一:实验拓扑:
二:实验需求:
1:要求拒绝Area1的路由进入Area 0;
2:要求阻止Area2的路由泛洪到其它区域;
3:拒绝R2上的路由进入R4的路由表,其它路由器都能学习到。
三:需求分析:
需求1要求拒绝Area1的路由进入Area 0,可以使用前缀列表的过滤功能(prefix-list)实现;前缀列表的过滤功能可以过滤某一区域的3类LSA进入到其它区域;
需求2要阻止Area2的路由泛洪到其它区域,依然使用前缀列表实现;
需求3只过滤R4学习R2的路由,其它路由器依然学习R2的路由,如果使用前缀列表的过滤功能实现,那么区域1上都将学习不到Area 0的路由,所以前缀列表的过滤功能已经无法实现,需要使用分发列表的过滤功能。(Distribure-list)
四:实验步骤:
1:基本接口的配置:
2:OSPF全网路由的配置;
3:OSPF的3类LSA的过滤
五:实验过程:
1:基本接口的配置:
R1(config)#int s0/0
R1(config-if)#ip add 12.0.0.1 255.255.255.0
R1(config-if)#no sh
R1(config)#int s0/1
R1(config-if)#ip add 13.0.0.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#int s0/2
R1(config-if)#ip add 15.0.0.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#int lo 0
R1(config-if)#ip add 1.1.1.1 255.255.255.0
R2(config)#int s0/0
R2(config-if)#ip add 12.0.0.2 255.255.255.0
R2(config-if)#no sh
R2(config-if)#int lo 0
R2(config-if)#ip add 2.2.2.2 255.255.255.0
R3(config)#int s0/0
R3(config-if)#ip add 13.0.0.3 255.255.255.0
R3(config-if)#no sh
R3(config-if)#int s0/1
R3(config-if)#ip add 34.0.0.3 255.255.255.0
R3(config-if)#no sh
R3(config-if)#int lo 0
R3(config-if)#ip add 3.3.3.3 255.255.255.0
R4(config)#int s0/0
R4(config-if)#ip add 34.0.0.4 255.255.255.0
R4(config-if)#no sh
R4(config-if)#int lo 0
R4(config-if)#ip add 4.4.4.4 255.255.255.0
R5(config)#int s0/0
R5(config-if)#ip add 15.0.0.5 255.255.255.0
R5(config-if)#no sh
R5(config-if)#int lo 0
R5(config-if)#ip add 5.5.5.5 255.255.255.0
2:OSPF全网路由的配置;
R1(config)#int s0/0
R1(config-if)#ip ospf 1 area 0
R1(config-if)#int s0/1
R1(config-if)#ip ospf 1 area 1
R1(config-if)#int s0/2
R1(config-if)#ip ospf 1 area 2
R1(config-if)#int lo 0
R1(config-if)#ip ospf 1 area 0
R2(config)#int s0/0
R2(config-if)#ip ospf 1 area 0
R2(config-if)#int lo 0
R2(config-if)#ip ospf 1 area 0
R3(config)#int s0/0
R3(config-if)#ip ospf 1 area 1
R3(config-if)#int s0/1
R3(config-if)#ip os 1 area 1
R3(config-if)#int lo 0
R3(config-if)#ip ospf 1 area 1
R4(config)#int s0/0
R4(config-if)#ip ospf 1 area 1
R4(config-if)#int lo 0
R4(config-if)#ip ospf 1 area 1
R5(config)#int s0/0
R5(config-if)#ip ospf 1 area 2
R5(config-if)#int lo 0
R5(config-if)#ip ospf 1 area 2
//发现每台路由器已经学习到了其它所有路由器的路由信息。
R4#sho ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/129] via 34.0.0.3, 00:00:29, Serial0/0
2.0.0.0/32 is subnetted, 1 subnets
O IA 2.2.2.2 [110/193] via 34.0.0.3, 00:00:29, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/65] via 34.0.0.3, 00:00:29, Serial0/0
5.0.0.0/32 is subnetted, 1 subnets
O IA 5.5.5.5 [110/193] via 34.0.0.3, 00:00:29, Serial0/0
12.0.0.0/24 is subnetted, 1 subnets
O IA 12.0.0.0 [110/192] via 34.0.0.3, 00:00:29, Serial0/0
13.0.0.0/24 is subnetted, 1 subnets
O 13.0.0.0 [110/128] via 34.0.0.3, 00:00:29, Serial0/0
15.0.0.0/24 is subnetted, 1 subnets
O IA 15.0.0.0 [110/192] via 34.0.0.3, 00:00:29, Serial0/0
3:OSPF的3类LSA的过滤(进入我们的关键配置)
需求1要求拒绝Area1的路由进入Area 0,;
过滤前:
R2#sho ip route ospf
34.0.0.0/24 is subnetted, 1 subnets
O IA 34.0.0.0 [110/192] via 12.0.0.1, 00:02:21, Serial0/0
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 12.0.0.1, 00:05:38, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O IA 3.3.3.3 [110/129] via 12.0.0.1, 00:03:01, Serial0/0
4.0.0.0/32 is subnetted, 1 subnets
O IA 4.4.4.4 [110/193] via 12.0.0.1, 00:02:11, Serial0/0
5.0.0.0/32 is subnetted, 1 subnets
O IA 5.5.5.5 [110/129] via 12.0.0.1, 00:03:52, Serial0/0
13.0.0.0/24 is subnetted, 1 subnets
O IA 13.0.0.0 [110/128] via 12.0.0.1, 00:05:38, Serial0/0
15.0.0.0/24 is subnetted, 1 subnets
O IA 15.0.0.0 [110/128] via 12.0.0.1, 00:05:38, Serial0/0
R2#sho ip ospf database
OSPF Router with ID (2.2.2.2) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 379 0x80000004 0x00F56C 3
2.2.2.2 2.2.2.2 370 0x80000002 0x0094C7 3
Summary Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
3.3.3.3 1.1.1.1 207 0x80000001 0x006D7E
4.4.4.4 1.1.1.1 157 0x80000001 0x00C1E5
5.5.5.5 1.1.1.1 258 0x80000001 0x0011D2
13.0.0.0 1.1.1.1 418 0x80000001 0x0044A7
15.0.0.0 1.1.1.1 418 0x80000001 0x002ABF
34.0.0.0 1.1.1.1 167 0x80000001 0x00B4E1
R1(config)#ip prefix-list denyA1toA0 seq 5 deny 13.0.0.0/24
R1(config)#ip prefix-list denyA1toA0 seq 10 deny 34.0.0.0/24
R1(config)#ip prefix-list denyA1toA0 seq 15 deny 3.0.0.0/8 ge 9 le 32
R1(config)#ip prefix-list denyA1toA0 seq 20 deny 4.0.0.0/8 ge 9 le 32
R1(config)#ip prefix-list denyA1toA0 seq 25 permit 0.0.0.0/0 le 32
R1(config)#router os 1
R1(config-router)#area 0 filter-list prefix denyA1toA0 in
过滤后:
R2#sho ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 12.0.0.1, 00:09:37, Serial0/0
5.0.0.0/32 is subnetted, 1 subnets
O IA 5.5.5.5 [110/129] via 12.0.0.1, 00:07:51, Serial0/0
15.0.0.0/24 is subnetted, 1 subnets
O IA 15.0.0.0 [110/128] via 12.0.0.1, 00:09:37, Serial0/0
R2#sho ip ospf database
OSPF Router with ID (2.2.2.2) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 602 0x80000004 0x00F56C 3
2.2.2.2 2.2.2.2 593 0x80000002 0x0094C7 3
Summary Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
5.5.5.5 1.1.1.1 482 0x80000001 0x0011D2
15.0.0.0 1.1.1.1 642 0x80000001 0x002ABF
//已经实现了需求,说明前缀列表直接过滤掉了3类LSA。
需求2要阻止Area2的路由泛洪到其它区域;
R1(config)#ip prefix-list denyA2out seq 5 deny 5.0.0.0/8 ge 9 le 32
R1(config)#ip prefix-list denyA2out seq 10 deny 15.0.0.0/24
R1(config)#ip prefix-list denyA2out seq 15 permit 0.0.0.0/0 le 32
R1(config)#router os 1
R1(config-router)#area 2 filter-list prefix denyA2out out
R4#sho ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/129] via 34.0.0.3, 00:13:34, Serial0/0
2.0.0.0/32 is subnetted, 1 subnets
O IA 2.2.2.2 [110/193] via 34.0.0.3, 00:13:34, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/65] via 34.0.0.3, 00:13:34, Serial0/0
12.0.0.0/24 is subnetted, 1 subnets
O IA 12.0.0.0 [110/192] via 34.0.0.3, 00:13:34, Serial0/0
13.0.0.0/24 is subnetted, 1 subnets
O 13.0.0.0 [110/128] via 34.0.0.3, 00:13:34, Serial0/0
R2#sho ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 12.0.0.1, 00:16:43, Serial0/0
//发现其它区域都已经没有了区域2的路由。
需求3只过滤R4学习R2的路由,其它路由器依然学习R2的路由。
过滤前:
R4#sho ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/129] via 34.0.0.3, 00:14:37, Serial0/0
2.0.0.0/32 is subnetted, 1 subnets
O IA 2.2.2.2 [110/193] via 34.0.0.3, 00:14:37, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/65] via 34.0.0.3, 00:14:37, Serial0/0
12.0.0.0/24 is subnetted, 1 subnets
O IA 12.0.0.0 [110/192] via 34.0.0.3, 00:14:37, Serial0/0
13.0.0.0/24 is subnetted, 1 subnets
O 13.0.0.0 [110/128] via 34.0.0.3, 00:14:37, Serial0/0
R3#sho ip route os
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/65] via 13.0.0.1, 00:15:12, Serial0/0
2.0.0.0/32 is subnetted, 1 subnets
O IA 2.2.2.2 [110/129] via 13.0.0.1, 00:15:12, Serial0/0
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/65] via 34.0.0.4, 00:15:12, Serial0/1
12.0.0.0/24 is subnetted, 1 subnets
O IA 12.0.0.0 [110/128] via 13.0.0.1, 00:15:12, Serial0/0
都有R2的路由
现在使用分发列表过滤,分发列表配置在本地需要过滤的路由器上。
R4(config)#ip prefix-list denyR2 seq 5 deny 2.0.0.0/8 ge 9 le 32
R4(config)#ip prefix-list denyR2 seq 10 permit 0.0.0.0/0 le 32
R4(config-router)#distribute-list prefix denyR2 in
过滤后:
R4#sho ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/129] via 34.0.0.3, 00:00:45, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/65] via 34.0.0.3, 00:00:45, Serial0/0
12.0.0.0/24 is subnetted, 1 subnets
O IA 12.0.0.0 [110/192] via 34.0.0.3, 00:00:45, Serial0/0
13.0.0.0/24 is subnetted, 1 subnets
O 13.0.0.0 [110/128] via 34.0.0.3, 00:00:45, Serial0/0
R3#sho ip route os
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/65] via 13.0.0.1, 00:21:48, Serial0/0
2.0.0.0/32 is subnetted, 1 subnets
O IA 2.2.2.2 [110/129] via 13.0.0.1, 00:21:48, Serial0/0
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/65] via 34.0.0.4, 00:21:48, Serial0/1
12.0.0.0/24 is subnetted, 1 subnets
O IA 12.0.0.0 [110/128] via 13.0.0.1, 00:21:48, Serial0/0
//R4没有了R2的路由,但R3依然有,原因是我们只在R4上进行了过滤。
R4#sho ip ospf database
OSPF Router with ID (4.4.4.4) (Process ID 1)
Router Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 1522 0x80000002 0x00F67C 2
3.3.3.3 3.3.3.3 1354 0x80000004 0x001B3A 5
4.4.4.4 4.4.4.4 1352 0x80000003 0x00BF4D 3
Summary Net Link States (Area 1)
Link ID ADV Router Age Seq# Checksum
1.1.1.1 1.1.1.1 1592 0x80000001 0x0047EC
2.2.2.2 1.1.1.1 1547 0x80000001 0x009B54
12.0.0.0 1.1.1.1 1607 0x80000001 0x00519B
//但发现R4上依然有R2的3类LSA,说明并没有过滤掉LSA,那位为么路由没有了呢?原因是分发列表工作在OSPF的SPF算法和装载路由表之间,所有在装载路由表时将它滤掉了。^-^
六:实验总结:
前缀列表直接过滤LSA,可以实现OSPF区域间过滤;分发列表工作在OSPF的SPF算法和IP路由表之间,直接过滤路由,可以实现对单个路由器的所学习的路由表进行过滤。
本文出自 “HoltZhang” 博客,谢绝转载!