使用分發列表過濾路由及路由彙總、防環
拓撲圖
說明:IP及介面配置如上所示,左邊執行OSPF,右邊執行EIGRP
實驗目的:掌握用分發列表來過濾路由
在重分佈路由時使用路由彙總來降低路由器的負擔,以及帶來的問題
具體要求:R2過濾掉1.1.1.0的路由,R5在向R4通告的時候過濾掉172.16.55.0的路由。
Ospf向eigrp通告路由時將路由彙總10.0.0.0/8的
Eigrp向Ospf通告路由時將路由彙總成172.16.0.0/16的
環回口路由可以不用匯總
實驗步驟:
1. 配置IP地址以及路由協議
2. 在R3上配置重分佈
配置命令:
router eigrp 90
redistribute ospf 110 metric 1544 100 255 1 1500
network 33.33.33.0 0.0.0.255
network 172.16.34.0 0.0.0.255
no auto-summary
!
router ospf 110
router-id 3.3.3.3
log-adjacency-changes
redistribute eigrp 90 subnets tag 8888
network 3.3.3.0 0.0.0.255 area 0
network 10.2.2.0 0.0.0.255 area 0
R1#show ip route
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
2.0.0.0/24 is subnetted, 1 subnets
O 2.2.2.0 [110/65] via 10.1.1.2, 00:21:34, Serial0/0
33.0.0.0/24 is subnetted, 1 subnets
O E2 33.33.33.0 [110/20] via 10.1.1.2, 00:21:34, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/129] via 10.1.1.2, 00:21:34, Serial0/0
4.0.0.0/24 is subnetted, 1 subnets
O E2 4.4.4.0 [110/20] via 10.1.1.2, 00:21:34, Serial0/0
5.0.0.0/24 is subnetted, 1 subnets
O E2 5.5.5.0 [110/20] via 10.1.1.2, 00:21:34, Serial0/0
172.16.0.0/24 is subnetted, 3 subnets
O E2 172.16.55.0 [110/20] via 10.1.1.2, 00:21:37, Serial0/0
O E2 172.16.45.0 [110/20] via 10.1.1.2, 00:21:37, Serial0/0
O E2 172.16.34.0 [110/20] via 10.1.1.2, 00:21:37, Serial0/0
10.0.0.0/24 is subnetted, 2 subnets
O 10.2.2.0 [110/128] via 10.1.1.2, 00:21:37, Serial0/0
C 10.1.1.0 is directly connected, Serial0/0
此時,所有路由器都有所有的路由。
3. 在R2上配置分發列表過濾路由1.1.1.0
R2(config)#ip access-list stan 10
R2(config-std-nacl)#10 deny 1.1.1.0
R2(config-std-nacl)#20 permit any
R2(config)#router ospf 110
R2(config-router)#distribute-list 10 in s0/0
配置結果檢視:
R2#show ip route
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, Loopback0
33.0.0.0/24 is subnetted, 1 subnets
O E2 33.33.33.0 [110/20] via 10.2.2.3, 00:00:17, Serial0/1
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/65] via 10.2.2.3, 00:00:17, Serial0/1
4.0.0.0/24 is subnetted, 1 subnets
O E2 4.4.4.0 [110/20] via 10.2.2.3, 00:00:17, Serial0/1
5.0.0.0/24 is subnetted, 1 subnets
O E2 5.5.5.0 [110/20] via 10.2.2.3, 00:00:17, Serial0/1
172.16.0.0/24 is subnetted, 3 subnets
O E2 172.16.55.0 [110/20] via 10.2.2.3, 00:00:17, Serial0/1
O E2 172.16.45.0 [110/20] via 10.2.2.3, 00:00:17, Serial0/1
O E2 172.16.34.0 [110/20] via 10.2.2.3, 00:00:18, Serial0/1
10.0.0.0/24 is subnetted, 2 subnets
C 10.2.2.0 is directly connected, Serial0/1
C 10.1.1.0 is directly connected, Serial0/0
此時R2上面已經沒有1.1.1.0的路由,但R3的路由表中還有此條路由
R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
O 1.1.1.0 [110/129] via 10.2.2.2, 00:29:56, Serial0/1
2.0.0.0/24 is subnetted, 1 subnets
O 2.2.2.0 [110/65] via 10.2.2.2, 00:29:56, Serial0/1
33.0.0.0/24 is subnetted, 1 subnets
C 33.33.33.0 is directly connected, Loopback1
3.0.0.0/24 is subnetted, 1 subnets
C 3.3.3.0 is directly connected, Loopback0
4.0.0.0/24 is subnetted, 1 subnets
D 4.4.4.0 [90/2297856] via 172.16.34.4, 00:31:50, Serial0/2
5.0.0.0/24 is subnetted, 1 subnets
D 5.5.5.0 [90/2809856] via 172.16.34.4, 00:31:19, Serial0/2
172.16.0.0/24 is subnetted, 3 subnets
D 172.16.55.0 [90/2809856] via 172.16.34.4, 00:31:27, Serial0/2
D 172.16.45.0 [90/2681856] via 172.16.34.4, 00:31:58, Serial0/2
C 172.16.34.0 is directly connected, Serial0/2
10.0.0.0/24 is subnetted, 2 subnets
C 10.2.2.0 is directly connected, Serial0/1
10.1.1.0 [110/128] via 10.2.2.2, 00:29:57, Serial0/1
4. 在R5上配置分發列表過濾路由
R5(config)#ip access-list stan 10
R5(config-std-nacl)#10 deny 172.16.55.0
R5(config-std-nacl)#20 permit any
R5(config-std-nacl)#exit
R5(config)#router eigrp 90
R5(config-router)#distribute-list 10 out s0/3
R5(config-router)#end
R5#
*Mar 1 04:39:42.830: %SYS-5-CONFIG_I: Configured from console by console
R5#
*Mar 1 04:39:51.734: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 90: Neighbor 172.16.45.4 (Serial0/3) is resync: route configuration changed
當鄰居重新建立以後,再看R4的路由表
R4#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
D EX 1.1.1.0 [170/2195456] via 172.16.34.3, 00:34:14, Serial0/2
2.0.0.0/24 is subnetted, 1 subnets
D EX 2.2.2.0 [170/2195456] via 172.16.34.3, 00:34:14, Serial0/2
33.0.0.0/24 is subnetted, 1 subnets
D 33.33.33.0 [90/2297856] via 172.16.34.3, 00:36:52, Serial0/2
3.0.0.0/24 is subnetted, 1 subnets
D EX 3.3.3.0 [170/2195456] via 172.16.34.3, 00:34:14, Serial0/2
4.0.0.0/24 is subnetted, 1 subnets
C 4.4.4.0 is directly connected, Loopback0
5.0.0.0/24 is subnetted, 1 subnets
D 5.5.5.0 [90/2297856] via 172.16.45.5, 00:36:08, Serial0/3
172.16.0.0/24 is subnetted, 2 subnets
C 172.16.45.0 is directly connected, Serial0/3
C 172.16.34.0 is directly connected, Serial0/2
10.0.0.0/24 is subnetted, 2 subnets
D EX 10.2.2.0 [170/2195456] via 172.16.34.3, 00:34:14, Serial0/2
D EX 10.1.1.0 [170/2195456] via 172.16.34.3, 00:34:14, Serial0/2
結果:R4上已經沒有了172.16.55.0的路由
5. 在R3上做路由彙總
R3(config)#int s0/2
R3(config-if)#ip summary-address eigrp 90 10.0.0.0 255.0.0.0
R3(config-if)#router ospf 110
R3(config-router)#summary-address 172.16.0.0 255.255.0.0
在R1和R5上分別看路由表
彙總前:
R1#show ip route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
2.0.0.0/24 is subnetted, 1 subnets
O 2.2.2.0 [110/65] via 10.1.1.2, 00:21:34, Serial0/0
33.0.0.0/24 is subnetted, 1 subnets
O E2 33.33.33.0 [110/20] via 10.1.1.2, 00:21:34, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/129] via 10.1.1.2, 00:21:34, Serial0/0
4.0.0.0/24 is subnetted, 1 subnets
O E2 4.4.4.0 [110/20] via 10.1.1.2, 00:21:34, Serial0/0
5.0.0.0/24 is subnetted, 1 subnets
O E2 5.5.5.0 [110/20] via 10.1.1.2, 00:21:34, Serial0/0
172.16.0.0/24 is subnetted, 3 subnets
O E2 172.16.55.0 [110/20] via 10.1.1.2, 00:21:37, Serial0/0
O E2 172.16.45.0 [110/20] via 10.1.1.2, 00:21:37, Serial0/0
O E2 172.16.34.0 [110/20] via 10.1.1.2, 00:21:37, Serial0/0
10.0.0.0/24 is subnetted, 2 subnets
O 10.2.2.0 [110/128] via 10.1.1.2, 00:21:37, Serial0/0
C 10.1.1.0 is directly connected, Serial0/0
彙總路由以後
R1#show ip rou
R1#show ip route
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
2.0.0.0/24 is subnetted, 1 subnets
O 2.2.2.0 [110/65] via 10.1.1.2, 00:39:01, Serial0/0
33.0.0.0/24 is subnetted, 1 subnets
O E2 33.33.33.0 [110/20] via 10.1.1.2, 00:39:01, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/129] via 10.1.1.2, 00:39:01, Serial0/0
4.0.0.0/24 is subnetted, 1 subnets
O E2 4.4.4.0 [110/20] via 10.1.1.2, 00:39:01, Serial0/0
5.0.0.0/24 is subnetted, 1 subnets
O E2 5.5.5.0 [110/20] via 10.1.1.2, 00:39:01, Serial0/0
O E2 172.16.0.0/16 [110/20] via 10.1.1.2, 00:01:09, Serial0/0
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O 10.2.2.0/24 [110/128] via 10.1.1.2, 00:39:01, Serial0/0
C 10.1.1.0/24 is directly connected, Serial0/0
O E2 10.0.0.0/8 [110/20] via 10.1.1.2, 00:01:37, Serial0/0
實驗結果:
在R1上看彙總路由的結果,經過彙總,確實把Eigrp傳過來的路由已經彙總成了172.16.0.0,但是,同樣在R1上可以看到還有一條10.0.0.0/8的彙總路由,是從EIGRP重分佈過來的,實際上這是一條不需要的路由或者可以說是產生了環路。
6. 在R3上做路由重分佈的過濾,防止環路的發生
解決環路,雙進行重分佈的路由器上面做分發列表,拒絕某路由協議域的彙總路由通過重分佈再回到該路由域
R3上的配置
router eigrp 90
redistribute ospf 110 metric 1544 100 255 1 1500
network 33.33.33.0 0.0.0.255
network 172.16.34.0 0.0.0.255
distribute-list 30 out ospf 110
no auto-summary
access-list 30 deny 172.16.0.0
access-list 30 permit any
!
router ospf 110
router-id 3.3.3.3
summary-address 172.16.0.0 255.255.0.0
redistribute eigrp 90 subnets tag 8888
network 3.3.3.0 0.0.0.255 area 0
network 10.2.2.0 0.0.0.255 area 0
distribute-list 20 out eigrp 90
!
access-list 20 deny 10.0.0.0
access-list 20 permit any
此時再檢視R1的路由表,已經沒有了該條10.0.0.0/8的路由
R1#show ip route
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
2.0.0.0/24 is subnetted, 1 subnets
O 2.2.2.0 [110/65] via 10.1.1.2, 01:00:35, Serial0/0
33.0.0.0/24 is subnetted, 1 subnets
O E2 33.33.33.0 [110/20] via 10.1.1.2, 01:00:35, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/129] via 10.1.1.2, 01:00:35, Serial0/0
4.0.0.0/24 is subnetted, 1 subnets
O E2 4.4.4.0 [110/20] via 10.1.1.2, 01:00:35, Serial0/0
5.0.0.0/24 is subnetted, 1 subnets
O E2 5.5.5.0 [110/20] via 10.1.1.2, 01:00:35, Serial0/0
O E2 172.16.0.0/16 [110/20] via 10.1.1.2, 00:22:43, Serial0/0
10.0.0.0/24 is subnetted, 2 subnets
O 10.2.2.0 [110/128] via 10.1.1.2, 01:00:35, Serial0/0
C 10.1.1.0 is directly connected, Serial0/0
注意:在執行OSPF路由協議的路由器之間使用分發列表時,不允許使用介面上的out,允許使用介面in,但是使用介面in隻影響本臺路由器,對下游OSPF路由器是不會產生影響的,因為通告是LSA而不是路由。
轉載於:https://blog.51cto.com/liu008qing/458193