路由能够基于网络号过滤到或来自于某个特定邻居的路由更新。由访问列表组成的过滤器被应用到所有发送到或来自于某个特定邻居的BGP更新上。
本案例中,我们在R1上配置一个distribute-list,防止1.0.0.0/8被通告入AS200中。
//// r1 ////
int f2/0
ip ad 192.1.1.1 255.255.255.0
int f3/0
ip ad 193.1.1.1 255.255.255.0
int lo0
ip ad 1.1.1.1 255.255.255.0
int lo1
ip ad 2.2.2.2 255.255.255.0
router bgp 100
no syn
neighbor 192.1.1.2 remote-as 200
neighbor 193.1.1.3 remote-as 200
network 1.0.0.0
network 1.0.0.0
neighbor 193.1.1.3 distribute-list 1 out
access-list 1 deny 1.0.0.0 0.255.255.255
access-list 1 permit any
//// r2 ////
int f2/0
ip ad 192.1.1.2 255.255.255.0
int f4/0
ip ad 194.1.1.2 255.255.255.0
router os 1
netw 0.0.0.0 255.255.255.255 a 0
passive-interface f2/0
router bgp 200
no syn
neighbor 192.1.1.1 remote-as 100
neighbor 194.1.1.4 remote-as 200
neighbor 195.1.1.3 remote-as 200
neighbor 194.1.1.4 next-hop-self
//// r3 ////
int f3/0
ip ad 193.1.1.3 255.255.255.0
int f5/0
ip ad 195.1.1.3 255.255.255.0
router os 1
netw 0.0.0.0 255.255.255.255 a 0
passive-interface f3/0
router bgp 200
no syn
neighbor 193.1.1.1 remote-as 100
neighbor 195.1.1.4 remote-as 200
neighbor 195.1.1.4 next-hop-self
neighbor 194.1.1.2 remote-as 200
//// r4 ////
int f4/0
ip ad 194.1.1.4 255.255.255.0
int f5/0
ip ad 195.1.1.4 255.255.255.0
int lo0
ip ad 4.4.4.4 255.255.255.0
router os 1
netw 0.0.0.0 255.255.255.255 a 0
router bgp 200
no syn
neighbor 194.1.1.2 remote-as 200
neighbor 195.1.1.3 remote-as 200
netw 4.0.0.0
验证:
r2#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 1.0.0.0 192.1.1.1 0 0 100 i
* i2.0.0.0 193.1.1.1 0 100 0 100 i
*> 192.1.1.1 0 0 100 i
*>i4.0.0.0 194.1.1.4 0 100 0 i
Network Next Hop Metric LocPrf Weight Path
*> 1.0.0.0 192.1.1.1 0 0 100 i
* i2.0.0.0 193.1.1.1 0 100 0 100 i
*> 192.1.1.1 0 0 100 i
*>i4.0.0.0 194.1.1.4 0 100 0 i
由193.1.1.1学来的1.0.0.0/8路由条目已被过滤!
本文转自 ciscodocu51CTO博客,原文链接:http://blog.51cto.com/ciscodocu/52810,如需转载请自行联系原作者
