Distribute-list

分布列表通过调用ACL来对路由进行过滤，可以在一个单独的路由区域内过滤，也可在路由协议之间做重分布的时候进行过滤。

注意：分布列表只能用于距离矢量协议，在链路状态协议中是没有意义的。

案例1:过滤特定路由

R2(S1/1)------(S1/0)R1(S1/1)------(s1/0)R3

以上拓扑中，在R2上起用两个环回口，一个是172.16.1.1，一个是172.16.2.1，要使R3上不可以收到172.16.1.0的路由

全网运行EIGRP后，看一看R3的路由表:

R3#sh ip ro ei
     2.0.0.0/24 is subnetted, 1 subnets
D       2.2.2.0 [90/2809856] via 13.1.1.1, 00:00:24, Serial1/0
     172.16.0.0/24 is subnetted, 2 subnets
D       172.16.1.0 [90/2809856] via 13.1.1.1, 00:00:24, Serial1/0
D       172.16.2.0 [90/2809856] via 13.1.1.1, 00:00:24, Serial1/0
     12.0.0.0/24 is subnetted, 1 subnets
D       12.1.1.0 [90/2681856] via 13.1.1.1, 00:01:17, Serial1/0

为满足需求，在R1上可以做以下的配置:
R1#sh run | b r e

 distribute-list 1 out Serial1/1
!
access-list 1 deny   172.16.1.0 0.0.0.0
access-list 1 permit any

再次查看R3的路由表:

R3#sh ip ro ei
     2.0.0.0/24 is subnetted, 1 subnets
D       2.2.2.0 [90/2809856] via 13.1.1.1, 00:00:39, Serial1/0
     172.16.0.0/24 is subnetted, 1 subnets
D       172.16.2.0 [90/2809856] via 13.1.1.1, 00:00:39, Serial1/0
     12.0.0.0/24 is subnetted, 1 subnets
D       12.1.1.0 [90/2681856] via 13.1.1.1, 00:00:39, Serial1/0

看下各台路由器的配置:

R2的配置:

R2#sh run  | b r e
router eigrp 100
 network 2.2.2.2 0.0.0.0
 network 12.1.1.2 0.0.0.0
 network 172.16.0.0
 no auto-summary

R1的配置:

R1#sh run | b r e
router eigrp 100
 network 12.1.1.1 0.0.0.0
 network 13.1.1.1 0.0.0.0
 distribute-list 1 out Serial1/1
 no auto-summary
!
ip classless
no ip http server
!
!
access-list 1 deny   172.16.1.0 0.0.0.0
access-list 1 permit any

R3的配置:

R3#sh run | b r e
router eigrp 100
 network 3.3.3.3 0.0.0.0
 network 13.1.1.3 0.0.0.0
 no auto-summary

   

案例2:协议间重分布时过滤

R2(S1/1)------(S1/0)R1(S1/1)------(s1/0)R3

以上拓扑中，在R2上起用两个环回口，一个是172.16.1.1，一个是192.168.2.1，要使R3上不可以收到172.16.1.0的路由。其中R2和R1的S1/0运行EIGRP，R1的S1/1和R3运行OSPF

全网运行正在时，R3的路由表:

R3#sh ip ro os
     2.0.0.0/24 is subnetted, 1 subnets
O E2    2.2.2.0 [110/20] via 13.1.1.1, 00:01:44, Serial1/0
     172.16.0.0/24 is subnetted, 1 subnets
O E2    172.16.1.0 [110/20] via 13.1.1.1, 00:01:44, Serial1/0
     12.0.0.0/24 is subnetted, 1 subnets
O E2    12.1.1.0 [110/20] via 13.1.1.1, 00:01:44, Serial1/0
O E2 192.168.2.0/24 [110/20] via 13.1.1.1, 00:00:13, Serial1/0

为满足需求，在R1上做以下配置:

R1#sh run | b r o
 distribute-list 1 out eigrp 100
!
access-list 1 deny   172.16.1.0
access-list 1 permit any

现在再来看一看R3的路由表:

R3#sh ip ro os
     2.0.0.0/24 is subnetted, 1 subnets
O E2    2.2.2.0 [110/20] via 13.1.1.1, 00:01:28, Serial1/0
     12.0.0.0/24 is subnetted, 1 subnets
O E2    12.1.1.0 [110/20] via 13.1.1.1, 00:01:28, Serial1/0
O E2 192.168.2.0/24 [110/20] via 13.1.1.1, 00:01:28, Serial1/0

各台路由器的配置:

R2的配置:

R2#sh run | b r e
router eigrp 100
 network 2.2.2.2 0.0.0.0
 network 12.1.1.2 0.0.0.0
 network 172.16.0.0
 network 192.168.2.0
 no auto-summary

R1的配置:

R1#sh run | b r e
router eigrp 100
 redistribute ospf 100 metric 10000 100 1 255 1500
 network 12.1.1.1 0.0.0.0
 no auto-summary
!
router ospf 100
 router-id 1.1.1.1
 log-adjacency-changes
 no auto-cost
 redistribute eigrp 100 metric 20 subnets
 network 13.1.1.1 0.0.0.0 area 0
 distribute-list 1 out eigrp 100
!
ip classless
no ip http server
!
!
access-list 1 deny   172.16.1.0
access-list 1 permit any

R3的配置:

R3#sh run | b r o
router ospf 100
 log-adjacency-changes
 network 3.3.3.3 0.0.0.0 area 0
 network 13.1.1.3 0.0.0.0 area 0

   

用此方法可以解决重分发的单点汇总回馈的现象:

此时，我们在R3上起用两个环回口；在R1的S1/0接口做EIGRP的汇总，此时，看一看R2的R3的路由表:

R1#sh run int s1/0
Building configuration...

Current configuration : 146 bytes
!
interface Serial1/0
 ip address 12.1.1.1 255.255.255.0
 ip summary-address eigrp 100 222.222.0.0 255.255.248.0 5
 serial restart-delay 0

R2#sh ip ro ei
     3.0.0.0/32 is subnetted, 1 subnets
D EX    3.3.3.3 [170/2195456] via 12.1.1.1, 00:00:07, Serial1/1
     13.0.0.0/24 is subnetted, 1 subnets
D EX    13.1.1.0 [170/2195456] via 12.1.1.1, 00:00:07, Serial1/1
D    222.222.0.0/21 [90/2195456] via 12.1.1.1, 00:00:07, Serial1/1

R3#sh ip ro os
     2.0.0.0/24 is subnetted, 1 subnets
O E2    2.2.2.0 [110/20] via 13.1.1.1, 00:00:31, Serial1/0
     12.0.0.0/24 is subnetted, 1 subnets
O E2    12.1.1.0 [110/20] via 13.1.1.1, 00:07:20, Serial1/0
O E2 192.168.2.0/24 [110/20] via 13.1.1.1, 00:00:31, Serial1/0
O E2 222.222.0.0/21 [110/20] via 13.1.1.1, 00:00:42, Serial1/0

我们在R1上做distribute-list表:

R1#sh run | b r o
 distribute-list 2 out eigrp 100
!
access-list 2 deny   222.222.0.0 0.0.7.255
access-list 2 permit any

此时，再看R3的路由表:

R3#sh ip ro os
     2.0.0.0/24 is subnetted, 1 subnets
O E2    2.2.2.0 [110/20] via 13.1.1.1, 00:03:28, Serial1/0
     172.16.0.0/24 is subnetted, 1 subnets
O E2    172.16.1.0 [110/20] via 13.1.1.1, 00:00:36, Serial1/0
     12.0.0.0/24 is subnetted, 1 subnets
O E2    12.1.1.0 [110/20] via 13.1.1.1, 00:10:18, Serial1/0
O E2 192.168.2.0/24 [110/20] via 13.1.1.1, 00:03:28, Serial1/0

   

注意：当在重分布时进行过滤，仅允许使用关键字out，后面可以跟上协议名，但不能跟接口，因为无意义，详见卷一（注意：in后面不能跟协议，只有out后能跟）

   

案例3:在OSPF中使用分布列表：(没啥意义)
R2(S1/1)------(S1/0)R1(S1/1)------(s1/0)R3

以上拓扑中，在R2上起用两个环回口，一个是172.16.1.1，一个是192.168.2.1，要使R3上不可以收到172.16.0.0的路由

在没有配置distrubte-list时，看一看R1和R3的路由表:

R1#sh ip ro os
     222.222.2.0/32 is subnetted, 1 subnets
O       222.222.2.1 [110/1563] via 13.1.1.3, 00:00:09, Serial1/1
     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/1563] via 12.1.1.2, 00:00:09, Serial1/0
     222.222.1.0/32 is subnetted, 1 subnets
O       222.222.1.1 [110/1563] via 13.1.1.3, 00:00:09, Serial1/1
     3.0.0.0/32 is subnetted, 1 subnets
O       3.3.3.3 [110/1563] via 13.1.1.3, 00:00:09, Serial1/1
     172.16.0.0/32 is subnetted, 1 subnets
O       172.16.1.1 [110/1563] via 12.1.1.2, 00:00:09, Serial1/0
     192.168.2.0/32 is subnetted, 1 subnets
O       192.168.2.1 [110/1563] via 12.1.1.2, 00:00:09, Serial1/0
R3#sh ip ro os
     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/1627] via 13.1.1.1, 00:00:42, Serial1/0
     172.16.0.0/32 is subnetted, 1 subnets
O       172.16.1.1 [110/1627] via 13.1.1.1, 00:00:42, Serial1/0
     12.0.0.0/24 is subnetted, 1 subnets
O       12.1.1.0 [110/1626] via 13.1.1.1, 00:00:42, Serial1/0
     192.168.2.0/32 is subnetted, 1 subnets
O       192.168.2.1 [110/1627] via 13.1.1.1, 00:00:42, Serial1/0

此时，在R1上做配置:

R1#sh run | b r o

distribute-list 1 in Serial1/0
!
access-list 1 deny   172.16.0.0

再次查看R1和R2的路由表:

R1#sh ip ro os
     222.222.2.0/32 is subnetted, 1 subnets
O       222.222.2.1 [110/1563] via 13.1.1.3, 00:00:34, Serial1/1
     222.222.1.0/32 is subnetted, 1 subnets
O       222.222.1.1 [110/1563] via 13.1.1.3, 00:00:34, Serial1/1
     3.0.0.0/32 is subnetted, 1 subnets
O       3.3.3.3 [110/1563] via 13.1.1.3, 00:00:34, Serial1/1

R3#sh ip ro os
     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/1627] via 13.1.1.1, 00:00:02, Serial1/0
     172.16.0.0/32 is subnetted, 1 subnets
O       172.16.1.1 [110/1627] via 13.1.1.1, 00:00:02, Serial1/0
     12.0.0.0/24 is subnetted, 1 subnets
O       12.1.1.0 [110/1626] via 13.1.1.1, 00:00:02, Serial1/0
     192.168.2.0/32 is subnetted, 1 subnets
O       192.168.2.1 [110/1627] via 13.1.1.1, 00:00:02, Serial1/0

   

总结：实际上并不能对LSA进行过滤，只能对自已的路由条目进行过滤。只对本地起作用，不影响向外传递的路由，可以通过命令area 1 range 172.16.1.0 255.255.0.0 not-adv和perfix表来进行区域之间的过滤.当在链路链路状态协议下配置命令distribute时，关键字out不能与接口联合使用，因为不像距离矢量协议，链路状态协议不从自身的路由表中通告路由，没有更新信息被过滤。

   

案例4:多个重新分配点

   R2(f1/0)------(f1/0)R3

(s0/0)               (s0/0)

   |                    |

   |                    |

(s0/0)                (s0/0)

   R1                   R4

(f2/0)                (f1/0)

   |                     |

   |                     |

(f1/0)                   |

  R5(f0/0)---------------|

其中R1和R4是一个分界点，其上部运行RIP，下部运行OSPF

当全网配置好时，先看一看R1的路由表:

R1#sh ip ro

     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback0
     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/65] via 192.168.3.2, 00:01:16, Serial0/0
     3.0.0.0/32 is subnetted, 1 subnets
O       3.3.3.3 [110/66] via 192.168.3.2, 00:01:16, Serial0/0
     4.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O       4.4.4.4/32 [110/130] via 192.168.3.2, 00:01:16, Serial0/0
R       4.4.4.0/24 [120/3] via 192.168.2.1, 00:00:01, FastEthernet2/0
     5.0.0.0/24 is subnetted, 1 subnets
R       5.5.5.0 [120/1] via 192.168.2.1, 00:00:01, FastEthernet2/0
O    192.168.4.0/24 [110/65] via 192.168.3.2, 00:01:16, Serial0/0
O    192.168.5.0/24 [110/129] via 192.168.3.2, 00:01:16, Serial0/0
O E2 192.168.6.0/24 [110/100] via 192.168.3.2, 00:01:17, Serial0/0
R    192.168.1.0/24 [120/1] via 192.168.2.1, 00:00:03, FastEthernet2/0
C    192.168.2.0/24 is directly connected, FastEthernet2/0
C    192.168.3.0/24 is directly connected, Serial0/0

此时，你会发现到达192.168.6.0网段的路由没有走R5,而是走了R2，这并不是一个最好的路由,解决这个问题的办法是在生新分配点使用分发列表来控制路由源点，在R1和R4上做配置:

R1#sh run | b r o
router ospf 1
 distribute-list 1 in  //仅仅允许接受OSPF域内的地址
!
router rip
 distribute-list 2 in  //仅仅允许接受RIP域内的网络
!
access-list 1 permit 192.168.4.0
access-list 1 permit 192.168.5.0
access-list 2 permit 192.168.1.0
access-list 2 permit 192.168.6.0

R4#sh run | b r o
router ospf 1
 distribute-list 1 in
!
router rip
 distribute-list 2 in
!
access-list 1 permit 192.168.3.0
access-list 1 permit 192.168.4.0
access-list 2 permit 192.168.1.0
access-list 2 permit 192.168.2.0

配置过滤后，再来看一看R1的路由表: 

R1#sh ip ro

     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback0
O    192.168.4.0/24 [110/65] via 192.168.3.2, 00:07:20, Serial0/0
O    192.168.5.0/24 [110/129] via 192.168.3.2, 00:07:20, Serial0/0
R    192.168.6.0/24 [120/1] via 192.168.2.1, 00:00:17, FastEthernet2/0
R    192.168.1.0/24 [120/1] via 192.168.2.1, 00:00:17, FastEthernet2/0
C    192.168.2.0/24 is directly connected, FastEthernet2/0
C    192.168.3.0/24 is directly connected, Serial0/0

使用这种方法消除了多个重新分配点内在的冗余，但是当R1的以太网链路发生故障后，RIP网络变得不可达，路由过滤器可阻止OSPF向路由表中输入替代的路由:

R1#sh ip ro

     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback0
O    192.168.4.0/24 [110/65] via 192.168.3.2, 00:11:04, Serial0/0
O    192.168.5.0/24 [110/129] via 192.168.3.2, 00:11:04, Serial0/0
C    192.168.3.0/24 is directly connected, Serial0/0

此时，对于IPv4，一种更好的方法是使用distance来设置首选路由:

R1#sh run | b r o
router ospf 1
 distance 130
 distance 110 0.0.0.0 255.255.255.255 1
!
router rip
 distance 130
 distance 120 192.168.2.1 0.0.0.0 2

R4#sh run | b r o                 
router ospf 1
 distance 130
 distance 110 0.0.0.0 255.255.255.255 1 //地址和反掩码
!
router rip
 distance 130
 distance 120 192.168.6.1 0.0.0.0 2

第一个Distance命令设置了OSPF和RIP的管理距离为130，第二个Distance命令根据被指定的通告路由器和ACL来设定一个不同的管理距离，这时，在OSPF中，通告路由器的地址不必是下一跳路由器的接口地址，而是产生LSA的路由器ID，其中路由就是根据LSA进行计算的.当网络正常时，看下R4的路由表:

R4#sh ip ro

     4.0.0.0/24 is subnetted, 1 subnets
C       4.4.4.0 is directly connected, Loopback0
O    192.168.4.0/24 [110/65] via 192.168.5.2, 00:10:03, Serial0/0
C    192.168.5.0/24 is directly connected, Serial0/0
C    192.168.6.0/24 is directly connected, FastEthernet1/0
R    192.168.1.0/24 [120/1] via 192.168.6.1, 00:00:21, FastEthernet1/0
R    192.168.2.0/24 [120/1] via 192.168.6.1, 00:00:21, FastEthernet1/0
O    192.168.3.0/24 [110/129] via 192.168.5.2, 00:10:03, Serial0/0

当R4的f1/0接口发生故障后，R4的路由表变为:

R4#sh ip ro
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     4.0.0.0/24 is subnetted, 1 subnets
C       4.4.4.0 is directly connected, Loopback0
O    192.168.4.0/24 [110/65] via 192.168.5.2, 00:30:54, Serial0/0
C    192.168.5.0/24 is directly connected, Serial0/0
R    192.168.1.0/24 is possibly down, routing via 192.168.6.1, FastEthernet1/0
R    192.168.2.0/24 is possibly down, routing via 192.168.6.1, FastEthernet1/0
O    192.168.3.0/24 [110/129] via 192.168.5.2, 00:30:54, Serial0/0

R4#sh ip ro

     4.0.0.0/24 is subnetted, 1 subnets
C       4.4.4.0 is directly connected, Loopback0
O    192.168.4.0/24 [110/65] via 192.168.5.2, 00:10:03, Serial0/0
C    192.168.5.0/24 is directly connected, Serial0/0
C    192.168.6.0/24 is directly connected, FastEthernet1/0
O E2    192.168.1.0/24 [120/1] via 192.168.5.2, 00:00:21, FastEthernet1/0
O E2    192.168.2.0/24 [120/1] via 192.168.5.2, 00:00:21, FastEthernet1/0
O    192.168.3.0/24 [110/129] via 192.168.5.2, 00:10:03, Serial0/0

 

案例5:使用管理距离设置路由器优先级

拓扑和上面的一样，这里，要把R4作为到OSPF域的主路由器，仅当R4不可达时才选择R1，策略实施前，R5通过在R4和R1之间执行等价的负载均衡:

R5#sh ip ro

     1.0.0.0/24 is subnetted, 1 subnets
R       1.1.1.0 [120/2] via 192.168.2.2, 00:00:21, FastEthernet1/0
     4.0.0.0/24 is subnetted, 1 subnets
R       4.4.4.0 [120/2] via 192.168.6.2, 00:00:17, FastEthernet0/0
     5.0.0.0/24 is subnetted, 1 subnets
C       5.5.5.0 is directly connected, Loopback0
R    192.168.4.0/24 [120/2] via 192.168.6.2, 00:00:17, FastEthernet0/0
                    [120/2] via 192.168.2.2, 00:00:21, FastEthernet1/0
R    192.168.5.0/24 [120/2] via 192.168.6.2, 00:00:17, FastEthernet0/0
                    [120/2] via 192.168.2.2, 00:00:21, FastEthernet1/0
C    192.168.6.0/24 is directly connected, FastEthernet0/0
C    192.168.1.0/24 is directly connected, Loopback1
C    192.168.2.0/24 is directly connected, FastEthernet1/0
R    192.168.3.0/24 [120/2] via 192.168.6.2, 00:00:18, FastEthernet0/0
                    [120/2] via 192.168.2.2, 00:00:22, FastEthernet1/0

在R5上进行配置以后，看R5的路由表:

R5#sh run | b r r
router rip
 version 2
 network 5.0.0.0
 network 192.168.1.0
 network 192.168.2.0
 network 192.168.6.0
 distance 100 192.168.6.2 0.0.0.0
 no auto-summary

R5# sh ip ro
     1.0.0.0/24 is subnetted, 1 subnets
R       1.1.1.0 [120/2] via 192.168.2.2, 00:00:08, FastEthernet1/0
     4.0.0.0/24 is subnetted, 1 subnets
R       4.4.4.0 [100/2] via 192.168.6.2, 00:00:14, FastEthernet0/0
     5.0.0.0/24 is subnetted, 1 subnets
C       5.5.5.0 is directly connected, Loopback0
R    192.168.4.0/24 [100/2] via 192.168.6.2, 00:00:14, FastEthernet0/0
R    192.168.5.0/24 [100/2] via 192.168.6.2, 00:00:14, FastEthernet0/0
C    192.168.6.0/24 is directly connected, FastEthernet0/0
C    192.168.1.0/24 is directly connected, Loopback1
C    192.168.2.0/24 is directly connected, FastEthernet1/0
R    192.168.3.0/24 [100/2] via 192.168.6.2, 00:00:14, FastEthernet0

当R5的F0/0链路断了，再次查看R5的路由表:

R5(config)#int f0/0
R5(config-if)#sh
*Mar  1 01:50:52: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down
*Mar  1 01:50:53: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down

R5#sh ip ro
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 1 subnets
R       1.1.1.0 [120/2] via 192.168.2.2, 00:00:02, FastEthernet1/0
     5.0.0.0/24 is subnetted, 1 subnets
C       5.5.5.0 is directly connected, Loopback0
R    192.168.4.0/24 [120/2] via 192.168.2.2, 00:00:02, FastEthernet1/0
R    192.168.5.0/24 [120/2] via 192.168.2.2, 00:00:02, FastEthernet1/0
C    192.168.1.0/24 is directly connected, Loopback1
C    192.168.2.0/24 is directly connected, FastEthernet1/0
R    192.168.3.0/24 [120/2] via 192.168.2.2, 00:00:02, FastEthernet1/0