[Cisco Packet Tracer] OSPF 와 엑세스 리스트

컴퓨터/Network

[Cisco Packet Tracer] OSPF 와 엑세스 리스트

CIY 2011. 8. 25. 15:12

문) PC2(210.240.100.5) 에서 PC0(203.210.100.15) 으로 접근 못하게 하고 다른곳에서는 모두 접근하게 하자

R1(config)#access-list 10 deny 210.240.100.5 //210.240.100.5 의 아이피를 접근 거부
R1(config)#access-list 10 permit 210.240.100.0 0.0.0.255 //210.240.100.0의 대역를 모두 접근 허용
R1(config)#access-list 10 permit 210.240.150.0 0.0.0.255 //210.240.150.0의 대역를 모두 접근 허용
int fa0/0
ip access-group 10 out
exit

R1족보
en
conf t
hostname R1
int se3/0
ip addr 192.168.0.1 255.255.255.0
clock rate 56000
no sh
exit
int fa0/0
ip addr 203.210.100.254 255.255.255.0
no sh
exit
int se2/0
ip addr 192.168.10.1 255.255.255.0
clock rate 56000
no sh
exit
router ospf 100
network 192.168.0.0 0.0.0.255 area 0
network 192.168.10.0 0.0.0.255 area 0
network 203.210.100.0 0.0.0.255 area 0
exit

access-list 10 deny 210.240.100.5
access-list 10 permit 210.240.100.0 0.0.0.255
access-list 10 permit 210.240.150.0 0.0.0.255

int fa0/0
ip access-group 10 out
exit

R2족보
en
conf t
hostname R2
int se2/0
ip addr 192.168.10.2 255.255.255.0
clock rate 56000
no sh
exit
int fa0/0
ip addr 210.240.150.254 255.255.255.0
no sh
exit
router ospf 100
network 192.168.10.0 0.0.0.255 area 0
network 210.240.150.0 0.0.0.255 area 0
exit

R3족보
en
conf t
hostname R3
int se3/0
ip addr 192.168.0.2 255.255.255.0
clock rate 56000
no sh
exit
int fa0/0
ip addr 210.240.100.254 255.255.255.0
no sh
exit
router ospf 100
network 192.168.0.0 0.0.0.255 area 0
network 210.240.100.0 0.0.0.255 area 0
exit

--------------------------------------------------
※별도
원래의 목적은 아래부분과 같이 그룹 in부분도 할려그랬다

access-list 10 deny 210.240.100.5
access-list 10 permit 210.240.100.0 0.0.0.255
access-list 10 permit 210.240.150.0 0.0.0.255

int se3/0
ip access-group 10 in
exit
int se2/0
ip access-group 10 in
exit
int fa0/0
ip access-group 10 out
exit

하지만 in을 적용하자 Neighbor Down 현상이 일어나 OSPF 가 풀려버리는 일이 발생하였다

00:11:46: %OSPF-5-ADJCHG: Process 100, Nbr 210.240.100.254 on Serial3/0 from FULL to DOWN, Neighbor Down: Dead timer expired

00:11:46: %OSPF-5-ADJCHG: Process 100, Nbr 210.240.100.254 on Serial3/0 from FULL to DOWN, Neighbor Down: Interface down or detached

00:11:46: %OSPF-5-ADJCHG: Process 100, Nbr 210.240.150.254 on Serial2/0 from FULL to DOWN, Neighbor Down: Dead timer expired

00:11:46: %OSPF-5-ADJCHG: Process 100, Nbr 210.240.150.254 on Serial2/0 from FULL to DOWN, Neighbor Down: Interface down or detached
이런식으로 나오게 되었다
RIP를 썻을때는 안저러는 녀석이 OSPF 를 쓰게돼니까 회괴망칙한 메시지를 배출하고있질 않는가
개인적으로 검색해서 ip ospf hello-interval 를 30으로 바꿔보기도 해보고 또 머 해봤었는데? 까먹었다 ㅋ 암튼 것도 안됬다
별도로 풀어볼 내용이다
아시는분~ 알려주세용 ㅠ.ㅠ
--------------------------------------------------