========================
route filtering
========================
Dac
diem : only filtering route in routing table . Trong database khong bi filter .
- distribute-list in.
+
chi ap dung theo chieu "in" .neu ap dung theo chieu out ,thi no
filter LSA = > neighbor OSPF down.
(“distribute-list … out” command works only on ASBR + filter database )
+
chi filter route trong routing table
+
ap dung voi route-map (cong cu rat manh…)
Distribute-list
+ route-map chi co trong EIGRP + OSPF (k co trong RIP)
- distance ..
+
advertise la router-id cua router advertise
- route-map ..." (match interface /ip address /ip next-hop / ip route-source /metric /route-type / tag)
- ip ospf prefix-suppression / prefix-suppression
- Prevents OSPF from advertising IP prefixes belonging to the interface.
Cho
topology :
Yeu
cau 1 : filter route 4.4.4.0/24 tren R3 su dung "distribute-list in"
Yeu
cau 2 : filter route 6.6.6.0/24 tren R3 su dung "distance"
Yeu
cau 3 : filter route 6.6.6.0/24 trong mien OSPF.
- Su dung distribute-list.
Config R3 :
access-list 1
deny 4.4.4.0 0.0.0.255
access-list 1
permit any
!
router ospf 1
log-adjacency-changes
distribute-list 1 in Serial0/0
|
sau khi cau hinh :`
Kiem tra area 123 :
Show
ip route R1 :
- Filter route 6.6.6.0/24 trong mien OSPF.
config R5.
access-list 1
deny 6.6.6.0 0.0.0.255
access-list 1
permit any
!
router ospf 1
distribute-list 1
out
|
Ket qua : route 6.6.6.0/24 filter database .
c. su dung
distance filter 6.6.6.0/24.
Tren
R3 show ip ospf database :
thay : ADV router cua route 6.6.6.0/24 la
10.1.45.5
Tren R3 cau hinh nhu
sau:
access-list 1
permit 6.6.6.0 0.0.0.255
!
router ospf 1
distance 255 10.1.45.5 0.0.0.0 1
|
===> show ip
route R3 va R1 .route 6.6.6.0/24 trong R3 bi filter ,tuy nhien R1 thi khong .
=================== LSA filtering
============================
Dac
diem : filter route in
database .
- area ... filter-list prefix
+
apply in ABR router
+ filter type 3
in-lists
|
Filter LSAs truoc
khi gui sang area khac
|
out-lists
|
Fiter LSAs di ra
khoi area, tranh LSA duoc dua vao area khac nhung attack to router .
|
------------------------------------------------------------------------------------------
Lab :
+ filter 4.4.4.0/24 trong area 123.
+ filter 1.1.1.0/24 trong area 0 vs area 45
Cau
hinh R3 :
ip prefix-list 1
seq 5 deny 4.4.4.0/24
Ip prefix-list 1
seq 10 permit 0.0.0.0/0 le 32
#permit any host
ip prefix-list 2
seq 5 deny 1.1.1.0/24
ip prefix-list 2
seq 10 permit 0.0.0.0/0 le 32
!
router ospf 1
log-adjacency-changes
area 123 filter-list prefix 1 in
area 123 filter-list prefix 2 out
|
- area ... range ... not-adv
+
apply in ABR router ( ABR router nam cung area voi ASBR tao ra
LSA type 3 )
+ filter type 3
Lab :
+
filter 5.5.5.0/24 trong area 0 vs area
123
Config
R4:
router ospf 1
log-adjacency-changes
area 45 range 5.5.5.0 255.255.255.0 not-advertise
|
- summary-address … not-adv
+
apply in ASBR router.
+
filter LSA type 5 and type 7
+
More-specifics which are within the range will be suppressed
Lab:
+
filter 10.1.56.0/24 (filter type 5).
+
config area 45 nssa . Filter 6.6.6.0/24
( filter type 7)
Config
R5 ( ASBR router).
router ospf 1
summary-address 10.1.56.0 255.255.255.0 not-advertise
|
Config
R5 ( ASBR router).
router ospf 1
area 45 nssa
summary-address 6.6.6.0 255.255.255.0 not-advertise
|
- ip ospf database-filter all out / neighbor database-filter all
+
out can filter LSA type 2,3,4,5, 7
- max-metric router-lsa.
No comments:
Post a Comment