Cisco
EIGRP 的 RIP 廣告網路,無需重新分配
這是我在 GNS3 中設置的拓撲。
路由器 R2 的 RIP V2 協議正在辨識和通告在 EIGRP 中通告的兩個網路,即使所述資訊本應僅通過重新分發來接收。如何確保 RIP 僅通告我希望通告的那些子網,而不是可能存在於該特定路由器上的該有類網路的所有子網?
以下是來自路由器 R2 和 R3 的 Show Ip route 和 Show Running-config 資訊,
R3#sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 192.168.1.0/24 is variably subnetted, 5 subnets, 2 masks C 192.168.1.64/28 is directly connected, Loopback1 R 192.168.1.32/28 [120/1] via 192.168.1.133, 00:00:00, Serial0/0 R 192.168.1.16/28 [120/1] via 192.168.1.133, 00:00:00, Serial0/0 R 192.168.1.128/30 [120/1] via 192.168.1.133, 00:00:00, Serial0/0 C 192.168.1.132/30 is directly connected, Serial0/0 R3# ////////////////////////////////////////////////////////////////////////////// R3#sh run Building configuration... Current configuration : 1063 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R3 ! boot-start-marker boot-end-marker ! ! no aaa new-model ! resource policy ! memory-size iomem 5 ! ! ip cef no ip domain lookup ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface Loopback1 ip address 192.168.1.65 255.255.255.240 ! interface Serial0/0 ip address 192.168.1.134 255.255.255.252 serial restart-delay 0 no dce-terminal-timing-enable ! interface Serial0/1 no ip address shutdown serial restart-delay 0 no dce-terminal-timing-enable ! interface Serial0/2 no ip address shutdown serial restart-delay 0 no dce-terminal-timing-enable ! interface Serial0/3 no ip address shutdown serial restart-delay 0 no dce-terminal-timing-enable ! router rip version 2 passive-interface default network 192.168.1.0 neighbor 192.168.1.133 ! no ip http server no ip http secure-server ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 ! ! end R3#s ////////////////////////////////////////////////////////////// R2#sh run Building configuration... Current configuration : 1240 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R2 ! boot-start-marker boot-end-marker ! ! no aaa new-model ! resource policy ! memory-size iomem 5 ! ! ip cef no ip domain lookup ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface Loopback1 ip address 192.168.1.17 255.255.255.240 ! interface Loopback2 ip address 192.168.1.33 255.255.255.240 ! interface Serial0/0 ip address 192.168.1.130 255.255.255.252 serial restart-delay 0 no dce-terminal-timing-enable ! interface Serial0/1 ip address 192.168.1.133 255.255.255.252 serial restart-delay 0 no dce-terminal-timing-enable ! interface Serial0/2 no ip address shutdown serial restart-delay 0 no dce-terminal-timing-enable ! interface Serial0/3 no ip address shutdown serial restart-delay 0 no dce-terminal-timing-enable ! router eigrp 10 network 192.168.1.16 0.0.0.15 network 192.168.1.128 0.0.0.3 no auto-summary ! router rip version 2 passive-interface default network 192.168.1.0 neighbor 192.168.1.134 ! no ip http server no ip http secure-server ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 ! ! end
您可以使用分發列表來阻止 RIP 發布同時屬於 EIGRP 和 RIP 程序的路由(即 192.168.1.16/28 和 192.168.1.128/30)
為此,只需允許環回 1 路由出去,並拒絕其餘的路由。或者,您可以編寫一個拒絕 192.168.1.16/28 和 192.168.1.128/30 並允許其餘的訪問列表。
如果您想在子網長度上進行特定匹配,您可能還希望使用前綴列表。請注意,下面的 ACL 實際上將允許任何屬於 192.168.1.32/28 子集的路由(例如,如果 192.168.1.33/32 存在於您的 rip 程序中,它也將被允許)
router rip distribute-list 10 out s0/1 access-list 10 permit 192.168.1.32 0.0.0.15 access-list 10 deny any
這是 RIP 的一個問題,因為它只能在有類網路上啟用,不幸的是,在您的拓撲中,這意味著 RIP 正在 192.168.1.0/24 網路的所有介面上執行。
正如您在 EIGRP 中所指出的,您沒有此問題,因為您可以有類地指定參與介面。