4. 集团核心交换机(SW-1、SW-2、SW-3)OSPF进程1的路由表中只允许学习到业务网段路由为集团防火墙通告的TYPE1类型的缺省路由、分公司无线业务网段路由、广东办事处防火墙环回地址与营销业务网段路由,/与SW1,2,3,RT1,FW1环回口路由;
路由过滤
FW1:
default-information origioate type1 #下发type1的默认路由
SW1/2/3:
access-list 100 permit ip host-source 0.0.0.0 any-destination #匹配默认路由
access-list 100 permit ip 10.50.10.0 0.0.0.255 any-destination #SW1营销
access-list 100 permit ip 10.50.12.0 0.0.0.255 any-destination #SW3营销
access-list 100 permit ip 10.50.11.0 0.0.0.255 any-destination #SW2营销
access-list 100 permit ip host-source 10.50.255.10 any-destination #允许FW2防火墙环回口
access-list 100 permit ip host-source 10.50.255.1 any-destination #SW1的环回口
access-list 100 permit ip host-source 10.50.255.2 any-destination #SW2的环回口
access-list 100 permit ip host-source 10.50.255.3 any-destination #SW3的环回口
access-list 100 permit ip host-source 10.50.255.7 any-destination #FW1的环回口
access-list 100 permit ip host-source 10.50.255.9 any-destination #RT1的环回口