注意,这个重定向信息,由路由器发出,对主机有效,如果R1启用路由功能,配置默认路由指向R2,一样会收到重定向信息,但是对于作为路由器的R1,会忽视重定向信息,仍然会将后继数据报文发给R2,可通过以下办法验证:
" B0 |; {( x( g: f: g$ z2 V9 d启用R1的路由功能:* M) F2 B- g3 |) h5 B% j
3 S/ f* I" D. t! \; X
R1(config)#ip routing- I* X8 `* X( c2 t* K
' h6 {6 v1 h% u; O1 c3 M R2(config)#access-list 101 permit ip any host .3
; {/ w0 w( I% b" u
0 c$ o# l, a- n4 B" s R2(config)#access-list 101 permit ip any any: p ?, n& O6 E, S w; S/ ?/ S
. ]' `9 u2 q# {
R2(config)#interface ethernet 0
# y8 V6 N/ A' P: w1 M, [" c
- J7 ^+ q! H8 h3 f' k- y R2(config-if)#ip access-group 101 in
5 r& c: A. y) ~0 q; e i4 a
8 k! e$ G' v3 j9 m' X 从R1发起ping
! q0 C4 l' c1 P; ]
" S$ C3 j6 `3 N1 S R1#ping .3. U0 q1 L! ^% X
3 P+ a" l) Z2 |
Type escape sequence to abort.
: w2 _# N1 O' ~/ T3 C$ b) g $ ~ ~' X U. X1 t9 ?% {/ s
Sending 5, 100-byte ICMP Echos to .3, timeout is 2 seconds:
9 E$ Z: h% [) L' _% L7 V: }- v' Z ; V$ k# Y: @+ b; E8 J$ Z; M
!!!!!) G% M S* n+ c5 R, h; H
( X, m+ |* ]* _% k" b& q" s Success rate is 100 percent (5/5), round-trip min/avg/max = ms
6 L& o" g2 x' Z- Z
3 ]3 v/ P! ?4 P4 u A* u R1#ping .3" B I/ Y# I5 i. I
# S6 g( B) N3 [9 l6 A( j
Type escape sequence to abort.
$ X) t8 X6 X6 `9 w/ ?0 M
3 H2 S3 T/ L# V2 A+ |( |" t0 a Sending 5, 100-byte ICMP Echos to .3, timeout is 2 seconds:
( @4 q5 H$ J) j
; X, O( f4 h5 h! j, Q& g* r( E' o !!!!!$ }! l" @# t% B4 P' B& [
4 `2 G/ U$ b7 U) }
Success rate is 100 percent (5/5), round-trip min/avg/max = ms
; I8 d9 s0 G/ P. j- \2 q5 b 6 Z$ o5 l# u4 p% C# h* \2 p: t; f# A
查看R2的访问列表计数:可见全部数据报文都经过了R2的以太网口在转发出去。4 w5 ]$ G* w) b% S7 B
" f# r2 d' ^! j. N R2#show ip access-lists 101
! E# x1 P' e" V' P# H
. l8 r. S3 C7 ]0 k Extended IP access list 101
2 j# Y+ ?$ _2 U3 W0 f . V8 B. E- s) d5 v9 l8 A
10 permit ip any host .3 (20 matches)
/ K; z" C6 o* M$ h , H! k& z1 V; c
20 permit ip any any (132 matches)
7 A+ W3 s; }: k7 k4 I7 w/ Z7 a
1 |$ ] h: O0 K v) l4 V" A) o IOS对于进入本接口之后,本路由器应答或从相同接口转发出去的数据报文,会双倍计数,即五个数据报文计数为10.
3 G' q7 d8 g9 z2 `# ^2 h% v0 V ( n; @# _0 C! R1 J9 c* _
(5)关闭R1的路由功能,并在此pingR3
A. \- a0 d- \) O
/ Q2 Z+ t) l. g# k7 q- `0 O R1#ping .3
8 g* S( E1 X I4 ^" u* C7 t 3 k4 z1 [9 V1 }
Type escape sequence to abort.2 y2 B* H6 x% a( \4 t
; J# X$ l/ C. J- t Sending 5, 100-byte ICMP Echos to .3, timeout is 2 seconds:9 R9 c. h4 c; R6 V
4 _7 Z# l( [. R- l1 e
!!!!!
; X- u9 c" H# v0 o. z5 [
$ E. a* _) |4 Y6 M8 d Success rate is 100 percent (5/5), round-trip min/avg/max = ms
2 x2 y" a5 J- H; Z1 ]
) p6 d: S+ q$ X, f7 S& G# R0 o" p 查看R2的通过访问控制,截取的数据报文个数:$ R5 V: R- ~* _3 s
! r# ^: ^, L* Y6 e9 r) @ R2#show access-lists 101
( F- v: ~; E& t1 q# L
! m9 a# J: }& w, ~) v& s Extended IP access list 101
8 ^- j# O5 ]1 M& d3 l4 B( \
. F& p' s a2 d& I 10 permit ip any host .3 (22 matches), j5 }% t/ Q3 R# a$ W
% I/ e" Q7 P4 f; d
20 permit ip any any (434 matches)# L% V% K9 ?1 d7 F
! a) _6 ^3 ?7 ~: p7 N7 q5 A& r 计数增长了2,实质上只截取了1个数据报文,即R2收到第一个数据报文之后,发出重定向,之后,R1便直接将目的地址为。3的数据报文转发给R3. |
发表于 2012-8-3 20:03:30
