CCIE路由实验(4) -- BGP路由控制
1.過濾BGP路由的方法
2.用AS-path filter控制路由
3.用Community Filter控制路由
enable
conf t
no ip do lo
enable pass cisco
line con 0
logg sync
exec-t 0 0
exit
line vty 0 4
pass cisco
logg sync
exit
host
1.過濾BGP路由的方法
--------------------------------------------------------------------------
多種過濾BGP路由的方法:
直接調(diào)用前綴列表過濾路由,neighbor x.x.x.x prefix-list xx
用Distribute-list 加前綴或訪問控制列表過濾
?? ?針對(duì)某個(gè)鄰居:nenighbor x.x.x.x distribute-list + 前綴/訪問列表
?? ?針對(duì)所有鄰居:distribute-list + 前綴/訪問列表
用route-map過濾,neighbor x.x.x.x route-map
每種過濾的方法都可以用于in和out兩個(gè)方向。
R1:
int f0/0
ip add 12.1.1.1 255.255.255.0
no shut
exit
int f1/0
ip add 14.1.1.1 255.255.255.0
no shut
exit
int f2/0
ip add 13.1.1.1 255.255.255.0
no shut
exit
router bgp 100
bgp router-id 11.1.1.1
neighbor 12.1.1.2 remote-as 200
neighbor 13.1.1.3 remote-as 300
neighbor 14.1.1.4 remote-as 400
exit
R2:
int f0/0
ip add 12.1.1.2 255.255.255.0
no shut
exit
router bgp 200
bgp router-id 22.1.1.1
neighbor 12.1.1.1 remote-as 100
exit
R3:
int f0/0
ip add 13.1.1.3 255.255.255.0
no shut
exit
router bgp 300
bgp router-id 33.1.1.1
neighbor 13.1.1.1 remote-as 100
exit
R4:
int f0/0
ip add 14.1.1.4 255.255.255.0
no shut
exit
router bgp 400
bgp router-id 44.1.1.1
neighbor 14.1.1.1 remote-as 100
exit
R2:
int l0
ip add 100.1.0.1 255.255.255.0
exit
int l1
ip add 100.1.1.1 255.255.255.0
exit
int l2
ip add 100.1.2.1 255.255.255.0
exit
int l3
ip add 100.1.3.1 255.255.255.0
exit
router bgp 200
network 100.1.0.0 mask 255.255.255.0
network 100.1.1.0 mask 255.255.255.0
network 100.1.2.0 mask 255.255.255.0
network 100.1.3.0 mask 255.255.255.0
exit
R3:
int l0
ip add 100.1.0.1 255.255.255.128
exit
int l1
ip add 100.1.1.1 255.255.255.128
exit
int l2
ip add 100.1.2.1 255.255.255.128
exit
int l3
ip add 100.1.3.1 255.255.255.128
exit
router bgp 300
network 100.1.0.0 mask 255.255.255.128
network 100.1.1.0 mask 255.255.255.128
network 100.1.2.0 mask 255.255.255.128
network 100.1.3.0 mask 255.255.255.128
exit
R4:
int l0
ip add 100.1.0.1 255.255.255.192
exit
int l1
ip add 100.1.1.1 255.255.255.192
exit
int l2
ip add 100.1.2.1 255.255.255.192
exit
int l3
ip add 100.1.3.1 255.255.255.192
exit
router bgp 300
network 100.1.0.0 mask 255.255.255.192
network 100.1.1.0 mask 255.255.255.192
network 100.1.2.0 mask 255.255.255.192
network 100.1.3.0 mask 255.255.255.192
exit
R1:
show ip bgp
-------------------------------------------------------------------
R1:
ip prefix-list yeslab deny 100.1.0.0/22 ge 24 le 24
/22表示要匹配前綴100.1.0.0的前22位,而第23位和24位可以任意值。
當(dāng)沒有配置ge和le,表示掩碼長(zhǎng)度等于/length
當(dāng)配置了ge,沒有配置le,表示掩碼長(zhǎng)度大于等于ge-length,小于等于32
當(dāng)沒有配置ge,但配置了le,表示掩碼長(zhǎng)度大于等于network-length,小于等于le-length
當(dāng)同時(shí)配置了ge和le,表示前綴長(zhǎng)度大于等于ge-length,小于等于le-length
router bgp 100
neighbor 12.1.1.2 prefix-list yeslab in
exit
clear ip bgp * soft in
show ip bgp
------------------------------------------------------------------
R1:
router bgp 100
no neighbor 12.1.1.2 prefix-list yeslab in
distribute-list prefix yeslab in
exit
clear ip bgp * soft in
show ip bgp
------------------------------------------------------------------
R1:
access-list 100 deny ip 100.1.0.0 0.0.3.0 host 255.255.255.0
access-list permit ip any any
以上host前面部分匹配前綴,后面部分匹配掩碼長(zhǎng)度
router bgp 100
no distribute-list prefix yeslab in
distribute-list 100 in
exit
clear ip bgp * soft in
show ip bgp
---------------------------------------------------------------------
R1:
router bgp 100
no distribute-list 100 in
neighbor 12.1.1.2 distribute-list 100 in
exit
clear ip bgp * soft in
show ip bgp
轉(zhuǎn)載于:https://www.cnblogs.com/thlzhf/p/3166185.html
總結(jié)
以上是生活随笔為你收集整理的CCIE路由实验(4) -- BGP路由控制的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 小额贷平台有哪些 哪些属于小额贷平台
- 下一篇: 换机助手如何升级(如何兑换外币最省钱)