Contents

Routing Filtering

   Jan 6, 2023     8 min read

Ex. Build Up (ft.Frame-Relay)

Untitled



방법

  1. ip 주소
  2. DNS 서버, DHCP client, Apache Web Server

Untitled (1)

L)

service httpd restart



R8)

ip dhcp pool cisco 1
network 192.168.10.0 255.255.255.0
default-router 192.168.10.254
dns-server 223.255.255.1
ip dhcp excluded-address 192.168.10.254



W12, 13)

ipconfig /release
ipconfig /renew



  1. FR구성

FR1)

frame-relay switching

interface s1/0
encapsulation frame-relay
frame-relay intf-type dce
frame-relay route 102 interface serial 1/1 201
no shutdown

interface s1/1
encapsulation frame-relay
frame-relay intf-type dce
frame-relay route 201 interface serial 1/0 102
frame-relay route 203 interface serial 1/2 302
no shutdown

interface s1/2
encapsulation frame-relay
frame-relay intf-type dce
frame-relay route 302 interface serial 1/1 203
no shutdown



FR2)

frame-relay switching

interface s1/0
encapsulation frame-relay
frame-relay intf-type dce
frame-relay route 506 interface serial 1/1 605
no shutdown

interface s1/1
encapsulation frame-relay
frame-relay intf-type dce
frame-relay route 605 interface serial 1/0 506
no shutdown



  1. 라우터 구성 (ft.FR)

R1)

encapsulation frame-relay
no shutdown

interface s1/0.123 point-to-point
ip address 1.1.123.1 255.255.255.0
frame-relay interface-dlci 102



R2)

interface s1/0
encapsulation frame-relay
no shutdown

interface s1/0.123 multipoint
no frame-relay inverse-arp
ip address 1.1.123.2 255.255.255.0
frame-relay map ip 1.1.123.1 201 broadcast
frame-relay map ip 1.1.123.3 203 broadcast



R3)

interface s1/0
encapsulation frame-relay
no shutdown

interface s1/0.123 multipoint
no frame-relay inverse-arp
ip address 1.1.123.3 255.255.255.0
frame-relay map ip 1.1.123.2 302 broadcast



R5)

encapsulation frame-relay
no shutdown

interface s1/0.56 point-to-point
ip address 1.1.56.1 255.255.255.0
frame-relay interface-dlci 506



R7)

interface s1/0
encapsulation frame-relay
no shutdown

interface s1/0.56 point-to-point
ip address 1.1.56.2 255.255.255.0
frame-relay interface-dlci 605



  1. OSPF, EIGRP 구성

R1)

router ospf 1
network 211.175.185.0 0.0.0.255 area 0
network 1.1.123.0 0.0.0.255 area 0



R2)

router ospf 1
network 1.0.0.0 0.255.255.255 area 0



R3)

router ospf 1
network 1.0.0.0 0.255.255.255 area 0



R5)

router eigrp 100
network 1.0.0.0
no auto-summary

router ospf 1
network 1.0.0.0 0.255.255.255 area 0



R7)

router eigrp 100
network 1.0.0.0
no auto-summary



R8)

router eigrp 100
network 1.0.0.0
network 192.168.10.0
no auto-summary

router ospf 1
network 1.0.0.0 0.255.255.255 area 0

router ospf 1
network 1.0.0.0 0.255.255.255 area 0



  1. NAT 서버 구성

R8)

ip nat pool cisco 77.1.1.1 77.1.1.1 netmask 255.255.255.0
access-list 10 permit 192.168.10.0 0.0.0.255
ip nat inside source list 10 pool cisco overload

interface e0/0
ip nat inside

interface s1/0
ip nat outside



  1. 추가 구성

R1)

interface s1/0.123 point-to-point
ip ospf network point-to-multipoint



R2, R3)

interface s1/0.123 multipoint
ip ospf network point-to-multipoint



  1. 재분배

R5)

router eigrp 100
redistribute ospf 1 metric 1 1 1 1 1

router ospf 1
redistribute eigrp 100 subnets metric 20



  1. Loopback

R8)

interface loopback 0
ip address 77.1.1.1 255.255.255.0

router eigrp 100
network 77.1.1.0
no auto-summary



결과 - R1

Untitled (2)

77.1.1.1 이 뜨는 것을 확인할 수 있음.

Untitled (3)

오류 해결 방법

R2)

router ospf 1
network 223.255.255.0 0.0.0.255 area 0



결과

W12)
tracert 211.175.185.1 - 총 거치는 것이 7개

Untitled (4)

Untitled (5)

Routing Filtering

  • show ip route : 지도를 보여줌

  • Filtering : 원하는 것만 넘겨주려고 함.

  • 라우팅 테이블 교환할 때 필터링을 하고 싶다는 것임.

  • access-list : 조건을 주고 원하는 인터페이스에 적용을 함. 그러면 방화벽이 됨. 즉, 조건 -> 인터페이스에 적용

  • Prefix-list 명령어는 access-list랑 비슷하다.

  • ge 24 <= x

  • Prefix-list : Only 조건
  • Route-map : 조건 + 수정

Ex. 조건 : /32 -> /24

Untitled (6)

  • int lo 0 -> ip ospf network point-to-point
  • loopback 주소만 그런 것임. 주의하자.

결과 (기본 구성)

각각 via 3개가 나온 것을 확인할 수 있음.

설명

  • RIP, EIGRP 등과 달리 OSPF 에서는 라우팅 정보를 인터페이스에서 송신할 때에는 차단할 수 있다.

방법 Ex. 01

R1) -> 2점대만 받게 하기 위해선.

ip prefix-list D0 deny 3.3.3.0/24
ip prefix-list D0 deny 4.4.4.0/24
ip prefix-list D0 permit 0.0.0.0/0 le 32

router ospf 1
distribute-list prefix D0 in s1/0



결과

7

3점대랑 4점대는 1.1.12.2가 막혔음을 확인할 수 있다.

추가 명령어

R1)

ip prefix-list D1 deny 2.2.2.0/24
ip prefix-list D1 deny 4.4.4.0/24
ip prefix-list D1 permit 0.0.0.0/0 le 32

router ospf 1
distribute-list prefix D1 in s1/1

ip prefix-list D2 deny 2.2.2.0/24
ip prefix-list D2 deny 3.3.3.0/24
ip prefix-list D2 permit 0.0.0.0/0 le 32

router ospf 1
distribute-list prefix D2 in s1/2



총 결과

8

각각 1개씩 뜬 것을 확인 할 수 있다.

Access-list

R1)

access-list 10 deny 3.3.3.0 0.0.0.255
access-list 10 deny 4.4.4.0 0.0.0.255
access-list 10 permit 0.0.0.0 255.255.255.255

access-list 20 deny 2.2.2.0 0.0.0.255
access-list 20 deny 4.4.4.0 0.0.0.255
access-list 20 permit 0.0.0.0 255.255.255.255

access-list 30 deny 2.2.2.0 0.0.0.255
access-list 30 deny 3.3.3.0 0.0.0.255
access-list 30 permit 0.0.0.0 255.255.255.255

router ospf 1
distribute-list 10 in s1/0
distribute-list 20 in s1/1
distribute-list 30 in s1/2



결과

9

pre랑 했을 때랑 똑같은 것을 확인할 수 있음.

  • 필터링 명령어 : distribute ~

Named ACL

R1)

ip access-list standard cisco1
deny 3.3.3.0 0.0.0.255
deny 4.4.4.0 0.0.0.255
permit any

ip access-list standard cisco2
deny 2.2.2.0 0.0.0.255
deny 4.4.4.0 0.0.0.255
permit any

ip access-list standard cisco3
deny 2.2.2.0 0.0.0.255
deny 3.3.3.0 0.0.0.255
permit any

router ospf 1
distribute-list cisco1 in s1/0
distribute-list cisco2 in s1/1
distribute-list cisco3 in s1/2



결과

10

route-map

R1)

ip prefix-list D0 deny 3.3.3.0/24
ip prefix-list D0 deny 4.4.4.0/24
ip prefix-list D0 permit 0.0.0.0/0 le 32

ip prefix-list D1 deny 2.2.2.0/24
ip prefix-list D1 deny 4.4.4.0/24
ip prefix-list D1 permit 0.0.0.0/0 le 32

ip prefix-list D2 deny 2.2.2.0/24
ip prefix-list D2 deny 3.3.3.0/24
ip prefix-list D2 permit 0.0.0.0/0 le 32

router ospf 1
distribute-list route-map D0 in
distribute-list route-map D1 in
distribute-list route-map D2 in → 이것만 남음. 아마 덮어씌어진 것을 추정.



결과 - R1

11

route-map

  • 요구 조건 : 2.2.2.2 3.3.3.3만 허용

  • 1) Prefix-list
    R1)

ip prefix-list D3 permit 2.2.2.0/24
ip prefix-list D3 perimt 3.3.3.0/24

route-map cisco1
match ip address prefix-list D3

router ospf 1
distribute-list route-map cisco1 in



  • 결과)

12

  • 2) Numbered ACL

R1)

access-list 10 permit 2.2.2.0 0.0.0.255
access-list 10 permit 3.3.3.0 0.0.0.255

route-map cisco2 permit
match ip address 10

router ospf 1
distribute-list route-map cisco2 in



  • 3) Named ACL

R1)

ip access-list standard acl1
permit 2.2.2.0 0.0.0.255
permit 3.3.3.0 0.0.0.255

route-map cisco3
match ip address acl1

router ospf 1
distribute-list route-map cisco3 in



  • 결과)

13