distribute list可以用來控制路由更新,它需要用到access list。一般情況下,access list並不能控制由路由器自己生成的數據流,但是如果將access list應用到distribute list,則可以用來允許、拒絕路由選擇更新。
下面是本實例用到的拓撲:
應用distribute list之前的路由器配置及路由表
R1#show run
!
interface Ethernet1/0
ip address 10.0.0.1 255.255.255.252
duplex half
!
interface Ethernet1/2
ip address 10.1.0.1 255.255.0.0
duplex half
!
interface Ethernet1/3
ip address 10.2.0.1 255.255.0.0
duplex half
!
interface Ethernet1/4
ip address 10.3.0.1 255.255.0.0
duplex half
!
router rip
version 2
network 10.0.0.0
!
!
interface Ethernet1/0
ip address 10.0.0.1 255.255.255.252
duplex half
!
interface Ethernet1/2
ip address 10.1.0.1 255.255.0.0
duplex half
!
interface Ethernet1/3
ip address 10.2.0.1 255.255.0.0
duplex half
!
interface Ethernet1/4
ip address 10.3.0.1 255.255.0.0
duplex half
!
router rip
version 2
network 10.0.0.0
!
R2#show run
!
interface Ethernet1/0
ip address 10.0.0.2 255.255.255.252
duplex half
!
interface Ethernet1/1
ip address 10.0.0.9 255.255.255.252
duplex half
!
router ospf 1
log-adjacency-changes
redistribute rip subnets
network 10.0.0.8 0.0.0.3 area 0
!
router rip
version 2
redistribute ospf 1 metric 5
network 10.0.0.0
!
interface Ethernet1/0
ip address 10.0.0.2 255.255.255.252
duplex half
!
interface Ethernet1/1
ip address 10.0.0.9 255.255.255.252
duplex half
!
router ospf 1
log-adjacency-changes
redistribute rip subnets
network 10.0.0.8 0.0.0.3 area 0
!
router rip
version 2
redistribute ospf 1 metric 5
network 10.0.0.0
R3#show run
!
interface Ethernet1/0
ip address 10.0.0.10 255.255.255.252
duplex half
!
interface Ethernet1/2
ip address 10.8.0.1 255.255.0.0
duplex half
!
interface Ethernet1/3
ip address 10.9.0.1 255.255.0.0
duplex half
!
interface Ethernet1/4
ip address 10.10.0.1 255.255.0.0
duplex half
!
interface Ethernet1/5
ip address 10.11.0.1 255.255.0.0
duplex half
!
router ospf 1
log-adjacency-changes
network 10.0.0.8 0.0.0.3 area 0
network 10.8.0.0 0.3.255.255 area 0
!
interface Ethernet1/0
ip address 10.0.0.10 255.255.255.252
duplex half
!
interface Ethernet1/2
ip address 10.8.0.1 255.255.0.0
duplex half
!
interface Ethernet1/3
ip address 10.9.0.1 255.255.0.0
duplex half
!
interface Ethernet1/4
ip address 10.10.0.1 255.255.0.0
duplex half
!
interface Ethernet1/5
ip address 10.11.0.1 255.255.0.0
duplex half
!
router ospf 1
log-adjacency-changes
network 10.0.0.8 0.0.0.3 area 0
network 10.8.0.0 0.3.255.255 area 0
配置後,我們分別查看三臺路由器的路由表:
R1#show ip route
Gateway of last resort is not set
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks
R 10.10.0.0/16 [120/5] via 10.0.0.2, 00:00:20, Ethernet1/0
R 10.11.0.0/16 [120/5] via 10.0.0.2, 00:00:20, Ethernet1/0
R 10.8.0.0/16 [120/5] via 10.0.0.2, 00:00:20, Ethernet1/0
R 10.0.0.8/30 [120/1] via 10.0.0.2, 00:00:20, Ethernet1/0
R 10.9.0.0/16 [120/5] via 10.0.0.2, 00:00:20, Ethernet1/0
C 10.2.0.0/16 is directly connected, Ethernet1/3
C 10.3.0.0/16 is directly connected, Ethernet1/4
C 10.0.0.0/30 is directly connected, Ethernet1/0
C 10.1.0.0/16 is directly connected, Ethernet1/2
R 10.10.0.0/16 [120/5] via 10.0.0.2, 00:00:20, Ethernet1/0
R 10.11.0.0/16 [120/5] via 10.0.0.2, 00:00:20, Ethernet1/0
R 10.8.0.0/16 [120/5] via 10.0.0.2, 00:00:20, Ethernet1/0
R 10.0.0.8/30 [120/1] via 10.0.0.2, 00:00:20, Ethernet1/0
R 10.9.0.0/16 [120/5] via 10.0.0.2, 00:00:20, Ethernet1/0
C 10.2.0.0/16 is directly connected, Ethernet1/3
C 10.3.0.0/16 is directly connected, Ethernet1/4
C 10.0.0.0/30 is directly connected, Ethernet1/0
C 10.1.0.0/16 is directly connected, Ethernet1/2
可以看到R1收到了5條從OSPF重分發過來的路由。
R2#show ip route
Gateway of last resort is not set
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks
O 10.10.0.0/16 [110/20] via 10.0.0.10, 02:51:12, Ethernet1/1
O 10.11.0.0/16 [110/20] via 10.0.0.10, 02:51:12, Ethernet1/1
O 10.8.0.0/16 [110/20] via 10.0.0.10, 02:51:12, Ethernet1/1
C 10.0.0.8/30 is directly connected, Ethernet1/1
O 10.9.0.0/16 [110/20] via 10.0.0.10, 02:51:12, Ethernet1/1
R 10.2.0.0/16 [120/1] via 10.0.0.1, 00:00:04, Ethernet1/0
R 10.3.0.0/16 [120/1] via 10.0.0.1, 00:00:04, Ethernet1/0
C 10.0.0.0/30 is directly connected, Ethernet1/0
R 10.1.0.0/16 [120/1] via 10.0.0.1, 00:00:04, Ethernet1/0
O 10.10.0.0/16 [110/20] via 10.0.0.10, 02:51:12, Ethernet1/1
O 10.11.0.0/16 [110/20] via 10.0.0.10, 02:51:12, Ethernet1/1
O 10.8.0.0/16 [110/20] via 10.0.0.10, 02:51:12, Ethernet1/1
C 10.0.0.8/30 is directly connected, Ethernet1/1
O 10.9.0.0/16 [110/20] via 10.0.0.10, 02:51:12, Ethernet1/1
R 10.2.0.0/16 [120/1] via 10.0.0.1, 00:00:04, Ethernet1/0
R 10.3.0.0/16 [120/1] via 10.0.0.1, 00:00:04, Ethernet1/0
C 10.0.0.0/30 is directly connected, Ethernet1/0
R 10.1.0.0/16 [120/1] via 10.0.0.1, 00:00:04, Ethernet1/0
R2收到4條OSPF路由和3條RIP路由。
R3#show ip route
Gateway of last resort is not set
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks
C 10.10.0.0/16 is directly connected, Ethernet1/4
C 10.11.0.0/16 is directly connected, Ethernet1/5
C 10.8.0.0/16 is directly connected, Ethernet1/2
C 10.0.0.8/30 is directly connected, Ethernet1/0
C 10.9.0.0/16 is directly connected, Ethernet1/3
O E2 10.2.0.0/16 [110/20] via 10.0.0.9, 02:52:45, Ethernet1/0
O E2 10.3.0.0/16 [110/20] via 10.0.0.9, 02:52:45, Ethernet1/0
O E2 10.0.0.0/30 [110/20] via 10.0.0.9, 02:52:45, Ethernet1/0
O E2 10.1.0.0/16 [110/20] via 10.0.0.9, 02:52:45, Ethernet1/0
C 10.10.0.0/16 is directly connected, Ethernet1/4
C 10.11.0.0/16 is directly connected, Ethernet1/5
C 10.8.0.0/16 is directly connected, Ethernet1/2
C 10.0.0.8/30 is directly connected, Ethernet1/0
C 10.9.0.0/16 is directly connected, Ethernet1/3
O E2 10.2.0.0/16 [110/20] via 10.0.0.9, 02:52:45, Ethernet1/0
O E2 10.3.0.0/16 [110/20] via 10.0.0.9, 02:52:45, Ethernet1/0
O E2 10.0.0.0/30 [110/20] via 10.0.0.9, 02:52:45, Ethernet1/0
O E2 10.1.0.0/16 [110/20] via 10.0.0.9, 02:52:45, Ethernet1/0
R3收到了4條從RIP重分發過來的路由,顯示爲2類外部路由。
應用distribute list之後的路由器配置及路由表
我們現在希望R2只將OSPF網絡的路由10.8.0.0重分發給RIP網絡,而其他網絡都不重分發;同時我們希望R2不要重分發來自RIP網絡的10.1.0.0給OSPF,而其他網絡則允許。
我們可以在R2上通過配置distribute list來達到這個目的。在配置distribute list之前,我們需要先配置access list:
access-list 1 permit 10.8.0.0
access-list 2 deny 10.1.0.0 0.0.255.255
access-list 2 permit any
access-list 2 deny 10.1.0.0 0.0.255.255
access-list 2 permit any
然後我們將這兩個access list提供給distribute list使用,給它用作判斷條件。細心的朋友還會發現,我們在配置access list 2的時候使用了通配符,而配置access list 1的時候則沒有使用。實驗發現,如果access list 1配置成:access-list 1 permit 10.8.0.0 0.0.255.255,則distribute list不會對OSPF重分發到RIP的路由起任何過濾作用。
R2(config)#router ospf 1
R2(config-router)#distribute-list 2 out rip
R2(config-router)#distribute-list 2 out rip
這裏的2是上面配置的access list的號碼,這句話的意思是,將access list 2定義的篩選條件用來生成一個distribute list,後面的rip是指需要重分發到ospf的路由協議,out是指出口方向,注意我們是在ospf進程下配置的,所以這裏是將RIP重分發到OSPF,所以出口方向應該是向OSPF這一邊(也就是圖中向右的方向)。也即符合access list 2的路由更新會被重分發到OSPF,不符合的會丟棄。
R2(config-router)#router rip
R2(config-router)#distribute-list 1 out ospf
R2(config-router)#distribute-list 1 out ospf
這句話的意思是對OSPF重分佈到RIP的路由更新應用access list。
我們再查看一下路由器R1和R3的路由表:
R1#show ip route
Gateway of last resort is not set
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
R 10.8.0.0/16 [120/5] via 10.0.0.2, 00:00:09, Ethernet1/0
R 10.0.0.8/30 [120/1] via 10.0.0.2, 00:00:09, Ethernet1/0
C 10.2.0.0/16 is directly connected, Ethernet1/3
C 10.3.0.0/16 is directly connected, Ethernet1/4
C 10.0.0.0/30 is directly connected, Ethernet1/0
C 10.1.0.0/16 is directly connected, Ethernet1/2
R 10.8.0.0/16 [120/5] via 10.0.0.2, 00:00:09, Ethernet1/0
R 10.0.0.8/30 [120/1] via 10.0.0.2, 00:00:09, Ethernet1/0
C 10.2.0.0/16 is directly connected, Ethernet1/3
C 10.3.0.0/16 is directly connected, Ethernet1/4
C 10.0.0.0/30 is directly connected, Ethernet1/0
C 10.1.0.0/16 is directly connected, Ethernet1/2
可以看到,除了10.8.0.0以及10.0.0.8之外,R2沒有將OSPF的其他路由重分發給RIP。我們同時看到,作爲直連網絡的10.8.0.0/30並不在限制的範圍之內。
R3#show ip route
Gateway of last resort is not set
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 8 subnets, 2 masks
C 10.10.0.0/16 is directly connected, Ethernet1/4
C 10.11.0.0/16 is directly connected, Ethernet1/5
C 10.8.0.0/16 is directly connected, Ethernet1/2
C 10.0.0.8/30 is directly connected, Ethernet1/0
C 10.9.0.0/16 is directly connected, Ethernet1/3
O E2 10.2.0.0/16 [110/20] via 10.0.0.9, 03:15:47, Ethernet1/0
O E2 10.3.0.0/16 [110/20] via 10.0.0.9, 03:15:47, Ethernet1/0
O E2 10.0.0.0/30 [110/20] via 10.0.0.9, 03:15:47, Ethernet1/0
C 10.10.0.0/16 is directly connected, Ethernet1/4
C 10.11.0.0/16 is directly connected, Ethernet1/5
C 10.8.0.0/16 is directly connected, Ethernet1/2
C 10.0.0.8/30 is directly connected, Ethernet1/0
C 10.9.0.0/16 is directly connected, Ethernet1/3
O E2 10.2.0.0/16 [110/20] via 10.0.0.9, 03:15:47, Ethernet1/0
O E2 10.3.0.0/16 [110/20] via 10.0.0.9, 03:15:47, Ethernet1/0
O E2 10.0.0.0/30 [110/20] via 10.0.0.9, 03:15:47, Ethernet1/0
可以看到這裏比原來少了10.1.0.0這條路由。