[Lab4-1] Grasping routing exercises

Source: Internet
Author: User

[Lab4-1] Grasping routing exercises question 1:

Fetching 172.18.0.0/16----172.29.0.0/16 routes with ACLs

Answer: 172.16.0.0 0.15.255.255, it looks perfect, but the box is actually a little wider.

R1 (f0/0)-(f0/0) R2

Interface address on R1:

r1#sh IP int b

Interface ip-address OK? Method Status Protocol

fastethernet0/0 12.1.1.1 YES NVRAM up

Loopback0 172.16.0.1 YES NVRAM up

Loopback1 172.17.0.1 YES NVRAM up

Loopback2 172.18.0.1 YES NVRAM up

Loopback3 172.19.0.1 YES NVRAM up

Loopback4 172.20.0.1 YES NVRAM up

Loopback5 172.21.0.1 YES NVRAM up

Loopback6 172.22.0.1 YES NVRAM up

Loopback7 172.23.0.1 YES NVRAM up

Loopback8 172.24.0.1 YES NVRAM up

Loopback9 172.25.0.1 YES NVRAM up

Loopback10 172.26.0.1 YES NVRAM up

Loopback11 172.27.0.1 YES NVRAM up

Loopback12 172.28.0.1 YES NVRAM up

Loopback13 172.29.0.1 YES NVRAM up

Loopback14 172.30.0.1 YES NVRAM up

Loopback15 172.31.0.1 YES NVRAM up

R2 on ACL grasping exact path there

R2#sh access-lists

Standard IP access list 10

Permit 172.18.0.0, wildcard bits 0.1.255.255 (matches)

Permit 172.20.0.0, wildcard bits 0.3.255.255 (matches)

Permit 172.24.0.0, wildcard bits 0.3.255.255 (matches)

Permit 172.28.0.0, wildcard bits 0.1.255.255 (matches)

R2: On Configuration

Router RIP

Version 2

Network 0.0.0.0

Distribute-list in fastethernet0/0

No auto-summary

Specific analysis process:

650) this.width=650; "title=" clip_image002 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image002" src= "http://s3.51cto.com/wyfs02/M01/6F/80/wKiom1WeGGij09bSAAC6GuREL_M397.jpg" height= "378"/>

Topic Share: http://yun.baidu.com/share/link?shareid=2380926901&uk=4093942124

Question 2:

How to catch the following route or the network segment?

192.168.0.1/24

192.168.1.1/25

192.168.2.1/26

192.168.3.1/27

Problem-solving ideas, with prefix-list:

R1 (f0/0)----(f0/0) R2

(full net run RIP)

IP prefix-list 10:2 Entries

Seq 5 deny 192.168.0.0/16 ge 27 le

Seq Permit 0.0.0.0/0 le 32

R2 (config-router) #distribute-list prefix f0/0

650) this.width=650; "title=" clip_image004 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image004" src= "http://s3.51cto.com/wyfs02/M02/6F/80/wKiom1WeGGmCPD8dAACsaMuYEgU353.jpg" height= "129"/>

Test Result: There is only one route to R on R2

R2#sh IP Route Rip

R 172.31.0.0/16 [120/1] via 12.1.1.1, 00:00:18, fastethernet0/0

except with a prefix list , We can also use extended ACLs , but in general the extended list needs to be Router-map is only valid when called ( No such keyword in rip )

Analysis Process:

===================================

192.168.0.1

255.255.255.0 x.x.x. 0000 0000

192.168.1.1

255.255.255.128 x.x.x. 1000 0000

192.168.2.1

255.255.255.192 x.x.x. 1100 0000

192.168.3.1

255.255.255.224 x.x.x. 1110 0000

===================================

prefix Section : 192.168.0.0 0.0.3.0

Mask Section : x.x.x. 1110 0000

: 255.255.255.0 0.0.0.224

650) this.width=650; "title=" clip_image006 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image006" src= "http://s3.51cto.com/wyfs02/M00/6F/80/wKiom1WeGGqSAcqjAABPi8FxYMc078.jpg" height= "138"/>

We do the R2 and filter out the network segments.

Access-list Permit IP 192.168.0.0 0.0.3.0 255.255.255.0 0.0.0.224

Route-map Lab deny 10

Match IP Address 100

!

Route-map Lab Permit 20

router OSPF 110

Router-id 0.0.0.2

Log-adjacency-changes

Redistribute RIP Subnets Route-map Lab

Network 23.1.1.0 0.0.0.255 Area 0

On R3, there is only one route table for OSPF:

650) this.width=650; "title=" clip_image008 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image008 "src=" http://s3.51cto.com/wyfs02/M01/6F/80/wKiom1WeGGvTp3J4AABOWpfFyTg631.jpg "height=" "/>"

Http://pan.baidu.com/s/1eQ946kE \ \ Download Test

Prefix List writing specification:

IP prefix-list 1 Permit 192.168.16.0/[mask] GE [value] le [value]

Len (Mask) <ge-value<=le-value

The prefix list is matched based on the mask length code range (i.e., without looking at the IP, the mask is first)

ge[value] means greater than or equal to [value]

le[value] means less than or equal to [value]

Match the desired mask value (to match the IP to mask)

Len=mask (Desired mask value)

How is mask (prefix fixed bit) matched?

192.168.00010000.0

192.168.00010010.0

255.255.11111101.0

mask = 22

We just put two different IP locations 0, the result is the prefix mask we expect

For example, we want to match

192.168.16.0/24 and 192.168.18.0/24 two routes

Then our prefix list should be written as

IP prefix-list 1 Permit 192.168.16.0/22 GE 24 le

The above command means that the/24 mask route is filtered first and then matched by the mask value/22

If the range is empty, there are default values:

Don't write GE and Le so ge=le=mask

Write only le not write GE so ge=mask

Write only GE does not write le so le=32 (hidden commands)

Example:/24 Le 32 means that the mask is between 24-32

/24 GE 26 Represents a mask between 26 and 32

/24 GE 30 indicates a mask between 26 and 30

/24 indicates that the mask equals 24 of the route to match/24 The Mask

And ACLs outweigh the benefits of prefix-list:

Access-list 1 Permit 192.168.16.0 0.0.2.0

The ACL above can filter 192.168.16.0 and 18.0 two routes, but ACLs cannot accurately describe the mask

Like we have a 192.168.16.0/30 route.

Then the ACL will filter out the/24 and/30 together.

The prefix list only filters out/24 routes

Attached: matching prefix list in Router-map

map# Match IP address prefix-list [list num]

For example, we want to match

192.168.16.0/24 and 192.168.18.0/24

Then our prefix list should be written as

IP prefix-list 1 Permit 192.168.16.0/22 GE 24 le

Matches a Class A address, and the mask is greater than 16 less than (a class prefix 0~127 is the 0,b class 128~191 is the 10,c class is the 110,d class is 1110)

IP prefix-list 1 Permit 0.0.0.0/1 ge le 24

Unlike the IP access list used to match traffic, the IP prefix list is primarily used to specify the specific network reachable. The prefix list is used to match the prefix (network segment) and prefix length (subnet mask). The list of prefixes has two parameters that are difficult to understand.
The following are the parameters of the normal prefix list:
IP prefix-list [name] [permit | deny] [Prefix]/[len]
Name is any name or number, prefix is the specified route prefix (network segment), Len is the specified prefix length (subnet mask). Examples are as follows:
IP Prefix-list List Permit 1.2.3.0/24
In the example above, the matching network segment 1.2.3.0 is specified, and the subnet mask is specified as 255.255.255.0, this list does not match 1.2.0.0/24, nor does it match 1.2.3.4/32
IP Prefix-list List Permit 0.0.0.0/0
The above example specifies the matching segment 0.0.0.0 and subnet mask 0.0.0.0. This list is used to match the default route.
Generally, it is easier to confuse when using the prefix list with "GE" (greater than or equal) and "LE" (less than or equal to). This is because the length of the list (LEN) has changed when using "GE" and "LE".
Another parameter to the prefix list:
IP prefix-list [name] [permit | deny] [prefix]/[len] ge [min_length] le [max_length]
Name is any name or number, prefix is the route prefix (network segment) that will be compared, and Len is the bit from the leftmost point, the value of min_length to the minimum subnet mask, and the value of Max_length as the largest subnet mask
With GE and LE, the following conditions must be met:
Len < GE <= LE
The above parameters are easy to confuse and simply a range of addresses that match prefixes or subnets.
Look at the following example:
IP prefix-list list Permit 1.2.3.0/24 le 32
The above example indicates that the 24 bits preceding the prefix 1.2.3.0 must match. In addition, the subnet mask must be less than or equal to 32 bits
IP prefix-list list Permit 0.0.0.0/0 le 32
The above example means that the 0 bits need to be matched, and the subnet mask must be less than or equal to 32 bits. A mask for all segments is less than or equal to 32 bits, and one does not have to match,so the sentence is equal toPermit any
IP prefix-list list Permit 10.0.0.0/8 ge le 29
The above example shows that the first 8 bits of the network segment 10.0.0.0 must match, and the subnet mask must be between 21 and 29 bits.
Attention:
using a prefix list does not match a specific application flow like an access list.
A prefix list cannot be used to match an odd or even number of prefixes, or what can be theprefixes with integer division
in the prefix list, the bits must be contiguous and start from the left

IP prefix-list Fuck Permit 0.0.0.0/0 represents the default route
IP prefix-list fuck Permit 0.0.0.0/0 ge 1 means all routes except the default route
IP prefix-list test16 seq 5 permit 0.0.0.0/1 GE 8 le 8 configuration Class A address
IP prefix-list test16 seq permit 128.0.0.0/2 GE le 16 configuration Class B address
IP prefix-list test16 seq permit 192.0.0.0/3 GE le 24 configuration Class C address

This article from the "Erick" blog, declined to reprint!

[Lab4-1] Grasping routing exercises

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.