BBR1]
    router ospf 100
    pass f0/0
    使用之前可以看到下面三條路由全部由f0/0學(xué)習到
    [Copy to clipboard]
    CODE:
    O E2 103.0.0.0/8 [110/20] via 219.146.241.1, 16:30:59, FastEthernet0/0
    O IA 192.168.4.0/24 [110/66] via 219.146.241.1, 16:30:59, FastEthernet0/0
    O 219.146.243.0/24 [110/65] via 219.146.241.1, 16:30:59, FastEthernet0/0
    [驗證結果]
    使用之后看到全部由s1/1學(xué)習
    [Copy to clipboard]
    CODE:
    O N2 103.0.0.0/8 [110/20] via 219.146.242.2, 00:00:07, Serial1/1
    O IA 192.168.4.0/24 [110/194] via 219.146.242.2, 00:00:07, Serial1/1
    O IA 219.146.243.0/24 [110/129] via 219.146.242.2, 00:00:07, Serial1/1
    注意，實(shí)際上兩個(gè)ospf連接中使用passiveinterface會(huì )導致接口down掉，因為hell包被cut
    被動(dòng)接口的意義在于使某個(gè)接口只接收路由更新而不發(fā)送更新，一般用于DDR
    但是有些情況下，比如兩個(gè)wan的ospf或eigrp，被動(dòng)接口將導致HELLO包和Keepalive的發(fā)送導致無(wú)法建立鄰居關(guān)系
    所以被動(dòng)接口有一定的局限性
    有一個(gè)解決方案是使用distribust-list制造一個(gè)偽被動(dòng)接口,舉例
    router eigrp 100
    net x.x.x.x
    distri 11 out f0/0
    access-list 11 deny any
    這樣的話(huà)，hello包還是正常的發(fā)送，鄰居關(guān)系建立，但是任何更新都將被過(guò)濾
    [路由更新過(guò)濾]
    [BBR1]
    router ospf 100
    distribute-list 11 in s1/0.1
    access-list 11 deny 192.168.2.0 0.0.0.255
    access-list 11 permit any
    實(shí)驗之前我們可以看到192.168.2.0在BBR2上是通過(guò)s1/0.1學(xué)習來(lái)的，也就是從FR學(xué)習來(lái)的
    [Copy to clipboard]
    CODE:
    O 192.168.2.0/24 [110/65] via 10.0.0.2, 00:00:04, Serial1/0.1
    我們在BBR1上面實(shí)施distribute-list后，通過(guò)access-list定義禁止了192.168.2.0的更新
    然后再在BBR1上查看的時(shí)候，關(guān)于192.168.2.0的路由條目已經(jīng)消失，說(shuō)明過(guò)濾成功
    在BBR1上面使用 distribute-list 11 out f0/0的時(shí)候會(huì )得到提示
    [Copy to clipboard]
    CODE:
    BBR1(config-router)#distribute-list 10 out f0/0
    % Interface not allowed with OUT for OSPF
    被動(dòng)接口的局限性會(huì )完全組織端口發(fā)送路由更新，有時(shí)候我們需要只是抑制些路由的更新，就要用到路由更新列表
    [策略路由]
    [BBR1]
    access-list 19 permit 192.168.4.0 0.0.0.255
    access-list 20 permit 192.168.3.0 0.0.0.255
    route-map ip1 permit 10
    match ip address 19
    set interface s1/1
    route-map ip2 permit 20
    match ip address 20
    set interface f0/0
    int s1/0.1 mu
    ip policy route-map ip1
    ip policy route-map ip2
    定義在BBR1上面讓通過(guò)FR來(lái)自192.168.4.0的數據包，走s1/1的線(xiàn)路
    定義在BBR1上面讓通過(guò)FR來(lái)自192.168.3.0的數據保，走f0/0的線(xiàn)路
    為了查看過(guò)程，我們先定義一個(gè)方便debug的ACL
    access-list 101 permit icmp any 219.146.242.0 0.0.0.255
    access-list 101 deny icmp any any
    然后在BBR1上面debug ip pac 101
    我們在192.168.4.0上面，ping 219.146.242.2
    查看，結果如下
    [驗證結果]
   

[Copy to clipboard] CODE: 18:53:31: IP: tableid=0, s=192.168.4.1 (Serial1/0.1), d=219.146.242.1 (FastEthernet0/0), routed via RIB 18:53:31: IP: s=192.168.4.1 (Serial1/0.1), d=219.146.242.1 (Serial1/1), g=219.146.242.1, len 100, forward 18:53:31: IP: tableid=0, s=192.168.4.1 (Serial1/0.1), d=219.146.242.1 (FastEthernet0/0), routed via RIB 18:53:31: IP: s=192.168.4.1 (Serial1/0.1), d=219.146.242.1 (Serial1/1), g=219.146.242.1, len 100, forward 18:53:31: IP: tableid=0, s=192.168.4.1 (Serial1/0.1), d=219.146.242.1 (FastEthernet0/0), routed via RIB 18:53:31: IP: s=192.168.4.1 (Serial1/0.1), d=219.146.242.1 (Serial1/1), g=219.146.242.1, len 100, forward 18:53:31: IP: tableid=0, s=192.168.4.1 (Serial1/0.1), d=219.146.242.1 (FastEthernet0/0), routed via RIB 18:53:31: IP: s=192.168.4.1 (Serial1/0.1), d=219.146.242.1 (Serial1/1), g=219.146.242.1, len 100, forward 18:53:31: IP: tableid=0, s=192.168.4.1 (Serial1/0.1), d=219.146.242.1 (FastEthernet0/0), routed via RIB 18:53:31: IP: s=192.168.4.1 (Serial1/0.1), d=219.146.242.1 (Serial1/1), g=219.146.242.1, len 100, forward (Serial1/1), g=219.146.242.1, len 100, forward

    可以看到上面來(lái)自4.0段的IP從s1/1出去
   

[Copy to clipboard] CODE: 19:03:39: IP: tableid=0, s=192.168.3.1 (Serial1/0.1), d=219.146.242.1 (FastEthernet0/0), routed via RIB 19:03:39: IP: s=192.168.3.1 (Serial1/0.1), d=219.146.242.1 (FastEthernet0/0), g=219.146.241.2, len 100, forward 19:03:39: IP: tableid=0, s=192.168.3.1 (Serial1/0.1), d=219.146.242.1 (FastEthernet0/0), routed via RIB 19:03:39: IP: s=192.168.3.1 (Serial1/0.1), d=219.146.242.1 (FastEthernet0/0), g=219.146.241.2, len 100, forward 19:03:39: IP: tableid=0, s=192.168.3.1 (Serial1/0.1), d=219.146.242.1 (FastEthernet0/0), routed via RIB 19:03:39: IP: s=192.168.3.1 (Serial1/0.1), d=219.146.242.1 (FastEthernet0/0), g=219.146.241.2, len 100, forward 19:03:40: IP: tableid=0, s=192.168.3.1 (Serial1/0.1), d=219.146.242.1 (FastEthernet0/0), routed via RIB 19:03:40: IP: s=192.168.3.1 (Serial1/0.1), d=219.146.242.1 (FastEthernet0/0), g=219.146.241.2, len 100, forward 19:03:40: IP: tableid=0, s=192.168.3.1 (Serial1/0.1), d=219.146.242.1 (FastEthernet0/0), routed via RIB 19:03:40: IP: s=192.168.3.1 (Serial1/0.1), d=219.146.242.1 (FastEthernet0/0), g=219.146.241.2, len 100, forward (FastEthernet0/0), g=219.146.241.2, len 100, forward

    可以看到上面來(lái)自3.0段的IP從F0/0出去
    要記住策略路由最基本的步驟
    1,定義一個(gè)IP范圍，Acl
    2,定義一個(gè)RouterMAP
    Match ACL范圍的IP
    Set 動(dòng)作
    Action 動(dòng)作
    3,定義好了以后要在某個(gè)接口上應用
    ip policy router-map mapname
    [路由單項重發(fā)布以及AD/Metric更改]
    [SW1]
    router ospf 100
    distance 40 [使用Distance 命令修改默認管理距離]
    distance 40 x.x.x.x 255.255.255.255[使用Distance 命令修改默認某條特定路由的管理距離]
    redistribute rip sub metric 30 [修改metric]
    [SR1]
    int lo0
    ip add 105.0.0.1 255.0.0.0
    int lo1
    ip add 106.0.0.1 255.0.0.0
    router rip
    net 105.0.0.0
    net 106.0.0.0
    [SR2]
    int lo0
    ip add 107.0.0.1 255.0.0.0
    int lo1
    ip add 108.0.0.1 255.0.0.0
    router rip
    net 107.0.0.0
    net 108.0.0.0
    增加這兩個(gè)lo接口地址是為了下一步實(shí)驗
    舉例:
    作為邊界路由器經(jīng)常會(huì )學(xué)習到到達同一目的地的兩條不同協(xié)議的路由，比如RIP和EIGRP
    然后這兩種協(xié)議不具備可比性，一個(gè)是跳數，一個(gè)是帶寬也延遲，那么就要比較管理距離，一個(gè)是120一個(gè)是90
    肯定要選擇EIGRP，那么我們可以通過(guò)Distance命令來(lái)讓它優(yōu)先選擇RIP而不是EIGRP
    他們只對本地有效，另外要注意它的意義所在，例如
    router rip
    distance 40
    router ospf 100
    distance 30
    第一個(gè)是只有通過(guò)RIP學(xué)習到的路由更改AD為40
    第二個(gè)是只有通過(guò)OSPF 100學(xué)習到的路由更改AD為30
    到底什么學(xué)習來(lái)的，sh ip route的時(shí)候看前面的路由標識，R或者O或者其他
    [使用Distance 命令修改默認管理距離]
    修改之前,學(xué)習到的外部OSPF路由都是默認的110管理距離
   

[Copy to clipboard] CODE: C 102.0.0.0/8 is directly connected, FastEthernet1/3 O N2 103.0.0.0/8 [110/20] via 219.146.244.2, 00:00:02, FastEthernet1/4 C 101.0.0.0/8 is directly connected, FastEthernet1/2 O IA 172.17.0.0/16 [110/129] via 219.146.242.1, 00:00:02, Serial0/1 O IA 172.16.0.0/16 [110/192] via 219.146.242.1, 00:00:02, Serial0/1 O IA 172.19.0.0/16 [110/129] via 219.146.242.1, 00:00:02, Serial0/1 O IA 172.18.0.0/16 [110/193] via 219.146.242.1, 00:00:02, Serial0/1

    ....
    通過(guò)distance 40命令修改之后，所有的通過(guò)ospf 100學(xué)習來(lái)的路由AD變?yōu)槲覀冎付ǖ?0
   

[Copy to clipboard] CODE: C 102.0.0.0/8 is directly connected, FastEthernet1/3 O N2 103.0.0.0/8 [40/20] via 219.146.244.2, 00:00:18, FastEthernet1/4 C 101.0.0.0/8 is directly connected, FastEthernet1/2 O IA 172.17.0.0/16 [40/129] via 219.146.242.1, 00:00:18, Serial0/1 O IA 172.16.0.0/16 [40/192] via 219.146.242.1, 00:00:18, Serial0/1 O IA 172.19.0.0/16 [40/129] via 219.146.242.1, 00:00:18, Serial0/1 O IA 172.18.0.0/16 [40/193] via 219.146.242.1, 00:00:18, Serial0/1

    [使用Distance 命令修改默認某條特定路由的管理距離]
    所有的通過(guò)ospf 100學(xué)習來(lái)的路由都將被更改AD，如果我們只是希望更改某一條外部路由的metric
    通過(guò)distance 擴展命令就不用根據進(jìn)程號來(lái)進(jìn)行管理距離的改變，而是根據從哪兒學(xué)習來(lái)的路由
    這里我們拿RIP來(lái)實(shí)驗
    修改之前我們先再SW1上面查看學(xué)習到的RIP路由
    [Copy to clipboard]
    CODE:
    R 106.0.0.0/8 [120/1] via 101.0.0.1, 00:00:11, FastEthernet1/2
    R 105.0.0.0/8 [120/1] via 101.0.0.1, 00:00:12, FastEthernet1/2
    R 108.0.0.0/8 [120/1] via 102.0.0.1, 00:00:16, FastEthernet1/3
    R 107.0.0.0/8 [120/1] via 102.0.0.1, 00:00:22, FastEthernet1/3
    都是從101.0.0.1學(xué)習來(lái)SR1的RIP路由，從102.0.0.1學(xué)習來(lái)SR2的RIP路由
    我們現在讓從101.0.0.1學(xué)習來(lái)的RIP路由的AD變?yōu)?0
    那么執行
    router rip
    distance 40 101.0.0.1 255.255.255.255
    [Copy to clipboard]
    CODE:
    R 106.0.0.0/8 [40/1] via 101.0.0.1, 00:00:02, FastEthernet1/2
    R 105.0.0.0/8 [40/1] via 101.0.0.1, 00:00:14, FastEthernet1/2
    R 108.0.0.0/8 [120/1] via 102.0.0.1, 00:00:06, FastEthernet1/3
    R 107.0.0.0/8 [120/1] via 102.0.0.1, 00:00:12, FastEthernet1/3
    [distribute rip sub metric 30]
    更改我們先查看學(xué)習到的RIP路由的Metric
    [Copy to clipboard]
    CODE:
    SW2#sh ip route
    O N2 102.0.0.0/8 [110/20] via 219.146.244.1, 00:00:02, FastEthernet1/4
    O N2 108.0.0.0/8 [110/20] via 219.146.244.1, 00:00:02, FastEthernet1/4
    O N2 106.0.0.0/8 [110/20] via 219.146.244.1, 00:00:03, FastEthernet1/4
    O N2 107.0.0.0/8 [110/20] via 219.146.244.1, 00:00:03, FastEthernet1/4
    O N2 105.0.0.0/8 [110/20] via 219.146.244.1, 00:00:03, FastEthernet1/4
    ...........
    我們在SW1上面redistribute rip sub metric 30以后，再看SW2
    [Copy to clipboard]
    CODE:
    SW2#sh ip route
    CODE:
    C 102.0.0.0/8 is directly connected, FastEthernet1/3
    O N2 103.0.0.0/8 [110/20] via 219.146.244.2, 00:00:02, FastEthernet1/4
    C 101.0.0.0/8 is directly connected, FastEthernet1/2
    O IA 172.17.0.0/16 [110/129] via 219.146.242.1, 00:00:02, Serial0/1
    O IA 172.16.0.0/16 [110/192] via 219.146.242.1, 00:00:02, Serial0/1
    O IA 172.19.0.0/16 [110/129] via 219.146.242.1, 00:00:02, Serial0/1
    O IA 172.18.0.0/16 [110/193] via 219.146.242.1, 00:00:02, Serial0/1
    ....
    通過(guò)distance 40命令修改之后，所有的通過(guò)ospf 100學(xué)習來(lái)的路由AD變?yōu)槲覀冎付ǖ?0
    O N2 102.0.0.0/8 [110/30] via 219.146.244.1, 00:00:02, FastEthernet1/4
    O N2 108.0.0.0/8 [110/30] via 219.146.244.1, 00:00:02, FastEthernet1/4
    O N2 106.0.0.0/8 [110/30] via 219.146.244.1, 00:00:03, FastEthernet1/4
    O N2 107.0.0.0/8 [110/30] via 219.146.244.1, 00:00:03, FastEthernet1/4
    O N2 105.0.0.0/8 [110/30] via 219.146.244.1, 00:00:03, FastEthernet1/4
    .........
    router ospf 100
    redistribute rip sub metric 30
    結果的意思表明是通過(guò)ospf 100學(xué)習到的RIP路由的metric更改為30，一定要理解含義
    跟前面的distance語(yǔ)法區分開(kāi)