Distribute-list

分布列表通过调用ACL来对路由进行过滤，可以在一个单独的路由区域内过滤，也可在路由协议之间做重分布的时候进行过滤。
注意：分布列表只能用于距离矢量协议，在链路状态协议中是没有意义的。
案例1:过滤特定路由
R2(S1/1)------(S1/0)R1(S1/1)------(s1/0)R3
以上拓扑中，在R2上起用两个环回口，一个是172.16.1.1，一个是172.16.2.1，要使R3上不可以收到172.16.1.0的路由
全网运行EIGRP后，看一看R3的路由表:
R3#sh ip ro ei
     2.0.0.0/24 is subnetted, 1 subnets
D       2.2.2.0 [90/2809856] via 13.1.1.1, 00:00:24, Serial1/0
     172.16.0.0/24 is subnetted, 2 subnets
D       172.16.1.0 [90/2809856] via 13.1.1.1, 00:00:24, Serial1/0
D       172.16.2.0 [90/2809856] via 13.1.1.1, 00:00:24, Serial1/0
     12.0.0.0/24 is subnetted, 1 subnets
D       12.1.1.0 [90/2681856] via 13.1.1.1, 00:01:17, Serial1/0
为满足需求，在R1上可以做以下的配置:
R1#sh run | b r e
 distribute-list 1 out Serial1/1
!
access-list 1 deny   172.16.1.0 0.0.0.0
access-list 1 permit any
再次查看R3的路由表:
R3#sh ip ro ei
     2.0.0.0/24 is subnetted, 1 subnets
D       2.2.2.0 [90/2809856] via 13.1.1.1, 00:00:39, Serial1/0
     172.16.0.0/24 is subnetted, 1 subnets
D       172.16.2.0 [90/2809856] via 13.1.1.1, 00:00:39, Serial1/0
     12.0.0.0/24 is subnetted, 1 subnets
D       12.1.1.0 [90/2681856] via 13.1.1.1, 00:00:39, Serial1/0
看下各台路由器的配置:
R2的配置:
R2#sh run  | b r e
router eigrp 100
 network 2.2.2.2 0.0.0.0
 network 12.1.1.2 0.0.0.0
 network 172.16.0.0
 no auto-summary
R1的配置:
R1#sh run | b r e
router eigrp 100
 network 12.1.1.1 0.0.0.0
 network 13.1.1.1 0.0.0.0
 distribute-list 1 out Serial1/1
 no auto-summary
!
ip classless
no ip http server
!
!
access-list 1 deny   172.16.1.0 0.0.0.0
access-list 1 permit any
R3的配置:
R3#sh run | b r e
router eigrp 100
 network 3.3.3.3 0.0.0.0
 network 13.1.1.3 0.0.0.0
 no auto-summary
 
案例2:协议间重分布时过滤
R2(S1/1)------(S1/0)R1(S1/1)------(s1/0)R3
以上拓扑中，在R2上起用两个环回口，一个是172.16.1.1，一个是192.168.2.1，要使R3上不可以收到172.16.1.0的路由。其中R2和R1的S1/0运行EIGRP，R1的S1/1和R3运行OSPF
全网运行正在时，R3的路由表:
R3#sh ip ro os
     2.0.0.0/24 is subnetted, 1 subnets
O E2    2.2.2.0 [110/20] via 13.1.1.1, 00:01:44, Serial1/0
     172.16.0.0/24 is subnetted, 1 subnets
O E2    172.16.1.0 [110/20] via 13.1.1.1, 00:01:44, Serial1/0
     12.0.0.0/24 is subnetted, 1 subnets
O E2    12.1.1.0 [110/20] via 13.1.1.1, 00:01:44, Serial1/0
O E2 192.168.2.0/24 [110/20] via 13.1.1.1, 00:00:13, Serial1/0
为满足需求，在R1上做以下配置:
R1#sh run | b r o
 distribute-list 1 out eigrp 100
!
access-list 1 deny   172.16.1.0
access-list 1 permit any
现在再来看一看R3的路由表:
R3#sh ip ro os
     2.0.0.0/24 is subnetted, 1 subnets
O E2    2.2.2.0 [110/20] via 13.1.1.1, 00:01:28, Serial1/0
     12.0.0.0/24 is subnetted, 1 subnets
O E2    12.1.1.0 [110/20] via 13.1.1.1, 00:01:28, Serial1/0
O E2 192.168.2.0/24 [110/20] via 13.1.1.1, 00:01:28, Serial1/0
各台路由器的配置:
R2的配置:
R2#sh run | b r e
router eigrp 100
 network 2.2.2.2 0.0.0.0
 network 12.1.1.2 0.0.0.0
 network 172.16.0.0
 network 192.168.2.0
 no auto-summary
R1的配置:
R1#sh run | b r e
router eigrp 100
 redistribute ospf 100 metric 10000 100 1 255 1500
 network 12.1.1.1 0.0.0.0
 no auto-summary
!
router ospf 100
 router-id 1.1.1.1
 log-adjacency-changes
 no auto-cost
 redistribute eigrp 100 metric 20 subnets
 network 13.1.1.1 0.0.0.0 area 0
 distribute-list 1 out eigrp 100
!
ip classless
no ip http server
!
!
access-list 1 deny   172.16.1.0 ----------------用网段
access-list 1 permit any
R3的配置:
R3#sh run | b r o
router ospf 100
 log-adjacency-changes
 network 3.3.3.3 0.0.0.0 area 0
 network 13.1.1.3 0.0.0.0 area 0
 
用此方法可以解决重分发的单点汇总回馈的现象:
此时，我们在R3上起用两个环回口；在R1的S1/0接口做EIGRP的汇总，此时，看一看R2的R3的路由表:
R1#sh run int s1/0
Building configuration...
Current configuration : 146 bytes
!
interface Serial1/0
 ip address 12.1.1.1 255.255.255.0
 ip summary-address eigrp 100 222.222.0.0 255.255.248.0 5
 serial restart-delay 0
R2#sh ip ro ei
     3.0.0.0/32 is subnetted, 1 subnets
D EX    3.3.3.3 [170/2195456] via 12.1.1.1, 00:00:07, Serial1/1
     13.0.0.0/24 is subnetted, 1 subnets
D EX    13.1.1.0 [170/2195456] via 12.1.1.1, 00:00:07, Serial1/1
D    222.222.0.0/21 [90/2195456] via 12.1.1.1, 00:00:07, Serial1/1
R3#sh ip ro os
     2.0.0.0/24 is subnetted, 1 subnets
O E2    2.2.2.0 [110/20] via 13.1.1.1, 00:00:31, Serial1/0
     12.0.0.0/24 is subnetted, 1 subnets
O E2    12.1.1.0 [110/20] via 13.1.1.1, 00:07:20, Serial1/0
O E2 192.168.2.0/24 [110/20] via 13.1.1.1, 00:00:31, Serial1/0
O E2 222.222.0.0/21 [110/20] via 13.1.1.1, 00:00:42, Serial1/0
我们在R1上做distribute-list表:
R1#sh run | b r o
 distribute-list 2 out eigrp 100
!
access-list 2 deny   222.222.0.0 0.0.7.255
access-list 2 permit any
此时，再看R3的路由表:
R3#sh ip ro os
     2.0.0.0/24 is subnetted, 1 subnets
O E2    2.2.2.0 [110/20] via 13.1.1.1, 00:03:28, Serial1/0
     172.16.0.0/24 is subnetted, 1 subnets
O E2    172.16.1.0 [110/20] via 13.1.1.1, 00:00:36, Serial1/0
     12.0.0.0/24 is subnetted, 1 subnets
O E2    12.1.1.0 [110/20] via 13.1.1.1, 00:10:18, Serial1/0
O E2 192.168.2.0/24 [110/20] via 13.1.1.1, 00:03:28, Serial1/0
 
注意：当在重分布时进行过滤，仅允许使用关键字out，后面可以跟上协议名，但不能跟接口，因为无意义，详见卷一（注意：in后面不能跟协议，只有out后能跟）
 
案例3:在OSPF中使用分布列表：(没啥意义)
R2(S1/1)------(S1/0)R1(S1/1)------(s1/0)R3
以上拓扑中，在R2上起用两个环回口，一个是172.16.1.1，一个是192.168.2.1，要使R3上不可以收到172.16.0.0的路由
在没有配置distrubte-list时，看一看R1和R3的路由表:
R1#sh ip ro os
     222.222.2.0/32 is subnetted, 1 subnets
O       222.222.2.1 [110/1563] via 13.1.1.3, 00:00:09, Serial1/1
     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/1563] via 12.1.1.2, 00:00:09, Serial1/0
     222.222.1.0/32 is subnetted, 1 subnets
O       222.222.1.1 [110/1563] via 13.1.1.3, 00:00:09, Serial1/1
     3.0.0.0/32 is subnetted, 1 subnets
O       3.3.3.3 [110/1563] via 13.1.1.3, 00:00:09, Serial1/1
     172.16.0.0/32 is subnetted, 1 subnets
O       172.16.1.1 [110/1563] via 12.1.1.2, 00:00:09, Serial1/0
     192.168.2.0/32 is subnetted, 1 subnets
O       192.168.2.1 [110/1563] via 12.1.1.2, 00:00:09, Serial1/0
R3#sh ip ro os
     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/1627] via 13.1.1.1, 00:00:42, Serial1/0
     172.16.0.0/32 is subnetted, 1 subnets
O       172.16.1.1 [110/1627] via 13.1.1.1, 00:00:42, Serial1/0
     12.0.0.0/24 is subnetted, 1 subnets
O       12.1.1.0 [110/1626] via 13.1.1.1, 00:00:42, Serial1/0
     192.168.2.0/32 is subnetted, 1 subnets
O       192.168.2.1 [110/1627] via 13.1.1.1, 00:00:42, Serial1/0
此时，在R1上做配置:
R1#sh run | b r o
distribute-list 1 in Serial1/0
!
access-list 1 deny   172.16.0.0
再次查看R1和R2的路由表:
R1#sh ip ro os
     222.222.2.0/32 is subnetted, 1 subnets
O       222.222.2.1 [110/1563] via 13.1.1.3, 00:00:34, Serial1/1
     222.222.1.0/32 is subnetted, 1 subnets
O       222.222.1.1 [110/1563] via 13.1.1.3, 00:00:34, Serial1/1
     3.0.0.0/32 is subnetted, 1 subnets
O       3.3.3.3 [110/1563] via 13.1.1.3, 00:00:34, Serial1/1
R3#sh ip ro os
     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/1627] via 13.1.1.1, 00:00:02, Serial1/0
     172.16.0.0/32 is subnetted, 1 subnets
O       172.16.1.1 [110/1627] via 13.1.1.1, 00:00:02, Serial1/0
     12.0.0.0/24 is subnetted, 1 subnets
O       12.1.1.0 [110/1626] via 13.1.1.1, 00:00:02, Serial1/0
     192.168.2.0/32 is subnetted, 1 subnets
O       192.168.2.1 [110/1627] via 13.1.1.1, 00:00:02, Serial1/0
 
总结：实际上并不能对LSA进行过滤，只能对自已的路由条目进行过滤。只对本地起作用，不影响向外传递的路由，可以通过命令area 1 range 172.16.1.0 255.255.0.0 not-adv和perfix表来进行区域之间的过滤.当在链路链路状态协议下配置命令distribute时，关键字out不能与接口联合使用，因为不像距离矢量协议，链路状态协议不从自身的路由表中通告路由，没有更新信息被过滤。
 
案例4:多个重新分配点
   R2(f1/0)------(f1/0)R3
(s0/0)               (s0/0)
   |                    |
   |                    |
(s0/0)                (s0/0)
   R1                   R4
(f2/0)                (f1/0)
   |                     |
   |                     |
(f1/0)                   |
  R5(f0/0)---------------|
其中R1和R4是一个分界点，其上部运行RIP，下部运行OSPF
当全网配置好时，先看一看R1的路由表:
R1#sh ip ro
     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback0
     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/65] via 192.168.3.2, 00:01:16, Serial0/0
     3.0.0.0/32 is subnetted, 1 subnets
O       3.3.3.3 [110/66] via 192.168.3.2, 00:01:16, Serial0/0
     4.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O       4.4.4.4/32 [110/130] via 192.168.3.2, 00:01:16, Serial0/0
R       4.4.4.0/24 [120/3] via 192.168.2.1, 00:00:01, FastEthernet2/0
     5.0.0.0/24 is subnetted, 1 subnets
R       5.5.5.0 [120/1] via 192.168.2.1, 00:00:01, FastEthernet2/0
O    192.168.4.0/24 [110/65] via 192.168.3.2, 00:01:16, Serial0/0
O    192.168.5.0/24 [110/129] via 192.168.3.2, 00:01:16, Serial0/0
O E2 192.168.6.0/24 [110/100] via 192.168.3.2, 00:01:17, Serial0/0
R    192.168.1.0/24 [120/1] via 192.168.2.1, 00:00:03, FastEthernet2/0
C    192.168.2.0/24 is directly connected, FastEthernet2/0
C    192.168.3.0/24 is directly connected, Serial0/0
此时，你会发现到达192.168.6.0网段的路由没有走R5,而是走了R2，这并不是一个最好的路由,解决这个问题的办法是在生新分配点使用分发列表来控制路由源点，在R1和R4上做配置:
R1#sh run | b r o
router ospf 1
 distribute-list 1 in  //仅仅允许接受OSPF域内的地址
!
router rip
 distribute-list 2 in  //仅仅允许接受RIP域内的网络
!
access-list 1 permit 192.168.4.0
access-list 1 permit 192.168.5.0
access-list 2 permit 192.168.1.0
access-list 2 permit 192.168.6.0
R4#sh run | b r o
router ospf 1
 distribute-list 1 in
!
router rip
 distribute-list 2 in
!
access-list 1 permit 192.168.3.0
access-list 1 permit 192.168.4.0
access-list 2 permit 192.168.1.0
access-list 2 permit 192.168.2.0
配置过滤后，再来看一看R1的路由表: 
R1#sh ip ro
     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback0
O    192.168.4.0/24 [110/65] via 192.168.3.2, 00:07:20, Serial0/0
O    192.168.5.0/24 [110/129] via 192.168.3.2, 00:07:20, Serial0/0
R    192.168.6.0/24 [120/1] via 192.168.2.1, 00:00:17, FastEthernet2/0
R    192.168.1.0/24 [120/1] via 192.168.2.1, 00:00:17, FastEthernet2/0
C    192.168.2.0/24 is directly connected, FastEthernet2/0
C    192.168.3.0/24 is directly connected, Serial0/0
使用这种方法消除了多个重新分配点内在的冗余，但是当R1的以太网链路发生故障后，RIP网络变得不可达，路由过滤器可阻止OSPF向路由表中输入替代的路由:
R1#sh ip ro
     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback0
O    192.168.4.0/24 [110/65] via 192.168.3.2, 00:11:04, Serial0/0
O    192.168.5.0/24 [110/129] via 192.168.3.2, 00:11:04, Serial0/0
C    192.168.3.0/24 is directly connected, Serial0/0
此时，对于IPv4，一种更好的方法是使用distance来设置首选路由:
R1#sh run | b r o
router ospf 1
 distance 130
 distance 110 0.0.0.0 255.255.255.255 1
!
router rip
 distance 130
 distance 120 192.168.2.1 0.0.0.0 2
R4#sh run | b r o                 
router ospf 1
 distance 130
 distance 110 0.0.0.0 255.255.255.255 1 //地址和反掩码
!
router rip
 distance 130
 distance 120 192.168.6.1 0.0.0.0 2
第一个Distance命令设置了OSPF和RIP的管理距离为130，第二个Distance命令根据被指定的通告路由器和ACL来设定一个不同的管理距离，这时，在OSPF中，通告路由器的地址不必是下一跳路由器的接口地址，而是产生LSA的路由器ID，其中路由就是根据LSA进行计算的.当网络正常时，看下R4的路由表:
R4#sh ip ro
     4.0.0.0/24 is subnetted, 1 subnets
C       4.4.4.0 is directly connected, Loopback0
O    192.168.4.0/24 [110/65] via 192.168.5.2, 00:10:03, Serial0/0
C    192.168.5.0/24 is directly connected, Serial0/0
C    192.168.6.0/24 is directly connected, FastEthernet1/0
R    192.168.1.0/24 [120/1] via 192.168.6.1, 00:00:21, FastEthernet1/0
R    192.168.2.0/24 [120/1] via 192.168.6.1, 00:00:21, FastEthernet1/0
O    192.168.3.0/24 [110/129] via 192.168.5.2, 00:10:03, Serial0/0
当R4的f1/0接口发生故障后，R4的路由表变为:
R4#sh ip ro
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     4.0.0.0/24 is subnetted, 1 subnets
C       4.4.4.0 is directly connected, Loopback0
O    192.168.4.0/24 [110/65] via 192.168.5.2, 00:30:54, Serial0/0
C    192.168.5.0/24 is directly connected, Serial0/0
R    192.168.1.0/24 is possibly down, routing via 192.168.6.1, FastEthernet1/0
R    192.168.2.0/24 is possibly down, routing via 192.168.6.1, FastEthernet1/0
O    192.168.3.0/24 [110/129] via 192.168.5.2, 00:30:54, Serial0/0
R4#sh ip ro
     4.0.0.0/24 is subnetted, 1 subnets
C       4.4.4.0 is directly connected, Loopback0
O    192.168.4.0/24 [110/65] via 192.168.5.2, 00:10:03, Serial0/0
C    192.168.5.0/24 is directly connected, Serial0/0
C    192.168.6.0/24 is directly connected, FastEthernet1/0
O E2    192.168.1.0/24 [120/1] via 192.168.5.2, 00:00:21, FastEthernet1/0
O E2    192.168.2.0/24 [120/1] via 192.168.5.2, 00:00:21, FastEthernet1/0
O    192.168.3.0/24 [110/129] via 192.168.5.2, 00:10:03, Serial0/0

案例5:使用管理距离设置路由器优先级
拓扑和上面的一样，这里，要把R4作为到OSPF域的主路由器，仅当R4不可达时才选择R1，策略实施前，R5通过在R4和R1之间执行等价的负载均衡:
R5#sh ip ro
     1.0.0.0/24 is subnetted, 1 subnets
R       1.1.1.0 [120/2] via 192.168.2.2, 00:00:21, FastEthernet1/0
     4.0.0.0/24 is subnetted, 1 subnets
R       4.4.4.0 [120/2] via 192.168.6.2, 00:00:17, FastEthernet0/0
     5.0.0.0/24 is subnetted, 1 subnets
C       5.5.5.0 is directly connected, Loopback0
R    192.168.4.0/24 [120/2] via 192.168.6.2, 00:00:17, FastEthernet0/0
                    [120/2] via 192.168.2.2, 00:00:21, FastEthernet1/0
R    192.168.5.0/24 [120/2] via 192.168.6.2, 00:00:17, FastEthernet0/0
                    [120/2] via 192.168.2.2, 00:00:21, FastEthernet1/0
C    192.168.6.0/24 is directly connected, FastEthernet0/0
C    192.168.1.0/24 is directly connected, Loopback1
C    192.168.2.0/24 is directly connected, FastEthernet1/0
R    192.168.3.0/24 [120/2] via 192.168.6.2, 00:00:18, FastEthernet0/0
                    [120/2] via 192.168.2.2, 00:00:22, FastEthernet1/0
在R5上进行配置以后，看R5的路由表:
R5#sh run | b r r
router rip
 version 2
 network 5.0.0.0
 network 192.168.1.0
 network 192.168.2.0
 network 192.168.6.0
 distance 100 192.168.6.2 0.0.0.0
 no auto-summary
R5# sh ip ro
     1.0.0.0/24 is subnetted, 1 subnets
R       1.1.1.0 [120/2] via 192.168.2.2, 00:00:08, FastEthernet1/0
     4.0.0.0/24 is subnetted, 1 subnets
R       4.4.4.0 [100/2] via 192.168.6.2, 00:00:14, FastEthernet0/0
     5.0.0.0/24 is subnetted, 1 subnets
C       5.5.5.0 is directly connected, Loopback0
R    192.168.4.0/24 [100/2] via 192.168.6.2, 00:00:14, FastEthernet0/0
R    192.168.5.0/24 [100/2] via 192.168.6.2, 00:00:14, FastEthernet0/0
C    192.168.6.0/24 is directly connected, FastEthernet0/0
C    192.168.1.0/24 is directly connected, Loopback1
C    192.168.2.0/24 is directly connected, FastEthernet1/0
R    192.168.3.0/24 [100/2] via 192.168.6.2, 00:00:14, FastEthernet0
当R5的F0/0链路断了，再次查看R5的路由表:
R5(config)#int f0/0
R5(config-if)#sh
*Mar  1 01:50:52: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down
*Mar  1 01:50:53: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
R5#sh ip ro
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     1.0.0.0/24 is subnetted, 1 subnets
R       1.1.1.0 [120/2] via 192.168.2.2, 00:00:02, FastEthernet1/0
     5.0.0.0/24 is subnetted, 1 subnets
C       5.5.5.0 is directly connected, Loopback0
R    192.168.4.0/24 [120/2] via 192.168.2.2, 00:00:02, FastEthernet1/0
R    192.168.5.0/24 [120/2] via 192.168.2.2, 00:00:02, FastEthernet1/0
C    192.168.1.0/24 is directly connected, Loopback1
C    192.168.2.0/24 is directly connected, FastEthernet1/0
R    192.168.3.0/24 [120/2] via 192.168.2.2, 00:00:02, FastEthernet1/0