CCNP路由实验之九 路由策略
路由器在公布与接收路由信息时,可能须要实施一些策略。以便对路由信息进行过滤,比如仅仅接收或公布满足一定条件的路由信息。
一种路由协议可能须要引入其它的路由协议发现的路由信息,路由器在引入其它路由协议的路由信息时,可能仅仅须要引入一部分满足条件的路由信息,并控制所引入的路由信息的某些属性。以使其满足本协议的要求。
路由策略就是为了改变网络流量所经过的途径而改动路由信息的技术,主要通过改变路由属性(包含可达性)来实现,路由策略是控制层面的行为。操作的对象是路由条目。匹配的是路由。详细是指目标网段、掩码、下一跳、度量值、Tag、Community、AS-PATH等。实现路由策略的方法有几种:
改动管理距离AD。即是浮动路由。
Offset-list结合訪问控制列表可改动偏移量,仅支持路由矢量协议(RIP、EIGRP),用于调整Metric值。须要结合ACL使用
passive-interface 被动接口。对于RIP、IGRP协议仅仅是禁止转发路由信息。但没有禁止接收;EIGRP、OSPF、ISIS是既不接收也不发送路由信息
Distribute-list,分发列表是用于控制路由更新的一个工具,仅仅能过滤路由信息,不能过滤LSA。因此分发列表在距离矢量(RIP、EIGRP)路由协议中使用。不管是in或者是out方向。都能正常的过滤路由。
但对于链路状态协议(ospf、isis)。,路由器之间传递的消息不再是路由信息了,而是LSA,而分发列表是无法对LSA进行过滤的。须要结合ACL使用
prefix-list,前缀列表过滤抓取路由必须要连续。有点相似ACL,可是Prefix-list不能用于数据包的过滤。
它能同一时候匹配前缀号和前缀长度。解决ACL不能区分同样前缀、不同掩码的路由的问题。
可结合Route-map使用
Route-map,叫做路由图或者路由映射表,是对路由进行加工处理的工具
路由策略的作用:
防止路由器选择非最佳路由
防止路由回馈—被重分发的路由又又一次分配回来
能够控制那些路由重分配,那些路由不被又一次分配
用路由过滤器见啦路由防火墙
实验一、改动管理距离AD
R1配置:
R1#conf t
R1(config-if)#ip add 1.1.1.1 255.255.255.0
R1(config-if)#exit
R1(config)#int e0/0
R1(config-if)#ip add 192.168.12.1255.255.255.0
R1(config-if)#no sh
R1(config-if)#exit
R1(config)#int e0/1
R1(config-if)#ip add 192.168.13.1255.255.255.0
R1(config-if)#no sh
R1(config-if)#exit
R1(config)#router rip
R1(config-router)#no au
R1(config-router)#ver 2
R1(config-router)#net 1.1.1.0
R1(config-router)#net 192.168.12.0
R1(config-router)#net 192.168.13.0
R1(config-router)#exit
R2配置:
R2#conf t
R2(config)#int e0/0
R2(config-if)#ip add 192.168.12.2255.255.255.0
R2(config-if)#no sh
R2(config-if)#exit
R2(config)#int e0/1
R2(config-if)#ip add 192.168.24.2255.255.255.0
R2(config-if)#no sh
R2(config-if)#exit
R2(config)#router rip
R2(config-router)#no au
R2(config-router)#ver 2
R2(config-router)#net 192.168.12.0
R2(config-router)#net 192.168.24.0
R2(config-router)#default-metric 4
R2(config-router)#redistribute ospf 1
R2(config-router)#exit
R2(config)#router rip
R2(config-router)#no net 192.168.24.0
R2(config-router)#exit
R2(config)#router ospf 1
R2(config-router)#net 192.168.24.0255.255.255.0 area 0
R2(config-router)#redistribute rip subnets
R2(config-router)#exit
R3配置:
R3#conf t
R3(config)#int e0/0
R3(config-if)#ip add 192.168.13.2255.255.255.0
R3(config-if)#no sh
R3(config-if)#exit
R3(config)#int e0/1
R3(config-if)#ip add 192.168.34.2255.255.255.0
R3(config-if)#no sh
R3(config-if)#exit
R3(config)#router rip
R3(config-router)#no au
R3(config-router)#ver 2
R3(config-router)#net 192.168.13.0
R3(config-router)#default-metric 4
R3(config-router)#redistribute ospf 1
R3(config-router)#exit
R3(config)#router ospf 1
R3(config-router)#router ospf 1
R3(config-router)#net 192.168.34.0255.255.255.0 area 0
R3(config-router)#redistribute rip subnets
R3(config-router)#exit
R4配置:
R4#conf t
R4(config)#int lo0
R4(config-if)#ip add 4.4.4.4 255.255.255.0
R4(config-if)#exit
R4(config)#int e0/0
R4(config-if)#ip add 192.168.24.4255.255.255.0
R4(config-if)#no sh
R4(config-if)#exit
R4(config)#int e0/1
R4(config-if)#ip add 192.168.34.4255.255.255.0
R4(config-if)#no sh
R4(config-if)#exit
R4(config)#router ospf 1
R4(config-router)#net 192.168.24.0255.255.255.0 area 0
R4(config-router)#net 192.168.34.0255.255.255.0 area 0
R4(config-router)#net 4.4.4.0 255.255.255.0area 0
R4(config-router)#exit
完毕以上路由重分布后配置,我们会发现R2和R3的路由表出现次优路由,出现这个情况是由于在多点双向重分发时。从这个方向发出去的路由。会再次传送回来。此时会推断传送回来的路由与自己路由表中同样的路由条目管理距离进行对照,越低就越可靠。并写进路由表。
R2#sh ip rou
Codes: C - connected, S - static, R - RIP,M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, 。IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.12.0/24 is directly connected, Ethernet0/0
1.0.0.0/24 is subnetted, 1 subnets
R 1.1.1.0 [120/1] via 192.168.12.1, 00:00:02, Ethernet0/0
O E2 192.168.13.0/24[110/20] via 192.168.24.4, 00:01:25, Ethernet0/1
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/11] via 192.168.24.4, 00:01:25, Ethernet0/1
C 192.168.24.0/24 is directly connected, Ethernet0/1
192.168.34.0/24 [110/20] via192.168.24.4, 00:01:25, Ethernet0/1
R3#sh ip rou
Codes: C - connected, S - static, R - RIP,M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded staticroute
Gateway of last resort is not set
O E2 192.168.12.0/24[110/20] via 192.168.34.4, 00:03:17, Ethernet0/1
1.0.0.0/24 is subnetted, 1 subnets
O E2 1.1.1.0 [110/20] via 192.168.34.4,00:03:17, Ethernet0/1
C 192.168.13.0/24 is directly connected, Ethernet0/0
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/11] via 192.168.34.4, 00:03:17, Ethernet0/1
O 192.168.24.0/24 [110/20] via 192.168.34.4, 00:03:17, Ethernet0/1
C 192.168.34.0/24 is directly connected, Ethernet0/1
此时我们使用调整管理距离的方法将OSPF的管理距离调整为大于RIP。来调整路由表选择最优路由:
R2#conf t
R2(config)#router ospf 1
R2(config-router)#distance 170
R3#conf t
R3(config)#router ospf 1
R3(config-router)#distance 170
R2#sh ip rou
Codes: C - connected, S - static, R - RIP,M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.12.0/24 is directly connected, Ethernet0/0
1.0.0.0/24 is subnetted, 1 subnets
R 1.1.1.0 [120/1] via 192.168.12.1, 00:00:14, Ethernet0/0
R 192.168.13.0/24 [120/1] via 192.168.12.1, 00:00:14, Ethernet0/0
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [170/11] via 192.168.24.4, 00:00:25, Ethernet0/1
C 192.168.24.0/24 is directly connected, Ethernet0/1
O 192.168.34.0/24 [170/20] via 192.168.24.4, 00:00:25, Ethernet0/1
R3#sh ip rou
Codes: C - connected, S - static, R - RIP,M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
R 192.168.12.0/24 [120/1] via 192.168.13.1, 00:00:02, Ethernet0/0
1.0.0.0/24 is subnetted, 1 subnets
R 1.1.1.0 [120/1] via 192.168.13.1, 00:00:02, Ethernet0/0
C 192.168.13.0/24 is directly connected, Ethernet0/0
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [170/11] via 192.168.34.4, 00:00:23, Ethernet0/1
O 192.168.24.0/24 [170/20] via 192.168.34.4, 00:00:23, Ethernet0/1
C 192.168.34.0/24 is directly connected, Ethernet0/1
实验二、Offset-list控制路由选路
R1配置:
R1#conf t
R1(config)#intlo0
R1(config-if)#ipadd 1.1.1.1 255.255.255.0
R1(config-if)#exit
R1(config)#inte1/0
R1(config-if)#ipadd 192.168.11.1 255.255.255.0
R1(config-if)#nosh
R1(config-if)#exit
R1(config)#ints0/0
R1(config-if)#clockrate 64000
R1(config-if)#ipadd 192.168.10.1 255.255.255.0
R1(config-if)#nosh
R1(config-if)#exit
R1(config)#routereigrp 1
R1(config-router)#noauto-summary
R1(config-router)#net192.168.10.0
R1(config-router)#net192.168.11.0
R1(config-router)#net1.1.1.0
R1(config-router)#exit
R1(config)#iproute 0.0.0.0 0.0.0.0 21.21.21.21 130
R1(config)#iproute 0.0.0.0 0.0.0.0 22.22.22.22 140
R2配置:
R2#conf t
R2(config)#ints0/0
R2(config-if)#clockrate 64000
R2(config-if)#ipadd 192.168.10.2 255.255.255.0
R2(config-if)#nosh
R2(config-if)#exit
R2(config)#inte1/0
R2(config-if)#ipadd 192.168.11.2 255.255.255.0
R2(config-if)#nosh
R2(config-if)#exit
R2(config)#inte1/1
R2(config-if)#ipadd 192.168.23.2 255.255.255.0
R2(config-if)#nosh
R2(config-if)#exit
R2(config)#intlo0
R2(config-if)#ipadd 2.2.2.2 255.255.255.0
R2(config-if)#exit
R2(config)#intlo1
R2(config-if)#ipadd 21.21.21.21 255.255.255.0
R2(config-if)#exit
R2(config)#intlo2
R2(config-if)#ipadd 22.22.22.22 255.255.255.0
R2(config-if)#exit
R2(config)#intlo3
R2(config-if)#ipadd 23.23.23.23 255.255.255.0
R2(config-if)#exit
R2(config)#routereigrp 1
R2(config-router)#noauto-summary
R2(config-router)#net192.168.10.0
R2(config-router)#net2.2.2.0
R2(config-router)#net21.21.21.0
R2(config-router)#net22.22.22.0
R2(config-router)#exit
R2(config)#routerrip
R2(config-router)#noauto-summary
R2(config-router)#ver2
R2(config-router)#net23.23.23.0
R2(config-router)#net192.168.23.0
R2(config-router)#redistributeeigrp 1 metric 4
R2(config-router)#exit
R3配置:
R3#conf t
R3(config)#inte0/0
R3(config-if)#ipadd 192.168.23.3 255.255.255.0
R3(config-if)#nosh
R3(config-if)#exit
R3(config)#intlo0
R3(config-if)#ipadd 3.3.3.3 255.255.255.0
R3(config-if)#exit
R3(config)#routerrip
R3(config-router)#noauto-summary
R3(config-router)#ver2
R3(config-router)#net192.168.23.0
R3(config-router)#net3.3.3.0
R3(config-router)#exit
然后查看R1和R3的路由表:
R1#sh iprou
Codes: C- connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF,IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 -OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPFexternal type 2
i - IS-IS, su - IS-IS summary, L1 -IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidatedefault, U - per-user static route
o - ODR, P - periodic downloaded staticroute
Gatewayof last resort is not set
2.0.0.0/24 is subnetted, 1 subnets
D 2.2.2.0 [90/409600] via 192.168.11.2,00:20:09, Ethernet1/0
21.0.0.0/24 is subnetted, 1 subnets
D 21.21.21.0 [90/409600] via 192.168.11.2,00:19:50, Ethernet1/0
C 192.168.10.0/24 is directly connected,Serial0/0
C 192.168.11.0/24 is directly connected,Ethernet1/0
22.0.0.0/24 is subnetted, 1 subnets
D 22.22.22.0 [90/409600] via 192.168.11.2,00:19:43, Ethernet1/0
S* 0.0.0.0/0 [130/0] via 21.21.21.21
R3#sh iprou
Codes: C- connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O -OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 -OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPFexternal type 2
i - IS-IS, su - IS-IS summary, L1 -IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidatedefault, U - per-user static route
o - ODR, P - periodic downloaded staticroute
Gatewayof last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
R 1.1.1.0 [120/4] via 192.168.23.2,00:00:08, Ethernet0/0
2.0.0.0/24 is subnetted, 1 subnets
R 2.2.2.0 [120/4] via 192.168.23.2,00:00:08, Ethernet0/0
3.0.0.0/24 is subnetted, 1 subnets
C 3.3.3.0 is directly connected, Loopback0
21.0.0.0/24 is subnetted, 1 subnets
R 21.21.21.0 [120/4] via 192.168.23.2,00:00:08, Ethernet0/0
R 192.168.10.0/24 [120/4] via 192.168.23.2,00:00:08, Ethernet0/0
23.0.0.0/24 is subnetted, 1 subnets
R 23.23.23.0 [120/1] via 192.168.23.2,00:00:09, Ethernet0/0
R 192.168.11.0/24 [120/4] via 192.168.23.2,00:00:09, Ethernet0/0
22.0.0.0/24 is subnetted, 1 subnets
R 22.22.22.0 [120/4] via 192.168.23.2,00:00:11, Ethernet0/0
C 192.168.23.0/24 is directly connected,Ethernet0/0
进行例如以下改动:
R1#conf t
R1(config)#access-list1 permit 21.21.21.0 0.0.0.255 //用訪问控制列表标记流量
R1(config)#access-list1 permit 22.22.22.0 0.0.0.255
R1(config)#access-list1 deny any
R1(config)#access-list2 permit 1.1.1.0 0.0.0.255
R1(config)#access-list2 deny any
R1(config)#routereigrp 1
R1(config-router)#offset-list1 in 1888256 e1/0 //设置更新的路由metric加入1888256
R1(config-router)#offset-list2 out 1888256 e1/0 //设置通告出去的路由metric加入1888256
R2#conf t
R2(config)#access-list1 permit any //标记不论什么网络
R2(config-if)#routerrip
R2(config-router)#offset-list1 out 4 //不论什么网络通告出处都添加4跳
再次查看R1和R2变化,居然实现了负载均衡
R1#sh iprou
Codes: C- connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O -OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 -OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPFexternal type 2
i - IS-IS, su - IS-IS summary, L1 -IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidatedefault, U - per-user static route
o - ODR, P - periodic downloaded staticroute
Gatewayof last resort is 21.21.21.21 to network 0.0.0.0
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
2.0.0.0/24 is subnetted, 1 subnets
D 2.2.2.0 [90/409600] via 192.168.11.2,00:19:11, Ethernet1/0
21.0.0.0/24 is subnetted, 1 subnets
D 21.21.21.0[90/2297856] via 192.168.11.2, 00:19:11, Ethernet1/0
[90/2297856] via 192.168.10.2, 00:19:11, Serial0/0
C 192.168.10.0/24 is directly connected,Serial0/0
C 192.168.11.0/24 is directly connected,Ethernet1/0
22.0.0.0/24 is subnetted, 1 subnets
D 22.22.22.0[90/2297856] via 192.168.11.2, 00:19:13, Ethernet1/0
[90/2297856] via 192.168.10.2, 00:19:13, Serial0/0
S* 0.0.0.0/0 [130/0] via 21.21.21.21
R3#sh iprou
Codes: C- connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O -OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 -OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPFexternal type 2
i - IS-IS, su - IS-IS summary, L1 -IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidatedefault, U - per-user static route
o - ODR, P - periodic downloaded staticroute
Gatewayof last resort is not set
3.0.0.0/24 is subnetted, 1 subnets
C 3.3.3.0 is directly connected, Loopback0
23.0.0.0/24 is subnetted, 1 subnets
R 23.23.23.0 [120/1] via 192.168.23.2,00:00:49, Ethernet0/0
C 192.168.23.0/24 is directly connected,Ethernet0/0
R3#sh iprou
Codes: C- connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O -OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 -OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPFexternal type 2
i - IS-IS, su - IS-IS summary, L1 -IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidatedefault, U - per-user static route
o - ODR, P - periodic downloaded staticroute
Gatewayof last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
R 1.1.1.0 [120/8] via 192.168.23.2,00:00:08, Ethernet0/0
2.0.0.0/24 is subnetted, 1 subnets
R 2.2.2.0 [120/8] via 192.168.23.2,00:00:08, Ethernet0/0
3.0.0.0/24 is subnetted, 1 subnets
C 3.3.3.0 is directly connected, Loopback0
21.0.0.0/24 is subnetted, 1 subnets
R 21.21.21.0 [120/8] via 192.168.23.2,00:00:08, Ethernet0/0
R 192.168.10.0/24 [120/8] via 192.168.23.2,00:00:08, Ethernet0/0
23.0.0.0/24 is subnetted, 1 subnets
R 23.23.23.0 [120/5] via 192.168.23.2,00:00:09, Ethernet0/0
R 192.168.11.0/24 [120/8] via 192.168.23.2,00:00:09, Ethernet0/0
22.0.0.0/24 is subnetted, 1 subnets
R 22.22.22.0 [120/8] via 192.168.23.2,00:00:11, Ethernet0/0
C 192.168.23.0/24 is directly connected,Ethernet0/0
offset指的是偏移量。偏移量就是说相对的差。偏移量列表能够用来改变路由的度量值,已达到某些目的(如做备份链路或者负载均衡)。
注意:
假设不指定接口,则对于该路由出站或入站时全部接口都会应用偏移量列表。
假设不指定訪问列表(用訪问列表0)。则全部路由条目都会被改动。
在RIP中offset为跳数,在别的路由选择协议就是相相应的metric值了。
当一个offset-list引起吓一跳路由器通告的度量值比它正在通告的路由更新的度量值更高时。直到holddown timer 超时才会接受。之前会被标记为不可达。
注意在应用訪问列表时的规则。不要出现路由漏洞。
实验三、passive-interface
R1配置:
R1#conf t
R1(config)#intlo0
R1(config-if)#ipadd 1.1.1.1 255.255.255.0
R1(config-if)#exit
R1(config)#inte0/0
R1(config-if)#ipadd 192.168.12.1 255.255.255.0
R1(config-if)#nosh
R1(config-if)#exit
R1(config)#routerrip
R1(config-router)#noau
R1(config-router)#ver2
R1(config-router)#net1.1.1.0
R1(config-router)#net192.168.12.0
R1(config-router)#exit
R2配置:
R2#conf t
R2(config)#intlo0
R2(config-if)#ipadd 2.2.2.2 255.255.255.0
R2(config-if)#nosh
R2(config-if)#exit
R2(config)#intl1
R2(config-if)#ipadd 22.22.22.22 255.255.255.0
R2(config-if)#exit
R2(config)#inte0/0
R2(config-if)#ipadd 192.168.12.2 255.255.255.0
R2(config-if)#nosh
R2(config-if)#exit
R2(config)#inte0/1
R2(config-if)#ipadd 192.168.23.2 255.255.255.0
R2(config-if)#nosh
R2(config-if)#exit
R2(config)#routerrip
R2(config-router)#noau
R2(config-router)#ver2
R2(config-router)#net2.2.2.0
R2(config-router)#net192.168.12.0
R2(config-router)#exit
R2(config)#routerospf 1
R2(config-router)#net192.168.23.0 255.255.255.0 area 0
R2(config-router)#net22.22.22.0 255.255.255.0 area 0
R2(config-router)#exit
R3配置:
R3#conf t
R3(config)#intlo0
R3(config-if)#ipadd 3.3.3.3 255.255.255.0
R3(config-if)#exit
R3(config)#inte0/0
R3(config-if)#ipadd 192.168.23.3 255.255.255.0
R3(config-if)#nosh
R3(config-if)#exit
R3(config)#routerospf 1
R3(config-router)#net3.3.3.0 255.255.255.0 area 0
R3(config-router)#net192.168.23.0 255.255.255.0 area 0
R3(config-router)#exit
查看R1与R3的路由表:
R1#sh iprou
Codes: C- connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O -OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 -OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPFexternal type 2
i - IS-IS, su - IS-IS summary, L1 -IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidatedefault, U - per-user static route
o - ODR, P - periodic downloaded staticroute
Gatewayof last resort is not set
C 192.168.12.0/24 is directly connected,Ethernet0/0
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
2.0.0.0/24 is subnetted, 1 subnets
R 2.2.2.0 [120/1] via 192.168.12.2, 00:00:06, Ethernet0/0
R2#sh ip rou
Codes: C - connected, S - static, R - RIP, M- mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.12.0/24is directly connected, Ethernet0/0
1.0.0.0/24 is subnetted, 1 subnets
R 1.1.1.0 [120/1] via 192.168.12.1, 00:00:03, Ethernet0/0
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, Loopback0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/11] via 192.168.23.3, 00:00:03, Ethernet0/1
22.0.0.0/24 is subnetted, 1 subnets
C 22.22.22.0 is directly connected, Loopback1
C 192.168.23.0/24 is directly connected, Ethernet0/1
R3#sh ip rou
Codes: C - connected, S - static, R - RIP, M- mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
3.0.0.0/24is subnetted, 1 subnets
C 3.3.3.0 is directly connected, Loopback0
22.0.0.0/32 is subnetted, 1 subnets
O 22.22.22.22 [110/11] via 192.168.23.2, 00:05:04, Ethernet0/0
C 192.168.23.0/24 is directly connected, Ethernet0/0
以下进行例如以下改动:
R1#conf t
R1(config)#router rip
R1(config-router)#passive-interface e0/0
R3#conf t
R3(config)#router ospf 1
R3(config-router)#passive-interface e0/0
再次查看路由表:
R1#sh ip rou //R1不变
Codes: C - connected, S - static, R - RIP, M- mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF,IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.12.0/24 is directly connected, Ethernet0/0
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
2.0.0.0/24 is subnetted, 1 subnets
R 2.2.2.0 [120/1] via 192.168.12.2, 00:00:02, Ethernet0/0
R2#sh ip rou //全部动态路由学习不到
Codes: C - connected, S - static, R - RIP, M- mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.12.0/24 is directly connected, Ethernet0/0
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, Loopback0
22.0.0.0/24 is subnetted, 1 subnets
C 22.22.22.0 is directly connected, Loopback1
C 192.168.23.0/24 is directly connected, Ethernet0/1
R3#sh ip //全部ospf动态路由学习不到
*Mar 100:21:39.267: %SYS-5-CONFIG_I: Configured from console by console
R3#sh ip rou
Codes: C - connected, S - static, R - RIP, M- mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route、
Gateway of last resort is not set
3.0.0.0/24 is subnetted, 1 subnets
C 3.3.3.0 is directly connected, Loopback0
C 192.168.23.0/24 is directly connected, Ethernet0/0
由以上分析可知:
在RIP和IGRP这一种路由协议的特点是不会与对方router建立关系.由于passive-interface指令的关系,路由器是每隔一段时间就会发生仅仅听不送的状况,即update会送不出去。
在OSPF和EIGRP、ISIS之类的路由协议的特点是会与对方router建立关系,也就是说router之间会建邻居关系,所以一旦用了passive -interface之后,你就断开了router之间的关系.因此全部的update送不出去,也收不进来.
实验四、Distribute-list分发列表
R1配置:
R1#conf t
R1(config)#intlo0
R1(config-if)#ipadd 1.1.1.1 255.255.255.0
R1(config-if)#exit
R1(config)#inte0/0
R1(config-if)#ipadd 192.168.12.1 255.255.255.0
R1(config-if)#nosh
R1(config-if)#exit
R1(config)#routerrip
R1(config-router)#noau
R1(config-router)#noauto-summary
R1(config-router)#ver
R1(config-router)#version2
R1(config-router)#net1.1.1.0
R1(config-router)#net192.168.12.0
R1(config-router)#exit
R2配置:
R2#conf t
R2(config)#intlo0
R2(config-if)#ipadd 2.2.2.2 255.255.255.0
R2(config-if)#exit
R2(config)#inte0/0
R2(config-if)#ipadd 192.168.12.2 255.255.255.0
R2(config-if)#nosh
R2(config-if)#exit
R2(config)#inte0/1
R2(config-if)#ipadd 192.168.23.2 255.255.255.0
R2(config-if)#nosh
R2(config-if)#exit
R2(config)#routerrip
R2(config-router)#noau
R2(config-router)#ver2
R2(config-router)#net192.168.12.0
R2(config-router)#net192.168.23.0
R2(config-router)#net2.2.2.0
R3配置:
R3#conf t
R3(config)#intlo0
R3(config-if)#ipadd 3.3.3.3 255.255.255.0
R3(config-if)#exit
R3(config)#intlo1
R3(config-if)#ipadd 33.33.33.33 255.255.255.0
R3(config-if)#exit
R3(config)#inte0/0
R3(config-if)#ipadd 192.168.23.3 255.255.255.0
R3(config-if)#nosh
R3(config-if)#exit
R3(config)#inte0/1
R3(config-if)#ipadd 192.168.34.3 255.255.255.0
R3(config-if)#nosh
R3(config-if)#exit
R3(config)#routerrip
R3(config-router)#noau
R3(config-router)#ver2
R3(config-router)#net3.3.3.0
R3(config-router)#net192.168.23.0
R3(config-router)#exit
R3(config)#routerospf 1
R3(config-router)#net33.33.33.0 255.255.255.0 area 0
R3(config-router)#net192.168.34.0 255.255.255.0 area 0
R4配置:
R4#conf t
R4(config)#intlo0
R4(config-if)#ipadd 4.4.4.4 255.255.255.0
R4(config-if)#exit
R4(config)#inte0/1
R4(config-if)#ipadd 192.168.34.4 255.255.255.0
R4(config-if)#nosh
R4(config-if)#exit
R4(config)#inte0/0
R4(config-if)#ipadd 192.168.45.4 255.255.255.0
R4(config-if)#nosh
R4(config-if)#exit
R4(config)#routerospf 1
R4(config-router)#net192.168.34.0 255.255.255.0 area 0
R4(config-router)#net192.168.45.0 255.255.255.0 area 0
R4(config-router)#net4.4.4.0 255.255.255.0 area 0
R5配置:
R5#conf t
R5(config)#intlo0
R5(config-if)#ipadd 5.5.5.5 255.255.255.0
R5(config-if)#exit
R5(config)#inte0/0
R5(config-if)#ipadd 192.168.45.5 255.255.255.0
R5(config-if)#nosh
R5(config-if)#exit
R5(config)#routerospf 1
R5(config-router)#net5.5.5.0 255.255.255.0 area 0
R5(config-router)#net192.16.45.0 255.255.255.0 area 0
第一要求R3不能学习到R2的2.2.2.0,网段配置例如以下
R2#conf t
R2(config)#access-list1 deny 2.2.2.0 0.0.0.255 //设置ACL不同意2.2.2.0网段
R2(config)#access-list1 permit any//在ACL上同意其它网段
R2(config)#routerrip
R2(config-router)#distribute-list1 out e0/1//将ACL应用到RIP接口e0/1的out方向
或者在R3上进行例如以下配置,达到同样的效果
R3#conf t
R3(config)#access-list1 deny 2.2.2.0 0.0.0.255 //设置ACL不同意2.2.2.0网段
R3(config)#access-list1 permit any//在ACL上同意其它网段
R3(config)#routerrip
R3(config-router)#distribute-list1 in e0/0//将ACL应用到RIP接口e/0的in方向
R3(config-router)#doclear ip rou *//清除路由列表。闭关又一次生成
第二要求R4不能学习R3的33.33.33.0网段,可是R5能够学习。
R3不能学习到R4的4.4.4.0网段。配置例如以下:
R4#conf t
R4(config)#access-list1 deny 33.33.33.0 0.0.0.255
R4(config)#access-list1 permit any
R4(config)#routerospf 1
R4(config-router)#distribute-list1 in e0/1
R4(config-router)#doclear ip rou *
R3#conf t
R3(config)#access-list1 deny 4.4.4.0 0.0.0.255
R3(config)#access-list1 permit any
R3(config)#routerospf 1
R3(config-router)#distribute-list1 in e0/1
R3(config-router)#doclear ip rou *
第三要求双向重公布时。不能将1.1.1.0和5.5.5.0注入
R3#conf t
R3(config)#access-list2 deny 1.1.1.0 0.0.0.255
R3(config)#access-list2 permit any
R3(config)#access-list3 deny 5.5.5.0 0.0.0.255
R3(config)#access-list3 permit any
R3(config)#routerospf 1
R3(config-router)#redistributerip subnets
R3(config-router)#distribute-list2 out rip
R3(config-router)#exit
R3(config)#routerrip
R3(config-router)#redistributeospf 1 metric 2
R3(config-router)#distribute-list3 out ospf 1
对于距离矢量路由协议路由器之间。传递的是路由信息,分发列表对路由信息是有绝对的控制权的。
因此假设是in方向。那么通过部署分发列表,能够过滤特定的路由。使得运行分发列表的本地路由路由表发生变化,同一时候,本地路由器在更新路由信息给下游路由器的时候,实际上更新的内容是受分发列表影响之后的条目。同一时候在out方向也是没有问题的。
在链路状态协议中部署分发列表。仅仅能用in方向,分发列表仅仅能在本地收到LSA后,生成路由的那一刹那进行路由的过滤。运行分发列表的路由器的路由表会被分发列表影响,可是该路由器仍会将LSADB中的LSA发送给邻居,因此仅仅对本地路由过滤。邻居不受影响。
实验五、Prefix-list前缀列表
R1配置:
R1#conf t
R1(config)#intl0
R1(config-if)#ipadd 172.168.1.1 255.255.255.0
R1(config-if)#exit
R1(config)#intl1
R1(config-if)#ipadd 172.168.2.1 255.255.255.0
R1(config-if)#exit
R1(config)#intlo3
R1(config-if)#ipadd 172.168.3.1 255.255.255.0
R1(config-if)#exit
R1(config)#intlo4
R1(config-if)#ipadd 1
R1(config-if)#ipadd 172.168.14.1 255.255.255.0
R1(config-if)#exit
R1(config)#intlo5
R1(config-if)#ipadd 172.168.15.1 255.255.255.0
R1(config-if)#exit
R1(config)#inte0/0
R1(config-if)#ipadd 192.168.12.1 255.255.255.0
R1(config-if)#nosh
R1(config-if)#exit
R1(config)#routerrip
R1(config-router)#noau
R1(config-router)#ver2
R1(config-router)#net172.168.1.0
R1(config-router)#net172.168.2.0
R1(config-router)#net172.168.3.0
R1(config-router)#net172.168.14.0
R1(config-router)#net172.168.15.0
R1(config-router)#net192.168.12.0
R2配置:
R2#conf t
R2(config)#intlo0
R2(config-if)#ipadd 2.2.2.2 255.255.255.0
R2(config-if)#exit
R2(config)#inte0/0
R2(config-if)#ipadd 192.168.12.2 255.255.255.0
R2(config-if)#nosh
R2(config-if)#exit
R2(config)#inte0/1
R2(config-if)#ip add 192.168.23.2 255.255.255.0
R2(config-if)#nosh
R2(config-if)#exit
R2(config)#routerrip
R2(config-router)#noau
R2(config-router)#ver2
R2(config-router)#net192.168.12.0
R2(config-router)#net2.2.2.0
R2(config-router)#exit
R2(config)#routerospf 1
R2(config-router)#net192.168.23.0 255.255.255.0 area 0
R3配置:
R3#conf t
R3(config)#intlo0
R3(config-if)#ipadd 202.100.100.3 255.255.255.0
R3(config-if)#exit
R3(config)#intlo1.
R3(config-if)#ipadd 202.100.101.3 255.255.255.0
R3(config-if)#exit
R3(config)#intlo2
R3(config-if)#ipadd 202.100.102.3 255.255.255.0
R3(config-if)#exit
R3(config)#inte0/0
R3(config-if)#ipadd 192.168.23.3 255.255.255.0
R3(config-if)#nosh
R3(config-if)#exit
R3(config)#routerospf 1
R3(config-router)#net192.168.23.0 255.255.255.0 area 0
R3(config-router)#net202.100.100.0 255.255.255.0 area 0
R3(config-router)#net202.100.101.0 255.255.255.0 area 0
R3(config-router)#net202.100.102.0 255.255.255.0 area 0
第一R1不用学习R2的2.2.2.0网段。R2不能学习R1的172.168.1.0、172.168.2.0、172.168.13.0网段
R2#conf t
R2(config)#ipprefix-list filter-1 seq 1 deny 2.2.2.0/24//创建一条前缀列表拒绝2.2.2.0网络
R2(config)#ipprefix-list fliter-1 seq 2 permit 0.0.0.0/0 le 32
R2(config)#ipprefix-list filter-2 seq 3 deny 172.168.1.0/22 le 24
R2(config)#ipprefix-list filter-2 seq 4 permit 0.0.0.0/0 le 32
R2(config)#routerrip
R2(config-router)#distribute-listprefix filter-1 out e0/0//利用distribute-list调用prefix-list
R2(config-router)#distribute-listprefix filter-2 in e0/0
第二要求双向重公布时,172.168.14.0、172.168.15.0、202.100.101.0、202.100.102.0不注入
R2(config)#conft
R2(config)#ipprefix-list filter-3 seq 5 deny 172.168.14.0/23 le 24
R2(config)#ipprefix-list filter-3 seq 6 permit 0.0.0.0/0 le 32
R2(config)#ipprefix-list filter-4 seq 7 deny 202.100.100.0/22 le 24
R2(config)#ipprefix-list filter-4 seq 8 permit 0.0.0.0/0 le 32
R2(config)#routerrip
R2(config-router)#redistributeospf 1 metric 2
R2(config-router)#distribute-listprefix filter-3 out ospf 1
R2(config-router)#exit
R2(config)#routerospf 1
R2(config-router)#redistributerip subnets
R2(config-router)#distribute-listprefix filter-4 out rip
不同于用于匹配流量的IP訪问列表,IP前缀列表主要是用来指定详细的网络可达的。前缀列表用来匹配前缀(网段)和前缀长度(子网掩码)。IP前缀列表(prefix-list)三种形式的含义:
ip prefix-list [name][permit | deny] [prefix]/[len] ge [ge-value] le [le-value]
ge代表大于等于。le代表基于等于
1、ip prefix-list 110 permit 172.16.1.0/23
a:网络号前23位一定同样
b:子网掩码一定是23位的
2、ip prefix-list 110 permit 172.16.1.0/23 le 24
a:网络号前23位一定同样
b:子网掩码能够是23位-24位
3、ip prefix-list 110 permit 172.16.1.0/23 ge24
a:网络号前23位一定同样
b:子网掩码能够是23位-32位
4、ip prefix-list 110 permit 172.16.1.0/23 ge 24 le 24
a:网络号前23位一定同样
b:子网掩码一定是24位
5、ip prefix-list 110 permit 0.0.0.0/0
匹配默认路由
6、ip prefix-list 110 permit 0.0.0.0/0 le 32
匹配不论什么网段
实验六、Route-map(结合ACL、prefix-list、Tag)
R1#conft
R1(config)#intlo 1
R1(config-if)#ipadd 1.1.1.1 255.255.255.0
R1(config-if)#exit
R1(config)#intlo 2
R1(config-if)#ipadd 1.1.2.1 255.255.255.128
R1(config-if)#exit
R1(config)#intlo3
R1(config-if)#ipadd 1.1.3.1 255.255.255.192
R1(config-if)#exit
R1(config)#intlo 4
R1(config-if)#ipadd 1.1.4.1 255.255.255.224
R1(config-if)#exit
R1(config)#inte0/0
R1(config-if)#ipadd 192.168.12.1 255.255.255.0
R1(config-if)#nosh
R1(config-if)#exit
R1(config)#routerrip
R1(config-router)#net1.1.1.0
R1(config-router)#net1.1.2.0
R1(config-router)#net1.1.3.0
R1(config-router)#net1.1.4.0
R1(config-router)#net192.168.12.0
R1(config-router)#noau
R1(config-router)#ver2
R2配置:
R2#conft
R2(config)#intlo 1
R2(config-if)#ipadd 2.2.2.2 255.255.255.0
R2(config-if)#exit
R2(config)#inte0/0
R2(config-if)#ipadd 192.168.12.2 255.255.255.0
R2(config-if)#nosh
R2(config-if)#exit
R2(config)#inte0/1
R2(config-if)#ipadd 192.168.23.2 255.255.255.0
R2(config-if)#nosh
R2(config-if)#exit
R2(config)#routerrip
R2(config-router)#noau
R2(config-router)#ver2
R2(config-router)#net192.168.12.0
R2(config-router)#net2.2.2.0
R2(config-router)#exit
R2(config)#routereigrp 1
R2(config-router)#noauto-summary
R2(config-router)#net192.168.23.0 255.255.255.0
R3配置:
R3#conft
R3(config)#intlo 1
R3(config-if)#ipadd 3.3.3.3 255.255.255.0
R3(config-if)#exit
R3(config)#inte0/1
R3(config-if)#ipadd 192.168.34.3 255.255.255.0
R3(config-if)#nosh
R3(config-if)#exit
R3(config)#inte0/0
R3(config-if)#ipadd 192.168.23.3 255.255.255.0
R3(config-if)#nosh
R3(config-if)#exit
R3(config)#routereigrp 1
R3(config-router)#noauto-summary
R3(config-router)#net3.3.3.0 255.255.255.0
R3(config-router)#net192.168.23.0 255.255.255.0
R3(config-router)#exit
R3(config)#routerospf 1
R3(config-router)#net192.168.34.0 255.255.255.0 area 0
R3(config-router)#exit
R4配置:
R4#conft
R4(config)#intlo 1
R4(config-if)#ipadd 4
R4(config-if)#ipadd 4.4.4.4 255.255.255.0
R4(config-if)#exit
R4(config)#inte0/0
R4(config-if)#ipadd 192.168.34.4 255.255.255.0
R4(config-if)#nosh
R4(config-if)#exit
R4(config)#inte0/0
R4(config-if)#nosh
R4(config-if)#exit
R4(config)#routerospf 1
R4(config-router)#net4.4.4.0 255.255.255.0 area 0
R4(config-router)#net192.168.34.0 255.255.255.0 area 0
(A)结合ACL。假设要求rip与eigrp进行双向重分布时,1.1.1.0 网段不能分发到eigrp中。3.3.3.0网段不能分布到rip中
R2#conft
R2(config)#access-list1 permit 1.1.1.0 0 0.0.0.255 //抓取1.1.1.0路由
R2(config)#route-mapfilter-1 deny 10 //创建过滤的路由图
R2(config-route-map)#matchip address 1/对匹配1.1.1.0的路由进行过滤
R2(config-route-map)#exit
R2(config)#route-mapfilter-1 permit 20//对1.1.1..0以外的路由全部放行
R2(config-route-map)#exit
R2(config)#access-list3 permit 3.3.3.0 0.0.0.255//抓取3.3.3.0路由
R2(config)#route-mapfilter-3 deny 30 //创建过滤的路由图
R2(config-route-map)#matchip add 3//对匹配3.3.3.0的路由进行过滤
R2(config-route-map)#exit
R2(config)#route-mapfilter-3 permit 40//对3.3.3.0以外的路由全部放行
R2(config-route-map)#exit
R2(config)#routereigrp 1
R2(config-router)# redistributerip metric 2500 1500 1 255 5000 route-map filter-1//将RIP分发到eigrp中,并应用路由图
R2(config-router)#exit
R2(config)#routerrip
R2(config-router)# redistributeeigrp 1 route-map filter-3 metric 2//将eigrp分发到rip中。并应用路由图
R2(config-router)#exit
(B)结合prefix-list。假设要求rip与eigrp进行双向重分布时,仅仅有1.1.4.0 网段分发到eigrp中,3.3.3.0网段不能分布到rip中
R2#conft
R2(config)#ipprefix-list filter-1 permit 1.1.1.0/22 ge 24 le 27//抓取不分发的路由段
R2(config)#route-mapfilter-1 deny 10//创建过滤的路由图
R2(config-route-map)#matchip add prefix-list filter-1//将抓取的路由过滤掉
R2(config-route-map)#exit
R2(config)#route-mapfilter-1 permit 20//创建一个同意其它不符合条件的路由,
R2(config-route-map)#exit
R2(config)#ipprefix-list filter-3 permit 3.3.3.0/24
R2(config)#route-mapfilter-3 deny 30
R2(config-route-map)#matchip add prefix-list filter-3
R2(config-route-map)#exit
R2(config)#route-mapfilter-3 permit 40
R2(config-route-map)#exit
R2(config)#routereigrp 1
R2(config-router)#redistribute rip route-map filter-1 metric 2500 1500 1 255 5000
R2(config-router)#exit
R2(config)#routerrip
R2(config-router)#redistributeeigrp 1 route-map filter-3 metric 2
R2(config-router)#exit
(C)结合tag,在路由重分发时R1的路由不能被R4学习到
R2#conft
R2(config)#access-list1 permit 1.1.0.0 0.0.7.255 //抓取R1上的全部路由
R2(config)#route-maptag permit 10 //创建路由图
R2(config-route-map)#matchip add 1//在路由图上设置匹配的条件路由
R2(config-route-map)#settag 100//对满足条件的路由打tag 100
R2(config-route-map)#exit
R2(config)#route-maptag permit 20//对其它不匹配的路由都不做不论什么动作
R2(config-route-map)#exit
R2(config)#routerrip
R2(config-router)#redistributeeigrp 1 metric 2
R2(config-router)#exit
R2(config)#norouter ospf 1
R2(config)#routereigrp 1
R2(config-router)#redistributerip metric 2500 1500 1 255 5000route-map tag //将路由图应用到rip注入到eigrp的路由中
R2(config-router)#exit
R3#conft
R3(config)#route-mapfilter-tag deny 10 //设置过滤路由图
R3(config-route-map)#matchtag 100 //匹配过滤的条件为tag 100
R3(config-route-map)#exit
R3(config)#route-mapfilter-tag permit 20//对其它不匹配条件的不做不论什么动作
R3(config-route-map)#exit
R3(config)#routereigrp 1
R3(config-router)#redistributeospf 1 metric 2500 1500 1 255 5000
R3(config-router)#exit
R3(config)#routerospf 1
R3(config-router)#redistributeeigrp 1 route-map filter-tag subnets //将路由图应用到eigrp注入到ospf的路由中
R3(config-router)#exit
R3#ship rou 1.1.1.0 //R3收到R1上的全部路由都打上tag 100
Routingentry for 1.1.1.0/24
Known via "eigrp 1", distance 170,metric 1433600
Tag 100, type external
Redistributing via eigrp 1, ospf 1
Last update from 192.168.23.2 on Ethernet0/0,00:15:02 ago
Routing Descriptor Blocks:
* 192.168.23.2, from 192.168.23.2, 00:15:02ago, via Ethernet0/0
Route metric is 1433600, traffic sharecount is 1
Total delay is 16000 microseconds,minimum bandwidth is 2500 Kbit
Reliability 1/255, minimum MTU 1500 bytes
Loading 255/255, Hops 1
Route tag 100
R4#ship rou //无不论什么R1的路由
Codes:C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O -OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 -OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPFexternal type 2
i - IS-IS, su - IS-IS summary, L1 -IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidatedefault, U - per-user static route
o - ODR, P - periodic downloaded staticroute
Gatewayof last resort is not set
O E2192.168.12.0/24 [110/20] via 192.168.34.3, 00:08:52, Ethernet0/0
2.0.0.0/24 is subnetted, 1 subnets
OE2 2.2.2.0 [110/20] via 192.168.34.3,00:08:52, Ethernet0/0
3.0.0.0/24 is subnetted, 1 subnets
OE2 3.3.3.0 [110/20] via 192.168.34.3,00:08:52, Ethernet0/0
4.0.0.0/24 is subnetted, 1 subnets
C 4.4.4.0 is directly connected, Loopback1
O E2192.168.23.0/24 [110/20] via 192.168.34.3, 00:08:52, Ethernet0/0
C 192.168.34.0/24 is directly connected,Ethernet0/0
Route-map总结:
使用ACL訪问控制列表能够用一条语句控制多条路由,用反掩码来匹配,反掩码为0的位表示必须与路由条目匹配,反掩码为1的位表示无需匹配。但使用訪问控制列表来过滤路由的话,不能匹配路由的掩码长度
使用Prefix-list前缀列表控制路由更新时能够使用一条语句匹配多条路由。
使用前缀列表过滤路由,能够匹配子网掩码
在使用route-map进行控制路由更新时。所用的訪问控制列表以及前缀列表都使用permit语句。表示匹配一条或者多条路由;假设是要拒绝这个一条或者多条路由。那么在route-map中使用deny语句。以下挂列表。
假设是要同意,则使用permit语句。
Route-map的最后隐含了一条deny语句,假设没有写一条permit的空语句,则会匹配默认的deny语句
使用route-map控制路由更新时,假设match 语句是横着有多个訪问控制列表或者前缀列表。代表仅仅需匹配当中的一个地址就运行route-map,假设在同一个序列号下竖着写多个match ip address,则表示须要同一时候满足这两个要求才运行route-map
每个route-map能够有多条语句,每条语句都有一个序号;每条语句都有两种动作match 和set。
如不写match/set,默觉得match any/set nothing ;每条语句对抓出来的路由都有两种处理方式:permit 或deny
Tag路由标记过滤的方法分两个步骤:
1、在server端路由器设定标记(即R2当作server端)
2、在client路由器依据标记进行过滤(即R3当作client)
3、支持TAG的路由协议RIPv2,EIGRP,IS-IS,OSPF,BGP