一個多協議網絡中,客戶地址分配很細,很多:
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
192.168.4.0/24
192.168.5.0/24
……………………..
某些網絡需要將所有的偶數位的網段進行過濾
分析:
由於要求R1僅能夠學習到R3的奇數位的網絡號或是偶數號的網絡號.將各個子
網拆成二進制觀察規律
192.168.1.0/24192.168.00000001.0/24
192.168.2.0/24192.168.00000010.0/24
192.168.3.0/24192.168.00000011.0/24
192.168.4.0/24192.168.00000100.0/24
192.168.5.0/24192.168.00000101.0/24
192.168.6.0/24192.168.00000110.0/24
192.168.7.0/24192.168.00000111.0/24
192.168.8.0/24192.168.00001000.0/24
可以發現,只要是192.168.x.0/24的x爲偶數,則第24位爲0,假如爲奇,則第24位爲1,因此根據此規律和ACL的0爲完全匹配1爲忽略匹配規則,可以寫出如下兩個acl,針對第24位進行匹配.
用於奇數位(odd)的網絡號:access-list 2 permit 192.168.1.0 0.0.254.0
192.168.00000001.0
000.000.11111110.0
用於偶數(even)位的網絡號:access-list 1 permit 192.168.0.0 0.0.254.0
192.168.00000000.0
000.000.11111110.0
實驗驗證
基本配置如圖:
直接在R2重分發,R1學到了全部網絡。
R1#sh ip route
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
23.0.0.0/24 is subnetted, 1 subnets
O E2 23.1.1.0 [110/20] via 12.1.1.2, 00:00:05, FastEthernet0/0
O E2 192.168.4.0/24 [110/20] via 12.1.1.2, 00:00:05, FastEthernet0/0
12.0.0.0/24 is subnetted, 1 subnets
C 12.1.1.0 is directly connected, FastEthernet0/0
O E2 192.168.1.0/24 [110/20] via 12.1.1.2, 00:00:05, FastEthernet0/0
O E2 192.168.2.0/24 [110/20] via 12.1.1.2, 00:00:05, FastEthernet0/0
O E2 192.168.3.0/24 [110/20] via 12.1.1.2, 00:00:05, FastEthernet0/0
R2(config)#ip access-list standard permit_odd
R2(config-std-nacl)#per 192.168.1.0 0.0.254.255 #只允許奇數(反掩碼寫成0.0.254.0也行)
R2(config)#route-map permit_odd per 10
R2(config-route-map)#match ip add permit_odd
R2(config-router)#redistribute rip subnets route-map permit_odd
查看R1路由表,發現只剩下奇數路由,實驗成功,允許偶數網段同理。
R1#sh ip route
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
12.0.0.0/24 is subnetted, 1 subnets
C 12.1.1.0 is directly connected, FastEthernet0/0
O E2 192.168.1.0/24 [110/20] via 12.1.1.2, 00:04:24, FastEthernet0/0
O E2 192.168.3.0/24 [110/20] via 12.1.1.2, 00:04:24, FastEthernet0/0