ISP经典配置

来源：作者：出处：巧巧读书 2006-08-31 进入讨论组

关键词：access ie nat os 配置

　　ROUTER TELECOM-SP GATEWAY 01 (GW01)
　　hostname GW01
　　router eigrp 7341
　　network 212.18.22.0
　　redistribute static route-map ONLY_DEFAULT
　　passive-interface serial 1
　　passive-interface serial 2

　　passive-interface serial 3
　　passive-interface serial 7
　　router bgp 7341
　　no synchronization
　　no auto-summary
　　network 212.18.22.0 mask 255.255.252.0
　　network 212.18.12.0 mask 255.255.248.0
　　network 201.9.110.0 mask 255.255.240.0
　　network 173.41.220.0 mask 255.255.248.0
　　network 200.5.32.0 mask 255.255.224.0
　　network 200.23.7.0 mask 255.255.224.0
　　network 172.22.0.0 mask 255.255.0.0
　　neighbor PEER_MAP peer-group
　　neighbor PEER_MAP remote-as 921
　　neighbor PEER_MAP filter-list 20 out
　　neighbor PEER_MAP distribute-list 2 in
　　neighbor PEER_MAP distribute-list 2 out
　　neighbor a.a.a.1 peer-group PEER_MAP
　　neighbor b.b.b.1 peer-group PEER_MAP
　　neighbor c.c.c.1 peer-group PEER_MAP
　　neighbor a.a.a.1 route-map SET_COMMUNITY_1 out
　　neighbor b.b.b.1 route-map SET_COMMUNITY_2 out
　　neighbor c.c.c.1 route-map SET_COMMUNITY_3 out
　　neighbor a.a.a.1 send-community
　　neighbor b.b.b.1 send-community
　　neighbor c.c.c.1 send-community
　　neighbor j.j.j.1 remote-as 1121
　　neighbor j.j.j.1 filter-list 21 in
　　neighbor j.j.j.1 distribute-list 2 in
　　neighbor j.j.j.1 distribute-list 2 out
　　neighbor y.y.y.2 remote-as 7341
　　! Access list summary:
　　! #2 Used for Ingress to filter private space prefixes as well
　　! as any other prefixes desired.
　　! #3 Used for redistribution into EIGRP process to permit only
　　! static route to default 0/0 to be redistributed.
　　! #10 Used to set community attribute for CIMR sessions and to
　　! implicitly filter prefixes out to CIMR peers other than
　　! those specified.
　　! #11 Used to set community attribute for CIMR sessions and to
　　! implicitly filter prefixes out to CIMR peers other than
　　! those specified.
　　! #12 Used to set community attribute for CIMR sessions and to
　　! implicitly filter prefixes out to CIMR peers other than
　　! those specified.
　　! #20 AS Path filter to ensure that AS7341 serve only as transit
　　! to AS1121 and not to any other neighboring AS.
　　! #21 AS Path filter to ensure that only prefixes originating
　　! from AS1121 are allowed to be propagated throughout AS7341.
　　! Ingress filtering to prevent 1918 private address space from
　　! being injected into AS7341. This access-list can be used to
　　! add other filters which TELECOM-SP wishes to impose at the ingress
　　! to their AS.
　　access-list 2 deny 10.0.0.0 0.255.255.255
　　access-list 2 deny 172.6.0.0 0.15.255.255
　　access-list 2 deny 192.168.0.0 0.0.255.255
　　access-list 2 permit any
　　! Access list to permit default only being injected into EIGRP
　　! process.
　　access-list 3 permit 0.0.0.0 0.0.0.0
　　access-list 3 deny any
　　! Prefixes A, B, C, D and E.
　　access-list 10 permit 212.18.22.0 255.255.252.0
　　access-list 10 permit 212.18.12.0 255.255.248.0
　　access-list 10 permit 201.9.110.0 255.255.240.0
　　access-list 10 permit 200.5.32.0 255.255.224.0
　　access-list 10 permit 173.41.220.0 255.255.248.0
　　access-list 10 deny any
　　! Prefixes F and G.
　　access-list 11 permit 200.23.7.0 255.255.224.0
　　access-list 11 permit 172.22.0.0 255.255.0.0
　　access-list 11 deny any
　　! AS Path filter list for outgoing prefixes. This filter can be
　　! used on all peering sessions with CIMR, OBERON, INTEX and
　　! ACSNET. In each case there may be overlap but it will still
　　! work. It is intended to prevent AS7341 from acting as a transit
　　! network for everyone except XPAC (AS1121).
　　ip as-path access-list 20 deny ^432_
　　ip as-path access-list 20 deny ^5037_
　　ip as-path access-list 20 deny ^1399_
　　ip as-path access-list 20 deny _854_
　　ip as-path access-list 20 permit .*
　　! AS Path filter list for incoming prefixes. This filter is
　　! used on the XPAC peering session.
　　ip as-path access-list 21 permit _1121$
　　ip as-path access-list 21 deny any
　　! Permit A, B, C, D and E to be propagated - they will default
　　! to Local_Pref of 100 in the upstream neighbor.
　　route-map SET_COMMUNITY_1 permit 10
　　match ip address 10
　　! Explicitly deny all other prefixes from being
　　! propagated to the associated peer router.
　　route-map SET_COMMUNITY_1 deny 20
　　route-map SET_COMMUNITY_2 permit 10
　　match ip address 10
　　match ip address 11
　　set community 0x0DE9005A
　　route-map SET_COMMUNITY_2 deny 20
　　route-map SET_COMMUNITY_3 permit 10
　　match ip address 11
　　route-map SET_COMMUNITY_3 deny 20
　　! This route-map is necessary to permit only the redistribution
　　! of the default route into the EIGRP process 7341. There is
　　! no need to introduce the other “place-holder” routes to null0
　　! into the EIGRP process.
　　route-map ONLY_DEFAULT permit 10
　　match ip address 3
　　route-map ONLY_DEFAULT deny 20
　　! Static route definitions.
　　ip route 0.0.0.0 0.0.0.0 b.b.b.1
　　ip route 0.0.0.0 0.0.0.0 a.a.a.1 210
　　ip route 212.18.22.0 255.255.252.0 null0
　　ip route 212.18.12.0 255.255.248.0 null0
　　ip route 201.9.110.0 255.255.240.0 null0
　　ip route 173.41.220.0 255.255.248.0 null0
　　ip route 200.5.32.0 255.255.224.0 null0
　　ip route 200.23.7.0 255.255.224.0 null0
　　ip route 172.22.0.0 255.255.0.0 null0