Cisco Guard BGP流量牵引配置
网络拓扑
Guard BGP 配置模板
router(config)# router bgp <Guard-AS-number>
router(config-router)# bgp router-id<Guard-IP-address>
router(config-router)# redistribute guard
router(config-router)# neighbor <Router-IP-address>remote-as <Router-AS-number>
router(config-router)# neighbor <Router-IP-address>description <description>
router(config-router)# neighbor <Router-IP-address>soft-reconfiguration inbound
router(config-router)# neighbor <Router-IP-address>distribute-list nothing-in in
router(config-router)# neighbor <Router-IP-address>route-map Guard-out out
router(config-router)# exit
router(config)# access-listnothing-in deny any
router(config)#route-map Guard-out permit 10
router(config-route-map)# set communityno-export no-advertise
Example:
router# show running-config
... ... ...
router bgp 64555
bgp router-id 192.168.8.8
redistribute guard
neighbor 192.168.8.1 remote-as 100
neighbor 192.168.8.1 descriptiondivert-from router
neighbor 192.168.8.1 soft-reconfigurationinbound
neighbor 192.168.8.1 distribute-listnothing-in in
neighbor 192.168.8.1 route-map Guard-outout
!
access-list nothing-in deny any
!
route-map Guard-out permit 10
set community 100:64555 no-exportno-advertise
牵引路由器BGP配置模板
R7200(config)# router bgp <Router-AS>
R7200(config-router)# bgp log-neighbor-changes
R7200(config-router)# neighbor<Guard-IP-address>remote-as GuardAS
R7200(config-router)# neighbor<Guard-IP-address> description<description>
R7200(config-router)# neighbor<Guard-IP-address> soft-reconfigurationinbound
R7200(config-router)# neighbor<Guard-IP-address> distribute-listroutesToGuard out
R7200(config-router)# neighbor<Guard-IP-address> route-mapGuard-in in
R7200(config-router)# nosynchronization
R7200(config-router)# exit
R7200(config)# ip bgp-community new-format
R7200(config)# ip community-list expanded <Guard-community-name> permit no-export
no-advertise
R7200(config)# route-map Guard-in permit 10
R7200(config-route-map)#match community <Guard-community-name> exact match
R7200(config-route-map)# exit
R7200(config)# ip access-list standard routestoGuard
R7200(config-std-nacl)# denyany
Example:
R7200# show running-config
... ... ...
router bgp 100
bgp log-neighbor-changes
neighbor 192.168.8.8 remote-as 64555
neighbor 192.168.8.8 description Guard
neighbor 192.168.8.8 soft-reconfigurationinbound
neighbor 192.168.8.8 distribute-listroutesToGuard out
neighbor 192.168.8.8 route-map Guard-in in
no synchronization
!
ip bgp-community new-format
ip community-list expanded Guard permit100:64555 no-export no- advertise
!
route-map Guard-in permit 10
match community Guard exact match
ip access-list standard routesToGuard
denyany
页:
[1]