Monday, April 18, 2011

Policy Based Routing

After using most of my study time last night trying to figure out why my lab wasn't working in GNS3, then building it in my live lab...

When Simulating hosts using routers, REMEMBER TO TURN IP ROUTING OFF !!!

duh.

Anyway:




Gotta Luv Working in Linux now.

once you figure something out, you realize how much better it works in Linux.


ISP1



r1#sh run
Building configuration...

Current configuration : 1012 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
!      
!      
no ip domain lookup
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!      
interface Serial0/0
 ip address 10.1.12.2 255.255.255.0
 shutdown
 no fair-queue
 no dce-terminal-timing-enable
 service-module t1 clock source internal
 service-module t1 timeslots 1-24
!      
interface Serial0/1
 ip address 200.1.1.2 255.255.255.0
 ip access-group log in
 no dce-terminal-timing-enable
!      
ip route 192.168.1.0 255.255.255.0 200.1.1.1
!      
!      
ip http server
no ip http secure-server
!      
!      
!      
!      
control-plane
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
line con 0
 exec-timeout 600 0
 logging synchronous
 login  
line aux 0
line vty 0
 password cisco
 login  
line vty 1 4
 login  
!      
!      
end    



ISP 2




r2#
r2#sh run
Building configuration...

Current configuration : 927 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
no ip routing
no ip cef
!
!
!
!      
no ip domain lookup
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
interface FastEthernet0/0
 no ip address
 no ip route-cache
 shutdown
 duplex auto
 speed auto
!      
interface Serial0/0
 ip address 10.1.13.2 255.255.255.0
 no ip route-cache
 shutdown
 no fair-queue
 no dce-terminal-timing-enable
 service-module t1 timeslots 1-24
!      
interface Serial0/1
 ip address 201.1.1.2 255.255.255.0
 ip access-group log in
 no ip route-cache
 no fair-queue
 no dce-terminal-timing-enable
!      
!      
!      
ip http server
no ip http secure-server
!      
!      
!      
!      
control-plane
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
line con 0
 exec-timeout 600 0
 password bazilboo
 logging synchronous
 login  
line aux 0
line vty 0 4
 login  
!      
!      
end

Policy Router


FR3#sh run
Building configuration...

Current configuration : 1981 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname FR3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
!      
!      
no ip domain lookup
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0
ip policy route-map POLICY
 duplex auto
 speed auto
!      
interface Serial0/0
 no ip address
 shutdown
 no fair-queue
 no dce-terminal-timing-enable
!      
interface Serial1/0
 ip address 200.1.1.1 255.255.255.0
 clock rate 64000
 no dce-terminal-timing-enable
!      
interface Serial1/1
 ip address 201.1.1.1 255.255.255.0
 clock rate 64000
 dce-terminal-timing-enable
!      
interface Serial1/2
 ip address 10.1.45.1 255.255.255.0
 shutdown
 clock rate 64000
 no dce-terminal-timing-enable
!      
interface Serial1/3
 description link to AS(R5 s/0)
 no ip address
 logging event subif-link-status
 no dce-terminal-timing-enable
!      
interface Serial1/4
 no ip address
 logging event subif-link-status
 clock rate 64000
 dce-terminal-timing-enable
!      
interface Serial1/5
 no ip address
 shutdown
 no dce-terminal-timing-enable
!      
interface Serial1/6
 no ip address
 shutdown
 no dce-terminal-timing-enable
!      
interface Serial1/7
 no ip address
 shutdown
 no dce-terminal-timing-enable
!      
!      
!      
ip http server
no ip http secure-server
!      
ip access-list extended CLIENT1
 permit ip host 192.168.1.20 any
ip access-list extended CLIENT2
 permit tcp host 192.168.1.21 any eq telnet
 permit tcp host 192.168.1.21 any eq 443
!      
!      
route-map POLICY permit 10
 match ip address CLIENT1
 set ip next-hop 201.1.1.2
!      
route-map POLICY permit 20
 match ip address CLIENT2
 set ip next-hop 200.1.1.2
!      
route-map POLICY permit 30
 set ip next-hop 201.1.1.2
!      
!      
!      
control-plane
!      
!      
!      
!      
!      
!      
!      
!      
!      
!      
line con 0
 exec-timeout 600 0
 password 7 0111071E520704002E
 logging synchronous
 login  
line aux 0
line vty 0 4
 login  
!      
!      
end

Client 1


r4#sh run
Building configuration...

Current configuration : 939 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname r4
!
!
no ip subnet-zero
no ip routing
!
!
!
!
!
voice call carrier capacity active
!
!
!
!
!      
!      
!      
!      
!      
mta receive maximum-recipients 0
!      
!      
!      
!      
interface FastEthernet0/0
 ip address 192.168.1.20 255.255.255.0
 no ip route-cache
 no ip mroute-cache
 duplex auto
 speed auto
!      
interface Serial0/0
 no ip address
 no ip route-cache
 shutdown
 no fair-queue
 service-module t1 clock source internal
 service-module t1 timeslots 1-24
!      
interface Serial0/1
 no ip address
 no ip route-cache
 shutdown
 service-module t1 clock source internal
 service-module t1 timeslots 1-24
!      
ip default-gateway 192.168.1.1
ip classless
no ip http server
!      
!      
!      
call rsvp-sync
!      
!      
mgcp profile default
!      
dial-peer cor custom
!      
!      
!      
!      
line con 0
 exec-timeout 600 0
 logging synchronous
 login  
line aux 0
line vty 0 4
 login  
!      
!      
end




Client 2

Current configuration : 1102 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname r5
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
no network-clock-participate slot 1 
no network-clock-participate wic 0 
no ip subnet-zero
no ip routing
!
!         
no ip dhcp use vrf connected
!         
!         
no ip cef 
no ip domain lookup
no ip ips deny-action ips-interface
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
interface FastEthernet0/0
 ip address 192.168.1.21 255.255.255.0
 no ip route-cache
 duplex auto
 speed auto
!         
interface Serial0/0
 no ip address
 no ip route-cache
 ip ospf network point-to-point
 shutdown 
 no dce-terminal-timing-enable
 service-module t1 clock source internal
 service-module t1 timeslots 1-24
!         
interface Serial0/1
 no ip address
 no ip route-cache
 shutdown 
 no dce-terminal-timing-enable
!         
ip default-gateway 192.168.1.1
ip classless
!         
!         
ip http server
no ip http secure-server
!         
!         
!         
!         
control-plane
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
line con 0
 exec-timeout 600 0
 logging synchronous
 login    
line aux 0
line vty 0 4
 login    
!         
!         
end 

On to IPV6...

2 comments:

  1. hey i love the site. little note... in GNS3 you can simulate Linux hosts using QEMU and linux microcore. you can configure eth0 with the correct ip addr and subnet mask and it should be able to ping its gateway in GNS3. great way to simulate a REAL host.

    google GNS3 +qemu +microcore

    Lou

    ReplyDelete
  2. Thanks for the tip, I had pursued it briefly, but I was in the middle of trying to build a tri-boot laptop, (Win7,Lubuntu, and the fruity one) and was distracted, and of course figured out my Router as a host problem at the same time. I still need to get a hold on it as I would like to run JUNOS on here at some point.

    ReplyDelete