拓扑图
1.接入交换机acsw配置VLAN
交换机命名acsw
批量创建VLAN10、20
g0/0/1 vlan 10 access
g0/0/2 vlan 20 access
g0/0/3 trunk 允许所有VLAN通过,不用all,只允许VLAN 10 20 也是一样的
<Huawei>
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]sysname acsw
[acsw]vlan batch 10 20
Info: This operation may take a few seconds. Please wait for a moment...done.
[acsw]interface gigabitether 0/0/1
[acsw-GigabitEthernet0/0/1]port link-type access
[acsw-GigabitEthernet0/0/1]port default vlan 10
[acsw-GigabitEthernet0/0/1]quit
[acsw]interface gigabitether 0/0/2
[acsw-GigabitEthernet0/0/2]port link-type access
[acsw-GigabitEthernet0/0/2]port default vlan 20
[acsw-GigabitEthernet0/0/2]quit
[acsw]interface gigabitether 0/0/3
[acsw-GigabitEthernet0/0/3]port link-type trunk
[acsw-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[acsw-GigabitEthernet0/0/3]quit
[acsw]2.核心交换机coresw配置
交换机命名corew
开启DHCP
批量创建VLAN
设置两个VLAN的网关地址
创建两个DHCP地址池、设置主类网络、指向网关、dns、租期、不分配的地址排除了2-253所以自动分配只有.1的地址
设置DHCP基于全局
核心交换机g0/0/1接口trunk设置
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]sysname coresw
[coresw]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[coresw]vlan batch 10 20 30
Info: This operation may take a few seconds. Please wait for a moment...done.
[coresw]interface vlanif 10
[coresw-Vlanif10]ip address 192.168.10.254 24
[coresw-Vlanif10]quit
[coresw]interface vlanif 20
[coresw-Vlanif20]ip address 192.168.20.254 24
[coresw-Vlanif20]quit
[coresw]ip pool 10
Info:It's successful to create an IP address pool.
[coresw-ip-pool-10]network 192.168.10.0 mask 24
[coresw-ip-pool-10]gateway-list 192.168.10.254
[coresw-ip-pool-10]dns-list 114.114.114.114
[coresw-ip-pool-10]lease day 8
[coresw-ip-pool-10]excluded-ip-address 192.168.10.2 192.168.10.253
[coresw-ip-pool-10]quit
[coresw]
[coresw]ip pool 20
Info:It's successful to create an IP address pool.
[coresw-ip-pool-20]network 192.168.20.0 mask 24
[coresw-ip-pool-20]gateway-list 192.168.20.254
[coresw-ip-pool-20]dns-list 8.8.8.8
[coresw-ip-pool-20]lease day 8
[coresw-ip-pool-20]excluded-ip-address 192.168.20.2 192.168.20.253
[coresw-ip-pool-20]quit
[coresw]interface vlanif 10
[coresw-Vlanif10]dhcp select global
[coresw-Vlanif10]quit
[coresw]interface vlanif 20
[coresw-Vlanif20]dhcp select global
[coresw-Vlanif20]quit
[coresw]
[coresw]interface gigabitether 0/0/1
[coresw-GigabitEthernet0/0/1]port link-type trunk
[coresw-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[coresw-GigabitEthernet0/0/1]quit
[coresw]3.开启PC1、2的DHCP功能获取地址
PC1
PC>ipconfig
Link local IPv6 address...........: fe80::5689:98ff:fe28:70f9
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.10.1
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.10.254
Physical address..................: 54-89-98-28-70-F9
DNS server........................: 114.114.114.114PC2
PC>ipconfig
Link local IPv6 address...........: fe80::5689:98ff:fe74:7408
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.20.1
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.20.254
Physical address..................: 54-89-98-74-74-08
DNS server........................: 8.8.8.8
并且PC1、2已经可以互通了
4.核心交换机coresw配置
华为模拟器交换机不支持直接给接口配置IP地址,所以用VLAN30来互联
[coresw]interface gigabitether 0/0/2
[coresw-GigabitEthernet0/0/2]port link-type access
[coresw-GigabitEthernet0/0/2]port default vlan 30
[coresw-GigabitEthernet0/0/2]quit
[coresw]interface vlanif 30
[coresw-Vlanif30]ip address 192.168.30.254 24
[coresw-Vlanif30]quit
[coresw]
5.route路由器配置回程路由
设备命名
接口配置地址
测试是否相通
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]sysname route
[route]interface gigabitether 0/0/0
[route-GigabitEthernet0/0/0]ip address 192.168.30.3 24
[route-GigabitEthernet0/0/0]quit
[route]ping 192.168.30.254
PING 192.168.30.254: 56 data bytes, press CTRL_C to break
Reply from 192.168.30.254: bytes=56 Sequence=1 ttl=255 time=80 ms
Reply from 192.168.30.254: bytes=56 Sequence=2 ttl=255 time=40 ms
Reply from 192.168.30.254: bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 192.168.30.254: bytes=56 Sequence=4 ttl=255 time=30 ms
Reply from 192.168.30.254: bytes=56 Sequence=5 ttl=255 time=20 ms
--- 192.168.30.254 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/40/80 ms
[route]route和coresw通了,但是和教学楼和宿舍楼没通,因为route没有10、20网段的回程路由,可以直接写两条静态路由甩给coresw
静态路由配置
[route]ip route-static 192.168.10.0 255.255.255.0 192.168.30.254
[route]ip route-static 192.168.20.0 255.255.255.0 192.168.30.254再ping PC1、2主机已经通了
[route]ping 192.168.10.1
PING 192.168.10.1: 56 data bytes, press CTRL_C to break
Request time out
Reply from 192.168.10.1: bytes=56 Sequence=2 ttl=127 time=70 ms
Reply from 192.168.10.1: bytes=56 Sequence=3 ttl=127 time=70 ms
Reply from 192.168.10.1: bytes=56 Sequence=4 ttl=127 time=70 ms
Reply from 192.168.10.1: bytes=56 Sequence=5 ttl=127 time=80 ms
--- 192.168.10.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 70/72/80 ms
[route]ping 192.168.20.1
PING 192.168.20.1: 56 data bytes, press CTRL_C to break
Request time out
Reply from 192.168.20.1: bytes=56 Sequence=2 ttl=127 time=70 ms
Reply from 192.168.20.1: bytes=56 Sequence=3 ttl=127 time=80 ms
Reply from 192.168.20.1: bytes=56 Sequence=4 ttl=127 time=80 ms
Reply from 192.168.20.1: bytes=56 Sequence=5 ttl=127 time=60 ms
--- 192.168.20.1 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 60/72/80 ms
[route]再练习通过动态路由学习到内部地址,把前面添加的静态路由删除
[route]undo ip route-static 192.168.10.0 255.255.255.0 192.168.30.254
[route]undo ip route-static 192.168.20.0 255.255.255.0 192.168.30.254coresw交换机RIP配置
宣告10、20、30网段
[coresw]rip
[coresw-rip-1]version 2
[coresw-rip-1]network 192.168.10.0
[coresw-rip-1]network 192.168.20.0
[coresw-rip-1]network 192.168.30.0
[coresw-rip-1]quit
[coresw]route路由器RIP配置
宣告30网段
再ping教学楼、宿舍楼又可以通了
[route]rip
[route-rip-1]version 2
[route-rip-1]network 192.168.30.0
[route-rip-1]quit
[route]ping 192.168.10.1
PING 192.168.10.1: 56 data bytes, press CTRL_C to break
Request time out
Reply from 192.168.10.1: bytes=56 Sequence=2 ttl=127 time=70 ms
Reply from 192.168.10.1: bytes=56 Sequence=3 ttl=127 time=70 ms
Reply from 192.168.10.1: bytes=56 Sequence=4 ttl=127 time=80 ms
Reply from 192.168.10.1: bytes=56 Sequence=5 ttl=127 time=60 ms
--- 192.168.10.1 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 60/70/80 ms
[route]ping 192.168.20.1
PING 192.168.20.1: 56 data bytes, press CTRL_C to break
Request time out
Reply from 192.168.20.1: bytes=56 Sequence=2 ttl=127 time=70 ms
Reply from 192.168.20.1: bytes=56 Sequence=3 ttl=127 time=90 ms
Reply from 192.168.20.1: bytes=56 Sequence=4 ttl=127 time=60 ms
Reply from 192.168.20.1: bytes=56 Sequence=5 ttl=127 time=80 ms
--- 192.168.20.1 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 60/75/90 ms
[route]再来练习OSPF学习路由,先把上面配置过的coresw、route的rip删除
[coresw]undo rip 1
Warning: The RIP process will be deleted. Continue?[Y/N]y
[coresw]
[route]undo rip 1
Warning: The RIP process will be deleted. Continue?[Y/N]y
[route]coresw交换机配置OSPF
同样宣告10、20、30网段
[coresw]ospf
[coresw-ospf-1]area 0
[coresw-ospf-1-area-0.0.0.0]network 192.168.10.0 0.0.0.255
[coresw-ospf-1-area-0.0.0.0]network 192.168.20.0 0.0.0.255
[coresw-ospf-1-area-0.0.0.0]network 192.168.30.0 0.0.0.255
[coresw-ospf-1-area-0.0.0.0]quit
[coresw-ospf-1]quit
[coresw]route路由器配置OSPF
宣告30网段
配完后ping一下看和教学楼、宿舍楼通了没
[route]ospf
[route-ospf-1]area 0
[route-ospf-1-area-0.0.0.0]network 192.168.30.0 0.0.0.255
[route-ospf-1-area-0.0.0.0]quit
[route-ospf-1]quit
[route]
[route]ping 192.168.10.1
PING 192.168.10.1: 56 data bytes, press CTRL_C to break
Request time out
Reply from 192.168.10.1: bytes=56 Sequence=2 ttl=127 time=70 ms
Reply from 192.168.10.1: bytes=56 Sequence=3 ttl=127 time=70 ms
Reply from 192.168.10.1: bytes=56 Sequence=4 ttl=127 time=60 ms
Reply from 192.168.10.1: bytes=56 Sequence=5 ttl=127 time=70 ms
--- 192.168.10.1 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 60/67/70 ms
[route]ping 192.168.20.1
PING 192.168.20.1: 56 data bytes, press CTRL_C to break
Request time out
Reply from 192.168.20.1: bytes=56 Sequence=2 ttl=127 time=70 ms
Reply from 192.168.20.1: bytes=56 Sequence=3 ttl=127 time=60 ms
Reply from 192.168.20.1: bytes=56 Sequence=4 ttl=127 time=70 ms
Reply from 192.168.20.1: bytes=56 Sequence=5 ttl=127 time=60 ms
--- 192.168.20.1 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 60/65/70 ms
[route]6.配置对外的3台路由器地址
route配置接口ip
g0/0/1:12.1.1.3/24
g0/0/2:23.1.1.3/24
[route]interface gigabitether 0/0/1
[route-GigabitEthernet0/0/1]ip address 12.1.1.3 24
[route-GigabitEthernet0/0/1]quit
[route]interface gigabitether 0/0/2
[route-GigabitEthernet0/0/2]ip address 23.1.1.3 24
[route-GigabitEthernet0/0/2]quit
[route]电信路由器配置
g0/0/0:12.1.1.1/24
g0/0/1:100.1.1.1/24
lo0:1.1.1.1/24
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]sysname dianxin
[dianxin]interface gigabitether 0/0/0
[dianxin-GigabitEthernet0/0/0]ip address 12.1.1.1 24
[dianxin-GigabitEthernet0/0/0]quit
[dianxin]interface gigabitether 0/0/1
[dianxin-GigabitEthernet0/0/1]ip address 100.1.1.1 24
[dianxin-GigabitEthernet0/0/1]quit
[dianxin]interface LoopBack 0
[dianxin-LoopBack0]ip address 1.1.1.1 24
[dianxin-LoopBack0]quit
[dianxin]联通路由器配置
g0/0/0:23.1.1.2/24
g0/0/1:100.1.1.2/24
lo0:2.2.2.2/24
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]sysname liantong
[liantong]interface gigabitether 0/0/0
[liantong-GigabitEthernet0/0/0]ip address 23.1.1.2 24
[liantong-GigabitEthernet0/0/0]quit
[liantong]interface gigabitether 0/0/1
[liantong-GigabitEthernet0/0/1]ip address 100.1.1.2 24
[liantong-GigabitEthernet0/0/1]quit
[liantong]interface LoopBack 0
[liantong-LoopBack0]ip address 2.2.2.2 24
[liantong-LoopBack0]quit
[liantong]这时候3台路由器的各个接口的ip是可以互通的,可以相互ping一下
但是电信和联通的虚拟接口地址是不通的,1.1.1.1和2.2.2.2
可以配置rip相互学习地址
电信路由器配置RIP
[dianxin]rip
[dianxin-rip-1]version 2
[dianxin-rip-1]network 1.0.0.0
[dianxin-rip-1]network 12.0.0.0
[dianxin-rip-1]network 100.0.0.0
[dianxin-rip-1]quit联通路由器配置RIP
[liantong]rip
[liantong-rip-1]version 2
[liantong-rip-1]network 2.0.0.0
[liantong-rip-1]network 23.0.0.0
[liantong-rip-1]network 100.0.0.0
[liantong-rip-1]quit
[liantong]ping 1.1.1.1
PING 1.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 1.1.1.1: bytes=56 Sequence=1 ttl=255 time=60 ms
Reply from 1.1.1.1: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 1.1.1.1: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 1.1.1.1: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 1.1.1.1: bytes=56 Sequence=5 ttl=255 time=30 ms
--- 1.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/30/60 ms
[liantong]电信和联通互通了,相当于模拟现实中的电信和联通运营商互通,但是教学楼和宿舍楼现在访问不了互联网,也就是电信、联通路由器,需要再出口路由器配置nat
7.出口路由器route配置NAT
创建了个基本ACL
匹配了两条规则允许10、20网段的地址通过
应用再g0/0/1、g0/0/2两个出口端口上
[route]acl 2000
[route-acl-basic-2000]rule 5 permit source 192.168.10.0 0.0.0.255
[route-acl-basic-2000]rule 10 permit source 192.168.20.0 0.0.0.255
[route-acl-basic-2000]quit
[route]interface gigabitether 0/0/1
[route-GigabitEthernet0/0/1]nat outbound 2000
[route-GigabitEthernet0/0/1]quit
[route]interface gigabitether 0/0/2
[route-GigabitEthernet0/0/2]nat outbound 2000
[route-GigabitEthernet0/0/2]quit
[route]此时教学楼、宿舍楼的PC还是访问不了互联网(电信、联通路由器),因为核心交换机上没有互联网的地址,所以需要写条默认路由丢给出口路由器
8.核心交换机coresw配置静态路由
不管你找谁我都甩给路由器,5个0和8个0一样,两种写法都可以
[coresw]ip route-static 0.0.0.0 0 192.168.30.3但是现在还不是不能访问到互联网,流量只能到出口路由器上。出口路由器上也需要指定默认路由,这个也是考试的高频考点
9.出口路由器route配置静态路由
需要配置两条静态路由,指向电信运营商和联通运营商
优先走电信运营商访问互联网,设置优先级,默认优先级60,值越小越优先
下面指定了走电信优先级50默认从左边访问互联网,联通航司默认的60
[route]ip route-static 0.0.0.0 0 12.1.1.1 preference 50
[route]ip route-static 0.0.0.0 0 23.1.1.2
[route]quit现在教学楼、宿舍楼访问互联网可以通了
PC>ping 100.1.1.1
Ping 100.1.1.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
From 100.1.1.1: bytes=32 seq=2 ttl=253 time=62 ms
From 100.1.1.1: bytes=32 seq=3 ttl=253 time=79 ms
From 100.1.1.1: bytes=32 seq=4 ttl=253 time=46 ms
From 100.1.1.1: bytes=32 seq=5 ttl=253 time=63 ms
--- 100.1.1.1 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 0/62/79 ms
PC>ping 12.1.1.1
Ping 12.1.1.1: 32 data bytes, Press Ctrl_C to break
From 12.1.1.1: bytes=32 seq=1 ttl=253 time=63 ms
From 12.1.1.1: bytes=32 seq=2 ttl=253 time=62 ms
From 12.1.1.1: bytes=32 seq=3 ttl=253 time=47 ms
From 12.1.1.1: bytes=32 seq=4 ttl=253 time=63 ms
From 12.1.1.1: bytes=32 seq=5 ttl=253 time=62 ms
--- 12.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 47/59/63 ms
PC>10.实现场景1:网络检测,电信链路故障自动走联通
需要再指定静态路由的时候绑定bfd检测规则,所以先删除静态路由,这里不用删除去往联通的静态路由,只需要监测左边的电信网络,故障就删除去往电信的静态路由,就只剩下联通的静态路由就会通过联通访问互联网
出口路由器配置BFD监测
开启bfd功能
bfd 监测名称 绑定 对端ip 源ip
[route]bfd
[route-bfd]quit
[route]bfd dianxin bind peer-ip 12.1.1.1 source-ip 12.1.1.3 auto
[route-bfd-session-dianxin]quit
[route]模拟器里面不支持单边检测,需要在对端电信路由器上也配置bfd监测,实际当中是不需要的
电信路由器配置BFD监测
[dianxin]bfd
[dianxin-bfd]quit
[dianxin]bfd dianxin bind peer-ip 12.1.1.3 source-ip 12.1.1.1 auto
[dianxin-bfd-session-dianxin]quit
[dianxin]BFD监测规则配好了,应用在出口路由器上走往电信的接口上,route左边的g0/0/1
出口路由器上静态路由绑定BFD监测规则
dianxin是前面配置的bfd名称
优先走电信(12.1.1.1)优先级50
当通往电信的线路故障或端口损坏,会自动删除去往电信的静态路由,那是去往右边联通的静态路由会生效通过右边访问互联网。
[route]ip route-static 0.0.0.0 0 12.1.1.1 preference 50 track bfd-session dianxin
Info: Succeeded in modifying route.
[route]跟踪路由已经实现效果了
11.实现场景2:教学楼走电信,宿舍走联通
通过配置策略路由实现,先把前面在出口路由器上配置的两条默认路由删除
[route]undo ip route-static 0.0.0.0 0.0.0.0 12.1.1.1
[route]undo ip route-static 0.0.0.0 0.0.0.0 23.1.1.2策略路由配置
第一步配置ACL匹配流量
创建两个acl,2001匹配教学楼的流量,2002匹配宿舍楼的流量
[route]acl 2001
[route-acl-basic-2001]rule 10 permit source 192.168.10.0 0.0.0.255
[route-acl-basic-2001]quit
[route]acl 2002
[route-acl-basic-2002]rule 20 permit source 192.168.20.0 0.0.0.255
[route-acl-basic-2002]quit
[route]第二步流分类
第一个流量分类名称叫jiaoxue,绑定acl2001
第二个叫宿舍,绑定acl2002
[route]traffic classifier jiaoxue
[route-classifier-jiaoxue]if-match acl 2001
[route-classifier-jiaoxue]quit
[route]traffic classifier sushe
[route-classifier-sushe]if-match acl 2002
[route-classifier-sushe]quit
[route]第三步流行为
第一个行为去往电信叫re-dianxin,设置下一跳地址12.1.1.1
第二个去联通的叫re-liantong,设置下一跳地址23.1.1.12
[route]traffic behavior re-dianixn
[route-behavior-re-dianixn]redirect ip-nexthop 12.1.1.1
[route-behavior-re-dianixn]quit
[route]traffic behavior re-liantong
[route-behavior-re-liantong]redirect ip-nexthop 23.1.1.2
[route-behavior-re-liantong]quit
[route]第四步流策略
策略名p
流分类jiaoxue和流行为re-dianxing绑定
流分类sushe和流行为re-liantong绑定
[route]traffic policy p
[route-trafficpolicy-p]classifier jiaoxue behavior re-dianixn
[route-trafficpolicy-p]classifier sushe behavior re-liantong
[route-trafficpolicy-p]quit
[route]第五步在入接口应用略测路由
进入g0/0/0接口应用
[route]interface gigabitether 0/0/0
[route-GigabitEthernet0/0/0]traffic-policy p inbound
[route-GigabitEthernet0/0/0]quit
[route]测试是否成功
PC1跟踪路由,教学楼访问哪边都是走的电信
PC>
PC>tracert 12.1.1.1
traceroute to 12.1.1.1, 8 hops max
(ICMP), press Ctrl+C to stop
1 192.168.10.254 32 ms 46 ms 32 ms
2 * * *
3 12.1.1.1 62 ms 63 ms 62 ms
PC>tracert 23.1.1.2
traceroute to 23.1.1.2, 8 hops max
(ICMP), press Ctrl+C to stop
1 192.168.10.254 31 ms 47 ms 31 ms
2 * * *
3 12.1.1.1 78 ms 63 ms 62 ms
4 23.1.1.2 94 ms 78 ms 94 ms
PC>PC2跟踪路由,宿舍楼访问哪边都是走的联通
PC>tracert 12.1.1.1
traceroute to 12.1.1.1, 8 hops max
(ICMP), press Ctrl+C to stop
1 192.168.20.254 32 ms 46 ms 47 ms
2 * * *
3 23.1.1.2 47 ms 94 ms 62 ms
4 12.1.1.1 63 ms 94 ms 109 ms
PC>tracert 23.1.1.2
traceroute to 23.1.1.2, 8 hops max
(ICMP), press Ctrl+C to stop
1 192.168.20.254 47 ms 31 ms 47 ms
2 * * *
3 23.1.1.2 47 ms 78 ms 62 ms
12.实现场景3:访问电信服务器走电信,访问联通服务器走联通
实现配置和场景2一样的,只需要修改ACL匹配流量,从匹配源改成匹配目的地址即可,匹配目的地址得用高级ACL
创建两条高级ACL,匹配任意地址到1.1.1.1和任意地址到达2.2.2.2
[route]acl 3001
[route-acl-adv-3001]rule 10 permit ip source 0.0.0.0 255.255.255.255 destination
1.1.1.1 0.0.0.0
[route-acl-adv-3001]quit
[route]acl 3002
[route-acl-adv-3002]rule 20 permit ip source 0.0.0.0 255.255.255.255 destination
2.2.2.2 0.0.0.0修改流分类
教学(现在充当电信的服务器)的2001改成3001
宿舍(现在充当联通的服务器)的2002改成3002
[route]traffic classifier jiaoxue
[route-classifier-jiaoxue]undo if-match acl 2001
[route-classifier-jiaoxue]if-match acl 3001
[route-classifier-jiaoxue]quit
[route]traffic classifier sushe
[route-classifier-sushe]undo if-match acl 2002
[route-classifier-sushe]if-match acl 3002
[route-classifier-sushe]quit
[route]验证
PC1跟踪路由,可以看到去电信或联通服务器只有3跳,显示***代表配置了NAT或者防火墙以及其他安全过滤策略 ,说明访问谁的服务器就往谁的那边走,如果绕了一下会不止3跳
PC>tracert 1.1.1.1
traceroute to 1.1.1.1, 8 hops max
(ICMP), press Ctrl+C to stop
1 192.168.10.254 31 ms 47 ms 47 ms
2 * * *
3 1.1.1.1 47 ms 62 ms 79 ms
PC>tracert 2.2.2.2
traceroute to 2.2.2.2, 8 hops max
(ICMP), press Ctrl+C to stop
1 192.168.10.254 31 ms 47 ms 47 ms
2 * * *
3 2.2.2.2 47 ms 93 ms 63 ms
PC>PC2跟路路由路径,一样都是到网关→出口路由NAT→运营商服务器
PC>tracert 1.1.1.1
traceroute to 1.1.1.1, 8 hops max
(ICMP), press Ctrl+C to stop
1 192.168.20.254 32 ms 47 ms 46 ms
2 * * *
3 1.1.1.1 47 ms 63 ms 62 ms
PC>tracert 2.2.2.2
traceroute to 2.2.2.2, 8 hops max
(ICMP), press Ctrl+C to stop
1 192.168.20.254 31 ms 47 ms 47 ms
2 * * *
3 2.2.2.2 78 ms 63 ms 78 ms
PC>
评论区