路由策略策略工具—route-policy（策略路由作用）

路由策略策略工具—route-policy（策略路由作用）

route-policy的用途

router-policy是一种功能非常强大的路由策略工具，它可以灵活地与ACL、IP-Prefix list、As-Path-Filter等其他工具配合使用

route-policy的组成

route-policy route-policy-name {permit|deny} node node

if-match {acl/cost/interface/ip next-hop/|ip-prefix}

apply {acl/cost/interface/ip next-hop/ip-prefix}

注意：route-policy由若干个node构成，node之间是“或”的关系（满足其中一个条件即可），且每个node下可以有若干个if-match和apply子句，if-match之间是“与”的关系（既要满足条件1，同时需要满足条件2）。

​特别注意：最后为拒绝没有被允许的通过​

route-policy 实例

R1:

display current-configuration

#

sysname r1

#

acl number 2001

rule 5 deny source 192.168.2.0 0.0.0.255

rule 10 permit source 192.168.1.0 0.0.0.255

#

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#

local-user admin service-type zone Local

priority 16

#

interface Ethernet0/0/0

#

interface Ethernet0/0/1

#

interface Serial0/0/0

link-protocol ppp

#

interface Serial0/0/1

link-protocol ppp

#

interface Serial0/0/2

link-protocol ppp

#

interface Serial0/0/3

link-protocol ppp

#

interface GigabitEthernet0/0/0

ip address 192.168.1.1 255.255.255.0

#

interface GigabitEthernet0/0/1

ip address 192.168.2.1 255.255.255.0

#

interface GigabitEthernet0/0/2

ip address 10.1.1.1 255.255.255.252

#

interface GigabitEthernet0/0/3

#

wlan

#

interface NULL0

#

interface LoopBack0

ip address 1.1.1.1 255.255.255.255

#

ospf 1 router-id 1.1.1.1

import-route direct route-policy policy_1

area 0.0.0.0

network 10.1.1.0 0.0.0.3

#

route-policy policy_1 permit node 10

if-match acl 2001

#

user-interface con 0

user-interface vty 0 4

user-interface vty 16 20

#

R2:

display current-configuration

#

sysname r2

#

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#

local-user admin service-type zone Local

priority 16

#

interface Ethernet0/0/0

#

interface Ethernet0/0/1

#

interface Serial0/0/0

link-protocol ppp

#

interface Serial0/0/1

link-protocol ppp

#

interface Serial0/0/2

link-protocol ppp

#

interface Serial0/0/3

link-protocol ppp

#

interface GigabitEthernet0/0/0

ip address 192.168.3.1 255.255.255.0

#

interface GigabitEthernet0/0/1

ip address 192.168.4.1 255.255.255.0

#

interface GigabitEthernet0/0/2

ip address 10.1.1.2 255.255.255.252

#

interface GigabitEthernet0/0/3

#

wlan

#

interface NULL0

#

interface LoopBack0

ip address 2.2.2.2 255.255.255.255

#

ospf 1 router-id 2.2.2.2

import-route direct

area 0.0.0.0

network 10.1.1.0 0.0.0.3

#

user-interface con 0

user-interface vty 0 4

user-interface vty 16 20

#

return

​

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。