ufukeskici.com: RIPv2 Extended Access-List ile Route Filtreleme

Standart access-list ile yaptığımız route filtrelemeyi benzer bir şekilde extended access-list ile de yapabiliriz.

R5'teki routing tablosu şöyle:

R5#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

R    222.22.2.0/24 [120/8] via 155.1.0.2, 00:00:00, Serial0/1/1.1
R    204.12.1.0/24 [120/1] via 155.1.45.4, 00:00:01, Serial0/1/0
                   [120/1] via 155.1.0.4, 00:00:08, Serial0/1/1.1
     155.1.0.0/24 is subnetted, 13 subnets
R       155.1.146.0 [120/1] via 155.1.0.1, 00:00:04, Serial0/1/1.1
R       155.1.8.0 [120/1] via 155.1.58.8, 00:00:03, FastEthernet0/0
R       155.1.9.0 [120/3] via 155.1.0.3, 00:00:02, Serial0/1/1.1
R       155.1.13.0 [120/1] via 155.1.0.3, 00:00:02, Serial0/1/1.1
                   [120/1] via 155.1.0.1, 00:00:04, Serial0/1/1.1
C       155.1.0.0 is directly connected, Serial0/1/1.1
R       155.1.7.0 [120/2] via 155.1.0.3, 00:00:02, Serial0/1/1.1
C       155.1.5.0 is directly connected, FastEthernet0/1
C       155.1.58.0 is directly connected, FastEthernet0/0
C       155.1.45.0 is directly connected, Serial0/1/0
R       155.1.37.0 [120/1] via 155.1.0.3, 00:00:04, Serial0/1/1.1
R       155.1.79.0 [120/2] via 155.1.0.3, 00:00:04, Serial0/1/1.1
R       155.1.67.0 [120/2] via 155.1.0.3, 00:00:04, Serial0/1/1.1
R       155.1.108.0 [120/1] via 155.1.58.8, 00:00:05, FastEthernet0/0
R    220.20.3.0/24 [120/8] via 155.1.0.2, 00:00:02, Serial0/1/1.1
     54.0.0.0/24 is subnetted, 1 subnets
R       54.1.1.0 [120/3] via 155.1.0.3, 00:00:04, Serial0/1/1.1
R    212.18.1.0/24 [120/4] via 155.1.0.3, 00:00:04, Serial0/1/1.1
R    212.18.0.0/24 [120/4] via 155.1.0.3, 00:00:04, Serial0/1/1.1
R    212.18.3.0/24 [120/4] via 155.1.0.3, 00:00:04, Serial0/1/1.1
R    212.18.2.0/24 [120/4] via 155.1.0.3, 00:00:04, Serial0/1/1.1
R    192.10.1.0/24 [120/1] via 155.1.0.2, 00:00:02, Serial0/1/1.1
     31.0.0.0/14 is subnetted, 1 subnets
R       31.0.0.0 [120/1] via 155.1.45.4, 00:00:03, Serial0/1/0
                 [120/1] via 155.1.0.4, 00:00:02, Serial0/1/1.1
     150.1.0.0/24 is subnetted, 9 subnets
R       150.1.7.0 [120/2] via 155.1.0.3, 00:00:04, Serial0/1/1.1
R       150.1.6.0 [120/3] via 155.1.0.3, 00:00:04, Serial0/1/1.1
C       150.1.5.0 is directly connected, Loopback0
R       150.1.4.0 [120/1] via 155.1.45.4, 00:00:03, Serial0/1/0
                  [120/1] via 155.1.0.4, 00:00:02, Serial0/1/1.1
R       150.1.3.0 [120/1] via 155.1.0.3, 00:00:04, Serial0/1/1.1

Burada sadece 155.1.0.3'ten öğrenilen 155.1.7.0 network'ünü filtrelemek istersek kaynağa (source IP) göre filtreleme yapmak zorundayız. Bunun için extended access-list oluşturulur ve ilgili interface'e uygulanır.

R5#conf t
R5(config)#access-list 100 deny ip host 155.1.0.3 host 155.1.7.0
R5(config)#access-list 100 permit ip any any
R5(config)#router rip
R5(config-router)#distribute-list 100 in serial 0/1/1.1
R5(config-router)#end

Bir süre sonra 155.1.0.3'ten öğrenilen 155.1.7.0 network'ünün routing tablosundan silindiği ve farklı IP adresli bir kaynaktan tabloya eklendiği görülür.

R5#sh ip route rip
R    222.22.2.0/24 [120/8] via 155.1.0.2, 00:00:01, Serial0/1/1.1
R    204.12.1.0/24 [120/1] via 155.1.45.4, 00:00:01, Serial0/1/0
                   [120/1] via 155.1.0.4, 00:00:00, Serial0/1/1.1
     155.1.0.0/24 is subnetted, 13 subnets
R       155.1.146.0 [120/1] via 155.1.0.1, 00:00:09, Serial0/1/1.1
R       155.1.8.0 [120/1] via 155.1.58.8, 00:00:08, FastEthernet0/0
R       155.1.9.0 [120/3] via 155.1.0.3, 00:00:02, Serial0/1/1.1
R       155.1.13.0 [120/1] via 155.1.0.3, 00:00:02, Serial0/1/1.1
                   [120/1] via 155.1.0.1, 00:00:09, Serial0/1/1.1
R       155.1.7.0 [120/3] via 155.1.0.1, 00:00:09, Serial0/1/1.1
R       155.1.37.0 [120/1] via 155.1.0.3, 00:00:02, Serial0/1/1.1
R       155.1.79.0 [120/2] via 155.1.0.3, 00:00:02, Serial0/1/1.1
R       155.1.67.0 [120/2] via 155.1.0.3, 00:00:02, Serial0/1/1.1
R       155.1.108.0 [120/1] via 155.1.58.8, 00:00:08, FastEthernet0/0
R    220.20.3.0/24 [120/8] via 155.1.0.2, 00:00:01, Serial0/1/1.1
     54.0.0.0/24 is subnetted, 1 subnets
R       54.1.1.0 [120/3] via 155.1.0.3, 00:00:02, Serial0/1/1.1
R    212.18.1.0/24 [120/4] via 155.1.0.3, 00:00:02, Serial0/1/1.1
R    212.18.0.0/24 [120/4] via 155.1.0.3, 00:00:02, Serial0/1/1.1
R    212.18.3.0/24 [120/4] via 155.1.0.3, 00:00:02, Serial0/1/1.1
R    212.18.2.0/24 [120/4] via 155.1.0.3, 00:00:02, Serial0/1/1.1
R    192.10.1.0/24 [120/1] via 155.1.0.2, 00:00:01, Serial0/1/1.1
     31.0.0.0/14 is subnetted, 1 subnets
R       31.0.0.0 [120/1] via 155.1.45.4, 00:00:03, Serial0/1/0
                 [120/1] via 155.1.0.4, 00:00:03, Serial0/1/1.1
     150.1.0.0/24 is subnetted, 9 subnets
R       150.1.7.0 [120/2] via 155.1.0.3, 00:00:04, Serial0/1/1.1
R       150.1.6.0 [120/3] via 155.1.0.3, 00:00:04, Serial0/1/1.1
R       150.1.4.0 [120/1] via 155.1.45.4, 00:00:03, Serial0/1/0
                  [120/1] via 155.1.0.4, 00:00:03, Serial0/1/1.1
R       150.1.3.0 [120/1] via 155.1.0.3, 00:00:04, Serial0/1/1.1
R       150.1.2.0 [120/1] via 155.1.0.2, 00:00:03, Serial0/1/1.1
R       150.1.1.0 [120/1] via 155.1.0.1, 00:00:01, Serial0/1/1.1
R       150.1.9.0 [120/3] via 155.1.0.3, 00:00:04, Serial0/1/1.1
R       150.1.8.0 [120/1] via 155.1.58.8, 00:00:01, FastEthernet0/0
R    205.90.31.0/24 [120/8] via 155.1.0.2, 00:00:03, Serial0/1/1.1
     30.0.0.0/14 is subnetted, 1 subnets
R       30.0.0.0 [120/1] via 155.1.45.4, 00:00:03, Serial0/1/0
                 [120/1] via 155.1.0.4, 00:00:03, Serial0/1/1.1

ufukeskici.com

23.1.12

RIPv2 Extended Access-List ile Route Filtreleme

0 yorum:

Yorum Gönder

Etiketler