Справочник по настройке сетевого оборудования Cisco, Меньшуткин Александр

Справочник по настройке сетевого оборудования Cisco

на обложку

Меньшуткин Александр

Шрифт:

D 10.3.3.3/32 [90/409600] via 10.0.34.3, 00:21:29, FastEthernet0/0

D 10.1.1.1/32 [90/435200] via 10.0.34.3, 00:21:22, FastEthernet0/0

[90/435200] via 10.0.24.2, 00:21:22, FastEthernet0/1

D 10.0.100.1/32 [90/435200] via 10.0.24.2, 00:00:32, FastEthernet0/1

EIGRP фильтрация с расширенным листом доступа (Filtering with Extended ACL)

Схема аналогична.

Для начало смотрим как приходят

данные сети:

r4#show ip route eigrp

10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks

D 10.0.10.1/32 [90/435200] via 10.0.34.3, 00:00:30, FastEthernet0/0

[90/435200] via 10.0.24.2, 00:00:30, FastEthernet0/1

D 10.0.12.0/24 [90/307200] via 10.0.24.2, 00:24:23, FastEthernet0/1

D 10.0.13.0/24 [90/307200] via 10.0.34.3, 00:24:23, FastEthernet0/0

D 10.2.2.2/32 [90/409600] via 10.0.24.2, 00:24:23, FastEthernet0/1

D 10.3.3.3/32 [90/409600] via 10.0.34.3, 00:24:30, FastEthernet0/0

D 10.1.1.1/32 [90/435200] via 10.0.34.3, 00:24:23, FastEthernet0/0

[90/435200] via 10.0.24.2, 00:24:23, FastEthernet0/1

D 10.0.100.1/32 [90/435200] via 10.0.34.3, 00:00:30, FastEthernet0/0

[90/435200] via 10.0.24.2, 00:00:30, FastEthernet0/1

Создаем и применяем расширенный лист доступа.

r4(config)#access-list 100 deny ip host 10.0.10.1 host 10.4.4.4

r4(config)#access-list 100 deny ip host 10.0.100.1 host 10.4.4.4

r4(config)#access-list 100 permit ip any any

r4(config)#router eigrp 1

r4(config-router)#distribute-list 100 in FastEthernet 0/0

И получаем нужный нам результат.

r4#show ip route eigrp

10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks

D 10.0.10.1/32 [90/435200] via 10.0.24.2, 00:01:17, FastEthernet0/1

D 10.0.12.0/24 [90/307200] via 10.0.24.2, 00:01:17, FastEthernet0/1

D 10.0.13.0/24 [90/332800] via 10.0.24.2, 00:01:17, FastEthernet0/1

D 10.2.2.2/32 [90/409600] via 10.0.24.2, 00:04:09, FastEthernet0/1

D 10.3.3.3/32 [90/460800] via 10.0.24.2, 00:01:17, FastEthernet0/1

D 10.1.1.1/32 [90/435200] via 10.0.24.2, 00:01:17, FastEthernet0/1

D 10.0.100.1/32 [90/435200] via 10.0.24.2, 00:01:17, FastEthernet0/1

EIGRP

фильтрация

префикс

листом

(Filtering with Prefix-List)

В данном примере, мы запрещаем распространение адреса 10.4.4.4 и не пускаем на маршрутизатор r4 адрес 10.1.1.1.

r4(config)#ip prefix-list r4_out seq 5 deny 10.4.4.4/32

r4(config)#ip prefix-list r4_out seq 10 permit 0.0.0.0/0 le 32

r4(config)# ip prefix-list r4_in seq 5 deny 10.1.1.1/32

r4(config)# ip prefix-list r4_in seq 10 permit 0.0.0.0/0 le 32

r4(config)#router eigrp 1

r4(config-router)#distribute-list prefix r4_out out

r4(config-router)#distribute-list prefix r4_in in

результате проверки, мы видим, что на маршрутизаторах r1 и r2 нет адреса 10.4.4.4, а адрес 10.1.1.1 присутствует на маршрутизаторе r2, а на r4 его нет.

r1#show ip route eigrp

10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks

D 10.2.2.2/32 [90/409600] via 10.0.12.2, 01:16:56, FastEthernet0/0

D 10.3.3.3/32 [90/409600] via 10.0.13.3, 01:15:17, FastEthernet0/1

D 10.0.24.0/24 [90/307200] via 10.0.12.2, 00:43:44, FastEthernet0/0

D 10.0.34.0/24 [90/307200] via 10.0.13.3, 00:43:44, FastEthernet0/1

r2#show ip route eigrp

10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks

D 10.0.10.1/32 [90/409600] via 10.0.12.1, 00:46:20, FastEthernet0/0

D 10.0.13.0/24 [90/307200] via 10.0.12.1, 00:26:53, FastEthernet0/0

D 10.3.3.3/32 [90/435200] via 10.0.24.4, 00:26:53, FastEthernet0/1

[90/435200] via 10.0.12.1, 00:26:53, FastEthernet0/0

D 10.1.1.1/32 [90/409600] via 10.0.12.1, 01:18:16, FastEthernet0/0

D 10.0.34.0/24 [90/307200] via 10.0.24.4, 00:48:05, FastEthernet0/1

D 10.0.100.1/32 [90/409600] via 10.0.12.1, 00:46:14, FastEthernet0/0

r4#show ip route eigrp

10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks

D 10.0.10.1/32 [90/435200] via 10.0.34.3, 00:30:33, FastEthernet0/0

[90/435200] via 10.0.24.2, 00:30:33, FastEthernet0/1

D 10.0.12.0/24 [90/307200] via 10.0.24.2, 00:30:33, FastEthernet0/1

D 10.0.13.0/24 [90/307200] via 10.0.34.3, 00:30:33, FastEthernet0/0

D 10.2.2.2/32 [90/409600] via 10.0.24.2, 00:51:45, FastEthernet0/1

D 10.3.3.3/32 [90/409600] via 10.0.34.3, 00:30:33, FastEthernet0/0

D 10.0.100.1/32 [90/435200] via 10.0.34.3, 00:30:33, FastEthernet0/0

[90/435200] via 10.0.24.2, 00:30:33, FastEthernet0/1

EIGRP

фильтрация

картой

маршрутов

(Filtering with Route-Map)

В данном примере мы перераспределяем в EIGRP два адреса, которым присваиваем им соответствующие метки, в дальнейшем по меткам их можно будет перераспределять.

r1(config)#route-map conn_eigrp permit 10

r1(config-route-map)#match interface loopback10

r1(config-route-map)#set tag 10

r1(config-route-map)#route-map conn_eigrp permit 20

r1(config-route-map)#match interface loopback100