路由策略实验-优快云博客

CCNP路由实验之九路由策略

路由器在发布与接收路由信息时，可能需要实施一些策略，以便对路由信息进行过滤，例如只接收或发布满足一定条件的路由信息。一种路由协议可能需要引入其它的路由协议发现的路由信息，路由器在引入其它路由协议的路由信息时，可能只需要引入一部分满足条件的路由信息，并控制所引入的路由信息的某些属性，以使其满足本协议的要求。路由策略就是为了改变网络流量所经过的途径而修改路由信息的技术，主要通过改变路由属性（包括可达性）来实现，路由策略是控制层面的行为，操作的对象是路由条目，匹配的是路由，具体是指目标网段、掩码、下一跳、度量值、Tag、Community、AS-PATH等。实现路由策略的方法有几种：

修改管理距离AD，即是浮动路由。
Offset-list结合访问控制列表可修改偏移量，仅支持路由矢量协议（RIP、EIGRP），用于调整Metric值。需要结合ACL使用
passive-interface 被动接口，对于RIP、IGRP协议只是禁止转发路由信息，但没有禁止接收；EIGRP、OSPF、ISIS是既不接收也不发送路由信息
Distribute-list，分发列表是用于控制路由更新的一个工具，只能过滤路由信息，不能过滤LSA。因此分发列表在距离矢量（RIP、EIGRP）路由协议中使用，无论是in或者是out方向，都能正常的过滤路由。但对于链路状态协议（ospf、isis），，路由器之间传递的消息不再是路由信息了，而是LSA，而分发列表是无法对LSA进行过滤的。需要结合ACL使用
prefix-list，前缀列表过滤抓取路由必须要连续。有点类似ACL，但是Prefix-list不能用于数据包的过滤。它能同时匹配前缀号和前缀长度，解决ACL不能区分相同前缀、不同掩码的路由的问题。可结合Route-map使用
Route-map，叫做路由图或者路由映射表，是对路由进行加工处理的工具

路由策略的作用：

防止路由器选择非最佳路由
防止路由回馈—被重分发的路由又重新分配回来
可以控制那些路由重分配，那些路由不被重新分配
用路由过滤器见啦路由防火墙

实验一、修改管理距离AD

R1配置：

R1#conf t

R1(config-if)#ip add 1.1.1.1 255.255.255.0

R1(config-if)#exit

R1(config)#int e0/0

R1(config-if)#ip add 192.168.12.1255.255.255.0

R1(config-if)#no sh

R1(config-if)#exit

R1(config)#int e0/1

R1(config-if)#ip add 192.168.13.1255.255.255.0

R1(config-if)#no sh

R1(config-if)#exit

R1(config)#router rip

R1(config-router)#no au

R1(config-router)#ver 2

R1(config-router)#net 1.1.1.0

R1(config-router)#net 192.168.12.0

R1(config-router)#net 192.168.13.0

R1(config-router)#exit

R2配置：

R2#conf t

R2(config)#int e0/0

R2(config-if)#ip add 192.168.12.2255.255.255.0

R2(config-if)#no sh

R2(config-if)#exit

R2(config)#int e0/1

R2(config-if)#ip add 192.168.24.2255.255.255.0

R2(config-if)#no sh

R2(config-if)#exit

R2(config)#router rip

R2(config-router)#no au

R2(config-router)#ver 2

R2(config-router)#net 192.168.12.0

R2(config-router)#net 192.168.24.0

R2(config-router)#default-metric 4

R2(config-router)#redistribute ospf 1

R2(config-router)#exit

R2(config)#router rip

R2(config-router)#no net 192.168.24.0

R2(config-router)#exit

R2(config)#router ospf 1

R2(config-router)#net 192.168.24.0255.255.255.0 area 0

R2(config-router)#redistribute rip subnets

R2(config-router)#exit

R3配置：

R3#conf t

R3(config)#int e0/0

R3(config-if)#ip add 192.168.13.2255.255.255.0

R3(config-if)#no sh

R3(config-if)#exit

R3(config)#int e0/1

R3(config-if)#ip add 192.168.34.2255.255.255.0

R3(config-if)#no sh

R3(config-if)#exit

R3(config)#router rip

R3(config-router)#no au

R3(config-router)#ver 2

R3(config-router)#net 192.168.13.0

R3(config-router)#default-metric 4

R3(config-router)#redistribute ospf 1

R3(config-router)#exit

R3(config)#router ospf 1

R3(config-router)#router ospf 1

R3(config-router)#net 192.168.34.0255.255.255.0 area 0

R3(config-router)#redistribute rip subnets

R3(config-router)#exit

R4配置：

R4#conf t

R4(config)#int lo0

R4(config-if)#ip add 4.4.4.4 255.255.255.0

R4(config-if)#exit

R4(config)#int e0/0

R4(config-if)#ip add 192.168.24.4255.255.255.0

R4(config-if)#no sh

R4(config-if)#exit

R4(config)#int e0/1

R4(config-if)#ip add 192.168.34.4255.255.255.0

R4(config-if)#no sh

R4(config-if)#exit

R4(config)#router ospf 1

R4(config-router)#net 192.168.24.0255.255.255.0 area 0

R4(config-router)#net 192.168.34.0255.255.255.0 area 0

R4(config-router)#net 4.4.4.0 255.255.255.0area 0

R4(config-router)#exit

完成以上路由重分布后配置，我们会发现R2和R3的路由表出现次优路由，出现这个情况是因为在多点双向重分发时，从这个方向发出去的路由，会再次传送回来。此时会判断传送回来的路由与自己路由表中相同的路由条目管理距离进行对比，越低就越可靠，并写进路由表。

R2#sh ip rou

Codes: C - connected, S - static, R - RIP,M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, ，IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C 192.168.12.0/24 is directly connected, Ethernet0/0

1.0.0.0/24 is subnetted, 1 subnets

R 1.1.1.0 [120/1] via 192.168.12.1, 00:00:02, Ethernet0/0

O E2 192.168.13.0/24[110/20] via 192.168.24.4, 00:01:25, Ethernet0/1

4.0.0.0/32 is subnetted, 1 subnets

O 4.4.4.4 [110/11] via 192.168.24.4, 00:01:25, Ethernet0/1

C 192.168.24.0/24 is directly connected, Ethernet0/1

192.168.34.0/24 [110/20] via192.168.24.4, 00:01:25, Ethernet0/1

R3#sh ip rou

Codes: C - connected, S - static, R - RIP,M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded staticroute

Gateway of last resort is not set

O E2 192.168.12.0/24[110/20] via 192.168.34.4, 00:03:17, Ethernet0/1

1.0.0.0/24 is subnetted, 1 subnets

O E2 1.1.1.0 [110/20] via 192.168.34.4,00:03:17, Ethernet0/1

C 192.168.13.0/24 is directly connected, Ethernet0/0

4.0.0.0/32 is subnetted, 1 subnets

O 4.4.4.4 [110/11] via 192.168.34.4, 00:03:17, Ethernet0/1

O 192.168.24.0/24 [110/20] via 192.168.34.4, 00:03:17, Ethernet0/1

C 192.168.34.0/24 is directly connected, Ethernet0/1

此时我们使用调整管理距离的方法将OSPF的管理距离调整为大于RIP，来调整路由表选择最优路由：

R2#conf t

R2(config)#router ospf 1

R2(config-router)#distance 170

R3#conf t

R3(config)#router ospf 1

R3(config-router)#distance 170

R2#sh ip rou

Codes: C - connected, S - static, R - RIP,M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C 192.168.12.0/24 is directly connected, Ethernet0/0

1.0.0.0/24 is subnetted, 1 subnets

R 1.1.1.0 [120/1] via 192.168.12.1, 00:00:14, Ethernet0/0

R 192.168.13.0/24 [120/1] via 192.168.12.1, 00:00:14, Ethernet0/0

4.0.0.0/32 is subnetted, 1 subnets

O 4.4.4.4 [170/11] via 192.168.24.4, 00:00:25, Ethernet0/1

C 192.168.24.0/24 is directly connected, Ethernet0/1

O 192.168.34.0/24 [170/20] via 192.168.24.4, 00:00:25, Ethernet0/1

R3#sh ip rou

Codes: C - connected, S - static, R - RIP,M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

R 192.168.12.0/24 [120/1] via 192.168.13.1, 00:00:02, Ethernet0/0

1.0.0.0/24 is subnetted, 1 subnets

R 1.1.1.0 [120/1] via 192.168.13.1, 00:00:02, Ethernet0/0

C 192.168.13.0/24 is directly connected, Ethernet0/0

4.0.0.0/32 is subnetted, 1 subnets

O 4.4.4.4 [170/11] via 192.168.34.4, 00:00:23, Ethernet0/1

O 192.168.24.0/24 [170/20] via 192.168.34.4, 00:00:23, Ethernet0/1

C 192.168.34.0/24 is directly connected, Ethernet0/1

实验二、Offset-list控制路由选路

R1配置：

R1#conf t

R1(config)#intlo0

R1(config-if)#ipadd 1.1.1.1 255.255.255.0

R1(config-if)#exit

R1(config)#inte1/0

R1(config-if)#ipadd 192.168.11.1 255.255.255.0

R1(config-if)#nosh

R1(config-if)#exit

R1(config)#ints0/0

R1(config-if)#clockrate 64000

R1(config-if)#ipadd 192.168.10.1 255.255.255.0

R1(config-if)#nosh

R1(config-if)#exit

R1(config)#routereigrp 1

R1(config-router)#noauto-summary

R1(config-router)#net192.168.10.0

R1(config-router)#net192.168.11.0

R1(config-router)#net1.1.1.0

R1(config-router)#exit

R1(config)#iproute 0.0.0.0 0.0.0.0 21.21.21.21 130

R1(config)#iproute 0.0.0.0 0.0.0.0 22.22.22.22 140

R2配置：

R2#conf t

R2(config)#ints0/0

R2(config-if)#clockrate 64000

R2(config-if)#ipadd 192.168.10.2 255.255.255.0

R2(config-if)#nosh

R2(config-if)#exit

R2(config)#inte1/0

R2(config-if)#ipadd 192.168.11.2 255.255.255.0

R2(config-if)#nosh

R2(config-if)#exit

R2(config)#inte1/1

R2(config-if)#ipadd 192.168.23.2 255.255.255.0

R2(config-if)#nosh

R2(config-if)#exit

R2(config)#intlo0

R2(config-if)#ipadd 2.2.2.2 255.255.255.0

R2(config-if)#exit

R2(config)#intlo1

R2(config-if)#ipadd 21.21.21.21 255.255.255.0

R2(config-if)#exit

R2(config)#intlo2

R2(config-if)#ipadd 22.22.22.22 255.255.255.0

R2(config-if)#exit

R2(config)#intlo3

R2(config-if)#ipadd 23.23.23.23 255.255.255.0

R2(config-if)#exit

R2(config)#routereigrp 1

R2(config-router)#noauto-summary

R2(config-router)#net192.168.10.0

R2(config-router)#net2.2.2.0

R2(config-router)#net21.21.21.0

R2(config-router)#net22.22.22.0

R2(config-router)#exit

R2(config)#routerrip

R2(config-router)#noauto-summary

R2(config-router)#ver2

R2(config-router)#net23.23.23.0

R2(config-router)#net192.168.23.0

R2(config-router)#redistributeeigrp 1 metric 4

R2(config-router)#exit

R3配置：

R3#conf t

R3(config)#inte0/0

R3(config-if)#ipadd 192.168.23.3 255.255.255.0

R3(config-if)#nosh

R3(config-if)#exit

R3(config)#intlo0

R3(config-if)#ipadd 3.3.3.3 255.255.255.0

R3(config-if)#exit

R3(config)#routerrip

R3(config-router)#noauto-summary

R3(config-router)#ver2

R3(config-router)#net192.168.23.0

R3(config-router)#net3.3.3.0

R3(config-router)#exit

然后查看R1和R3的路由表：

R1#sh iprou

Codes: C- connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF,IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 -OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPFexternal type 2

i - IS-IS, su - IS-IS summary, L1 -IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidatedefault, U - per-user static route

o - ODR, P - periodic downloaded staticroute

Gatewayof last resort is not set

2.0.0.0/24 is subnetted, 1 subnets

D 2.2.2.0 [90/409600] via 192.168.11.2,00:20:09, Ethernet1/0

21.0.0.0/24 is subnetted, 1 subnets

D 21.21.21.0 [90/409600] via 192.168.11.2,00:19:50, Ethernet1/0

C 192.168.10.0/24 is directly connected,Serial0/0

C 192.168.11.0/24 is directly connected,Ethernet1/0

22.0.0.0/24 is subnetted, 1 subnets

D 22.22.22.0 [90/409600] via 192.168.11.2,00:19:43, Ethernet1/0

S* 0.0.0.0/0 [130/0] via 21.21.21.21

R3#sh iprou

Codes: C- connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O -OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 -OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPFexternal type 2

i - IS-IS, su - IS-IS summary, L1 -IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidatedefault, U - per-user static route

o - ODR, P - periodic downloaded staticroute

Gatewayof last resort is not set

1.0.0.0/24 is subnetted, 1 subnets

R 1.1.1.0 [120/4] via 192.168.23.2,00:00:08, Ethernet0/0

2.0.0.0/24 is subnetted, 1 subnets

R 2.2.2.0 [120/4] via 192.168.23.2,00:00:08, Ethernet0/0

3.0.0.0/24 is subnetted, 1 subnets

C 3.3.3.0 is directly connected, Loopback0

21.0.0.0/24 is subnetted, 1 subnets

R 21.21.21.0 [120/4] via 192.168.23.2,00:00:08, Ethernet0/0

R 192.168.10.0/24 [120/4] via 192.168.23.2,00:00:08, Ethernet0/0

23.0.0.0/24 is subnetted, 1 subnets

R 23.23.23.0 [120/1] via 192.168.23.2,00:00:09, Ethernet0/0

R 192.168.11.0/24 [120/4] via 192.168.23.2,00:00:09, Ethernet0/0

22.0.0.0/24 is subnetted, 1 subnets

R 22.22.22.0 [120/4] via 192.168.23.2,00:00:11, Ethernet0/0

C 192.168.23.0/24 is directly connected,Ethernet0/0

进行如下修改：

R1#conf t

R1(config)#access-list1 permit 21.21.21.0 0.0.0.255 //用访问控制列表标记流量

R1(config)#access-list1 permit 22.22.22.0 0.0.0.255

R1(config)#access-list1 deny any

R1(config)#access-list2 permit 1.1.1.0 0.0.0.255

R1(config)#access-list2 deny any

R1(config)#routereigrp 1

R1(config-router)#offset-list1 in 1888256 e1/0 //设置更新的路由metric添加1888256

R1(config-router)#offset-list2 out 1888256 e1/0 //设置通告出去的路由metric添加1888256

R2#conf t

R2(config)#access-list1 permit any //标记任何网络

R2(config-if)#routerrip

R2(config-router)#offset-list1 out 4 //任何网络通告出处都增加4跳

再次查看R1和R2变化，竟然实现了负载均衡

R1#sh iprou

Codes: C- connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O -OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 -OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPFexternal type 2

i - IS-IS, su - IS-IS summary, L1 -IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidatedefault, U - per-user static route

o - ODR, P - periodic downloaded staticroute

Gatewayof last resort is 21.21.21.21 to network 0.0.0.0

1.0.0.0/24 is subnetted, 1 subnets

C 1.1.1.0 is directly connected, Loopback0

2.0.0.0/24 is subnetted, 1 subnets

D 2.2.2.0 [90/409600] via 192.168.11.2,00:19:11, Ethernet1/0

21.0.0.0/24 is subnetted, 1 subnets

D 21.21.21.0[90/2297856] via 192.168.11.2, 00:19:11, Ethernet1/0

[90/2297856] via 192.168.10.2, 00:19:11, Serial0/0

C 192.168.10.0/24 is directly connected,Serial0/0

C 192.168.11.0/24 is directly connected,Ethernet1/0

22.0.0.0/24 is subnetted, 1 subnets

D 22.22.22.0[90/2297856] via 192.168.11.2, 00:19:13, Ethernet1/0

[90/2297856] via 192.168.10.2, 00:19:13, Serial0/0

S* 0.0.0.0/0 [130/0] via 21.21.21.21

R3#sh iprou

Codes: C- connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O -OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 -OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPFexternal type 2

i - IS-IS, su - IS-IS summary, L1 -IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidatedefault, U - per-user static route

o - ODR, P - periodic downloaded staticroute

Gatewayof last resort is not set

3.0.0.0/24 is subnetted, 1 subnets

C 3.3.3.0 is directly connected, Loopback0

23.0.0.0/24 is subnetted, 1 subnets

R 23.23.23.0 [120/1] via 192.168.23.2,00:00:49, Ethernet0/0

C 192.168.23.0/24 is directly connected,Ethernet0/0

R3#sh iprou

Codes: C- connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O -OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 -OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPFexternal type 2

i - IS-IS, su - IS-IS summary, L1 -IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidatedefault, U - per-user static route

o - ODR, P - periodic downloaded staticroute

Gatewayof last resort is not set

1.0.0.0/24 is subnetted, 1 subnets

R 1.1.1.0 [120/8] via 192.168.23.2,00:00:08, Ethernet0/0

2.0.0.0/24 is subnetted, 1 subnets

R 2.2.2.0 [120/8] via 192.168.23.2,00:00:08, Ethernet0/0

3.0.0.0/24 is subnetted, 1 subnets

C 3.3.3.0 is directly connected, Loopback0

21.0.0.0/24 is subnetted, 1 subnets

R 21.21.21.0 [120/8] via 192.168.23.2,00:00:08, Ethernet0/0

R 192.168.10.0/24 [120/8] via 192.168.23.2,00:00:08, Ethernet0/0

23.0.0.0/24 is subnetted, 1 subnets

R 23.23.23.0 [120/5] via 192.168.23.2,00:00:09, Ethernet0/0

R 192.168.11.0/24 [120/8] via 192.168.23.2,00:00:09, Ethernet0/0

22.0.0.0/24 is subnetted, 1 subnets

R 22.22.22.0 [120/8] via 192.168.23.2,00:00:11, Ethernet0/0

C 192.168.23.0/24 is directly connected,Ethernet0/0

offset指的是偏移量，偏移量就是说相对的差。偏移量列表可以用来改变路由的度量值，已达到某些目的（如做备份链路或者负载均衡）。注意：

如果不指定接口，则对于该路由出站或入站时所有接口都会应用偏移量列表。
如果不指定访问列表（用访问列表0），则所有路由条目都会被修改。
在RIP中offset为跳数，在别的路由选择协议就是相对应的metric值了。
当一个offset-list引起吓一跳路由器通告的度量值比它正在通告的路由更新的度量值更高时，直到holddown timer 超时才会接受，之前会被标记为不可达。
注意在应用访问列表时的规则，不要出现路由漏洞。

实验三、passive-interface

R1配置：

R1#conf t

R1(config)#intlo0

R1(config-if)#ipadd 1.1.1.1 255.255.255.0

R1(config-if)#exit

R1(config)#inte0/0

R1(config-if)#ipadd 192.168.12.1 255.255.255.0

R1(config-if)#nosh

R1(config-if)#exit

R1(config)#routerrip

R1(config-router)#noau

R1(config-router)#ver2

R1(config-router)#net1.1.1.0

R1(config-router)#net192.168.12.0

R1(config-router)#exit

R2配置：

R2#conf t

R2(config)#intlo0

R2(config-if)#ipadd 2.2.2.2 255.255.255.0

R2(config-if)#nosh

R2(config-if)#exit

R2(config)#intl1

R2(config-if)#ipadd 22.22.22.22 255.255.255.0

R2(config-if)#exit

R2(config)#inte0/0

R2(config-if)#ipadd 192.168.12.2 255.255.255.0

R2(config-if)#nosh

R2(config-if)#exit

R2(config)#inte0/1

R2(config-if)#ipadd 192.168.23.2 255.255.255.0

R2(config-if)#nosh

R2(config-if)#exit

R2(config)#routerrip

R2(config-router)#noau

R2(config-router)#ver2

R2(config-router)#net2.2.2.0

R2(config-router)#net192.168.12.0

R2(config-router)#exit

R2(config)#routerospf 1

R2(config-router)#net192.168.23.0 255.255.255.0 area 0

R2(config-router)#net22.22.22.0 255.255.255.0 area 0

R2(config-router)#exit

R3配置：

R3#conf t

R3(config)#intlo0

R3(config-if)#ipadd 3.3.3.3 255.255.255.0

R3(config-if)#exit

R3(config)#inte0/0

R3(config-if)#ipadd 192.168.23.3 255.255.255.0

R3(config-if)#nosh

R3(config-if)#exit

R3(config)#routerospf 1

R3(config-router)#net3.3.3.0 255.255.255.0 area 0

R3(config-router)#net192.168.23.0 255.255.255.0 area 0

R3(config-router)#exit

查看R1与R3的路由表：

R1#sh iprou

Codes: C- connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O -OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 -OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPFexternal type 2

i - IS-IS, su - IS-IS summary, L1 -IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidatedefault, U - per-user static route

o - ODR, P - periodic downloaded staticroute

Gatewayof last resort is not set

C 192.168.12.0/24 is directly connected,Ethernet0/0

1.0.0.0/24 is subnetted, 1 subnets

C 1.1.1.0 is directly connected, Loopback0

2.0.0.0/24 is subnetted, 1 subnets

R 2.2.2.0 [120/1] via 192.168.12.2, 00:00:06, Ethernet0/0

R2#sh ip rou

Codes: C - connected, S - static, R - RIP, M- mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C 192.168.12.0/24is directly connected, Ethernet0/0

1.0.0.0/24 is subnetted, 1 subnets

R 1.1.1.0 [120/1] via 192.168.12.1, 00:00:03, Ethernet0/0

2.0.0.0/24 is subnetted, 1 subnets

C 2.2.2.0 is directly connected, Loopback0

3.0.0.0/32 is subnetted, 1 subnets

O 3.3.3.3 [110/11] via 192.168.23.3, 00:00:03, Ethernet0/1

22.0.0.0/24 is subnetted, 1 subnets

C 22.22.22.0 is directly connected, Loopback1

C 192.168.23.0/24 is directly connected, Ethernet0/1

R3#sh ip rou

Codes: C - connected, S - static, R - RIP, M- mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

3.0.0.0/24is subnetted, 1 subnets

C 3.3.3.0 is directly connected, Loopback0

22.0.0.0/32 is subnetted, 1 subnets

O 22.22.22.22 [110/11] via 192.168.23.2, 00:05:04, Ethernet0/0

C 192.168.23.0/24 is directly connected, Ethernet0/0

下面进行如下修改：

R1#conf t

R1(config)#router rip

R1(config-router)#passive-interface e0/0

R3#conf t

R3(config)#router ospf 1

R3(config-router)#passive-interface e0/0

再次查看路由表：

R1#sh ip rou //R1不变

Codes: C - connected, S - static, R - RIP, M- mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF,IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C 192.168.12.0/24 is directly connected, Ethernet0/0

1.0.0.0/24 is subnetted, 1 subnets

C 1.1.1.0 is directly connected, Loopback0

2.0.0.0/24 is subnetted, 1 subnets

R 2.2.2.0 [120/1] via 192.168.12.2, 00:00:02, Ethernet0/0

R2#sh ip rou //所有动态路由学习不到

Codes: C - connected, S - static, R - RIP, M- mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C 192.168.12.0/24 is directly connected, Ethernet0/0

2.0.0.0/24 is subnetted, 1 subnets

C 2.2.2.0 is directly connected, Loopback0

22.0.0.0/24 is subnetted, 1 subnets

C 22.22.22.0 is directly connected, Loopback1

C 192.168.23.0/24 is directly connected, Ethernet0/1

R3#sh ip //所有ospf动态路由学习不到

*Mar 100:21:39.267: %SYS-5-CONFIG_I: Configured from console by console

R3#sh ip rou

Codes: C - connected, S - static, R - RIP, M- mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route、

Gateway of last resort is not set

3.0.0.0/24 is subnetted, 1 subnets

C 3.3.3.0 is directly connected, Loopback0

C 192.168.23.0/24 is directly connected, Ethernet0/0

由以上分析可知：

在RIP和IGRP这一种路由协议的特点是不会与对方router建立关系.由于passive-interface指令的关系，路由器是每隔一段时间就会发生只听不送的状况,即update会送不出去。
在OSPF和EIGRP、ISIS之类的路由协议的特点是会与对方router建立关系,也就是说router之间会建邻居关系,所以一旦用了passive -interface之后,你就断开了router之间的关系.因此所有的update送不出去,也收不进来.

实验四、Distribute-list分发列表

R1配置：

R1#conf t

R1(config)#intlo0

R1(config-if)#ipadd 1.1.1.1 255.255.255.0

R1(config-if)#exit

R1(config)#inte0/0

R1(config-if)#ipadd 192.168.12.1 255.255.255.0

R1(config-if)#nosh

R1(config-if)#exit

R1(config)#routerrip

R1(config-router)#noau

R1(config-router)#noauto-summary

R1(config-router)#ver

R1(config-router)#version2

R1(config-router)#net1.1.1.0

R1(config-router)#net192.168.12.0

R1(config-router)#exit

R2配置：

R2#conf t

R2(config)#intlo0

R2(config-if)#ipadd 2.2.2.2 255.255.255.0

R2(config-if)#exit

R2(config)#inte0/0

R2(config-if)#ipadd 192.168.12.2 255.255.255.0

R2(config-if)#nosh

R2(config-if)#exit

R2(config)#inte0/1

R2(config-if)#ipadd 192.168.23.2 255.255.255.0

R2(config-if)#nosh

R2(config-if)#exit

R2(config)#routerrip

R2(config-router)#noau

R2(config-router)#ver2

R2(config-router)#net192.168.12.0

R2(config-router)#net192.168.23.0

R2(config-router)#net2.2.2.0

R3配置：

R3#conf t

R3(config)#intlo0

R3(config-if)#ipadd 3.3.3.3 255.255.255.0

R3(config-if)#exit

R3(config)#intlo1

R3(config-if)#ipadd 33.33.33.33 255.255.255.0

R3(config-if)#exit

R3(config)#inte0/0

R3(config-if)#ipadd 192.168.23.3 255.255.255.0

R3(config-if)#nosh

R3(config-if)#exit

R3(config)#inte0/1

R3(config-if)#ipadd 192.168.34.3 255.255.255.0

R3(config-if)#nosh

R3(config-if)#exit

R3(config)#routerrip

R3(config-router)#noau

R3(config-router)#ver2

R3(config-router)#net3.3.3.0

R3(config-router)#net192.168.23.0

R3(config-router)#exit

R3(config)#routerospf 1

R3(config-router)#net33.33.33.0 255.255.255.0 area 0

R3(config-router)#net192.168.34.0 255.255.255.0 area 0

R4配置：

R4#conf t

R4(config)#intlo0

R4(config-if)#ipadd 4.4.4.4 255.255.255.0

R4(config-if)#exit

R4(config)#inte0/1

R4(config-if)#ipadd 192.168.34.4 255.255.255.0

R4(config-if)#nosh

R4(config-if)#exit

R4(config)#inte0/0

R4(config-if)#ipadd 192.168.45.4 255.255.255.0

R4(config-if)#nosh

R4(config-if)#exit

R4(config)#routerospf 1

R4(config-router)#net192.168.34.0 255.255.255.0 area 0

R4(config-router)#net192.168.45.0 255.255.255.0 area 0

R4(config-router)#net4.4.4.0 255.255.255.0 area 0

R5配置：

R5#conf t

R5(config)#intlo0

R5(config-if)#ipadd 5.5.5.5 255.255.255.0

R5(config-if)#exit

R5(config)#inte0/0

R5(config-if)#ipadd 192.168.45.5 255.255.255.0

R5(config-if)#nosh

R5(config-if)#exit

R5(config)#routerospf 1

R5(config-router)#net5.5.5.0 255.255.255.0 area 0

R5(config-router)#net192.16.45.0 255.255.255.0 area 0

第一要求R3不能学习到R2的2.2.2.0，网段配置如下

R2#conf t

R2(config)#access-list1 deny 2.2.2.0 0.0.0.255 //设置ACL不允许2.2.2.0网段

R2(config)#access-list1 permit any//在ACL上允许其他网段

R2(config)#routerrip

R2(config-router)#distribute-list1 out e0/1//将ACL应用到RIP接口e0/1的out方向

或者在R3上进行如下配置，达到相同的效果

R3#conf t

R3(config)#access-list1 deny 2.2.2.0 0.0.0.255 //设置ACL不允许2.2.2.0网段

R3(config)#access-list1 permit any//在ACL上允许其他网段

R3(config)#routerrip

R3(config-router)#distribute-list1 in e0/0//将ACL应用到RIP接口e/0的in方向

R3(config-router)#doclear ip rou *//清除路由列表，闭关重新生成

第二要求R4不能学习R3的33.33.33.0网段，但是R5可以学习。R3不能学习到R4的4.4.4.0网段。配置如下：

R4#conf t

R4(config)#access-list1 deny 33.33.33.0 0.0.0.255

R4(config)#access-list1 permit any

R4(config)#routerospf 1

R4(config-router)#distribute-list1 in e0/1

R4(config-router)#doclear ip rou *

R3#conf t

R3(config)#access-list1 deny 4.4.4.0 0.0.0.255

R3(config)#access-list1 permit any

R3(config)#routerospf 1

R3(config-router)#distribute-list1 in e0/1

R3(config-router)#doclear ip rou *

第三要求双向重发布时，不能将1.1.1.0和5.5.5.0注入

R3#conf t

R3(config)#access-list2 deny 1.1.1.0 0.0.0.255

R3(config)#access-list2 permit any

R3(config)#access-list3 deny 5.5.5.0 0.0.0.255

R3(config)#access-list3 permit any

R3(config)#routerospf 1

R3(config-router)#redistributerip subnets

R3(config-router)#distribute-list2 out rip

R3(config-router)#exit

R3(config)#routerrip

R3(config-router)#redistributeospf 1 metric 2

R3(config-router)#distribute-list3 out ospf 1

对于距离矢量路由协议路由器之间，传递的是路由信息，分发列表对路由信息是有绝对的控制权的。因此如果是in方向，那么通过部署分发列表，可以过滤特定的路由，使得执行分发列表的本地路由路由表发生变化，同时，本地路由器在更新路由信息给下游路由器的时候，实际上更新的内容是受分发列表影响之后的条目。同时在out方向也是没有问题的。

在链路状态协议中部署分发列表，只能用in方向，分发列表只能在本地收到LSA后，生成路由的那一刹那进行路由的过滤，执行分发列表的路由器的路由表会被分发列表影响，但是该路由器仍会将LSADB中的LSA发送给邻居，因此只对本地路由过滤，邻居不受影响。