Cisco IOS擴展ping命令的使用技巧

在做Cisco分解實驗如路由選路、ACL、route-map等時，在只使用路由器而不增加PC的情況下，可以使用擴展ping命令指定源地址進行測試，默認的擴展ping命令是交互式的，用過的人都只要要按很多下回車，今天我還是第一次知道原來真的有CCIE不知道擴展ping命令可以直接跟參數使用...

命令：ping x.x.x.x source x.x.x.x repeat x

簡單介紹一下常規應用，僅作為科普。拓撲如下，R1配置2個回環接口作為測試源，R2配置1個回環接口作為測試目的，路由協議選用EIGRP(因為收斂快)，除了1.1.1.1/32以外其余地址均通告進EIGRP進程。

R1主要配置：

!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Loopback2
ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
!
router eigrp 1
network 3.3.3.3 0.0.0.0
network 192.168.1.0
no auto-summary
!

R2主要配置

!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.1.2 255.255.255.0
!
router eigrp 1
network 2.2.2.2 0.0.0.0
network 192.168.1.0
no auto-summary
!

R1路由表：

1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.1 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
D       2.2.2.2 [90/156160] via 192.168.1.2, 00:24:19, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
C       3.3.3.3 is directly connected, Loopback2
C    192.168.1.0/24 is directly connected, FastEthernet0/0

R2路由表：

2.0.0.0/32 is subnetted, 1 subnets
C       2.2.2.2 is directly connected, Loopback0
3.0.0.0/32 is subnetted, 1 subnets
D       3.3.3.3 [90/156160] via 192.168.1.1, 00:24:42, FastEthernet0/0
C    192.168.1.0/24 is directly connected, FastEthernet0/0

擴展ping普通測試(re 1是為了節約時間，只發1個包)：

R1#ping 2.2.2.2 re 1
Sending 1, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Success rate is 100 percent (1/1), round-trip min/avg/max = 24/24/24 ms

R1#ping 2.2.2.2 so 1.1.1.1 re 1
Sending 1, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
Success rate is 0 percent (0/1)

R1#ping 2.2.2.2 so 3.3.3.3 re 1
Sending 1, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 3.3.3.3
Success rate is 100 percent (1/1), round-trip min/avg/max = 20/20/20 ms

分析：因為1.1.1.1/32沒有宣告進EIGRP進程，因此R2無法學習到關于1.1.1.1/32的路由信息，因此R1將來自1.1.1.1/32的數據包發送給R2后，R2無法將數據包送回來，導致無法ping通。

debug查看詳細ping包(分析不加so時的源地址)：

通常查看ping包的debug語句是debug ip packet，但是這樣會顯示非常多我們不需要的信息，例如路由交換信息等。如果只想查看icmp的ping包，可以結合ACL實現過濾。

R1(config)#access-list 101 permit icmp any host 2.2.2.2

創建ACL匹配目的地址為2.2.2.2的ICMP包

R1#debug ip packet 101
IP packet debugging is on for access list 101

開啟基于acl 101的debug ip packet

R1#ping 2.2.2.2 re 1
Sending 1, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Success rate is 100 percent (1/1), round-trip min/avg/max = 36/36/36 ms
R1#
*Mar  1 00:33:20.867: IP: tableid=0, s=192.168.1.1 (local), d=2.2.2.2 (FastEthernet0/0), routed via FIB
*Mar  1 00:33:20.867: IP: s=192.168.1.1 (local), d=2.2.2.2 (FastEthernet0/0), len 100, sending

R1#ping 2.2.2.2 so 1.1.1.1 re 1
Sending 1, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
*Mar  1 00:33:28.691: IP: tableid=0, s=1.1.1.1 (local), d=2.2.2.2 (FastEthernet0/0), routed via FIB
*Mar  1 00:33:28.691: IP: s=1.1.1.1 (local), d=2.2.2.2 (FastEthernet0/0), len 100, sending.
Success rate is 0 percent (0/1)

R1#ping 2.2.2.2 so 3.3.3.3 re 1
Sending 1, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 3.3.3.3
Success rate is 100 percent (1/1), round-trip min/avg/max = 40/40/40 ms
R1#
*Mar  1 00:34:39.227: IP: tableid=0, s=3.3.3.3 (local), d=2.2.2.2 (FastEthernet0/0), routed via FIB
*Mar  1 00:34:39.227: IP: s=3.3.3.3 (local), d=2.2.2.2 (FastEthernet0/0), len 100, sending

分析：從debug信息可以看出，不加so的ping使用去往目的網絡接口配置的IP地址，并且從debug信息可以看到本地接口都被標識出來。一些實驗用到的技術例如配置在接口上的route-map是不會處理本地接口產生的流量的，需要改為全局route-map才行，諸如此類問題需要特別注意。

生活不易，碼農辛苦
如果您覺得本網站對您的學習有所幫助,可以手機掃描二維碼進行捐贈