华为策略路由配置实例1、组网需求?????????????????图1?策略路由组网示例图????公司希望上送外部网络的报文中,IP优先级为4、5、6、7的报文通过高速链路传输,而IP优先级为0、1、2、3的报文则通过低速链路传输。
2、配置思路1、创建VLAN并配置各接口,实现公司和外部网络设备互连。
2、配置ACL规则,分别匹配IP优先级4、5、6、7,以及IP优先级0、1、2、3。
3、配置流分类,匹配规则为上述ACL规则,使设备可以对报文进行区分。
5、配置流策略,绑定上述流分类和流行为,并应用到接口GE2/0/1的入方向上,实现策略路由。
3、操作步骤3.1、创建VLAN并配置各接口#?在Switch上创建VLAN100和VLAN200。
<HUAWEI>?system-view[HUAWEI]?sysnameSwitch[Switch]?vlanbatch100200#?配置Switch上接口GE1/0/1、GE1/0/2和GE2/0/1的接口类型为Trunk,并加入VLAN100和VLAN200。
[Switch]?interfacegigabitethernet1/0/1[Switch-GigabitEthernet1/0/1]?portlink-typetrunk[Switch-GigabitEthernet1/0/1]?porttrunkallow-passvlan100200[Switch-GigabitEthernet1/0/1]?quit[Switch]?interfacegigabitethernet1/0/2[Switch-GigabitEthernet1/0/2]?portlink-typetrunk[Switch-GigabitEthernet1/0/2]?porttrunkallow-passvlan100200[Switch-GigabitEthernet1/0/2]?quit[Switch]?interfacegigabitethernet2/0/1[Switch-GigabitEthernet2/0/1]?portlink-typetrunk[Switch-GigabitEthernet2/0/1]?porttrunkallow-passvlan100200[Switch-GigabitEthernet2/0/1]?quit配置LSW与Switch对接的接口为Trunk类型接口,并加入VLAN100和VLAN200。
#?创建VLANIF100和VLANIF200,并配置各虚拟接口IP地址。
[Switch]?interfacevlanif100[Switch-Vlanif100]?ipaddress24[Switch-Vlanif100]?quit[Switch]?interfacevlanif200[Switch-Vlanif200]?ipaddress24[Switch-Vlanif200]?quit3.2、配置ACL规则#?在Switch上创建编码为3001、3002的高级ACL,规则分别为允许IP优先级0、1、2、3和允许IP优先级4、5、6、7的报文通过。
[Switch]?acl3001[Switch-acl-adv-3001]?rulepermitipprecedence0[Switch-acl-adv-3001]?rulepermitipprecedence1[Switch-acl-adv-3001]?rulepermitipprecedence2[Switch-acl-adv-3001]?rulepermitipprecedence3[Switch-acl-adv-3001]?quit[Switch]?acl3002[Switch-acl-adv-3002]?rulepermitipprecedence4[Switch-acl-adv-3002]?rulepermitipprecedence5[Switch-acl-adv-3002]?rulepermitipprecedence6[Switch-acl-adv-3002]?rulepermitipprecedence7[Switch-acl-adv-3002]?quit3.3、配置流分类在Switch上创建流分类c1、c2,匹配规则分别为ACL3001和ACL3002。
[Switch]?trafficclassifierc1operatorand[Switch-classifier-c1]?if-matchacl3001[Switch-classifier-c1]?quit[Switch]?trafficclassifierc2operatorand[Switch-classifier-c2]?if-matchacl3002[Switch-classifier-c2]?quit3.4、配置流行为#?[Switch]?trafficbehaviorb1[Switch-behavior-b1]?redirectip-nexthop[Switch-behavior-b1]?quit[Switch]?trafficbehaviorb2[Switch-behavior-b2]?redirectip-nexthop[Switch-behavior-b2]?quit3.5、配置流策略并应用到接口上#?在Switch上创建流策略p1,将流分类和对应的流行为进行绑定。
[Switch]?trafficpolicyp1[Switch-trafficpolicy-p1]?classifierc1behaviorb1[Switch-trafficpolicy-p1]?classifierc2behaviorb2[Switch-trafficpolicy-p1]?quit#?将流策略p1应用到接口GE2/0/1的入方向上。
[Switch]?interfacegigabitethernet2/0/1[Switch-GigabitEthernet2/0/1]?traffic-policyp1inbound [Switch-GigabitEthernet2/0/1]?return3.6、验证配置结果#?查看ACL规则的配置信息。
<Switch>?displayacl3001AdvancedACL3001,4rulesAcl'sstepis5?rule5permitipprecedenceroutine(match-counter0)?rule10permitipprecedencepriority(match-counter0)?rule15permitipprecedenceimmediate(match-counter0)?rule20permitipprecedenceflash(match-counter0)<Switch>?displayacl3002AdvancedACL3002,4rulesAcl'sstepis5?rule5permitipprecedenceflash-override(match-counter0) ?rule10permitipprecedencecritical(match-counter0)?rule15permitipprecedenceinternet(match-counter0)?rule20permitipprecedencenetwork(match-counter0) #?查看流分类的配置信息。
<Switch>?displaytrafficclassifieruser-defined?UserDefinedClassifierInformation:???Classifier:c1?????Precedence:5?????Operator:AND?????Rule(s):?if-matchacl3001???Classifier:c2????Precedence:10????Operator:AND????Rule(s):if-matchacl3002 Totalclassifiernumberis2?#?查看流策略的配置信息。
<Switch>?displaytrafficpolicyuser-definedp1?UserDefinedTrafficPolicyInformation:?Policy:p1??Classifier:c1???Operator:AND????Behavior:b1?????Redirect:noforced ???????Redirectip-nexthop??Classifier:c2???Operator:AND????Behavior:b2?????Redirect:noforced ???????Redirectip-nexthop4、配置文件Switch的配置文件#sysnameSwitch#vlanbatch100200#aclnumber3001?rule5permitipprecedenceroutine?rule10permitipprecedencepriority?rule15permitipprecedenceimmediate ?rule20permitipprecedenceflash#aclnumber3002?rule5permitipprecedenceflash-override ?rule10permitipprecedencecritical?rule15permitipprecedenceinternet?rule20permitipprecedencenetwork#trafficclassifierc1operatorandprecedence5 ?if-matchacl3001trafficclassifierc2operatorandprecedence10 ?if-matchacl3002#trafficbehaviorb1?redirectip-nexthoptrafficbehaviorb2?redirectip-nexthop#trafficpolicyp1match-orderconfig?classifierc1behaviorb1?classifierc2behaviorb2#interfaceVlanif100?ipaddress#interfaceVlanif200?ipaddress#interfaceGigabitEthernet1/0/1 ?portlink-typetrunk?porttrunkallow-passvlan100200 # interfaceGigabitEthernet1/0/2 ?portlink-typetrunk?porttrunkallow-passvlan100200 # interfaceGigabitEthernet2/0/1 ?portlink-typetrunk?porttrunkallow-passvlan100200 ?traffic-policyp1inbound#return。