使用分发列表过滤路由及路由汇总、防环的实验
这个实验是采用分发列表来实现路由过滤和汇总、防环的功能,这次的拓扑图如下:
说明:IP及接口配置如上所示,左边运行OSPF,右边运行EIGRP
实验目的:掌握用分发列表来过滤路由
在重分布路由时使用路由汇总来降低路由器的负担,以及带来的问题
具体要求:R2过滤掉1.1.1.0的路由,R5在向R4通告的时候过滤掉172.16.55.0的路由。
Ospf向eigrp通告路由时将路由汇总10.0.0.0/8的
Eigrp向Ospf通告路由时将路由汇总成172.16.0.0/16的
环回口路由可以不用汇总
实验步骤:
1. 配置IP地址以及路由协议
2. 在R3上配置重分布
配置命令:
router eigrp 90
redistribute ospf 110 metric 1544 100 255 1 1500
network 33.33.33.0 0.0.0.255
network 172.16.34.0 0.0.0.255
no auto-summary
!
router ospf 110
router-id 3.3.3.3
log-adjacency-changes
redistribute eigrp 90 subnets tag 8888
network 3.3.3.0 0.0.0.255 area 0
network 10.2.2.0 0.0.0.255 area 0
R1#show ip route
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
2.0.0.0/24 is subnetted, 1 subnets
O 2.2.2.0 [110/65] via 10.1.1.2, 00:21:34, Serial0/0
33.0.0.0/24 is subnetted, 1 subnets
O E2 33.33.33.0 [110/20] via 10.1.1.2, 00:21:34, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/129] via 10.1.1.2, 00:21:34, Serial0/0
4.0.0.0/24 is subnetted, 1 subnets
O E2 4.4.4.0 [110/20] via 10.1.1.2, 00:21:34, Serial0/0
5.0.0.0/24 is subnetted, 1 subnets
O E2 5.5.5.0 [110/20] via 10.1.1.2, 00:21:34, Serial0/0
172.16.0.0/24 is subnetted, 3 subnets
O E2 172.16.55.0 [110/20] via 10.1.1.2, 00:21:37, Serial0/0
O E2 172.16.45.0 [110/20] via 10.1.1.2, 00:21:37, Serial0/0
O E2 172.16.34.0 [110/20] via 10.1.1.2, 00:21:37, Serial0/0
10.0.0.0/24 is subnetted, 2 subnets
O 10.2.2.0 [110/128] via 10.1.1.2, 00:21:37, Serial0/0
C 10.1.1.0 is directly connected, Serial0/0
此时,所有路由器都有所有的路由。
3. 在R2上配置分发列表过滤路由1.1.1.0
R2(config)#ip access-list stan 10
R2(config-std-nacl)#10 deny 1.1.1.0
R2(config-std-nacl)#20 permit any
R2(config)#router ospf 110
R2(config-router)#distribute-list 10 in s0/0
配置结果查看:
R2#show ip route
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, Loopback0
33.0.0.0/24 is subnetted, 1 subnets
O E2 33.33.33.0 [110/20] via 10.2.2.3, 00:00:17, Serial0/1
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/65] via 10.2.2.3, 00:00:17, Serial0/1
4.0.0.0/24 is subnetted, 1 subnets
O E2 4.4.4.0 [110/20] via 10.2.2.3, 00:00:17, Serial0/1
5.0.0.0/24 is subnetted, 1 subnets
O E2 5.5.5.0 [110/20] via 10.2.2.3, 00:00:17, Serial0/1
172.16.0.0/24 is subnetted, 3 subnets
O E2 172.16.55.0 [110/20] via 10.2.2.3, 00:00:17, Serial0/1
O E2 172.16.45.0 [110/20] via 10.2.2.3, 00:00:17, Serial0/1
O E2 172.16.34.0 [110/20] via 10.2.2.3, 00:00:18, Serial0/1
10.0.0.0/24 is subnetted, 2 subnets
C 10.2.2.0 is directly connected, Serial0/1
C 10.1.1.0 is directly connected, Serial0/0
此时R2上面已经没有1.1.1.0的路由,但R3的路由表中还有此条路由
R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
O 1.1.1.0 [110/129] via 10.2.2.2, 00:29:56, Serial0/1
2.0.0.0/24 is subnetted, 1 subnets
O 2.2.2.0 [110/65] via 10.2.2.2, 00:29:56, Serial0/1
33.0.0.0/24 is subnetted, 1 subnets
C 33.33.33.0 is directly connected, Loopback1
3.0.0.0/24 is subnetted, 1 subnets
C 3.3.3.0 is directly connected, Loopback0
4.0.0.0/24 is subnetted, 1 subnets
D 4.4.4.0 [90/2297856] via 172.16.34.4, 00:31:50, Serial0/2
5.0.0.0/24 is subnetted, 1 subnets
D 5.5.5.0 [90/2809856] via 172.16.34.4, 00:31:19, Serial0/2
172.16.0.0/24 is subnetted, 3 subnets
D 172.16.55.0 [90/2809856] via 172.16.34.4, 00:31:27, Serial0/2
D 172.16.45.0 [90/2681856] via 172.16.34.4, 00:31:58, Serial0/2
C 172.16.34.0 is directly connected, Serial0/2
10.0.0.0/24 is subnetted, 2 subnets
C 10.2.2.0 is directly connected, Serial0/1
10.1.1.0 [110/128] via 10.2.2.2, 00:29:57, Serial0/1
4. 在R5上配置分发列表过滤路由
R5(config)#ip access-list stan 10
R5(config-std-nacl)#10 deny 172.16.55.0
R5(config-std-nacl)#20 permit any
R5(config-std-nacl)#exit
R5(config)#router eigrp 90
R5(config-router)#distribute-list 10 out s0/3
R5(config-router)#end
R5#
*Mar 1 04:39:42.830: %SYS-5-CONFIG_I: Configured from console by console
R5#
*Mar 1 04:39:51.734: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 90: Neighbor 172.16.45.4 (Serial0/3) is resync: route configuration changed
当邻居重新建立以后,再看R4的路由表
R4#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
D EX 1.1.1.0 [170/2195456] via 172.16.34.3, 00:34:14, Serial0/2
2.0.0.0/24 is subnetted, 1 subnets
D EX 2.2.2.0 [170/2195456] via 172.16.34.3, 00:34:14, Serial0/2
33.0.0.0/24 is subnetted, 1 subnets
D 33.33.33.0 [90/2297856] via 172.16.34.3, 00:36:52, Serial0/2
3.0.0.0/24 is subnetted, 1 subnets
D EX 3.3.3.0 [170/2195456] via 172.16.34.3, 00:34:14, Serial0/2
4.0.0.0/24 is subnetted, 1 subnets
C 4.4.4.0 is directly connected, Loopback0
5.0.0.0/24 is subnetted, 1 subnets
D 5.5.5.0 [90/2297856] via 172.16.45.5, 00:36:08, Serial0/3
172.16.0.0/24 is subnetted, 2 subnets
C 172.16.45.0 is directly connected, Serial0/3
C 172.16.34.0 is directly connected, Serial0/2
10.0.0.0/24 is subnetted, 2 subnets
D EX 10.2.2.0 [170/2195456] via 172.16.34.3, 00:34:14, Serial0/2
D EX 10.1.1.0 [170/2195456] via 172.16.34.3, 00:34:14, Serial0/2
结果:R4上已经没有了172.16.55.0的路由
5. 在R3上做路由汇总
R3(config)#int s0/2
R3(config-if)#ip summary-address eigrp 90 10.0.0.0 255.0.0.0
R3(config-if)#router ospf 110
R3(config-router)#summary-address 172.16.0.0 255.255.0.0
在R1和R5上分别看路由表
汇总前:
R1#show ip route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
2.0.0.0/24 is subnetted, 1 subnets
O 2.2.2.0 [110/65] via 10.1.1.2, 00:21:34, Serial0/0
33.0.0.0/24 is subnetted, 1 subnets
O E2 33.33.33.0 [110/20] via 10.1.1.2, 00:21:34, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/129] via 10.1.1.2, 00:21:34, Serial0/0
4.0.0.0/24 is subnetted, 1 subnets
http://www.luyouqiwang.com/15220
O E2 4.4.4.0 [110/20] via 10.1.1.2, 00:21:34, Serial0/0
5.0.0.0/24 is subnetted, 1 subnets
O E2 5.5.5.0 [110/20] via 10.1.1.2, 00:21:34, Serial0/0
172.16.0.0/24 is subnetted, 3 subnets
O E2 172.16.55.0 [110/20] via 10.1.1.2, 00:21:37, Serial0/0
O E2 172.16.45.0 [110/20] via 10.1.1.2, 00:21:37, Serial0/0
O E2 172.16.34.0 [110/20] via 10.1.1.2, 00:21:37, Serial0/0
10.0.0.0/24 is subnetted, 2 subnets
O 10.2.2.0 [110/128] via 10.1.1.2, 00:21:37, Serial0/0
C 10.1.1.0 is directly connected, Serial0/0
汇总路由以后
R1#show ip rou
R1#show ip route
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
2.0.0.0/24 is subnetted, 1 subnets
O 2.2.2.0 [110/65] via 10.1.1.2, 00:39:01, Serial0/0
33.0.0.0/24 is subnetted, 1 subnets
O E2 33.33.33.0 [110/20] via 10.1.1.2, 00:39:01, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/129] via 10.1.1.2, 00:39:01, Serial0/0
4.0.0.0/24 is subnetted, 1 subnets
O E2 4.4.4.0 [110/20] via 10.1.1.2, 00:39:01, Serial0/0
5.0.0.0/24 is subnetted, 1 subnets
O E2 5.5.5.0 [110/20] via 10.1.1.2, 00:39:01, Serial0/0
O E2 172.16.0.0/16 [110/20] via 10.1.1.2, 00:01:09, Serial0/0
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O 10.2.2.0/24 [110/128] via 10.1.1.2, 00:39:01, Serial0/0
C 10.1.1.0/24 is directly connected, Serial0/0
O E2 10.0.0.0/8 [110/20] via 10.1.1.2, 00:01:37, Serial0/0
实验结果:
在R1上看汇总路由的结果,经过汇总,确实把Eigrp传过来的路由已经汇总成了172.16.0.0,但是,同样在R1上可以看到还有一条10.0.0.0/8的汇总路由,是从EIGRP重分布过来的,实际上这是一条不需要的路由或者可以说是产生了环路。
6. 在R3上做路由重分布的过滤,防止环路的发生
解决环路,双进行重分布的路由器上面做分发列表,拒绝某路由协议域的汇总路由通过重分布再回到该路由域
R3上的配置
router eigrp 90
redistribute ospf 110 metric 1544 100 255 1 1500
network 33.33.33.0 0.0.0.255
network 172.16.34.0 0.0.0.255
distribute-list 30 out ospf 110
no auto-summary
access-list 30 deny 172.16.0.0
access-list 30 permit any
!
router ospf 110
router-id 3.3.3.3
summary-address 172.16.0.0 255.255.0.0
redistribute eigrp 90 subnets tag 8888
network 3.3.3.0 0.0.0.255 area 0
network 10.2.2.0 0.0.0.255 area 0
distribute-list 20 out eigrp 90
!
access-list 20 deny 10.0.0.0
access-list 20 permit any
此时再查看R1的路由表,已经没有了该条10.0.0.0/8的路由
R1#show ip route
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
2.0.0.0/24 is subnetted, 1 subnets
O 2.2.2.0 [110/65] via 10.1.1.2, 01:00:35, Serial0/0
33.0.0.0/24 is subnetted, 1 subnets
O E2 33.33.33.0 [110/20] via 10.1.1.2, 01:00:35, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/129] via 10.1.1.2, 01:00:35, Serial0/0
4.0.0.0/24 is subnetted, 1 subnets
O E2 4.4.4.0 [110/20] via 10.1.1.2, 01:00:35, Serial0/0
5.0.0.0/24 is subnetted, 1 subnets
O E2 5.5.5.0 [110/20] via 10.1.1.2, 01:00:35, Serial0/0
O E2 172.16.0.0/16 [110/20] via 10.1.1.2, 00:22:43, Serial0/0
10.0.0.0/24 is subnetted, 2 subnets
O 10.2.2.0 [110/128] via 10.1.1.2, 01:00:35, Serial0/0
C 10.1.1.0 is directly connected, Serial0/0
注意:在运行OSPF路由协议的路由器之间使用分发列表时,不允许使用接口上的out,允许使用接口in,但是使用接口in只影响本台路由器,对下游OSPF路由器是不会产生影响的,因为通告是LSA而不是路由。