基于route-map的路由过滤

实验拓扑





实验过程

1.R1的预配置

Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#no ip domain-lookup Router(config)#line console 0 Router(config-line)#no exec-timeout Router(config-line)#loggin syn Router(config-line)#exit Router(config)#host R1 R1(config)#int s1/0 R1(config-if)#no shut R1(config-if)#ip add 172.16.255.1 255.255.255.252 R1(config-if)#exit R1(config)#int lo0 R1(config-if)#ip add 172.16.0.1 255.255.255.0 R1(config-if)#exit R1(config)#int lo1 R1(config-if)#ip add 172.16.1.1 255.255.255.0 R1(config-if)#exit R1(config)#int lo2 R1(config-if)#ip add 172.16.2.1 255.255.255.0 R1(config-if)#exit R1(config)#int lo3 R1(config-if)#ip add 172.16.3.1 255.255.255.0 R1(config-if)#exit

2.R2的预配置

Router>en Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#no ip domain-lookup Router(config)#line console 0 Router(config-line)#no exec-timeout Router(config-line)#loggin syn Router(config-line)#exit Router(config)#host R2 R2(config)#int s1/0 R2(config-if)#no shut R2(config-if)#ip add 172.16.255.2 255.255.255.252 R2(config-if)#exit R2(config)#int s1/1 R2(config-if)#no shut R2(config-if)#ip add 192.168.255.2 255.255.255.0 R2(config-if)#exit

3.R3的预配置

Router>en Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#no ip domain-lookup Router(config)#line console 0 Router(config-line)#no exec-timeout Router(config-line)#loggin syn Router(config-line)#exit Router(config)#host R3 R3(config)#int s1/1 R3(config-if)#no shut R3(config-if)#ip add 192.168.255.1 255.255.255.0 R3(config-if)#exit R3(config)#int lo0 R3(config-if)#ip add 192.168.0.1 255.255.255.0 R3(config-if)#exit R3(config)#int lo1 R3(config-if)#ip add 192.168.1.1 255.255.255.0 R3(config-if)#exit R3(config)#int lo2 R3(config-if)#ip add 192.168.2.1 255.255.255.0 R3(config-if)#exit R3(config)#int lo3 R3(config-if)#ip add 192.168.3.1 255.255.255.0 R3(config-if)#exit

4.R1的ospf配置

R1(config)#router ospf 1 R1(config-router)#net 172.16.0.1 0.0.0.0 area 0 R1(config-router)#net 172.16.1.1 0.0.0.0 area 0 R1(config-router)#net 172.16.2.1 0.0.0.0 area 0 R1(config-router)#net 172.16.3.1 0.0.0.0 area 0 R1(config-router)#net 172.16.255.1 0.0.0.0 area 0 R1(config-router)#end

5.R2的ospf和rip的配置

R2(config)#router ospf 1 R2(config-router)#net 172.16.255.2 0.0.0.0 area 0 R2(config-router)#exit R2(config)#router rip R2(config-router)#version 2 R2(config-router)#no auto R2(config-router)#net 192.168.255.0 R2(config-router)#end

6.R3的rip的配置

R3(config)#router rip R3(config-router)#version 2 R3(config-router)#no auto R3(config-router)#net 192.168.255.0 R3(config-router)#net 192.168.0.0 R3(config-router)#net 192.168.1.0 R3(config-router)#net 192.168.2.0 R3(config-router)#net 192.168.3.0 R3(config-router)#end

7.在R2上配置过滤掉ospf的路由

R2(config)#access-list 1 deny 172.16.0.0 0.0.0.255 //用ACL抓取需要的流量 R2(config)#access-list 1 deny 172.16.1.0 0.0.0.255 R2(config)#access-list 1 permit any R2(config)#route-map ospf-rip permit //对抓取的流量执行permit操作 R2(config-route-map)#match ip address 1 //匹配抓取的流量 R2(config-route-map)#exit R2(config)#router rip R2(config-router)#redistribute ospf 1 metric 10 route-map ospf-rip //重发布时使用route-map过滤流量 R2(config-router)#exit

8.查看R3的路由表

R3#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks R 172.16.255.0/30 [120/10] via 192.168.255.2, 00:00:20, Serial1/1 R 172.16.3.1/32 [120/10] via 192.168.255.2, 00:00:20, Serial1/1 R 172.16.2.1/32 [120/10] via 192.168.255.2, 00:00:20, Serial1/1 C 192.168.255.0/24 is directly connected, Serial1/1 C 192.168.0.0/24 is directly connected, Loopback0 C 192.168.1.0/24 is directly connected, Loopback1 C 192.168.2.0/24 is directly connected, Loopback2 C 192.168.3.0/24 is directly connected, Loopback3

说明：可以看到172.16.0.0和172.16.1.0被过滤掉了。

9.在R2上配置过滤掉rip的路由

R2(config)#access-list 2 deny 192.168.2.0 0.0.0.255 R2(config)#access-list 2 deny 192.168.3.0 0.0.0.255 R2(config)#access-list 2 permit any R2(config)#route-map rip-ospf R2(config-route-map)#match ip address 2 R2(config-route-map)#exit R2(config)#router ospf 1 R2(config-router)#redistribute rip metric 100 route-map rip-ospf subnets R2(config-router)#end

10.查看R1的路由表

R1#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks C 172.16.255.0/30 is directly connected, Serial1/0 C 172.16.0.0/24 is directly connected, Loopback0 C 172.16.1.0/24 is directly connected, Loopback1 C 172.16.2.0/24 is directly connected, Loopback2 C 172.16.3.0/24 is directly connected, Loopback3 O E2 192.168.255.0/24 [110/100] via 172.16.255.2, 00:01:52, Serial1/0 O E2 192.168.0.0/24 [110/100] via 172.16.255.2, 00:01:52, Serial1/0 O E2 192.168.1.0/24 [110/100] via 172.16.255.2, 00:01:52, Serial1/0

说明：可以看到，rip的部分路由被过滤掉了，route-map主要是结合重发布使用，可以有选择的进行重发布。

本文出自 “等待” 博客，请务必保留此出处http://mxn19871215.blog.51cto.com/982365/483036