組網(wǎng)需求

如上圖所示，公司用戶通過Switch雙歸屬到外部網(wǎng)絡(luò)設(shè)備。其中，一條是低速鏈路，網(wǎng)關(guān)為10.1.20.1/24；另外一條是高速鏈路，網(wǎng)關(guān)為10.1.30.1/24。

公司希望上送外部網(wǎng)絡(luò)的報文中，IP優(yōu)先級為4、5、6、7的報文通過高速鏈路傳輸，而IP優(yōu)先級為0、1、2、3的報文則通過低速鏈路傳輸。

配置思路

1、創(chuàng)建VLAN并配置各接口，實現(xiàn)公司和外部網(wǎng)絡(luò)設(shè)備互連。

2、配置ACL規(guī)則，分別匹配IP優(yōu)先級4、5、6、7，以及IP優(yōu)先級0、1、2、3。

3、配置流分類，匹配規(guī)則為上述ACL規(guī)則，使設(shè)備可以對報文進行區(qū)分

4、配置流行為，使?jié)M足不同規(guī)則的報文分別被重定向到10.1.20.1/24和10.1.30.1/24。

5、配置流策略，綁定上述流分類和流行為，并應(yīng)用到接口GE2/0/1的入方向上，實現(xiàn)策略路由。

操作步驟

1、創(chuàng)建VLAN并配置各接口

# 在Switch上創(chuàng)建VLAN100和VLAN200。

system-view

[HUAWEI] sysname Switch

[Switch] vlan batch 100 200

# 配置Switch上接口GE1/0/1、GE1/0/2和GE2/0/1的接口類型為Trunk，并加入VLAN100和VLAN200。

[Switch] interface gigabitethernet 1/0/1

[Switch-GigabitEthernet1/0/1] port link-type trunk

[Switch-GigabitEthernet1/0/1] port trunk allow-pass vlan 100 200

[Switch-GigabitEthernet1/0/1] quit

[Switch] interface gigabitethernet 1/0/2

[Switch-GigabitEthernet1/0/2] port link-type trunk

[Switch-GigabitEthernet1/0/2] port trunk allow-pass vlan 100 200

[Switch-GigabitEthernet1/0/2] quit

[Switch] interface gigabitethernet 2/0/1

[Switch-GigabitEthernet2/0/1] port link-type trunk

[Switch-GigabitEthernet2/0/1] port trunk allow-pass vlan 100 200

[Switch-GigabitEthernet2/0/1] quit

配置LSW與Switch對接的接口為Trunk類型接口，并加入VLAN100和VLAN200。

# 創(chuàng)建VLANIF100和VLANIF200，并配置各虛擬接口IP地址。

[Switch] interface vlanif 100

[Switch-Vlanif100] ip address 10.1.20.2 24

[Switch-Vlanif100] quit

[Switch] interface vlanif 200

[Switch-Vlanif200] ip address 10.1.30.2 24

[Switch-Vlanif200] quit

2、配置ACL規(guī)則

# 在Switch上創(chuàng)建編碼為3001、3002的高級ACL，規(guī)則分別為允許IP優(yōu)先級0、1、2、3和允許IP優(yōu)先級4、5、6、7的報文通過。

[Switch] acl 3001

[Switch-acl-adv-3001] rule permit ip precedence 0

[Switch-acl-adv-3001] rule permit ip precedence 1

[Switch-acl-adv-3001] rule permit ip precedence 2

[Switch-acl-adv-3001] rule permit ip precedence 3

[Switch-acl-adv-3001] quit

[Switch] acl 3002

[Switch-acl-adv-3002] rule permit ip precedence 4

[Switch-acl-adv-3002] rule permit ip precedence 5

[Switch-acl-adv-3002] rule permit ip precedence 6

[Switch-acl-adv-3002] rule permit ip precedence 7

[Switch-acl-adv-3002] quit

3、配置流分類

在Switch上創(chuàng)建流分類c1、c2，匹配規(guī)則分別為ACL 3001和ACL 3002。

[Switch] traffic classifier c1 operator and

[Switch-classifier-c1] if-match acl 3001

[Switch-classifier-c1] quit

[Switch] traffic classifier c2 operator and

[Switch-classifier-c2] if-match acl 3002

[Switch-classifier-c2] quit

4、配置流行為

# 在Switch上創(chuàng)建流行為b1、b2，并分別指定重定向到網(wǎng)段10.1.20.1/24和10.1.30.1/24的動作。

[Switch] traffic behavior b1

[Switch-behavior-b1] redirect ip-nexthop 10.1.20.1

[Switch-behavior-b1] quit

[Switch] traffic behavior b2

[Switch-behavior-b2] redirect ip-nexthop 10.1.30.1

[Switch-behavior-b2] quit

5、配置流策略并應(yīng)用到接口上

# 在Switch上創(chuàng)建流策略p1，將流分類和對應(yīng)的流行為進行綁定。

[Switch] traffic policy p1

[Switch-trafficpolicy-p1] classifier c1 behavior b1

[Switch-trafficpolicy-p1] classifier c2 behavior b2

[Switch-trafficpolicy-p1] quit

# 將流策略p1應(yīng)用到接口GE2/0/1的入方向上。

[Switch] interface gigabitethernet 2/0/1

[Switch-GigabitEthernet2/0/1] traffic-policy p1 inbound

[Switch-GigabitEthernet2/0/1] return

6、驗證配置結(jié)果

# 查看ACL規(guī)則的配置信息。

display acl 3001

Advanced ACL 3001, 4 rules

Acl's step is 5

rule 5 permit ip precedence routine (match-counter 0)

rule 10 permit ip precedence priority (match-counter 0)

rule 15 permit ip precedence immediate (match-counter 0)

rule 20 permit ip precedence flash (match-counter 0)

display acl 3002

Advanced ACL 3002, 4 rules

Acl's step is 5

rule 5 permit ip precedence flash-override (match-counter 0)

rule 10 permit ip precedence critical (match-counter 0)

rule 15 permit ip precedence internet (match-counter 0)

rule 20 permit ip precedence network (match-counter 0)

# 查看流分類的配置信息。

display traffic classifier user-defined

User Defined Classifier Information:

Classifier: c1

Precedence: 5

Operator: AND

Rule(s) : if-match acl 3001

Classifier: c2

Precedence: 10

Operator: AND

Rule(s) :if-match acl 3002

Total classifier number is 2

# 查看流策略的配置信息。

display traffic policy user-defined p1

User Defined Traffic Policy Information:

Policy: p1

Classifier: c1

Operator: AND

Behavior: b1

Redirect: no forced

Redirect ip-nexthop

10.1.20.1

Classifier: c2

Operator: AND

Behavior: b2

Redirect: no forced

Redirect ip-nexthop

10.1.30.1

配置文件

Switch的配置文件

#

sysname Switch

#

vlan batch 100 200

#

acl number 3001

rule 5 permit ip precedence routine

rule 10 permit ip precedence priority

rule 15 permit ip precedence immediate

rule 20 permit ip precedence flash

#

acl number 3002

rule 5 permit ip precedence flash-override

rule 10 permit ip precedence critical

rule 15 permit ip precedence internet

rule 20 permit ip precedence network

#

traffic classifier c1 operator and precedence 5

if-match acl 3001

traffic classifier c2 operator and precedence 10

if-match acl 3002

#

traffic behavior b1

redirect ip-nexthop 10.1.20.1

traffic behavior b2

redirect ip-nexthop 10.1.30.1

#

traffic policy p1 match-order config

classifier c1 behavior b1

classifier c2 behavior b2

#

interface Vlanif100

ip address 10.1.20.2 255.255.255.0

#

interface Vlanif200

ip address 10.1.30.2 255.255.255.0

#

interface GigabitEthernet1/0/1

port link-type trunk

port trunk allow-pass vlan 100 200

#

interface GigabitEthernet1/0/2

port link-type trunk

port trunk allow-pass vlan 100 200

#

interface GigabitEthernet2/0/1

port link-type trunk

port trunk allow-pass vlan 100 200

traffic-policy p1 inbound

#

return