Archive for 9月 2009

H3C交换机(S5500)策略路由配置笔记续:H3C S7506配置策略路由

这次是在H3C S7506E上配置策略路由,和上次的在S5500上的配置有些区别,上次是所有的以172.16.1.0开头的数据包都往172.16.100。253上丢,而这次是做两个流行为,具体实现的效果为:

当源地址为172.16.1.0,而目的地址为192.168.2.0(服务器网段)的数据包,则不跳至172.16.100.253上,把它过滤掉,使它直接使用交换机的静态路由,而其它数据包的下一跳都为172.16.100.253。

网络环境和这篇一样,配置步骤如下:

1、首先建立默认路由,将所有的数据包都丢往出口2的下一节点192.168.100.253

[H3C7506E] ip route-static 0.0.0.0 0.0.0.0 192.168.100.253

2、配置流分类1,对象为172.16.1.0/24的数据

[H3C7506E]acl number 3001
[H3C7506E-acl-adv-3001] rule 0 deny ip source 172.16.1.0 0.0.0.255 dest 192.168.2.0 0.0.0.255
[H3C7506E] quit
[H3C7506E] traffic classifier 1
[H3C7506E-classifier-1] if-match acl 3001
[H3C7506E-classifier-1] quit

3、配置刚才定义的流分类的行为,定义如果匹配则允许

[H3C7506E] traffic behavior 1
[H3C7506E-behavior-1] filter permit
[H3C7506E-behavior-1] quit

4、配置流分类2,对象仍为172.16.1.0、24

[H3C7506E]acl number 3002
[H3C7506E-acl-adv-3002] rule 0 permit ip source 172.16.1.0 0.0.0.255
[H3C7506E] quit
[H3C7506E] traffic classifier 2
[H3C7506E-classifier-2] if-match acl 3002
[H3C7506E-classifier-2] quit

5、配置刚才定义的流分类的行为,定义如果匹配就下一跳至出口1即172.16.100.253

[H3C7506E] traffic behavior 2
[H3C7506E-behavior-2] redirect next-hop 172.16.100.253
[H3C7506E-behavior-2] quit

6、将刚才设置的应用至QOS策略中,定义policy 1

[H3C7506E] qos policy 1
[H3C7506E-qospolicy-2] classifier 1 behavior 1
[H3C7506E-qospolicy-2] classifier 2 behavior 2
[H3C7506E-qospolicy-2] quit

7、在接口上应用定义的QOS策略policy 1

[H3C7506E] interface GigabitEthernet 1/0/15
[H3C7506E-GigabitEthernet1/0/15] qos apply policy 1 inbound
[H3C7506E-GigabitEthernet1/0/15] quit

至此,配置已完成。