Lompat ke konten Lompat ke sidebar Lompat ke footer
Beranda / Cisco | BGP - Filtering (ACL, Prefix-List and Route-Map)

Cisco | BGP - Filtering (ACL, Prefix-List and Route-Map)

Oleh Hasugian Posting Komentar

 







 
 
 
 
 
Berikut konfigurasi dimasing-Masing Router
hostname R1
!
int    eth0/0
no shut
ip add 10.1.1.1 255.255.255.252
exit
!
int loo0
ip add 172.16.1.1 255.255.255.0
exit
!
int loo1
ip add 1172.16.11.1 255.255.255.0
exit
!
router bgp 10
  bgp router-id 172.16.1.1
 network 172.16.1.0 mask 255.255.255.0
 network 172.16.1.0 mask 255.255.255.0
 neighbor 10.1.1.2 remote-as 20
 exit
 !
 do wr
 !
hostname R2
!
int    eth0/0
no shut
ip add 10.1.1.2 255.255.255.252
exit
!
int    eth0/1
no shut
ip add 10.2.2.1 255.255.255.252
exit

!
int    eth0/2
no shut
ip add 10.3.3.1 255.255.255.252
exit
!
int    eth0/3
no shut
ip add 10.4.4.1 255.255.255.252
exit
!
int loo0
ip add 172.16.2.1 255.255.255.0
exit
!
int loo1
ip add 172.16.22.1 255.255.255.0
exit
!
router bgp 20
 bgp router-id 172.16.2.1
 network 172.16.2.0 mask 255.255.255.0
 network 172.16.22.0 mask 255.255.255.0
 neighbor 10.1.1.1 remote-as 10
 neighbor 10.2.2.2 remote-as 30
 neighbor 10.3.3.2 remote-as 40
 neighbor 10.4.4.2 remote-as 50
 exit
 !
 do wr
 !
hostname R3   
!
int    eth0/0
no shut
ip add 10.2.2.2 255.255.255.252
exit
!
int loo0
ip add 172.16.3.1 255.255.255.0
exit
!
int loo1
ip add 172.16.33.1 255.255.255.0
exit
!
router bgp 30
 bgp router-id 172.16.3.1
 network 172.16.3.0 mask 255.255.255.0
 network 172.16.33.0 mask 255.255.255.0
 neighbor 10.2.2.1 remote-as 20
 exit
 !
 do wr
 !
hostname R4
!
int    eth0/0
no shut
ip add 10.3.3.2 255.255.255.252
exit
!
int loo0
ip add 172.16.4.1 255.255.255.0
exit
!
int loo1
ip add 172.16.44.1 255.255.255.0
exit
!
router bgp 40
 bgp router-id 172.16.4.1
 network 172.16.4.0 mask 255.255.255.0
 network 172.16.44.0 mask 255.255.255.0
 neighbor 10.3.3.1 remote-as 20
 exit
 !
 do wr
 !
hostname R5
!
int    eth0/0
no shut
ip add 10.4.4.2 255.255.255.252
exit
!
int loo0
ip add 172.16.5.1 255.255.255.0
exit
!
int loo1
ip add 172.16.55.1 255.255.255.0
exit
!
router bgp 50
 bgp router-id 172.16.5.1
 network 172.16.5.0 mask 255.255.255.0
 network 172.16.55.0 mask 255.255.255.0
 neighbor 10.4.4.1 remote-as 20
 exit
 !
 do wr
VERIFIKASI (BEFORE):





























1. Access Control List (ACL) + Distribution - List
Lalu sekarang coba dengan filter prefix network menggunakan cara access-control-list (ACL).

R2
access-list 1 deny 172.16.3.0 0.0.0.255
access-list 1 deny 172.16.33.0 0.0.0.255
access-list 1 permit any
!
router bgp 20
neighbor 10.2.2.2 distribute-list 1 in
exit
!
clear ip bgp 10.2.2.2 soft

VERIFIKASI (After):
Maka hasilnya adalah di R1 dan R2 tidak bisa ping dan juga tidak ada terlihat di routing tabel segment network 172.16.3.0/24 dan 172.16.33.0/24.
















2. IP Prefix List  + Distribution - List
Sekarang coba dengan filter prefix network dengan menggunakan cara ip-repfix-lsit.
R2
ip prefix-list LAB-PREFIX deny 172.16.4.0/24
ip prefix-list LAB-PREFIX deny 172.16.44.0/24
ip prefix-list LAB-PREFIX permit 0.0.0.0/0 le 32
!
router bgp 20
distribute-list prefix LAB-PREFIX in
exit
!
do clear ip bgp 10.3.3.2 sof
VEIRIFIKASI (After):
Maka hasilnya adalah  prefix network 172.16.4.0/24 dan 172.16.44.0/24 di R1 dan R2 tidak ada dirouting table dan juga tidak bisa di PING.









Noted: Jika prefix list ini di balik menjadi OUT, mk di R2 prefix network 172.16.4.0/24 dan 172.16.44.0/24 masih ada dan bs di ping, tetapi di router lain tdk ada.

Misalnya dikonfig prefix out:
R2
router bgp 20
distribute-list prefix LAB-PREFIX out
exit

3. ROUTE-MAP
Sekarang coba dengan filter prefix network 172.16.3.0/24 dan 172.16.33.0/24.
dengan menggunakan cara Route-Map.
R2
access-list 1 permit 172.16.3.0 0.0.0.255
access-list 1 permit 172.16.33.0 0.0.0.255
!
route-map ROUTE-MAP-LAB deny 10
match ip address 1
exit
!
route-map ROUTE-MAP-LAB permit 20
exit
!
router bgp 20
neighbor 10.2.2.2 route-map ROUTE-MAP-LAB in
exit
!
do clear ip bgp 10.3.3.2 sof
Maka hasilnya di R2 dan R1 prefix network 172.16.3.0/24 dan 172.16.33.0/24 tidak ada di routing tabel dan tdk bs diping.

















Jika dibalik seperti in, apa yang terjadi???
R2
router bgp 20
neighbor 10.1.1.1 route-map ROUTE-MAP-LAB out
neighbor 10.4.4.2 route-map ROUTE-MAP-LAB out
exit
Maka hasilnya adalah di R1 dan R5 prefik 172.16.3.0/24 dan 172.16.33.0/24 tdk ada dan tdk bs ping.
------------------------success-----------

#TAG:
access-list (ACL)
ip prefix-lsit
route-map

Posting Komentar untuk "Cisco | BGP - Filtering (ACL, Prefix-List and Route-Map)"

Posting Komentar