Matching tool

ACL（ Access control list ）

See

2022-01-02 Network engineering foundation （ eighteen ）ACL Principle and configuration _ Goose blog -CSDN Blog ACL Principle and configuration with the rapid development of the network , Network security and network service quality QoS(QualityofService) The problem is becoming increasingly prominent . Access control list (ACL,AccessControlList) It is a technology closely related to it .ACL Through the accurate identification of the newspaper flow in the network , Combined with other technologies , To control network access behavior 、 The purpose of preventing network attacks and improving network bandwidth utilization , So as to ensure the security of network environment and the reliability of network service quality . One ACL summary ACL A series of permit or deny The sentences make up 、 A list of ordered rules .ACL It's a matching tool , It can match messages https://blog.csdn.net/x629242/article/details/122275642

Relevant orders supplement

Use time-range Tool set time range

[R1]time-range qyt 8:30 to 17:30 working-day 

ACL--- Examples of matching time ranges

[R1-acl-basic-2000]rule 5 permit time-range qyt source 1.1.1.1 0 

IP-Prefix List（IP The prefix list ）

IP The prefix list （IP-Prefix List） Is the network address of the routing entry 、 Mask length as a filter for matching , It can be used when routing protocols publish and receive routes .

differ ACL,IP-Prefix List Can match at the same time IP Address prefix length and mask length , Enhanced the accuracy of matching .

1、ip-prefix-name： Address prefix list name

2、 Serial number ： The sequence number of this match in the address prefix list , Match according to the sequence number from small to large

3、 action ：permit/deny, The matching mode of the address prefix list is allow / Refuse , Represents a match / Mismatch

4、IP Network segment and mask ： The network address matching the route , And limit the number of the first digits of the network address to be strictly matched

5、 Mask range ： Match the route prefix length , Matching range of mask length mask-length<=greater-equal-value<=less-equal-value<=32.greater-equal Represents greater than or equal to ,less-equal-value Represents less than or equal to , The minimum value is the mask value set previously , The maximum value is 32. Indicates that the capture set mask value is up to 32 Mask range between .

Strategy tools

Filter-Policy（ Filter - Strategy ）

Filter-Policy（ Filter - Strategy ） It is a very common routing information filtering tool , Be able to receive 、 Release 、 The introduced route is filtered , It can be applied to IS-IS、OSPF、BGP Such agreement .

See

2022-05-25 Advanced network engineering （ 7、 ... and ）OSPF- Factors that affect the establishment of neighborhood relations 、 Route revocation 、 Route summary 、 Route filtering 、Silent-Interface、 Message authentication _ Goose blog -CSDN Blog _ospf Message authentication Route aggregation route aggregation is also called route aggregation , That is to aggregate a group of routes with the same prefix into one route , So as to reduce the size of routing table and optimize the utilization of equipment resources , We call this group of routes before convergence as fine routing or detailed routing , The route after aggregation is called aggregation route or aggregation route .OSPF The type of route summary is ABR Execute route summary ： Perform route summary for routes between regions . stay ASBR Execute route summary ： Perform route summary on the incoming external routes . stay NSSA Area ,ABR It's also execution ASBR A summary of the . It's right 7 After class aggregation, it is converted to 5 class . The relevant orders are in ABR Execute route summary [R1-ospf-1-https://blog.csdn.net/x629242/article/details/124624154#t62022-06-28 Advanced network engineering （ 13、 ... and ）IS-IS- Route filtering 、 Route summary 、 authentication 、 influence ISIS The factors of establishing neighborhood relationship 、 Other commands and features _ Goose blog -CSDN Blog IS-IS The protocol and OSPF You can also filter routes , Filter in and out directions respectively . In direction out direction IS-IS The protocol and OSPF Route summary can also be carried out . The level added after the summary indicates the area to be published IS-IS Authentication is an authentication method based on the requirements of network security , By means of IS-IS The authentication field is added in the message to authenticate the message . When the local router receives the message sent by the remote router IS-IS message , If the authentication passwords do not match , Then discard the received message , To achieve the goal of self-protection . Interface authentication ： Configure... In the interface view , Yes Level-1 and Level-2 Of Hello Message authentication . District https://blog.csdn.net/x629242/article/details/125502592#t0 In addition to the above blog posts, you can call the matching tool ACL, You can also call the matching tool IP-Prefix List

for example

[R1]ip ip-prefix qyt index 5 permit 1.1.1.1 24 greater-equal 26 less-equal 30 

[R1-ospf-1]filter-policy ip-prefix qyt export 

Route-Policy（ route - Strategy ）

Route-Policy It's a strategic tool , be used for Filter routing information , And for the filtered routing information Set routing properties .

One Route-Policy from One or more nodes （Node） constitute , Each node can be a series Conditional statements （ Matching condition ） as well as Execute statement （ Executive action ） Set , These sets are numbered from small to large .

Each node can contain multiple conditional statements . Between multiple conditional statements within a node The relationship is “ And ”, That is, only when all conditional statements are matched can the actions in this node be executed .

The relationship between nodes by “ or ”,route-policy Execute from small to large according to the node number and size , A node in the match will not continue to match downward .

Route-Policy The composition of

One Route-Policy Composed of one or more nodes .

for example

[R1]route-policy qyt permit node 5

permit or deny： Appoint Route-Policy The matching mode of nodes is allow or deny .

node： Appoint Route-Policy Node number of . Integer form , The value range is 0～65535.

Each node includes multiple if-match and apply Clause .

for example

[R1-route-policy]if-match ip-prefix qyt

[R1-route-policy]apply cost 10

if-match Clause ： Define the matching criteria for this node .

apply Clause ： Define the operation to be performed on the matched route .

notes ：Route-Policy Can be Filter-Policy call