Experimental requirements
1. According to the topology prompt, enable OSPF routing protocol for each route, divide corresponding areas, and verify the neighbor relationship and database information, so as to ensure the interoperability of the whole intranet. Among them, the loopback entry on R7 is required to be introduced as an external entry.
2. There are certain access security risks in Area 2 area newly added to the company's network, which requires virtual link authentication.
3. Due to the wide range of services in Area 2, try to reduce the routing entries on R7. With special area
4. Since R4 belongs to the core equipment purchased earlier by the company, its performance is insufficient. Please reduce the external routing entries learned from R4.
5. Since R3 is a boundary route connected to the company branch (not marked here), it carries too many route entry information. In order to improve the performance of R3, please reduce the route entries learned by R3.
6. The company needs to access the Internet. Please configure NAT according to the specific situation to achieve the interoperability of the whole network.
7. Because R3 is overloaded, the data traffic from the R7 host to the external network is sent to the external network through R5.
Note: please use the commands show ip ospf neighbor /show ip ospf interface /show ip ospf database /show ip route /show ip protocol /ping /debug to view the experimental phenomena
Requirement 1: according to the topology prompt, the unmarked network segments uniformly use the 10.1.X.X/24 network segment, enable the OSPF routing protocol for each route, divide the corresponding area, and verify the neighbor relationship and database information, so as to ensure the interoperability of the whole intranet. Among them, the loopback entry on R7 is required to be introduced as an external entry.
Configure the IP address and pay attention to the different modes under the configuration
R8#conf ter
R8(config)#int s1/0
R8 (config if) #ip add 200.1.1.2 255.255.255.252 -- configure the IP with mask 30
R8(config-if)#no shutdown
R8(config-if)#exit
R8(config)#int lo0
R8(config-if)#ip add 211.1.1.1 255.255.255.252
Check whether the interface is configured successfully
R8#show ip int b Interface IP-Address OK? Method Status Protocol FastEthernet0/0 unassigned YES unset administratively down down FastEthernet0/1 unassigned YES unset administratively down down Serial1/0 200.1.1.2 YES manual up down Serial1/1 unassigned YES unset administratively down down Serial1/2 unassigned YES unset administratively down down Serial1/3 unassigned YES unset administratively down down Loopback0 211.1.1.1 YES manual up up R8#
R6(config)#int s1/1
R6(config-if)#ip add 200.1.1.1 255.255.255.252
R6(config-if)#no shut
R6(config-if)#int f0/0
R6(config-if)#ip add 10.1.36.6 255.255.255.0
R6(config-if)#no shut
R6(config-if)#int s1/0
R6(config-if)#ip add 10.1.56.6 255.255.255.0
R6(config-if)#no shut
R6(config-if)#end
R6#show ip int b Interface IP-Address OK? Method Status Protocol FastEthernet0/0 10.1.36.6 YES manual up up FastEthernet0/1 unassigned YES unset administratively down down Serial1/0 10.1.56.6 YES manual up down --At this time, the end-to-end interface of the link has not been UP,therefore protocol by down Serial1/1 200.1.1.1 YES manual up up
Similarly to other interfaces, the / 24 bit mask is 255.255.255.0
OSPF neighbor relationship establishment
R3(config)#router ospf 1
R3 (config router) #network 10.1.36.0 0.0.255 area 0 -- announce direct connection entries to backbone area 0
R3(config-router)#network 10.1.23.0 0.0.0.255 area 0
R6(config)#router ospf 1
R6(config-router)#network 10.1.36.0 0.0.0.255 area 0
R6(config-router)#network 10.1.56.0 0.0.0.255 area 0
R2(config)#router ospf 1
R2 (config router) #Router-ID 2.2.2.2 -------------- specify router ID manually
R2(config-router)#network 10.1.25.0 0.0.0.255 area 0
R2(config-router)#network 10.1.23.0 0.0.0.255 area 0
R2 (config router) #network 10.1.12.0 0.0.255 area 1 -- announce direct connection entries to common area 1
Check whether OSPF neighbors are successfully established
R3#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 2.2.2.2 1 FULL/BDR 00:00:32 10.1.23.2 FastEthernet0/0 200.1.1.1 1 FULL/DR 00:00:32 10.1.36.6 FastEthernet0/1
R3(config)#router ospf 1
R3(config-router)#router-id 3.3.3.3
Reload or use "clear ip ospf process" command, for this to take effect
R6(config)#router ospf 1
R6(config-router)#router-id 6.6.6.6
Reload or use "clear ip ospf process" command, for this to take effect
After manually specifying the router ID, the show ip ospf neighbor will not change immediately
The OSPF process needs to be restarted, and both sides are running at the same time
R6#clear ip ospf process
Reset ALL OSPF processes? [no]: y
R3#clear ip ospf process
Reset ALL OSPF processes? [no]: y
You can see that the router ID has changed. Because R5 and R6 are serial links, they are point-to-point networks and do not elect DR and BDR
R6#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 5.5.5.5 0 FULL/ - 00:00:38 10.1.56.5 Serial1/0 3.3.3.3 1 FULL/BDR 00:00:38 10.1.36.3 FastEthernet0/0 R3#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 2.2.2.2 1 FULL/DR 00:00:33 10.1.23.2 FastEthernet0/0 6.6.6.6 1 FULL/DR 00:00:35 10.1.36.6 FastEthernet0/1
The same applies to other directly connected network segments
R7(config)#router ospf 1
R7 (config router) #redistribute connected subnets ---- the loopback entry on R7 is introduced as an external entry
Verify view:
You can see the R1 routing table and learn the route of R7 loopback port OE2
R1#show ip route ospf 172.16.0.0/32 is subnetted, 3 subnets O 172.16.1.1 [110/2] via 10.1.14.4, 00:39:02, FastEthernet0/1 O 172.16.3.1 [110/2] via 10.1.14.4, 00:39:02, FastEthernet0/1 O 172.16.2.1 [110/2] via 10.1.14.4, 00:39:02, FastEthernet0/1 10.0.0.0/24 is subnetted, 7 subnets O IA 10.1.25.0 [110/65] via 10.1.12.2, 00:39:02, FastEthernet1/0 O IA 10.1.23.0 [110/2] via 10.1.12.2, 00:39:02, FastEthernet1/0 O IA 10.1.36.0 [110/3] via 10.1.12.2, 00:39:02, FastEthernet1/0 O IA 10.1.56.0 [110/67] via 10.1.12.2, 00:39:02, FastEthernet1/0 O E2 192.168.1.0/24 [110/20] via 17.17.17.7, 00:00:39, FastEthernet0/0 O E2 192.168.2.0/24 [110/20] via 17.17.17.7, 00:00:39, FastEthernet0/0 O E2 192.168.3.0/24 [110/20] via 17.17.17.7, 00:00:39, FastEthernet0/0
OSPF neighbor establishment process analysis:
- down: OSPF has not been started, or the device fails
- init: OSPF sends OSPF hello packet through 224.0.0.5 multicast. The hello packet is used to discover neighbors and bring its own router ID before establishing neighbors
1) Because R6 does not specify the Router-ID manually, the maximum IP of the active interface will be automatically selected as the Router-ID
- Two way: after receiving the hello package, both parties see the neighbor's router ID, elect DR/BDR and establish a neighbor relationship. If both are drothers, end and put drothers in the neighbor relationship table.
- Start: election master-slave relationship. Interactive empty DBD package
Synchronous serial number, election master-slave relationship, mainly those with large router ID
- Exchange: interactive content DBD package, LSA summary and directory
6.Loading:
One party initiates LSR request for detailed link status information
The other party replies to the LSU to update the link status information to the neighbor
Reply to LSACK for confirmation and interact multiple times until the link state database is synchronized
Link state database analysis:
R3#show ip ospf database OSPF Router with ID (3.3.3.3) (Process ID 1) Router Link States (Area 0)----Class I LSA,Dissemination scope: this region Link status: local router Router-ID Notification Router: local router Router-ID Link ID ADV Router Age Seq# Checksum Link count 2.2.2.2 2.2.2.2 1682 0x80000008 0x0082BD 3 3.3.3.3 3.3.3.3 1732 0x80000009 0x00C0CF 2 5.5.5.5 5.5.5.5 1664 0x80000009 0x004182 4 6.6.6.6 6.6.6.6 1787 0x80000008 0x009775 3 Net Link States (Area 0)----Class II LSA,Dissemination scope: this region Link status: DR Interface IP Notification Router: DR of router-ID Link ID ADV Router Age Seq# Checksum 10.1.23.3 3.3.3.3 1732 0x80000007 0x00A625 10.1.36.6 6.6.6.6 1787 0x80000007 0x00F094 Summary Net Link States (Area 0)---three classes of initials LSA,The scope of dissemination is in addition to other regions in the region Link status: network number Notification Router: ABR Router Router-ID,Change once through an area Link ID ADV Router Age Seq# Checksum 10.1.12.0 2.2.2.2 1682 0x80000007 0x009970 10.1.14.0 2.2.2.2 1685 0x80000007 0x005BA7 172.16.1.1 2.2.2.2 1685 0x80000007 0x00C4A8 172.16.2.1 2.2.2.2 1685 0x80000007 0x00B9B2 172.16.3.1 2.2.2.2 1686 0x80000007 0x00AEBC Type-5 AS External Link States---Five categories LSA,Spread throughout AS Link status: network number Notification Router: ASBR Router Router-ID Link ID ADV Router Age Seq# Checksum Tag 192.168.1.0 7.7.7.7 1818 0x80000007 0x004CC7 0 192.168.2.0 7.7.7.7 1818 0x80000007 0x0041D1 0 192.168.3.0 7.7.7.7 1818 0x80000007 0x0036DB 0
It needs to be completed as soon as we get here
Requirement 2: Area 2 newly added to the company's network has certain access security risks, and virtual link authentication is required.
R1(config)#router ospf 1
R1(config-router)#area 1 virtual-link 2.2.2.2
R1(config-router)#area 1 virtual-link 2.2.2.2 message-digest-key 1 md5 xixi
R2(config)#router ospf 1
R2(config-router)#area 1 virtual-link 1.1.1.1
R2(config-router)#area 1 virtual-link 1.1.1.1 message-digest-key 1 md5 xixi
Since R7 belongs to area 2 and is not directly adjacent to the backbone area, R7 cannot receive the routing information of backbone area 0 before virtual link configuration
R7#show ip route ospf R7#show ip route ospf
After the virtual link is opened, R7 can receive the route of the backbone area
R7#show ip route ospf 172.16.0.0/32 is subnetted, 3 subnets O IA 172.16.1.1 [110/3] via 10.1.17.1, 00:00:03, FastEthernet0/0 O IA 172.16.3.1 [110/3] via 10.1.17.1, 00:00:03, FastEthernet0/0 O IA 172.16.2.1 [110/3] via 10.1.17.1, 00:00:03, FastEthernet0/0 10.0.0.0/24 is subnetted, 3 subnets O IA 10.1.14.0 [110/2] via 10.1.17.1, 00:00:03, FastEthernet0/0 O IA 10.1.12.0 [110/2] via 10.1.17.1, 00:00:03, FastEthernet0/0 R7#show ip route ospf 172.16.0.0/32 is subnetted, 3 subnets O IA 172.16.1.1 [110/3] via 10.1.17.1, 00:00:59, FastEthernet0/0 O IA 172.16.3.1 [110/3] via 10.1.17.1, 00:00:59, FastEthernet0/0 O IA 172.16.2.1 [110/3] via 10.1.17.1, 00:00:59, FastEthernet0/0 10.0.0.0/24 is subnetted, 7 subnets O IA 10.1.14.0 [110/2] via 10.1.17.1, 00:00:59, FastEthernet0/0 O IA 10.1.12.0 [110/2] via 10.1.17.1, 00:00:59, FastEthernet0/0 O IA 10.1.25.0 [110/66] via 10.1.17.1, 00:00:49, FastEthernet0/0 O IA 10.1.23.0 [110/3] via 10.1.17.1, 00:00:49, FastEthernet0/0 O IA 10.1.36.0 [110/4] via 10.1.17.1, 00:00:49, FastEthernet0/0 O IA 10.1.56.0 [110/68] via 10.1.17.1, 00:00:49, FastEthernet0/0
Requirement 3: since there are many services in Area 2, try to reduce the routing entries on R7. With special area
Configure area 2 as NSSA area, filter 5 types of external routes and allow 3 types of other routes, so as to reduce route entries
R1(config)#router ospf 1
R1 (config router) #area 2 NSSA no summary ------------- the labels of special areas are consistent
R7(config)#router ospf 1
R7 (config router) #area 2 NSSA no summary ------------- the labels of special areas are consistent
ABR will automatically send a default route to itself to the last section area
R7#show ip route ospf O*IA 0.0.0.0/0 [110/2] via 10.1.17.1, 00:00:02, FastEthernet0/0 R7#
Requirement 4: since R4 belongs to the core equipment purchased earlier by the company, its performance is insufficient. Please reduce the external routing entries learned from R4.
Routing table entry before configuration
R4#show ip route ospf 10.0.0.0/24 is subnetted, 7 subnets O 10.1.12.0 [110/2] via 10.1.14.1, 01:00:27, FastEthernet0/0 O IA 10.1.25.0 [110/66] via 10.1.14.1, 01:00:17, FastEthernet0/0 O IA 10.1.17.0 [110/2] via 10.1.14.1, 00:02:22, FastEthernet0/0 O IA 10.1.23.0 [110/3] via 10.1.14.1, 01:00:17, FastEthernet0/0 O IA 10.1.36.0 [110/4] via 10.1.14.1, 01:00:17, FastEthernet0/0 O IA 10.1.56.0 [110/68] via 10.1.14.1, 01:00:17, FastEthernet0/0 O E2 192.168.1.0/24 [110/20] via 10.1.14.1, 00:02:22, FastEthernet0/0 O E2 192.168.2.0/24 [110/20] via 10.1.14.1, 00:02:22, FastEthernet0/0 O E2 192.168.3.0/24 [110/20] via 10.1.14.1, 00:02:22, FastEthernet0/0
Viewing the link status database, you can see that the corresponding LSAS of OSPF routing entries received on R4 mainly belong to class 3 LSAS and class 5 LSAS
R4#show ip ospf database OSPF Router with ID (4.4.4.4) (Process ID 1) Router Link States (Area 1) Link ID ADV Router Age Seq# Checksum Link count 1.1.1.1 1.1.1.1 592 0x80000007 0x001950 2 2.2.2.2 2.2.2.2 593 0x80000005 0x005D70 1 4.4.4.4 4.4.4.4 638 0x80000004 0x0051EF 4 Net Link States (Area 1) Link ID ADV Router Age Seq# Checksum 10.1.12.2 2.2.2.2 1672 0x80000002 0x00B05B 10.1.14.4 4.4.4.4 1686 0x80000002 0x008E69 Summary Net Link States (Area 1) Link ID ADV Router Age Seq# Checksum 10.1.17.0 1.1.1.1 175 0x80000001 0x002BF0 10.1.23.0 2.2.2.2 1672 0x80000002 0x00C848 10.1.25.0 2.2.2.2 1672 0x80000002 0x002BA4 10.1.36.0 2.2.2.2 1672 0x80000003 0x0041C0 10.1.56.0 2.2.2.2 1672 0x80000003 0x00E6C6 Summary ASB Link States (Area 1) Link ID ADV Router Age Seq# Checksum 1.1.1.1 2.2.2.2 586 0x80000001 0x001B14 Type-5 AS External Link States Link ID ADV Router Age Seq# Checksum Tag 192.168.1.0 1.1.1.1 610 0x80000001 0x00D522 0 192.168.1.0 7.7.7.7 1351 0x80000001 0x0058C1 0 192.168.2.0 1.1.1.1 610 0x80000001 0x00CA2C 0 192.168.2.0 7.7.7.7 1351 0x80000001 0x004DCB 0 192.168.3.0 1.1.1.1 610 0x80000001 0x00BF36 0 192.168.3.0 7.7.7.7 1351 0x80000001 0x0042D5 0
Because class 5 LSAS are transmitted from R1 to R4 in the region, class 5 LSAS should be summarized on R1
R1(config)#router ospf 1
R1(config-router)#summary-address 192.168.0.0 255.255.0.0
R4#show ip route ospf 10.0.0.0/24 is subnetted, 7 subnets O 10.1.12.0 [110/2] via 10.1.14.1, 00:00:04, FastEthernet0/0 O IA 10.1.25.0 [110/66] via 10.1.14.1, 00:00:04, FastEthernet0/0 O IA 10.1.17.0 [110/2] via 10.1.14.1, 00:00:04, FastEthernet0/0 O IA 10.1.23.0 [110/3] via 10.1.14.1, 00:00:04, FastEthernet0/0 O IA 10.1.36.0 [110/4] via 10.1.14.1, 00:00:04, FastEthernet0/0 O IA 10.1.56.0 [110/68] via 10.1.14.1, 00:00:04, FastEthernet0/0 O E2 192.168.0.0/16 [110/20] via 10.1.14.1, 00:00:04, FastEthernet0/0
Requirement 5: since R3 is a boundary route connected to the company's branch (not marked here), it carries too many route entry information. In order to improve the performance of R3, please reduce the route entries learned by R3.
Before configuration, you can see that multiple OIA route entries with the same prefix are received
R3# show ip route ospf 172.16.0.0/32 is subnetted, 3 subnets O IA 172.16.1.1 [110/4] via 10.1.23.2, 00:34:19, FastEthernet0/0 O IA 172.16.3.1 [110/4] via 10.1.23.2, 00:34:19, FastEthernet0/0 O IA 172.16.2.1 [110/4] via 10.1.23.2, 00:34:19, FastEthernet0/0 10.0.0.0/24 is subnetted, 7 subnets O IA 10.1.14.0 [110/3] via 10.1.23.2, 00:29:38, FastEthernet0/0 O IA 10.1.12.0 [110/2] via 10.1.23.2, 00:29:58, FastEthernet0/0 O 10.1.25.0 [110/65] via 10.1.23.2, 00:35:25, FastEthernet0/0 O IA 10.1.17.0 [110/3] via 10.1.23.2, 00:34:19, FastEthernet0/0 O 10.1.56.0 [110/65] via 10.1.36.6, 00:34:55, FastEthernet0/1 O E2 192.168.0.0/16 [110/20] via 10.1.23.2, 00:34:40, FastEthernet0/0
By viewing the link state database, it can be determined that these OIA routing entries are three types of LSA S, which are generated by R1 and R2
R3#show ip ospf database OSPF Router with ID (3.3.3.3) (Process ID 1) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 1.1.1.1 1.1.1.1 4 (DNA) 0x80000003 0x002CD7 1 2.2.2.2 2.2.2.2 1106 0x80000003 0x008228 4 3.3.3.3 3.3.3.3 1131 0x80000003 0x00480F 2 5.5.5.5 5.5.5.5 1172 0x80000001 0x00E202 4 6.6.6.6 6.6.6.6 1132 0x80000002 0x004315 3 Net Link States (Area 0) Link ID ADV Router Age Seq# Checksum 10.1.23.3 3.3.3.3 1161 0x80000001 0x00658F 10.1.36.6 6.6.6.6 1132 0x80000001 0x00F5D2 Summary Net Link States (Area 0) Link ID ADV Router Age Seq# Checksum 10.1.12.0 1.1.1.1 2 (DNA) 0x80000001 0x0062BE 10.1.12.0 2.2.2.2 830 0x80000001 0x0044D8 10.1.14.0 1.1.1.1 2 (DNA) 0x80000001 0x004CD2 10.1.14.0 2.2.2.2 833 0x80000001 0x0038E1 10.1.17.0 1.1.1.1 12 (DNA) 0x80000001 0x002BF0 172.16.1.1 1.1.1.1 12 (DNA) 0x80000001 0x00E493 172.16.1.1 2.2.2.2 1120 0x80000001 0x00D0A2 172.16.2.1 1.1.1.1 12 (DNA) 0x80000001 0x00D99D 172.16.2.1 2.2.2.2 1120 0x80000001 0x00C5AC 172.16.3.1 1.1.1.1 12 (DNA) 0x80000001 0x00CEA7 172.16.3.1 2.2.2.2 1120 0x80000001 0x00BAB6 Summary ASB Link States (Area 0) Link ID ADV Router Age Seq# Checksum 1.1.1.1 2.2.2.2 1120 0x80000001 0x001B14 Type-5 AS External Link States Link ID ADV Router Age Seq# Checksum Tag 192.168.0.0 1.1.1.1 1155 0x80000001 0x00181B 0
Therefore, three types of LSA S are summarized on R1 and R2
After summarizing 172.16.1.0, 2.0 and 3.0, it is calculated that the same prefix is 172.16.0.0 and the mask is / 22
R1(config)#router ospf 1
R1(config-router)#area 1 range 172.16.0.0 255.255.252.0
R2(config)#router ospf 1
R2(config-router)#area 1 range 172.16.0.0 255.255.252.0
After summarizing 10.1.12.0 and 14.0, it is calculated that the same prefix is 10.1.0.0 and the mask is / 20
For the summary of 10.1.17.0, it is calculated that the same prefix is 10.1.0.0 and the mask is / 19
R1(config)#router ospf 1
R1 (config router) #area 1 range 10.1.0.0 255.255.240.0 -- 10.1.12.0 and 14.0 are generated by area 1
R1 (config router) #area 2 range 10.1.0.0 255.255.224.0 -- 10.1.17.0 is generated by area 2
Route table results after summary
R3#show ip route ospf 172.16.0.0/22 is subnetted, 1 subnets O IA 172.16.0.0 [110/4] via 10.1.23.2, 00:20:06, FastEthernet0/0 10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks O IA 10.1.0.0/20 [110/2] via 10.1.23.2, 00:00:12, FastEthernet0/0 O IA 10.1.0.0/19 [110/3] via 10.1.23.2, 00:00:40, FastEthernet0/0 O 10.1.25.0/24 [110/65] via 10.1.23.2, 01:00:49, FastEthernet0/0 O 10.1.56.0/24 [110/65] via 10.1.36.6, 01:00:19, FastEthernet0/1 O E2 192.168.0.0/16 [110/20] via 10.1.23.2, 01:00:04, FastEthernet0/0
Requirement 6: the company needs to access the Internet. Please configure NAT according to the specific situation to achieve the interoperability of the whole network.
R6 (config) #access list 1 permit 172.16.0.0 0.0.255.255 -- matches R4's intranet route
R6 (config) #access list 1 permit 192.168.0.0 0.0.255.255 -- matches the intranet route of R7
R6(config)#ip nat inside source list 1 interface s1/1 overload
R6(config)#int f0/0
R6(config-if)#ip nat inside
R6(config-if)#int s1/0
R6(config-if)#ip nat inside
R6(config-if)#int s1/1
R6(config-if)#ip nat outside
Since there is no external network route in the intranet, let the default route under the gateway so that the Intranet can access the external network
R6(config)#router ospf 1
R6(config-router)#default-information originate always
R6 does not have a route to the R8 loopback port, so a default route should be specified to point to R8
R6(config)#ip route 0.0.0.0 0.0.0.0 200.1.1.2
R4#ping 211.1.1.1 source lo0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 211.1.1.1, timeout is 2 seconds: Packet sent with a source address of 172.16.1.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 120/151/184 ms R7#ping 211.1.1.1 source lo0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 211.1.1.1, timeout is 2 seconds: Packet sent with a source address of 192.168.1.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 120/153/188 ms
Demand 7: because the load of R3 is too heavy, the data traffic from the R7 host to the external network is sent to the external network through R5.
Since the links of R2 and R5 are serial links, the interface overhead is large, so the data will go through R3
Before modifying the policy, R7 accesses the external network and takes R3
R7#traceroute 211.1.1.1 source lo0 Type escape sequence to abort. Tracing the route to 211.1.1.1 1 10.1.17.1 20 msec 40 msec 36 msec 2 10.1.12.2 52 msec 32 msec 76 msec 3 10.1.23.3 72 msec 84 msec 108 msec 4 10.1.36.6 96 msec 152 msec 116 msec 5 200.1.1.2 172 msec 132 msec 200 msec
R2(config)#access-list 1 permit 192.168.0.0 0.0.255.255 -- match R7 intranet route
R2(config)#route-map pbr permit 10
R2 (config route map) #match IP address 1 -- match ACL
R2 (config route map) #set IP next hop 10.1.25.5 10.1.23.3 -- set R5 as the priority for the next hop and R3 as the alternative
R2(config-route-map)#exit
R2(config)#int f0/0
R2 (config if) #ip policy route map PBR -- interface calling policy route
At this time, R7 accesses the Internet and goes to R5
R7#traceroute 211.1.1.1 source lo0 Type escape sequence to abort. Tracing the route to 211.1.1.1 1 10.1.17.1 32 msec 40 msec 20 msec 2 10.1.12.2 52 msec 72 msec 36 msec 3 10.1.25.5 100 msec 64 msec 132 msec 4 10.1.56.6 128 msec 164 msec 104 msec 5 200.1.1.2 192 msec 172 msec 128 msec ``