首页 > 学院 > 网络通信 > 正文

ISP经典配置

2019-11-04 20:52:53
字体:
来源:转载
供稿:网友

  ROUTER TELECOM-SP GATEWAY 01 (GW01)
  hostname GW01
  router eigrp 7341
  network 212.18.22.0
  redistribute static route-map ONLY_DEFAULT
  passive-interface serial 1
  passive-interface serial 2
  passive-interface serial 3
  passive-interface serial 7
  router bgp 7341
  no synchronization
  no auto-summary
  network 212.18.22.0 mask 255.255.252.0
  network 212.18.12.0 mask 255.255.248.0
  network 201.9.110.0 mask 255.255.240.0
  network 173.41.220.0 mask 255.255.248.0
  network 200.5.32.0 mask 255.255.224.0
  network 200.23.7.0 mask 255.255.224.0
  network 172.22.0.0 mask 255.255.0.0
  neighbor PEER_MAP peer-group
  neighbor PEER_MAP remote-as 921
  neighbor PEER_MAP filter-list 20 out
  neighbor PEER_MAP distribute-list 2 in
  neighbor PEER_MAP distribute-list 2 out
  neighbor a.a.a.1 peer-group PEER_MAP
  neighbor b.b.b.1 peer-group PEER_MAP
  neighbor c.c.c.1 peer-group PEER_MAP
  neighbor a.a.a.1 route-map SET_COMMUNITY_1 out
  neighbor b.b.b.1 route-map SET_COMMUNITY_2 out
  neighbor c.c.c.1 route-map SET_COMMUNITY_3 out
  neighbor a.a.a.1 send-community
  neighbor b.b.b.1 send-community
  neighbor c.c.c.1 send-community
  neighbor j.j.j.1 remote-as 1121
  neighbor j.j.j.1 filter-list 21 in
  neighbor j.j.j.1 distribute-list 2 in
  neighbor j.j.j.1 distribute-list 2 out
  neighbor y.y.y.2 remote-as 7341
  ! access list summary:
  ! #2 Used for Ingress to filter PRivate space prefixes as well
  ! as any other prefixes desired.
  ! #3 Used for redistribution into EIGRP process to permit only
  ! static route to default 0/0 to be redistributed.
  ! #10 Used to set community attribute for CIMR sessions and to
  ! implicitly filter prefixes out to CIMR peers other than
  ! those specified.
  ! #11 Used to set community attribute for CIMR sessions and to
  ! implicitly filter prefixes out to CIMR peers other than
  ! those specified.
  ! #12 Used to set community attribute for CIMR sessions and to
  ! implicitly filter prefixes out to CIMR peers other than
  ! those specified.
  ! #20 AS Path filter to ensure that AS7341 serve only as transit
  ! to AS1121 and not to any other neighboring AS.
  ! #21 AS Path filter to ensure that only prefixes originating
  ! from AS1121 are allowed to be propagated throughout AS7341.
  ! Ingress filtering to prevent 1918 private address space from
  ! being injected into AS7341. This access-list can be used to
  ! add other filters which TELECOM-SP wishes to impose at the ingress
  ! to their AS.
  access-list 2 deny 10.0.0.0 0.255.255.255
  access-list 2 deny 172.6.0.0 0.15.255.255
  access-list 2 deny 192.168.0.0 0.0.255.255
  access-list 2 permit any
  ! Access list to permit default only being injected into EIGRP
  ! process.
  access-list 3 permit 0.0.0.0 0.0.0.0
  access-list 3 deny any
  ! Prefixes A, B, C, D and E.
  access-list 10 permit 212.18.22.0 255.255.252.0
  access-list 10 permit 212.18.12.0 255.255.248.0
  access-list 10 permit 201.9.110.0 255.255.240.0
  access-list 10 permit 200.5.32.0 255.255.224.0
  access-list 10 permit 173.41.220.0 255.255.248.0
  access-list 10 deny any
  ! Prefixes F and G.
  access-list 11 permit 200.23.7.0 255.255.224.0
  access-list 11 permit 172.22.0.0 255.255.0.0
  access-list 11 deny any
  ! AS Path filter list for outgoing prefixes. This filter can be
  ! used on all peering sessions with CIMR, OBERON, INTEX and
  ! ACSNET. In each case there may be overlap but it will still
  ! work. It is intended to prevent AS7341 from acting as a transit
  ! network for everyone except XPAC (AS1121).
  ip as-path access-list 20 deny ^432_
  ip as-path access-list 20 deny ^5037_
  ip as-path access-list 20 deny ^1399_
  ip as-path access-list 20 deny _854_
  ip as-path access-list 20 permit .*
  ! AS Path filter list for incoming prefixes. This filter is
  ! used on the XPAC peering session.
  ip as-path access-list 21 permit _1121$
  ip as-path access-list 21 deny any
  ! Permit A, B, C, D and E to be propagated - they will default
  ! to Local_Pref of 100 in the upstream neighbor.
  route-map SET_COMMUNITY_1 permit 10
  match ip address 10
  ! Explicitly deny all other prefixes from being
  ! propagated to the associated peer router.
  route-map SET_COMMUNITY_1 deny 20
  route-map SET_COMMUNITY_2 permit 10
  match ip address 10
  match ip address 11
  set community 0x0DE9005A
  route-map SET_COMMUNITY_2 deny 20
  route-map SET_COMMUNITY_3 permit 10
  match ip address 11
  route-map SET_COMMUNITY_3 deny 20
  ! This route-map is necessary to permit only the redistribution
  ! of the default route into the EIGRP process 7341. There is
  ! no need to introdUCe the other “place-holder” routes to null0
  ! into the EIGRP process.
  route-map ONLY_DEFAULT permit 10
  match ip address 3
  route-map ONLY_DEFAULT deny 20
  ! Static route definitions.
  ip route 0.0.0.0 0.0.0.0 b.b.b.1
  ip route 0.0.0.0 0.0.0.0 a.a.a.1 210
  ip route 212.18.22.0 255.255.252.0 null0
  ip route 212.18.12.0 255.255.248.0 null0
  ip route 201.9.110.0 255.255.240.0 null0
  ip route 173.41.220.0 255.255.248.0 null0
  ip route 200.5.32.0 255.255.224.0 null0
  ip route 200.23.7.0 255.255.224.0 null0
  ip route 172.22.0.0 255.255.0.0 null0


发表评论 共有条评论
用户名: 密码:
验证码: 匿名发表