Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 17 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
17
Dung lượng
52,5 KB
Nội dung
Lab 6-3: SỬ DỤNG ROUTE-MAP Mô tả Bài thực hành hướng dẫn cách sử dụng lệnh route-map trình phân phối route giao thức định tuyến Công ty ABC vừa liên minh với công ty ISP ABC có chi nhánh Biên Hồ –BH, trụ sở HCMC (router HCM BienHoa) Cả trụ sở kết nối vào chi nhánh cty ISP thành phố sở ((router ISP1 HCMC ISP2 Biên Hoà) Hiện ABC có cấu hình kết nối hình vẽ sử dụng RIPv2 ISP sử dụng OSPF Do đó, cần có mutual redistribution hai giao thức để network thấy Kết nối ISP1 HCMC, HCM BH 2M Kết nối ISP2 BH 128K Chỉ có router ISP1 làm redistribution cho RIP vào OSPF ISP2 làm redistribution cho OSPF vào RIP Trong tương lai, router làm redistribution cho giao thức Network 192.168.12.0/24 phịng nghiên cứu R&D khơng mạng khác nhìn thấy trừ network dành cho manager 192.168.11.0/24 Để thuận tiện sử dụng lệnh show ip rip database, nên sử dụng IOS version 12 Thực Xây dựng cấu hình mạng theo sơ đồ chưa cấu hình OSPF Dùng lệnh CDP ping để kiểm tra kết nốI trực tiếp với Cấu hình RIP HCM, BIENHOA, ISP1, ISP2 Ta cấu hình RIPv2 cho cho router HCM, BIENHOA, ISP1, ISP2 sau: HCM(config)#router rip HCM(config-router)#version HCM(config-router)#no auto-summary HCM(config-router)#network 192.168.1.0 ISP1(config)#router rip ISP1(config-router)#version ISP1(config-router)#no auto-summary ISP1(config-router)#network 192.168.1.0 BienHoa(config)#router rip BienHoa(config-router)#version BienHoa(config-router)#no auto-summary BienHoa(config-router)#network 192.168.1.0 ISP2(config)#router rip ISP2(config-router)#version ISP2(config-router)#no auto-summary ISP2(config-router)#network 192.168.1.0 Kiểm tra bảng định tuyến router HCM, BIENHOA, ISP1, ISP2 ta thấy có RIP route sh ip route Cấu hình OSPF ISP1, ISP2 Ta cấu hình OSPF cho router ISP1, ISP2 sau: ISP1(config)#router ospf ISP1(config-router)#network 192.168.100.0 0.0.0.255 area ISP2(config)#router ospf ISP2(config-router)#network 192.168.100.0 0.0.0.255 area Kiểm tra OSPF database OSPF adjacency router ISP1 ISP2, ta thấy có OSPF route sh ip ospf database sh ip ospf neighbor Redistribute connected BienHoa Cấu hình đưa route connected vào RIP router BienHoa BienHoa(config)#router rip BienHoa(config-router)#redistribute connected Các RIP route 192.168.21.0/25 192.168.21.128/25 xuất bảng định tuyến router ISP1, ISP2 HCMC Các route xuất RIP database tất router Bạn phải cấu hình no auto-summary mode router rip BienHoa để router khác học route 192.168.21.0 /25 192.168.21.128/25 Nếu bạn khơng cấu hình, router khác học route 192.168.21.0/24 Kiểm tra lệnh : HCM#show ip route 192.168.11.0/30 is subnetted, subnets C 192.168.11.0 is directly connected, Ethernet0/0 192.168.21.0/24 is variably subnetted, subnets, masks R 192.168.21.0/25 [120/1] via 192.168.1.10, 00:00:10, Serial0/0 R 192.168.21.128/25 [120/1] via 192.168.1.10, 00:00:10, Serial0/0 C 192.168.21.128/30 is directly connected, Loopback0 Có thể kiểm tra RIP database lệnh: HCM#sh ip rip database 192.168.1.0/24 auto-summary 192.168.1.0/30 directly connected, Serial0/1 192.168.1.4/30 [1] via 192.168.1.10, 00:00:16, Serial0/0 192.168.1.8/30 directly connected, Serial0/0 192.168.21.0/24 auto-summary 192.168.21.0/25 [1] via 192.168.1.10, 00:00:16, Serial0/0 192.168.21.128/25 [1] via 192.168.1.10, 00:00:16, Serial0/0 Bước 5: Đưa route connected HCMC Ở router HCMC hai netwrork chưa tham gia vào miền RIP 192.168.11.0/25 192.168.11.128/25 Ta phân phối network vào miền RIP sau : HCM(config)#router rip HCM(config-router)#redistribute connected Kiểm tra kết router BienHoa : BienHoa#show ip route 192.168.11.0/25 is subnetted, subnets R 192.168.11.0 [120/1] via 192.168.1.9, 00:00:06, Serial0/0 R 192.168.11.128 [120/1] via 192.168.1.9, 00:00:06, Serial0/0 192.168.21.0/25 is subnetted, subnets C 192.168.21.0 is directly connected, Ethernet0/0 C 192.168.21.128 is directly connected, Loopback0 192.168.1.0/30 is subnetted, subnets C 192.168.1.8 is directly connected, Serial0/0 R 192.168.1.0 [120/1] via 192.168.1.9, 00:00:06, Serial0/0 C 192.168.1.4 is directly connected, Serial0/1 Nhưng ta khơng muốn mạng khác thấy network 192.168.11.128/25 network riêng nhà quản lý Do đó, phân phối vào miền RIP ta dùng route-map để loại network Cấu sau: HCM(config)#access-list 111 deny ip 192.168.11.0 0.0.0.127 any HCM(config)#access-list 111 permit ip any any HCM(config)#route-map connected-to-rip permit 10 HCM(config-route-map)#match ip address 111 HCM(config)#router rip HCM(config-router)#redistribute connected route-map conneted-to-rip ⁄ Bạn nên sử dụng extend ACL Kiểm tra lại route-map cấu hình: HCM#sh route-map route-map connected-to-rip, permit, sequence 10 Match clauses: ip address (access-lists): 111 Set clauses: Policy routing matches: packets, bytes ISP2#show ip route 192.168.11.0/25 is subnetted, subnets R 192.168.11.128 [120/2] via 192.168.1.6, 00:00:13, Serial0/1 192.168.21.0/25 is subnetted, subnets R 192.168.21.0 [120/1] via 192.168.1.6, 00:00:13, Serial0/1 R 192.168.21.128 [120/1] via 192.168.1.6, 00:00:13, Serial0/1 192.168.1.0/30 is subnetted, subnets R 192.168.1.8 [120/1] via 192.168.1.6, 00:00:13, Serial0/1 R 192.168.1.0 [120/2] via 192.168.1.6, 00:00:13, Serial0/1 C 192.168.1.4 is directly connected, Serial0/1 C 192.168.100.0/24 is directly connected, FastEthernet0/0 BienHoa#show ip route 192.168.11.0/25 is subnetted, subnets R 192.168.11.128 [120/1] via 192.168.1.9, 00:00:09, Serial0/0 192.168.21.0/25 is subnetted, subnets C 192.168.21.0 is directly connected, Ethernet0/0 C 192.168.21.128 is directly connected, Loopback0 192.168.1.0/30 is subnetted, subnets C 192.168.1.8 is directly connected, Serial0/0 R 192.168.1.0 [120/1] via 192.168.1.9, 00:00:09, Serial0/0 C 192.168.1.4 is directly connected, Serial0/1 Ta thấy HCM quảng bá network 192.168.11.128/25, network 192.168.11.0/25 bị chặn route-map Có thể kiểm tra xuất 192.168.11.0/24 RIP database lệnh tất router: ISP2#sh ip rip database 192.168.1.0/24 auto-summary 192.168.1.0/30 [2] via 192.168.1.6, 00:00:04, Serial0/1 192.168.1.4/30 directly connected, Serial0/1 192.168.1.8/30 [1] via 192.168.1.6, 00:00:04, Serial0/1 192.168.11.0/24 auto-summary 192.168.11.128/25 [2] via 192.168.1.6, 00:00:04, Serial0/1 192.168.21.0/24 auto-summary 192.168.21.0/25 [1] via 192.168.1.6, 00:00:04, Serial0/1 192.168.21.128/25 [1] via 192.168.1.6, 00:00:04, Serial0/1 Ta thấy RIP database IPS2 khơng có xuất network 192.168.11.0/25 Phân phối RIP vào OSPF ISP1 sử dụng route-map để tagging Khi phân phối RIP route vào OSPF router ISP1, route có AD 110 thuộc loại External Type Khi route E2 đến ISP2 phân phối vào RIP domain có khả tạo sub-optimal đường đis Để tránh tượng này, route map có hỗ trợ ta kỹ thuật để đánh dấu (tagging) RIP route với tag đó, ta chọn ngẫu nhiên số 200 Nhờ đó, router ISP2 phân phối OSPF route vào RIP, không phân phối route đánh dấu tag 200 vào RIP domain Cấu sau: ISP1(config)#access-list permit host 192.168.1.2 ISP1(config)#route-map rip-to-ospf permit 10 ISP1(config-route-map)#match ip route-source ISP1(config-route-map)#set tag 200 Kiểm tra route-map vừa cấu hình xong: ISP1#sh route-map route-map rip-to-ospf, permit, sequence 10 Match clauses: ip route-source (access-lists): Set clauses: Policy routing matches: packets, bytes Sử dụng route-map để lọc route trình phân phối rip vào ospf: ISP1(config)#router ospf ISP1(config-router)#redistribute rip subnets route-map rip-to-ospf Kiểm tra OSPF database ISP1 bảng định tuyến router ISP2 Ta thấy route RIP domain với tag 200 xuất OSPF database ISP1 ISP2 Ví dụ, bảng định tuyến ISP2: ISP1#sh ip ospf database OSPF Router with ID (192.168.100.1) (Process ID 1) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 192.168.100.1 192.168.100.1 53 0x80000008 0x1DC8 192.168.100.2 192.168.100.2 258 0x80000005 0x7878 Net Link States (Area 0) Link ID ADV Router Age Seq# Checksum 192.168.100.1 192.168.100.1 971 0x80000004 0x3EBC Type-5 AS External Link States Link ID ADV Router Age Seq# Checksum Tag 192.168.1.4 192.168.100.1 247 0x80000002 0x3C60 200 192.168.1.8 192.168.100.1 247 0x80000002 0x1484 200 192.168.11.128 192.168.100.1 247 0x80000002 0x68C 200 192.168.21.0 192.168.100.1 247 0x80000002 0x9C6C 200 192.168.21.128 192.168.100.1 247 0x80000002 0x97F0 200 ISP2#show ip route 192.168.11.0/25 is subnetted, subnets O E2 192.168.11.128 [110/20] via 192.168.100.1, 00:06:09, FastEthernet0/0 192.168.21.0/25 is subnetted, subnets O E2 192.168.21.0 [110/20] via 192.168.100.1, 00:06:09, FastEthernet0/0 O E2 192.168.21.128 [110/20] via 192.168.100.1, 00:06:09, FastEthernet0/0 192.168.1.0/30 is subnetted, subnets O E2 192.168.1.8 [110/20] via 192.168.100.1, 00:06:09, FastEthernet0/0 R 192.168.1.0 [120/2] via 192.168.1.6, 00:00:26, Serial0/1 C 192.168.1.4 is directly connected, Serial0/1 C 192.168.100.0/24 is directly connected, FastEthernet0/0 Phân phối OSPF vào RIP ISP2 sử dụng route-map filter Để tránh sub-optimal đường đis ta phải tránh đưa RIP route trở lại RIP domain với AD nhỏ Ở ISP2, thực redistribution, ta sử dụng route-map để loại bỏ route đánh dấu bước Để configure, ta sử dụng lệnh sau: ISP2(config)#route-map ospf-to-rip deny 10 ISP2(config-route-map)#match tag 200 ISP2(config-route-map)#route-map ospf-to-rip permit 20 Sử dụng route-map ospf-to-rip để chặn RIP route đưa ngược trở lại vào RIP domain tạo nên sub-optimal đường đis: ISP2(config)#router rip ISP2(config-router)#redistribute ospf metric route-map ospf-to-rip Ta thấy rip database ISP2 có network 192.168.100.0/24 đưa vào RIP domain ISP2 không bị đánh dấu (tag) 200 Do đó, route ISP2 quảng bá theo RIP ISP2#sh ip rip database 192.168.1.0/24 auto-summary 192.168.1.0/30 [2] via 192.168.1.6, 00:00:01, Serial0/1 192.168.1.4/30 directly connected, Serial0/1 192.168.100.0/24 auto-summary 192.168.100.0/24 redistributed [1] via 0.0.0.0, Kiểm tra bảng định tuyến HCM BienHoa BienHoa#sh ip route 192.168.11.0/25 is subnetted, subnets R 192.168.11.128 [120/1] via 192.168.1.9, 00:00:02, Serial0/0 192.168.21.0/25 is subnetted, subnets C 192.168.21.0 is directly connected, Ethernet0/0 C 192.168.21.128 is directly connected, Loopback0 192.168.1.0/30 is subnetted, subnets C 192.168.1.8 is directly connected, Serial0/0 R 192.168.1.0 [120/1] via 192.168.1.9, 00:00:02, Serial0/0 C 192.168.1.4 is directly connected, Serial0/1 R 192.168.100.0/24 [120/5] via 192.168.1.5, 00:00:02, Serial0/1 Cấu hình ISP2#show run Building configuration Current configuration : 1307 bytes ! version 12.1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname ISP2 ! memory-size iomem 10 ip subnet-zero ! no ip finger no ip domain-lookup ! interface FastEthernet0/0 ip address 192.168.100.2 255.255.255.0 duplex auto speed auto ! interface Serial0/1 ip address 192.168.1.5 255.255.255.252 ! router ospf log-adjacency-changes network 192.168.100.0 0.0.0.255 area ! router rip version redistribute ospf metric route-map ospf-to-rip network 192.168.1.0 no auto-summary ! ip kerberos source-interface any ip classless no ip http server ! access-list permit 192.168.11.128 0.0.0.127 route-map ospf-to-rip deny 10 match tag 200 ! route-map ospf-to-rip permit 20 ! snmp-server packetsize 4096 snmp-server manager ! line logging synchronous transport input none line aux line vty privilege level 15 no login terminal-type monitor ! end HCM#sh run Building configuration Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname HCM ! ip subnet-zero no ip domain-lookup ! process-max-time 200 ! interface Loopback0 ip address 192.168.12.1 255.255.255.0 no ip directed-broadcast ! interface Ethernet0 ip address 192.168.11.1 255.255.255.0 no ip directed-broadcast no keepalive ! interface Serial0 ip address 192.168.2.2 255.255.255.252 no ip directed-broadcast ! interface Serial1 ip address 192.168.2.9 255.255.255.252 no ip directed-broadcast clockrate 2000000 ! router rip version redistribute connected route-map connected-to-rip network 192.168.2.0 no auto-summary ! ip classless no ip http server ! access-list deny 192.168.12.0 0.0.0.255 access-list permit any route-map connected-to-rip permit 10 match ip address ! ! line logging synchronous transport input none line aux line vty password cisco login ! end ISP1#sh run Building configuration Current configuration: ! version 12.1 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname ISP1 ! ip subnet-zero no ip domain-lookup ! interface Ethernet0 ip address 192.168.100.1 255.255.255.0 ! interface Serial0 ip address 192.168.2.1 255.255.255.252 clockrate 2000000 ! router ospf log-adjacency-changes redistribute rip subnets route-map rip-to-ospf network 192.168.100.0 0.0.0.255 area ! router rip version network 192.168.2.0 no auto-summary ! ip classless no ip http server ! access-list permit 192.168.2.2 route-map rip-to-ospf permit 10 match ip route-source set tag 120 ! line logging synchronous transport input none line aux line vty password cisco login ! end BienHoa#sh run Building configuration Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname BienHoa ! ip subnet-zero no ip domain-lookup ! process-max-time 200 ! interface Loopback0 ip address 192.168.22.1 255.255.255.0 no ip directed-broadcast ! interface Ethernet0 ip address 192.168.21.1 255.255.255.0 no ip directed-broadcast no keepalive ! interface Serial0 ip address 192.168.2.6 255.255.255.252 no ip directed-broadcast clockrate 125000 ! interface Serial1 ip address 192.168.2.10 255.255.255.252 no ip directed-broadcast ! router rip version redistribute connected network 192.168.2.0 no auto-summary ! ip classless no ip http server ! ! line logging synchronous transport input none line aux line vty password cisco login ! end ISP2#sh run Building configuration Current configuration: ! version 12.1 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname ISP2 ! ip subnet-zero no ip domain-lookup ! interface Ethernet0 ip address 192.168.100.2 255.255.255.0 ! interface Serial0 ip address 192.168.2.5 255.255.255.252 no fair-queue ! interface Serial1 no ip address shutdown ! router ospf log-adjacency-changes network 192.168.100.0 0.0.0.255 area ! router rip version redistribute ospf metric route-map ospf-to-rip network 192.168.2.0 no auto-summary ! ip classless no ip http server ! route-map ospf-to-rip deny 10 match tag 120 ! route-map ospf-to-rip permit 20 ! ! line logging synchronous transport input none line aux line vty password cisco login ! end ISP1#sh run Building configuration Current configuration: ! version 11.3 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname ISP1 ! enable password cisco ! memory-size iomem 10 ip subnet-zero no ip domain-lookup ! interface Ethernet0/0 ip address 192.168.100.1 255.255.255.0 ! interface Serial0/1 ip address 192.168.1.1 255.255.255.252 ! router ospf redistribute rip subnets route-map rip-to-ospf network 192.168.100.0 0.0.0.255 area ! router rip version network 192.168.1.0 no auto-summary ! ip classless ! access-list permit 192.168.1.2 access-list 100 permit ip host 192.168.1.2 any route-map rip-to-ospf permit 10 match ip route-source set tag 200 ! line logging synchronous line aux line vty no login terminal-type monitor ! End BienHoa#sh run Building configuration Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname BienHoa ! enable password cisco ! ip subnet-zero ! interface Loopback0 ip address 192.168.21.129 255.255.255.128 no ip directed-broadcast ! interface Ethernet0/0 ip address 192.168.21.1 255.255.255.128 no ip directed-broadcast no keepalive ! interface Serial0/0 ip address 192.168.1.10 255.255.255.252 no ip directed-broadcast no ip mroute-cache no fair-queue ! interface Serial0/1 ip address 192.168.1.6 255.255.255.252 no ip directed-broadcast clockrate 64000 ! router rip version redistribute connected network 192.168.1.0 no auto-summary ! ip classless HCM#show run Building configuration Current configuration : 1323 bytes ! version 12.1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname HCM ! enable password cisco ! ip subnet-zero ! no ip finger ! interface Loopback0 ip address 192.168.11.1 255.255.255.128 ! interface Ethernet0/0 ip address 192.168.11.129 255.255.255.128 no keepalive half-duplex ! interface Serial0/0 ip address 192.168.1.9 255.255.255.252 no fair-queue clockrate 64000 ! interface Serial0/1 ip address 192.168.1.2 255.255.255.252 clockrate 64000 ! router rip version redistribute connected route-map connected-to-rip network 192.168.1.0 no auto-summary ! access-list 111 deny ip 192.168.11.0 0.0.0.127 any access-list 111 permit ip any any route-map connected-to-rip permit 10 match ip address 111 ... Để configure, ta sử dụng lệnh sau: ISP2(config) #route-map ospf-to-rip deny 10 ISP2(config -route-map) #match tag 200 ISP2(config -route-map) #route-map ospf-to-rip permit 20 Sử dụng route-map ospf-to-rip... OSPF vào RIP ISP2 sử dụng route-map filter Để tránh sub-optimal đường đis ta phải tránh đưa RIP route trở lại RIP domain với AD nhỏ Ở ISP2, thực redistribution, ta sử dụng route-map để loại bỏ... ISP1(config) #route-map rip-to-ospf permit 10 ISP1(config -route-map) #match ip route-source ISP1(config -route-map) #set tag 200 Kiểm tra route-map vừa cấu hình xong: ISP1#sh route-map route-map rip-to-ospf,