Lompat ke konten Lompat ke sidebar Lompat ke footer
Beranda / Cisco | BGP - Filtering (ACL, Prefix-List and Route-Map)

Cisco | BGP - Filtering (ACL, Prefix-List and Route-Map)

Oleh Hasugian Posting Komentar

 



Berikut Konfigurasi masing-Masing Router
hostname R1
!
int    eth0/0
no shut
ip add 10.13.13.2 255.255.255.252
exit
!
int    eth0/1
no shut
ip add 10.14.14.2 255.255.255.252
exit
!
int loo0
ip add 103.1.1.1 255.255.255.0
exit
!
int loo1
ip add 103.1.2.1 255.255.255.0
exit
!
int loo2
ip add 192.168.99.1 255.255.255.255
exit
!
router bgp 30
 bgp router-id 192.168.99.1
 network 10.1.1.0 mask 255.255.255.252
 network 103.1.1.0 mask 255.255.255.0
 network 103.1.2.0 mask 255.255.255.0
 neighbor 10.13.13.1 remote-as 30
 neighbor 10.14.14.1 remote-as 30
 exit
 !
 do wr
 !
hostname R2
!
int    eth0/0
no shut
ip add 10.1.1.2 255.255.255.252
exit
!
int    eth0/1
no shut
ip add 10.2.2.1 255.255.255.252
exit

!
int    eth0/2
no shut
ip add 10.3.3.1 255.255.255.252
exit
!
int    eth0/3
no shut
ip add 10.4.4.1 255.255.255.252
exit
!
int loo0
ip add 172.16.2.1 255.255.255.0
exit
!
int loo1
ip add 172.16.22.1 255.255.255.0
exit
!
router bgp 20
 bgp router-id 172.16.2.1
 network 172.16.2.0 mask 255.255.255.0
 network 172.16.22.0 mask 255.255.255.0
 neighbor 10.1.1.1 remote-as 10
 neighbor 10.2.2.2 remote-as 30
 neighbor 10.3.3.2 remote-as 40
 neighbor 10.4.4.2 remote-as 50
 exit
 !
 do wr
 !
hostname R3   
!
int    eth0/0
no shut
ip add 10.2.2.2 255.255.255.252
exit
!
int loo0
ip add 172.16.3.1 255.255.255.0
exit
!
int loo1
ip add 172.16.33.1 255.255.255.0
exit
!
router bgp 30
 bgp router-id 172.16.3.1
 network 172.16.3.0 mask 255.255.255.0
 network 172.16.33.0 mask 255.255.255.0
 neighbor 10.2.2.1 remote-as 20
 exit
 !
 do wr
 !
hostname R4
!
int    eth0/0
no shut
ip add 10.3.3.2 255.255.255.252
exit
!
int loo0
ip add 172.16.4.1 255.255.255.0
exit
!
int loo1
ip add 172.16.44.1 255.255.255.0
exit
!
router bgp 40
 bgp router-id 172.16.4.1
 network 172.16.4.0 mask 255.255.255.0
 network 172.16.44.0 mask 255.255.255.0
 neighbor 10.3.3.1 remote-as 20
 exit
 !
 do wr
 !
hostname R5
!
int    eth0/0
no shut
ip add 10.4.4.2 255.255.255.252
exit
!
int loo0
ip add 172.16.5.1 255.255.255.0
exit
!
int loo1
ip add 172.16.55.1 255.255.255.0
exit
!
router bgp 50
 bgp router-id 172.16.5.1
 network 172.16.5.0 mask 255.255.255.0
 network 172.16.55.0 mask 255.255.255.0
 neighbor 10.4.4.1 remote-as 20
 exit
 !
 do wr
VERIFIKASI (BEFORE):





















1. Access Control List (ACL) + Distribution - List
Sekarang coba dengan filter prefix networkdengan menggunakan cara access-control-list (ACL).

access-list 1 deny 172.16.3.0 0.0.0.255
access-list 1 deny 172.16.33.0 0.0.0.255
access-list 1 permit any
!
router bgp 20
neighbor 10.2.2.2 distribute-list 1 in
exit
!
clear ip bgp 10.2.2.2 soft
VERIFIKASI (AFTER)
Maka hasilnya adalah dari R1 dan R2 tidak bisa ping dan tidak ada di routing tabel network 172.16.3.0/24 dan 172.16.33.0/24.









2. IP Prefix List  + Distribution - List
Sekarang coba dengan filter prefix network dengan menggunakan cara ip-repfix-lsit.
ip prefix-list LAB-PREFIX deny 172.16.4.0/24
ip prefix-list LAB-PREFIX deny 172.16.44.0/24
ip prefix-list LAB-PREFIX permit 0.0.0.0/0 le 32
!
router bgp 20
distribute-list prefix LAB-PREFIX in
exit
!
do clear ip bgp 10.3.3.2 sof
VERIFIKASI 
Maka hasilnya adalah  prefix network 172.16.4.0/24 dan 172.16.44.0/24 di R1 dan R2 tidak ada dirouting table dan tidak bisa di PING.









Noted: Jika prefix list ini di balik menjadi OUT, mk di R2 prefixk network 172.16.4.0/24 dan 172.16.44.0/24 masih ada dan bs diping, tetpi di router lain tdk ada.

router bgp 20
distribute-list prefix LAB-PREFIX out
exit

3. ROUTE-MAP
Sekarang coba dengan filter prefix network 172.16.3.0/24 dan 172.16.33.0/24.
dengan menggunakan cara Route-Map.
access-list 1 permit 172.16.3.0 0.0.0.255
access-list 1 permit 172.16.33.0 0.0.0.255
!
route-map ROUTE-MAP-LAB deny 10
match ip address 1
exit
!
route-map ROUTE-MAP-LAB permit 20
exit
!
router bgp 20
neighbor 10.2.2.2 route-map ROUTE-MAP-LAB in
exit
!
do clear ip bgp 10.3.3.2 sof
Maka hasilnya di R2 dan R1 prefix network 172.16.3.0/24 dan 172.16.33.0/24 tidak ada di routing tabel dan tdk bs diping.











Jika dibalik seperti in, apa yang terjadi???
router bgp 20
neighbor 10.1.1.1 route-map ROUTE-MAP-LAB out
neighbor 10.4.4.2 route-map ROUTE-MAP-LAB out
exit
Maka hasilnya adalah di R1 dan R5 prefik 172.16.3.0/24 dan 172.16.33.0/24 tdk ada dan tdk bs ping.
------------------------success-----------

Noted:
access-list (ACL)
ip prefix-lsit
route-map

Posting Komentar untuk "Cisco | BGP - Filtering (ACL, Prefix-List and Route-Map)"

Posting Komentar