1、实验拓扑图
2、实验目标
策略路由可以设置如下参数:限速(car Specify CAR (Committed Access Rate) feature)、下一跳路由(redirect Redirect packets)、优先级、队列(queue Specify queue feature )等待,可以根据需求来规划和配置网络带宽资源
3、实验配置
3.1定义感应兴趣流(只能使用ACL)
acl number 3000 //定义高级访问控制列表
rule 5 perimit IP source 10.1.1.0 0.0.0.255 destination 172.16.1.1 0.0.0.0
//非接口调用,判断是否匹配,默认一条隐含拒绝“rule deny IP source any destination any”
3.2 定义流量类
traffic classic c1 operator or //定义流量类
if-match acl 3000 //匹配访问控制列表
注意:
or:只要匹配任意一条if-mach语句就属于定义这个类。 and:如果我们把or改为and就是要同时匹配所有if-mach语句才属于定义的这个类 如果报文不匹配策略路由,则按照默认基于DIP的查表转发。
3.3 定义流行为
traffic behavior b1//定义行为
permit //执行动作
3.4定义流策略
traffic policy p1
classifier c1 behavior b1 //将流量类与流行为关联
3.5 将流策略应用于接口
int g0/0/0
traffic-policy p1 outbound //方向
4、配置实例
[V200R003C00]
#
sysname r2
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
acl number 3000
rule 5 permit ip source 10.1.1.0 0.0.0.255 destination 172.16.1.1 0
rule 10 deny ip
#
traffic classifier c1 operator or
if-match acl 3000
#
traffic behavior b1
#
traffic policy p1
classifier c1 behavior b1
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 20.1.1.1 255.255.255.0
traffic-policy p1 outbound
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ip route-static 172.16.0.0 255.255.255.0 GigabitEthernet0/0/1 20.1.1.2
ip route-static 172.16.1.1 255.255.255.255 20.1.1.2
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<r2>