Prefix-List
和ACL类似的东东,设计用于专抓路由的工具,不仅可以匹配网络号,还可以匹配掩码
R4(config)#ip prefix-list 2(用名字也行) permit 2.2.2.0/24
R4(config-router)#distribute-list prefix 2 in serial 1
例一:
ip prefix-list 2 permit 2.2.2.0/24 //(匹配前24位:2.2.2.* ,掩码必须为24位)
例二:
ip prefix-list 2 permit 2.2.2.0/24 ge 25 le 30 //(匹配前24位:2.2.2.* ,掩码必须为25-30位)
例三:
ip prefix-list 2 permit 2.2.2.0/24 le 32 //(匹配前24位:2.2.2.* ,掩码必须为24-32位)
例四:
ip prefix-list 2 permit 2.2.2.0/24 ge 26 //(匹配前24位:2.2.2.* ,掩码必须为26-32位)
例五:
ip prefix-list 3 permit 0.0.0.0/0 le 32 //(匹配所有)不能像access-list哪样用any参数
ge必须大于前面的数字,小或等于le ,len<ge-value<=le-value
sh ip prefix-list用于查看
用前缀列表过滤A、B、C类路由
A类路由:ip prefix-list 1 permit 0.0.0.0/1 le 32
B类路由:ip prefix-list 1 permit 128.0.0.0/2 le 32
C类路由:ip prefix-list 1 permit 192.0.0.0/3 le 32
案例1:拓扑如下所示:
R1(s1/1)------(s1/0)R2(s1/1)------(s1/0)R3
在R2上有六个环回接口,现在要使R3只能收到掩码为17,18,19的三条网络。六个环回口分别为172.16.128.1/17,172.16.64.1/18,172.16.32.1/19,172.16.16.1/20,172.16.8.1/21,172.16.4.1/22
当配置完成后,先看一看R3的路由表:
R3#sh ip ro ei
1.0.0.0/24 is subnetted, 1 subnets
D 1.1.1.0 [90/2297856] via 13.1.1.1, 00:00:06, Serial1/0
2.0.0.0/24 is subnetted, 1 subnets
D 2.2.2.0 [90/2809856] via 13.1.1.1, 00:00:06, Serial1/0
172.16.0.0/16 is variably subnetted, 6 subnets, 6 masks
D 172.16.128.0/17 [90/2809856] via 13.1.1.1, 00:00:06, Serial1/0
D 172.16.32.0/19 [90/2809856] via 13.1.1.1, 00:00:06, Serial1/0
D 172.16.16.0/20 [90/2809856] via 13.1.1.1, 00:00:06, Serial1/0
D 172.16.8.0/21 [90/2809856] via 13.1.1.1, 00:00:06, Serial1/0
D 172.16.4.0/22 [90/2809856] via 13.1.1.1, 00:00:06, Serial1/0
D 172.16.64.0/18 [90/2809856] via 13.1.1.1, 00:00:06, Serial1/0
12.0.0.0/24 is subnetted, 1 subnets
D 12.1.1.0 [90/2681856] via 13.1.1.1, 00:00:06, Serial1/0
现在,在R1上做配置来满足需求:
R1#sh run | b r e
distribute-list prefix 1 out Serial1/1
!
ip prefix-list 1 seq 5 permit 172.16.0.0/16 ge 17 le 19
此时,我们再来看一看R3的路由表:
R3#sh ip ro ei
172.16.0.0/16 is variably subnetted, 3 subnets, 3 masks
D 172.16.128.0/17 [90/2809856] via 13.1.1.1, 00:01:01, Serial1/0
D 172.16.32.0/19 [90/2809856] via 13.1.1.1, 00:01:01, Serial1/0
D 172.16.64.0/18 [90/2809856] via 13.1.1.1, 00:01:01, Serial1/0
R2的配置:
R2#sh run | b r e
router eigrp 100
network 2.2.2.2 0.0.0.0
network 12.1.1.0 0.0.0.255
network 172.16.0.0
no auto-summary
R1的配置:
R3#sh run | b r e
router eigrp 100
network 3.3.3.3 0.0.0.0
network 13.1.1.0 0.0.0.255
no auto-summary
R3的配置:
R1# sh run | b r e
router eigrp 100
network 1.1.1.1 0.0.0.0
network 12.1.1.0 0.0.0.255
network 13.1.1.0 0.0.0.255
distribute-list prefix 1 out Serial1/1
no auto-summary
!
ip prefix-list 1 seq 5 permit 172.16.0.0/16 ge 17 le 19
案例2:利用前缀列表过滤OSPF
要求:在如上图所示的拓朴中,在R1上利用前缀列表做过滤,不要向AREA0区域传递172.16.1.1的路由。
看一看R3的路由表:
R3#sh ip ro os
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 13.1.1.1, 00:00:55, Serial0/1
2.0.0.0/32 is subnetted, 1 subnets
O IA 2.2.2.2 [110/129] via 13.1.1.1, 00:00:55, Serial0/1
172.16.0.0/32 is subnetted, 2 subnets
O IA 172.16.1.1 [110/129] via 13.1.1.1, 00:00:55, Serial0/1
O IA 172.16.2.1 [110/129] via 13.1.1.1, 00:00:55, Serial0/1
12.0.0.0/24 is subnetted, 1 subnets
O IA 12.1.1.0 [110/128] via 13.1.1.1, 00:00:55, Serial0/1
在R1上配置,满足需求:
R1#sh run | b r o
area 1 filter-list prefix 1 out
!
ip prefix-list 1 seq 5 deny 172.16.1.1/32
ip prefix-list 1 seq 10 permit 0.0.0.0/0 le 32
此时,再看一看R3的路由表:
R3#sh ip ro os
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 13.1.1.1, 00:03:07, Serial0/1
2.0.0.0/32 is subnetted, 1 subnets
O IA 2.2.2.2 [110/129] via 13.1.1.1, 00:03:07, Serial0/1
172.16.0.0/32 is subnetted, 1 subnets
O IA 172.16.2.1 [110/129] via 13.1.1.1, 00:03:07, Serial0/1
12.0.0.0/24 is subnetted, 1 subnets
O IA 12.1.1.0 [110/128] via 13.1.1.1, 00:03:07, Serial0/1
各路由器的配置:
R2的配置:
R2#sh run | b r o
router ospf 110
router-id 2.2.2.2
log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 1
network 12.1.1.2 0.0.0.0 area 1
network 172.16.0.0 0.0.255.255 area 1
R1的配置:
R1#sh run | b r o
router ospf 110
router-id 1.1.1.1
log-adjacency-changes
area 1 filter-list prefix 1 out
network 1.1.1.1 0.0.0.0 area 0
network 12.1.1.1 0.0.0.0 area 1
network 13.1.1.1 0.0.0.0 area 0
!
ip prefix-list 1 seq 5 deny 172.16.1.1/32
ip prefix-list 1 seq 10 permit 0.0.0.0/0 le 32
R3的配置:
R3#sh run | b r o
router ospf 110
router-id 3.3.3.3
log-adjacency-changes
network 3.3.3.3 0.0.0.0 area 0
network 13.1.1.3 0.0.0.0 area 0