实验参考【王文杰-在线文档库】
实验拓扑【下载】
如下拓扑图:
172.16.X.X/24
网段的双数路由,要求使用 ACL 进行匹配172.16.X.X/24
网段的单数路由,要求使用 ACL 进行匹配# AR1基础配置
sysname AR1
#
interface GigabitEthernet0/0/0
ip address 12.1.1.1 255.255.255.0
#
interface LoopBack0
ip address 172.16.1.1 255.255.255.0
#
interface LoopBack1
ip address 172.16.2.2 255.255.255.0
#
interface LoopBack2
ip address 172.16.3.3 255.255.255.0
#
interface LoopBack3
ip address 172.16.4.4 255.255.255.0
# AR2基础配置
sysname AR2
#
interface GigabitEthernet0/0/0
ip address 12.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 23.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 24.1.1.2 255.255.255.0
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
# AR3基础配置
sysname AR3
#
interface GigabitEthernet0/0/0
ip address 23.1.1.3 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 35.1.1.3 255.255.255.0
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
# AR4基础配置
sysname AR4
#
interface GigabitEthernet0/0/0
ip address 24.1.1.4 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 45.1.1.4 255.255.255.0
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
# AR5基础配置
sysname AR5
#
interface GigabitEthernet0/0/0
ip address 35.1.1.5 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 45.1.1.5 255.255.255.0
#
interface LoopBack0
ip address 192.168.1.1 255.255.255.0
#
interface LoopBack1
ip address 192.168.2.2 255.255.255.0
#
interface LoopBack2
ip address 192.168.3.3 255.255.255.0
#
interface LoopBack3
ip address 192.168.4.4 255.255.255.0
#
interface LoopBack4
ip address 5.5.5.5 255.255.255.255
[AR1]rip
[AR1-rip-1]v 2
[AR1-rip-1]net 12.0.0.0
[AR1-rip-1]net 172.16.0.0
[AR2]rip
[AR2-rip-1]v 2
[AR2-rip-1]net 12.0.0.0
[AR2]ospf router-id 2.2.2.2
[AR2-ospf-1]area 0
[AR2-ospf-1-area-0.0.0.0]net 23.1.1.0 0.0.0.255
[AR2-ospf-1-area-0.0.0.0]net 24.1.1.0 0.0.0.255
[AR3]ospf router-id 3.3.3.3
[AR3-ospf-1]area 0
[AR3-ospf-1-area-0.0.0.0]net 35.1.1.0 0.0.0.255
[AR3-ospf-1-area-0.0.0.0]net 23.1.1.0 0.0.0.255
[AR4]ospf router-id 4.4.4.4
[AR4-ospf-1]area 0
[AR4-ospf-1-area-0.0.0.0]net 45.1.1.0 0.0.0.255
[AR4-ospf-1-area-0.0.0.0]net 24.1.1.0 0.0.0.255
[AR5]ospf router-id 5.5.5.5
[AR5-ospf-1]area 0
[AR5-ospf-1-area-0.0.0.0]net 35.1.1.0 0.0.0.255
[AR5-ospf-1-area-0.0.0.0]net 45.1.1.0 0.0.0.255
[AR5-ospf-1-area-0.0.0.0]net 192.168.1.0 0.0.0.255
[AR5-ospf-1-area-0.0.0.0]net 192.168.2.0 0.0.0.255
[AR5-ospf-1-area-0.0.0.0]net 192.168.3.0 0.0.0.255
[AR5-ospf-1-area-0.0.0.0]net 192.168.4.0 0.0.0.255
[AR2]ospf 1
[AR2-ospf-1]import-route rip 1
[AR2-ospf-1]rip 1
[AR2-rip-1]import-route ospf 1
在R1上查路由表看是否有R5的业务网段的路由
[AR3]acl 2000
[AR3-acl-basic-2000]rule 5 deny source 172.16.0.0 0.0.6.0
[AR3-acl-basic-2000]rule 10 permit source any
# OSPF使用filter-policy工具调用ACL
[AR3-acl-basic-2000]ospf
[AR3-ospf-1]filter-policy 2000 import
在R3上查看OSPF路由表,是否还有相应的路由
[AR4]acl 2000
[AR4-acl-basic-2000]rule 5 deny source 172.16.1.0 0.0.2.0
[AR4-acl-basic-2000]rule 10 permit source any
# OSPF使用filter-policy工具调用ACL
[AR4]ospf
[AR4-ospf-1]filter-policy 2000 import
在R4上查看OSPF路由表,是否还有相应的路由
# 利用IP-Prefix对路由进行匹配
[AR2]ip ip-prefix bad permit 192.168.0.0 21 less-equal 32
# 利用Route-Policy调用IP-Prefix
[AR2]route-policy bad deny node 5
[AR2-route-policy]if-match ip-prefix bad
[AR2]route-policy bad permit node 10 //默认允许所有通过
# 基于RIP引用OSPF时调用路由策略
[AR2]rip
[AR2-rip-1]import-route ospf 1 route-policy bad
- 必须要创建空节点,如果没有匹配到,默认是拒绝
- 在R1查看RIP路由表,查看是否还有R5的业务网段
[AR2]rip 1
[AR2-rip-1]silent-interface g0/0/1
[AR2-rip-1]silent-interface g0/0/2
以上内容均属原创,如有不详或错误,敬请指出。