使用分发列表加ACL控制路由更新

拓扑说明:

    R1和R2运行eigrp,R2和R3及R4运行ospf,进行双向重分发路由

clip_image002

 

实验目的:使用分发列表控制路由更新

熟悉ACL的permit和Deny在路由重分发中的作用

Distribute-list in/out 接口/路由协议

一、基本重分发,每台路由器学习到所有的路由

R2:

Ospf:redistribute eigrp 90 subnets

Eigrp:redistribute ospf 110 metric 1544 100 255 1 1500

在R1上看路由表:

R1#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

34.0.0.0/24 is subnetted, 1 subnets

D EX 34.1.1.0 [170/2195456] via 12.1.1.2, 00:00:23, Serial0/0

1.0.0.0/24 is subnetted, 1 subnets

C 1.1.1.0 is directly connected, Loopback0

2.0.0.0/24 is subnetted, 1 subnets

D EX 2.2.2.0 [170/2195456] via 12.1.1.2, 00:00:23, Serial0/0

3.0.0.0/32 is subnetted, 1 subnets

D EX 3.3.3.3 [170/2195456] via 12.1.1.2, 00:00:23, Serial0/0

4.0.0.0/32 is subnetted, 1 subnets

D EX 4.4.4.4 [170/2195456] via 12.1.1.2, 00:00:23, Serial0/0

23.0.0.0/24 is subnetted, 1 subnets

D EX 23.1.1.0 [170/2195456] via 12.1.1.2, 00:00:23, Serial0/0

12.0.0.0/24 is subnetted, 1 subnets

C 12.1.1.0 is directly connected, Serial0/0

二、路由过滤

要求R1上不允许有34.1.1.0/24的路由以及3.3.3.3/32的路由

使用ACL完成

R2做ACL拒绝这两条路由通过,分别用out接口和路由协议完成

方法一、R2使用out 接口完成

access-list 10 deny 3.3.3.3

access-list 10 deny 34.1.1.0 0.0.0.255

access-list 10 permit any

!

router eigrp 90

redistribute ospf 110 metric 1544 100 255 1 1500

network 12.1.1.0 0.0.0.255

distribute-list 10 out Serial0/0

no auto-summary

查看R1的路由表,是否有被过滤的两条路由

R1#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

1.0.0.0/24 is subnetted, 1 subnets

C 1.1.1.0 is directly connected, Loopback0

2.0.0.0/24 is subnetted, 1 subnets

D EX 2.2.2.0 [170/2195456] via 12.1.1.2, 00:09:53, Serial0/0

4.0.0.0/32 is subnetted, 1 subnets

D EX 4.4.4.4 [170/2195456] via 12.1.1.2, 00:01:26, Serial0/0

23.0.0.0/24 is subnetted, 1 subnets

D EX 23.1.1.0 [170/2195456] via 12.1.1.2, 00:09:53, Serial0/0

12.0.0.0/24 is subnetted, 1 subnets

C 12.1.1.0 is directly connected, Serial0/0

R1#ping 4.4.4.4

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 92/172/280 ms

方法二、在R2上使用out 路由协议完成

distribute-list 10 out ospf 110

R1#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

1.0.0.0/24 is subnetted, 1 subnets

C 1.1.1.0 is directly connected, Loopback0

2.0.0.0/24 is subnetted, 1 subnets

D EX 2.2.2.0 [170/2195456] via 12.1.1.2, 00:01:16, Serial0/0

4.0.0.0/32 is subnetted, 1 subnets

D EX 4.4.4.4 [170/2195456] via 12.1.1.2, 00:01:16, Serial0/0

23.0.0.0/24 is subnetted, 1 subnets

D EX 23.1.1.0 [170/2195456] via 12.1.1.2, 00:01:16, Serial0/0

12.0.0.0/24 is subnetted, 1 subnets

C 12.1.1.0 is directly connected, Serial0/0

路由被过滤

方法三、在R1上使用in接口来过滤此两条路由

先在R2上清除分发列表以及访问列表

此时,R1已经恢复此两条路由,有全部路由

在R1上定义访问列表,并用分发列表 in接口来过滤

配置:

router eigrp 90

network 1.1.1.0 0.0.0.255

network 12.1.1.0 0.0.0.255

distribute-list 10 in Serial0/0

no auto-summary

!

!

!

!

access-list 10 permit 4.4.4.4

access-list 10 permit 23.1.1.0 0.0.0.255

access-list 10 permit 2.2.2.0 0.0.0.255

R1#show access-lists

Standard IP access list 10

30 permit 4.4.4.4 (2 matches)

10 permit 23.1.1.0, wildcard bits 0.0.0.255 (2 matches)

20 permit 2.2.2.0, wildcard bits 0.0.0.255 (1 match)

R1#show ip rou

R1#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

1.0.0.0/24 is subnetted, 1 subnets

C 1.1.1.0 is directly connected, Loopback0

2.0.0.0/24 is subnetted, 1 subnets

D EX 2.2.2.0 [170/2195456] via 12.1.1.2, 00:00:17, Serial0/0

4.0.0.0/32 is subnetted, 1 subnets

D EX 4.4.4.4 [170/2195456] via 12.1.1.2, 00:07:08, Serial0/0

23.0.0.0/24 is subnetted, 1 subnets

D EX 23.1.1.0 [170/2195456] via 12.1.1.2, 00:07:08, Serial0/0

12.0.0.0/24 is subnetted, 1 subnets

C 12.1.1.0 is directly connected, Serial0/0

结论:

在路由重分布时,使用分发列表控制路由的重分发

1. 在做重分发的路由器上可以使用out 接口或者out路由协议来完成

注意:使用out协议来做时,out后面跟的协议是要被重分布的协议

2. 在要过滤路由的路由器上使用in接口来完成

3. 使用访问控制列表来抓路由,用标准访问控制列表即可,建议使用命名的,方便no掉一条语句,而不会no掉整个访问控制列表

4. 使用访问控制列表来抓路由时,如果控制列表使用permit参数,那么匹配的路由条目将会被重分布,如果使用的是deny参数,那么匹配的路由将不会被重分布,且deny后面要跟一条permit any 的条目来允许其他路由被重分布

5. 使用访问控制列表抓路由,不需要使用反掩码,只需匹配路由前缀即可,如果使用反掩码,可能造成路由控制不准确。

你可能感兴趣的:(职场,休闲,控制路由更新,分发列表,重分发)