場景:R1和R2通過G0/0/0連接,並啓用ISIS協議,R2上有3個LoopBack,如圖所示。
要求:
- R2上,直連接口引入ISIS,LoopBack 0不引入
- R2上,直連引入的LoopBack 1不對外發佈
- R1上,通過ISIS學習的LoopBack 2不引入
基礎配置:
[R1]
#
isis 1
is-level level-2
network-entity 01.0000.0000.0001.00
#
interface GigabitEthernet0/0/0
ip address 10.0.12.1 255.255.255.252
isis enable 1
#
[R2]
#
isis 1
is-level level-2
network-entity 01.0000.0000.0002.00
#
interface GigabitEthernet0/0/0
ip address 10.0.12.2 255.255.255.252
isis enable 1
#
解決方案:
- 在R2上對引入進行過濾
[R2] # ip ip-prefix allow_subnet index 10 permit 100.0.1.0 24 ip ip-prefix allow_subnet index 20 permit 100.0.2.0 24 # route-policy allow_import permit node 10 if-match ip-prefix allow_subnet # isis 1 import-route direct route-policy allow_import # 驗證:display isis route ISIS(1) Level-2 Redistribute Table ---------------------------------- Type IPV4 Destination IntCost ExtCost Tag ------------------------------------------------------------------------------- D 100.0.2.0/24 0 0 D 100.0.1.0/24 0 0 Type: D-Direct, I-ISIS, S-Static, O-OSPF, B-BGP, R-RIP, U-UNR
- 在R2上對導出進行過濾
[R2] # ip ip-prefix allow_subnet_export index 10 permit 100.0.2.0 24 # isis 1 filter-policy ip-prefix allow_subnet_export export # 驗證:display isis route ISIS(1) Level-2 Redistribute Table ---------------------------------- Type IPV4 Destination IntCost ExtCost Tag ------------------------------------------------------------------------------- D 100.0.2.0/24 0 0 Type: D-Direct, I-ISIS, S-Static, O-OSPF, B-BGP, R-RIP, U-UNR
- 在R1上對引入進行過濾
首先,在R1上查看從R2發佈的路由,只剩下LoopBack 2這個網段,路由表中有該網段的路由。 [R1] display isis route ISIS(1) Level-2 Forwarding Table -------------------------------- IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags ------------------------------------------------------------------------------- 10.0.12.0/24 10 NULL GE0/0/0 Direct D/-/L/- 100.0.2.0/24 10 0 GE0/0/0 10.0.12.2 A/-/-/- [R1] display ip routing-table | in 100.0.2.0 Destination/Mask Proto Pre Cost Flags NextHop Interface 100.0.2.0/24 ISIS-L2 15 74 D 10.0.12.2 GigabitEthernet0/0/0 然後,在R1上對網段引入進行過濾 [R1] # acl number 2002 rule 5 deny source 100.0.2.0 0.0.0.255 # isis 1 filter-policy 2002 import # 最後,查看路由表中已經沒有100.0.2.0這條路由,但LSDB LSP中還存在。