Goal:
Config like diagram.
Configure EBGP between router Tristram and Sanctuary.
Advertise the loopback interfaces on both routers in BGP.
Configure a summary that advertises 10.0.0.0/8 towards router Sanctuary.
Configure an extended access-list on router Sanctuary that will block the 10.0.0.0/8 prefix but allows all other prefixes.
Configure an extended access-list on router Tristram that blocks network 10.2.2.0/24.
Answer:
Tristram Router:
router bgp 1
no synchronization
bgp log-neighbor-changes
network 1.1.1.1 mask 255.255.255.255
network 10.0.0.0 === Advertise the 10.x network, then need the summary-only next statement.
aggregate-address 10.0.0.0 255.0.0.0 summary-only === This is to summarize the 10.x.
neighbor 192.168.12.2 remote-as 2
neighbor 192.168.12.2 distribute-list 100 in ===Deny the ACL 100 from coming in.
access-list 100 deny ip 10.0.0.0 0.255.255.255 any === Deny the 10.x network.
access-list 100 permit ip any any
Sanctuary Router:
router bgp 2
no synchronization
bgp log-neighbor-changes
network 2.2.2.2 mask 255.255.255.255
network 10.2.2.0 mask 255.255.255.0
aggregate-address 10.0.0.0 255.0.0.0 summary-only
neighbor 192.168.12.1 remote-as 1
neighbor 192.168.12.1 soft-reconfiguration inbound
neighbor 192.168.12.1 distribute-list 100 in
access-list 100 deny ip 10.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
sh ip bgp nei 192.168.12.1 received-routes
sh ip route
====================================
Note: I got this from gns3vault.com, but I posted my answer for my own reference.
No comments:
Post a Comment