配置BGP<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
一、 实验目的:
配置BGP协议,实现两个isp之间的通信
二、 实验拓扑结构图
三、实验步骤
1. 基本接口配置(略)
2. 配置bgp协议
isp<?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" />1A(config-if)#router bgp 200
isp1A(config-router)#neigh 10.0.0.2 remote-as 100
isp1A(config-router)#net 10.0.0.0
isp1A(config-router)#auto-summary
sanjose1(config)#router bgp 100
sanjose1(config-router)#neigh 10.0.0.1 remote-as 200
sanjose1(config-router)#neigh 172.16.0.1 remote-as 300
sanjose1(config-router)#net 192.168.0.0
sanjose1(config-router)#net 192.168.1.0
sanjose1(config-router)#auto-summary
isp2(config-if)#router bgp 300
isp2(config-router)#neigh 172.16.0.2 remot
isp2(config-router)#neigh 172.16.0.2 remote-as 100
isp2(config-router)#net 172.16.0.0
isp2(config-router)#auto-summary
3. BGP配置结果
sanjose1#show ip route
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.0.0/30 is directly connected, Serial0/1
B 172.16.0.0/16 [20/0] via 172.16.0.1, 00:08:12
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.0.0/30 is directly connected, Serial0/0
B 10.0.0.0/8 [20/0] via 10.0.0.1, 00:06:17
C 192.168.0.0/24 is directly connected, Loopback0
C 192.168.1.0/24 is directly connected, Loopback1
sanjose1#show ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 10.0.0.0 10.0.0.1 0 0 200 i
*> 172.16.0.0 172.16.0.1 0 0 300 i
*> 192.168.0.0 0.0.0.0 0 32768 i
*> 192.168.1.0 0.0.0.0 0 32768 i
isp1A#ping 172.16.1.1 通 实验目的达到是连个isp可以通信
4. 在sanjose1上配置访问控制列表防止两个isp之间的通信
sanjose1(config)#router bgp 100
sanjose1(config-router)#neigh 10.0.0.1 d
sanjose1(config-router)#neigh 10.0.0.1 distribute-list 1 out
sanjose1(config-router)#neigh 172.16.0.1 distribute-list 1 out
sanjose1(config)#access-list 1 permit 192.168.0.0 0.0.255.255
查看结果
isp1A#show ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 10.0.0.0 0.0.0.0 0 32768 i
*> 192.168.0.0 10.0.0.2 0 0 100 i
*> 192.168.1.0 10.0.0.2 0 0 100 i
isp1A#show ip route
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.0.0/30 is directly connected, Serial0/0
C 10.0.1.0/24 is directly connected, Loopback0
B 192.168.0.0/24 [20/0] via 10.0.0.2, 00:04:30
B 192.168.1.0/24 [20/0] via 10.0.0.2, 00:04:30
没有到达172.16..0.0的路由
isp1A#ping 172.16.1.1 不能通
5. 查看sanjose1的配置结果
sanjose1#show ip route
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.0.0/30 is directly connected, Serial0/1
B 172.16.0.0/16 [20/0] via 172.16.0.1, 00:02:26
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.0.0/30 is directly connected, Serial0/0
B 10.0.0.0/8 [20/0] via 10.0.0.1, 00:02:26
C 192.168.0.0/24 is directly connected, Loopback0
C 192.168.1.0/24 is directly connected, Loopback1
sanjose1#show ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 10.0.0.0 10.0.0.1 0 0 200 i
*> 172.16.0.0 172.16.0.1 0 0 300 i
*> 192.168.0.0 0.0.0.0 0 32768 i
*> 192.168.1.0 0.0.0.0 0 32768 i
sanjose1#ping 172.16.1.1
sanjose1#ping 10.0.1.1 通 通过访问控制列表达到保护sanjose1的目的
转载于:https://blog.51cto.com/ccjjzj/197732