路由示例
以下示例说明了为中所示的本地和远程站点配置 Cisco 路由器虚拟内联示例。为了说明运行状况监视,本地站点的配置包括运行状况监视,但远程站点的配置不包括运行状况监视。
注意:本地站点的配置假定已配置 ping 监视器。
这些示例符合思科 IOS CLI。它们可能不适用于来自其他供应商的路由器。
本地站点,启用运行状况检查:
``` pre codeblock ! ! For health-checking to work, do not forget to start ! the monitoring process. ! ! Original configuration is in normal type. ! appliance-specific configuration is in bold. ! ip cef ! interface FastEthernet0/0 ip address 10.10.10.5 255.255.255.0 ip policy route-map client_side_map ! interface FastEthernet0/1 ip address 172.68.1.5 255.255.255.0 ip policy route-map wan_side_map ! interface FastEthernet1/0 ip address 192.168.1.5 255.255.255.0 ! ip classless ip route 0.0.0.0 0.0.0.0 171.68.1.1 ! ip access-list extended client_side permit ip 10.10.10.0 0.0.0.255 10.16.20.0 0.0.0.255 ip access-list extended wan_side permit ip 10.16.20.0 0.0.0.255 10.10.10.0 0.0.0.255 ! route-map wan_side_map permit 20 match ip address wan_side !- Now set the appliance as the next hop, if it’s up. set ip next-hop verify-availability 192.168.1.200 20 track 123 ! route-map client_side_map permit 10 match ip address client_side set ip next-hop verify-availability 192.168.1.200 10 track 123
远程站点(无运行状况检查):
``` pre codeblock
! This example does not use health-checking.
! Remember, health-checking is always recommended,
! so this is a configuration of last resort.
!
!
ip cef
!
interface FastEthernet0/0
ip address 20.20.20.5 255.255.255.0
ip policy route-map client_side_map
!
interface FastEthernet0/1
ip address 171.68.2.5 255.255.255.0
ip policy route-map wan_side_map
!
interface FastEthernet1/0
ip address 192.168.2.5 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 171.68.2.1
!
ip access-list extended client_side
permit ip 10.16.20.0 0.0.0.255 10.10.10.0 0.0.0.255
ip access-list extended wan_side
permit ip 10.10.10.0 0.0.0.255 10.16.20.0 0.0.0.255
!
route-map wan_side_map permit 20
match ip address wan_side
set ip next-hop 192.168.2.200
!
route-map client_side_map permit 10
match ip address client_side
set ip next-hop 192.168.2.200
!_
<!--NeedCopy-->
上述每个示例都将访问列表应用于路径图,并将路径图附加到界面。访问列表标识来自一个加速站点并在另一个站点终止的所有流量(源 IP 为 10.10.10.0/24,目的地为 20.20.20.0/24,反之亦然)。有关访问列表和路由图的详细信息,请参阅路由器的文档。
此配置将所有匹配的 IP 流量重定向到设备。如果您只想重定向 TCP 流量,则可以按如下方式更改访问列表配置(此处仅显示远程端的配置):
pre codeblock
!
ip access-list extended client_side
permit tcp 10.16.20.0 0.0.0.255 10.10.10.0 0.0.0.255
ip access-list extended wan_side
permit tcp 10.10.10.0 0.0.0.255 10.16.20.0 0.0.0.255
!
<!--NeedCopy-->
请注意,对于访问列表,不使用普通掩码。改为使用通配符掩码。请注意,当以二进制读取通配符掩码时,“1” 被认为是 “不关心” 位。