說明:此Lab練習Redistribute並搭配Route-map、Prefix-list、ACL,只讓某些網段Redistribute
感謝廖貝貝提供Show Run
Route-map、Prefix-list、ACL使用在Redistribute,有些許差別
Route-map在編寫上比Prefix-list、ACL麻煩,但彈性較大
Prefix-list在Subnet Mask的管制上會比ACL設定來的方便
實作條件:
★RO_C 建立多條 Loopback,皆放進RIP v2
loopback 10 20.3.0.254/24
loopback 11 20.3.1.254/24
loopback 12 20.3.2.254/24
loopback 13 20.3.3.254/24
loopback 20 150.3.0.254/24
loopback 21 150.3.1.254/24
loopback 22 150.3.2.254/24
loopback 23 150.3.3.254/24
loopback 24 150.3.4.254/23
loopback 25 150.3.32.254/20
loopback 30 172.3.1.254/24
loopback 31 190.3.1.254/24
loopback 31 190.3.2.254/24
loopback 31 190.3.3.254/24
★Redistribute 到 OSPF Policy
一、20網段只允許Redistribute單數網段(20.3.1.0、20.3.3.0)
並設定Metric=1000、Type=E1、Tag=20
二、150網段用IP Prefix-list來match
只允許Class B且subnet mask 23>x>24
並設定Metric=2000、Type=E2、Tag=150
三、190網段只允許Redistribute單數網段(190.3.1.0、190.3.3.0)
並設定Metric=10
RO_C Show Run如下:
RO_C#sh run
Building configuration...
Current configuration : 2450 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RO_C
!
boot-start-marker
boot-end-marker
!
no aaa new-model
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
建立全部的Loopback
interface Loopback10
ip address 20.3.0.254 255.255.255.0
!
interface Loopback11
ip address 20.3.1.254 255.255.255.0
!
interface Loopback12
ip address 20.3.2.254 255.255.255.0
!
interface Loopback13
ip address 20.3.3.254 255.255.255.0
!
interface Loopback20
ip address 150.3.0.254 255.255.255.0
!
interface Loopback21
ip address 150.3.1.254 255.255.255.0
!
interface Loopback22
ip address 150.3.2.254 255.255.255.0
!
interface Loopback23
ip address 150.3.3.254 255.255.255.0
!
interface Loopback24
ip address 150.3.4.254 255.255.254.0
!
interface Loopback25
ip address 150.3.32.254 255.255.240.0
!
interface Loopback30
ip address 170.3.1.254 255.255.255.0
!
interface Loopback31
ip address 190.3.1.254 255.255.255.0
!
interface Loopback32
ip address 190.3.2.254 255.255.255.0
!
interface Loopback33
ip address 190.3.3.254 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
ip address 10.140.3.2 255.255.255.0
!
interface FastEthernet0/1
ip address 192.168.103.254 255.255.255.0
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
!
router ospf 100
log-adjacency-changes
redistribute rip subnets route-map rip_to_ospf
將RIP Redistribute到OSPF並參照Route-map rip_to_ospf
Subnets是將有切割過的子網段也可Redistribute,若沒加,只能Redistribute Classful Subnets
network 10.140.3.2 0.0.0.0 area 0
network 192.168.103.0 0.0.0.255 area 3
!
router rip
version 2
redistribute connected metric 10 route-map loopback_to_rip
將直連的網段Redistribute進RIP並參照Route-map loopback_to_rip
network 10.0.0.0
network 20.0.0.0
network 150.3.0.0
network 170.3.0.0
network 200.3.1.0
no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip prefix-list C seq 5 permit 128.0.0.0/2 ge 23 le 24
利用prefix-list來判斷,只允許Class B並Subnet mask大於23,小於24
access-list 10 permit 20.3.1.0 0.0.254.0
利用ACL來判斷,只允許單數網段(20.3.1.0、20.3.3.0)
!
route-map loopback_to_rip permit 10
match interface Loopback31 Loopback33
建立一條Route-map,名稱為loopback_to_rip,動作為只允許介面loopback31和33
!
route-map rip_to_ospf permit 10
match ip address 10
set metric 1000
set metric-type type-1
set tag 20
建立一條Route-map,名稱為rip_to_ospf
符合ACL 10的IP address將metric=1000、type=E1、tag=20
!
route-map rip_to_ospf permit 20
match ip address prefix-list C
set metric 2000
set metric-type type-2
set tag 150
建立一條Route-map,名稱為rip_to_ospf,接著上面
符合prefix-list C的IP address將metric=2000、type=E2、tag=150
!
control-plane
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
留言列表