IP-Prefix(ip前缀列表)应用实验举例

极光碎云闪(接计科毕设)

已于 2024-06-02 15:36:49 修改

阅读量2.2k

点赞数 22

CC 4.0 BY-SA版权

分类专栏：华为设备基础配置文章标签： tcp/ip 智能路由器网络

于 2024-05-30 16:19:09 首次发布

本文链接：https://blog.youkuaiyun.com/weixin_56548356/article/details/139327476

华为设备基础配置专栏收录该内容

14 篇文章

订阅专栏

IP-Prefix(ip前缀列表)实验举例

ip-prefix实验

前言

IP-Prefix Lis地址前缀列表，能够同时匹配IP前缀以及掩码长度，更加精确的匹配到路由，而ACL不可以

不能用于IP报文过滤，只可用于路由信息过滤

实验背景

在这里插入图片描述

实验要求

(1)先根据拓扑配置所有设置的IP地址
(2)利用RIP协议来实现PC1、AR2、AR1和AR4的互通
(3)再配置AR3路由器的RIP协议，使其与AR1、AR2和AR4互通
(4)在这种情况下，在AR4去Ping主机PC1，观察结果，是否能够Ping通？为什么？(ping不通因为rip协议的最长前缀匹配规则不懂自己搜 rip已经淘汰很多年! 这里不做赘述)
(5)在AR1的配置路由策略（利用ACL来抓取路由），使得AR1不接收11.1.1.0/25的路由信息
(6)观察AR3的路由表，查看到达11.1.1.0/24的路由，再次在AR4上去Ping主机PC1
(7)定义前缀地址列表，完成(6)的内容

实验开始

第一步给所有设备配置IP地址

[Huawei]sy R4
[R4]int g0/0/0
[R4-GigabitEthernet0/0/0]ip ad 40.1.1.4 24
May 29 2024 22:15:33-08:00 R4 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface GigabitEthernet0/0/0 has entered the UP state. 
[R4-GigabitEthernet0/0/0]

<Huawei>sy
Enter system view, return user view with Ctrl+Z.
[Huawei]sy R1
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip ad 40.1.1.1 24
May 29 2024 22:16:34-08:00 R1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface GigabitEthernet0/0/0 has entered the UP state. 
[R1-GigabitEthernet0/0/0]int g0/0/1
[R1-GigabitEthernet0/0/1]ip ad 20.1.1.1 24
May 29 2024 22:16:43-08:00 R1 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP 
on the interface GigabitEthernet0/0/1 has entered the UP state. 
[R1-GigabitEthernet0/0/1]int g0/0/2
[R1-GigabitEthernet0/0/2]ip ad 30.1.1.1 24
[R1-GigabitEthernet0/0/2]
May 29 2024 22:16:54-08:00 R1 %%01IFNET/4/LINK_STATE(l)[2]:The line protocol IP 
on the interface GigabitEthernet0/0/2 has entered the UP state. 
[R1-GigabitEthernet0/0/2]

<Huawei>sy
Enter system view, return user view with Ctrl+Z.
[Huawei]sy R3
[R3]int g0/0/2
[R3-GigabitEthernet0/0/2]ip ad 30.1.1.3 24
May 29 2024 22:17:31-08:00 R3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface GigabitEthernet0/0/2 has entered the UP state. 
[R3-GigabitEthernet0/0/2]int g0/0/0
[R3-GigabitEthernet0/0/0]ip ad 11.1.1.11 25
May 29 2024 22:17:46-08:00 R3 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP 
on the interface GigabitEthernet0/0/0 has entered the UP state. 
[R3-GigabitEthernet0/0/0]

<Huawei>sy
Enter system view, return user view with Ctrl+Z.
[Huawei]sy R2
[R2]int g0/0/1
[R2-GigabitEthernet0/0/1]ip ad 20.1.1.2 24
[R2-GigabitEthernet0/0/1]
May 29 2024 22:18:46-08:00 R2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface GigabitEthernet0/0/1 has entered the UP state. 
[R2-GigabitEthernet0/0/1]int g0/0/0
[R2-GigabitEthernet0/0/0]ip ad 11.1.1.2 24
May 29 2024 22:18:58-08:00 R2 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP 
on the interface GigabitEthernet0/0/0 has entered the UP state. 
[R2-GigabitEthernet0/0/0]

第二步配置rip

<R1>sy
Enter system view, return user view with Ctrl+Z.
[R1]rip 1
[R1-rip-1]version 2
[R1-rip-1]net 40.0.0.0
[R1-rip-1]net 20.0.0.0
[R1-rip-1]net 30.0.0.0

<R2>sy
Enter system view, return user view with Ctrl+Z.
[R2]rip 1
[R2-rip-1]ver 2
[R2-rip-1]net 11.0.0.0
[R2-rip-1]net 20.0.0.0

<R3>sy
Enter system view, return user view with Ctrl+Z.
[R3]rip 1
[R3-rip-1]ver 2
[R3-rip-1]net 30.0.0.0
[R3-rip-1]net 11.0.0.0

<R4>sy
Enter system view, return user view with Ctrl+Z.
[R4]rip 1
[R4-rip-1]ver 2
[R4-rip-1]net 40.0.0.0

配置完所有路由器的rip过后你会发现R4ping不通pc

分析问题是因为R1的rip学习了11.1.1.0/25

根据题目要求我们只需要ping通pc1即可

所以接下来我们阻止R1的rip学习11.1.1.0/25

由于acl的特性他不匹配掩码这里用到ip-prefix

因为地址前缀列表采用默认拒绝的匹配原则，所以在创建了一个或多个deny模式的表项后，需要创建一个permit 0.0.0.0 0 less-equal 32表项，允许所有其他IPv4路由通过。

第三步在R1上利用ip-prefix过滤11.1.1.0/25

[R1]ip ip-prefix ww index 10 deny 11.1.1.0 25 less-equal 25
[R1]ip ip-prefix ww index 20 permit 0.0.0.0 0 less-equal 32
[R1]rip 1
[R1-rip-1]filter-policy ip-prefix ww import

此时查看R1路由表

会发现只有11.1.1.0/24的路由 25的被过滤掉了

在这里插入图片描述

我们测试实验结果(按照题目要求试验成功)

在这里插入图片描述

想要ping通pc2的话在R1写条静态指过去即可

所有设备配置

[R1]dis cu
[V200R003C00]
#
 sysname R1
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
 drop illegal-mac alarm
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 40.1.1.1 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 20.1.1.1 255.255.255.0 
#
interface GigabitEthernet0/0/2
 ip address 30.1.1.1 255.255.255.0 
#
interface NULL0
#
rip 1
 version 2
 network 40.0.0.0
 network 20.0.0.0
 network 30.0.0.0
 filter-policy ip-prefix ww import
#
ip ip-prefix ww index 10 deny 11.1.1.0 25 greater-equal 25 less-equal 25
ip ip-prefix ww index 20 permit 0.0.0.0 0 less-equal 32
#
ip route-static 11.1.1.0 255.255.255.128 30.1.1.3
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

<R2>dis cu
[V200R003C00]
#
 sysname R2
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
 drop illegal-mac alarm
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 11.1.1.2 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 20.1.1.2 255.255.255.0 
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
rip 1
 version 2
 network 11.0.0.0
 network 20.0.0.0
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

<R3>dis cu
[V200R003C00]
#
 sysname R3
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
 drop illegal-mac alarm
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 11.1.1.11 255.255.255.128 
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
 ip address 30.1.1.3 255.255.255.0 
#
interface NULL0
#
rip 1
 version 2
 network 30.0.0.0
 network 11.0.0.0
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

<R4>dis cu
[V200R003C00]
#
 sysname R4
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
 drop illegal-mac alarm
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 40.1.1.4 255.255.255.0 
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
rip 1
 version 2
 network 40.0.0.0
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return