对于源是R1的F0/0,目的是R3的S2/0的流量被R2无条件丢弃
R1
conf t
int f 0/0
ip ad 10.1.1.1 255.255.255.0
no shut
router rip
net 10.0.0.0
end
conf t
int f 0/0
ip ad 10.1.1.1 255.255.255.0
no shut
router rip
net 10.0.0.0
end
R2
conf t
int f 0/0
ip ad 10.1.1.2 255.255.255.0
no shut
int s 2/0
ip ad 10.1.2.2 255.255.255.0
encap f
no arp f
no frame inver
frame map ip 10.1.2.3 203 b
no shut
exit
access-list 100 permit ip host 10.1.1.1 host 10.1.2.3 步骤1 定义ACL匹配流量
class-map DROP 步骤2 定义class-map对ACL中匹配流量进行分类
match access-group 100
exit
policy-map dropr1 步骤3 定义policy-map对class-map施加策略
class DROP
drop
int f 0/0
service-policy input dropr1 步骤4 把policy map应用到接口
exit
router rip
net 10.0.0.0
end
conf t
int f 0/0
ip ad 10.1.1.2 255.255.255.0
no shut
int s 2/0
ip ad 10.1.2.2 255.255.255.0
encap f
no arp f
no frame inver
frame map ip 10.1.2.3 203 b
no shut
exit
access-list 100 permit ip host 10.1.1.1 host 10.1.2.3 步骤1 定义ACL匹配流量
class-map DROP 步骤2 定义class-map对ACL中匹配流量进行分类
match access-group 100
exit
policy-map dropr1 步骤3 定义policy-map对class-map施加策略
class DROP
drop
int f 0/0
service-policy input dropr1 步骤4 把policy map应用到接口
exit
router rip
net 10.0.0.0
end
R3
conf t
int s2/0
ip ad 10.1.2.3 255.255.255.0
encap f
no arp f
no frame inver
frame map ip 10.1.2.2 302 b
no shut
router rip
net 10.00.0.0
end
校验
R3#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R2#sh policy-map int f 0/0
FastEthernet0/0
Service-policy input: dropr1
Class-map: DROP (match-all)
10 packets, 1140 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 100
drop
10 packets, 1140 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 100
drop
