组网需求

如图1所示，汇聚层Switch做三层转发设备，接入层设备LSW做用户网关，接入层LSW和汇聚层Switch之间路由可达。汇聚层Switch通过两条链路连接到两个核心路由器上，一条是高速链路，网关为10.1.20.1/24；另外一条是低速链路，网关为10.1.30.1/24。

公司希望汇聚层Switch上送到核心层设备的报文中，源IP地址为192.168.100.0/24的报文通过高速链路传输，而源IP地址为192.168.101.0/24的报文则通过低速链路传输。

配置思路

采用重定向方式实现策略路由，进而提供差分服务，具体配置思路如下：

1. 创建VLAN并配置各接口，实现公司和外部网络设备互连。
2. 配置ACL规则，分别匹配源IP地址为192.168.100.0/24和192.168.101.0/24的报文。
3. 配置流分类，匹配规则为上述ACL规则，使设备可以对报文进行区分。
4. 配置流行为，使满足不同规则的报文分别被重定向到10.1.20.1/24和10.1.30.1/24。
5. 配置流策略，绑定上述流分类和流行为，并应用到接口GE0/0/3的入方向上，实现策略路由

操作步骤

创建VLAN并配置各接口

# 在Switch上创建VLAN100和VLAN200。

[zhongwanzhisw]vlan batch 100 200

 # 配置Switch上接口GE0/0/1、GE0/0/2和GE0/0/3的接口类型为Trunk，并加入VLAN100和VLAN200。

[zhongwanzhisw]interface GigabitEthernet 0/0/1	
[zhongwanzhisw-GigabitEthernet0/0/1]port link-type trunk 
[zhongwanzhisw-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 200
[zhongwanzhisw-GigabitEthernet0/0/1]quit
[zhongwanzhisw]interface GigabitEthernet 0/0/2	
[zhongwanzhisw-GigabitEthernet0/0/2]port link-type trunk 
[zhongwanzhisw-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 200
[zhongwanzhisw-GigabitEthernet0/0/2]quit
[zhongwanzhisw]interface GigabitEthernet 0/0/3
[zhongwanzhisw-GigabitEthernet0/0/3]port link-type trunk 
[zhongwanzhisw-GigabitEthernet0/0/3]port trunk allow-pass vlan 100 200
[zhongwanzhisw-GigabitEthernet0/0/3]quit

# 创建VLANIF100和VLANIF200，并配置各虚拟接口IP地址。

[zhongwanzhisw]interface Vlanif 100
[zhongwanzhisw-Vlanif100]ip address 10.1.20.2 24
[zhongwanzhisw-Vlanif100]quit
[zhongwanzhisw]interface Vlanif 200
[zhongwanzhisw-Vlanif200]ip address 10.1.30.2 24
[zhongwanzhisw-Vlanif200]quit

 配置ACL规则

# 在Switch上创建编码为3001、3002的高级ACL，规则分别为允许源IP地址为192.168.100.0/24和192.168.101.0/24的报文通过。

[zhongwanzhisw]acl 3001
[zhongwanzhisw-acl-adv-3001]rule permit ip source 192.168.100.0 0.0.0.255
[zhongwanzhisw-acl-adv-3001]quit
[zhongwanzhisw]acl 3002
[zhongwanzhisw-acl-adv-3002]rule permit ip source 192.168.101.0 0.0.0.255
[zhongwanzhisw-acl-adv-3002]quit

配置流分类

在Switch上

创建流分类c1、c2，匹配规则分别为ACL 3001和ACL 3002。

[zhongwanzhisw]traffic classifier c1 operator or 
[zhongwanzhisw-classifier-c1]if-match acl 3001
[zhongwanzhisw-classifier-c1]quit
[zhongwanzhisw]traffic classifier c2 operator or
[zhongwanzhisw-classifier-c2]if-match acl 3002
[zhongwanzhisw-classifier-c2]quit

配置流行为

# 在Switch上创建流行为b1、b2，并分别指定重定向到10.1.20.1/24和10.1.30.1/24的动作

[zhongwanzhisw]traffic behavior b1
[zhongwanzhisw-behavior-b1]redirect ip-nexthop 10.1.20.1
[zhongwanzhisw-behavior-b1]quit
[zhongwanzhisw]traffic behavior b2
[zhongwanzhisw-behavior-b2]redirect ip-nexthop 10.1.30.1
[zhongwanzhisw-behavior-b2]quit

配置流策略并应用到接口上

# 在Switch上创建流策略p1，将流分类和对应的流行为进行绑定。

[zhongwanzhisw]traffic policy p1
[zhongwanzhisw-trafficpolicy-p1]classifier c1 behavior b1
[zhongwanzhisw-trafficpolicy-p1]classifier c2 behavior b2
[zhongwanzhisw-trafficpolicy-p1]quit

# 将流策略p1应用到接口GE0/0/3的入方向上。

[zhongwanzhisw]interface GigabitEthernet 0/0/3
[zhongwanzhisw-GigabitEthernet0/0/3]traffic-policy p1 inbound 
[zhongwanzhisw-GigabitEthernet0/0/3]return 

验证配置结果

# 查看ACL规则的配置信息。

<zhongwanzhisw>display acl 3001
Advanced ACL 3001, 1 rule
Acl's step is 5
 rule 5 permit ip source 192.168.100.0 0.0.0.255 

<zhongwanzhisw>display acl 3002
Advanced ACL 3002, 1 rule
Acl's step is 5
 rule 5 permit ip source 192.168.101.0 0.0.0.255 

<zhongwanzhisw>

# 查看流分类的配置信息

<zhongwanzhisw>display traffic classifier user-defined
  User Defined Classifier Information:
   Classifier: c2
    Operator: OR
    Rule(s) : if-match acl 3002
             
   Classifier: c1
    Operator: OR
    Rule(s) : if-match acl 3001
             
Total classifier number is 2 

<zhongwanzhisw>

# 查看流策略的配置信息。

<zhongwanzhisw>display traffic policy user-defined p1
  User Defined Traffic Policy Information:
  Policy: p1
   Classifier: c1
    Operator: OR
     Behavior: b1
      Redirect: no forced
        Redirect ip-nexthop
        10.1.20.1
   Classifier: c2
    Operator: OR
     Behavior: b2
      Redirect: no forced
        Redirect ip-nexthop
        10.1.30.1
<zhongwanzhisw>