1.拓扑图
链接:https://pan.baidu.com/s/1GXCf_s3rwuJl_cnajvGRhQ
提取码:8888
eNSP
链接:https://pan.baidu.com/s/1wP0vHim4yqVV0bc0wmzhFw
提取码:8888
PC1属于VLAN10;PC2属于VLAN20;网络中的交换机为三层交换机,其Vlanif10及Vlanif20作为VLAN10及VLAN20用户的网关,交换机使用VLAN100与R1对接,交换机使用VLAN200与R2对接,R1及R2右侧到达同一个目的网络。
2.需求
a.要求PC1所在子网的用户访问8.8.8.8时,流量被强制引导到R1上;
b. 要求PC2所在子网的用户访问8.8.8.8时,流量被强制引导到R2上;
3.PBR的配置:
#创建两个ACL,分别用来匹配PC1及PC2所在的网段:
[SW] acl number 2000
[SW-acl-basic-2000] rule permit source 192.168.10.0 0.0.0.255
[SW] acl number 2001
[SW-acl-basic-2001] rule permit source 192.168.20.0 0.0.0.255
#配置两个traffic分类,分别匹配上述两个ACL,实际上就是匹配PC1及PC2所在网段:
[SW] traffic classifier class1
[SW-classifier-class1] if-match acl 2000
[SW] traffic classifier class2
[SW-classifier-class2] if-match acl 2001
#配置两个traffic动作,分别修改下一跳地址为192.168.100.2及192.168.200.2:
[SW] traffic behavior be1
[SW-behavior-be1] redirect ip-nexthop 192.168.100.2
[SW] traffic behavior be2
[SW-behavior-be2] redirect ip-nexthop 192.168.200.2
#配置traffic策略,将class1流量与动作be1捆绑,将class2流量与be2捆绑:
[SW] traffic policy mypolicy
[SW-trafficpolicy-po] classifier class1 behavior be1
[SW-trafficpolicy-po] classifier class2 behavior be2
#在连接PC的接口上应用定义好的traffic policy:
[SW] interface GigabitEthernet0/0/1
[SW-GigabitEthernet0/0/1] traffic-policy mypolicy inbound
[SW] interface GigabitEthernet0/0/2
[SW-GigabitEthernet0/0/2] traffic-policy mypolicy inbound
4.SW1的配置
[SW1]display current-configuration
sysname SW1
vlan batch 10 20 100 200
acl number 2000
rule 5 permit source 192.168.10.0 0.0.0.255
acl number 2001
rule 5 permit source 192.168.20.0 0.0.0.255
traffic classifier class1 operator and
if-match acl 2000
traffic classifier class2 operator and
if-match acl 2001
traffic behavior be1
redirect ip-nexthop 192.168.100.2
traffic behavior be2
redirect ip-nexthop 192.168.200.2
traffic policy mypolicy
classifier class1 behavior be1
classifier class2 behavior be2
interface Vlanif10
ip address 192.168.10.254 255.255.255.0
interface Vlanif20
ip address 192.168.20.254 255.255.255.0
interface Vlanif100
ip address 192.168.100.1 255.255.255.0
interface Vlanif200
ip address 192.168.200.1 255.255.255.0
interface MEth0/0/1
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
traffic-policy mypolicy inbound
interface GigabitEthernet0/0/2
port link-type access
port default vlan 20
traffic-policy mypolicy inbound
interface GigabitEthernet0/0/3
port link-type access
port default vlan 100
interface GigabitEthernet0/0/4
port link-type access
port default vlan 200
return
[SW1]
5.R1的配置
[R1]display current-configuration
sysname R1
interface GigabitEthernet0/0/0
ip address 192.168.100.2 255.255.255.0
interface LoopBack0
ip address 8.8.8.8 255.255.255.255
ip route-static 0.0.0.0 0.0.0.0 192.168.100.1
return
6.R2的配置
[R2]display cu
sysname R2
interface GigabitEthernet0/0/0
ip address 192.168.200.2 255.255.255.0
interface LoopBack0
ip address 8.8.8.8 255.255.255.255
ip route-static 0.0.0.0 0.0.0.0 192.168.200.1
return
6.PC1 和 PC2 都能与8.8.8.8网段通讯
7.PC1的数据包按照traffic策略从192.168.100.2转发,PC2的数据按照traffic策略从192.168.200.2转发;当关闭R1或者R2时,由于策略中指定的下一条不存在所以ping不通。