实验Eigrp路由过滤
按实验1.14来配置
我们在r1的s1(148.1.1.2/24)上pingr3的s0(192.1.1.2/24),开debug ip icmp,
可以看到
r1#ping
Protocol [ip]:
Target IP address: 192.1.1.2
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 148.1.1.2
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.1.1.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
r1#show debug
Generic IP:
ICMP packet debugging is on
r1#(debug没有任何显示)
r3上
r3#
07:14:16: ICMP: echo reply sent, src 192.1.1.2, dst 148.1.1.2
r3#
07:14:18: ICMP: echo reply sent, src 192.1.1.2, dst 148.1.1.2
r3#
07:14:20: ICMP: echo reply sent, src 192.1.1.2, dst 148.1.1.2
r3#
07:14:22: ICMP: echo reply sent, src 192.1.1.2, dst 148.1.1.2
r3#
07:14:24: ICMP: echo reply sent, src 192.1.1.2, dst 148.1.1.2
由此我们可以看到,ping从r1的s1出发,是可以过去r3的s0端的,因为它上面有network 192.1.1.0
可是r3是distribute-list 10 in Serial0,access-list 10 deny 148.1.0.0,它拒绝了来自148.1.1.0的信息,但是它仍然发送了echo-relay,因为它要给出一个应答() 。
在r1上的debug没有显示,即echo reply并没有received,导致ping不通。(大家看看我说的这段话对不对,尤其是蓝猫)
所以,r3配置
router eigrp 100
network 192.1.1.0
distribute-list 10 in Serial0
auto-summary
!
access-list 10 deny 148.1.0.0
access-list 10 permit any
!
起到了过滤路由的作用。
PS:如果r1和r3上都没有起路由协议,那么ping的结果是一样的,ping不通,只是它的不通的原因是:刚开始r1上就没 有路由可以从r1(s1)转发到r1(s2) !
请大家指正!!
2001-2007 Comsenz Inc.
