分发列表应用――不让远端路由器全盘接受路由更新
这个实验描述了分发列表在控制路由更新发免得一个应用,希望抛砖引玉。
实验拓扑图如下:
未配置分发列表前各路由器的路由表状况:
R1#sh ip route
!
Gateway of last resort is not set
R1#sh ip route
!
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 12 subnets, 2 masks
D 10.10.0.0/16 [90/2809856] via 10.0.0.2, 00:00:16, Serial0/0
D 10.11.0.0/16 [90/2809856] via 10.0.0.2, 00:00:16, Serial0/0
D 10.8.0.0/16 [90/2681856] via 10.0.0.2, 00:00:30, Serial0/0
D 10.9.0.0/16 [90/2809856] via 10.0.0.2, 00:00:16, Serial0/0
D 10.14.0.0/16 [90/2809856] via 10.0.0.2, 00:00:03, Serial0/0
D 10.15.0.0/16 [90/2809856] via 10.0.0.2, 00:00:03, Serial0/0
D 10.12.0.0/16 [90/2681856] via 10.0.0.2, 00:00:30, Serial0/0
D 10.13.0.0/16 [90/2809856] via 10.0.0.2, 00:00:03, Serial0/0
C 10.2.0.0/16 is directly connected, Loopback1
C 10.3.0.0/16 is directly connected, Loopback2
C 10.0.0.0/30 is directly connected, Serial0/0
C 10.1.0.0/16 is directly connected, Loopback0
D 10.10.0.0/16 [90/2809856] via 10.0.0.2, 00:00:16, Serial0/0
D 10.11.0.0/16 [90/2809856] via 10.0.0.2, 00:00:16, Serial0/0
D 10.8.0.0/16 [90/2681856] via 10.0.0.2, 00:00:30, Serial0/0
D 10.9.0.0/16 [90/2809856] via 10.0.0.2, 00:00:16, Serial0/0
D 10.14.0.0/16 [90/2809856] via 10.0.0.2, 00:00:03, Serial0/0
D 10.15.0.0/16 [90/2809856] via 10.0.0.2, 00:00:03, Serial0/0
D 10.12.0.0/16 [90/2681856] via 10.0.0.2, 00:00:30, Serial0/0
D 10.13.0.0/16 [90/2809856] via 10.0.0.2, 00:00:03, Serial0/0
C 10.2.0.0/16 is directly connected, Loopback1
C 10.3.0.0/16 is directly connected, Loopback2
C 10.0.0.0/30 is directly connected, Serial0/0
C 10.1.0.0/16 is directly connected, Loopback0
R2#sh ip route
!
Gateway of last resort is not set
!
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 12 subnets, 2 masks
D 10.10.0.0/16 [90/2297856] via 10.8.0.2, 00:02:04, Serial0/2
D 10.11.0.0/16 [90/2297856] via 10.8.0.2, 00:02:04, Serial0/2
C 10.8.0.0/16 is directly connected, Serial0/2
D 10.9.0.0/16 [90/2297856] via 10.8.0.2, 00:02:04, Serial0/2
D 10.14.0.0/16 [90/2297856] via 10.12.0.2, 00:01:50, Serial0/3
D 10.15.0.0/16 [90/2297856] via 10.12.0.2, 00:01:50, Serial0/3
C 10.12.0.0/16 is directly connected, Serial0/3
D 10.13.0.0/16 [90/2297856] via 10.12.0.2, 00:01:50, Serial0/3
D 10.2.0.0/16 [90/2297856] via 10.0.0.1, 00:02:16, Serial0/1
D 10.3.0.0/16 [90/2297856] via 10.0.0.1, 00:02:16, Serial0/1
C 10.0.0.0/30 is directly connected, Serial0/1
D 10.1.0.0/16 [90/2297856] via 10.0.0.1, 00:02:16, Serial0/1
D 10.10.0.0/16 [90/2297856] via 10.8.0.2, 00:02:04, Serial0/2
D 10.11.0.0/16 [90/2297856] via 10.8.0.2, 00:02:04, Serial0/2
C 10.8.0.0/16 is directly connected, Serial0/2
D 10.9.0.0/16 [90/2297856] via 10.8.0.2, 00:02:04, Serial0/2
D 10.14.0.0/16 [90/2297856] via 10.12.0.2, 00:01:50, Serial0/3
D 10.15.0.0/16 [90/2297856] via 10.12.0.2, 00:01:50, Serial0/3
C 10.12.0.0/16 is directly connected, Serial0/3
D 10.13.0.0/16 [90/2297856] via 10.12.0.2, 00:01:50, Serial0/3
D 10.2.0.0/16 [90/2297856] via 10.0.0.1, 00:02:16, Serial0/1
D 10.3.0.0/16 [90/2297856] via 10.0.0.1, 00:02:16, Serial0/1
C 10.0.0.0/30 is directly connected, Serial0/1
D 10.1.0.0/16 [90/2297856] via 10.0.0.1, 00:02:16, Serial0/1
R3#sh ip route
!
Gateway of last resort is not set
!
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 12 subnets, 2 masks
C 10.10.0.0/16 is directly connected, Loopback1
C 10.11.0.0/16 is directly connected, Loopback2
C 10.8.0.0/16 is directly connected, Serial0/0
C 10.9.0.0/16 is directly connected, Loopback0
D 10.14.0.0/16 [90/2809856] via 10.8.0.1, 00:02:14, Serial0/0
D 10.15.0.0/16 [90/2809856] via 10.8.0.1, 00:02:14, Serial0/0
D 10.12.0.0/16 [90/2681856] via 10.8.0.1, 00:02:27, Serial0/0
D 10.13.0.0/16 [90/2809856] via 10.8.0.1, 00:02:14, Serial0/0
D 10.2.0.0/16 [90/2809856] via 10.8.0.1, 00:02:27, Serial0/0
D 10.3.0.0/16 [90/2809856] via 10.8.0.1, 00:02:27, Serial0/0
D 10.0.0.0/30 [90/2681856] via 10.8.0.1, 00:02:27, Serial0/0
D 10.1.0.0/16 [90/2809856] via 10.8.0.1, 00:02:27, Serial0/0
C 10.10.0.0/16 is directly connected, Loopback1
C 10.11.0.0/16 is directly connected, Loopback2
C 10.8.0.0/16 is directly connected, Serial0/0
C 10.9.0.0/16 is directly connected, Loopback0
D 10.14.0.0/16 [90/2809856] via 10.8.0.1, 00:02:14, Serial0/0
D 10.15.0.0/16 [90/2809856] via 10.8.0.1, 00:02:14, Serial0/0
D 10.12.0.0/16 [90/2681856] via 10.8.0.1, 00:02:27, Serial0/0
D 10.13.0.0/16 [90/2809856] via 10.8.0.1, 00:02:14, Serial0/0
D 10.2.0.0/16 [90/2809856] via 10.8.0.1, 00:02:27, Serial0/0
D 10.3.0.0/16 [90/2809856] via 10.8.0.1, 00:02:27, Serial0/0
D 10.0.0.0/30 [90/2681856] via 10.8.0.1, 00:02:27, Serial0/0
D 10.1.0.0/16 [90/2809856] via 10.8.0.1, 00:02:27, Serial0/0
R4#sh ip route
!
Gateway of last resort is not set
!
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 12 subnets, 2 masks
D 10.10.0.0/16 [90/2809856] via 10.12.0.1, 00:02:35, Serial0/0
D 10.11.0.0/16 [90/2809856] via 10.12.0.1, 00:02:35, Serial0/0
D 10.8.0.0/16 [90/2681856] via 10.12.0.1, 00:02:35, Serial0/0
D 10.9.0.0/16 [90/2809856] via 10.12.0.1, 00:02:35, Serial0/0
C 10.14.0.0/16 is directly connected, Loopback1
C 10.15.0.0/16 is directly connected, Loopback2
C 10.12.0.0/16 is directly connected, Serial0/0
C 10.13.0.0/16 is directly connected, Loopback0
D 10.2.0.0/16 [90/2809856] via 10.12.0.1, 00:02:35, Serial0/0
D 10.3.0.0/16 [90/2809856] via 10.12.0.1, 00:02:35, Serial0/0
D 10.0.0.0/30 [90/2681856] via 10.12.0.1, 00:02:35, Serial0/0
D 10.1.0.0/16 [90/2809856] via 10.12.0.1, 00:02:35, Serial0/0
D 10.10.0.0/16 [90/2809856] via 10.12.0.1, 00:02:35, Serial0/0
D 10.11.0.0/16 [90/2809856] via 10.12.0.1, 00:02:35, Serial0/0
D 10.8.0.0/16 [90/2681856] via 10.12.0.1, 00:02:35, Serial0/0
D 10.9.0.0/16 [90/2809856] via 10.12.0.1, 00:02:35, Serial0/0
C 10.14.0.0/16 is directly connected, Loopback1
C 10.15.0.0/16 is directly connected, Loopback2
C 10.12.0.0/16 is directly connected, Serial0/0
C 10.13.0.0/16 is directly connected, Loopback0
D 10.2.0.0/16 [90/2809856] via 10.12.0.1, 00:02:35, Serial0/0
D 10.3.0.0/16 [90/2809856] via 10.12.0.1, 00:02:35, Serial0/0
D 10.0.0.0/30 [90/2681856] via 10.12.0.1, 00:02:35, Serial0/0
D 10.1.0.0/16 [90/2809856] via 10.12.0.1, 00:02:35, Serial0/0
在路由器R2上配置分发列表,让10.1.0.0/16从接口S0/2公告出去;10.2.0.0/16从接口S0/3公告出去。
R2#sh run
Building configuration...
R2#sh run
Building configuration...
Current configuration : 1043 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
!
access-list 1 permit 10.1.0.0 0.0.255.255
access-list 2 permit 10.2.0.0 0.0.255.255
!
!
router eigrp 100
network 10.0.0.0
distribute-list 1 out Serial0/2
distribute-list 2 out Serial0/3
auto-summary
!
access-list 1 permit 10.1.0.0 0.0.255.255
access-list 2 permit 10.2.0.0 0.0.255.255
!
!
router eigrp 100
network 10.0.0.0
distribute-list 1 out Serial0/2
distribute-list 2 out Serial0/3
auto-summary
!
配置完分发列表后各路由器上的路由表状况:
R1#sh ip route
!
Gateway of last resort is not set
R1#sh ip route
!
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 12 subnets, 2 masks
D 10.10.0.0/16 [90/2809856] via 10.0.0.2, 00:02:52, Serial0/0
D 10.11.0.0/16 [90/2809856] via 10.0.0.2, 00:02:52, Serial0/0
D 10.8.0.0/16 [90/2681856] via 10.0.0.2, 00:02:52, Serial0/0
D 10.9.0.0/16 [90/2809856] via 10.0.0.2, 00:02:52, Serial0/0
D 10.14.0.0/16 [90/2809856] via 10.0.0.2, 00:02:46, Serial0/0
D 10.15.0.0/16 [90/2809856] via 10.0.0.2, 00:02:46, Serial0/0
D 10.12.0.0/16 [90/2681856] via 10.0.0.2, 00:02:52, Serial0/0
D 10.13.0.0/16 [90/2809856] via 10.0.0.2, 00:02:46, Serial0/0
C 10.2.0.0/16 is directly connected, Loopback1
C 10.3.0.0/16 is directly connected, Loopback2
C 10.0.0.0/30 is directly connected, Serial0/0
C 10.1.0.0/16 is directly connected, Loopback0
D 10.10.0.0/16 [90/2809856] via 10.0.0.2, 00:02:52, Serial0/0
D 10.11.0.0/16 [90/2809856] via 10.0.0.2, 00:02:52, Serial0/0
D 10.8.0.0/16 [90/2681856] via 10.0.0.2, 00:02:52, Serial0/0
D 10.9.0.0/16 [90/2809856] via 10.0.0.2, 00:02:52, Serial0/0
D 10.14.0.0/16 [90/2809856] via 10.0.0.2, 00:02:46, Serial0/0
D 10.15.0.0/16 [90/2809856] via 10.0.0.2, 00:02:46, Serial0/0
D 10.12.0.0/16 [90/2681856] via 10.0.0.2, 00:02:52, Serial0/0
D 10.13.0.0/16 [90/2809856] via 10.0.0.2, 00:02:46, Serial0/0
C 10.2.0.0/16 is directly connected, Loopback1
C 10.3.0.0/16 is directly connected, Loopback2
C 10.0.0.0/30 is directly connected, Serial0/0
C 10.1.0.0/16 is directly connected, Loopback0
R2#sh ip route
!
Gateway of last resort is not set
!
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 12 subnets, 2 masks
D 10.10.0.0/16 [90/2297856] via 10.8.0.2, 00:03:11, Serial0/2
D 10.11.0.0/16 [90/2297856] via 10.8.0.2, 00:03:11, Serial0/2
C 10.8.0.0/16 is directly connected, Serial0/2
D 10.9.0.0/16 [90/2297856] via 10.8.0.2, 00:03:11, Serial0/2
D 10.14.0.0/16 [90/2297856] via 10.12.0.2, 00:03:09, Serial0/3
D 10.15.0.0/16 [90/2297856] via 10.12.0.2, 00:03:09, Serial0/3
C 10.12.0.0/16 is directly connected, Serial0/3
D 10.13.0.0/16 [90/2297856] via 10.12.0.2, 00:03:09, Serial0/3
D 10.2.0.0/16 [90/2297856] via 10.0.0.1, 00:03:11, Serial0/1
D 10.3.0.0/16 [90/2297856] via 10.0.0.1, 00:03:11, Serial0/1
C 10.0.0.0/30 is directly connected, Serial0/1
D 10.1.0.0/16 [90/2297856] via 10.0.0.1, 00:03:11, Serial0/1
D 10.10.0.0/16 [90/2297856] via 10.8.0.2, 00:03:11, Serial0/2
D 10.11.0.0/16 [90/2297856] via 10.8.0.2, 00:03:11, Serial0/2
C 10.8.0.0/16 is directly connected, Serial0/2
D 10.9.0.0/16 [90/2297856] via 10.8.0.2, 00:03:11, Serial0/2
D 10.14.0.0/16 [90/2297856] via 10.12.0.2, 00:03:09, Serial0/3
D 10.15.0.0/16 [90/2297856] via 10.12.0.2, 00:03:09, Serial0/3
C 10.12.0.0/16 is directly connected, Serial0/3
D 10.13.0.0/16 [90/2297856] via 10.12.0.2, 00:03:09, Serial0/3
D 10.2.0.0/16 [90/2297856] via 10.0.0.1, 00:03:11, Serial0/1
D 10.3.0.0/16 [90/2297856] via 10.0.0.1, 00:03:11, Serial0/1
C 10.0.0.0/30 is directly connected, Serial0/1
D 10.1.0.0/16 [90/2297856] via 10.0.0.1, 00:03:11, Serial0/1
R3#sh ip route
!
Gateway of last resort is not set
!
Gateway of last resort is not set
10.0.0.0/16 is subnetted, 5 subnets
C 10.10.0.0 is directly connected, Loopback1
C 10.11.0.0 is directly connected, Loopback2
C 10.8.0.0 is directly connected, Serial0/0
C 10.9.0.0 is directly connected, Loopback0
D 10.1.0.0 [90/2809856] via 10.8.0.1, 00:03:24, Serial0/0
C 10.10.0.0 is directly connected, Loopback1
C 10.11.0.0 is directly connected, Loopback2
C 10.8.0.0 is directly connected, Serial0/0
C 10.9.0.0 is directly connected, Loopback0
D 10.1.0.0 [90/2809856] via 10.8.0.1, 00:03:24, Serial0/0
R4#sh ip route
!
Gateway of last resort is not set
!
Gateway of last resort is not set
10.0.0.0/16 is subnetted, 5 subnets
C 10.14.0.0 is directly connected, Loopback1
C 10.15.0.0 is directly connected, Loopback2
C 10.12.0.0 is directly connected, Serial0/0
C 10.13.0.0 is directly connected, Loopback0
D 10.2.0.0 [90/2809856] via 10.12.0.1, 00:03:46, Serial0/0
C 10.14.0.0 is directly connected, Loopback1
C 10.15.0.0 is directly connected, Loopback2
C 10.12.0.0 is directly connected, Serial0/0
C 10.13.0.0 is directly connected, Loopback0
D 10.2.0.0 [90/2809856] via 10.12.0.1, 00:03:46, Serial0/0
可以看出,在本案例中使用了分发列表后,较有效的控制了路由更新,提高了网络的安全性。
共同进步!
本文出自 “奋斗成就卓越” 博客,转载请与作者联系!