ACL/Prefix-list/Route-Map 空表及隐含语句特点

[Note] ACL/Prefix-list/Route-Map 空表及隐含语句特点
 
 
 
ACL,prefix及route-map共同特点：

1>一个空的/不存在的acl，prefix默认允许所有。一个不存在的route-map默认deny所有。
2>想要使用acl，prefix的隐含deny功能，必须至少配置一条permit或deny语句。route-map默认deny所有，所以它的隐含deny默认就生效。

Topology:

  R1 (s1/0,192.168.1.1) ===============  (s1/0,192.168.1.2) R2

Case Study: ACL

R1#conf t
R1(config)#line vty 0 935
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#access-class 3 in

R2#telnet 192.168.1.1

Password:
R1>

Summary: 空的(未定义的)acl默认允许所有的主机。

 

Case Study: Route-map

R1(config)#router ospf 100
R1(config-router)#default-information originate route-map sense
R1(config-router)#exit

R2#sh ip route

Gateway of last resort is not set

     172.16.0.0/24 is subnetted, 2 subnets
O       172.16.1.0 [110/65] via 192.168.1.1, 00:32:38, Serial1/0
C       172.16.2.0 is directly connected, Loopback0
     192.168.1.0/30 is subnetted, 1 subnets
C       192.168.1.0 is directly connected, Serial1/0
注: 未定义的route-map默认deny所有的路由。所以这里这个route-map永远返回不满足要求。
=============================================================

R1(config)#router ospf 100
R1(config-router)#default-information originate route-map sense
R1(config-router)#exit
R1(config)#route-map sense permit 10

R2#sh ip route

Gateway of last resort is 192.168.1.6 to network 0.0.0.0

     172.16.0.0/24 is subnetted, 2 subnets
O       172.16.1.0 [110/65] via 192.168.1.1, 00:32:38, Serial1/0
C       172.16.2.0 is directly connected, Loopback0
     192.168.1.0/30 is subnetted, 1 subnets
C       192.168.1.0 is directly connected, Serial1/0
O*E2 0.0.0.0/0 [110/1] via 192.168.1.6, 00:00:12, Serial1/1

===============================================================

R1(config)#router ospf 100
R1(config-router)#default-information originate route-map sense
R1(config-router)#exit
R1(config)#route-map sense permit 10
R1(config-route-map)#match ip add 1

R2#sh ip route

Gateway of last resort is not set

     172.16.0.0/24 is subnetted, 2 subnets
O       172.16.1.0 [110/65] via 192.168.1.1, 00:32:38, Serial1/0
C       172.16.2.0 is directly connected, Loopback0
     192.168.1.0/30 is subnetted, 1 subnets
C       192.168.1.0 is directly connected, Serial1/0

=================================================================

R1(config)#router ospf 100
R1(config-router)#default-information originate route-map sense
R1(config-router)#exit
R1(config)#route-map sense deny 10

R2#sh ip route

Gateway of last resort is 192.168.1.6 to network 0.0.0.0

     172.16.0.0/24 is subnetted, 2 subnets
O       172.16.1.0 [110/65] via 192.168.1.1, 00:32:38, Serial1/0
C       172.16.2.0 is directly connected, Loopback0
     192.168.1.0/30 is subnetted, 1 subnets
C       192.168.1.0 is directly connected, Serial1/0
O*E2 0.0.0.0/0 [110/1] via 192.168.1.6, 00:00:12, Serial1/1

=====================================================================

R1(config)#router ospf 100
R1(config-router)#default-information originate route-map sense
R1(config-router)#exit
R1(config)#route-map sense deny 10
R1(config-route-map)#match ip add 1

R2#sh ip route

Gateway of last resort is not set

     172.16.0.0/24 is subnetted, 2 subnets
O       172.16.1.0 [110/65] via 192.168.1.1, 00:32:38, Serial1/0
C       172.16.2.0 is directly connected, Loopback0
     192.168.1.0/30 is subnetted, 1 subnets
C       192.168.1.0 is directly connected, Serial1/0

=====================================================================

Case Study: Prefix-list

R1(config)#int lo0
R1(config-if)#ip add 172.16.33.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#ip ospf network point-to-point
R1(config-if)#exit
R1(config)#router ospf 100
R1(config-router)#redistribute connected subnets
R1(config-router)#distribute-list prefix sense out connected
R1(config)#

R2#sh ip route

Gateway of last resort is not set

     172.16.0.0/24 is subnetted, 4 subnets
O       172.16.44.0 [33/65] via 192.168.1.1, 00:07:54, Serial1/0
O E2    172.16.33.0 [55/20] via 192.168.1.1, 00:00:01, Serial1/0
O IA    172.16.1.0 [44/65] via 192.168.1.1, 00:07:54, Serial1/0
C       172.16.2.0 is directly connected, Loopback0
     192.168.1.0/30 is subnetted, 1 subnets
C       192.168.1.0 is directly connected, Serial1/0

R1(config)#ip prefix-list sense seq 5 deny 172.16.33.0/24

rtb#sh ip route

Gateway of last resort is not set

     172.16.0.0/24 is subnetted, 3 subnets
O       172.16.44.0 [33/65] via 192.168.1.1, 00:09:15, Serial1/0
O IA    172.16.1.0 [44/65] via 192.168.1.1, 00:09:15, Serial1/0
C       172.16.2.0 is directly connected, Loopback0
     192.168.1.0/30 is subnetted, 1 subnets
C       192.168.1.0 is directly connected, Serial1/0

Summary: 空的prefix-list默认允许所有的路由。

Case Study: Integrate Route-map and ACL

R1(config)#router ospf 100
R1(config-router)#default-information originate route-map sense
R1(config-router)#exit
R1(config)#route-map sense deny 5
R1(config-route-map)#match ip address 33
R1(config-route-map)#

R2#sh ip route

Gateway of last resort is not set

     172.16.0.0/24 is subnetted, 2 subnets
O       172.16.1.0 [110/65] via 192.168.1.1, 00:32:38, Serial1/0
C       172.16.2.0 is directly connected, Loopback0
     192.168.1.0/30 is subnetted, 1 subnets
C       192.168.1.0 is directly connected, Serial1/0

Summary: 至少定义一条permit或deny语句才能使用acl或route-map的隐含deny功能。空的acl默认允所有的路由。

注：在route-map一节中，对其中四个例子没有加以summary，不太清楚它们有什么规律，请大家知道的PM我，谢谢支持～
 

 

   
 
   
 
 

转载于:https://blog.51cto.com/cnahqmb/438412