在路由器接口上启用策略路由不生效请大神指点

songefun · 发表于 2017-4-7 16:13:06

R1#show run
Building configuration...

Current configuration : 1533 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
ip tcp synwait-time 5
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
ip policy route-map access
duplex auto
speed auto
!
interface FastEthernet0/0.1
encapsulation dot1Q 2
ip address 192.168.2.1 255.255.255.0
!
interface FastEthernet0/0.2
encapsulation dot1Q 3
ip address 192.168.3.1 255.255.255.0
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 172.16.1.1 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
ip address 172.16.2.1 255.255.255.0
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
!
!
no ip http server
no ip http secure-server
!
access-list 2 permit 192.168.2.0 0.0.0.255
access-list 3 permit 192.168.3.0 0.0.0.255
!
!
route-map access permit 20
match ip address 2
set ip default next-hop 172.16.1.2
!
route-map access permit 30
match ip address 3
set ip default next-hop 172.16.2.2

这个是R2
R2#show run
Building configuration...

Current configuration : 1065 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
ip tcp synwait-time 5
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 172.16.1.2 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end

这个是R3
R3#show run
Building configuration...

Current configuration : 1065 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
ip tcp synwait-time 5
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 172.16.2.2 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end
情况是R1做了个单臂路由，两台可以互通，做了策略路由但是ping不通R2和R3。请大神指点

motive6 · 发表于 2017-4-7 16:13:07

R2和R3没有回的路由，你在R2和R3上分别加上两条默认路由试试
R2：ip route 0.0.0.0 0.0.0.0 172.16.1.1
R3：ip route 0.0.0.0 0.0.0.0 172.16.2.1

songefun · 发表于 2017-4-7 16:14:41

这是拓扑

songefun · 发表于 2017-4-7 17:09:31

motive6 发表于 2017-4-7 16:46
R2和R3没有回的路由，你在R2和R3上分别加上两条默认路由试试
R2：ip route 0.0.0.0 0.0.0.0 172.16.1.1
R ...

感谢，现在可以ping通的。
但是我应用到实际生产环境的时候192.168.2.0这个网段的流量没有走策略路由

Admln · 发表于 2017-4-7 19:12:20

songefun 发表于 2017-4-7 17:09
感谢，现在可以ping通的。
但是我应用到实际生产环境的时候192.168.2.0这个网段的流量没有走策略路由

应用到虚拟接口看看

xccnat · 发表于 2017-4-11 11:33:15

Config-if#ip policy route-map access

erxing · 发表于 2017-4-11 17:15:16

本帖最后由 erxing 于 2017-4-11 17:41 编辑

看R1的配置，route-map并没有应用到接口上.你R1与R2、R3本身就是直连，你PC只要有网关就能被R1转发出去，开始ping包就已经能够到R2/R3，为什么不通是因为R2/R3没有回来的路由，现在加了默认路由回来自然可以通了。但是你这样还是测试不了route-map，你应该在r2/r3后面再加个路由取一个环回接口作为目标地址。而且你R1上的route-map压根没有应用到进入接口。R2/R3/R4互联，通过Traceroute命令查看出去的路径。

erxing · 发表于 2017-4-11 18:38:27

本帖最后由 erxing 于 2017-4-11 18:39 编辑

这是R1的配置因为我用的是GNS3 没有使用交换模块分了两个接口，希望对你学习route-map能够有所帮助
interface FastEthernet0/0 ip address 192.168.2.1 255.255.255.0
ip policy route-map access
interface FastEthernet1/0
ip address 192.168.3.1 255.255.255.0
ip policy route-map access
access-list 2 permit 192.168.2.2
access-list 3 permit 192.168.3.2
route-map access permit 10
match ip address 2
set ip next-hop 172.16.2.2
route-map access permit 20
match ip address 3
set ip next-hop 172.16.1.2

验证命令 show ip policy
show route-map
debug ip policy

xccnat · 发表于 2017-4-11 18:52:16

If#ip policy route-map access

账号		自动登录	找回密码
密码			论坛注册

[求助] 在路由器接口上启用策略路由不生效请大神指点

最佳答案

客服中心

投诉建议