華為交換機策略路由配置

 

 

 配置策略路由（基於IP地址）示例

組網需求

如圖13-1所示，匯聚層Switch做三層轉發設備，接入層設備LSW做用戶網關，接入層LSW和匯聚層Switch之間路由可達。匯聚層Switch通過兩條鏈路連接到兩個核心路由器上，一條是低速鏈路，網關為10.1.20.1/24；另外一條是高速鏈路，網關為10.1.30.1/24。

公司希望匯聚層Switch上送到核心層設備的報文中，源IP地址為192.168.100.0/24的報文通過高速鏈路傳輸，而源IP地址為192.168.101.0/24的報文則通過低速鏈路傳輸。 

 

配置思路

采用重定向方式實現策略路由，進而提供差分服務，具體配置思路如下：

1. 創建VLAN並配置各接口，實現公司和外部網絡設備互連。
2. 配置ACL規則，分別匹配源IP地址為192.168.100.0/24和192.168.101.0/24的報文。
3. 配置流分類，匹配規則為上述ACL規則，使設備可以對報文進行區分。
4. 配置流行為，使滿足不同規則的報文分別被重定向到10.1.20.1/24和10.1.30.1/24。
5. 配置流策略，綁定上述流分類和流行為，並應用到接口GE0/0/3的入方向上，實現策略路由。

操作步驟

1. 創建VLAN並配置各接口

    

   # 在Switch上創建VLAN100和VLAN200。

   <HUAWEI> system-view
   [HUAWEI] sysname Switch [Switch] vlan batch 100 200

   # 配置Switch上接口GE0/0/1、GE0/0/2和GE0/0/3的接口類型為Trunk，並加入VLAN100和VLAN200。

   [Switch] interface gigabitethernet 0/0/1
   [Switch-GigabitEthernet0/0/1] port link-type trunk [Switch-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 200 [Switch-GigabitEthernet0/0/1] quit [Switch] interface gigabitethernet 0/0/2 [Switch-GigabitEthernet0/0/2] port link-type trunk [Switch-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 200 [Switch-GigabitEthernet0/0/2] quit [Switch] interface gigabitethernet 0/0/3 [Switch-GigabitEthernet0/0/3] port link-type trunk [Switch-GigabitEthernet0/0/3] port trunk allow-pass vlan 100 200 [Switch-GigabitEthernet0/0/3] quit

   # 創建VLANIF100和VLANIF200，並配置各虛擬接口IP地址。

   [Switch] interface vlanif 100 [Switch-Vlanif100] ip address 10.1.20.2 24 [Switch-Vlanif100] quit [Switch] interface vlanif 200 [Switch-Vlanif200] ip address 10.1.30.2 24 [Switch-Vlanif200] quit

    

2. 配置ACL規則

    

   # 在Switch上創建編碼為3001、3002的高級ACL，規則分別為允許源IP地址為192.168.100.0/24和192.168.101.0/24的報文通過。

   [Switch] acl 3001
   [Switch-acl-adv-3001] rule permit ip source 192.168.100.0 0.0.0.255 [Switch-acl-adv-3001] quit [Switch] acl 3002 [Switch-acl-adv-3002] rule permit ip source 192.168.101.0 0.0.0.255 [Switch-acl-adv-3002] quit

    

3. 配置流分類

    

   在Switch上創建流分類c1、c2，匹配規則分別為ACL 3001和ACL 3002。

   [Switch] traffic classifier c1 operator or
   [Switch-classifier-c1] if-match acl 3001 [Switch-classifier-c1] quit [Switch] traffic classifier c2 operator or [Switch-classifier-c2] if-match acl 3002 [Switch-classifier-c2] quit

    

4. 配置流行為

    

   # 在Switch上創建流行為b1、b2，並分別指定重定向到10.1.20.1/24和10.1.30.1/24的動作。

   [Switch] traffic behavior b1
   [Switch-behavior-b1] redirect ip-nexthop 10.1.20.1 [Switch-behavior-b1] quit [Switch] traffic behavior b2 [Switch-behavior-b2] redirect ip-nexthop 10.1.30.1 [Switch-behavior-b2] quit

    

5. 配置流策略並應用到接口上

    

   # 在Switch上創建流策略p1，將流分類和對應的流行為進行綁定。

   [Switch] traffic policy p1
   [Switch-trafficpolicy-p1] classifier c1 behavior b1 [Switch-trafficpolicy-p1] classifier c2 behavior b2 [Switch-trafficpolicy-p1] quit

   # 將流策略p1應用到接口GE0/0/3的入方向上。

   [Switch] interface gigabitethernet 0/0/3
   [Switch-GigabitEthernet0/0/3] traffic-policy p1 inbound [Switch-GigabitEthernet0/0/3] return

    

6. 驗證配置結果

    

   # 查看ACL規則的配置信息。

   <Switch> display acl 3001
   Advanced ACL 3001, 1 rule
   Acl's step is 5
    rule 5 permit ip source 192.168.100.0 0.0.0.255 (match-counter 0)

   <Switch> display acl 3002
   Advanced ACL 3002, 1 rule
   Acl's step is 5
    rule 5 permit ip source 192.168.101.0 0.0.0.255 (match-counter 0)

   # 查看流分類的配置信息。

   <Switch> display traffic classifier user-defined
     User Defined Classifier Information:
       Classifier: c2
        Operator: OR
        Rule(s) :if-match acl 3002
           
       Classifier: c1
         Operator: OR
         Rule(s) : if-match acl 3001
   
   Total classifier number is 2   
   

   # 查看流策略的配置信息。

   <Switch> display traffic policy user-defined p1
     User Defined Traffic Policy Information:
     Policy: p1
      Classifier: c1
       Operator: OR
        Behavior: b1
         Redirect: no forced
    Redirect ip-nexthop
    10.1.20.1
      Classifier: c2
       Operator: OR
        Behavior: b2
         Redirect: no forced
    Redirect ip-nexthop
    10.1.30.1

    

配置文件

• Switch的配置文件

  #
  sysname Switch
  #
  vlan batch 100 200 
  #
  acl number 3001
   rule 5 permit ip source 192.168.100.0 0.0.0.255
  acl number 3002
   rule 5 permit ip source 192.168.101.0 0.0.0.255
  #
  traffic classifier c1 operator or
   if-match acl 3001
  traffic classifier c2 operator or
   if-match acl 3002
  #
  traffic behavior b1
   redirect ip-nexthop 10.1.20.1
  traffic behavior b2
   redirect ip-nexthop 10.1.30.1
  #
  traffic policy p1 match-order config
   classifier c1 behavior b1
   classifier c2 behavior b2
  #
  interface Vlanif100
   ip address 10.1.20.2 255.255.255.0
  #
  interface Vlanif200
   ip address 10.1.30.2 255.255.255.0
  #
  interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 100 200 # interface GigabitEthernet0/0/2 port link-type trunk port trunk allow-pass vlan 100 200 # interface GigabitEthernet0/0/3 port link-type trunk port trunk allow-pass vlan 100 200 traffic-policy p1 inbound # return 

 摘自官方，博主匯總