[Lab4-1] Grasping routing exercises question 1:
Fetching 172.18.0.0/16----172.29.0.0/16 routes with ACLs
Answer: 172.16.0.0 0.15.255.255, it looks perfect, but the box is actually a little wider.
R1 (f0/0)-(f0/0) R2
Interface address on R1:
r1#sh IP int b
Interface ip-address OK? Method Status Protocol
fastethernet0/0 12.1.1.1 YES NVRAM up
Loopback0 172.16.0.1 YES NVRAM up
Loopback1 172.17.0.1 YES NVRAM up
Loopback2 172.18.0.1 YES NVRAM up
Loopback3 172.19.0.1 YES NVRAM up
Loopback4 172.20.0.1 YES NVRAM up
Loopback5 172.21.0.1 YES NVRAM up
Loopback6 172.22.0.1 YES NVRAM up
Loopback7 172.23.0.1 YES NVRAM up
Loopback8 172.24.0.1 YES NVRAM up
Loopback9 172.25.0.1 YES NVRAM up
Loopback10 172.26.0.1 YES NVRAM up
Loopback11 172.27.0.1 YES NVRAM up
Loopback12 172.28.0.1 YES NVRAM up
Loopback13 172.29.0.1 YES NVRAM up
Loopback14 172.30.0.1 YES NVRAM up
Loopback15 172.31.0.1 YES NVRAM up
R2 on ACL grasping exact path there
R2#sh access-lists
Standard IP access list 10
Permit 172.18.0.0, wildcard bits 0.1.255.255 (matches)
Permit 172.20.0.0, wildcard bits 0.3.255.255 (matches)
Permit 172.24.0.0, wildcard bits 0.3.255.255 (matches)
Permit 172.28.0.0, wildcard bits 0.1.255.255 (matches)
R2: On Configuration
Router RIP
Version 2
Network 0.0.0.0
Distribute-list in fastethernet0/0
No auto-summary
Specific analysis process:
650) this.width=650; "title=" clip_image002 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image002" src= "http://s3.51cto.com/wyfs02/M01/6F/80/wKiom1WeGGij09bSAAC6GuREL_M397.jpg" height= "378"/>
Topic Share: http://yun.baidu.com/share/link?shareid=2380926901&uk=4093942124
Question 2:
How to catch the following route or the network segment?
192.168.0.1/24
192.168.1.1/25
192.168.2.1/26
192.168.3.1/27
Problem-solving ideas, with prefix-list:
R1 (f0/0)----(f0/0) R2
(full net run RIP)
IP prefix-list 10:2 Entries
Seq 5 deny 192.168.0.0/16 ge 27 le
Seq Permit 0.0.0.0/0 le 32
R2 (config-router) #distribute-list prefix f0/0
650) this.width=650; "title=" clip_image004 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image004" src= "http://s3.51cto.com/wyfs02/M02/6F/80/wKiom1WeGGmCPD8dAACsaMuYEgU353.jpg" height= "129"/>
Test Result: There is only one route to R on R2
R2#sh IP Route Rip
R 172.31.0.0/16 [120/1] via 12.1.1.1, 00:00:18, fastethernet0/0
except with a prefix list , We can also use extended ACLs , but in general the extended list needs to be Router-map is only valid when called ( No such keyword in rip )
Analysis Process:
===================================
192.168.0.1
255.255.255.0 x.x.x. 0000 0000
192.168.1.1
255.255.255.128 x.x.x. 1000 0000
192.168.2.1
255.255.255.192 x.x.x. 1100 0000
192.168.3.1
255.255.255.224 x.x.x. 1110 0000
===================================
prefix Section : 192.168.0.0 0.0.3.0
Mask Section : x.x.x. 1110 0000
: 255.255.255.0 0.0.0.224
650) this.width=650; "title=" clip_image006 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image006" src= "http://s3.51cto.com/wyfs02/M00/6F/80/wKiom1WeGGqSAcqjAABPi8FxYMc078.jpg" height= "138"/>
We do the R2 and filter out the network segments.
Access-list Permit IP 192.168.0.0 0.0.3.0 255.255.255.0 0.0.0.224
Route-map Lab deny 10
Match IP Address 100
!
Route-map Lab Permit 20
router OSPF 110
Router-id 0.0.0.2
Log-adjacency-changes
Redistribute RIP Subnets Route-map Lab
Network 23.1.1.0 0.0.0.255 Area 0
On R3, there is only one route table for OSPF:
650) this.width=650; "title=" clip_image008 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image008 "src=" http://s3.51cto.com/wyfs02/M01/6F/80/wKiom1WeGGvTp3J4AABOWpfFyTg631.jpg "height=" "/>"
Http://pan.baidu.com/s/1eQ946kE \ \ Download Test
Prefix List writing specification:
IP prefix-list 1 Permit 192.168.16.0/[mask] GE [value] le [value]
Len (Mask) <ge-value<=le-value
The prefix list is matched based on the mask length code range (i.e., without looking at the IP, the mask is first)
ge[value] means greater than or equal to [value]
le[value] means less than or equal to [value]
Match the desired mask value (to match the IP to mask)
Len=mask (Desired mask value)
How is mask (prefix fixed bit) matched?
192.168.00010000.0
192.168.00010010.0
255.255.11111101.0
mask = 22
We just put two different IP locations 0, the result is the prefix mask we expect
For example, we want to match
192.168.16.0/24 and 192.168.18.0/24 two routes
Then our prefix list should be written as
IP prefix-list 1 Permit 192.168.16.0/22 GE 24 le
The above command means that the/24 mask route is filtered first and then matched by the mask value/22
If the range is empty, there are default values:
Don't write GE and Le so ge=le=mask
Write only le not write GE so ge=mask
Write only GE does not write le so le=32 (hidden commands)
Example:/24 Le 32 means that the mask is between 24-32
/24 GE 26 Represents a mask between 26 and 32
/24 GE 30 indicates a mask between 26 and 30
/24 indicates that the mask equals 24 of the route to match/24 The Mask
And ACLs outweigh the benefits of prefix-list:
Access-list 1 Permit 192.168.16.0 0.0.2.0
The ACL above can filter 192.168.16.0 and 18.0 two routes, but ACLs cannot accurately describe the mask
Like we have a 192.168.16.0/30 route.
Then the ACL will filter out the/24 and/30 together.
The prefix list only filters out/24 routes
Attached: matching prefix list in Router-map
map# Match IP address prefix-list [list num]
For example, we want to match
192.168.16.0/24 and 192.168.18.0/24
Then our prefix list should be written as
IP prefix-list 1 Permit 192.168.16.0/22 GE 24 le
Matches a Class A address, and the mask is greater than 16 less than (a class prefix 0~127 is the 0,b class 128~191 is the 10,c class is the 110,d class is 1110)
IP prefix-list 1 Permit 0.0.0.0/1 ge le 24
Unlike the IP access list used to match traffic, the IP prefix list is primarily used to specify the specific network reachable. The prefix list is used to match the prefix (network segment) and prefix length (subnet mask). The list of prefixes has two parameters that are difficult to understand.
The following are the parameters of the normal prefix list:
IP prefix-list [name] [permit | deny] [Prefix]/[len]
Name is any name or number, prefix is the specified route prefix (network segment), Len is the specified prefix length (subnet mask). Examples are as follows:
IP Prefix-list List Permit 1.2.3.0/24
In the example above, the matching network segment 1.2.3.0 is specified, and the subnet mask is specified as 255.255.255.0, this list does not match 1.2.0.0/24, nor does it match 1.2.3.4/32
IP Prefix-list List Permit 0.0.0.0/0
The above example specifies the matching segment 0.0.0.0 and subnet mask 0.0.0.0. This list is used to match the default route.
Generally, it is easier to confuse when using the prefix list with "GE" (greater than or equal) and "LE" (less than or equal to). This is because the length of the list (LEN) has changed when using "GE" and "LE".
Another parameter to the prefix list:
IP prefix-list [name] [permit | deny] [prefix]/[len] ge [min_length] le [max_length]
Name is any name or number, prefix is the route prefix (network segment) that will be compared, and Len is the bit from the leftmost point, the value of min_length to the minimum subnet mask, and the value of Max_length as the largest subnet mask
With GE and LE, the following conditions must be met:
Len < GE <= LE
The above parameters are easy to confuse and simply a range of addresses that match prefixes or subnets.
Look at the following example:
IP prefix-list list Permit 1.2.3.0/24 le 32
The above example indicates that the 24 bits preceding the prefix 1.2.3.0 must match. In addition, the subnet mask must be less than or equal to 32 bits
IP prefix-list list Permit 0.0.0.0/0 le 32
The above example means that the 0 bits need to be matched, and the subnet mask must be less than or equal to 32 bits. A mask for all segments is less than or equal to 32 bits, and one does not have to match,so the sentence is equal toPermit any
IP prefix-list list Permit 10.0.0.0/8 ge le 29
The above example shows that the first 8 bits of the network segment 10.0.0.0 must match, and the subnet mask must be between 21 and 29 bits.
Attention:
using a prefix list does not match a specific application flow like an access list.
A prefix list cannot be used to match an odd or even number of prefixes, or what can be theprefixes with integer division
in the prefix list, the bits must be contiguous and start from the left
IP prefix-list Fuck Permit 0.0.0.0/0 represents the default route
IP prefix-list fuck Permit 0.0.0.0/0 ge 1 means all routes except the default route
IP prefix-list test16 seq 5 permit 0.0.0.0/1 GE 8 le 8 configuration Class A address
IP prefix-list test16 seq permit 128.0.0.0/2 GE le 16 configuration Class B address
IP prefix-list test16 seq permit 192.0.0.0/3 GE le 24 configuration Class C address
This article from the "Erick" blog, declined to reprint!
[Lab4-1] Grasping routing exercises