拓扑说明:
R1和R2运行eigrp,R2和R3及R4运行ospf,进行双向重分发路由
实验目的:使用分发列表控制路由更新
熟悉ACL的permit和Deny在路由重分发中的作用
Distribute-list in/out 接口/路由协议
一、基本重分发,每台路由器学习到所有的路由
R2:
Ospf:redistribute eigrp 90 subnets
Eigrp:redistribute ospf 110 metric 1544 100 255 1 1500
在R1上看路由表:
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
34.0.0.0/24 is subnetted, 1 subnets
D EX 34.1.1.0 [170/2195456] via 12.1.1.2, 00:00:23, Serial0/0
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
2.0.0.0/24 is subnetted, 1 subnets
D EX 2.2.2.0 [170/2195456] via 12.1.1.2, 00:00:23, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
D EX 3.3.3.3 [170/2195456] via 12.1.1.2, 00:00:23, Serial0/0
4.0.0.0/32 is subnetted, 1 subnets
D EX 4.4.4.4 [170/2195456] via 12.1.1.2, 00:00:23, Serial0/0
23.0.0.0/24 is subnetted, 1 subnets
D EX 23.1.1.0 [170/2195456] via 12.1.1.2, 00:00:23, Serial0/0
12.0.0.0/24 is subnetted, 1 subnets
C 12.1.1.0 is directly connected, Serial0/0
二、路由过滤
要求R1上不允许有34.1.1.0/24的路由以及3.3.3.3/32的路由
使用ACL完成
R2做ACL拒绝这两条路由通过,分别用out接口和路由协议完成
方法一、R2使用out 接口完成
access-list 10 deny 3.3.3.3
access-list 10 deny 34.1.1.0 0.0.0.255
access-list 10 permit any
!
router eigrp 90
redistribute ospf 110 metric 1544 100 255 1 1500
network 12.1.1.0 0.0.0.255
distribute-list 10 out Serial0/0
no auto-summary
查看R1的路由表,是否有被过滤的两条路由
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
2.0.0.0/24 is subnetted, 1 subnets
D EX 2.2.2.0 [170/2195456] via 12.1.1.2, 00:09:53, Serial0/0
4.0.0.0/32 is subnetted, 1 subnets
D EX 4.4.4.4 [170/2195456] via 12.1.1.2, 00:01:26, Serial0/0
23.0.0.0/24 is subnetted, 1 subnets
D EX 23.1.1.0 [170/2195456] via 12.1.1.2, 00:09:53, Serial0/0
12.0.0.0/24 is subnetted, 1 subnets
C 12.1.1.0 is directly connected, Serial0/0
R1#ping 4.4.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 92/172/280 ms
方法二、在R2上使用out 路由协议完成
distribute-list 10 out ospf 110
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
2.0.0.0/24 is subnetted, 1 subnets
D EX 2.2.2.0 [170/2195456] via 12.1.1.2, 00:01:16, Serial0/0
4.0.0.0/32 is subnetted, 1 subnets
D EX 4.4.4.4 [170/2195456] via 12.1.1.2, 00:01:16, Serial0/0
23.0.0.0/24 is subnetted, 1 subnets
D EX 23.1.1.0 [170/2195456] via 12.1.1.2, 00:01:16, Serial0/0
12.0.0.0/24 is subnetted, 1 subnets
C 12.1.1.0 is directly connected, Serial0/0
路由被过滤
方法三、在R1上使用in接口来过滤此两条路由
先在R2上清除分发列表以及访问列表
此时,R1已经恢复此两条路由,有全部路由
在R1上定义访问列表,并用分发列表 in接口来过滤
配置:
router eigrp 90
network 1.1.1.0 0.0.0.255
network 12.1.1.0 0.0.0.255
distribute-list 10 in Serial0/0
no auto-summary
!
!
!
!
access-list 10 permit 4.4.4.4
access-list 10 permit 23.1.1.0 0.0.0.255
access-list 10 permit 2.2.2.0 0.0.0.255
R1#show access-lists
Standard IP access list 10
30 permit 4.4.4.4 (2 matches)
10 permit 23.1.1.0, wildcard bits 0.0.0.255 (2 matches)
20 permit 2.2.2.0, wildcard bits 0.0.0.255 (1 match)
R1#show ip rou
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
2.0.0.0/24 is subnetted, 1 subnets
D EX 2.2.2.0 [170/2195456] via 12.1.1.2, 00:00:17, Serial0/0
4.0.0.0/32 is subnetted, 1 subnets
D EX 4.4.4.4 [170/2195456] via 12.1.1.2, 00:07:08, Serial0/0
23.0.0.0/24 is subnetted, 1 subnets
D EX 23.1.1.0 [170/2195456] via 12.1.1.2, 00:07:08, Serial0/0
12.0.0.0/24 is subnetted, 1 subnets
C 12.1.1.0 is directly connected, Serial0/0
结论:
在路由重分布时,使用分发列表控制路由的重分发
1. 在做重分发的路由器上可以使用out 接口或者out路由协议来完成
注意:使用out协议来做时,out后面跟的协议是要被重分布的协议
2. 在要过滤路由的路由器上使用in接口来完成
3. 使用访问控制列表来抓路由,用标准访问控制列表即可,建议使用命名的,方便no掉一条语句,而不会no掉整个访问控制列表
4. 使用访问控制列表来抓路由时,如果控制列表使用permit参数,那么匹配的路由条目将会被重分布,如果使用的是deny参数,那么匹配的路由将不会被重分布,且deny后面要跟一条permit any 的条目来允许其他路由被重分布
5. 使用访问控制列表抓路由,不需要使用反掩码,只需匹配路由前缀即可,如果使用反掩码,可能造成路由控制不准确。