实验拓扑
【实验基本配置】,如果不会配置,见文章最下方
按照上图配置接口地址与OSPF,做如下配置
1、R1的Loopback0地址为150.1.1.1/24;R4的Loopback0地址为150.1.4.4/24;
R5的Loopback0地址为150.1.5.5/24;
R6的Loopback0地址为150.1.6.6/24
2、每个路由器的router-id 为loopback0地址
【实验要求】
在R1与R4上配置,使得R5与R6互相ping不通
实验思考:
- 方法1:可以使用访问控制列表,实验成功,但有个缺点,它会影响R1与R4,R1 到 R5与R6也无法ping通
R1 & R4:
access-list 10 deny 150.1.6.6
access-list 10 deny 150.1.5.5
access-list 10 permit any
interface FastEthernet0/0
ip access-group 10 in
interface s0/0
ip access-group 10 in
- 方法2:前缀列表+distribute-list (prefix-list),实验成功,注意下面高亮表示的in,使用out将不起任何作用,并且R5与R6中的路由存在对方的Loopback地址
R1 & R4:
ip prefix-list AREA1_FILTER_IN seq 5 deny 150.1.5.5/32
ip prefix-list AREA1_FILTER_IN seq 10 permit 0.0.0.0/0 le 32
ip prefix-list AREA1_FILTER_OUT seq 5 deny 150.1.6.6/32
ip prefix-list AREA1_FILTER_OUT seq 10 permit 0.0.0.0/0 le 32
router ospf 1
distribute-list prefix
AREA1_FILTER_IN
in s0/0
distribute-list prefix
AREA1_FILTER_OUT
in f0/0
- 方法4:访问控制列表+distribute-list,实验成功, R5与R6中的路由存在对方的Loopback地址
R1 & R4:
access-list 10 deny 150.1.6.6
access-list 10 deny 150.1.5.5
access-list 10 permit any
router ospf 1
distribute-list 10 in
- 方法3:前缀列表+filter-list,实验成功,R5与R6的路由表中没有对方的loopback地址
R1 & R4:
no ip prefix-list AREA1_FILTER_OUT
ip prefix-list AREA1_FILTER_OUT deny 150.1.6.6/32
ip prefix-list AREA1_FILTER_OUT permit 0.0.0.0/0 le 32
no ip prefix-list AREA1_FILTER_IN
ip prefix-list AREA1_FILTER_IN deny 150.1.5.5/32
ip prefix-list AREA1_FILTER_IN permit 0.0.0.0/0 le 32
router ospf 1
area 1 filter-list prefix AREA1_FILTER_OUT out
area 1 filter-list prefix AREA1_FILTER_IN in
- 方法5:设置不广播, 实验成功,R5与R6的路由表中没有对方的loopback地址
R1 & R4:
router ospf 1
area 1 range 150.1.6.0 255.255.255.0 not-adv
area 0 range 150.1.5.0 255.255.255.0 not-adv
- 方法6:使用route-map和Distribute, 实验成功,R5与R6的路由表中存在对方的loopback地址
R1 & R4:
access-list 1 permit 150.1.6.6
access-list 1 permit 150.1.5.5
route-map
FILTER_OSPF deny 10
match ip route-source 1
router-map
FILTER_OSPF permit 100
router ospf 1
distribute-list route-map FILTER_OSPF in
Distribute-list的使用总结
-------------------------------------------------------------------------
首先理解:in 将改变自己 out将改变别人
一. 距离矢量协议Rip Eigrp
因为距离矢量协议直接传递路由信息,会在运行协议进程接口的in 和out方向控制相应协议路由信息
Distribute-list in在协议接口的in方向控制路由信息,只改变自己(生成路由表之前就改变路由信息)其它路由器不改变(除非是边界协议路由器会影响其它协议的重发布等)
Distribute-list out在协议接口的out方向控制路由信息,自己不改变(路由表已生成),其它路由器会改变。
二. 链路状态协议Ospf Is-Is
因为链路状态协议传递的是LSA(LSU)信息,在每台路由器同步LSA(LSU)后每台路由器根据database数据库信息运行SPF算法再得到路由表信息。在接口in 和out方向不直接传递路由信息.
但5类LSA类似距离矢量协议会受影响所以5类的外部路由会被distribute-list发生改变.
如果是一个纯的链路状态协议的网络(ospf)没有5类的LSA:
Distribute-list out将不起任何作用(其它路由器不受改变),但会在不同进程之间起作用.
如: R2(config-router)#distribute-list 1 out ospf 1(上述实验中验证)
Distribute-list in 不改变ospf database的信息,但会过滤相应的数据包
因此使用方法2和4通过查看路由信息,你会发现R5虽然ping不同R6,但是路由表中依然存在R6的路由信息
------------------------------------------------------实验基本配置-----------------------------------------------
R1:
interface Fa 0/0
ip address 155.1.146.1 255.255.255.0
no shut
!
interface Serial 0/0
encapsulation frame-relay
no frame-relay inverse-arp
ip address 155.1.0.1 255.255.255.0
frame-relay map ip 155.1.0.5 105
frame-relay map ip 155.1.0.4 105
ip ospf priority 0
no shutdown
!
interface Loopback0
ip address 150.1.1.1 255.255.255.0
!
router ospf 1
router-id 150.1.1.1
network 155.1.146.1 0.0.0.0 area 1
network 150.1.1.1 0.0.0.0 area 1
network 155.1.0.1 0.0.0.0 area 0
R4:
interface Eth 0/1
ip address 155.1.146.4 255.255.255.0
!
interface Serial 0/0
encapsulation frame-relay
no frame-relay inverse-arp
ip address 155.1.0.4 255.255.255.0
frame-relay map ip 155.1.0.5 405
frame-relay map ip 155.1.0.1 405
ip ospf priority 0
!
interface Loopback0
ip address 150.1.4.4 255.255.255.0
!
router ospf 1
router-id 150.1.4.4
network 155.1.146.4 0.0.0.0 area 1
network 150.1.4.4 0.0.0.0 area 1
network 155.1.0.4 0.0.0.0 area 0
R5:
interface Serial 0/0
encapsulation frame-relay
no frame-relay inverse-arp
ip address 155.1.0.5 255.255.255.0
frame-relay map ip 155.1.0.4 504
frame-relay map ip 155.1.0.1 501
!
interface Loopback0
ip address 150.1.5.5 255.255.255.0
!
router ospf 1
router-id 150.1.5.5
network 150.1.5.5 0.0.0.0 area 0
network 155.1.0.5 0.0.0.0 area 0
neighbor 155.1.0.4
neighbor 155.1.0.1
R6:
interface Gig 0/1
ip address 155.1.146.6 255.255.255.0
!
interface Loopback0
ip address 150.1.6.6 255.255.255.0
!
router ospf 1
router-id 150.1.6.6
network 155.1.146.6 0.0.0.0 area 1
network 150.1.6.6 0.0.0.0 area 1
本文转自zcm8483 51CTO博客,原文链接:http://blog.51cto.com/haolun/993185
