distribute list可以用来控制路由更新,它需要用到access list。一般情况下,access list并不能控制由路由器自己生成的数据流,但是如果将access list应用到distribute list,则可以用来允许、拒绝路由选择更新。
下面是本实例用到的拓扑:
 
 
 
 
应用distribute list之前的路由器配置及路由表
R1#show run
!         
interface Ethernet1/0
 ip address 10.0.0.1 255.255.255.252
 duplex half
!   
interface Ethernet1/2
 ip address 10.1.0.1 255.255.0.0
 duplex half
!        
interface Ethernet1/3
 ip address 10.2.0.1 255.255.0.0
 duplex half
!        
interface Ethernet1/4
 ip address 10.3.0.1 255.255.0.0
 duplex half
!            
router rip
 version 2
 network 10.0.0.0
 
R2#show run
!        
interface Ethernet1/0
 ip address 10.0.0.2 255.255.255.252
 duplex half
!        
interface Ethernet1/1
 ip address 10.0.0.9 255.255.255.252
 duplex half
!        
router ospf 1
 log-adjacency-changes
 redistribute rip subnets
 network 10.0.0.8 0.0.0.3 area 0
!        
router rip
 version 2
 redistribute ospf 1 metric 5
 network 10.0.0.0
 
R3#show run
!        
interface Ethernet1/0
 ip address 10.0.0.10 255.255.255.252
 duplex half
!        
interface Ethernet1/2
 ip address 10.8.0.1 255.255.0.0
 duplex half
!        
interface Ethernet1/3
 ip address 10.9.0.1 255.255.0.0
 duplex half
!        
interface Ethernet1/4
 ip address 10.10.0.1 255.255.0.0
 duplex half
!        
interface Ethernet1/5
 ip address 10.11.0.1 255.255.0.0
 duplex half
!        
router ospf 1
 log-adjacency-changes
 network 10.0.0.8 0.0.0.3 area 0
 network 10.8.0.0 0.3.255.255 area 0
配置后,我们分别查看三台路由器的路由表:
R1#show ip route
Gateway of last resort is not set
     10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks
R       10.10.0.0/16 [120/5] via 10.0.0.2, 00:00:20, Ethernet1/0
R       10.11.0.0/16 [120/5] via 10.0.0.2, 00:00:20, Ethernet1/0
R       10.8.0.0/16 [120/5] via 10.0.0.2, 00:00:20, Ethernet1/0
R       10.0.0.8/30 [120/1] via 10.0.0.2, 00:00:20, Ethernet1/0
R       10.9.0.0/16 [120/5] via 10.0.0.2, 00:00:20, Ethernet1/0
C       10.2.0.0/16 is directly connected, Ethernet1/3
C       10.3.0.0/16 is directly connected, Ethernet1/4
C       10.0.0.0/30 is directly connected, Ethernet1/0
C       10.1.0.0/16 is directly connected, Ethernet1/2
可以看到R1收到了5条从OSPF重分发过来的路由。
 
R2#show ip route
Gateway of last resort is not set
     10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks
O       10.10.0.0/16 [110/20] via 10.0.0.10, 02:51:12, Ethernet1/1
O       10.11.0.0/16 [110/20] via 10.0.0.10, 02:51:12, Ethernet1/1
O       10.8.0.0/16 [110/20] via 10.0.0.10, 02:51:12, Ethernet1/1
C       10.0.0.8/30 is directly connected, Ethernet1/1
O       10.9.0.0/16 [110/20] via 10.0.0.10, 02:51:12, Ethernet1/1
R       10.2.0.0/16 [120/1] via 10.0.0.1, 00:00:04, Ethernet1/0
R       10.3.0.0/16 [120/1] via 10.0.0.1, 00:00:04, Ethernet1/0
C       10.0.0.0/30 is directly connected, Ethernet1/0
R       10.1.0.0/16 [120/1] via 10.0.0.1, 00:00:04, Ethernet1/0
R2收到4条OSPF路由和3条RIP路由。
 
R3#show ip route
Gateway of last resort is not set
     10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks
C       10.10.0.0/16 is directly connected, Ethernet1/4
C       10.11.0.0/16 is directly connected, Ethernet1/5
C       10.8.0.0/16 is directly connected, Ethernet1/2
C       10.0.0.8/30 is directly connected, Ethernet1/0
C       10.9.0.0/16 is directly connected, Ethernet1/3
O E2    10.2.0.0/16 [110/20] via 10.0.0.9, 02:52:45, Ethernet1/0
O E2    10.3.0.0/16 [110/20] via 10.0.0.9, 02:52:45, Ethernet1/0
O E2    10.0.0.0/30 [110/20] via 10.0.0.9, 02:52:45, Ethernet1/0
O E2    10.1.0.0/16 [110/20] via 10.0.0.9, 02:52:45, Ethernet1/0
R3收到了4条从RIP重分发过来的路由,显示为2类外部路由。
 
 
应用distribute list之后的路由器配置及路由表
我们现在希望R2只将OSPF网络的路由10.8.0.0重分发给RIP网络,而其他网络都不重分发;同时我们希望R2不要重分发来自RIP网络的10.1.0.0给OSPF,而其他网络则允许。
我们可以在R2上通过配置distribute list来达到这个目的。在配置distribute list之前,我们需要先配置access list:
access-list 1 permit 10.8.0.0
access-list 2 deny   10.1.0.0 0.0.255.255
access-list 2 permit any
然后我们将这两个access list提供给distribute list使用,给它用作判断条件。细心的朋友还会发现,我们在配置access list 2的时候使用了通配符,而配置access list 1的时候则没有使用。实验发现,如果access list 1配置成:access-list 1 permit 10.8.0.0 0.0.255.255,则distribute list不会对OSPF重分发到RIP的路由起任何过滤作用。
R2(config)#router ospf 1
R2(config-router)#distribute-list 2 out rip
这里的2是上面配置的access list的号码,这句话的意思是,将access list 2定义的筛选条件用来生成一个distribute list,后面的rip是指需要重分发到ospf的路由协议,out是指出口方向,注意我们是在ospf进程下配置的,所以这里是将RIP重分发到OSPF,所以出口方向应该是向OSPF这一边(也就是图中向右的方向)。也即符合access list 2的路由更新会被重分发到OSPF,不符合的会丢弃。
R2(config-router)#router rip
R2(config-router)#distribute-list 1 out ospf
这句话的意思是对OSPF重分布到RIP的路由更新应用access list。
我们再查看一下路由器R1和R3的路由表:
R1#show ip route
Gateway of last resort is not set
     10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
R       10.8.0.0/16 [120/5] via 10.0.0.2, 00:00:09, Ethernet1/0
R       10.0.0.8/30 [120/1] via 10.0.0.2, 00:00:09, Ethernet1/0
C       10.2.0.0/16 is directly connected, Ethernet1/3
C       10.3.0.0/16 is directly connected, Ethernet1/4
C       10.0.0.0/30 is directly connected, Ethernet1/0
C       10.1.0.0/16 is directly connected, Ethernet1/2
可以看到,除了10.8.0.0以及10.0.0.8之外,R2没有将OSPF的其他路由重分发给RIP。我们同时看到,作为直连网络的10.8.0.0/30并不在限制的范围之内。
R3#show ip route
Gateway of last resort is not set
     10.0.0.0/8 is variably subnetted, 8 subnets, 2 masks
C       10.10.0.0/16 is directly connected, Ethernet1/4
C       10.11.0.0/16 is directly connected, Ethernet1/5
C       10.8.0.0/16 is directly connected, Ethernet1/2
C       10.0.0.8/30 is directly connected, Ethernet1/0
C       10.9.0.0/16 is directly connected, Ethernet1/3
O E2    10.2.0.0/16 [110/20] via 10.0.0.9, 03:15:47, Ethernet1/0
O E2    10.3.0.0/16 [110/20] via 10.0.0.9, 03:15:47, Ethernet1/0
O E2    10.0.0.0/30 [110/20] via 10.0.0.9, 03:15:47, Ethernet1/0
可以看到这里比原来少了10.1.0.0这条路由。