Cisco IOS扩展ping命令的使用技巧

在做Cisco分解实验如路由选路、ACL、route-map等时，在只使用路由器而不增加PC的情况下，可以使用扩展ping命令指定源地址进行测试，默认的扩展ping命令是交互式的，用过的人都只要要按很多下回车，今天我还是第一次知道原来真的有CCIE不知道扩展ping命令可以直接跟参数使用...

命令：ping x.x.x.x source x.x.x.x repeat x

简单介绍一下常规应用，仅作为科普。拓扑如下，R1配置2个回环接口作为测试源，R2配置1个回环接口作为测试目的，路由协议选用EIGRP(因为收敛快)，除了1.1.1.1/32以外其余地址均通告进EIGRP进程。

R1主要配置：

!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Loopback2
ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
!
router eigrp 1
network 3.3.3.3 0.0.0.0
network 192.168.1.0
no auto-summary
!

R2主要配置

!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.1.2 255.255.255.0
!
router eigrp 1
network 2.2.2.2 0.0.0.0
network 192.168.1.0
no auto-summary
!

R1路由表：

1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.1 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
D       2.2.2.2 [90/156160] via 192.168.1.2, 00:24:19, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
C       3.3.3.3 is directly connected, Loopback2
C    192.168.1.0/24 is directly connected, FastEthernet0/0

R2路由表：

2.0.0.0/32 is subnetted, 1 subnets
C       2.2.2.2 is directly connected, Loopback0
3.0.0.0/32 is subnetted, 1 subnets
D       3.3.3.3 [90/156160] via 192.168.1.1, 00:24:42, FastEthernet0/0
C    192.168.1.0/24 is directly connected, FastEthernet0/0

扩展ping普通测试(re 1是为了节约时间，只发1个包)：

R1#ping 2.2.2.2 re 1
Sending 1, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Success rate is 100 percent (1/1), round-trip min/avg/max = 24/24/24 ms

R1#ping 2.2.2.2 so 1.1.1.1 re 1
Sending 1, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
Success rate is 0 percent (0/1)

R1#ping 2.2.2.2 so 3.3.3.3 re 1
Sending 1, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 3.3.3.3
Success rate is 100 percent (1/1), round-trip min/avg/max = 20/20/20 ms

分析：因为1.1.1.1/32没有宣告进EIGRP进程，因此R2无法学习到关于1.1.1.1/32的路由信息，因此R1将来自1.1.1.1/32的数据包发送给R2后，R2无法将数据包送回来，导致无法ping通。

debug查看详细ping包(分析不加so时的源地址)：

通常查看ping包的debug语句是debug ip packet，但是这样会显示非常多我们不需要的信息，例如路由交换信息等。如果只想查看icmp的ping包，可以结合ACL实现过滤。

R1(config)#access-list 101 permit icmp any host 2.2.2.2

创建ACL匹配目的地址为2.2.2.2的ICMP包

R1#debug ip packet 101
IP packet debugging is on for access list 101

开启基于acl 101的debug ip packet

R1#ping 2.2.2.2 re 1
Sending 1, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Success rate is 100 percent (1/1), round-trip min/avg/max = 36/36/36 ms
R1#
*Mar  1 00:33:20.867: IP: tableid=0, s=192.168.1.1 (local), d=2.2.2.2 (FastEthernet0/0), routed via FIB
*Mar  1 00:33:20.867: IP: s=192.168.1.1 (local), d=2.2.2.2 (FastEthernet0/0), len 100, sending

R1#ping 2.2.2.2 so 1.1.1.1 re 1
Sending 1, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
*Mar  1 00:33:28.691: IP: tableid=0, s=1.1.1.1 (local), d=2.2.2.2 (FastEthernet0/0), routed via FIB
*Mar  1 00:33:28.691: IP: s=1.1.1.1 (local), d=2.2.2.2 (FastEthernet0/0), len 100, sending.
Success rate is 0 percent (0/1)

R1#ping 2.2.2.2 so 3.3.3.3 re 1
Sending 1, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 3.3.3.3
Success rate is 100 percent (1/1), round-trip min/avg/max = 40/40/40 ms
R1#
*Mar  1 00:34:39.227: IP: tableid=0, s=3.3.3.3 (local), d=2.2.2.2 (FastEthernet0/0), routed via FIB
*Mar  1 00:34:39.227: IP: s=3.3.3.3 (local), d=2.2.2.2 (FastEthernet0/0), len 100, sending

分析：从debug信息可以看出，不加so的ping使用去往目的网络接口配置的IP地址，并且从debug信息可以看到本地接口都被标识出来。一些实验用到的技术例如配置在接口上的route-map是不会处理本地接口产生的流量的，需要改为全局route-map才行，诸如此类问题需要特别注意。

生活不易，码农辛苦
如果您觉得本网站对您的学习有所帮助,可以手机扫描二维码进行捐赠