用分发列表过滤掉路由更新，以达到路由筛选的目的-阿里云开发者社区

用分发列表过滤掉路由更新，以达到路由筛选的目的

2017-11-13 1123

版权

本文内容由阿里云实名注册用户自发贡献，版权归原作者所有，阿里云开发者社区不拥有其著作权，亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容，填写侵权投诉表单进行举报，一经查实，本社区将立刻删除涉嫌侵权内容。

简介：

一、拓扑图：

二、配置各路由器的IP和协议，然后在R2上做重分发。保证两边都能学到各自的路由，为了学到的全部都是明细路由，以体现实验效果。我们把R2和R3的RIP V2都关闭自动汇总，

1、下面看一下R1的route:

R1#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

172.168.0.0/24 is subnetted, 4 subnets

C 172.168.0.0 is directly connected, Loopback0

C 172.168.1.0 is directly connected, Loopback0

C 172.168.2.0 is directly connected, Loopback0

C 172.168.3.0 is directly connected, Loopback0

172.16.0.0/24 is subnetted, 1 subnets

C 172.16.255.0 is directly connected, Serial1/1

O E2 192.168.255.0/24 [110/200] via 172.16.255.2, 00:00:03, Serial1/1

O E2 192.168.0.0/24 [110/200] via 172.16.255.2, 00:00:03, Serial1/1

O E2 192.168.1.0/24 [110/200] via 172.16.255.2, 00:00:03, Serial1/1

O E2 192.168.2.0/24 [110/200] via 172.16.255.2, 00:00:03, Serial1/1

O E2 192.168.3.0/24 [110/200] via 172.16.255.2, 00:00:03, Serial1/1

2、再来看一下R3的路由表：

R3#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

172.168.0.0/16 is variably subnetted, 4 subnets, 2 masks

R 172.168.1.0/24 [120/10] via 192.168.255.2, 00:00:02, Serial1/0

R 172.168.0.1/32 [120/10] via 192.168.255.2, 00:00:02, Serial1/0

R 172.168.2.0/24 [120/10] via 192.168.255.2, 00:00:02, Serial1/0

R 172.168.3.0/24 [120/10] via 192.168.255.2, 00:00:02, Serial1/0

172.16.0.0/24 is subnetted, 1 subnets

R 172.16.255.0 [120/10] via 192.168.255.2, 00:00:02, Serial1/0

C 192.168.255.0/24 is directly connected, Serial1/0

C 192.168.0.0/24 is directly connected, Loopback0

C 192.168.1.0/24 is directly connected, Loopback0

C 192.168.2.0/24 is directly connected, Loopback0

C 192.168.3.0/24 is directly connected, Loopback0

3、现在两边明细路由都有了，那么现在我要用distribute的命令过滤特定路由条目。不过在这之前我们要建立访问控制列表。

4、在 R2上 distribute针对 ospf区域的 RIP发进来的路由，以过滤掉 192.168.2.0/24和 192.168.3.0/24的网络：

R2(config)#access-list 1 deny 192.168.2.0 0.0.0.255

R2(config)#access-list 1 deny 192.168.3.0 0.0.0.255

R2(config)#access-list 1 permit any (这一条一定要加上，不然的话会全部过滤掉RIP来的路由)

R2(config-router)# router ospf 1

R2(config-router)#distribute-list 1 out rip (对外部RIP路由进行distribute,引用访问控制列表1)

5、再来看一下 R1的路由表：

R1#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

172.168.0.0/24 is subnetted, 4 subnets

C 172.168.0.0 is directly connected, Loopback0

C 172.168.1.0 is directly connected, Loopback0

C 172.168.2.0 is directly connected, Loopback0

C 172.168.3.0 is directly connected, Loopback0

172.16.0.0/24 is subnetted, 1 subnets

C 172.16.255.0 is directly connected, Serial1/1

O E2 192.168.255.0/24 [110/200] via 172.16.255.2, 00:01:31, Serial1/1

O E2 192.168.0.0/24 [110/200] via 172.16.255.2, 00:01:31, Serial1/1

O E2 192.168.1.0/24 [110/200] via 172.16.255.2, 00:01:31, Serial1/1 (现在只能学到这三条路由了,过滤掉了192.168.2.0和192.168.3.0这两个网络)

6、我们再在 R2上 distribute针对 RIP区域的 OSPF发进来的路由，以过滤掉 172.168.0.0/24和 172.168.1.0/24的网络：

R2(config)#access-list 2 deny 172.168.0.0 0.0.0.255 (建立一个列表2对源地址的过滤)

R2(config)#access-list 2 deny 172.168.1.0 0.0.0.255 (建立一个列表2对源地址的过滤)

R2(config)#access-list 2 permit any (切记不要忘了加这一条，不然所有路由都学不到)

R2(config-router)# router rip

R2(config-router)#distribute-list 2 out ospf 1(对外部ospf路由进行distribute,引用访问控制列表2)

7、下面我再来看一下 R3的路由表：

R3#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

172.168.0.0/24 is subnetted, 2 subnets

R 172.168.2.0 [120/10] via 192.168.255.2, 00:00:01, Serial1/0

R 172.168.3.0 [120/10] via 192.168.255.2, 00:00:01, Serial1/0 (只有这两条路由了)

172.16.0.0/24 is subnetted, 1 subnets

R 172.16.255.0 [120/10] via 192.168.255.2, 00:00:01, Serial1/0

C 192.168.255.0/24 is directly connected, Serial1/0

C 192.168.0.0/24 is directly connected, Loopback0

C 192.168.1.0/24 is directly connected, Loopback0

C 192.168.2.0/24 is directly connected, Loopback0

C 192.168.3.0/24 is directly connected, Loopback0

R3#

通过上面的图示可以看到 172.168.0.0/24和 172.168.1.0/24的网络已经被过滤掉了。

本文转自wxs-163 51CTO博客，原文链接:http://blog.51cto.com/supercisco/253406

用分发列表过滤掉路由更新，以达到路由筛选的目的

热门文章

最新文章

相关电子书

相关实验场景