• 路由器R1的IS-IS进程中引入直连路由时,过滤172.16开头为奇数的路由

[R1]acl number 2000
 [R1-acl-basic-2000]rule 10 deny source 172.16.1.0 0.0.254.0
 [R1-acl-basic-2000]rule 20 permit
 [R1]isis 1
 [R1-isis-1]is-level level-2
 [R1-isis-1]network-entity 49.0001.1111.1111.1111.00
 [R1-isis-1]import-route direct
 [R1-isis-1]filter-policy 2000 export direct

  • 路由器R2的OSPF进程引入IS-IS路由时只允许172.16开头的第三位被4整除的路由

[R2]acl number 2000
 [R2-acl-basic-2000]rule 10 permit source 172.16.0.0 0.0.252.0
 [R2]ospf 1
 [R2-ospf-1]import-route isis 1
 [R2-ospf-1]filter-policy 2000 export isis 1
 [R2]isis 1
 [R2-isis-1]is-level level-2
 [R2-isis-1]network-entity 49.0001.2222.2222.2222.00
 [R2-isis-1]import-route ospf 1

  • 路由器R3的OSPF进程中只允许172.16开头第三位被8整除的路由进入路由表

[R3]acl number 2000
 [R3-acl-basic-2000]rule 10 permit source 172.16.0.0 0.0.248.0
 [R3]ospf 1
 [R3-ospf-1]filter-policy 2000 import

本地策略路由

本地策略路由配置举例,如下图所示,路由器R1和R2之间配置静态路由到达对方的环回 接口0。现通过配置本地策略路由实现大小为64-100字节的数据包选择上边的链路,大小 为101-500字节的数据包选择下面的链路,所有其他长度的数据包都按基于目的地址的方 法进行路由选路。

  • 路由器R1配置本地策略路由

[R1]policy-based-route LP permit node 10
 [R1-policy-based-route-LP-10]if-match packet-length 64 100 
[R1-policy-based-route-LP-10]apply ip-address next-hop 172.16.12.2 
[R1]policy-based-route LP permit node 20
 [R1-policy-based-route-LP-20]if-match packet-length 101 500 
[R1-policy-based-route-LP-20]apply ip-address next-hop 172.16.21.2
 [R1]iplocal policy-based-route LP

标签

Hybrid端口允许多个VLAN的帧通过,并可以在出端口方向将某些VLAN帧的Tag剥掉

关于VLAN标签

剥离标签

port default vlan 3

[SWA]vlan 2
[SWA-vlan2]port GigabitEthernet 0/0/7
[SWA-vlan2]quit
[SWA]interface GigabitEthernetO/0/5
[SWA-GigabitEthernetO/0/5]port default vlan 3

标签不变

port trunk allow-pass vlan 2 3

[SWA-GigabitEthernet0/0/1]port link-type trunk
[SWA-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 3

MUX VLAN

[S1]vlan batch 2 201 to 202
 [S1]vlan 2
 [S1-vlan2] mux-vlan
 [S1-vlan2] subordinate separate 202
 [S1-vlan2] subordinate group 201
 [S1]interface GigabitEthernet0/0/1
 [S1-GigabitEthernet0/0/1] port link-type access
 [S1-GigabitEthernet0/0/1] port default vlan 201
 [S1-GigabitEthernet0/0/1] port mux-vlan enable

[S1]interface GigabitEthernet0/0/4
 [S1-GigabitEthernet0/0/2] port link-type access
 [S1-GigabitEthernet0/0/2] port default vlan 202
 [S1-GigabitEthernet0/0/2] port mux-vlan enable
 [S1]interface GigabitEthernet0/0/3
 [S1-GigabitEthernet0/0/3] port link-type access
 [S1-GigabitEthernet0/0/3] port default vlan 2
 [S1-GigabitEthernet0/0/3] port mux-vlan enable

[S1]interface GigabitEthernet0/0/4
 [S1-GigabitEthernet0/0/2] port link-type access
 [S1-GigabitEthernet0/0/2] port default vlan 202
 [S1-GigabitEthernet0/0/2] port mux-vlan enable
 [S1]interface GigabitEthernet0/0/3
 [S1-GigabitEthernet0/0/3] port link-type access
 [S1-GigabitEthernet0/0/3] port default vlan 2
 [S1-GigabitEthernet0/0/3] port mux-vlan enable