写在前面:当使用基本ACL去匹配或者抓取路由时,是无法匹配路由的掩码的,因此必须使用另外一个工具:前缀列表(prefix-list)。前缀既能够匹配路由条目的网络号,也能够匹配其掩码。
1.网络拓扑图
链接:https://pan.baidu.com/s/1M6l0NbLnKW9cq1HvNIJfWw
提取码:8888
eNSP
链接:https://pan.baidu.com/s/1wP0vHim4yqVV0bc0wmzhFw
提取码:8888
2.网络需求
a. R2与R3运行OSPF;
b. 在R2上配置两条静态路由,目的地分别是172.16.0.0/24及172.16.0.0/16,下一跳为R1;
c. 在R2上将静态路由重发布到OSPF,但是要求只将172.16.0.0/16路由注入OSPF。
3.配置
[R2] ospf 1
[R2-ospf-1] import-route static route-policy route172
“ip ip-prefix 1 permit 172.16.0.0 16“这条命令指的是被匹配的路由,网络号的前16个比特必须与172.16.0.0的前16个比特相同,而且掩码必须为16。
3.1 R1的配置
display current-configuration
sysname R1
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
local-user admin service-type http
firewall zone Local
priority 16
interface Ethernet0/0/0
interface Ethernet0/0/1
interface Serial0/0/0
link-protocol ppp
interface Serial0/0/1
link-protocol ppp
interface Serial0/0/2
link-protocol ppp
interface Serial0/0/3
link-protocol ppp
interface GigabitEthernet0/0/0
ip address 192.168.12.1 255.255.255.0
interface GigabitEthernet0/0/1
interface GigabitEthernet0/0/2
interface GigabitEthernet0/0/3
wlan
interface NULL0
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
return
3.2 R2的配置
display current-configuration
sysname R2
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
local-user admin service-type http
firewall zone Local
priority 16
interface Ethernet0/0/0
interface Ethernet0/0/1
interface Serial0/0/0
link-protocol ppp
interface Serial0/0/1
link-protocol ppp
interface Serial0/0/2
link-protocol ppp
interface Serial0/0/3
link-protocol ppp
interface GigabitEthernet0/0/0
ip address 192.168.12.2 255.255.255.0
interface GigabitEthernet0/0/1
ip address 192.168.23.2 255.255.255.0
interface GigabitEthernet0/0/2
interface GigabitEthernet0/0/3
wlan
interface NULL0
ospf 1 router-id 2.2.2.2
import-route static route-policy route172
area 0.0.0.0
network 192.168.23.0 0.0.0.255
route-policy route172 permit node 10
if-match ip-prefix 1
ip ip-prefix 1 index 10 permit 172.16.0.0 16
ip route-static 172.16.0.0 255.255.0.0 192.168.12.1
ip route-static 172.16.0.0 255.255.255.0 192.168.12.1
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
return
3.3 R3的配置
display current-configuration
sysname R3
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
local-user admin service-type http
firewall zone Local
priority 16
interface Ethernet0/0/0
interface Ethernet0/0/1
interface Serial0/0/0
link-protocol ppp
interface Serial0/0/1
link-protocol ppp
interface Serial0/0/2
link-protocol ppp
interface Serial0/0/3
link-protocol ppp
interface GigabitEthernet0/0/0
ip address 192.168.23.3 255.255.255.0
interface GigabitEthernet0/0/1
interface GigabitEthernet0/0/2
interface GigabitEthernet0/0/3
wlan
interface NULL0
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 192.168.23.0 0.0.0.255
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
return
4.查看路由表情况,R3学习到了172.16.0.0/16路由,但是172.16.0.0/24的路由则已经被我们过滤了。
