当前位置：首页 > news >正文

网站分哪几类在线网页代理访问

news 2025/9/12 22:11:30

网站分哪几类,在线网页代理访问,微信视频号小店,免费签名设计测试拓扑基本描述：按照图示配置IP地址，其次打通路由，这里将忽略，让R5 Loopback的IP地址可以访问R1的Loopback的IP地址。 R4#sho run | i ip route ... ip route 5.5.5.0 255.255.255.0 45.1.1.5 ip route 5.5.5.1 255.255.255.25…

测试拓扑

基本描述：按照图示配置IP地址，其次打通路由，这里将忽略，让R5 Loopback的IP地址可以访问R1的Loopback的IP地址。

R4#sho run | i ip route
...
ip route 5.5.5.0 255.255.255.0 45.1.1.5
ip route 5.5.5.1 255.255.255.255 45.1.1.5
ip route 5.5.5.2 255.255.255.255 45.1.1.5
ip route 5.5.5.3 255.255.255.255 45.1.1.5
ip route 5.5.5.4 255.255.255.255 45.1.1.5
R4#

R1#sho run | s ip route
ip route 5.5.5.0 255.255.255.0 12.1.1.2
ip route 5.5.5.0 255.255.255.0 13.1.1.3

特别说明：R4到1.1.1.1的路由是EX以及Static，下一跳分别到R2和R3。

1、先看重分布+Route-map问题

重分布可以使用扩展ACL去为Route-map抓取条目吗？此时的主角是R4，R4上重分布了到R5 Loopback 的静态路由，如下所示：

R4#sho run | s r e
router eigrp 1redistribute static route-map cisconetwork 24.1.1.0 0.0.0.255no auto-summary

而挂的route-map如下所示：

R4#sho run | s route-map
...
route-map cisco deny 5match ip address ok
route-map cisco permit 10match ip address cisco
R4#

此时有两条匹配的ACL，ok和cisco，查看ACL。

R4#sho ip access-lists
Standard IP access list ok10 permit 5.5.5.1 (6 matches)20 permit 5.5.5.2 (4 matches)
Extended IP access list cisco10 deny ip host 5.5.5.1 host 1.1.1.120 deny ip host 5.5.5.2 host 1.1.1.130 permit ip 5.5.5.0 0.0.0.255 any (60 matches)

可以看到匹配的情况只有standard的ACL和Extended的rule 30.而此时R2学习到的路由是符合预期的，deny掉了5.5.5.1和5.5.5.2

R2#sho ip ro eigrp5.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
D EX    5.5.5.4/32 [170/307200] via 24.1.1.4, 00:07:39, Ethernet0/1
D EX    5.5.5.0/24 [170/307200] via 24.1.1.4, 00:07:39, Ethernet0/1
D EX    5.5.5.3/32 [170/307200] via 24.1.1.4, 00:07:39, Ethernet0/1
R2#

如果我们将ok中的ACL换成扩展的ACL看情况如何？

R4(config)#no ip access st ok
R4(config)#ip access ex ok
R4(config-ext-nacl)#permit ip host 5.5.5.1 host 1.1.1.1
R4(config-ext-nacl)#permit ip host 5.5.5.2 host 1.1.1.1
R4(config-ext-nacl)#end
R4#

观察R2学习的路由情况：可以看到5.5.5.1和5.5.5.2均能学习到。

R2#sho ip ro eigrp5.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
D EX    5.5.5.4/32 [170/307200] via 24.1.1.4, 00:00:43, Ethernet0/1
D EX    5.5.5.1/32 [170/307200] via 24.1.1.4, 00:00:43, Ethernet0/1
D EX    5.5.5.0/24 [170/307200] via 24.1.1.4, 00:00:43, Ethernet0/1
D EX    5.5.5.3/32 [170/307200] via 24.1.1.4, 00:00:43, Ethernet0/1
D EX    5.5.5.2/32 [170/307200] via 24.1.1.4, 00:00:43, Ethernet0/1
R2#

再次修改回Standard ACL

R4(config)#no ip access ex ok
R4(config)#ip access sta ok
R4(config-std-nacl)#permit host 5.5.5.1
R4(config-std-nacl)#permit host 5.5.5.2
R4(config-std-nacl)#end
R4#

此时在R2上再查看路由：已经得到了控制。所以说，扩展的ACL，为Route-map去抓取流量，是不合适的，为了匹配流量，用标准ACL匹配抓取就可以。

R2#sho ip ro eigrp5.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
D EX    5.5.5.4/32 [170/307200] via 24.1.1.4, 00:00:22, Ethernet0/1
D EX    5.5.5.0/24 [170/307200] via 24.1.1.4, 00:00:22, Ethernet0/1
D EX    5.5.5.3/32 [170/307200] via 24.1.1.4, 00:00:22, Ethernet0/1
R2#

但是注意，也不是说不能使用扩展ACL去匹配流量，我们可以使用any关键字来定义。比如如下的示例：

R4(config)#ip access-list extended ok
R4(config-ext-nacl)#permit ip host 5.5.5.1 any
R4(config-ext-nacl)#permit ip host 5.5.5.2 any
R4(config-ext-nacl)#end
R4#
R4#sho ip access-lists
Extended IP access list cisco10 deny ip host 5.5.5.1 host 1.1.1.120 deny ip host 5.5.5.2 host 1.1.1.130 permit ip 5.5.5.0 0.0.0.255 any (151 matches)
Extended IP access list ok10 permit ip host 5.5.5.1 any (4 matches)20 permit ip host 5.5.5.2 any (2 matches)R2#sho ip ro eigrp5.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
D EX    5.5.5.4/32 [170/307200] via 24.1.1.4, 00:00:25, Ethernet0/1
D EX    5.5.5.0/24 [170/307200] via 24.1.1.4, 00:00:25, Ethernet0/1
D EX    5.5.5.3/32 [170/307200] via 24.1.1.4, 00:00:25, Ethernet0/1
R2#

2、PBR操作测试

针对5.5.5.3去往1.1.1.1.的路由，根据如下图示的内容，正常来说，在添加了去往R1 1.1.1.1的静态路由之后，会走R3.

测试情况如下所示：

R4(config)#do sho ip route 1.1.1.1
Routing entry for 1.1.1.0/24Known via "eigrp 1", distance 170, metric 307200, type externalRedistributing via eigrp 1Last update from 24.1.1.2 on Ethernet0/0, 00:00:19 agoRouting Descriptor Blocks:* 24.1.1.2, from 24.1.1.2, 00:00:19 ago, via Ethernet0/0Route metric is 307200, traffic share count is 1Total delay is 2000 microseconds, minimum bandwidth is 10000 KbitReliability 255/255, minimum MTU 1500 bytesLoading 1/255, Hops 1R4(config)# ip route 1.1.1.0 255.255.255.0 34.1.1.3 <<<<<<<<<<<<<<<<<<
R4(config)#do sho ip route 1.1.1.1
Routing entry for 1.1.1.0/24Known via "static", distance 1, metric 0Redistributing via eigrp 1Routing Descriptor Blocks:* 34.1.1.3Route metric is 0, traffic share count is 1R4(config)#

那么我们在R5上做traceroute的测试(注意5.5.5.1和5.5.5.2是在eigrp中不通告的，所以后续我们不选择它们做去往R1 1.1.1.1.时经过R2的PBR)

R5#traceroute 1.1.1.1 so 5.5.5.1Type escape sequence to abort.
Tracing the route to 1.1.1.11 45.1.1.4 12 msec 28 msec 16 msec2 34.1.1.3 32 msec 48 msec 44 msec3 13.1.1.1 72 msec 56 msec 72 msec
R5#traceroute 1.1.1.1 so 5.5.5.2Type escape sequence to abort.
Tracing the route to 1.1.1.11 45.1.1.4 12 msec 20 msec 16 msec2 34.1.1.3 44 msec 44 msec 44 msec3 13.1.1.1 52 msec 64 msec 64 msec
R5#traceroute 1.1.1.1 so 5.5.5.3Type escape sequence to abort.
Tracing the route to 1.1.1.11 45.1.1.4 20 msec 16 msec 20 msec2 34.1.1.3 32 msec 40 msec 48 msec3 13.1.1.1 72 msec 56 msec 72 msec
R5#traceroute 1.1.1.1 so 5.5.5.4Type escape sequence to abort.
Tracing the route to 1.1.1.11 45.1.1.4 20 msec 20 msec 16 msec2 34.1.1.3 32 msec 44 msec 40 msec3 13.1.1.1 72 msec 52 msec 72 msec
R5#

此时针对5.5.5.3去往R1的1.1.1.1来做PBR，让它经过R2

R4(config)#ip access-list extended pbr
R4(config-ext-nacl)# permit ip host 5.5.5.3 host 1.1.1.1
R4(config-route-map)#route-map pbr permit 10
R4(config-route-map)# match ip address pbr
R4(config-route-map)# set ip next-hop 24.1.1.2
R4(config-route-map)#inter e0/2
R4(config-if)#ip policy route-map pbr

测试验证：可以看到针对5.5.5.3去往1.1.1.1的路径，经过了R2，而5.5.5.4还是按照原路径经过R3.

R5#traceroute 1.1.1.1 so 5.5.5.3Type escape sequence to abort.
Tracing the route to 1.1.1.11 45.1.1.4 16 msec 20 msec 16 msec2 24.1.1.2 44 msec 36 msec 48 msec3 12.1.1.1 56 msec 56 msec 68 msec
R5#traceroute 1.1.1.1 so 5.5.5.4Type escape sequence to abort.
Tracing the route to 1.1.1.11 45.1.1.4 24 msec 16 msec 24 msec2 34.1.1.3 32 msec 40 msec 44 msec3 13.1.1.1 72 msec 56 msec 72 msec
R5#

Additional link：

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-0SY/configuration/guide/15_0_sy_swcg/policy_based_routing_pbr.pdf

https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/49111-route-map-bestp.html

查看全文

http://www.15wanjia.com/news/190097.html