Ciao, il Bgp l'ho attivato e' proprio quando attivo il BGP che si incasina tutto.
A me hanno dato tre comandi per filtrare le route, ma ho paura che qualcosa non vada per il verso giusto. del resto, mi fido degli altri, perche' sino ad ora poco conosco questi filtri e come scriverli.
Se mi dai un aiutino magari riesco nel mio intento.
Grazie ancora.
fibra 40 mega
Moderatore: Federico.Lagni
-
paolomat75
- Messianic Network master
- Messaggi: 2965
- Iscritto il: ven 29 gen , 2010 10:25 am
- Località: Prov di GE
Dimmi che comandi ti hanno dato. Se hai solo quella linea basta che promuovi la tua rete e filtri tutto in ingresso. Usi la default route.
Paolo
Paolo
Non cade foglia che l'inconscio non voglia (S.B.)
-
zetar
- n00b
- Messaggi: 24
- Iscritto il: mar 26 feb , 2008 10:33 am
Questo e' quanto sono riuscito a fare io da solo, ma almeno ora non si pianta piu'.
router bgp 57xxx
no synchronization
bgp log-neighbor-changes
network 37.xxx.x52.0 mask 255.255.248.0
neighbor 88.32.xxx.189 remote-as 3269
neighbor 88.32.xxx.189 route-map AS3269_IN in
neighbor 88.32.xxx.189 route-map AS3269_OUT out
neighbor 88.32.xxx.189 maximum-prefix 10 80 restart 1
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 88.32.xxx.189
ip route 88.0.0.0 255.0.0.0 88.32.xxx.0
ip route 192.168.0.0 255.255.0.0 FastEthernet7/7
!
ip as-path access-list 1 permit ^$
ip as-path access-list 2 permit .*
!
!
access-list 5 deny 10.0.0.0 0.255.255.255 >
access-list 5 deny 172.16.0.0 0.15.255.255 >queste righe non sono in funzione
access-list 5 deny 192.168.0.0 0.0.255.255 >
access-list 5 permit any
route-map AS3269_OUT permit 5
match as-path 1
!
route-map AS3269_IN permit 5
match as-path 2
!
!
!
!
line con 0
line aux 0
line vty 0 4
Grazie.
router bgp 57xxx
no synchronization
bgp log-neighbor-changes
network 37.xxx.x52.0 mask 255.255.248.0
neighbor 88.32.xxx.189 remote-as 3269
neighbor 88.32.xxx.189 route-map AS3269_IN in
neighbor 88.32.xxx.189 route-map AS3269_OUT out
neighbor 88.32.xxx.189 maximum-prefix 10 80 restart 1
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 88.32.xxx.189
ip route 88.0.0.0 255.0.0.0 88.32.xxx.0
ip route 192.168.0.0 255.255.0.0 FastEthernet7/7
!
ip as-path access-list 1 permit ^$
ip as-path access-list 2 permit .*
!
!
access-list 5 deny 10.0.0.0 0.255.255.255 >
access-list 5 deny 172.16.0.0 0.15.255.255 >queste righe non sono in funzione
access-list 5 deny 192.168.0.0 0.0.255.255 >
access-list 5 permit any
route-map AS3269_OUT permit 5
match as-path 1
!
route-map AS3269_IN permit 5
match as-path 2
!
!
!
!
line con 0
line aux 0
line vty 0 4
Grazie.
-
paolomat75
- Messianic Network master
- Messaggi: 2965
- Iscritto il: ven 29 gen , 2010 10:25 am
- Località: Prov di GE
Bene se hai risolto. Mi sa che mancano delle parti o sono io che non ha capito come gira?
Buona giornata
Paolo
Buona giornata
Paolo
Non cade foglia che l'inconscio non voglia (S.B.)
-
paolomat75
- Messianic Network master
- Messaggi: 2965
- Iscritto il: ven 29 gen , 2010 10:25 am
- Località: Prov di GE
Mandami la configurazione completa, puoi bannare IP e password, così simulozetar ha scritto:Ciao, non ho risolto niente, perche mi sono accorto che non va su internet, per cui tutto da rifare.
Una rogna che non ne esco fuori.
Sigh sigh.
Ciao
Paolo
Non cade foglia che l'inconscio non voglia (S.B.)
-
zetar
- n00b
- Messaggi: 24
- Iscritto il: mar 26 feb , 2008 10:33 am
ciao e grazie.
Questo e' quello che ho fatto, cioe' sto cercando di fare.
Current configuration : 4142 bytes
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
redundancy
mode rpr
!
username xxxxxx privilege 15 secret 5 $1$yQDv$YZKI2eIWk6xrE.NtMBrpB/
!
!
!
ip subnet-zero
ip name-server 8.8.8.8 (tanto per provare) ci devo mettere i miei.
!
!
interface GigabitEthernet0/0
no ip address
no ip directed-broadcast
shutdown
no negotiation auto
!
interface GigabitEthernet0/1
no ip address
no ip directed-broadcast
shutdown
no negotiation auto
!
interface GigabitEthernet0/2
no ip address
no ip directed-broadcast
shutdown
no negotiation auto
!
interface GigabitEthernet1/0
no ip address
no ip directed-broadcast
shutdown
no negotiation auto
!
interface GigabitEthernet1/1
no ip address
no ip directed-broadcast
shutdown
no negotiation auto
!
interface GigabitEthernet1/2
no ip address
no ip directed-broadcast
shutdown
no negotiation auto
!
interface GigabitEthernet2/0
no ip address
no ip directed-broadcast
shutdown
no negotiation auto
!
interface GigabitEthernet2/1
no ip address
no ip directed-broadcast
shutdown
no negotiation auto
!
interface GigabitEthernet2/2
no ip address
no ip directed-broadcast
shutdown
no negotiation auto
!
interface GigabitEthernet3/0
no ip address
no ip directed-broadcast
shutdown
no negotiation auto
!
interface GigabitEthernet3/1
no ip address
no ip directed-broadcast
shutdown
no negotiation auto
!
interface GigabitEthernet3/2
no ip address
no ip directed-broadcast
shutdown
no negotiation auto
!
interface FastEthernet4/0
description "Lan Fisica vs Telecom"
ip address 88.xx.xxx.190 255.255.255.252
ip access-group 100 in
ip access-group 100 out
ip directed-broadcast
no ip mroute-cache
!
interface FastEthernet4/1
no ip address
no ip directed-broadcast
shutdown
tag-switching ip
!
interface FastEthernet4/2
no ip address
no ip directed-broadcast
shutdown
!
interface FastEthernet4/3
no ip address
no ip directed-broadcast
shutdown
!
interface FastEthernet4/4
no ip address
no ip directed-broadcast
shutdown
!
interface FastEthernet4/5
no ip address
no ip directed-broadcast
shutdown
!
interface FastEthernet4/6
no ip address
no ip directed-broadcast
shutdown
!
interface FastEthernet4/7
no ip address
no ip directed-broadcast
shutdown
!
interface GigabitEthernet6/0
no ip address
no ip directed-broadcast
no negotiation auto
!
interface GigabitEthernet6/1
no ip address
no ip directed-broadcast
no negotiation auto
!
interface GigabitEthernet6/2
no ip address
no ip directed-broadcast
no negotiation auto
!
interface FastEthernet7/0
no ip address
no ip directed-broadcast
shutdown
!
interface FastEthernet7/1
no ip address
no ip directed-broadcast
shutdown
!
interface FastEthernet7/2
no ip address
no ip directed-broadcast
shutdown
!
interface FastEthernet7/3
no ip address
no ip directed-broadcast
shutdown
!
interface FastEthernet7/4
no ip address
no ip directed-broadcast
shutdown
!
interface FastEthernet7/5
no ip address
no ip directed-broadcast
shutdown
!
interface FastEthernet7/6
no ip address
no ip directed-broadcast
shutdown
!
interface FastEthernet7/7
ip address 192.168.200.202 255.255.254.0 secondary
ip address 37.xxx.xxx.1 255.255.255.224 il primo IP della mia classe, ne ho tre in tutto
ip access-group 100 in
no ip directed-broadcast
!
interface Ethernet0
no ip address
no ip directed-broadcast
ip route-cache cef
shutdown
!
router bgp 57846
no synchronization
bgp log-neighbor-changes
neighbor 88.xx.xxx.189 remote-as 3269
distribute-list 1 in
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 88.xx.xxx.189
ip route 37.xx.xxx.0 255.255.255.224 FastEthernet4/0
!
!
!
access-list 1 permit 37.xxx.xxx.0 0.0.0.224
access-list 5 deny 10.0.0.0 0.255.255.255
access-list 5 deny 172.16.0.0 0.15.255.255
access-list 5 deny 192.168.0.0 0.0.255.255
access-list 5 permit any
access-list 100 permit ip any any
access-list 100 permit ip 37.xx.xxx.0 0.0.0.224 any
!
!
!
line con 0
line aux 0
line vty 0 4
exec-timeout 0 0
privilege level 15
login local
transport input telnet
line vty 5 15
exec-timeout 0 0
privilege level 15
login local
transport input telnet
!
end
Router#
In PM te l'ho inviata senza censura.
Questo e' quello che ho fatto, cioe' sto cercando di fare.
Current configuration : 4142 bytes
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
redundancy
mode rpr
!
username xxxxxx privilege 15 secret 5 $1$yQDv$YZKI2eIWk6xrE.NtMBrpB/
!
!
!
ip subnet-zero
ip name-server 8.8.8.8 (tanto per provare) ci devo mettere i miei.
!
!
interface GigabitEthernet0/0
no ip address
no ip directed-broadcast
shutdown
no negotiation auto
!
interface GigabitEthernet0/1
no ip address
no ip directed-broadcast
shutdown
no negotiation auto
!
interface GigabitEthernet0/2
no ip address
no ip directed-broadcast
shutdown
no negotiation auto
!
interface GigabitEthernet1/0
no ip address
no ip directed-broadcast
shutdown
no negotiation auto
!
interface GigabitEthernet1/1
no ip address
no ip directed-broadcast
shutdown
no negotiation auto
!
interface GigabitEthernet1/2
no ip address
no ip directed-broadcast
shutdown
no negotiation auto
!
interface GigabitEthernet2/0
no ip address
no ip directed-broadcast
shutdown
no negotiation auto
!
interface GigabitEthernet2/1
no ip address
no ip directed-broadcast
shutdown
no negotiation auto
!
interface GigabitEthernet2/2
no ip address
no ip directed-broadcast
shutdown
no negotiation auto
!
interface GigabitEthernet3/0
no ip address
no ip directed-broadcast
shutdown
no negotiation auto
!
interface GigabitEthernet3/1
no ip address
no ip directed-broadcast
shutdown
no negotiation auto
!
interface GigabitEthernet3/2
no ip address
no ip directed-broadcast
shutdown
no negotiation auto
!
interface FastEthernet4/0
description "Lan Fisica vs Telecom"
ip address 88.xx.xxx.190 255.255.255.252
ip access-group 100 in
ip access-group 100 out
ip directed-broadcast
no ip mroute-cache
!
interface FastEthernet4/1
no ip address
no ip directed-broadcast
shutdown
tag-switching ip
!
interface FastEthernet4/2
no ip address
no ip directed-broadcast
shutdown
!
interface FastEthernet4/3
no ip address
no ip directed-broadcast
shutdown
!
interface FastEthernet4/4
no ip address
no ip directed-broadcast
shutdown
!
interface FastEthernet4/5
no ip address
no ip directed-broadcast
shutdown
!
interface FastEthernet4/6
no ip address
no ip directed-broadcast
shutdown
!
interface FastEthernet4/7
no ip address
no ip directed-broadcast
shutdown
!
interface GigabitEthernet6/0
no ip address
no ip directed-broadcast
no negotiation auto
!
interface GigabitEthernet6/1
no ip address
no ip directed-broadcast
no negotiation auto
!
interface GigabitEthernet6/2
no ip address
no ip directed-broadcast
no negotiation auto
!
interface FastEthernet7/0
no ip address
no ip directed-broadcast
shutdown
!
interface FastEthernet7/1
no ip address
no ip directed-broadcast
shutdown
!
interface FastEthernet7/2
no ip address
no ip directed-broadcast
shutdown
!
interface FastEthernet7/3
no ip address
no ip directed-broadcast
shutdown
!
interface FastEthernet7/4
no ip address
no ip directed-broadcast
shutdown
!
interface FastEthernet7/5
no ip address
no ip directed-broadcast
shutdown
!
interface FastEthernet7/6
no ip address
no ip directed-broadcast
shutdown
!
interface FastEthernet7/7
ip address 192.168.200.202 255.255.254.0 secondary
ip address 37.xxx.xxx.1 255.255.255.224 il primo IP della mia classe, ne ho tre in tutto
ip access-group 100 in
no ip directed-broadcast
!
interface Ethernet0
no ip address
no ip directed-broadcast
ip route-cache cef
shutdown
!
router bgp 57846
no synchronization
bgp log-neighbor-changes
neighbor 88.xx.xxx.189 remote-as 3269
distribute-list 1 in
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 88.xx.xxx.189
ip route 37.xx.xxx.0 255.255.255.224 FastEthernet4/0
!
!
!
access-list 1 permit 37.xxx.xxx.0 0.0.0.224
access-list 5 deny 10.0.0.0 0.255.255.255
access-list 5 deny 172.16.0.0 0.15.255.255
access-list 5 deny 192.168.0.0 0.0.255.255
access-list 5 permit any
access-list 100 permit ip any any
access-list 100 permit ip 37.xx.xxx.0 0.0.0.224 any
!
!
!
line con 0
line aux 0
line vty 0 4
exec-timeout 0 0
privilege level 15
login local
transport input telnet
line vty 5 15
exec-timeout 0 0
privilege level 15
login local
transport input telnet
!
end
Router#
In PM te l'ho inviata senza censura.
-
paolomat75
- Messianic Network master
- Messaggi: 2965
- Iscritto il: ven 29 gen , 2010 10:25 am
- Località: Prov di GE
Non ho messaggi PM. Comunque questo può bastare per fare una simulazione.
Domani provo e ti faccio sapere.
Ciao
Domani provo e ti faccio sapere.
Ciao
Non cade foglia che l'inconscio non voglia (S.B.)
-
paolomat75
- Messianic Network master
- Messaggi: 2965
- Iscritto il: ven 29 gen , 2010 10:25 am
- Località: Prov di GE
Ti ho scritto in PM
Non cade foglia che l'inconscio non voglia (S.B.)
-
paolomat75
- Messianic Network master
- Messaggi: 2965
- Iscritto il: ven 29 gen , 2010 10:25 am
- Località: Prov di GE
Prego.zetar ha scritto:Ciao, un grazie a tutti per le risposte.
Un particolare ringraziamento a Paolomat75 che mi ha dato un mano a capire e ha risolto il problema.
Buona giornata
Paolo
Non cade foglia che l'inconscio non voglia (S.B.)
-
daysleeper
- Network Emperor
- Messaggi: 347
- Iscritto il: gio 20 ott , 2005 12:47 pm
- Località: Gioia del Colle(ba)
Qual'era il problema? Così per curiosità professionale..
A daje e daje le cipolle diventan'aje!!!
-
zetar
- n00b
- Messaggi: 24
- Iscritto il: mar 26 feb , 2008 10:33 am
Ciao, mi sono reso conto di non aver piu' risposto alla tua domanda e con questo mi scuso.
Il problema era proprio filtrare le rotte in modo tale da non riempire la tavola.
Grazie ancora, anche se a distanza di anni l'importante e sentirci..
Il problema era proprio filtrare le rotte in modo tale da non riempire la tavola.
Grazie ancora, anche se a distanza di anni l'importante e sentirci..
