1、 R2 的10.0.1.1和10.0.2.1不能到R1上
2、 R1的四个静态路由1.1.1.1 32不能进入R2
1、 在R2上用ACL2000匹配1.1 2.1流量,拒绝通过
使用在出口S4/0/0上限制出去
2、在R1上静态路由
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.0.0.0/8 Static 60 0 D 0.0.0.0 NULL0
1.1.0.0/16 Static 60 0 D 0.0.0.0 NULL0
1.1.1.0/24 Static 60 0 D 0.0.0.0 NULL0
1.1.1.0/25 Static 60 0 D 0.0.0.0 NULL0
1.1.1.1/32 Static 60 0 D 0.0.0.0 NULL0
ACL匹配除了1.1.1.1 32这条路由
在R1上使用route-policy
R1配置:
acl number 2000
step 10
rule 10 permit source 1.1.0.0 0
rule 15 deny source 1.1.1.1 0
rule 20 permit source 1.1.1.0 0.0.0.127
interface Serial4/0/0
ip address 10.0.12.1 255.255.255.0
rip 1
undo summary
version 2
network 10.0.0.0
import-route static route-policy import-rip
route-policy import-rip permit node 10
if-match acl 2000
ip route-static 1.0.0.0 255.0.0.0 NULL0
ip route-static 1.1.0.0 255.255.0.0 NULL0
ip route-static 1.1.1.0 255.255.255.0 NULL0
ip route-static 1.1.1.0 255.255.255.128 NULL0
ip route-static 1.1.1.1 255.255.255.255 NULL0
R2配置
acl number 2000
rule 5 deny source 10.0.1.0 0.0.254.255
interface Serial4/0/0
ip address 10.0.12.2 255.255.255.0
interface LoopBack0
ip address 10.0.1.1 255.255.255.255
interface LoopBack1
ip address 10.0.2.1 255.255.255.0
interface LoopBack2
ip address 10.0.3.1 255.255.255.0
interface LoopBack3
ip address 10.0.4.1 255.255.255.0
rip 1
undo summary
version 2
network 10.0.0.0
filter-policy 2000 export Serial4/0/0
import-route direct