迷彩 潜伏 隐蔽 伪装
分类:
2012-08-22 17:56:29
route-map做过滤
实验目的:
1:熟练配置路由重分发
2:利用route-map过滤相应的路由
实验拓扑:
3人一组(或者一人独立完成),由授课老师负责分配设备并掩饰配置路由协力和重分发,并说明如何通过配置route-map来过滤路由。最终由学生按实验 要求独力配置。
实验要求:
1:在london上看到192.168.1.0/3.0/5.0/7.0的网络
2:在denver上不看到172.16.2.0/4.0/6.0/8.0的网络
1:具体配置
R1
!
Enable
Conf t
Host london
No domain-look
Line cons 0
No exec-time
Logg sync
!
Loopback0
ip address 172.16.1.1 255.255.255.0
!
interface Loopback1
ip address 172.16.2.1 255.255.255.0
!
interface Loopback2
ip address 172.16.3.1 255.255.255.0
!
interface Loopback3
ip address 172.16.4.1 255.255.255.0
!
interface Loopback4
ip address 172.16.5.1 255.255.255.0
!
interface Loopback5
ip address 172.16.6.1 255.255.255.0
!
interface Loopback6
ip address 172.16.7.1 255.255.255.0
!
interface Loopback7
ip address 172.16.8.1 255.255.255.0
!
Interface loopback 8
Ip add 1.1.1.1 255.255.255.255
!
interface Serial1
ip address 10.1.1.1 255.255.255.252
no sh
!
router ospf 1
router-id 1.1.1.1
network 0.0.0.0 255.255.255.255 area 0
!
End
按拓扑要求配置路由器的各个接口,并起用ospf,把所有直链网络宣告进ospf,且属于area0。
R13
!
Enable
Conf t
hostname Florence
no ip domain-look
line cons 0
no exec-time
logg sync
!
Int loo 0
Ip add 2.2.2.2 255.255.255.255
!
interface Serial0
clockrate 64000
ip address 10.1.1.2 255.255.255.252
no sh
!
interface Serial1
clockrate 64000
ip address 10.1.1.6 255.255.255.252
ip router isis
no sh
!
router ospf 1
router-id 2.2.2.2
network 10.1.1.2 0.0.0.0 area 0
redistribute isis level-1 subnets route-map isis-ospf (把isis的1号类型的路由重分发进ospf且调用route-map为isis-ospf的策略)
!
router isis
net 49.0001.0000.0000.0013.00
redistribute ospf 1 route-map ospf-isis level-1 (将ospf分发进ospf且分发进来的路由条目全为ls1号类型)
is-type level-1
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 1 permit 192.168.5.0 0.0.0.255
access-list 1 permit 192.168.7.0 0.0.0.255
access-list 2 permit 172.16.2.0 0.0.0.255
access-list 2 permit 172.16.4.0 0.0.0.255
access-list 2 permit 172.16.6.0 0.0.0.255
access-list 2 permit 172.16.8.0 0.0.0.255
!
route-map isis-ospf permit 10 (具体定义策略isis-ospf的内容,符合地址的被分发)
match ip address 1
!
route-map ospf-isis deny 10(具体定义ospf-isis的策略内容,符合地址的被分发)
match ip address 2
!
route-map ospf-isis permit 20
!
end
按要求配置该路由器的各个接口,并起用ospf和isis,把相映的网络宣告进两种协议,最后分别在两种协力里做了双向的重分发,并且要满足策略内 容的才可以被分发出去。
R3
!
Enable
Conf t
hostname Denver
no ip domain-lookup
line cons 0
no exec-time
logg sync
!
interface Loopback0
ip address 192.168.1.1 255.255.255.0
ip router isis (在接口下启用isis)
!
interface Loopback1
ip address 192.168.2.1 255.255.255.0
ip router isis
!
interface Loopback2
ip address 192.168.3.1 255.255.255.0
ip router isis
!
interface Loopback3
ip address 192.168.4.1 255.255.255.0
ip router isis
!
interface Loopback4
ip address 192.168.5.1 255.255.255.0
ip router isis
interface Loopback5
ip address 192.168.6.1 255.255.255.0
ip router isis
!
interface Loopback6
ip address 192.168.7.1 255.255.255.0
ip router isis
!
interface Loopback7
ip address 192.168.8.1 255.255.255.0
ip router isis
!
interface Serial1
ip address 10.1.1.5 255.255.255.0
ip router isis
no sh
!
router isis
net 49.0001.0000.0000.0003.00
is-type level-1
!
end
按要求配置该路由器的各个接口,并在各个接口下起用isis,最后在全局模式下启用isis,且规定isis的区域为1。
1:仔细观察路由表,观察实验现象
2:熟悉route-map的其他参数
3:比较route-map和distribute-list的区别