思科路由器双ISP+SLA+Route-map NAT配置测试
作者:互联网
一.实验目标及拓扑
1.目标
内网只有172.16.1.0/24一个网段,双链路都正常的情况下,主机172.16.1.2走电信接口出公网,其他走联通接口出公网,当任意一条出口链路出现故障时,能保证内网所有主机能从未出故障的线路出公网。
2.拓扑
二.基本配置
1.Internet路由器
hostname Internet
interface Loopback0
ip address 100.100.100.100 255.255.255.0
interface Ethernet0/0
ip address 202.100.1.2 255.255.255.252
no shutdown
interface Ethernet0/1
ip address 61.128.1.2 255.255.255.252
no shutdown
ip route 192.168.1.0 255.255.255.0 61.128.1.1
ip route 192.168.11.0 255.255.255.0 202.100.1.1
line vty 0 4
password Cisco
login
2.Unicom路由器
hostname Unicom
interface Ethernet0/0
ip address 192.168.11.1 255.255.255.0
no shutdown
interface Ethernet0/1
ip address 202.100.1.1 255.255.255.252
no shutdown
ip route 0.0.0.0 0.0.0.0 202.100.1.2
3.Telecom路由器
hostname Telecom
interface Ethernet0/0
ip address 192.168.1.1 255.255.255.0
no shutdown
interface Ethernet0/1
ip address 61.128.1.1 255.255.255.252
no shutdown
ip route 0.0.0.0 0.0.0.0 61.128.1.1
4.Router路由器
hostname Router
interface Ethernet0/0
ip address 192.168.11.12 255.255.255.0
no shutdown
interface Ethernet0/1
ip address 192.168.1.12 255.255.255.0
no shutdown
interface Ethernet0/2
ip address 172.16.1.1 255.255.255.0
no shutdown
三.Router路由器的其他配置
1.浮动路由配置
---思路:默认路由走联通,当联通的线路出现故障时,走电信。
ip sla 2
icmp-echo 192.168.11.1 source-ip 192.168.11.12
frequency 10
ip sla schedule 1 life forever start-time now
track 2 ip sla 2 reachability
ip route 0.0.0.0 0.0.0.0 192.168.11.1 10 track 2
ip route 0.0.0.0 0.0.0.0 192.168.1.1 254
2.策略路由配置
---思路:基于内网源地址进行策略路由,策略路由指定下一跳地址时调用track
ip sla 1
icmp-echo 192.168.1.1 source-ip 192.168.1.12
frequency 10
ip sla schedule 1 life forever start-time now
track 1 ip sla 1 reachability
ip access-list extended telecom-lan
permit ip host 172.16.1.2 any
route-map pbr permit 10
match ip address telecom-lan
set ip next-hop verify-availability 192.168.1.1 1 track 1
set ip next-hop verify-availability 192.168.11.1 2 track 2
interface Ethernet0/2
ip policy route-map pbr
3.NAT配置
---思路:基于内网源地址进行策略路由,策略路由指定下一跳地址时调用track
ip access-list extended telecom
permit ip any any
route-map unicom permit 10
match ip address unicom
match interface Ethernet0/0
ip access-list extended unicom
permit ip any any
route-map telecom permit 10
match ip address telecom
match interface Ethernet0/1
ip nat inside source route-map telecom interface Ethernet0/1 overload
ip nat inside source route-map unicom interface Ethernet0/0 overload
四.验证
1.PC1路由器telnet 100.100.100.100显示的源地址为电信接口地址
PC1#telnet 100.100.100.100
Trying 100.100.100.100 ... Open
User Access Verification
Password:
Internet>show users
Line User Host(s) Idle Location
0 con 0 idle 00:00:49
* 2 vty 0 idle 00:00:00 192.168.1.12
Interface User Mode Idle Peer Address
Internet>exit
2.PC2路由器telnet 100.100.100.100显示的源地址为联通接口地址
PC2#telnet 100.100.100.100
Trying 100.100.100.100 ... Open
User Access Verification
Password:
Internet>show users
Line User Host(s) Idle Location
0 con 0 idle 00:03:48
* 2 vty 0 idle 00:00:00 192.168.11.12
Interface User Mode Idle Peer Address
Internet>exit
3.关闭Telnecom路由器的E0/0接口,在Router路由器上可以看到sla 1 down
Telecom(config)#int e0/0
Telecom(config-if)#shu
Telecom(config-if)#shutdown
Telecom(config-if)#
Router(config)#
*May 7 15:01:34.842: %TRACK-6-STATE: 1 ip sla 1 reachability Up -> Down
Router(config)#
4.PC1路由器再次telnet 100.100.100.100显示的源地址为联通接口的IP地址
PC1#telnet 100.100.100.100
Trying 100.100.100.100 ... Open
User Access Verification
Password:
Internet>show users
Line User Host(s) Idle Location
0 con 0 idle 00:06:00
* 2 vty 0 idle 00:00:00 192.168.11.12
Interface User Mode Idle Peer Address
Internet>exit
5.恢复Telecom路由器的接口
Telecom(config-if)#no shutdown
Telecom(config-if)#
*May 7 15:05:59.630: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
*May 7 15:06:00.630: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to up
Telecom(config-if)#
Router(config)#
*May 7 15:06:20.082: %TRACK-6-STATE: 1 ip sla 1 reachability Down -> Up
Router(config)#
6.关闭Unicom路由器的E0/0接口
Unicom(config)#int e0/0
Unicom(config-if)#shutdown
Unicom(config-if)#
*May 7 15:07:30.457: %LINK-5-CHANGED: Interface Ethernet0/0, changed state to administratively down
*May 7 15:07:31.462: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to down
Unicom(config-if)#
Router(config)#
*May 7 15:07:45.164: %TRACK-6-STATE: 2 ip sla 2 reachability Up -> Down
Router(config)#
7.路由器再次telnet 100.100.100.100显示的源地址为电信接口的IP地址
PC2#telnet 100.100.100.100
Trying 100.100.100.100 ... Open
User Access Verification
Password:
Internet>show users
Line User Host(s) Idle Location
0 con 0 idle 00:11:23
* 2 vty 0 idle 00:00:00 192.168.1.12
Interface User Mode Idle Peer Address
Internet>exit
五.EVE中Route使用早期版本的配置
---备注IOS文件使用的是c3725-advsecurityk9-mz.124-25d.image。
1.浮动路由配置
---思路:默认路由走联通,监控联通线路,当其出现故障时,走电信。
ip sla monitor 2
type echo protocol ipIcmpEcho 192.168.11.1 source-ipaddr 192.168.11.12
frequency 10
ip sla monitor schedule 2 life forever start-time now
track 2 rtr 2 reachability
ip route 0.0.0.0 0.0.0.0 192.168.11.1 10 track 2
ip route 0.0.0.0 0.0.0.0 192.168.1.1 254
2.策略路由配置
---思路:基于内网源地址进行策略路由,策略路由指定下一跳地址时调用track
ip sla monitor 1
type echo protocol ipIcmpEcho 192.168.1.1 source-ipaddr 192.168.1.12
frequency 10
ip sla monitor schedule 1 life forever start-time now
track 1 rtr 1 reachability
ip access-list extended telecom-lan
permit ip host 172.16.1.2 any
route-map pbr permit 10
match ip address telecom-lan
set ip next-hop verify-availability 192.168.1.1 1 track 1
set ip next-hop verify-availability 192.168.11.1 2 track 2
interface vlan1
ip policy route-map pbr
3.NAT配置
---思路:nat配置时调用route-map,同时匹配地址和接口
interface FastEthernet0/0
ip address 192.168.11.12 255.255.255.0
ip nat outside
interface FastEthernet0/1
ip address 192.168.1.12 255.255.255.0
ip nat outside
interface vlan1
ip nat inside
ip access-list extended lan
permit ip 172.16.1.0 0.0.0.255 any
route-map unicom permit 10
match ip address lan
match interface f0/0
route-map telecom permit 10
match ip address lan
match interface f0/1
ip nat inside source route-map unicom interface FastEthernet0/0 overload
ip nat inside source route-map telecom interface FastEthernet0/1 overload
标签:0.0,map,00,100.100,Route,ISP,192.168,ip,address 来源: https://blog.51cto.com/u_333234/2769360