ACL/Prefix-list/Route-Map 空表及隐含语句特点

ACL,prefix及route-map共同特点:

1>一个 空的/不存在的acl,prefix默认允许所有。一个 不存在的route-map默认deny所有。
2>想要使用acl,prefix的隐含deny功能,必须至少配置一条permit或deny语句。 route-map默认deny所有,所以它的隐含deny默认就生效。


Topology:

  R1 (s1/0,192.168.1.1) ===============  (s1/0,192.168.1.2) R2


Case Study: ACL

R1#conf t
R1(config)#line vty 0 935
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#access-class 3 in


R2#telnet 192.168.1.1

Password:
R1>

Summary: 空的(未定义的)acl默认允许所有的主机。



Case Study: Route-map

R1(config)#router ospf 100
R1(config-router)#default-information originate route-map sense
R1(config-router)#exit

R2#sh ip route

Gateway of last resort is not set

     172.16.0.0/24 is subnetted, 2 subnets
O       172.16.1.0 [110/65] via 192.168.1.1, 00:32:38, Serial1/0
C       172.16.2.0 is directly connected, Loopback0
     192.168.1.0/30 is subnetted, 1 subnets
C       192.168.1.0 is directly connected, Serial1/0
注: 未定义的route-map默认deny所有的路由。所以这里这个route-map永远返回不满足要求。
=============================================================

R1(config)#router ospf 100
R1(config-router)#default-information originate route-map sense
R1(config-router)#exit
R1(config)#route-map sense permit 10

R2#sh ip route

Gateway of last resort is 192.168.1.6 to network 0.0.0.0

     172.16.0.0/24 is subnetted, 2 subnets
O       172.16.1.0 [110/65] via 192.168.1.1, 00:32:38, Serial1/0
C       172.16.2.0 is directly connected, Loopback0
     192.168.1.0/30 is subnetted, 1 subnets
C       192.168.1.0 is directly connected, Serial1/0
O*E2 0.0.0.0/0 [110/1] via 192.168.1.6, 00:00:12, Serial1/1

===============================================================

R1(config)#router ospf 100
R1(config-router)#default-information originate route-map sense
R1(config-router)#exit
R1(config)#route-map sense permit 10
R1(config-route-map)#match ip add 1

R2#sh ip route

Gateway of last resort is not set

     172.16.0.0/24 is subnetted, 2 subnets
O       172.16.1.0 [110/65] via 192.168.1.1, 00:32:38, Serial1/0
C       172.16.2.0 is directly connected, Loopback0
     192.168.1.0/30 is subnetted, 1 subnets
C       192.168.1.0 is directly connected, Serial1/0

=================================================================

R1(config)#router ospf 100
R1(config-router)#default-information originate route-map sense
R1(config-router)#exit
R1(config)#route-map sense deny 10

R2#sh ip route

Gateway of last resort is 192.168.1.6 to network 0.0.0.0

     172.16.0.0/24 is subnetted, 2 subnets
O       172.16.1.0 [110/65] via 192.168.1.1, 00:32:38, Serial1/0
C       172.16.2.0 is directly connected, Loopback0
     192.168.1.0/30 is subnetted, 1 subnets
C       192.168.1.0 is directly connected, Serial1/0
O*E2 0.0.0.0/0 [110/1] via 192.168.1.6, 00:00:12, Serial1/1

=====================================================================

R1(config)#router ospf 100
R1(config-router)#default-information originate route-map sense
R1(config-router)#exit
R1(config)#route-map sense deny 10
R1(config-route-map)#match ip add 1

R2#sh ip route

Gateway of last resort is not set

     172.16.0.0/24 is subnetted, 2 subnets
O       172.16.1.0 [110/65] via 192.168.1.1, 00:32:38, Serial1/0
C       172.16.2.0 is directly connected, Loopback0
     192.168.1.0/30 is subnetted, 1 subnets
C       192.168.1.0 is directly connected, Serial1/0

=====================================================================


Case Study: Prefix-list

R1(config)#int lo0
R1(config-if)#ip add 172.16.33.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#ip ospf network point-to-point
R1(config-if)#exit
R1(config)#router ospf 100
R1(config-router)#redistribute connected subnets
R1(config-router)#distribute-list prefix sense out connected
R1(config)#

R2#sh ip route

Gateway of last resort is not set

     172.16.0.0/24 is subnetted, 4 subnets
O       172.16.44.0 [33/65] via 192.168.1.1, 00:07:54, Serial1/0
O E2    172.16.33.0 [55/20] via 192.168.1.1, 00:00:01, Serial1/0
O IA    172.16.1.0 [44/65] via 192.168.1.1, 00:07:54, Serial1/0
C       172.16.2.0 is directly connected, Loopback0
     192.168.1.0/30 is subnetted, 1 subnets
C       192.168.1.0 is directly connected, Serial1/0

R1(config)#ip prefix-list sense seq 5 deny 172.16.33.0/24

rtb#sh ip route

Gateway of last resort is not set

     172.16.0.0/24 is subnetted, 3 subnets
O       172.16.44.0 [33/65] via 192.168.1.1, 00:09:15, Serial1/0
O IA    172.16.1.0 [44/65] via 192.168.1.1, 00:09:15, Serial1/0
C       172.16.2.0 is directly connected, Loopback0
     192.168.1.0/30 is subnetted, 1 subnets
C       192.168.1.0 is directly connected, Serial1/0


Summary: 空的prefix-list默认允许所有的路由。


Case Study: Integrate Route-map and ACL

R1(config)#router ospf 100
R1(config-router)#default-information originate route-map sense
R1(config-router)#exit
R1(config)#route-map sense deny 5
R1(config-route-map)#match ip address 33
R1(config-route-map)#


R2#sh ip route

Gateway of last resort is not set

     172.16.0.0/24 is subnetted, 2 subnets
O       172.16.1.0 [110/65] via 192.168.1.1, 00:32:38, Serial1/0
C       172.16.2.0 is directly connected, Loopback0
     192.168.1.0/30 is subnetted, 1 subnets
C       192.168.1.0 is directly connected, Serial1/0


Summary: 至少定义一条permit或deny语句才能使用acl或route-map的隐含deny功能。空的acl默认允所有的路由。


注:在route-map一节中,对其中四个例子没有加以summary,不太清楚它们有什么规律,请大家知道的PM我,谢谢支持~

本文出自 “SENSE” 博客,转载请与作者联系!

你可能感兴趣的:(职场,Routing,休闲,CCIE)