兴宁A8 兴宁论坛 兴宁新闻 兴宁人的网络社区
标题:
巧用不连续子网掩码解决非常规问题
[打印本页]
作者:
computer
时间:
2012/3/8 23:56
标题:
巧用不连续子网掩码解决非常规问题
<FONT size=2><FONT face=宋体>我们通常习惯使用连续的子网掩码(形如</FONT><SPAN lang=EN-US>11111111.11111111.11111111.00000000</SPAN><SPAN style="FONT-FAMILY: 宋体; mso-ascii-font-family: " Roman?? New ?Times mso-hansi-font-family: Roman?; Times>)</SPAN><SPAN lang=EN-US>,</SPAN></FONT>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT size=2><SPAN style="FONT-FAMILY: 宋体; mso-ascii-font-family: " Roman?? New ?Times mso-hansi-font-family: Roman?; Times>而对于不连续的子网掩码(形如</SPAN><SPAN lang=EN-US>11111111.11111111.00000000.00001111</SPAN></FONT><SPAN style="FONT-FAMILY: 宋体; mso-ascii-font-family: " Roman?? New ?Times mso-hansi-font-family: Roman?; Times><FONT size=2>)基本上没有去关注过。<BR><BR></FONT></SPAN></DIV><SPAN style="FONT-FAMILY: 宋体; mso-ascii-font-family: " Roman?? New ?Times mso-hansi-font-family: Roman?; Times><FONT size=2>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN style="FONT-FAMILY: 宋体; mso-ascii-font-family: " Roman?? New ?Times mso-hansi-font-family: Roman?; Times><FONT size=2> 实际上,有时候巧妙地使用不连续的子网掩码,还能解决一些常规方法不容易搞定的问题。<BR><BR></FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN style="FONT-FAMILY: 宋体; mso-ascii-font-family: " Roman?? New ?Times mso-hansi-font-family: Roman?; Times><FONT size=2> 例如,某个公司的网络及对网络配置的要求如下图所示,对于图示的情况,我们就可以用</FONT></SPAN><SPAN style="FONT-FAMILY: 宋体; mso-ascii-font-family: " Roman?? New ?Times mso-hansi-font-family: Roman?; Times><FONT size=2>不连续子网掩码加路由策略来解决。</FONT></SPAN></DIV></FONT></SPAN>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt" align=center><SPAN style="FONT-FAMILY: 宋体; mso-ascii-font-family: " Roman?? New ?Times mso-hansi-font-family: Roman?; Times><FONT size=2></FONT></SPAN></P>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt">
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN style="FONT-FAMILY: 宋体; mso-ascii-font-family: " Roman?? New ?Times mso-hansi-font-family: Roman?; Times><FONT size=2></FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><?xml:namespace prefix = v ns = "urn:schemas-microsoft-com:vml" /><v:shapetype id=_x0000_t75 coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe" filled="f" stroked="f"><FONT size=2><v:stroke joinstyle="miter"></v:stroke><v:formulas><v:f eqn="if lineDrawn pixelLineWidth 0"></v:f><v:f eqn="sum @0 1 0"></v:f><v:f eqn="sum 0 0 @1"></v:f><v:f eqn="prod @2 1 2"></v:f><v:f eqn="prod @3 21600 pixelWidth"></v:f><v:f eqn="prod @3 21600 pixelHeight"></v:f><v:f eqn="sum @0 0 1"></v:f><v:f eqn="prod @6 1 2"></v:f><v:f eqn="prod @7 21600 pixelWidth"></v:f><v:f eqn="sum @8 21600 0"></v:f><v:f eqn="prod @7 21600 pixelHeight"></v:f><v:f eqn="sum @10 21600 0"></v:f></v:formulas><v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"></v:path><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:lock v:ext="edit" aspectratio="t"></o:lock></FONT></v:shapetype></SPAN></DIV><SPAN style="FONT-FAMILY: 宋体; mso-ascii-font-family: " Roman?? New ?Times mso-hansi-font-family: Roman?; Times><FONT size=2></FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT size=2><SPAN style="FONT-FAMILY: 宋体; mso-ascii-font-family: " Roman?? New ?Times mso-hansi-font-family: Roman?; Times>第一步:定义</SPAN><SPAN lang=EN-US>3</SPAN><SPAN style="FONT-FAMILY: 宋体; mso-ascii-font-family: " Roman?? New ?Times mso-hansi-font-family: Roman?; Times>条</SPAN><SPAN lang=EN-US>ACL</SPAN><SPAN style="FONT-FAMILY: 宋体; mso-ascii-font-family: " Roman?? New ?Times mso-hansi-font-family: Roman?; Times>,分别匹配上面三类客户端:<BR></SPAN></FONT></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT size=2><BR>cj<?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" /><st1:chmetcnv UnitName="g" SourceValue="3560" HasSpace="False" Negative="True" NumberType="1" TCSC="0" w:st="on">-3560G</st1:chmetcnv>#sh ip access-l</FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT size=2>Standard IP access list acl_linux</FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT size=2><SPAN style="mso-spacerun: yes"> </SPAN>10 permit 172.16.<SPAN style="COLOR: red">0.3</SPAN>, wildcard bits <SPAN style="COLOR: red">0.0.255.252</SPAN></FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT size=2>Standard IP access list acl_isa</FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT size=2><SPAN style="mso-spacerun: yes"> </SPAN>10 permit 172.16.<SPAN style="COLOR: red">0.2</SPAN>, wildcard bits <SPAN style="COLOR: red">0.0.255.252</SPAN></FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT size=2>Standard IP access list acl_router</FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT size=2><SPAN style="mso-spacerun: yes"> </SPAN>10 permit 172.16.<SPAN style="COLOR: red">0.1</SPAN>, wildcard bits <SPAN style="COLOR: red">0.0.255.252</SPAN></FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT size=2><SPAN style="COLOR: red"> </SPAN></FONT></SPAN><SPAN lang=EN-US><FONT size=2>20 permit 172.16.<SPAN style="COLOR: red">0.0</SPAN>, wildcard bits<SPAN style="COLOR: red"> 0.0.255.252<o:p></o:p></SPAN></FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-INDENT: 21.75pt"><SPAN lang=EN-US style="COLOR: red"><o:p><FONT size=2> </FONT></o:p></SPAN><SPAN lang=EN-US style="COLOR: red"><o:p><FONT size=2> </FONT></o:p></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-INDENT: 21.75pt"><SPAN lang=EN-US style="COLOR: red"><o:p><FONT size=2> </FONT></o:p></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN style="FONT-FAMILY: 宋体; mso-ascii-font-family: " Roman?? New ?Times mso-hansi-font-family: Roman?; Times><FONT size=2>解释:<BR></FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT size=2><SPAN style="COLOR: red; FONT-FAMILY: 宋体; mso-ascii-font-family: " Roman?? New ?Times mso-hansi-font-family: Roman?; Times><BR>反向掩码: </SPAN><SPAN lang=EN-US style="COLOR: red">0<SPAN style="mso-spacerun: yes"> </SPAN>.0<SPAN style="mso-spacerun: yes"> </SPAN>.255<SPAN style="mso-spacerun: yes"> </SPAN>.252<o:p></o:p></SPAN></FONT></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-INDENT: 52.5pt; mso-char-indent-count: 5.0"><FONT size=2><SPAN lang=EN-US style="COLOR: red"> 0000 0000.0000 0000.1111 1111.1111 1100<SPAN style="mso-spacerun: yes"> </SPAN></SPAN><SPAN style="COLOR: blue; FONT-FAMILY: 宋体; mso-ascii-font-family: " Roman?? New ?Times mso-hansi-font-family: Roman?; Times>(不连续反向子网掩码)</SPAN><SPAN lang=EN-US style="COLOR: red"><o:p></o:p></SPAN></FONT></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT size=2><SPAN style="COLOR: red; FONT-FAMILY: 宋体; mso-ascii-font-family: " Roman?? New ?Times mso-hansi-font-family: Roman?; Times>正向掩码: </SPAN><SPAN lang=EN-US style="COLOR: red">1111 1111 .1111 1111. 0000 0000.0000 0011 </SPAN><SPAN style="COLOR: blue; FONT-FAMILY: 宋体; mso-ascii-font-family: " Roman?? New ?Times mso-hansi-font-family: Roman?; Times>(不连续子网掩码)</SPAN><SPAN lang=EN-US style="COLOR: red"><o:p></o:p></SPAN></FONT></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT size=2><SPAN lang=EN-US style="COLOR: red">IP</SPAN><SPAN style="COLOR: red; FONT-FAMILY: 宋体; mso-ascii-font-family: " Roman?? New ?Times mso-hansi-font-family: Roman?; Times>地址:</SPAN><SPAN lang=EN-US style="COLOR: red"><SPAN style="mso-spacerun: yes"> </SPAN>172<SPAN style="mso-spacerun: yes"> </SPAN>.16<SPAN style="mso-spacerun: yes"> </SPAN>.0<SPAN style="mso-spacerun: yes"> </SPAN>.0000 0011<o:p></o:p></SPAN></FONT></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US style="COLOR: red"><FONT size=2><SPAN style="mso-spacerun: yes"> </SPAN>172<SPAN style="mso-spacerun: yes"> </SPAN>.16<SPAN style="mso-spacerun: yes"> </SPAN>.0<SPAN style="mso-spacerun: yes"> </SPAN>.3<o:p></o:p></FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT size=2><SPAN style="FONT-FAMILY: 宋体; mso-ascii-font-family: " Roman?? New ?Times mso-hansi-font-family: Roman?; Times>可以看出来,<FONT color=#ff4500>只要</FONT></SPAN><FONT color=#ff4500><SPAN lang=EN-US>IP</SPAN><SPAN style="FONT-FAMILY: 宋体; mso-ascii-font-family: " Roman?? New ?Times mso-hansi-font-family: Roman?; Times>地址为</SPAN><SPAN lang=EN-US style="COLOR: red">172. 16. x. xxxxxx11</SPAN><SPAN style="COLOR: red; FONT-FAMILY: 宋体; mso-ascii-font-family: " Roman?? New ?Times mso-hansi-font-family: Roman?; Times>(</SPAN><SPAN lang=EN-US style="COLOR: red">x</SPAN><SPAN style="COLOR: red; FONT-FAMILY: 宋体; mso-ascii-font-family: " Roman?? New ?Times mso-hansi-font-family: Roman?; Times>表示</SPAN><SPAN lang=EN-US style="COLOR: red">0</SPAN><SPAN style="COLOR: red; FONT-FAMILY: 宋体; mso-ascii-font-family: " Roman?? New ?Times mso-hansi-font-family: Roman?; Times>或者</SPAN><SPAN lang=EN-US style="COLOR: red">1</SPAN><SPAN style="COLOR: red; FONT-FAMILY: 宋体; mso-ascii-font-family: " Roman?? New ?Times mso-hansi-font-family: Roman?; Times>当中的任何一个)</SPAN><SPAN lang=EN-US style="COLOR: red">, </SPAN><SPAN style="COLOR: red; FONT-FAMILY: 宋体; mso-ascii-font-family: " Roman?? New ?Times mso-hansi-font-family: Roman?; Times>即以二进制表示的</SPAN><SPAN lang=EN-US style="COLOR: red">IP</SPAN><SPAN style="COLOR: red; FONT-FAMILY: 宋体; mso-ascii-font-family: " Roman?? New ?Times mso-hansi-font-family: Roman?; Times>地址的最右边两位为</SPAN><SPAN lang=EN-US style="COLOR: red">11</SPAN><SPAN style="FONT-FAMILY: 宋体; mso-ascii-font-family: " Roman?? New ?Times mso-hansi-font-family: Roman?; Times>,就匹配</SPAN><SPAN lang=EN-US>ACL acl_linux</SPAN></FONT><SPAN style="FONT-FAMILY: 宋体; mso-ascii-font-family: " Roman?? New ?Times mso-hansi-font-family: Roman?; Times>,其它两个</SPAN><SPAN lang=EN-US>ACL</SPAN><SPAN style="FONT-FAMILY: 宋体; mso-ascii-font-family: " Roman?? New ?Times mso-hansi-font-family: Roman?; Times>的解释与此类似。</SPAN></FONT></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT size=2><SPAN style="FONT-FAMILY: 宋体; mso-ascii-font-family: " Roman?? New ?Times mso-hansi-font-family: Roman?; Times></SPAN></FONT> </DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN style="FONT-FAMILY: 宋体; mso-ascii-font-family: " Roman?? New ?Times mso-hansi-font-family: Roman?; Times><FONT size=2>第二步:定义路由策略<BR></FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT size=2><BR>cj<st1:chmetcnv UnitName="g" SourceValue="3560" HasSpace="False" Negative="True" NumberType="1" TCSC="0" w:st="on">-3560G</st1:chmetcnv>#sh route-map rm-select-gw</FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT size=2>route-map rm-select-gw, permit, sequence 10</FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT size=2><SPAN style="mso-spacerun: yes"> </SPAN>Match clauses:</FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT size=2><SPAN style="mso-spacerun: yes"> </SPAN>ip address (access-lists): acl-router</FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT size=2><SPAN style="mso-spacerun: yes"> </SPAN>Set clauses:</FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT size=2><SPAN style="mso-spacerun: yes"> </SPAN>ip next-hop 172.16.0.1</FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT size=2><SPAN style="mso-spacerun: yes"> </SPAN>Policy routing matches: 0 packets, 0 bytes</FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT size=2>route-map rm-select-gw, permit, sequence 20</FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT size=2><SPAN style="mso-spacerun: yes"> </SPAN>Match clauses:</FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT size=2><SPAN style="mso-spacerun: yes"> </SPAN>ip address (access-lists): acl-isa</FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT size=2><SPAN style="mso-spacerun: yes"> </SPAN>Set clauses:</FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT size=2><SPAN style="mso-spacerun: yes"> </SPAN>ip next-hop 172.16.0.2</FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT size=2><SPAN style="mso-spacerun: yes"> </SPAN>Policy routing matches: 0 packets, 0 bytes</FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT size=2>route-map rm-select-gw, permit, sequence 30</FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT size=2><SPAN style="mso-spacerun: yes"> </SPAN>Match clauses:</FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT size=2><SPAN style="mso-spacerun: yes"> </SPAN>ip address (access-lists): acl-linux</FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT size=2><SPAN style="mso-spacerun: yes"> </SPAN>Set clauses:</FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT size=2><SPAN style="mso-spacerun: yes"> </SPAN>ip next-hop 172.16.0.3</FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT size=2><SPAN style="mso-spacerun: yes"> </SPAN>Policy routing matches: 0 packets, 0 bytes</FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US></SPAN> </DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT size=2><SPAN style="FONT-FAMILY: 宋体; mso-ascii-font-family: " Roman?? New ?Times mso-hansi-font-family: Roman?; Times>第三步:应用定义的路由策略到每一个</SPAN><SPAN lang=EN-US>SVI</SPAN><SPAN style="FONT-FAMILY: 宋体; mso-ascii-font-family: " Roman?? New ?Times mso-hansi-font-family: Roman?; Times>,例如:<BR></SPAN></FONT></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT size=2><BR>cj<st1:chmetcnv UnitName="g" SourceValue="3560" HasSpace="False" Negative="True" NumberType="1" TCSC="0" w:st="on">-3560G</st1:chmetcnv>#sh run int vlan1</FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT size=2>interface Vlan1</FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT size=2><SPAN style="mso-spacerun: yes"> </SPAN>ip address 172.16.0.254 255.255.255.0</FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US style="COLOR: blue"><FONT size=2><SPAN style="mso-spacerun: yes"> </SPAN>ip policy route-map rm-select-gw<o:p></o:p></FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT size=2>end</FONT></SPAN></DIV>
欢迎光临 兴宁A8 兴宁论坛 兴宁新闻 兴宁人的网络社区 (http://fc.xna8.com/)
Powered by Discuz! X3.1