最新消息:点击查看大S的省钱秘笈

Cisco IOS扩展ping命令的使用技巧

网络相关 Slyar 155浏览 0评论

文章作者:姜南(Slyar) 文章来源:Slyar Home (www.slyar.com) 转载请注明,谢谢合作。

在做Cisco分解实验如路由选路、ACL、route-map等时,在只使用路由器而不增加PC的情况下,可以使用扩展ping命令指定源地址进行测试,默认的扩展ping命令是交互式的,用过的人都只要要按很多下回车,今天我还是第一次知道原来真的有CCIE不知道扩展ping命令可以直接跟参数使用...

命令:ping x.x.x.x source x.x.x.x repeat x

简单介绍一下常规应用,仅作为科普。拓扑如下,R1配置2个回环接口作为测试源,R2配置1个回环接口作为测试目的,路由协议选用EIGRP(因为收敛快),除了1.1.1.1/32以外其余地址均通告进EIGRP进程。

R1主要配置:

!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Loopback2
ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
!
router eigrp 1
network 3.3.3.3 0.0.0.0
network 192.168.1.0
no auto-summary
!

R2主要配置

!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.1.2 255.255.255.0
!
router eigrp 1
network 2.2.2.2 0.0.0.0
network 192.168.1.0
no auto-summary
!

R1路由表:

1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.1 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
D       2.2.2.2 [90/156160] via 192.168.1.2, 00:24:19, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
C       3.3.3.3 is directly connected, Loopback2
C    192.168.1.0/24 is directly connected, FastEthernet0/0

R2路由表:

2.0.0.0/32 is subnetted, 1 subnets
C       2.2.2.2 is directly connected, Loopback0
3.0.0.0/32 is subnetted, 1 subnets
D       3.3.3.3 [90/156160] via 192.168.1.1, 00:24:42, FastEthernet0/0
C    192.168.1.0/24 is directly connected, FastEthernet0/0

扩展ping普通测试(re 1是为了节约时间,只发1个包):

R1#ping 2.2.2.2 re 1
Sending 1, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Success rate is 100 percent (1/1), round-trip min/avg/max = 24/24/24 ms

R1#ping 2.2.2.2 so 1.1.1.1 re 1
Sending 1, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
Success rate is 0 percent (0/1)

R1#ping 2.2.2.2 so 3.3.3.3 re 1
Sending 1, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 3.3.3.3
Success rate is 100 percent (1/1), round-trip min/avg/max = 20/20/20 ms

分析:因为1.1.1.1/32没有宣告进EIGRP进程,因此R2无法学习到关于1.1.1.1/32的路由信息,因此R1将来自1.1.1.1/32的数据包发送给R2后,R2无法将数据包送回来,导致无法ping通。

debug查看详细ping包(分析不加so时的源地址):

通常查看ping包的debug语句是debug ip packet,但是这样会显示非常多我们不需要的信息,例如路由交换信息等。如果只想查看icmp的ping包,可以结合ACL实现过滤。

R1(config)#access-list 101 permit icmp any host 2.2.2.2

创建ACL匹配目的地址为2.2.2.2的ICMP包

R1#debug ip packet 101
IP packet debugging is on for access list 101

开启基于acl 101的debug ip packet

R1#ping 2.2.2.2 re 1
Sending 1, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Success rate is 100 percent (1/1), round-trip min/avg/max = 36/36/36 ms
R1#
*Mar  1 00:33:20.867: IP: tableid=0, s=192.168.1.1 (local), d=2.2.2.2 (FastEthernet0/0), routed via FIB
*Mar  1 00:33:20.867: IP: s=192.168.1.1 (local), d=2.2.2.2 (FastEthernet0/0), len 100, sending

R1#ping 2.2.2.2 so 1.1.1.1 re 1
Sending 1, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
*Mar  1 00:33:28.691: IP: tableid=0, s=1.1.1.1 (local), d=2.2.2.2 (FastEthernet0/0), routed via FIB
*Mar  1 00:33:28.691: IP: s=1.1.1.1 (local), d=2.2.2.2 (FastEthernet0/0), len 100, sending.
Success rate is 0 percent (0/1)

R1#ping 2.2.2.2 so 3.3.3.3 re 1
Sending 1, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 3.3.3.3
Success rate is 100 percent (1/1), round-trip min/avg/max = 40/40/40 ms
R1#
*Mar  1 00:34:39.227: IP: tableid=0, s=3.3.3.3 (local), d=2.2.2.2 (FastEthernet0/0), routed via FIB
*Mar  1 00:34:39.227: IP: s=3.3.3.3 (local), d=2.2.2.2 (FastEthernet0/0), len 100, sending

分析:从debug信息可以看出,不加so的ping使用去往目的网络接口配置的IP地址,并且从debug信息可以看到本地接口都被标识出来。一些实验用到的技术例如配置在接口上的route-map是不会处理本地接口产生的流量的,需要改为全局route-map才行,诸如此类问题需要特别注意。

转载请注明:Slyar Home » Cisco IOS扩展ping命令的使用技巧

发表我的评论
取消评论

表情

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址