• Prefix-List


    不同于用于匹配流量的IP访问列表,IP前缀列表主要是用来指定具体的网络可达的。前缀列表用来匹配前缀(网段)和前缀长度(子网掩码)。前缀列表有两个参数很难理解。
    下面是普通的前缀列表的参数:
    ip prefix-list [name] [permit | deny] [prefix]/[len]
    name为任意的名字或者数字,prefix是指定的路由前缀(网段),len是指定的前缀长度(子网掩码)。例子如下:
    ip prefix-list LIST permit 1.2.3.0/24
    上面的例子中指定匹配网段1.2.3.0,并且指定子网掩码为255.255.255.0,这个列表不匹配1.2.0.0/24,也不匹配1.2.3.4/32
    ip prefix-list LIST permit 0.0.0.0/0
    上面的例子指定匹配网段0.0.0.0和子网掩码0.0.0.0。这个列表用来匹配默认路由。
    通常情况下,在使用前缀列表的时候加上“GE”(大于或等于)和“LE”(小于或等于)时比较容易发生混淆。这是因为当使用“GE”和“LE”时,列表的长度(len)发生了改变。
    另外一种前缀列表的参数:
    ip prefix-list [name] [permit | deny] [prefix]/[len] ge [min_length] le [max_length]
    name为任意的名字或者数字,prefix是将要进行比较的路由前缀(网段),len是指从最左边开始的比特位,min_length为最小的子网掩码的值,max_length为最大的子网掩码的值
    使用GE和LE,必须满足下面的条件:
    len < GE <= LE
    上面的参数很容易混淆,简单的说就是一个匹配前缀或子网的地址的范围。
    看下面的例子:
    ip prefix-list LIST permit 1.2.3.0/24 le 32
    上面的例子表示前缀1.2.3.0前面的24位必须匹配。此外,子网掩码必须小于或等于32位
    ip prefix-list LIST permit 0.0.0.0/0 le 32
    上面的例子意味着0位需要匹配,此外子网掩码必须小于或等于32位。一位所有的网段的掩码都小于或等于32位,并且一位都不用匹配,所以这句话等于permit any
    ip prefix-list LIST permit 10.0.0.0/8 ge 21 le 29
    上面的例子说明网段10.0.0.0的前8位必须匹配,此外子网掩码必须在21位和29位之间。
    注意:
    使用前缀列表不能像访问列表那样匹配具体的应用流。
    前缀列表也不能用来具体匹配奇数或偶数的前缀,或什么可以被15整除的前缀
    在前缀列表中,比特位必须是连续的,并且从左边开始
    ip prefix-list abc permit 0.0.0.0/0 ge 1            表示除了默认路由外的所有路由
    ip prefix-list test16 seq 5 permit 0.0.0.0/1 ge 8 le 8                配置A类地址
    ip prefix-list test16 seq 10 permit 128.0.0.0/2 ge 16 le 16      配置B类地址
    ip prefix-list test16 seq 15 permit 192.0.0.0/3 ge 24 le 24      配置C类地址
    ---------------------------------------------------------------------------------------------
    Exercises:
    1. Construct a prefix list that permits only the 192.168.1.0/24 network.
    ip prefix-list test1 seq 5 permit 192.168.1.0/24

    2. Construct a prefix list that denies network 119.0.0.0, and permits all other prefixes (including all subnets of 119.0.0.0).
    ip prefix-list test2 seq 5 deny 119.0.0.0/8
    ip prefix-list test2 seq 10 permit 0.0.0.0/0 le 32

    3. Construct a prefix list that permits only the default route.
    ip prefix-list test3 seq 5 permit 0.0.0.0/0

    4. Construct a prefix list the permits everything except the default route.
    ip prefix-list test4 seq 5 deny 0.0.0.0/0
    ip prefix-list test4 seq 10 permit 0.0.0.0/0 le 32

    5. Construct a prefix list that permits network 172.16.0.0 and any of its subnets, and denies all other prefixes.
    ip prefix-list test5 seq 5 permit 172.16.0.0/16 le 32

    6. Construct a prefix list that permits only the following prefixes: 
    10.2.8.32/27 
    10.2.8.32/28 
    10.2.8.32/29 
    10.2.8.32/30
    ip prefix-list test6 seq 5 permit 10.2.8.32/27 le 30

    7. Construct a prefix list that:
    Permits 197.25.94.128/25 
    Denies 197.25.94.192/26 
    Permits 197.25.94.224/27 
    Denies 197.25.94.240/28 
    Permits 197.25.94.248/29 
    Denies 197.25.94.252/30 
    Permits all other prefixes, except for 198.82.0.0/16
    ip prefix-list test7 seq 5 deny 197.25.94.192/26
    ip prefix-list test7 seq 10 deny 197.25.94.240/28
    ip prefix-list test7 seq 15 deny 197.25.94.252/30
    ip prefix-list test7 seq 20 deny 198.82.0.0/16
    ip prefix-list test7 seq 25 permit 0.0.0.0/0 le 32

    8. Construct a prefix list that permits any prefix matching the first 20 bits of 175.29.64.0 which has a mask of at least /26 but not exceeding /29, and denies all other prefixes.
    ip prefix-list test8 seq 5 permit 175.29.64.0/20 ge 26 le 29

    9. Construct a prefix list that denies any prefix matching the first 19 bits of 15.26.96.0 with any mask up to and including /32, and permits any other prefix.
    ip prefix-list test9 seq 5 deny 15.26.96.0/19 le 32
    ip prefix-list test9 seq 10 permit 0.0.0.0/0 le 32

    10. Construct a prefix list that denies the RFC 1918 private networks and any of their subnets, and permits everything else.
    ip prefix-list test10 seq 5 deny 10.0.0.0/8 le 32
    ip prefix-list test10 seq 10 deny 172.16.0.0/12 le 32
    ip prefix-list test10 seq 15 deny 192.168.0.0/16 le 32
    ip prefix-list test10 seq 20 permit 0.0.0.0/0 le 32

    11. Construct a prefix list that permits any subnet of network 15.0.0.0 (but not the network), and denies everything else. Your router lies within AS 65011. Place the prefix list in service in the inbound direction with BGP neighbor 1.2.3.4.
    ip prefix-list test11 seq 5 permit 15.0.0.0/8 ge 9
    To place it in service: 
    router bgp 65011
    neighbor 1.2.3.4 prefix-list test11 in

    12. Construct a prefix list that denies 162.56.0.0/16 and all of its subnets (with the exception of 162.56.209.208/29, which is permitted), and permits all other prefixes. Your router lies within AS 65012. Place the prefix list in service in the outbound direction with its BGP neighbor having address 5.6.7.8.
    ip prefix-list test12 seq 5 permit 162.56.209.208/29
    ip prefix-list test12 seq 10 deny 162.56.0.0/16 le 32
    ip prefix-list test12 seq 15 permit 0.0.0.0/0 le 32
    To place it in service: 
    router bgp 65012
    neighbor 5.6.7.8 prefix-list test12 out

    13. Construct a prefix list that permits the CIDR block containing the thirty-two class C networks beginning with 200.202.160.0/24, and denies everything else. Your router is within AS 65013. Place the prefix list in service in the inbound direction with BGP peer-group "Lucky_13".
    ip prefix-list test13 seq 5 permit 200.202.160.0/19
    To place it in service: 
    router bgp 65013
    neighbor Lucky_13 prefix-list test13 in

    14. Construct a prefix list that denies any prefix for which the most-significant four bits are "0110", and permits everything else.
    ip prefix-list test14 seq 5 deny 96.0.0.0/4 le 32
    ip prefix-list test14 seq 10 permit 0.0.0.0/0 le 32

    15. Construct a prefix list that permits the host address of "CatSpace", and denies everything else.
    ip prefix-list test15 seq 5 permit 64.82.100.67/32

    16. Construct a prefix list that permits only classful networks, and denies everything else.
    ip prefix-list test16 seq 5 permit 0.0.0.0/1 ge 8 le 8
    ip prefix-list test16 seq 10 permit 128.0.0.0/2 ge 16 le 16
    ip prefix-list test16 seq 15 permit 192.0.0.0/3 ge 24 le 24

    17. Construct a prefix list that denies only supernets, and permits everything else.
    ip prefix-list test17 seq 5 deny 0.0.0.0/1 le 7
    ip prefix-list test17 seq 10 deny 128.0.0.0/2 le 15
    ip prefix-list test17 seq 15 deny 192.0.0.0/3 le 23
    ip prefix-list test17 seq 20 permit 0.0.0.0/0 le 32

    18. Construct a prefix list that permits only subnets, and denies everything else.
    ip prefix-list test18 seq 5 permit 0.0.0.0/1 ge 9
    ip prefix-list test18 seq 10 permit 128.0.0.0/2 ge 17
    ip prefix-list test18 seq 15 permit 192.0.0.0/3 ge 25

    19. Construct a prefix list that permits only CIDR blocks encompassing at least 32 class-C equivalents.
    ip prefix-list test19 seq 5 deny 0.0.0.0/0
    ip prefix-list test19 seq 10 permit 0.0.0.0/0 le 19

    20. Construct a prefix list that permits only the RFC 1918 private networks and their subnets, and configure RIP to use this prefix list for outbound routing advertisements.
    ip prefix-list test20 seq 5 permit 10.0.0.0/8 le 32
    ip prefix-list test20 seq 10 permit 172.16.0.0/12 le 32
    ip prefix-list test20 seq 15 permit 192.168.0.0/16 le 32
    To place it in effect for outbound RIP updates: 
    router rip
    distribute-list prefix test20 out 

    和ACL类似的东东,设计用于专抓路由的工具,不仅可以匹配网络号,还可以匹配掩码
     
    R4(config)#ip prefix-list 2(用名字也行) permit 2.2.2.0/24
    R4(config-router)#distribute-list prefix 2 in serial 1
     
    例一:
    ip prefix-list 2 permit 2.2.2.0/24       //(匹配前24位:2.2.2.* ,掩码必须为24位)
    例二:                  
    ip prefix-list 2 permit 2.2.2.0/24 ge 25 le 30 //(匹配前24位:2.2.2.* ,掩码必须为25-30位)
    例三:
    ip prefix-list 2 permit 2.2.2.0/24 le 32    //(匹配前24位:2.2.2.* ,掩码必须为24-32位)
    例四:
    ip prefix-list 2 permit 2.2.2.0/24 ge 26    //(匹配前24位:2.2.2.* ,掩码必须为26-32位)
    例五:                  
    ip prefix-list 3 permit 0.0.0.0/0 le 32     //(匹配所有)不能像access-list哪样用any参数
    ge必须大于前面的数字,小或等于le ,len<ge-value<=le-value
     
    sh ip prefix-list用于查看
     
    用前缀列表过滤A、B、C类路由
    A类路由:ip prefix-list 1 permit 0.0.0.0/1 le 32
    B类路由:ip prefix-list 1 permit 128.0.0.0/2 le 32
    C类路由:ip prefix-list 1 permit 192.0.0.0/3 le 32
    案例1:拓扑如下所示:
    R1(s1/1)------(s1/0)R2(s1/1)------(s1/0)R3
    在R2上有六个环回接口,现在要使R3只能收到掩码为17,18,19的三条网络。六个环回口分别为172.16.128.1/17,172.16.64.1/18,172.16.32.1/19,172.16.16.1/20,172.16.8.1/21,172.16.4.1/22
    当配置完成后,先看一看R3的路由表:
    R3#sh ip ro ei
         1.0.0.0/24 is subnetted, 1 subnets
    D       1.1.1.0 [90/2297856] via 13.1.1.1, 00:00:06, Serial1/0
         2.0.0.0/24 is subnetted, 1 subnets
    D       2.2.2.0 [90/2809856] via 13.1.1.1, 00:00:06, Serial1/0
         172.16.0.0/16 is variably subnetted, 6 subnets, 6 masks
    D       172.16.128.0/17 [90/2809856] via 13.1.1.1, 00:00:06, Serial1/0
    D       172.16.32.0/19 [90/2809856] via 13.1.1.1, 00:00:06, Serial1/0
    D       172.16.16.0/20 [90/2809856] via 13.1.1.1, 00:00:06, Serial1/0
    D       172.16.8.0/21 [90/2809856] via 13.1.1.1, 00:00:06, Serial1/0
    D       172.16.4.0/22 [90/2809856] via 13.1.1.1, 00:00:06, Serial1/0
    D       172.16.64.0/18 [90/2809856] via 13.1.1.1, 00:00:06, Serial1/0
         12.0.0.0/24 is subnetted, 1 subnets
    D       12.1.1.0 [90/2681856] via 13.1.1.1, 00:00:06, Serial1/0
    现在,在R1上做配置来满足需求:
    R1#sh run | b r e
     distribute-list prefix 1 out Serial1/1
    !
    ip prefix-list 1 seq 5 permit 172.16.0.0/16 ge 17 le 19
    此时,我们再来看一看R3的路由表:
    R3#sh ip ro ei
         172.16.0.0/16 is variably subnetted, 3 subnets, 3 masks
    D       172.16.128.0/17 [90/2809856] via 13.1.1.1, 00:01:01, Serial1/0
    D       172.16.32.0/19 [90/2809856] via 13.1.1.1, 00:01:01, Serial1/0
    D       172.16.64.0/18 [90/2809856] via 13.1.1.1, 00:01:01, Serial1/0
    R2的配置:
    R2#sh run | b r e
    router eigrp 100
     network 2.2.2.2 0.0.0.0
     network 12.1.1.0 0.0.0.255
     network 172.16.0.0
     no auto-summary
    R1的配置:
    R3#sh run | b r e
    router eigrp 100
     network 3.3.3.3 0.0.0.0
     network 13.1.1.0 0.0.0.255
     no auto-summary
    R3的配置:
    R1# sh run | b r e
    router eigrp 100
     network 1.1.1.1 0.0.0.0
     network 12.1.1.0 0.0.0.255
     network 13.1.1.0 0.0.0.255
     distribute-list prefix 1 out Serial1/1
     no auto-summary
    !
    ip prefix-list 1 seq 5 permit 172.16.0.0/16 ge 17 le 19
     
    案例2:利用前缀列表过滤OSPF

    要求:在如上图所示的拓朴中,在R1上利用前缀列表做过滤,不要向AREA0区域传递172.16.1.1的路由。
    看一看R3的路由表:
    R3#sh ip ro os
         1.0.0.0/32 is subnetted, 1 subnets
    O       1.1.1.1 [110/65] via 13.1.1.1, 00:00:55, Serial0/1
         2.0.0.0/32 is subnetted, 1 subnets
    O IA    2.2.2.2 [110/129] via 13.1.1.1, 00:00:55, Serial0/1
         172.16.0.0/32 is subnetted, 2 subnets
    O IA    172.16.1.1 [110/129] via 13.1.1.1, 00:00:55, Serial0/1
    O IA    172.16.2.1 [110/129] via 13.1.1.1, 00:00:55, Serial0/1
         12.0.0.0/24 is subnetted, 1 subnets
    O IA    12.1.1.0 [110/128] via 13.1.1.1, 00:00:55, Serial0/1
    在R1上配置,满足需求:
    R1#sh run | b r o
     area 1 filter-list prefix 1 out
    !
    ip prefix-list 1 seq 5 deny 172.16.1.1/32
    ip prefix-list 1 seq 10 permit 0.0.0.0/0 le 32
    此时,再看一看R3的路由表:
    R3#sh ip ro os
         1.0.0.0/32 is subnetted, 1 subnets
    O       1.1.1.1 [110/65] via 13.1.1.1, 00:03:07, Serial0/1
         2.0.0.0/32 is subnetted, 1 subnets
    O IA    2.2.2.2 [110/129] via 13.1.1.1, 00:03:07, Serial0/1
         172.16.0.0/32 is subnetted, 1 subnets
    O IA    172.16.2.1 [110/129] via 13.1.1.1, 00:03:07, Serial0/1
         12.0.0.0/24 is subnetted, 1 subnets
    O IA    12.1.1.0 [110/128] via 13.1.1.1, 00:03:07, Serial0/1
    各路由器的配置:
    R2的配置:
    R2#sh run | b r o
    router ospf 110
     router-id 2.2.2.2
     log-adjacency-changes
     network 2.2.2.2 0.0.0.0 area 1
     network 12.1.1.2 0.0.0.0 area 1
     network 172.16.0.0 0.0.255.255 area 1
    R1的配置:
    R1#sh run | b r o 
    router ospf 110
     router-id 1.1.1.1
     log-adjacency-changes
     area 1 filter-list prefix 1 out
     network 1.1.1.1 0.0.0.0 area 0
     network 12.1.1.1 0.0.0.0 area 1
     network 13.1.1.1 0.0.0.0 area 0
    !
    ip prefix-list 1 seq 5 deny 172.16.1.1/32
    ip prefix-list 1 seq 10 permit 0.0.0.0/0 le 32
    R3的配置:
    R3#sh run | b r o
    router ospf 110
     router-id 3.3.3.3
     log-adjacency-changes
     network 3.3.3.3 0.0.0.0 area 0
     network 13.1.1.3 0.0.0.0 area 0


     

  • 相关阅读:
    关于tomcat
    java 判断字符串是否为数字(包含负数)
    poi
    (String)、toString、String.valueOf
    linux 运行jar包
    视图
    java 使进程停顿几秒
    linux_tomcat
    【HTML+CSS】七小时快速入门~~~~~~~
    关于CSS动画效果的图片展示
  • 原文地址:https://www.cnblogs.com/cyrusxx/p/12615738.html
Copyright © 2020-2023  润新知