CCNP路由实验之九 路由策略
路由器在发布与接收路由信息时,可能需要实施一些策略,以便对路由信息进行过滤,例如只接收或发布满足一定条件的路由信息。一种路由协议可能需要引入其它的路由协议发现的路由信息,路由器在引入其它路由协议的路由信息时,可能只需要引入一部分满足条件的路由信息,并控制所引入的路由信息的某些属性,以使其满足本协议的要求。路由策略就是为了改变网络流量所经过的途径而修改路由信息的技术,主要通过改变路由属性(包括可达性)来实现,路由策略是控制层面的行为,操作的对象是路由条目,匹配的是路由,具体是指目标网段、掩码、下一跳、度量值、Tag、Community、AS-PATH等。实现路由策略的方法有几种:[*]修改管理距离AD,即是浮动路由。
[*]Offset-list结合访问控制列表可修改偏移量,仅支持路由矢量协议(RIP、EIGRP),用于调整Metric值。需要结合ACL使用
[*]passive-interface 被动接口,对于RIP、IGRP协议只是禁止转发路由信息,但没有禁止接收;EIGRP、OSPF、ISIS是既不接收也不发送路由信息
[*]Distribute-list,分发列表是用于控制路由更新的一个工具,只能过滤路由信息,不能过滤LSA。因此分发列表在距离矢量(RIP、EIGRP)路由协议中使用,无论是in或者是out方向,都能正常的过滤路由。但对于链路状态协议(ospf、isis),,路由器之间传递的消息不再是路由信息了,而是LSA,而分发列表是无法对LSA进行过滤的。需要结合ACL使用
[*]prefix-list,前缀列表过滤抓取路由必须要连续。有点类似ACL,但是Prefix-list不能用于数据包的过滤。它能同时匹配前缀号和前缀长度,解决ACL不能区分相同前缀、不同掩码的路由的问题。可结合Route-map使用
[*]Route-map,叫做路由图或者路由映射表,是对路由进行加工处理的工具
路由策略的作用:
[*]防止路由器选择非最佳路由
[*]防止路由回馈—被重分发的路由又重新分配回来
[*]可以控制那些路由重分配,那些路由不被重新分配
[*]用路由过滤器见啦路由防火墙
实验一、修改管理距离AD
R1配置:R1#conf tR1(config-if)#ip add 1.1.1.1 255.255.255.0R1(config-if)#exitR1(config)#int e0/0R1(config-if)#ip add 192.168.12.1255.255.255.0R1(config-if)#no shR1(config-if)#exitR1(config)#int e0/1R1(config-if)#ip add 192.168.13.1255.255.255.0R1(config-if)#no shR1(config-if)#exitR1(config)#router ripR1(config-router)#no auR1(config-router)#ver 2R1(config-router)#net 1.1.1.0R1(config-router)#net 192.168.12.0R1(config-router)#net 192.168.13.0R1(config-router)#exit
R2配置:R2#conf tR2(config)#int e0/0R2(config-if)#ip add 192.168.12.2255.255.255.0R2(config-if)#no shR2(config-if)#exitR2(config)#int e0/1R2(config-if)#ip add 192.168.24.2255.255.255.0R2(config-if)#no shR2(config-if)#exitR2(config)#router ripR2(config-router)#no auR2(config-router)#ver 2R2(config-router)#net 192.168.12.0R2(config-router)#net 192.168.24.0R2(config-router)#default-metric 4 R2(config-router)#redistribute ospf 1R2(config-router)#exitR2(config)#router ripR2(config-router)#no net 192.168.24.0R2(config-router)#exitR2(config)#router ospf 1R2(config-router)#net 192.168.24.0255.255.255.0 area 0R2(config-router)#redistribute rip subnetsR2(config-router)#exit
R3配置:R3#conf tR3(config)#int e0/0R3(config-if)#ip add 192.168.13.2255.255.255.0R3(config-if)#no shR3(config-if)#exitR3(config)#int e0/1R3(config-if)#ip add 192.168.34.2255.255.255.0R3(config-if)#no shR3(config-if)#exitR3(config)#router ripR3(config-router)#no auR3(config-router)#ver 2R3(config-router)#net 192.168.13.0R3(config-router)#default-metric 4R3(config-router)#redistribute ospf 1R3(config-router)#exitR3(config)#router ospf 1R3(config-router)#router ospf 1R3(config-router)#net 192.168.34.0255.255.255.0 area 0R3(config-router)#redistribute rip subnetsR3(config-router)#exit
R4配置:R4#conf tR4(config)#int lo0R4(config-if)#ip add 4.4.4.4 255.255.255.0R4(config-if)#exitR4(config)#int e0/0R4(config-if)#ip add 192.168.24.4255.255.255.0R4(config-if)#no shR4(config-if)#exitR4(config)#int e0/1R4(config-if)#ip add 192.168.34.4255.255.255.0R4(config-if)#no shR4(config-if)#exitR4(config)#router ospf 1R4(config-router)#net 192.168.24.0255.255.255.0 area 0R4(config-router)#net 192.168.34.0255.255.255.0 area 0R4(config-router)#net 4.4.4.0 255.255.255.0area 0R4(config-router)#exit
完成以上路由重分布后配置,我们会发现R2和R3的路由表出现次优路由,出现这个情况是因为在多点双向重分发时,从这个方向发出去的路由,会再次传送回来。此时会判断传送回来的路由与自己路由表中相同的路由条目管理距离进行对比,越低就越可靠,并写进路由表。R2#sh ip rouCodes: C - connected, S - static, R - RIP,M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, ,IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static routeGateway of last resort is not setC 192.168.12.0/24 is directly connected, Ethernet0/0 1.0.0.0/24 is subnetted, 1 subnetsR 1.1.1.0 via 192.168.12.1, 00:00:02, Ethernet0/0O E2 192.168.13.0/24 via 192.168.24.4, 00:01:25, Ethernet0/1 4.0.0.0/32 is subnetted, 1 subnetsO 4.4.4.4 via 192.168.24.4, 00:01:25, Ethernet0/1C 192.168.24.0/24 is directly connected, Ethernet0/1192.168.34.0/24 via192.168.24.4, 00:01:25, Ethernet0/1
R3#sh ip rouCodes: C - connected, S - static, R - RIP,M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded staticrouteGateway of last resort is not setO E2 192.168.12.0/24 via 192.168.34.4, 00:03:17, Ethernet0/1 1.0.0.0/24 is subnetted, 1 subnetsO E2 1.1.1.0 via 192.168.34.4,00:03:17, Ethernet0/1C 192.168.13.0/24 is directly connected, Ethernet0/0 4.0.0.0/32 is subnetted, 1 subnetsO 4.4.4.4 via 192.168.34.4, 00:03:17, Ethernet0/1O 192.168.24.0/24 via 192.168.34.4, 00:03:17, Ethernet0/1C 192.168.34.0/24 is directly connected, Ethernet0/1
此时我们使用调整管理距离的方法将OSPF的管理距离调整为大于RIP,来调整路由表选择最优路由:
R2#conf tR2(config)#router ospf 1R2(config-router)#distance 170
R3#conf tR3(config)#router ospf 1R3(config-router)#distance 170
R2#sh ip rouCodes: C - connected, S - static, R - RIP,M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static routeGateway of last resort is not setC 192.168.12.0/24 is directly connected, Ethernet0/0 1.0.0.0/24 is subnetted, 1 subnetsR 1.1.1.0 via 192.168.12.1, 00:00:14, Ethernet0/0R 192.168.13.0/24 via 192.168.12.1, 00:00:14, Ethernet0/0 4.0.0.0/32 is subnetted, 1 subnetsO 4.4.4.4 via 192.168.24.4, 00:00:25, Ethernet0/1C 192.168.24.0/24 is directly connected, Ethernet0/1O 192.168.34.0/24 via 192.168.24.4, 00:00:25, Ethernet0/1
R3#sh ip rouCodes: C - connected, S - static, R - RIP,M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static routeGateway of last resort is not setR 192.168.12.0/24 via 192.168.13.1, 00:00:02, Ethernet0/0 1.0.0.0/24 is subnetted, 1 subnetsR 1.1.1.0 via 192.168.13.1, 00:00:02, Ethernet0/0C 192.168.13.0/24 is directly connected, Ethernet0/0 4.0.0.0/32 is subnetted, 1 subnetsO 4.4.4.4 via 192.168.34.4, 00:00:23, Ethernet0/1O 192.168.24.0/24 via 192.168.34.4, 00:00:23, Ethernet0/1C 192.168.34.0/24 is directly connected, Ethernet0/1
实验二、Offset-list控制路由选路
R1配置:R1#conf tR1(config)#intlo0R1(config-if)#ipadd 1.1.1.1 255.255.255.0R1(config-if)#exitR1(config)#inte1/0R1(config-if)#ipadd 192.168.11.1 255.255.255.0R1(config-if)#noshR1(config-if)#exitR1(config)#ints0/0R1(config-if)#clockrate 64000R1(config-if)#ipadd 192.168.10.1 255.255.255.0R1(config-if)#noshR1(config-if)#exitR1(config)#routereigrp 1R1(config-router)#noauto-summaryR1(config-router)#net192.168.10.0R1(config-router)#net192.168.11.0R1(config-router)#net1.1.1.0R1(config-router)#exitR1(config)#iproute 0.0.0.0 0.0.0.0 21.21.21.21 130R1(config)#iproute 0.0.0.0 0.0.0.0 22.22.22.22 140
R2配置:R2#conf tR2(config)#ints0/0R2(config-if)#clockrate 64000R2(config-if)#ipadd 192.168.10.2 255.255.255.0R2(config-if)#noshR2(config-if)#exitR2(config)#inte1/0R2(config-if)#ipadd 192.168.11.2 255.255.255.0R2(config-if)#noshR2(config-if)#exitR2(config)#inte1/1R2(config-if)#ipadd 192.168.23.2 255.255.255.0R2(config-if)#noshR2(config-if)#exitR2(config)#intlo0R2(config-if)#ipadd 2.2.2.2 255.255.255.0R2(config-if)#exitR2(config)#intlo1R2(config-if)#ipadd 21.21.21.21 255.255.255.0R2(config-if)#exitR2(config)#intlo2R2(config-if)#ipadd 22.22.22.22 255.255.255.0R2(config-if)#exitR2(config)#intlo3R2(config-if)#ipadd 23.23.23.23 255.255.255.0R2(config-if)#exitR2(config)#routereigrp 1R2(config-router)#noauto-summaryR2(config-router)#net192.168.10.0R2(config-router)#net2.2.2.0R2(config-router)#net21.21.21.0R2(config-router)#net22.22.22.0R2(config-router)#exitR2(config)#routerripR2(config-router)#noauto-summaryR2(config-router)#ver2R2(config-router)#net23.23.23.0R2(config-router)#net192.168.23.0R2(config-router)#redistributeeigrp 1 metric 4R2(config-router)#exit
R3配置:R3#conf tR3(config)#inte0/0R3(config-if)#ipadd 192.168.23.3255.255.255.0R3(config-if)#noshR3(config-if)#exitR3(config)#intlo0R3(config-if)#ipadd 3.3.3.3 255.255.255.0R3(config-if)#exitR3(config)#routerripR3(config-router)#noauto-summaryR3(config-router)#ver2R3(config-router)#net192.168.23.0R3(config-router)#net3.3.3.0R3(config-router)#exit
然后查看R1和R3的路由表:R1#sh iprouCodes: C- connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF,IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 -OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPFexternal type 2 i - IS-IS, su - IS-IS summary, L1 -IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidatedefault, U - per-user static route o - ODR, P - periodic downloaded staticrouteGatewayof last resort is not set 2.0.0.0/24 is subnetted, 1 subnetsD 2.2.2.0 via 192.168.11.2,00:20:09, Ethernet1/0 21.0.0.0/24 is subnetted, 1 subnetsD 21.21.21.0 via 192.168.11.2,00:19:50, Ethernet1/0C 192.168.10.0/24 is directly connected,Serial0/0C 192.168.11.0/24 is directly connected,Ethernet1/0 22.0.0.0/24 is subnetted, 1 subnetsD 22.22.22.0 via 192.168.11.2,00:19:43, Ethernet1/0S* 0.0.0.0/0 via 21.21.21.21
R3#sh iprouCodes: C- connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O -OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 -OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPFexternal type 2 i - IS-IS, su - IS-IS summary, L1 -IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidatedefault, U - per-user static route o - ODR, P - periodic downloaded staticrouteGatewayof last resort is not set 1.0.0.0/24 is subnetted, 1 subnetsR 1.1.1.0 via 192.168.23.2,00:00:08, Ethernet0/0 2.0.0.0/24 is subnetted, 1 subnetsR 2.2.2.0 via 192.168.23.2,00:00:08, Ethernet0/0 3.0.0.0/24 is subnetted, 1 subnetsC 3.3.3.0 is directly connected, Loopback0 21.0.0.0/24 is subnetted, 1 subnetsR 21.21.21.0 via 192.168.23.2,00:00:08, Ethernet0/0R 192.168.10.0/24 via 192.168.23.2,00:00:08, Ethernet0/0 23.0.0.0/24 is subnetted, 1 subnetsR 23.23.23.0 via 192.168.23.2,00:00:09, Ethernet0/0R 192.168.11.0/24 via 192.168.23.2,00:00:09, Ethernet0/0 22.0.0.0/24 is subnetted, 1 subnetsR 22.22.22.0 via 192.168.23.2,00:00:11, Ethernet0/0C 192.168.23.0/24 is directly connected,Ethernet0/0
进行如下修改:R1#conf tR1(config)#access-list1 permit 21.21.21.0 0.0.0.255 //用访问控制列表标记流量R1(config)#access-list1 permit 22.22.22.0 0.0.0.255R1(config)#access-list1 deny anyR1(config)#access-list2 permit 1.1.1.0 0.0.0.255R1(config)#access-list2 deny anyR1(config)#routereigrp 1R1(config-router)#offset-list1 in 1888256 e1/0 //设置更新的路由metric添加1888256R1(config-router)#offset-list2 out 1888256 e1/0 //设置通告出去的路由metric添加1888256
R2#conf tR2(config)#access-list1 permit any //标记任何网络R2(config-if)#routerripR2(config-router)#offset-list1 out 4 //任何网络通告出处都增加4跳
再次查看R1和R2变化,竟然实现了负载均衡R1#sh iprouCodes: C- connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O -OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 -OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPFexternal type 2 i - IS-IS, su - IS-IS summary, L1 -IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidatedefault, U - per-user static route o - ODR, P - periodic downloaded staticrouteGatewayof last resort is 21.21.21.21 to network 0.0.0.0 1.0.0.0/24 is subnetted, 1 subnetsC 1.1.1.0 is directly connected, Loopback0 2.0.0.0/24 is subnetted, 1 subnetsD 2.2.2.0 via 192.168.11.2,00:19:11, Ethernet1/0 21.0.0.0/24 is subnetted, 1 subnetsD 21.21.21.0 via 192.168.11.2, 00:19:11, Ethernet1/0 via 192.168.10.2, 00:19:11, Serial0/0C 192.168.10.0/24 is directly connected,Serial0/0C 192.168.11.0/24 is directly connected,Ethernet1/0 22.0.0.0/24 is subnetted, 1 subnetsD 22.22.22.0 via 192.168.11.2, 00:19:13, Ethernet1/0 via 192.168.10.2, 00:19:13, Serial0/0S* 0.0.0.0/0 via 21.21.21.21
R3#sh iprouCodes: C- connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O -OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 -OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPFexternal type 2 i - IS-IS, su - IS-IS summary, L1 -IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidatedefault, U - per-user static route o - ODR, P - periodic downloaded staticrouteGatewayof last resort is not set 3.0.0.0/24 is subnetted, 1 subnetsC 3.3.3.0 is directly connected, Loopback0 23.0.0.0/24 is subnetted, 1 subnetsR 23.23.23.0 via 192.168.23.2,00:00:49, Ethernet0/0C 192.168.23.0/24 is directly connected,Ethernet0/0
R3#sh iprouCodes: C- connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O -OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 -OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPFexternal type 2 i - IS-IS, su - IS-IS summary, L1 -IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidatedefault, U - per-user static route o - ODR, P - periodic downloaded staticrouteGatewayof last resort is not set 1.0.0.0/24 is subnetted, 1 subnetsR 1.1.1.0 via 192.168.23.2,00:00:08, Ethernet0/0 2.0.0.0/24 is subnetted, 1 subnetsR 2.2.2.0 via 192.168.23.2,00:00:08, Ethernet0/0 3.0.0.0/24 is subnetted, 1 subnetsC 3.3.3.0 is directly connected, Loopback0 21.0.0.0/24 is subnetted, 1 subnetsR 21.21.21.0 via 192.168.23.2,00:00:08, Ethernet0/0R 192.168.10.0/24 via 192.168.23.2,00:00:08, Ethernet0/0 23.0.0.0/24 is subnetted, 1 subnetsR 23.23.23.0 via 192.168.23.2,00:00:09, Ethernet0/0R 192.168.11.0/24 via 192.168.23.2,00:00:09, Ethernet0/0 22.0.0.0/24 is subnetted, 1 subnetsR 22.22.22.0 via 192.168.23.2,00:00:11, Ethernet0/0C 192.168.23.0/24 is directly connected,Ethernet0/0
offset指的是偏移量,偏移量就是说相对的差。偏移量列表可以用来改变路由的度量值,已达到某些目的(如做备份链路或者负载均衡)。注意:
[*]如果不指定接口,则对于该路由出站或入站时所有接口都会应用偏移量列表。
[*]如果不指定访问列表(用访问列表0),则所有路由条目都会被修改。
[*]在RIP中offset为跳数,在别的路由选择协议就是相对应的metric值了。
[*]当一个offset-list引起吓一跳路由器通告的度量值比它正在通告的路由更新的度量值更高时,直到holddown timer 超时才会接受,之前会被标记为不可达。
[*]注意在应用访问列表时的规则,不要出现路由漏洞。
实验三、passive-interface
R1配置:R1#conf tR1(config)#intlo0R1(config-if)#ipadd 1.1.1.1 255.255.255.0R1(config-if)#exitR1(config)#inte0/0R1(config-if)#ipadd 192.168.12.1 255.255.255.0R1(config-if)#noshR1(config-if)#exitR1(config)#routerripR1(config-router)#noauR1(config-router)#ver2R1(config-router)#net1.1.1.0R1(config-router)#net192.168.12.0R1(config-router)#exit
R2配置:R2#conf tR2(config)#intlo0R2(config-if)#ipadd 2.2.2.2 255.255.255.0R2(config-if)#noshR2(config-if)#exitR2(config)#intl1R2(config-if)#ipadd 22.22.22.22 255.255.255.0R2(config-if)#exitR2(config)#inte0/0R2(config-if)#ipadd 192.168.12.2 255.255.255.0R2(config-if)#noshR2(config-if)#exitR2(config)#inte0/1R2(config-if)#ipadd 192.168.23.2 255.255.255.0R2(config-if)#noshR2(config-if)#exitR2(config)#routerripR2(config-router)#noauR2(config-router)#ver2R2(config-router)#net2.2.2.0R2(config-router)#net192.168.12.0R2(config-router)#exitR2(config)#routerospf 1R2(config-router)#net192.168.23.0 255.255.255.0 area 0R2(config-router)#net22.22.22.0 255.255.255.0 area 0R2(config-router)#exit
R3配置:R3#conf tR3(config)#intlo0R3(config-if)#ipadd 3.3.3.3 255.255.255.0R3(config-if)#exitR3(config)#inte0/0R3(config-if)#ipadd 192.168.23.3 255.255.255.0R3(config-if)#noshR3(config-if)#exitR3(config)#routerospf 1R3(config-router)#net3.3.3.0 255.255.255.0 area 0R3(config-router)#net192.168.23.0 255.255.255.0 area 0R3(config-router)#exit
查看R1与R3的路由表:R1#sh iprouCodes: C- connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O -OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 -OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPFexternal type 2 i - IS-IS, su - IS-IS summary, L1 -IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidatedefault, U - per-user static route o - ODR, P - periodic downloaded staticrouteGatewayof last resort is not setC 192.168.12.0/24 is directly connected,Ethernet0/0 1.0.0.0/24 is subnetted, 1 subnetsC 1.1.1.0 is directly connected, Loopback0 2.0.0.0/24 is subnetted, 1 subnetsR 2.2.2.0 via 192.168.12.2, 00:00:06, Ethernet0/0
R2#sh ip rouCodes: C - connected, S - static, R - RIP, M- mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static routeGateway of last resort is not setC 192.168.12.0/24is directly connected, Ethernet0/0 1.0.0.0/24 is subnetted, 1 subnetsR 1.1.1.0 via 192.168.12.1, 00:00:03, Ethernet0/0 2.0.0.0/24 is subnetted, 1 subnetsC 2.2.2.0 is directly connected, Loopback0 3.0.0.0/32 is subnetted, 1 subnetsO 3.3.3.3 via 192.168.23.3, 00:00:03, Ethernet0/1 22.0.0.0/24 is subnetted, 1 subnetsC 22.22.22.0 is directly connected, Loopback1C 192.168.23.0/24 is directly connected, Ethernet0/1
R3#sh ip rouCodes: C - connected, S - static, R - RIP, M- mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static routeGateway of last resort is not set 3.0.0.0/24is subnetted, 1 subnetsC 3.3.3.0 is directly connected, Loopback0 22.0.0.0/32 is subnetted, 1 subnetsO 22.22.22.22 via 192.168.23.2, 00:05:04, Ethernet0/0C 192.168.23.0/24 is directly connected, Ethernet0/0
下面进行如下修改:R1#conf tR1(config)#router ripR1(config-router)#passive-interface e0/0
R3#conf tR3(config)#router ospf 1R3(config-router)#passive-interface e0/0
再次查看路由表:R1#sh ip rou //R1不变Codes: C - connected, S - static, R - RIP, M- mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF,IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static routeGateway of last resort is not setC 192.168.12.0/24 is directly connected, Ethernet0/0 1.0.0.0/24 is subnetted, 1 subnetsC 1.1.1.0 is directly connected, Loopback0 2.0.0.0/24 is subnetted, 1 subnetsR 2.2.2.0 via 192.168.12.2, 00:00:02, Ethernet0/0
R2#sh ip rou //所有动态路由学习不到Codes: C - connected, S - static, R - RIP, M- mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static routeGateway of last resort is not setC 192.168.12.0/24 is directly connected, Ethernet0/0 2.0.0.0/24 is subnetted, 1 subnetsC 2.2.2.0 is directly connected, Loopback0 22.0.0.0/24 is subnetted, 1 subnetsC 22.22.22.0 is directly connected, Loopback1C 192.168.23.0/24 is directly connected, Ethernet0/1
R3#sh ip //所有ospf动态路由学习不到*Mar100:21:39.267: %SYS-5-CONFIG_I: Configured from console by consoleR3#sh ip rouCodes: C - connected, S - static, R - RIP, M- mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route、Gateway of last resort is not set 3.0.0.0/24 is subnetted, 1 subnetsC 3.3.3.0 is directly connected, Loopback0C 192.168.23.0/24 is directly connected, Ethernet0/0
由以上分析可知:
[*]在RIP和IGRP这一种路由协议的特点是不会与对方router建立关系.由于passive-interface指令的关系,路由器是每隔一段时间就会发生只听不送的状况,即update会送不出去。
[*]在OSPF和EIGRP、ISIS之类的路由协议的特点是会与对方router建立关系,也就是说router之间会建邻居关系,所以一旦用了passive -interface之后,你就断开了router之间的关系.因此所有的update送不出去,也收不进来.
实验四、Distribute-list分发列表
R1配置:R1#conf tR1(config)#intlo0R1(config-if)#ipadd 1.1.1.1 255.255.255.0R1(config-if)#exitR1(config)#inte0/0R1(config-if)#ipadd 192.168.12.1 255.255.255.0R1(config-if)#noshR1(config-if)#exitR1(config)#routerripR1(config-router)#noauR1(config-router)#noauto-summaryR1(config-router)#verR1(config-router)#version2R1(config-router)#net1.1.1.0R1(config-router)#net192.168.12.0R1(config-router)#exit
R2配置:R2#conf tR2(config)#intlo0R2(config-if)#ipadd 2.2.2.2 255.255.255.0R2(config-if)#exitR2(config)#inte0/0R2(config-if)#ipadd 192.168.12.2 255.255.255.0R2(config-if)#noshR2(config-if)#exitR2(config)#inte0/1R2(config-if)#ipadd 192.168.23.2 255.255.255.0R2(config-if)#noshR2(config-if)#exitR2(config)#routerripR2(config-router)#noauR2(config-router)#ver2R2(config-router)#net192.168.12.0R2(config-router)#net192.168.23.0R2(config-router)#net2.2.2.0
R3配置:R3#conf tR3(config)#intlo0R3(config-if)#ipadd 3.3.3.3 255.255.255.0R3(config-if)#exitR3(config)#intlo1R3(config-if)#ipadd 33.33.33.33 255.255.255.0R3(config-if)#exitR3(config)#inte0/0R3(config-if)#ipadd 192.168.23.3 255.255.255.0R3(config-if)#noshR3(config-if)#exitR3(config)#inte0/1R3(config-if)#ipadd 192.168.34.3 255.255.255.0R3(config-if)#noshR3(config-if)#exitR3(config)#routerripR3(config-router)#noauR3(config-router)#ver2R3(config-router)#net3.3.3.0R3(config-router)#net192.168.23.0R3(config-router)#exitR3(config)#routerospf 1R3(config-router)#net33.33.33.0 255.255.255.0 area 0R3(config-router)#net192.168.34.0 255.255.255.0 area 0
R4配置:R4#conf tR4(config)#intlo0R4(config-if)#ipadd 4.4.4.4 255.255.255.0R4(config-if)#exitR4(config)#inte0/1R4(config-if)#ipadd 192.168.34.4 255.255.255.0R4(config-if)#noshR4(config-if)#exitR4(config)#inte0/0R4(config-if)#ipadd 192.168.45.4 255.255.255.0R4(config-if)#noshR4(config-if)#exitR4(config)#routerospf 1R4(config-router)#net192.168.34.0 255.255.255.0 area 0R4(config-router)#net192.168.45.0 255.255.255.0 area 0R4(config-router)#net4.4.4.0 255.255.255.0 area 0
R5配置:R5#conf tR5(config)#intlo0R5(config-if)#ipadd 5.5.5.5 255.255.255.0R5(config-if)#exitR5(config)#inte0/0R5(config-if)#ipadd 192.168.45.5 255.255.255.0R5(config-if)#noshR5(config-if)#exitR5(config)#routerospf 1R5(config-router)#net5.5.5.0 255.255.255.0 area 0R5(config-router)#net192.16.45.0 255.255.255.0 area 0第一要求R3不能学习到R2的2.2.2.0,网段配置如下R2#conf tR2(config)#access-list1 deny 2.2.2.0 0.0.0.255 //设置ACL不允许2.2.2.0网段R2(config)#access-list1 permit any//在ACL上允许其他网段R2(config)#routerripR2(config-router)#distribute-list1 out e0/1//将ACL应用到RIP接口e0/1的out方向或者在R3上进行如下配置,达到相同的效果R3#conf tR3(config)#access-list1 deny 2.2.2.0 0.0.0.255 //设置ACL不允许2.2.2.0网段R3(config)#access-list1 permit any//在ACL上允许其他网段R3(config)#routerripR3(config-router)#distribute-list1 in e0/0//将ACL应用到RIP接口e/0的in方向R3(config-router)#doclear ip rou *//清除路由列表,闭关重新生成
第二要求R4不能学习R3的33.33.33.0网段,但是R5可以学习。R3不能学习到R4的4.4.4.0网段。配置如下:R4#conf tR4(config)#access-list1 deny 33.33.33.0 0.0.0.255R4(config)#access-list1 permit anyR4(config)#routerospf 1R4(config-router)#distribute-list1 in e0/1R4(config-router)#doclear ip rou *
R3#conf tR3(config)#access-list1 deny 4.4.4.0 0.0.0.255R3(config)#access-list1 permit anyR3(config)#routerospf 1R3(config-router)#distribute-list1 in e0/1R3(config-router)#doclear ip rou *
第三要求双向重发布时,不能将1.1.1.0和5.5.5.0注入R3#conf tR3(config)#access-list2 deny 1.1.1.0 0.0.0.255R3(config)#access-list2 permit anyR3(config)#access-list3 deny 5.5.5.0 0.0.0.255R3(config)#access-list3 permit anyR3(config)#routerospf 1R3(config-router)#redistributerip subnetsR3(config-router)#distribute-list2 out ripR3(config-router)#exitR3(config)#routerripR3(config-router)#redistributeospf 1 metric 2R3(config-router)#distribute-list3 out ospf 1对于距离矢量路由协议路由器之间,传递的是路由信息,分发列表对路由信息是有绝对的控制权的。因此如果是in方向,那么通过部署分发列表,可以过滤特定的路由,使得执行分发列表的本地路由路由表发生变化,同时,本地路由器在更新路由信息给下游路由器的时候,实际上更新的内容是受分发列表影响之后的条目。同时在out方向也是没有问题的。 在链路状态协议中部署分发列表,只能用in方向,分发列表只能在本地收到LSA后,生成路由的那一刹那进行路由的过滤,执行分发列表的路由器的路由表会被分发列表影响,但是该路由器仍会将LSADB中的LSA发送给邻居,因此只对本地路由过滤,邻居不受影响。
实验五、Prefix-list前缀列表
R1配置:R1#conftR1(config)#intl0R1(config-if)#ipadd 172.168.1.1 255.255.255.0R1(config-if)#exitR1(config)#intl1R1(config-if)#ipadd 172.168.2.1 255.255.255.0R1(config-if)#exitR1(config)#intlo3R1(config-if)#ipadd 172.168.3.1 255.255.255.0R1(config-if)#exitR1(config)#intlo4R1(config-if)#ipadd 1R1(config-if)#ipadd 172.168.14.1 255.255.255.0R1(config-if)#exitR1(config)#intlo5R1(config-if)#ipadd 172.168.15.1 255.255.255.0R1(config-if)#exitR1(config)#inte0/0R1(config-if)#ipadd 192.168.12.1 255.255.255.0R1(config-if)#noshR1(config-if)#exitR1(config)#routerripR1(config-router)#noauR1(config-router)#ver2R1(config-router)#net172.168.1.0R1(config-router)#net172.168.2.0R1(config-router)#net172.168.3.0R1(config-router)#net172.168.14.0R1(config-router)#net172.168.15.0R1(config-router)#net192.168.12.0
R2配置:R2#conf tR2(config)#intlo0R2(config-if)#ipadd 2.2.2.2 255.255.255.0R2(config-if)#exitR2(config)#inte0/0R2(config-if)#ipadd 192.168.12.2 255.255.255.0R2(config-if)#noshR2(config-if)#exitR2(config)#inte0/1R2(config-if)#ip add 192.168.23.2 255.255.255.0R2(config-if)#noshR2(config-if)#exitR2(config)#routerripR2(config-router)#noauR2(config-router)#ver2R2(config-router)#net192.168.12.0R2(config-router)#net2.2.2.0R2(config-router)#exitR2(config)#routerospf 1R2(config-router)#net192.168.23.0 255.255.255.0 area 0
R3配置:R3#conf tR3(config)#intlo0R3(config-if)#ipadd 202.100.100.3 255.255.255.0R3(config-if)#exitR3(config)#intlo1.R3(config-if)#ipadd 202.100.101.3 255.255.255.0R3(config-if)#exitR3(config)#intlo2R3(config-if)#ipadd 202.100.102.3 255.255.255.0R3(config-if)#exitR3(config)#inte0/0R3(config-if)#ipadd 192.168.23.3 255.255.255.0R3(config-if)#noshR3(config-if)#exitR3(config)#routerospf 1R3(config-router)#net192.168.23.0 255.255.255.0 area 0R3(config-router)#net202.100.100.0 255.255.255.0 area 0R3(config-router)#net202.100.101.0 255.255.255.0 area 0R3(config-router)#net202.100.102.0 255.255.255.0 area 0
第一R1不用学习R2的2.2.2.0网段,R2不能学习R1的172.168.1.0、172.168.2.0、172.168.13.0网段R2#conf tR2(config)#ipprefix-list filter-1 seq 1 deny 2.2.2.0/24//创建一条前缀列表拒绝2.2.2.0网络R2(config)#ipprefix-list fliter-1 seq 2 permit 0.0.0.0/0 le 32R2(config)#ipprefix-list filter-2 seq 3 deny 172.168.1.0/22 le 24R2(config)#ipprefix-list filter-2 seq 4 permit 0.0.0.0/0 le 32R2(config)#routerripR2(config-router)#distribute-listprefix filter-1 out e0/0//利用distribute-list调用prefix-listR2(config-router)#distribute-listprefix filter-2 in e0/0
第二要求双向重发布时,172.168.14.0、172.168.15.0、202.100.101.0、202.100.102.0不注入R2(config)#conftR2(config)#ipprefix-list filter-3 seq 5 deny 172.168.14.0/23 le 24R2(config)#ipprefix-list filter-3 seq 6 permit 0.0.0.0/0 le 32R2(config)#ipprefix-list filter-4 seq 7 deny 202.100.100.0/22 le 24R2(config)#ipprefix-list filter-4 seq 8 permit 0.0.0.0/0 le 32R2(config)#routerripR2(config-router)#redistributeospf 1 metric 2R2(config-router)#distribute-listprefix filter-3 out ospf 1R2(config-router)#exitR2(config)#routerospf 1R2(config-router)#redistributerip subnetsR2(config-router)#distribute-listprefix filter-4 out rip
不同于用于匹配流量的IP访问列表,IP前缀列表主要是用来指定具体的网络可达的。前缀列表用来匹配前缀(网段)和前缀长度(子网掩码)。IP前缀列表(prefix-list)三种形式的含义:ip prefix-list / ge le ge代表大于等于,le代表基于等于1、ip prefix-list 110 permit 172.16.1.0/23a:网络号前23位一定相同b:子网掩码一定是23位的2、ip prefix-list 110 permit 172.16.1.0/23 le 24a:网络号前23位一定相同b:子网掩码可以是23位-24位3、ip prefix-list 110 permit 172.16.1.0/23 ge24a:网络号前23位一定相同b:子网掩码可以是23位-32位4、ip prefix-list 110 permit 172.16.1.0/23 ge 24 le 24a:网络号前23位一定相同b:子网掩码一定是24位5、ip prefix-list 110 permit 0.0.0.0/0 匹配默认路由6、ip prefix-list 110 permit 0.0.0.0/0 le 32匹配任何网段
实验六、Route-map(结合ACL、prefix-list、Tag)
R1#conftR1(config)#intlo 1R1(config-if)#ipadd 1.1.1.1 255.255.255.0R1(config-if)#exitR1(config)#intlo 2R1(config-if)#ipadd 1.1.2.1 255.255.255.128R1(config-if)#exitR1(config)#intlo3R1(config-if)#ipadd 1.1.3.1 255.255.255.192R1(config-if)#exitR1(config)#intlo 4R1(config-if)#ipadd 1.1.4.1 255.255.255.224R1(config-if)#exitR1(config)#inte0/0R1(config-if)#ipadd 192.168.12.1 255.255.255.0R1(config-if)#noshR1(config-if)#exitR1(config)#routerripR1(config-router)#net1.1.1.0R1(config-router)#net1.1.2.0R1(config-router)#net1.1.3.0R1(config-router)#net1.1.4.0R1(config-router)#net192.168.12.0R1(config-router)#noauR1(config-router)#ver2
R2配置:R2#conftR2(config)#intlo 1R2(config-if)#ipadd 2.2.2.2 255.255.255.0R2(config-if)#exitR2(config)#inte0/0R2(config-if)#ipadd 192.168.12.2 255.255.255.0R2(config-if)#noshR2(config-if)#exitR2(config)#inte0/1R2(config-if)#ipadd 192.168.23.2 255.255.255.0R2(config-if)#noshR2(config-if)#exitR2(config)#routerripR2(config-router)#noauR2(config-router)#ver2R2(config-router)#net192.168.12.0R2(config-router)#net2.2.2.0R2(config-router)#exitR2(config)#routereigrp 1R2(config-router)#noauto-summaryR2(config-router)#net192.168.23.0 255.255.255.0
R3配置:R3#conftR3(config)#intlo 1R3(config-if)#ipadd 3.3.3.3 255.255.255.0R3(config-if)#exitR3(config)#inte0/1R3(config-if)#ipadd 192.168.34.3 255.255.255.0R3(config-if)#noshR3(config-if)#exitR3(config)#inte0/0R3(config-if)#ipadd 192.168.23.3 255.255.255.0R3(config-if)#noshR3(config-if)#exitR3(config)#routereigrp 1R3(config-router)#noauto-summaryR3(config-router)#net3.3.3.0 255.255.255.0R3(config-router)#net192.168.23.0 255.255.255.0R3(config-router)#exitR3(config)#routerospf 1R3(config-router)#net192.168.34.0 255.255.255.0 area 0R3(config-router)#exit
R4配置:R4#conftR4(config)#intlo 1R4(config-if)#ipadd 4R4(config-if)#ipadd 4.4.4.4 255.255.255.0R4(config-if)#exitR4(config)#inte0/0R4(config-if)#ipadd 192.168.34.4 255.255.255.0R4(config-if)#noshR4(config-if)#exitR4(config)#inte0/0R4(config-if)#noshR4(config-if)#exitR4(config)#routerospf 1R4(config-router)#net4.4.4.0 255.255.255.0 area 0R4(config-router)#net192.168.34.0 255.255.255.0 area 0
(A)结合ACL,如果要求rip与eigrp进行双向重分布时,1.1.1.0 网段不能分发到eigrp中,3.3.3.0网段不能分布到rip中R2#conftR2(config)#access-list1 permit 1.1.1.0 0 0.0.0.255 //抓取1.1.1.0路由R2(config)#route-mapfilter-1 deny 10 //创建过滤的路由图R2(config-route-map)#matchip address 1/对匹配1.1.1.0的路由进行过滤R2(config-route-map)#exitR2(config)#route-mapfilter-1 permit 20//对1.1.1..0以外的路由全部放行R2(config-route-map)#exitR2(config)#access-list3 permit 3.3.3.0 0.0.0.255//抓取3.3.3.0路由R2(config)#route-mapfilter-3 deny 30 //创建过滤的路由图R2(config-route-map)#matchip add 3//对匹配3.3.3.0的路由进行过滤R2(config-route-map)#exitR2(config)#route-mapfilter-3 permit 40//对3.3.3.0以外的路由全部放行R2(config-route-map)#exitR2(config)#routereigrp 1R2(config-router)# redistributerip metric 2500 1500 1 255 5000 route-map filter-1//将RIP分发到eigrp中,并应用路由图R2(config-router)#exitR2(config)#routerripR2(config-router)# redistributeeigrp 1 route-map filter-3 metric 2//将eigrp分发到rip中,并应用路由图R2(config-router)#exit
(B)结合prefix-list,如果要求rip与eigrp进行双向重分布时,只有1.1.4.0 网段分发到eigrp中,3.3.3.0网段不能分布到rip中R2#conftR2(config)#ipprefix-list filter-1 permit 1.1.1.0/22 ge 24 le 27//抓取不分发的路由段R2(config)#route-mapfilter-1 deny 10//创建过滤的路由图R2(config-route-map)#matchip add prefix-list filter-1//将抓取的路由过滤掉R2(config-route-map)#exitR2(config)#route-mapfilter-1 permit 20//创建一个允许其他不符合条件的路由,R2(config-route-map)#exitR2(config)#ipprefix-list filter-3 permit 3.3.3.0/24R2(config)#route-mapfilter-3 deny 30R2(config-route-map)#matchip add prefix-list filter-3R2(config-route-map)#exitR2(config)#route-mapfilter-3 permit 40R2(config-route-map)#exitR2(config)#routereigrp 1R2(config-router)#redistribute rip route-map filter-1 metric 2500 1500 1 255 5000R2(config-router)#exitR2(config)#routerripR2(config-router)#redistributeeigrp 1 route-map filter-3 metric 2R2(config-router)#exit
(C)结合tag,在路由重分发时R1的路由不能被R4学习到R2#conftR2(config)#access-list1 permit 1.1.0.0 0.0.7.255 //抓取R1上的所有路由R2(config)#route-maptag permit 10 //创建路由图R2(config-route-map)#matchip add 1//在路由图上设置匹配的条件路由R2(config-route-map)#settag 100//对满足条件的路由打tag 100R2(config-route-map)#exitR2(config)#route-maptag permit 20//对其他不匹配的路由都不做任何动作R2(config-route-map)#exitR2(config)#routerripR2(config-router)#redistributeeigrp 1 metric 2R2(config-router)#exitR2(config)#norouter ospf 1R2(config)#routereigrp 1R2(config-router)#redistributeripmetric 2500 1500 1 255 5000route-map tag //将路由图应用到rip注入到eigrp的路由中R2(config-router)#exit
R3#conftR3(config)#route-mapfilter-tag deny 10 //设置过滤路由图R3(config-route-map)#matchtag 100 //匹配过滤的条件为tag 100R3(config-route-map)#exitR3(config)#route-mapfilter-tag permit 20//对其他不匹配条件的不做任何动作R3(config-route-map)#exitR3(config)#routereigrp 1R3(config-router)#redistributeospf 1 metric 2500 1500 1 255 5000R3(config-router)#exitR3(config)#routerospf 1R3(config-router)#redistributeeigrp 1 route-map filter-tag subnets //将路由图应用到eigrp注入到ospf的路由中R3(config-router)#exit
R3#ship rou 1.1.1.0 //R3收到R1上的所有路由都打上tag 100Routingentry for 1.1.1.0/24Known via "eigrp 1", distance 170,metric 1433600Tag 100, type externalRedistributing via eigrp 1, ospf 1Last update from 192.168.23.2 on Ethernet0/0,00:15:02 agoRouting Descriptor Blocks:* 192.168.23.2, from 192.168.23.2, 00:15:02ago, via Ethernet0/0 Route metric is 1433600, traffic sharecount is 1 Total delay is 16000 microseconds,minimum bandwidth is 2500 Kbit Reliability 1/255, minimum MTU 1500 bytes Loading 255/255, Hops 1 Route tag 100
R4#ship rou //无任何R1的路由Codes:C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O -OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 -OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPFexternal type 2 i - IS-IS, su - IS-IS summary, L1 -IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidatedefault, U - per-user static route o - ODR, P - periodic downloaded staticrouteGatewayof last resort is not setO E2192.168.12.0/24 via 192.168.34.3, 00:08:52, Ethernet0/0 2.0.0.0/24 is subnetted, 1 subnetsOE2 2.2.2.0 via 192.168.34.3,00:08:52, Ethernet0/0 3.0.0.0/24 is subnetted, 1 subnetsOE2 3.3.3.0 via 192.168.34.3,00:08:52, Ethernet0/0 4.0.0.0/24 is subnetted, 1 subnetsC 4.4.4.0 is directly connected, Loopback1O E2192.168.23.0/24 via 192.168.34.3, 00:08:52, Ethernet0/0C 192.168.34.0/24 is directly connected,Ethernet0/0
Route-map总结:
[*]使用ACL访问控制列表可以用一条语句控制多条路由,用反掩码来匹配,反掩码为0的位表示必须与路由条目匹配,反掩码为1的位表示无需匹配。但使用访问控制列表来过滤路由的话,不能匹配路由的掩码长度
[*]使用Prefix-list前缀列表控制路由更新时可以使用一条语句匹配多条路由。使用前缀列表过滤路由,可以匹配子网掩码
[*]在使用route-map进行控制路由更新时,所用的访问控制列表以及前缀列表都使用permit语句,表示匹配一条或者多条路由;如果是要拒绝这个一条或者多条路由,那么在route-map中使用deny语句,下面挂列表。如果是要允许,则使用permit语句。Route-map的最后隐含了一条deny语句,如果没有写一条permit的空语句,则会匹配默认的deny语句
[*]使用route-map控制路由更新时,如果match 语句是横着有多个访问控制列表或者前缀列表,代表只需匹配其中的一个地址就执行route-map,如果在同一个序列号下竖着写多个match ip address,则表示需要同时满足这两个要求才执行route-map
[*]每一个route-map可以有多条语句,每条语句都有一个序号;每条语句都有两种动作match 和set。如不写match/set,默认为match any/set nothing ;每条语句对抓出来的路由都有两种处理方式:permit 或deny
[*]Tag路由标记过滤的方法分两个步骤:1、在服务器端路由器设定标记(即R2当作服务器端)2、在客户端路由器根据标记进行过滤(即R3当作客户端)3、支持TAG的路由协议RIPv2,EIGRP,IS-IS,OSPF,BGP
{:6_388:}很详细 {:6_404:} 谢谢分享,楼主~~~ 学习学习 感谢····
页:
[1]