拓扑
配置
JUNOS-1
#配置接口
interfaces {
em2 {
unit 10 {
family inet {
address 12.1.1.1/24;
}
}
}
lo0 {
unit 10 {
family inet {
address 1.1.1.1/32;
}
}
}
}
protocols {
rip {
import import-policy;
group rip-group {
export export-policy;
neighbor em2.10 {
send multicast;
receive version-2;
authentication-type md5;
authentication-key "$9$Djkqf9Cu1Ey.Pu1REyr"; ## SECRET-DATA
}
neighbor lo0.10 {
send none;
receive none;
}
}
}
}
#受3上的3.3.3.3/32 拒绝33.33.33.33/32
policy-options {
policy-statement export-policy {
from protocol [ direct rip ];
then accept;
}
policy-statement import-policy {
term term1 {
from {
route-filter 33.33.33.33/32 exact;
}
then reject;
}
term term2 {
from {
route-filter 2.2.2.2/32 exact;
route-filter 3.3.3.3/32 exact;
}
then accept;
}
term term3 {
then accept;
}
}
}
R2
key chain rip-md5
key 1
key-string cisco1
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
#这里JUNOS-1和R2通过认证建立连接
interface Ethernet0/0
ip address 12.1.1.2 255.255.255.0
ip rip authentication mode md5
ip rip authentication key-chain rip-md5
duplex auto
!
interface Ethernet0/1
ip address 23.1.1.2 255.255.255.0
duplex auto
router rip
version 2
network 2.0.0.0
network 12.0.0.0
network 23.0.0.0
no auto-summary
JUNOS-2
interfaces {
em0 {
unit 0 {
family inet {
address 192.168.56.10/24;
}
}
}
em2 {
unit 20 {
family inet {
address 23.1.1.3/24;
}
}
}
lo0 {
unit 1 {
family inet {
address 3.3.3.3/32;
address 33.33.33.33/32;
}
}
}
}
protocols {
rip {
import import-policy;
group rip-group {
export policy-rip;
neighbor em2.20 {
send multicast;
receive version-2;
}
neighbor lo0.1 {
send none;
receive none;
}
}
}
}
policy-options {
policy-statement import-policy {
term 1 {
from {
route-filter 1.1.1.1/32 exact;
route-filter 2.2.2.2/32 exact;
}
then accept;
}
term 2 {
then accept;
}
}
policy-statement policy-rip {
term 1 {
from protocol [ rip direct ];
then accept;
}
}
}
结果