1、掌握基于 Prefix-List 的过滤配置方法。
2、掌握 Prefix-List 针对路由的子网掩码长度的选择性过滤配置。
网络图:
配置了各个路由器的IP地址等基本信息测试互连可达。
配置基本的BGP路由协议,并关闭自动汇总。
查看R3的路由表,结果表明可以学习到AS 64512的所有路由:
R3#show ip route
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 6 subnets, 6 masks
B 172.16.255.0/30 [20/0] via 10.1.255.1, 00:00:27
B 172.16.4.0/28 [20/0] via 10.1.255.1, 00:00:27
B 172.16.0.0/24 [20/0] via 10.1.255.1, 00:00:27
B 172.16.1.0/25 [20/0] via 10.1.255.1, 00:00:27
B 172.16.2.0/26 [20/0] via 10.1.255.1, 00:00:27
B 172.16.3.0/27 [20/0] via 10.1.255.1, 00:00:27
10.0.0.0/30 is subnetted, 1 subnets
C 10.1.255.0 is directly connected, Serial0/0
********* 阶段要求 1:R2 允许将 172.16.0.0/24 和 172.16.1.0/25 路由通告给 R3 路由器 *********
在R2上配置前缀列表:
R2(config)#ip prefix-list bgp-filter seq 5 deny 172.16.0.0/24
R2(config)#ip prefix-list bgp-filter seq 10 deny 172.16.1.0/25
R2(config)#ip prefix-list bgp-filter seq 15 per 0.0.0.0/0 le 32 ---->允许其它所有,类似ACL中的permit any
R2(config)#router bgp 64512
R2(config-router)#neighbor 10.1.255.2 prefix-list bgp-filter out ---->用到出方向
R2(config-router)#end
查看R3上的路由表:
R3#show ip route
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 4 subnets, 4 masks
B 172.16.255.0/30 [20/0] via 10.1.255.1, 00:19:03
B 172.16.4.0/28 [20/0] via 10.1.255.1, 00:19:03
B 172.16.2.0/26 [20/0] via 10.1.255.1, 00:19:03
B 172.16.3.0/27 [20/0] via 10.1.255.1, 00:19:03
10.0.0.0/30 is subnetted, 1 subnets
C 10.1.255.0 is directly connected, Serial0/0
该死的那两条路由死了(/24和/25那两个)。
********* 阶段要求 2:仅允许将 172.16.3.0/27 子网通告给 R3 路由器 *********
在R2上配置前缀列表:
R2(config)#ip prefix-list bgp-filter seq 5 permit 172.16.3.0/27
R2(config)#ip prefix-list bgp-filter seq 10 permit 172.16.255.0/30
R2(config)#router bgp 64512
R2(config-router)#neighbor 10.1.255.2 prefix-list bgp-filter out
R2(config-router)#end
再查看R3的路由表:
R3#show ip route
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
B 172.16.255.0/30 [20/0] via 10.1.255.1, 00:33:09
B 172.16.3.0/27 [20/0] via 10.1.255.1, 00:33:09
10.0.0.0/30 is subnetted, 1 subnets
C 10.1.255.0 is directly connected, Serial0/0
已经正确过滤。
********* 阶段要求 3:仅允许 172.16.0.0/22 网络下,子网掩码长度大于等于 26 位的子网路由被通告给 R3 *********
在R2上配置前缀列表:
R2(config)#ip prefix-list bgp-filter seq 5 per 172.16.0.0/22 ge 26 ---->大于等于26
R2(config)#ip prefix-list bgp-filter seq 10 permit 172.1.255.0/30
R2(config)#router bgp 64512
R2(config-router)#neighbor 10.1.255.2 prefix-list bgp-filter out
R2(config-router)#exit
再查看R3的路由表:
R3#show ip route
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
B 172.16.2.0/26 [20/0] via 10.1.255.1, 00:10:43
B 172.16.3.0/27 [20/0] via 10.1.255.1, 01:06:57
10.0.0.0/30 is subnetted, 1 subnets
C 10.1.255.0 is directly connected, Serial0/0
172.16.4.0/28没出现在这里是因为它不属于172.16.0.0/22的子网
********* 阶段要求 4:仅允许 172.16.0.0/22 网络下,子网掩码长度小于等于 25 位的子网路由被通告给 R3 *********
在R2上配置前缀列表:
R2(config)#ip prefix-list bgp-filter seq 5 per 172.16.0.0/22 le 25 ----->关键字:le
R2(config)#ip prefix-list bgp-filter seq 10 per 172.16.255.0/30
R2(config)#router bgp 64512
R2(config-router)#neighbor 10.1.255.2 prefix-list bgp-filter out
R2(config-router)#end
查看R3上的路由表:
R3#show ip route
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 3 subnets, 3 masks
B 172.16.255.0/30 [20/0] via 10.1.255.1, 00:18:15
B 172.16.0.0/24 [20/0] via 10.1.255.1, 00:18:15
B 172.16.1.0/25 [20/0] via 10.1.255.1, 00:18:15
10.0.0.0/30 is subnetted, 1 subnets
C 10.1.255.0 is directly connected, Serial0/0
剩下24位的和25位掩码的网络。
********* 阶段要求 5:仅允许 172.16.0.0/22 网络下,子网掩码长度大于等于 25 且小于等于 26 位的子网路由被通告给 R3 *********
在R2上配置前缀列表:
R2(config)#ip prefix bgp-filter seq 5 per 172.16.0.0/22 ge 25 le 26 ---->在某网络中:ge <= 掩码 <= le
R2(config)#ip prefix bgp-filter seq 10 per 172.16.255.0/30
R2(config)#router bgp 64512
R2(config-router)#neighbor 10.1.255.2 prefix bgp-filter out
R2(config-router)#end
查看R3上的路由表:
R3#show ip route
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 3 subnets, 3 masks
B 172.16.255.0/30 [20/0] via 10.1.255.1, 00:33:12
B 172.16.1.0/25 [20/0] via 10.1.255.1, 00:33:12
B 172.16.2.0/26 [20/0] via 10.1.255.1, 00:09:00
10.0.0.0/30 is subnetted, 1 subnets
C 10.1.255.0 is directly connected, Serial0/0
25位的和26位的留下。
结束。
付费用户 评论说:
![[转载文章]2024年,我的一点小建议](https://www.qinyuanyang.com/zb_users/theme/um_blog/style/images/7.jpg "[转载文章]2024年,我的一点小建议")
