Haiwei-IPSec+RIP+BFD+流量策略实验案例配置
IPSec+RIP+BFD+流量策略+单臂路由 案例配置
项目规划设计
说明:某校本部与分校之间搭建了IPSec VPN实现通信,内网使用RIP路由协议实现网络互通。使用BFD协议实时高速检测链路之间的状态,保证链路的可靠性。配置流量策略-Traffic实现对流量的管控分类,配置单臂路由实现不同VLAN之间的互通。
配置思路
IP地址规划表
| 设备 | 接口 | 地址 |
|---|---|---|
| R1 | Vlanif8 | 10.8.0.1/24 |
| R1 | Vlanif10 | 10.10.0.1/24 |
| R1 | GE0/0/0 | 10.21.0.1/30 |
| R1 | GE0/0/1 | 10.13.0.1/30 |
| R1 | LoopBack0 | 1.1.1.1/32 |
| R2 | GE0/0/0 | 10.21.0.2/30 |
| R2 | GE0/0/1 | 10.42.0.1/30 |
| R2 | LoopBack0 | 2.2.2.2/32 |
| R3 | Vlanif3 | 10.3.0.1/24 |
| R3 | Vlanif4 | 10.4.0.1/24 |
| R3 | GE0/0/0 | 10.13.0.2/30 |
| R3 | GE0/0/1 | 10.34.0.1/30 |
| R3 | LoopBack0 | 3.3.3.3/32 |
| R4 | GE0/0/0 | 10.34.0.2/30 |
| R4 | GE0/0/1 | 10.42.0.2/30 |
| R4 | GE2/0/0 | 218.63.0.4/28 |
| R4 | GE2/0/1 | 221.137.0.4/28 |
| R4 | GE2/0/2 | 210.25.0.4/28 |
| R4 | LoopBack0 | 4.4.4.4/32 |
| R5 | GE0/0/0 | 202.101.0.4/28 |
| R5 | GE0/0/1 | 192.168.10.254/24 |
| CTCC-ISP | GE0/0/0 | 218.63.0.1/28 |
| CTCC-ISP | GE0/0/1 | 202.101.0.1/28 |
| CUCC-ISP | GE0/0/0 | 221.137.0.1/28 |
| CERNET | GE0/0/0 | 210.25.0.1/28 |
| PC1 | Ethernet 0/0/0 | 10.10.0.2/24 |
| PC2 | Ethernet 0/0/0 | 10.8.0.2/24 |
| PC3 | Ethernet 0/0/0 | 10.3.0.2/24 |
| PC4 | Ethernet 0/0/0 | 10.4.0.2/24 |
| PC5 | Ethernet 0/0/0 | 10.1.1.2/24 |
| PC6 | Ethernet 0/0/0 | 192.168.10.2/24 |
项目实施
一、配置各接口所属的VLAN和IP地址
配置SW2,SW2和SW3的配置类似
[SW2]VLAN B 10 8
Info: This operation may take a few seconds. Please wait for a moment...done.
#
[SW2]interface GigabitEthernet0/0/2
[SW2-GigabitEthernet0/0/2]port link-type access
[SW2-GigabitEthernet0/0/2]port default vlan 10
#
[SW2]interface GigabitEthernet0/0/3
[SW2-GigabitEthernet0/0/3]port link-type access
[SW2-GigabitEthernet0/0/3]port default vlan 8
#
[SW2-GigabitEthernet0/0/3]int g0/0/1
[SW2-GigabitEthernet0/0/1]port link-type trunk
[SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 8
配置SW3,SW3和SW2的配置类似
[SW3]vlan batch 3 4
Info: This operation may take a few seconds. Please wait for a moment...done.
#
[SW3]int g0/0/3
[SW3-GigabitEthernet0/0/3]port link-type access
[SW3-GigabitEthernet0/0/3]port default vlan 4
#
[SW3-GigabitEthernet0/0/3]int g0/0/2
[SW3-GigabitEthernet0/0/2]port link-type access
[SW3-GigabitEthernet0/0/2]port default vlan 3
#
[SW3]int g0/0/1
[SW3-GigabitEthernet0/0/1]port link-type trunk
[SW3-GigabitEthernet0/0/1]port trunk allow-pass vlan 3 4
配置R1接口地址,R1配置与其他路由器配置类似
[R1]interface GigabitEthernet0/0/0
[R1-GigabitEthernet0/0/0]ip address 10.21.0.1 255.255.255.252
#
[R1]interface GigabitEthernet0/0/1
[R1-GigabitEthernet0/0/1]ip address 10.13.0.1 255.255.255.252
#
[R1]interface LoopBack0
[R1-LoopBack0]ip address 1.1.1.1 255.255.255.255
配置R2接口地址,R2配置与其他路由器配置类似
[R2]interface GigabitEthernet0/0/0
[R2-GigabitEthernet0/0/0]ip address 10.21.0.2 255.255.255.252
#
[R2]interface GigabitEthernet0/0/1
[R2-GigabitEthernet0/0/1]ip address 10.42.0.1 255.255.255.252
#
[R2]interface GigabitEthernet0/0/2
[R2-GigabitEthernet0/0/2]ip address 10.1.1.1 255.255.255.0
#
[R2]interface LoopBack0
[R2-LoopBack0] ip address 2.2.2.2 255.255.255.255
配置R3接口地址,R3配置与其他路由器配置类似
[R3]interface GigabitEthernet0/0/0
[R3-GigabitEthernet0/0/0]ip address 10.13.0.2 255.255.255.252
#
[R3]interface GigabitEthernet0/0/1
[R3-GigabitEthernet0/0/1]ip address 10.34.0.1 255.255.255.252
#
[R3]interface LoopBack0
[R3-LoopBack0]ip address 3.3.3.3 255.255.255.255
配置R4接口地址,R4配置与其他路由器配置类似
[R4]interface GigabitEthernet0/0/0
[R4-GigabitEthernet0/0/0]ip address 10.34.0.2 255.255.255.252
#
[R4]interface GigabitEthernet0/0/1
[R4-GigabitEthernet0/0/1]ip address 10.42.0.2 255.255.255.252
#
[R4]interface GigabitEthernet2/0/0
[R4-GigabitEthernet2/0/0]ip address 218.63.0.4 255.255.255.240
#
[R4]interface GigabitEthernet2/0/1
[R4-GigabitEthernet2/0/1]ip address 221.137.0.4 255.255.255.240
#
[R4]interface GigabitEthernet2/0/2
[R4-GigabitEthernet2/0/2]ip address 210.25.0.4 255.255.255.240
#
interface LoopBack0
[R4-LoopBack0]ip address 4.4.4.4 255.255.255.255
配置R5接口地址,R5配置与其他路由器配置类似
[R5]interface GigabitEthernet0/0/0
[R5-GigabitEthernet0/0/0]ip address 202.101.0.4 255.255.255.240
#
[R5]interface GigabitEthernet0/0/1
[R5-GigabitEthernet0/0/1]ip address 192.168.10.254 255.255.255.0
配置电信接入点,电信接入点与其他接入点配置类似
[CTCC-ISP]interface GigabitEthernet0/0/0
[CTCC-ISP-GigabitEthernet0/0/0]ip address 218.63.0.1 255.255.255.240
#
[CTCC-ISP]interface GigabitEthernet0/0/1
[CTCC-ISP-GigabitEthernet0/0/1]ip address 202.101.0.1 255.255.255.240
配置联通接入点,联通接入点与其他接入点配置类似
[CUCC-ISP]interface GigabitEthernet0/0/0
[CUCC-ISP-GigabitEthernet0/0/0]ip address 221.137.0.1 255.255.255.0
配置教育网接入点,教育网接入点与其他接入点配置类似
[CERNET]interface GigabitEthernet0/0/0
[CERNET-GigabitEthernet0/0/0]ip address 210.25.0.1 255.255.255.0
二、配置单臂路由,接入网络实现不同VLAN互通
配置R1单臂路由,R1配置与R3配置类似
[R1]interface GigabitEthernet0/0/2.1 #进入GE0/0/2.1子接口视图
[R1-GigabitEthernet0/0/2.1]dot1q termination vid 10 #处理VLAN ID为10的报文
[R1-GigabitEthernet0/0/2.1]ip address 10.10.0.1 255.255.255.0 #VLAN 10的网关地址
[R1-GigabitEthernet0/0/2.1]arp broadcast enable #开启接口处理ARP广播报文
#
[R1]interface GigabitEthernet0/0/2.2 #进入GE0/0/2.2子接口视图
[R1-GigabitEthernet0/0/2.2]dot1q termination vid 8 #处理VLAN ID为8的报文
[R1-GigabitEthernet0/0/2.2]ip address 10.8.0.1 255.255.255.0 #配置VLAN 8的网关地址
[R1-GigabitEthernet0/0/2.2]arp broadcast enable #开启接口处理ARP广播报文
配置R3单臂路由,R3配置与R1配置类似
[R3]interface GigabitEthernet0/0/2.1 #进入GE0/0/2.1子接口视图
[R3-GigabitEthernet0/0/2.1]dot1q termination vid 3 #处理VLAN ID为3的报文
[R3-GigabitEthernet0/0/2.1]ip address 10.3.0.1 255.255.255.0 #VLAN 10的网关地址
[R3-GigabitEthernet0/0/2.1]arp broadcast enable #开启接口处理ARP广播报文
#
[R3]interface GigabitEthernet0/0/2.2 #进入GE0/0/2.2子接口视图
[R3-GigabitEthernet0/0/2.1]dot1q termination vid 4 #处理VLAN ID为4的报文
[R3-GigabitEthernet0/0/2.1]ip address 10.4.0.1 255.255.255.0 #配置VLAN 8的网关地址
[R3-GigabitEthernet0/0/2.1]arp broadcast enable #开启接口处理ARP广播报文
三、配置RIP基本功能
配置R1
[R1]rip
[R1-rip-1]undo summary #关闭自动路由聚合功能,使的RIP将不连续的子网发布出去
[R1-rip-1]network 1.0.0.0 #宣告1.0.0.0网段
[R1-rip-1]network 10.0.0.0 #宣告10.0.0.0网段
[R1-rip-1]version 2 #配置全局RIP版本为RIP2
自动路由聚合:自动路由聚合是指RIP-2将同一自然网段内的不同子网的路由聚合成一条自然掩码的路由向外发送,例如,假设路由表里有10.1.1.0/24、10.1.2.0/24、10.1.3.0/24三条路由,使能RIP-2自动路由聚合功能后,这三条路由聚合成一条自然掩码的路由10.0.0.0/8向外发送。
#配置R2
[R2]rip
[R2-rip-1]version 2 #配置全局RIP版本为RIP2
[R2-rip-1]network 2.0.0.0 #宣告2.0.0.0网段
[R2-rip-1]network 10.0.0.0 #宣告10.0.0.0网段
[R2-rip-1]undo summary #关闭自动路由聚合功能
配置R3
[R3]rip
[R3-rip-1]network 10.0.0.0 #宣告3.0.0.0网段
[R3-rip-1]network 3.0.0.0 #宣告10.0.0.0网段
[R3-rip-1]undo summary #关闭自动路由聚合功能
[R3-rip-1]version 2 #配置全局RIP版本为RIP2
配置R4
[R4]ip route-static 0.0.0.0 0.0.0.0 218.63.0.1
[R4]ip route-static 0.0.0.0 0.0.0.0 221.137.0.1 preference 70 #配置静态浮动路由,来实现主备链路的备份。
[R4]rip 1
[R4-rip-1]undo summary #关闭自动路由聚合功能
[R4-rip-1]default-route originate #当前设备生成一条缺省路由或者将路由表中存在的缺省路由发送给邻居
[R4-rip-1]version 2 #配置全局RIP版本为RIP2
[R4-rip-1]network 10.0.0.0 #宣告10.0.0.0网段
[R4-rip-1]network 4.0.0.0 #宣告2.0.0.0网段
四、配置BFD功能,实现RIP和BFD的动态联动(静态 BFD)
配置R1
[R1]bfd #开启全局BFD功能,进入BFD视图
[R1-bfd]quit
[R1]rip 1
[R1-rip-1]bfd all-interfaces enable #开启RIP进程下所有接口具有BFD特性
[R1-rip-1]bfd all-interfaces min-tx-interval 100 min-rx-interval 100 detect-multiplier 10
#配置对端BFD接收对端bfd报文时间间隔,配置对端发送BFD报文的最小时间间隔,指定本地检测倍数。
BFD会话的本端检测倍数直接决定了对端BFD会话的检测时间
配置R2
[R2]bfd #开启全局BFD功能,进入BFD视图
[R2-bfd]q
[R2]rip 1
[R2-rip-1]bfd all-interfaces enable
[R2-rip-1]bfd all-interfaces min-tx-interval 100 min-rx-interval 100 detect-multiplier 10
#配置对端BFD接收对端bfd报文时间间隔,配置对端发送BFD报文的最小时间间隔,指定本地检测倍数。
配置R3
[R3]bfd #开启全局BFD功能,进入BFD视图
[R3-bfd]q
[R3]rip 1
[R3-rip-1]bfd all-interfaces enable #开启RIP进程下所有接口具有BFD特性
[R3-rip-1]bfd all-interfaces min-tx-interval 100 min-rx-interval 100 detect-multiplier 10
#配置对端BFD接收对端bfd报文时间间隔,配置对端发送BFD报文的最小时间间隔,指定本地检测倍数。
配置R4
[R4]bfd #开启全局BFD功能,进入BFD视图
[R4-bfd]q
[R4]rip 1
[R4-rip-1]bfd all-interfaces enable #开启RIP进程下所有接口具有BFD特性
[R4-rip-1]bfd all-interfaces min-tx-interval 100 min-rx-interval 100 detect-multiplier 10
#配置对端BFD接收对端bfd报文时间间隔,配置对端发送BFD报文的最小时间间隔,指定本地检测倍数。
[R4]bfd 1 bind peer-ip 218.63.0.1 interface GigabitEthernet2/0/0 one-arm-echo
#配置单跳BFD会话,绑定远端IP地址和本端接口,配置单臂回声模式
[R4-bfd-session-1]
[R4]bfd 2 bind peer-ip 221.137.0.1 interface GigabitEthernet2/0/1 one-arm-echo
#配置单跳BFD会话,绑定远端IP地址和本端接口,配置单臂回声模式
[R4-bfd-session-2]
配置使用ike协商方式的IPSec隧道,实现校分部的192.168.10.0/24网段与校本部的10.1.1.0/24网段通信
R5的配置
[R5]ip route-static 0.0.0.0 0 202.101.0.1 #配置默认路由,确保信息到达对端
[R5]acl 3101
[R5-acl-adv-3101]rule 5 permit ip source 192.168.10.0 0.0.0.255 destination 10.1.1.0 0.0.0.255
#配置ACL,定义192.168.10.0/24到10.1.1.0/24的流量
#
[R5]ipsec proposal tranl #配置IPSec安全提议
[R5-ipsec-proposal-tranl]esp authentication-algorithm sha2-256 #配置认证算法
[R5-ipsec-proposal-tranl]esp encryption-algorithm aes-128 #配置加密算法
#
[R5]ike proposal 5 #配置ike安全提议
[R5-ike-proposal-5]encryption-algorithm aes-cbc-128 #配置加密算法
[R5-ike-proposal-5]authentication-algorithm sha2-256 #配置认证算法
[R5-ike-proposal-5]dh group14 #密钥交换DH组
#
[R5]ike peer spub v1 #配置IKE对等体
[R5-ike-peer-spub]pre-shared-key cipher huawei@123 #配置PSK密钥
[R5-ike-peer-spub]ike-proposal 5 #应用IKE提议
[R5-ike-peer-spub]remote-address 218.63.0.4 #配置对端IP地址
#
[R5]ipsec policy map1 10 isakmp #配置IPSec策略,模式IKE认证
[R5-ipsec-policy-isakmp-map1-10]security acl 3101 #应用“感兴趣流”
[R5-ipsec-policy-isakmp-map1-10]ike-peer spub #应用ike对等体
[R5-ipsec-policy-isakmp-map1-10]proposal tranl #应用IPSec提议
#
[R5]interface GigabitEthernet0/0/0
[R5-GigabitEthernet0/0/0]ipsec policy map1
R4的配置
[R4]acl number 3101
[R4-acl-adv-3101]rule 5 permit ip source 10.1.1.0 0.0.0.255 destination 192.168.10.0 0.0.0.255
#
[R4]ipsec proposal tranl
[R4-ipsec-proposal-tranlesp authentication-algorithm sha2-256
[R4-ipsec-proposal-tranlesp encryption-algorithm aes-128
#
[R4]ike proposal 5
[R4-ike-proposal-5]encryption-algorithm aes-cbc-128
[R4-ike-proposal-5]authentication-algorithm sha2-256
[R4-ike-proposal-5]dh group14
#
[R4]ike peer spua v1
[R4-ike-peer-spua]pre-shared-key cipher huawei@123
[R4-ike-peer-spua]ike-proposal 5
[R4-ike-peer-spua]remote-address 202.101.0.4
#
[R4]ipsec policy use1 10 isakmp
[R4-ipsec-policy-isakmp-use1-10]security acl 3101
[R4-ipsec-policy-isakmp-use1-10]ike-peer spua
[R4-ipsec-policy-isakmp-use1-10]proposal tranl
#
[R4]interface GigabitEthernet2/0/0
[R4-GigabitEthernet2/0/0]ipsec policy use1
五、配置流量策略-Traffic
配置策略一:要求PC1访问Internet是导向联通网络
[R4]acl number 2000
[R4-acl-basic-2000]rule 5 permit source 10.10.0.2 0 #配置流量
#
[R4]traffic classifier 1 operator or #流分类
[R4-classifier-1]if-match acl 2000
#
[R4]traffic behavior 1 #流行为
[R4-behavior-1]redirect ip-nexthop 221.137.0.1
#
[R4]traffic policy 1 #流策略
[R4-trafficpolicy-1]classifier 1 behavior 1
配置策略二:禁止PC3在工作日8:00至18:00访问电信网络
[R4]time-range satime 08:00 to 18:00 working-day
#
[R4]acl 3001
[R4-acl-adv-3001]rule 5 deny ip source 10.3.0.2 0 destination 10.0.0.0 240.255.255.255 time-range satime
#
[R4]traffic classifier 3 operator or
[R4-classifier-3]if-match acl 3001
#
[R4]traffic behavior 3
[R4-behavior-3]deny
#
[R4]traffic policy 1
[R4-trafficpolicy-3]classifier 3 behavior 3
[R4]interface GigabitEthernet0/0/0
[R4-GigabitEthernet0/0/0]traffic-policy 1 inbound
#
[R4]interface GigabitEthernet0/0/1
[R4-GigabitEthernet0/0/0]traffic-policy 1 inbound
项目效果
单臂路由实验效果
RIP实验效果
[R1]dis ip routing-table protocol rip
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : RIP
Destinations : 9 Routes : 11
RIP routing table status : <Active>
Destinations : 9 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 RIP 100 2 D 10.21.0.2 GigabitEthernet
0/0/0
RIP 100 2 D 10.13.0.2 GigabitEthernet
0/0/1
2.2.2.2/32 RIP 100 1 D 10.21.0.2 GigabitEthernet
0/0/0
3.3.3.3/32 RIP 100 1 D 10.13.0.2 GigabitEthernet
0/0/1
4.4.4.4/32 RIP 100 2 D 10.21.0.2 GigabitEthernet
0/0/0
RIP 100 2 D 10.13.0.2 GigabitEthernet
0/0/1
10.1.1.0/24 RIP 100 1 D 10.21.0.2 GigabitEthernet
0/0/0
10.3.0.0/24 RIP 100 1 D 10.13.0.2 GigabitEthernet
0/0/1
10.4.0.0/24 RIP 100 1 D 10.13.0.2 GigabitEthernet
0/0/1
10.34.0.0/30 RIP 100 1 D 10.13.0.2 GigabitEthernet
0/0/1
10.42.0.0/30 RIP 100 1 D 10.21.0.2 GigabitEthernet
0/0/0
RIP routing table status : <Inactive>
Destinations : 0 Routes : 0
[R2]dis ip routing-table protocol rip
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : RIP
Destinations : 10 Routes : 13
RIP routing table status : <Active>
Destinations : 10 Routes : 13
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 RIP 100 1 D 10.42.0.2 GigabitEthernet
0/0/1
1.1.1.1/32 RIP 100 1 D 10.21.0.1 GigabitEthernet
0/0/0
3.3.3.3/32 RIP 100 2 D 10.21.0.1 GigabitEthernet
0/0/0
RIP 100 2 D 10.42.0.2 GigabitEthernet
0/0/1
4.4.4.4/32 RIP 100 1 D 10.42.0.2 GigabitEthernet
0/0/1
10.3.0.0/24 RIP 100 2 D 10.21.0.1 GigabitEthernet
0/0/0
RIP 100 2 D 10.42.0.2 GigabitEthernet
0/0/1
10.4.0.0/24 RIP 100 2 D 10.21.0.1 GigabitEthernet
0/0/0
RIP 100 2 D 10.42.0.2 GigabitEthernet
0/0/1
10.8.0.0/24 RIP 100 1 D 10.21.0.1 GigabitEthernet
0/0/0
10.10.0.0/24 RIP 100 1 D 10.21.0.1 GigabitEthernet
0/0/0
10.13.0.0/30 RIP 100 1 D 10.21.0.1 GigabitEthernet
0/0/0
10.34.0.0/30 RIP 100 1 D 10.42.0.2 GigabitEthernet
0/0/1
RIP routing table status : <Inactive>
Destinations : 0 Routes : 0
[R3]dis ip routing-table protocol rip
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : RIP
Destinations : 9 Routes : 11
RIP routing table status : <Active>
Destinations : 9 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 RIP 100 1 D 10.34.0.2 GigabitEthernet
0/0/1
1.1.1.1/32 RIP 100 1 D 10.13.0.1 GigabitEthernet
0/0/0
2.2.2.2/32 RIP 100 2 D 10.34.0.2 GigabitEthernet
0/0/1
RIP 100 2 D 10.13.0.1 GigabitEthernet
0/0/0
4.4.4.4/32 RIP 100 1 D 10.34.0.2 GigabitEthernet
0/0/1
10.1.1.0/24 RIP 100 2 D 10.34.0.2 GigabitEthernet
0/0/1
RIP 100 2 D 10.13.0.1 GigabitEthernet
0/0/0
10.8.0.0/24 RIP 100 1 D 10.13.0.1 GigabitEthernet
0/0/0
10.10.0.0/24 RIP 100 1 D 10.13.0.1 GigabitEthernet
0/0/0
10.21.0.0/30 RIP 100 1 D 10.13.0.1 GigabitEthernet
0/0/0
10.42.0.0/30 RIP 100 1 D 10.34.0.2 GigabitEthernet
0/0/1
RIP routing table status : <Inactive>
Destinations : 0 Routes : 0
[R4]display ip routing-table protocol rip
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : RIP
Destinations : 10 Routes : 13
RIP routing table status : <Active>
Destinations : 10 Routes : 13
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.1/32 RIP 100 2 D 10.42.0.1 GigabitEthernet
0/0/1
RIP 100 2 D 10.34.0.1 GigabitEthernet
0/0/0
2.2.2.2/32 RIP 100 1 D 10.42.0.1 GigabitEthernet
0/0/1
3.3.3.3/32 RIP 100 1 D 10.34.0.1 GigabitEthernet
0/0/0
10.1.1.0/24 RIP 100 1 D 10.42.0.1 GigabitEthernet
0/0/1
10.3.0.0/24 RIP 100 1 D 10.34.0.1 GigabitEthernet
0/0/0
10.4.0.0/24 RIP 100 1 D 10.34.0.1 GigabitEthernet
0/0/0
10.8.0.0/24 RIP 100 2 D 10.34.0.1 GigabitEthernet
0/0/0
RIP 100 2 D 10.42.0.1 GigabitEthernet
0/0/1
10.10.0.0/24 RIP 100 2 D 10.34.0.1 GigabitEthernet
0/0/0
RIP 100 2 D 10.42.0.1 GigabitEthernet
0/0/1
10.13.0.0/30 RIP 100 1 D 10.34.0.1 GigabitEthernet
0/0/0
10.21.0.0/30 RIP 100 1 D 10.42.0.1 GigabitEthernet
0/0/1
RIP routing table status : <Inactive>
Destinations : 0 Routes : 0
BFD实验效果
[R1]display rip 1 bfd session all
LocalIp :10.13.0.1 RemoteIp :10.13.0.2 BFDState :Up
TX :100 RX :100 Multiplier:10
BFD Local Dis :8193 Interface :GigabitEthernet0/0/1
Diagnostic Info:No diagnostic information
LocalIp :10.21.0.1 RemoteIp :10.21.0.2 BFDState :Up
TX :100 RX :100 Multiplier:10
BFD Local Dis :8192 Interface :GigabitEthernet0/0/0
Diagnostic Info:No BFD Packets were received
[R2]display rip 1 bfd session all
LocalIp :10.21.0.2 RemoteIp :10.21.0.1 BFDState :Up
TX :100 RX :100 Multiplier:10
BFD Local Dis :8193 Interface :GigabitEthernet0/0/0
Diagnostic Info:Neighbor is Down
LocalIp :10.42.0.1 RemoteIp :10.42.0.2 BFDState :Up
TX :100 RX :100 Multiplier:10
BFD Local Dis :8192 Interface :GigabitEthernet0/0/1
Diagnostic Info:No diagnostic information
[R3]display rip 1 bfd session all
LocalIp :10.13.0.2 RemoteIp :10.13.0.1 BFDState :Up
TX :100 RX :100 Multiplier:10
BFD Local Dis :8193 Interface :GigabitEthernet0/0/0
Diagnostic Info:No diagnostic information
LocalIp :10.34.0.1 RemoteIp :10.34.0.2 BFDState :Up
TX :100 RX :100 Multiplier:10
BFD Local Dis :8192 Interface :GigabitEthernet0/0/1
Diagnostic Info:No diagnostic information
[R4]display rip 1 bfd session all
LocalIp :10.34.0.2 RemoteIp :10.34.0.1 BFDState :Up
TX :100 RX :100 Multiplier:10
BFD Local Dis :8193 Interface :GigabitEthernet0/0/0
Diagnostic Info:No diagnostic information
LocalIp :10.42.0.2 RemoteIp :10.42.0.1 BFDState :Up
TX :100 RX :100 Multiplier:10
BFD Local Dis :8192 Interface :GigabitEthernet0/0/1
Diagnostic Info:No diagnostic information
#
IPSec VPN实验效果
[R4]dis ipsec statistics esp
Inpacket count : 25
Inpacket auth count : 0
Inpacket decap count : 0
Outpacket count : 17
Outpacket auth count : 0
Outpacket encap count : 0
Inpacket drop count : 0
Outpacket drop count : 0
BadAuthLen count : 0
AuthFail count : 0
InSAAclCheckFail count : 0
PktDuplicateDrop count : 0
PktSeqNoTooSmallDrop count: 0
PktInSAMissDrop count : 0
[R5]dis ipsec statistics ?
ah Specify the parameters of SA using AH protocol
esp Specify the parameters of SA using ESP protocol
[R5]dis ipsec statistics esp
[R5]dis ipsec statistics esp
Inpacket count : 17
Inpacket auth count : 0
Inpacket decap count : 0
Outpacket count : 25
Outpacket auth count : 0
Outpacket encap count : 0
Inpacket drop count : 0
Outpacket drop count : 0
BadAuthLen count : 0
AuthFail count : 0
InSAAclCheckFail count : 0
PktDuplicateDrop count : 0
PktSeqNoTooSmallDrop count: 0
PktInSAMissDrop count : 0
流量策略实验效果
PC1访问外网流量,重定向至联通运营商网络
PC3在规定时间外,无法访问电信运营商网络
