步骤
1、使用ACL创建将要匹配的路由条目
2、使用route-map匹配ACL
3、在重分布路由(redistribute)时调用route-map
Example
演示
使用Standard ACL过滤10.5.1.0/24、10.4.1.0/27路由条目重分布进OSPF
使用Extended ACL过滤10.3.3.0/30、10.2.0.0/24、10.2.1.0/25路由条目重分布进EIGRP
此示例使用的拓扑图 
IP地址、动态路由协议及重分布配置
在此只截取部分主要配置以供参考,IP配置省略,只截取路由配置
在配置EIGRP时,可以用network 0.0.0.0 0.0.0.0(可省略为network 0.0.0.0)命令宣告所有路由器上活动接口所在的子网。
配置OSPF时,可以使用network 0.0.0.0 0.0.0.0 area 0命令宣告所在路由器活动接口所在的子网,此命令将宣告所有子网在同一区域。
配置OSPF时,环回接口需在接口下配置ip ospf network point-to-point以真实显示所配置子网信息,如不配置此命令,在路由表中将显示为32位掩码。
ACL 可用ip access-list standard(extended) NAME进入子条目配置匹配列表,
也可用access-list NUM(ACL号)来配置匹配列表,两都在配置时稍有区别,在配置每条命令时可用?来查看不同之处。
R1配置及路由表----------部分配置-只关注10.x.x.x.的路由条目
router eigrp 10
network 192.168.14.0 0.0.0.3
network 192.168.15.0 0.0.0.3
redistribute ospf 1 metric 100000 10 255 1 1500
!
router ospf 1
redistribute eigrp 10 subnets
network 192.168.12.0 0.0.0.3 area 0
network 192.168.13.0 0.0.0.3 area 0
!
部分路由表
----------
10.0.0.0/8 is variably subnetted, 17 subnets, 7 masks
O 10.2.0.0/24 [110/65] via 192.168.12.2, 02:11:51, Serial2/2
O 10.2.1.0/25 [110/65] via 192.168.12.2, 02:11:37, Serial2/2
O 10.2.2.0/26 [110/65] via 192.168.12.2, 02:12:06, Serial2/2
O 10.2.3.0/27 [110/65] via 192.168.12.2, 02:11:10, Serial2/2
O IA 10.3.0.0/26 [110/65] via 192.168.13.2, 02:08:32, Serial2/1
O IA 10.3.1.0/27 [110/65] via 192.168.13.2, 02:05:30, Serial2/1
O IA 10.3.2.0/29 [110/65] via 192.168.13.2, 02:05:30, Serial2/1
O IA 10.3.3.0/30 [110/65] via 192.168.13.2, 02:05:30, Serial2/1
D 10.4.0.0/25 [90/2297856] via 192.168.14.2, 02:15:29, Serial2/3
D 10.4.1.0/27 [90/2297856] via 192.168.14.2, 02:15:41, Serial2/3
D 10.4.1.32/27 [90/2297856] via 192.168.14.2, 00:04:56, Serial2/3
D 10.4.2.0/29 [90/2297856] via 192.168.14.2, 02:15:59, Serial2/3
D 10.4.4.0/22 [90/2297856] via 192.168.14.2, 02:16:28, Serial2/3
D 10.5.0.0/26 [90/2297856] via 192.168.15.2, 01:13:05, Serial2/0
D 10.5.1.0/24 [90/2297856] via 192.168.15.2, 02:13:40, Serial2/0
D 10.5.2.0/29 [90/2297856] via 192.168.15.2, 02:14:42, Serial2/0
D 10.5.3.0/27 [90/2297856] via 192.168.15.2, 02:14:04, Serial2/0
R2配置及路由表----------部分配置-只关注10.x.x.x.的路由条目
router ospf 1
network 0.0.0.0 255.255.255.255 area 0
!
部分路由表
----------
10.0.0.0/8 is variably subnetted, 21 subnets, 8 masks
O IA 10.3.0.0/26 [110/129] via 192.168.12.1, 02:17:00, Serial2/2
O IA 10.3.1.0/27 [110/129] via 192.168.12.1, 02:13:58, Serial2/2
O IA 10.3.2.0/29 [110/129] via 192.168.12.1, 02:13:58, Serial2/2
O IA 10.3.3.0/30 [110/129] via 192.168.12.1, 02:13:58, Serial2/2
O E2 10.4.0.0/25 [110/20] via 192.168.12.1, 02:09:50, Serial2/2
O E2 10.4.1.0/27 [110/20] via 192.168.12.1, 00:09:13, Serial2/2
O E2 10.4.1.32/27 [110/20] via 192.168.12.1, 00:13:24, Serial2/2
O E2 10.4.2.0/29 [110/20] via 192.168.12.1, 02:09:50, Serial2/2
O E2 10.4.4.0/22 [110/20] via 192.168.12.1, 02:09:50, Serial2/2
O E2 10.5.0.0/26 [110/20] via 192.168.12.1, 01:21:32, Serial2/2
O E2 10.5.1.0/24 [110/20] via 192.168.12.1, 00:09:13, Serial2/2
O E2 10.5.2.0/29 [110/20] via 192.168.12.1, 02:09:50, Serial2/2
O E2 10.5.3.0/27 [110/20] via 192.168.12.1, 02:09:50, Serial2/2R3配置及路由表----------部分配置-只关注10.x.x.x.的路由条目
router ospf 1
network 3.3.3.0 0.0.0.255 area 0
network 10.3.0.0 0.0.0.63 area 2
network 10.3.1.0 0.0.0.31 area 2
network 10.3.2.0 0.0.0.7 area 2
network 10.3.3.0 0.0.0.3 area 2
network 192.168.13.0 0.0.0.3 area 0
!
部分路由表
----------
10.0.0.0/8 is variably subnetted, 21 subnets, 8 masks
O 10.2.0.0/24 [110/129] via 192.168.13.1, 02:16:33, Serial2/2
O 10.2.1.0/25 [110/129] via 192.168.13.1, 02:16:33, Serial2/2
O 10.2.2.0/26 [110/129] via 192.168.13.1, 02:16:33, Serial2/2
O 10.2.3.0/27 [110/129] via 192.168.13.1, 02:16:33, Serial2/2
O E2 10.4.0.0/25 [110/20] via 192.168.13.1, 02:10:17, Serial2/2
O E2 10.4.1.0/27 [110/20] via 192.168.13.1, 00:09:40, Serial2/2
O E2 10.4.1.32/27 [110/20] via 192.168.13.1, 00:13:51, Serial2/2
O E2 10.4.2.0/29 [110/20] via 192.168.13.1, 02:10:17, Serial2/2
O E2 10.4.4.0/22 [110/20] via 192.168.13.1, 02:10:17, Serial2/2
O E2 10.5.0.0/26 [110/20] via 192.168.13.1, 01:22:00, Serial2/2
O E2 10.5.1.0/24 [110/20] via 192.168.13.1, 00:09:40, Serial2/2
O E2 10.5.2.0/29 [110/20] via 192.168.13.1, 02:10:17, Serial2/2
O E2 10.5.3.0/27 [110/20] via 192.168.13.1, 02:10:17, Serial2/2R4配置及路由表----------部分配置-只关注10.x.x.x.的路由条目
router eigrp 10
network 0.0.0.0
!
部分路由表
----------
10.0.0.0/8 is variably subnetted, 22 subnets, 8 masks
D EX 10.2.0.0/24 [170/2172416] via 192.168.14.1, 01:23:29, Serial2/3
D EX 10.2.1.0/25 [170/2172416] via 192.168.14.1, 01:23:29, Serial2/3
D EX 10.2.2.0/26 [170/2172416] via 192.168.14.1, 01:23:29, Serial2/3
D EX 10.2.3.0/27 [170/2172416] via 192.168.14.1, 01:23:29, Serial2/3
D EX 10.3.0.0/26 [170/2172416] via 192.168.14.1, 01:23:29, Serial2/3
D EX 10.3.1.0/27 [170/2172416] via 192.168.14.1, 01:23:29, Serial2/3
D EX 10.3.2.0/29 [170/2172416] via 192.168.14.1, 01:23:29, Serial2/3
D EX 10.3.3.0/30 [170/2172416] via 192.168.14.1, 01:23:29, Serial2/3
D 10.5.0.0/26 [90/2809856] via 192.168.14.1, 01:23:03, Serial2/3
D 10.5.1.0/24 [90/2809856] via 192.168.14.1, 01:23:29, Serial2/3
D 10.5.2.0/29 [90/2809856] via 192.168.14.1, 01:23:29, Serial2/3
D 10.5.3.0/27 [90/2809856] via 192.168.14.1, 01:23:29, Serial2/3R5配置----------部分配置-只关注10.x.x.x.的路由条目
router eigrp 10
network 0.0.0.0
!
部分路由表
----------
10.0.0.0/8 is variably subnetted, 21 subnets, 8 masks
D EX 10.2.0.0/24 [170/2172416] via 192.168.15.1, 02:12:06, Serial2/0
D EX 10.2.1.0/25 [170/2172416] via 192.168.15.1, 02:12:06, Serial2/0
D EX 10.2.2.0/26 [170/2172416] via 192.168.15.1, 02:12:06, Serial2/0
D EX 10.2.3.0/27 [170/2172416] via 192.168.15.1, 02:12:06, Serial2/0
D EX 10.3.0.0/26 [170/2172416] via 192.168.15.1, 02:12:06, Serial2/0
D EX 10.3.1.0/27 [170/2172416] via 192.168.15.1, 02:12:06, Serial2/0
D EX 10.3.2.0/29 [170/2172416] via 192.168.15.1, 02:12:06, Serial2/0
D EX 10.3.3.0/30 [170/2172416] via 192.168.15.1, 02:12:06, Serial2/0
D 10.4.0.0/25 [90/2809856] via 192.168.15.1, 02:25:56, Serial2/0
D 10.4.1.0/27 [90/2809856] via 192.168.15.1, 02:26:08, Serial2/0
D 10.4.1.32/27 [90/2809856] via 192.168.15.1, 00:15:23, Serial2/0
D 10.4.2.0/29 [90/2809856] via 192.168.15.1, 02:26:26, Serial2/0
D 10.4.4.0/22 [90/2809856] via 192.168.15.1, 02:26:55, Serial2/0在以上配置完成后,拓扑中各个接口可以完全互通。
配置Standard ACL匹配需要过滤的路由条目
使用Standard ACL过滤10.5.1.0/24、10.4.1.0/27路由条目重分布进OSPF
R1配置
ACL 配置
----------
ip access-list standard E-O ##这里用的是命名标准访问控制列表
permit 10.5.1.0 0.0.0.255 ##这里的permit、deny是匹配路由条目
## 可使用permit 10.5.1.0 /24 或 permit 10.5.1.0
permit 10.4.1.0 0.0.0.31
!
Route-map 配置匹配ACL E-O
----------
route-map EI-OS deny 10
match ip address E-O
!
route-map EI-OS permit 20
!
Redistribute 调用Route-map
----------
router ospf 1
redistribute eigrp 10 subnets route-map EI-OS
network 192.168.12.0 0.0.0.3 area 0
network 192.168.13.0 0.0.0.3 area 0R2、R3路由表----------部分配置-只关注10.x.x.x.的路由条目
**R2**
----------
10.0.0.0/8 is variably subnetted, 19 subnets, 8 masks
O IA 10.3.0.0/26 [110/129] via 192.168.12.1, 02:24:28, Serial2/2
O IA 10.3.1.0/27 [110/129] via 192.168.12.1, 02:21:26, Serial2/2
O IA 10.3.2.0/29 [110/129] via 192.168.12.1, 02:21:26, Serial2/2
O IA 10.3.3.0/30 [110/129] via 192.168.12.1, 02:21:26, Serial2/2
O E2 10.4.0.0/25 [110/20] via 192.168.12.1, 02:17:18, Serial2/2
O E2 10.4.1.32/27 [110/20] via 192.168.12.1, 00:20:52, Serial2/2
O E2 10.4.2.0/29 [110/20] via 192.168.12.1, 02:17:18, Serial2/2
O E2 10.4.4.0/22 [110/20] via 192.168.12.1, 02:17:18, Serial2/2
O E2 10.5.0.0/26 [110/20] via 192.168.12.1, 01:29:00, Serial2/2
O E2 10.5.2.0/29 [110/20] via 192.168.12.1, 02:17:18, Serial2/2
O E2 10.5.3.0/27 [110/20] via 192.168.12.1, 02:17:18, Serial2/2
**R3**
----------
10.0.0.0/8 is variably subnetted, 19 subnets, 8 masks
O 10.2.0.0/24 [110/129] via 192.168.13.1, 00:00:03, Serial2/2
O 10.2.1.0/25 [110/129] via 192.168.13.1, 00:00:03, Serial2/2
O 10.2.2.0/26 [110/129] via 192.168.13.1, 00:00:03, Serial2/2
O 10.2.3.0/27 [110/129] via 192.168.13.1, 00:00:03, Serial2/2
O E2 10.4.0.0/25 [110/20] via 192.168.13.1, 00:00:03, Serial2/2
O E2 10.4.1.32/27 [110/20] via 192.168.13.1, 00:00:03, Serial2/2
O E2 10.4.2.0/29 [110/20] via 192.168.13.1, 00:00:03, Serial2/2
O E2 10.4.4.0/22 [110/20] via 192.168.13.1, 00:00:03, Serial2/2
O E2 10.5.0.0/26 [110/20] via 192.168.13.1, 00:00:03, Serial2/2
O E2 10.5.2.0/29 [110/20] via 192.168.13.1, 00:00:03, Serial2/2
O E2 10.5.3.0/27 [110/20] via 192.168.13.1, 00:00:03, Serial2/2
在用Standard ACL过滤路由时,无法精确控制,例如:过滤10.1.1.32/27时,也会过滤掉10.1.1.32/30
使用Extended ACL过滤10.3.3.0/30、10.2.0.0/24、10.2.1.0/25路由条目重分布进EIGRP
R1配置
ACL 配置
----------
access-list 101 permit ip host 10.3.3.0 host 255.255.255.252 ##特殊方法来匹配路由条目
access-list 101 permit ip host 10.2.1.0 host 255.255.255.128
access-list 101 permit ip host 10.2.0.0 host 255.255.255.0
Route-map 配置匹配ACL E-O
----------
route-map OS-EI deny 10
match ip address 101
!
route-map OS-EI permit 20
!
Redistribute 调用Route-map
----------
R1#sh run | se eigrp
router eigrp 10
network 192.168.14.0 0.0.0.3
network 192.168.15.0 0.0.0.3
redistribute ospf 1 metric 100000 10 255 1 1500 route-map OS-EI
redistribute eigrp 10 subnets route-map EI-OS
R2、R3路由表----------部分配置-只关注10.x.x.x.的路由条目
10.0.0.0/8 is variably subnetted, 19 subnets, 7 masks
D EX 10.2.2.0/26 [170/2172416] via 192.168.14.1, 00:04:01, Serial2/3
D EX 10.2.3.0/27 [170/2172416] via 192.168.14.1, 00:04:01, Serial2/3
D EX 10.3.0.0/26 [170/2172416] via 192.168.14.1, 00:04:01, Serial2/3
D EX 10.3.1.0/27 [170/2172416] via 192.168.14.1, 00:04:01, Serial2/3
D EX 10.3.2.0/29 [170/2172416] via 192.168.14.1, 00:04:01, Serial2/3
D 10.5.0.0/26 [90/2809856] via 192.168.14.1, 01:05:39, Serial2/3
D 10.5.1.0/24 [90/2809856] via 192.168.14.1, 01:05:39, Serial2/3
D 10.5.2.0/29 [90/2809856] via 192.168.14.1, 01:05:39, Serial2/3
D 10.5.3.0/27 [90/2809856] via 192.168.14.1, 01:05:39, Serial2/3过滤掉了10.3.3.0/30、10.2.0.0/24、10.2.1.0/25路由条目。
来源:CSDN
作者:走不开的快乐
链接:https://blog.csdn.net/wlnx007/article/details/48490459