分类: 系统运维
2013-07-01 10:14:07
试验背景
紧接上一个实验,不需要清楚配置文件,我们要控制B1的.0/24网络访问B9,数据包长度在200byte以内的报文,在B4通过serial 0转发。
基本配置
原来已经有route-map:
B4#show route-map
route-map to-B9, permit, sequence 10
Match clauses:
ip address (access-lists): 10
Set clauses:
ip next-ho.3
Policy routing matches: 8 packets, 616 bytes
增加route-map条目,需要加上序号。
B4(config)#route-map to-B9 permit 20
B4(config-route-map)#match ip address 20
B4(config-route-map)#match length 0 200
B4(config-route-map)#set ip next-ho.3
B4(config)#access-list 20 permit .0 0.0.0.255
监视与测试配置
注意:以上序号20的route-map用了match指定条件,第一条地址源地址的条件,第二指定数据包的长度,这两个条件同时成立才会执行,以下验证:
B1#ping
Protocol [ip]:
Target IP address: .3
Repeat count [5]:
Datagram size [100]: //默认报文长度100byte
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: .1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to .3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/78/88 ms
查看B4的logging
icy routed
*Mar 1 01:50:43.931: IP: Serial1 to Serial0 .3
*Mar 1 01:50:43.995: IP: s=.1 (Serial1), d=3.3.3.3, len 100, policy match
*Mar 1 01:50:43.999: IP: route map to-B9, item 20, permit
*Mar 1 01:50:44.003: IP: s=.1 (Serial1), d=3.3.3.3 (Serial0), len 100, pol
icy routed
*Mar 1 01:50:44.007: IP: Serial1 to Serial0 .3
*Mar 1 01:50:44.071: IP: s=.1 (Serial1), d=3.3.3.3, len 100, policy match
*Mar 1 01:50:44.075: IP: route map to-B9, item 20, permit
*Mar 1 01:50:44.079: IP: s=.1 (Serial1), d=3.3.3.3 (Serial0), len 100, pol
icy routed
*Mar 1 01:50:44.083: IP: Serial1 to Serial0 .3
*Mar 1 01:50:44.159: IP: s=.1 (Serial1), d=3.3.3.3, len 100, policy match
*Mar 1 01:50:44.163: IP: route map to-B9, item 20, permit
下面该变数据包的长度:
B1#ping
Protocol [ip]:
Target IP address: .3
Repeat count [5]:
Datagram size [100]: 250 //数据包的长度为250
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: .1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 250-byte ICMP Echos to .3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 108/108/112 ms
查看B4的logging,可以看到没有符合的策略路由。将按转发正常路由转发。
*Mar 1 01:54:19.135: IP: s=.1 (Serial1), d=3.3.3.3 (Ethernet0), len 250,
policy rejected -- normal forwarding
*Mar 1 01:54:19.247: IP: s=.1 (Serial1), d=3.3.3.3 (Ethernet0), len 250,
policy rejected -- normal forwarding
*Mar 1 01:54:19.359: IP: s=.1 (Serial1), d=3.3.3.3 (Ethernet0), len 250,
policy rejected -- normal forwarding
*Mar 1 01:54:19.467: IP: s=.1 (Serial1), d=3.3.3.3 (Ethernet0), len 250,
policy rejected -- normal forwarding
*Mar 1 01:54:19.579: IP: s=.1 (Serial1), d=3.3.3.3 (Ethernet0), len 250,
policy rejected -- normal forwarding
*Mar 1 01:54:39.163: IP: s=.1 (Serial1), d=3.3.3.3 (Ethernet0), len 250, p
olicy rejected -- normal forwarding
*Mar 1 01:54:39.275: IP: s=.1 (Serial1), d=3.3.3.3 (Ethernet0), len 250, p
olicy rejected -- normal forwarding
*Mar 1 01:54:39.387: IP: s=.1 (Serial1), d=3.3.3.3 (Ethernet0), len 250, p
olicy rejected -- normal forwarding
*Mar 1 01:54:39.495: IP: s=.1 (Serial1), d=3.3.3.3 (Ethernet0), len 250, p
olicy rejected -- normal forwarding
*Mar 1 01:54:39.607: IP: s=.1 (Serial1), d=3.3.3.3 (Ethernet0), len 250, p
olicy rejected -- normal forwarding
