如何过滤或控制重发布路由
2012-12-21 16:51:33 来源: 评论:0 点击:
描述:该文档描述如何过滤或控制静态和直连路由重发布至OSPF。该例中,FG80C 和FG300A在area0.0.0.0.互为neighbors需要将FG80C的部分路由重新发布至FG300A:直连网络10.168.6.0/23;静态路由10.11.0.0/24;配置:1.路...
描述:
该文档描述如何过滤或控制静态和直连路由重发布至OSPF。
该例中,FG80C 和FG300A在area0.0.0.0.互为neighbors
需要将FG80C的部分路由重新发布至FG300A:
直连网络10.168.6.0/23;
静态路由10.11.0.0/24;
配置:
1.路由过滤前的配置
FGT80C
config router ospf config area edit 0.0.0.0 next end config network edit 1 set prefix 10.168.0.0 255.255.254.0 next end config redistribute "connected" set status enable end config redistribute "static" set status enable end set router-id 0.0.0.114 end |
FGT80C# get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default S* 0.0.0.0/0 [10/0] via 172.31.225.254, wan1 S 10.11.0.0/24 [10/0] via 10.168.4.103, vlan4 S 10.12.0.0/24 [10/0] via 10.168.4.103, vlan4 C 10.168.0.0/23 is directly connected, internal C 10.168.4.0/23 is directly connected, vlan4 C 10.168.6.0/23 is directly connected, wan2 C 172.31.224.0/23 is directly connected, wan1 |
FG300A
config router ospf config area edit 0.0.0.0 next end config network edit 1 set prefix 10.168.0.0 255.255.254.0 next end config redistribute "connected" end config redistribute "static" end set router-id 0.0.0.137 end |
FG300A# get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default S* 0.0.0.0/0 [10/0] via 192.168.183.254, port5 O E2 10.11.0.0/24 [110/10] via 10.168.1.114, port1, 00:07:25 O E2 10.12.0.0/24 [110/10] via 10.168.1.114, port1, 00:07:25 C 10.168.0.0/23 is directly connected, port1 O E2 10.168.4.0/23 [110/10] via 10.168.1.114, port1, 00:00:38 O E2 10.168.6.0/23 [110/10] via 10.168.1.114, port1, 00:07:33 O E2 172.31.224.0/23 [110/10] via 10.168.1.114, port1, 00:00:38 C 192.168.100.0/24 is directly connected, port2 C 192.168.182.0/23 is directly connected, port5 |
2.FG80C添加过滤后配置
FGT80C
config router access-list edit "OnlyNet6" config rule edit 1 set prefix 10.168.6.0 255.255.254.0 set exact-match enable next end next edit "1" next edit "OnlyNet11" config rule edit 1 set prefix 10.11.0.0 255.255.255.0 set exact-match enable next end next end config router route-map edit "Map-OnlyNet6" config rule edit 1 set match-ip-address "OnlyNet6" next end next edit "Map-OnlyNet11" config rule edit 1 set match-ip-address "OnlyNet11" next end next end config router ospf config area edit 0.0.0.0 next end config network edit 1 set prefix 10.168.0.0 255.255.254.0 next end config redistribute "connected" set status enable set routemap "Map-OnlyNet6" end config redistribute "static" set status enable set routemap "Map-OnlyNet11" end set router-id 0.0.0.114 end |
3.检查FG300A上路由表
FG300A2904500072 # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default S* 0.0.0.0/0 [10/0] via 192.168.183.254, port5 O E2 10.11.0.0/24 [110/10] via 10.168.1.114, port1, 00:01:07 C 10.168.0.0/23 is directly connected, port1 O E2 10.168.6.0/23 [110/10] via 10.168.1.114, port1, 00:01:35 C 192.168.100.0/24 is directly connected, port2 C 192.168.182.0/23 is directly connected, port5 |
过滤后仅有目标的2条路由被重发布至OSPF
相关热词搜索:
上一篇:设置FortiGate 等路径负载均衡
下一篇:如何过滤或控制重发布路由
分享到:
收藏
收藏
评论排行
- ·VMware部署FortiGate VM和VMX详解(66)
- ·FortiClient Windows系统安装包(21)
- ·SSL VPN Client For Windows(SSL ...(10)
- ·FortiClient Mac系统安装包(4)
- ·FortiClient 安卓安装包(3)
- ·FortiOS 5.6系统演示(2)
- ·飞塔防火墙配置手册5.0(2)
- ·给拨号VPN的用户分配固定IP地址(2)
- ·Fortinet无线网络接入配置步骤 4.2(2)
- ·FortiGate FortiOS最佳版本建议书(1)
- ·FortiWLC控制器系统恢复操作介绍(1)
- ·FortiClient 安卓系统安装包(1)
- ·设置FortiGate 双网关(1)
- ·FortiGate产品实施中文一本通7.0(1)
- ·SSL VPN Client for Linux(SSL VP...(1)
- ·如何配置FortiGate双出口(1)
- ·FortiConvertor配置转换工具(1)
- ·FortiGate 4.2 中文管理员使用手册(1)
- ·设置FortiGate DHCP地址保留(1)
- ·Fortinet技术服务和支持体系(1)
