2.2.1 | 255.255.255.252 | |
| Loopback 0 | 5.5.5.5 | 255.255.255.255 |
- 配置步骤
- 1 配置各接口IP地址
#配置R5
<Quidway>system-view
[Quidway]sysname R5
[R5]interface Serial 1/0/0
[R5-Serial1/0/0]ip address 54.1.1.1 30
[R5]interface Serial 1/0/1
[R5-Serial1/0/1]ip address 54.2.2.1 30
[R5]interface LoopBack 0
[R5-LoopBack0]ip address 5.5.5.5 32
[R5]interface LoopBack 1
[R5-LoopBack1]ip address 172.16.0.1 24
[R5]interface LoopBack 2
[R5-LoopBack2]ip address 172.16.1.1 24
[R5]interface LoopBack 3
[R5-LoopBack3]ip address 172.16.2.1 24
[R5]interface LoopBack 4
[R5-LoopBack4]ip address 172.16.3.1 24
#配置R4
<Quidway>system-view
[Quidway]sysname R4
[R4]interface Serial 1/0/0
[R4-Serial1/0/0]ip address 54.1.1.2 30
[R4]interface Serial 1/0/1
[R4-Serial1/0/1]ip address 54.2.2.2 30
[R4]interface LoopBack 0
[R4-LoopBack0]ip address 4.4.4.4 32
[R4]interface GigabitEthernet 0/0/0
[R4-GigabitEthernet0/0/0]ip address 41.1.1.1 30
[R4]interface GigabitEthernet 0/0/1
[R4-GigabitEthernet0/0/1]ip address 42.1.1.1 30
#配置R1
<Quidway>system-view
[Quidway]sysname R1
[R1]interface GigabitEthernet 0/0/1
[R1-GigabitEthernet0/0/1]ip address 41.1.1.2 30
[R1]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]ip address 13.1.1.1 30
[R1]interface LoopBack 0
[R1-LoopBack0]ip address 1.1.1.1 32
#配置R2
<Quidway>system-view
[Quidway]sysname R2
[R2]interface GigabitEthernet 0/0/1
[R2-GigabitEthernet0/0/1]ip address 42.1.1.2 30
[R2]interface GigabitEthernet 0/0/0
[R2-GigabitEthernet0/0/0]ip address 23.1.1.1 30
[R2]interface LoopBack 0
[R2-LoopBack0]ip address 2.2.2.2 32
#配置R3
<Quidway>system-view
[Quidway]sysname R3
[R3]interface GigabitEthernet 0/0/1
[R3-GigabitEthernet0/0/1]ip address 23.1.1.2 30
[R3]interface GigabitEthernet 0/0/0
[R3-GigabitEthernet0/0/0]ip address 13.1.1.2 30
[R3]interface LoopBack 0
[R3-LoopBack0]ip address 3.3.3.3 32
[R3]interface LoopBack 1
[R3-LoopBack1]ip address 192.168.1.1 24
[R3]interface LoopBack 2
[R3-LoopBack2]ip address 192.168.2.1 24
[R3]interface LoopBack 3
[R3-LoopBack3]ip address 192.168.3.1 24
[R3]interface LoopBack 4
[R3-LoopBack4]ip address 192.168.4.1 24
- 2 配置OSPF
#配置R5
[R5]ospf 1 router-id 5.5.5.5
[R5-ospf-1]area 1
[R5-ospf-1-area-0.0.0.1]network 5.5.5.5 0.0.0.0
[R5-ospf-1-area-0.0.0.1]network 54.1.1.0 0.0.0.3
[R5-ospf-1-area-0.0.0.1]network 54.2.2.0 0.0.0.3
[R5]ip ip-prefix r5 permit 172.16.0.0 16 greater-equal 24 less-equal 24
[R5]route-policy r5 permit node 10
[R5-route-policy]if-match ip-prefix r5
[R5]ospf 1
[R5-ospf-1]import-route direct route-policy r5
#配置R4
[R4]ospf 1 router-id 4.4.4.4
[R4-ospf-1]area 1
[R4-ospf-1-area-0.0.0.1]network 54.1.1.0 0.0.0.3
[R4-ospf-1-area-0.0.0.1]network 54.2.2.0 0.0.0.3
[R4-ospf-1]area 0
[R4-ospf-1-area-0.0.0.0]network 41.1.1.0 0.0.0.3
[R4-ospf-1-area-0.0.0.0]network 42.1.1.0 0.0.0.3
[R4-ospf-1-area-0.0.0.0]network 4.4.4.4 0.0.0.0
#配置R1
[R1]ospf 1 router-id 1.1.1.1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0
[R1-ospf-1-area-0.0.0.0]network 41.1.1.0 0.0.0.3
#配置R2
[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]network 42.1.1.0 0.0.0.3
- 3 配置ISIS
#配置R1
[R1]isis 1
[R1-isis-1]network-entity 49.0010.0100.1001.00
[R1-isis-1]is-level level-2
[R1-isis-1]cost-style wide
[R1]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]isis enable 1
[R1]interface LoopBack 0
[R1-LoopBack0]isis enable 1
#配置R2
[R2]isis 1
[R2-isis-1]network-entity 49.0020.0200.2002.00
[R2-isis-1]is-level level-2
[R2-isis-1]cost-style wide
[R2]interface GigabitEthernet 0/0/0
[R2-GigabitEthernet0/0/0]isis enable 1
[R2]interface LoopBack 0
[R2-LoopBack0]isis enable 1
#配置R3
[R3]isis 1
[R3-isis-1]network-entity 49.0030.0300.3003.00
[R3-isis-1]is-level level-2
[R3-isis-1]cost-style wide
[R3]interface GigabitEthernet 0/0/0
[R3-GigabitEthernet0/0/0]isis enable 1
[R3]interface GigabitEthernet 0/0/1
[R3-GigabitEthernet0/0/1]isis enable 1
[R3]interface LoopBack 0
[R3-LoopBack0]isis enable 1
[R3]interface LoopBack 1
[R3-LoopBack1]isis enable 1
[R3]interface LoopBack 2
[R3-LoopBack2]isis enable 1
[R3]interface LoopBack 3
[R3-LoopBack3]isis enable 1
[R3]interface LoopBack 4
[R3-LoopBack4]isis enable 1
- 4 配置任务一
#配置R4
[R4]ospf 1
[R4-ospf-1]area 1
[R4-ospf-1-area-0.0.0.1]nssa no-summary
#配置R5
[R5]ospf 1
[R5-ospf-1]area 1
[R5-ospf-1-area-0.0.0.1]nssa
- 5 配置任务二
#配置R1
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 172.16.0.0 0.0.0.255
[R1-acl-basic-2000]rule permit source 172.16.1.0 0.0.0.255
[R1-acl-basic-2000]rule permit source 172.16.2.0 0.0.0.255
[R1-acl-basic-2000]rule permit source 172.16.3.0 0.0.0.255
[R1]acl 2001
[R1-acl-basic-2001]rule permit source 192.168.1.0 0.0.0.255
[R1-acl-basic-2001]rule permit source 192.168.2.0 0.0.0.255
[R1-acl-basic-2001]rule permit source 192.168.3.0 0.0.0.255
[R1-acl-basic-2001]rule permit source 192.168.4.0 0.0.0.255
[R1]route-policy I2O permit node 10
[R1-route-policy]if-match acl 2001
[R1]ospf
[R1-ospf-1]import-route isis route-policy I2O
#配置R2
[R2]acl 2000
[R2-acl-basic-2000]rule permit source 172.16.0.0 0.0.0.255
[R2-acl-basic-2000]rule permit source 172.16.1.0 0.0.0.255
[R2-acl-basic-2000]rule permit source 172.16.2.0 0.0.0.255
[R2-acl-basic-2000]rule permit source 172.16.3.0 0.0.0.255
[R2]acl 2001
[R2-acl-basic-2001]rule permit source 192.168.1.0 0.0.0.255
[R2-acl-basic-2001]rule permit source 192.168.2.0 0.0.0.255
[R2-acl-basic-2001]rule permit source 192.168.3.0 0.0.0.255
[R2-acl-basic-2001]rule permit source 192.168.4.0 0.0.0.255
[R2]route-policy O2I permit node 10
[R2-route-policy]if-match acl 2000
[R2]isis 1
[R2-isis-1]import-route ospf route-policy O2I
#配置R1
[R1]route-policy ase permit node 10
[R1-route-policy]if-match acl 2000
[R1-route-policy]apply preference 13
[R1]ospf 1
[R1-ospf-1]preference ase route-policy ase 150
- 6 配置任务三
#配置R1
[R1]route-policy I2O deny node 5
[R1-route-policy]if-match tag 100
[R1]route-policy I2O permit node 10
[R1-route-policy]apply tag 200
[R1]route-policy O2I deny node 5
[R1-route-policy]if-match tag 300
[R1]route-policy O2I permit node 10
[R1-route-policy]apply tag 400
[R1]isis 1
[R1-isis-1]import-route ospf route-policy O2I
#配置R2
[R2]route-policy O2I deny node 5
[R2-route-policy]if-match tag 200
[R2]route-policy O2I permit node 10
[R2-route-policy]apply tag 100
[R2]route-policy I2O deny node 5
[R2-route-policy]if-match tag 400
[R2]route-policy I2O permit node 10
[R2-route-policy]apply tag 300
[R2]ospf 1
[R2-ospf-1]import-route isis route-policy I2O
#配置R2
[R2]route-policy ase permit node 10
[R2-route-policy]if-match acl 2000
[R2-route-policy]apply preference 13
[R2]ospf 1
[R2-ospf-1]preference ase route-policy ase 150
- 7 配置任务四
#配置R5
[R5]ip local policy-based-route test
[R5]acl 2000
[R5-acl-basic-2000]rule permit source 172.16.0.0 0.0.0.255
[R5-acl-basic-2000]rule permit source 172.16.2.0 0.0.0.255
[R5]acl 2001
[R5-acl-basic-2001]rule permit source 172.16.1.0 0.0.0.255
[R5-acl-basic-2001]rule permit source 172.16.3.0 0.0.0.255
[R5]policy-based-route test permit node 10
[R5-policy-based-route-test-10]if-match acl 2000
[R5-policy-based-route-test-10]apply output-interface Serial 1/0/0
[R5]policy-based-route test permit node 20
[R5-policy-based-route-test-20]if-match acl 2001
[R5-policy-based-route-test-20]apply output-interface Serial 1/0/1
![[3] Jenkins 系列:如何获取出发Jenkins Job的用户信息?](https://img-blog.csdnimg.cn/f2263dfd15ef4e40b8717839a414c356.png)
