组网:MSR2与MSR3建立OSPF邻居,并且在MSR上将直连路由引入到OSPF内
目的:要求MSR3只能学到10.1.0.0的路由
1.使用filter-policy
acl advanced 3000
rule 1 deny ip source 10.0.0.0 0.0.0.255
rule 5 permit ip
ospf 1
import-route direct
filter-policy 3000 export
area 0.0.0.0
network 1.1.1.0 0.0.0.255
2.使用路由策略+前缀列表
ip prefix-list test index 10 permit 10.0.0.0 24
acl advanced 3001
rule 0 permit ip
route-policy test deny node 10
if-match ip address prefix-list test
route-policy test permit node 40
if-match ip address acl 3001
ospf 1
import-route direct route-policy test
area 0.0.0.0
network 1.1.1.0 0.0.0.255
3.前缀列表+filter-policy
ip prefix-list kdf index 10 deny 10.0.0.0 24
ip prefix-list kdf index 20 permit 0.0.0.0 0 less-equal 32
ospf 1
import-route direct
filter-policy prefix-list kdf export
area 0.0.0.0
network 1.1.1.0 0.0.0.255
路由过滤之前MSR3的路由表同时存在10.0.0.0与10.1.1.0的ASE路由
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
1.1.1.0/24 Direct 0 0 1.1.1.2 GE0/2
1.1.1.0/32 Direct 0 0 1.1.1.2 GE0/2
1.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
1.1.1.3/32 O_ASE2 150 1 1.1.1.1 GE0/2
1.1.1.255/32 Direct 0 0 1.1.1.2 GE0/2
10.0.0.0/24 O_ASE2 150 1 1.1.1.1 GE0/2
10.1.0.0/24 O_ASE2 150 1 1.1.1.1 GE0/2
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
最终效果是MSR3的路由表中只有10.1.0.0的ASE路由
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
1.1.1.0/24 Direct 0 0 1.1.1.2 GE0/2
1.1.1.0/32 Direct 0 0 1.1.1.2 GE0/2
1.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
1.1.1.3/32 O_ASE2 150 1 1.1.1.1 GE0/2
1.1.1.255/32 Direct 0 0 1.1.1.2 GE0/2
10.1.0.0/24 O_ASE2 150 1 1.1.1.1 GE0/2
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
无论使用router-policy还是filter-policy,建议和acl结合,简单易懂
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作