至顶网›网络频道 ›CCIE之路——路由过滤命令详解

CCIE之路——路由过滤命令详解

扫一扫
分享文章到微信
扫一扫
关注官方公众号
至顶头条

Route Maps类似于access lists，不同之处在于Route Maps可以改变Packets/Routes的部分属性。

来源：chinaitlab 2008年1月5日

<1> Standard ACL

interface Serial 0
   ip address 172.16.5.1 255.255.255.0
   ip policy route-map sense
!
access-list 1 permit 172.16.6.0 0.0.0.255
access-list 2 permit 172.16.7.0 0.0.0.255
!
route-map sense permit 10
   match ip address 1
   set ip next-hop 172.16.4.2
!
route-map sense permit 20
   match ip address 2
   set ip next-hop 172.16.4.3

　　<2> Extended ACL

interface Ethernet 0
   ip address 172.16.1.4 255.255.255.0
   ip policy route-map sense
!
access-list 105 permit tcp 172.16.1.0 0.0.0.255 eq ftp any
access-list 105 permit tcp 172.16.1.0 0.0.0.255 eq ftp-data any
access-list 106 permit tcp 172.16.1.0 0.0.0.255 eq telnet any
!
route-map sense permit 10
   match ip address 105
   set ip next-hop 172.16.2.1
!
route-map sense permit 20
   match ip address 106
   set ip next-hop 172.16.3.1

　　<3> Length of the Packets

interface Ethernet0
   ip address 172.16.1.4 255.255.255.0
   ip policy route-map sense
!
route-map sense permit 10
   match length 1000 1600
   set ip next-hop 172.16.2.1
!
route-map sense permit 20
   match length 0 400
   set ip next-hop 172.16.3.1

　　<4> Router's Packets

interface Ethernet0
   ip address 172.16.1.4 255.255.255.0
   ip policy route-map sense
!
ip local policy route-map sense
!
access-list 120 permit ip any 172.16.1.0 0.0.0.255
access-list 120 permit ospf any any
!
route-map sense permit 10
   match ip address 120
!
route-map sense permit 20
   match length 1000 1600
   set ip next-hop 172.16.2.1
!
route-map sense permit 30
   match length 0 400
   set ip next-hop 172.16.3.1

　　注：如果没有第一个route-map条目，router本身的Packets及OSPF的Packets都会由于后两个route-map语句被转发到错误的地址。

CCIE之路——路由过滤命令详解

业界热点: