如图所示,在SW1上引入8条直连路由到OSPF1中,SW2和SW3上分别配置ACL分别匹配并引入奇偶路由到OSPF2中,在SW4上查看引入的路由。
1、SW2上添加如下ACL,通过路由策略将目的IP中第32位为奇数,且掩码长度为32的路由引入
SW2:
acl advanced 3000
rule 0 permit ip source 0.0.0.1 255.255.255.254 destination 255.255.255.255 0
route-policy 1 permit node 10
if-match ip address acl 3000
ospf 2
import-route ospf 1 route-policy 1
[SW4]dis ip routing-table
Destinations : 22 Routes : 22
Destination/Mask Proto Pre Cost NextHop Interface
192.168.1.1/32 O_ASE2 150 1 30.1.1.1 GE1/0/2
192.168.1.3/32 O_ASE2 150 1 30.1.1.1 GE1/0/2
2、SW3上添加如下ACL,通过路由策略将目的IP中第32位为偶数,且掩码长度为32的路由引入
SW3:
acl advanced 3000
rule 0 permit ip source 0.0.0.0 255.255.255.254 destination 255.255.255.255 0
route-policy 1 permit node 10
if-match ip address acl 3000
ospf 2
import-route ospf 1 route-policy 1
[SW4]dis ip routing-table
Destinations : 22 Routes : 22
Destination/Mask Proto Pre Cost NextHop Interface
192.168.1.2/32 O_ASE2 150 1 40.1.1.1 GE1/0/1
192.168.1.4/32 O_ASE2 150 1 40.1.1.1 GE1/0/1
3、SW3上配置如下ACL,删除destination,不仅匹配32位偶路由,另外4条24位路由因最后一位为0也匹配了
SW3:
acl advanced 3000
rule 0 permit ip source 0.0.0.0 255.255.255.254
[SW4]dis ip routing-table
Destinations : 22 Routes : 22
Destination/Mask Proto Pre Cost NextHop Interface
172.168.1.0/24 O_ASE2 150 1 40.1.1.1 GE1/0/1
172.168.2.0/24 O_ASE2 150 1 40.1.1.1 GE1/0/1
172.168.3.0/24 O_ASE2 150 1 40.1.1.1 GE1/0/1
172.168.4.0/24 O_ASE2 150 1 40.1.1.1 GE1/0/1
192.168.1.2/32 O_ASE2 150 1 40.1.1.1 GE1/0/1
192.168.1.4/32 O_ASE2 150 1 40.1.1.1 GE1/0/1
4、SW2上修改ACL如下,匹配到2条目的IP中24位为奇数的且掩码长度24的路由
SW2:
acl advanced 3000
rule 0 permit ip source 0.0.1.0 255.255.254.255 destination 255.255.255.0 0
[SW4]dis ip routing-table
Destinations : 22 Routes : 22
Destination/Mask Proto Pre Cost NextHop Interface
172.168.1.0/24 O_ASE2 150 1 30.1.1.1 GE1/0/2
172.168.3.0/24 O_ASE2 150 1 30.1.1.1 GE1/0/2
5、SW2上ACL删除destination,不仅能匹配24位奇路由,32位路由中第24位是奇数也能匹配
SW2:
acl advanced 3000
rule 0 permit ip source 0.0.1.0 255.255.254.255
[SW4]dis ip routing-table
Destinations : 22 Routes : 22
Destination/Mask Proto Pre Cost NextHop Interface
172.168.1.0/24 O_ASE2 150 1 30.1.1.1 GE1/0/2
172.168.3.0/24 O_ASE2 150 1 30.1.1.1 GE1/0/2
192.168.1.1/32 O_ASE2 150 1 30.1.1.1 GE1/0/2
192.168.1.2/32 O_ASE2 150 1 30.1.1.1 GE1/0/2
192.168.1.3/32 O_ASE2 150 1 30.1.1.1 GE1/0/2
192.168.1.4/32 O_ASE2 150 1 30.1.1.1 GE1/0/2
1、当ACL不加destination时,路由匹配和掩码长度无关。
2、destination 255.255.255.0 0,此0为通配符掩码(又称反向掩码)以点分十进制表示,并以二进制的“0”表示“匹配”,“1”表示“不关心”。
全0表示仅匹配255.255.255.0,即路由掩码长度必须等于24。
如果写destination 255.255.255.0 0.255.255.255,表示仅比较前8位,即路由掩码长度大于等于8位都可以匹配。如:
SW3:
acl advanced 3000
rule 0 permit ip source 0.0.0.0 255.255.254.255 destination 255.255.255.0 0.255.255.255
[SW4]dis ip routing-table
Destinations : 22 Routes : 22
Destination/Mask Proto Pre Cost NextHop Interface
100.0.0.0/8 O_ASE2 150 1 40.1.1.1 GE1/0/1
172.168.2.0/24 O_ASE2 150 1 40.1.1.1 GE1/0/1
172.168.4.0/24 O_ASE2 150 1 40.1.1.1 GE1/0/1
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作