过滤标记路由到下游路由器
过滤标记路由到下游路由器
提问于 2019-11-25 04:04:37
我想过滤一个从EIGRP到OSPF的重新分发路由到AREA2和AREA34中的所有路由器。我在Tampa路由器上标记了路由10.90.100.0/24,并将其重新分发到OSPF,在芝加哥路由器上,我使用了一个分发列表来拒绝标记为90的路由。该路由不在芝加哥路由器上,但达拉斯和亚利桑那州仍然可以到达重新分发的EIGRP网络。理想情况下,如果可能的话,我想在上游路由器上拒绝一次。
坦帕·康菲:
TampaRTR#show running-config
Building configuration...
Current configuration : 3561 bytes
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname TampaRTR
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
ethernet lmi ce
!
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
no ip icmp rate-limit unreachable
!
!
!
!
!
!
ip name-server 8.8.8.8
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
redundancy
!
no cdp log mismatch duplex
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface GigabitEthernet0/0
description WAN
ip address 10.101.100.253 255.255.255.0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
description WAN
ip address 10.90.100.254 255.255.255.0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/3
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
!
router eigrp 1
network 4.4.4.4 0.0.0.0
network 10.90.100.0 0.0.0.255
redistribute ospf 1 metric 1000 100 250 100 1500
!
router ospf 1
area 1 nssa
redistribute eigrp 1 metric 20 metric-type 1 subnets route-map RMAPTAGEIGRP
network 4.4.4.4 0.0.0.0 area 1
network 10.101.100.0 0.0.0.255 area 1
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
route-map RMAPTAGEIGRP permit 10
set tag 90
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
transport input none
!
no scheduler allocate
!
end
TampaRTR#NewYorkRTR Config
NewYorkRTR#show run
Building configuration...
Current configuration : 3348 bytes
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname NewYorkRTR
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
ethernet lmi ce
!
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
no ip icmp rate-limit unreachable
!
!
!
!
!
!
ip name-server 8.8.8.8
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
redundancy
!
no cdp log mismatch duplex
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface GigabitEthernet0/0
description WAN
ip address 10.100.100.253 255.255.255.0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
ip address 10.101.100.254 255.255.255.0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/3
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
router ospf 1
area 1 nssa no-summary
network 2.2.2.2 0.0.0.0 area 0
network 10.100.100.0 0.0.0.255 area 0
network 10.101.100.0 0.0.0.255 area 1
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
transport input none
!
no scheduler allocate
!
end
NewYorkRTR#ChicagoRTR Config
ChicagoRTR#show run
Building configuration...
Current configuration : 3498 bytes
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ChicagoRTR
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
ethernet lmi ce
!
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
no ip icmp rate-limit unreachable
!
!
!
!
!
!
ip name-server 8.8.8.8
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
redundancy
!
no cdp log mismatch duplex
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface GigabitEthernet0/0
description WAN
ip address 10.100.100.252 255.255.255.0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
description WAN
ip address 10.102.100.254 255.255.255.0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/3
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
router ospf 1
area 2 virtual-link 5.5.5.5
network 3.3.3.3 0.0.0.0 area 0
network 10.100.100.0 0.0.0.255 area 0
network 10.102.100.0 0.0.0.255 area 2
distribute-list route-map RMAPDENYEIGRP in
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
route-map RMAPDENYEIGRP deny 10
match tag 90
!
route-map RMAPDENYEIGRP permit 20
!
!
!
control-plane
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
transport input none
!
no scheduler allocate
!
end
ChicagoRTR#DallasRTR Config:
DallasRTR#show run
Building configuration...
Current configuration : 3353 bytes
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname DallasRTR
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
ethernet lmi ce
!
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
no ip icmp rate-limit unreachable
!
!
!
!
!
!
ip name-server 8.8.8.8
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
redundancy
!
no cdp log mismatch duplex
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 5.5.5.5 255.255.255.255
!
interface GigabitEthernet0/0
description WAN
ip address 10.102.100.253 255.255.255.0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
ip address 10.134.100.254 255.255.255.0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/3
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
router ospf 1
area 2 virtual-link 3.3.3.3
network 5.5.5.5 0.0.0.0 area 2
network 10.102.100.0 0.0.0.255 area 2
network 10.134.100.0 0.0.0.255 area 34
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
transport input none
!
no scheduler allocate
!
end
DallasRTR#拓扑图供参考。
回答 1
Network Engineering用户
回答已采纳
发布于 2019-11-25 16:52:49
尝试对ABR进行过滤是正确的。
router ospf 1
...
distribute-list route-map RMAPDENYEIGRP in上面的分发列表命令不会停止OSPF LSA在您的网络中的传播.它只阻止在路由表中安装路由。如果您查看OSPF数据库,您将看到LSA仍然存在,并被发送到其他路由器(然后使用LSA设置它们的路由表)。
OSPF不像BGP。在BGP中,仅考虑在路由表中安装的路由进行传播。在OSPF中,除非在ABR中过滤LSA,否则LSA会被传播。
可以使用前缀列表并使用filter-list命令过滤ABR的OSPF路由,但这并不是基于OSPF标记的筛选。
下面是我的例子,在这个例子中,我阻止一个特定的/32在ABR上的区域之间传播。
ip prefix-list bob deny 172.16.7.1/32
ip prefix-list bob permit 0.0.0.0/0 le 32
router ospf 1
...
area 0 filter-list prefix bob out但这里有一个思科的链接与一个糟糕的讨论。它展示了如何使用路由映射过滤OSPF,但没有告诉您它只过滤路由安装,而不是传播LSA的:https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/xe-16-6/iro-xe-16-6-book/iro-inbound.html。
我演示了OSPF分发列表和使用前缀列表过滤器在我的旧“思科培训视频播客的手”的问题。
分配列表问题(14分钟):https://www.youtube.com/watch?v=SQ2jGzm4cNM
路由过滤和区域边界路由器(16分钟):https://www.youtube.com/watch?v=Doa9Ns57PXA
可悲的是,我当时使用的路由器不支持使用路线图来过滤进出某一区域的LSA。就进进出出。我认为这种情况没有改变。
页面原文内容由Network Engineering提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://networkengineering.stackexchange.com/questions/63701
复制相关文章
相似问题
腾讯云开发者
