路由过滤实验

实验拓扑以及要求

此实验总结

1.ip-prefix 拒绝192.168.4.1 32,这样写的话并不会匹配192.168.4.1 32,需要加上范围less-eq 32,也就是说,192.168.4.1 32只是规则的范围,匹配还是得写范围
2.router-policy适合用在边界路由器引入
filter-policy都可以用

配置IP

配置ospf,rip

R1
rip 1undo summaryversion 2network 100.0.0.0network 192.168.0.0network 192.168.1.0R2
rip 1undo summaryversion 2network 100.0.0.0silent-interface GigabitEthernet0/0/0import-route ospf 1 route-policy aaaR3
ospf 1 router-id 2.2.2.2 import-route rip 1area 0.0.0.0 network 100.2.2.0 0.0.0.255 R4
ospf 1 router-id 4.4.4.4 filter-policy ip-prefix bb importarea 0.0.0.1 network 100.3.3.0 0.0.0.255 network 192.168.4.1 0.0.0.0 network 192.168.5.1 0.0.0.0 

双向引入,过滤R4业务网段

引入在上面的试图已经复制了

R2
[r2-rip-1]dis route-policy aaa//路由策略
Route-policy : aaapermit : 10 (matched counts: 7)Match clauses : if-match ip-prefix bb
[r2-rip-1]dis ip ip-prefix bb//地址前置列表匹配
Prefix-list bb
Permitted 7
Denied 4index: 10               deny    192.168.4.1/32          ge  32  le  32index: 20               deny    192.168.5.1/32          ge  32  le  32index: 30               permit  0.0.0.0/0               le  32 

R1没有R4的环回

R4不学习R1网段

R4
filter-policy ip-prefix bb import[r4-ospf-1]dis ip ip-prefix bb
Prefix-list bb
Permitted 7
Denied 2index: 10               deny    192.168.0.1/32          ge  32  le  32index: 20               deny    192.168.1.1/32          ge  32  le  32index: 30               permit  0.0.0.0/0               le  32

R4没有R1的环回

ospf中不能出现RIP协议报文(静默接口)

[r2-rip-1]silent-interface g0/0/1