• Configure an extended access-list filter on R5
• so that the routes to VLANs 7 and 9 are only received from R1,
• while the routes to R1’s Loopback and VLAN 146 are only received from R3.
但設定前 VLAN 7 & 9 是從R3接受到的
但設定前 R1 Lo & Vlan 146 是從R1接受到的
Rack1R5#show ip route rip
R 155.1.9.0 [120/3] via 155.1.0.3, 00:00:04, Serial0/0.1
R 155.1.7.0 [120/2] via 155.1.0.3, 00:00:04, Serial0/0.1
R 155.1.146.0 [120/1] via 155.1.0.1, 00:00:04, Serial0/0.1
R 150.1.1.0 [120/1] via 155.1.0.1, 00:00:08, Serial0/0.1
Rack1R5#
Extended access-lists when called as a distribute-list in IGP have a different meaning than in redistribution or as in BGP.
With BGP and redistribution the “source” field in the ACL represents the network address,
and the “destination” field represents the subnet mask.
In an IGP distribute-list application the “source” field in the ACL matches the update source of the route, and the “destination” field represents the network address.
This implementation allows us to control which networks we are receiving, but more importantly who we are receiving them from.
Before the filter is applied, R5 routes to R3 for VLANs 7 and 9, and to R1 for VLAN 146 and R1’s Loopback 0.
access-list 100 deny ip host 155.1.0.3 host 155.1.7.0
access-list 100 deny ip host 155.1.0.3 host 155.1.9.0
access-list 100 deny ip host 155.1.0.1 host 150.1.1.0
access-list 100 deny ip host 155.1.0.1 host 155.1.146.0
access-list 100 permit ip any any
router rip
distribute-list 100 in Serial0/0.1
exit
Rack1R5#show ip route rip
R 155.1.9.0 [120/4] via 155.1.0.1, 00:00:00, Serial0/0.1
R 155.1.7.0 [120/3] via 155.1.0.1, 00:00:00, Serial0/0.1
R 155.1.146.0 [120/2] via 155.1.0.3, 00:00:00, Serial0/0.1
R 150.1.1.0 [120/2] via 155.1.0.3, 00:00:03, Serial0/0.1
Rack1R5#
沒有留言:
張貼留言