CCNP路由实验---12、配置分发列表和被动接口
一、實驗拓撲圖:
?
二、實驗目的
???1、在實驗中應用到高級路由功能來操作路由更新,這些特性包括分發列表,默認路由,被動接口和路由重分布。
???2、掌握高級路由特性來控制路由更新。
三、實驗要求
???1、公司的Guangzhou和Beijing之間的網絡使用的RIPV2動態路由協議。
???2、在Guangzhou上面連接了一個stub network 172.16.5.1/24,為了減少流量,過濾RIPv2更新流量在整個172.16.5.1/24網絡發送。
3、在Beijing有Engineers和Managers部門,Managers網絡并不想被Guangzhou所學習到。
4、有一條非常慢的19.2Kpbs的鏈路連接Beijing和Shanghai,為了減少這條鏈路的流量,我們要禁止動態路由更新通過這條鏈路
??5、在滿足上述條件的情況下,實現全網互通。
四、實驗步驟
1、按照拓撲圖中IP,配置好路由器接口IP地址。配置如下:
Router(config)#host GuangZhou
GuangZhou(config)#int s1/1
GuangZhou(config-if)#ip add 172.16.224.1 255.255.255.252
GuangZhou(config-if)#no shut
GuangZhou(config)#int loop 0???????
GuangZhou(config-if)#ip add 172.16.5.1 255.255.255.0
GuangZhou(config-if)#exit
?
BeiJing(config)#int s1/2
BeiJing(config-if)#ip add 172.16.240.1 255.255.255.252
BeiJing(config-if)#no shut
BeiJing(config-if)#exit
BeiJing(config)#int loop 0
BeiJing(config-if)#ip add 172.16.232.1 255.255.255.0
BeiJing(config-if)#description Engineers
BeiJing(config-if)#exit
BeiJing(config)#int loop 1
BeiJing(config-if)#ip add 172.16.236.1 255.255.255.0
BeiJing(config-if)#description Manager
BeiJing(config-if)#end
?
Router(config)#host ShangHai
ShangHai(config)#int s1/1
ShangHai(config-if)#ip add 172.16.240.2 255.255.255.252
ShangHai(config-if)#no shut
ShangHai(config)#int loop 0
ShangHai(config-if)#ip add 172.16.248.1 255.255.255.0
ShangHai(config-if)#end
配置完成后使用CDP?協議檢查相鄰設備的連通性,例如:
BeiJing#sh cdp nei
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
??????????????????S - Switch, H - Host, I - IGMP, r - Repeater
?
Device ID????????Local Intrfce?????Holdtme????Capability??Platform??Port ID
ShangHai?????????Ser 1/2????????????177??????????R????????7206VXR???Ser 1/1
GuangZhou????????Ser 1/0????????????178??????????R????????7206VXR???Ser 1/1
2、在Guangzhou路由器上配置RIPv2協議通告物理直連的網絡,配置如下:
GuangZhou(config)#router rip
GuangZhou(config-router)#vers
GuangZhou(config-router)#version 2
GuangZhou(config-router)#network 172.16.224.0
GuangZhou(config-router)#network 172.16.5.0
???因為172.16.5.0是一個stub network,這個網絡里沒有路由器或者主機需要RIPv2協議的更新。.因此將Loopback0這個接口配置為被動接口,保證RIP協議更新不在這個接口上通告出去,并保證Beijing也能通過RIP協議學到這個網絡配置如下:
GuangZhou(config)#router rip
GuangZhou(config-router)#passive-interface loop 0
這樣,RIPv2將不會在loopback0接口上發送路由更新。
3、在Beijing上配置RIPv2協議,只通告Beijung路由器上的網絡,配置如下:
BeiJing(config)#router rip
BeiJing(config-router)#version 2
BeiJing(config-router)#network 172.16.224.0
BeiJing(config-router)#exit
然后在Guangzhou上使用show ip route查看路由表信息
GuangZhou#sh ip route
?
Gateway of last resort is not set
?
?????172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
R???????172.16.240.0/30 [120/1] via 172.16.224.2, 00:00:12, Serial1/1
R???????172.16.236.0/24 [120/1] via 172.16.224.2, 00:00:12, Serial1/1
R???????172.16.232.0/24 [120/1] via 172.16.224.2, 00:00:12, Serial1/1
C???????172.16.224.0/30 is directly connected, Serial1/1
C???????172.16.5.0/24 is directly connected, Loopback0
已經通常自動匯總學習到了172.16.232.0/24、172.16.236.0/24這兩個網絡了。
4、現在問題是172.16.236.0/24這個網絡并不想讓?Guangzhou?學習到,如何來過濾這個路由更新呢?這個時候我們要使用分發列表來控制路由更新。配置如下:
BeiJing#conf t
BeiJing(config)#access-list 1 deny 172.16.236.0 0.0.0.255
BeiJing(config)#access-list 1 permit any
BeiJing(config)#router rip
BeiJing(config-router)#distribute-list 1 out s1/0
BeiJing(config-router)#exit
首先定義個ACL,拒絕172.16.236.0/24這個網絡,然后使用分發列表在S1/0的出口方向上,也就是說Beijing不會在s1/0這個接口上發送關于172.16.236.0/24這個網絡的更新。接下來我們到?Guangzhou上使用show ip route命令,顯示如下:
GuangZhou#clear ip route *
GuangZhou#sh ip route????
?
Gateway of last resort is not set
?
?????172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks
R???????172.16.240.0/30 [120/1] via 172.16.224.2, 00:00:02, Serial1/1
R???????172.16.232.0/24 [120/1] via 172.16.224.2, 00:00:02, Serial1/1
C???????172.16.224.0/30 is directly connected, Serial1/1
C???????172.16.5.0/24 is directly connected, Loopback0
這時我們發現172.16.236.0/24這個網絡已經被過濾掉了。
5、由于要Shanghai是一個stub network,由于鏈路的帶寬只有19.2Kbps所以我們使用一條默認路由來路由本地的流量,配置如下:
ShangHai#conf t
ShangHai(config)#ip route 0.0.0.0 0.0.0.0 172.16.240.1 210
?
接下來我們在?SanJose3上使用debug ip packet命令后,再回到Shanghai?使用ping 192.168.5.1這個IP地址。可以看到是可以PING?通的。?Debug命令的輸出信息如下:
GuangZhou#
*Nov 26 22:51:44.419: IP: s=172.16.224.2 (Serial1/1), d=224.0.0.9, len 72, rcvd 2
*Nov 26 22:51:49.839: IP: s=172.16.224.1 (local), d=224.0.0.9 (Serial1/1), len 52, sending?broad/multicast
*Nov 26 22:51:57.551: IP: tableid=0, s=172.16.240.2 (Serial1/1), d=172.16.5.1 (Loopback0), routed via RIB
*Nov 26 22:51:57.551: IP: s=172.16.240.2 (Serial1/1), d=172.16.5.1, len 100, rcvd 4
*Nov 26 22:51:57.555: IP: tableid=0, s=172.16.5.1 (local), d=172.16.240.2 (Serial1/1), routed via FIB
*Nov 26 22:51:57.559: IP: s=172.16.5.1 (local), d=172.16.240.2 (Serial1/1), len 100, sending
*Nov 26 22:51:57.607: IP: tableid=0, s=172.16.240.2 (Serial1/1), d=172.16.5.1 (Loopback0), routed via RIB
*Nov 26 22:51:57.607: IP: s=172.16.240.2 (Serial1/1), d=172.16.5.1, len 100, rcvd 4
*Nov 26 22:51:57.611: IP: tableid=0, s=172.16.5.1 (local), d=172.16.240.2 (Serial1/1), routed via FIB
*Nov 26 22:51:57.611: IP: s=172.16.5.1 (local), d=172.16.240.2 (Serial1/1), len 100, sending
*Nov 26 22:51:57.655: IP: tableid=0, s=172.16.240.2 (Serial1/1), d=172.16.5.1 (Loopback0), routed via RIB
然后我們繼續在Shanghai上使用擴展的PING命令,如下:
ShangHai#ping
Protocol [ip]:??????????
Target IP address: 172.16.5.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 172.16.248.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.5.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.248.1
.....
Success rate is 0 percent (0/5)
在Guangzhou上的?debug ip packet命令輸出如下,可以看到無法PING通。
??GuangZhou#
*Nov 26 23:03:15.727: IP: s=172.16.224.1 (local), d=224.0.0.9 (Serial1/1), len 52, sending broad/multicastconft
Translating "conft"...domain server (255.255.255.255)
*Nov 26 23:03:18.375: IP: s=172.16.224.1 (local), d=255.255.255.255 (Serial1/1), len 51, sending broad/multicast
*Nov 26 23:03:18.383: IP: s=172.16.5.1 (local), d=255.255.255.255 (Loopback0), len 51, sending broad/multicast
*Nov 26 23:03:18.387: IP: s=172.16.5.1 (Loopback0), d=255.255.255.255, len 51, unroutable
*Nov 26 23:03:21.383: IP: s=172.16.224.1 (local), d=255.255.255.255 (Serial1/1), len 51, sending broad/multicast
*Nov 26 23:03:21.387: IP: s=172.16.5.1 (local), d=255.255.255.255 (Loopback0), len 51, sending broad/multicast
*Nov 26 23:03:21.395: IP: s=172.16.5.1 (Loopback0), d=255.255.255.255, len 51, unroutable
不能通是因為在Shanghai上根本就沒有通往172.16.5.1的路由。
6、為了使172.16.5.0/24和172.16.248.0/24能夠互訪我們需配置一條從shanghai直接的網段去往172.16.5.0網段的靜態路由,并將其重分布到RIP協議中,配置如下:
BeiJing#conf t
BeiJing(config)#ip route 172.16.248.0 255.255.255.0 172.16.240.2 210
然后在將這條靜態路由重分布到RIP協議中,配置如下:
Singapore(config)#router rip
Singapore(config-router)#redistribute static metric 2
7、最后在Guangzhou上使用?show ip route查看路由表,顯示如下:
GuangZhou#sh ip route
?
Gateway of last resort is not set
?
?????172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
R???????172.16.248.0/24 [120/2] via 172.16.224.2, 00:00:10, Serial1/1
R???????172.16.240.0/30 [120/1] via 172.16.224.2, 00:00:10, Serial1/1
R???????172.16.232.0/24 [120/1] via 172.16.224.2, 00:00:10, Serial1/1
C???????172.16.224.0/30 is directly connected, Serial1/1
C???????172.16.5.0/24 is directly connected, Loopback0
可以看到Guangzhou學習到了172.16.248.0/24這個網絡的路由,使用擴展的PING命令
源地址使用172.16.5.1到目的地址172.16.248.1,檢查能否ping?通。
Guangzhou#ping
Protocol [ip]:??????????
Target IP address: 172.16.248.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 172.16.5.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
?
Sending 5, 100-byte ICMP Echos to 172.16.248.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/20/48 ms
本文轉自 獨鉤寒江雪 51CTO博客,原文鏈接:http://blog.51cto.com/bennie/434544,如需轉載請自行聯系原作者
總結
以上是生活随笔為你收集整理的CCNP路由实验---12、配置分发列表和被动接口的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: [发布]Lucene索引分析工具Luke
- 下一篇: 一起学设计模式 - 命令模式