其他分享
首页 > 其他分享> > 思科路由器双ISP+SLA+Route-map NAT配置测试

思科路由器双ISP+SLA+Route-map NAT配置测试

作者:互联网

一.实验目标及拓扑

1.目标

内网只有172.16.1.0/24一个网段,双链路都正常的情况下,主机172.16.1.2走电信接口出公网,其他走联通接口出公网,当任意一条出口链路出现故障时,能保证内网所有主机能从未出故障的线路出公网。

2.拓扑

二.基本配置

1.Internet路由器

hostname Internet

interface Loopback0

    ip address 100.100.100.100 255.255.255.0

interface Ethernet0/0

    ip address 202.100.1.2 255.255.255.252

    no shutdown

interface Ethernet0/1

    ip address 61.128.1.2 255.255.255.252

    no shutdown

ip route 192.168.1.0 255.255.255.0 61.128.1.1

ip route 192.168.11.0 255.255.255.0 202.100.1.1

line vty 0 4

    password Cisco

    login

2.Unicom路由器

hostname Unicom

interface Ethernet0/0

    ip address 192.168.11.1 255.255.255.0

    no shutdown

interface Ethernet0/1

    ip address 202.100.1.1 255.255.255.252

    no shutdown

ip route 0.0.0.0 0.0.0.0 202.100.1.2

3.Telecom路由器

hostname Telecom

interface Ethernet0/0

    ip address 192.168.1.1 255.255.255.0

    no shutdown

interface Ethernet0/1

    ip address 61.128.1.1 255.255.255.252

    no shutdown

ip route 0.0.0.0 0.0.0.0 61.128.1.1

4.Router路由器

hostname Router

interface Ethernet0/0

    ip address 192.168.11.12 255.255.255.0

    no shutdown

interface Ethernet0/1

    ip address 192.168.1.12 255.255.255.0

    no shutdown

interface Ethernet0/2

    ip address 172.16.1.1 255.255.255.0

    no shutdown

三.Router路由器的其他配置

1.浮动路由配置

---思路:默认路由走联通,当联通的线路出现故障时,走电信。

ip sla 2

    icmp-echo 192.168.11.1 source-ip 192.168.11.12

    frequency 10

ip sla schedule 1 life forever start-time now

track 2 ip sla 2 reachability

ip route 0.0.0.0 0.0.0.0 192.168.11.1 10 track 2

ip route 0.0.0.0 0.0.0.0 192.168.1.1 254

2.策略路由配置

---思路:基于内网源地址进行策略路由,策略路由指定下一跳地址时调用track

ip sla 1

    icmp-echo 192.168.1.1 source-ip 192.168.1.12

    frequency 10

ip sla schedule 1 life forever start-time now

track 1 ip sla 1 reachability

ip access-list extended telecom-lan

    permit ip host 172.16.1.2 any

route-map pbr permit 10

    match ip address telecom-lan

    set ip next-hop verify-availability 192.168.1.1 1 track 1

    set ip next-hop verify-availability 192.168.11.1 2 track 2

interface Ethernet0/2

     ip policy route-map pbr

3.NAT配置

---思路:基于内网源地址进行策略路由,策略路由指定下一跳地址时调用track

ip access-list extended telecom

    permit ip any any

route-map unicom permit 10

    match ip address unicom

    match interface Ethernet0/0

ip access-list extended unicom

    permit ip any any

route-map telecom permit 10

    match ip address telecom

    match interface Ethernet0/1

ip nat inside source route-map telecom interface Ethernet0/1 overload

ip nat inside source route-map unicom interface Ethernet0/0 overload


四.验证

1.PC1路由器telnet 100.100.100.100显示的源地址为电信接口地址

PC1#telnet 100.100.100.100

Trying 100.100.100.100 ... Open


User Access Verification


Password:

Internet>show users

    Line       User       Host(s)              Idle       Location

   0 con 0                idle                 00:00:49   

*  2 vty 0                idle                 00:00:00 192.168.1.12


  Interface    User               Mode         Idle     Peer Address


Internet>exit

2.PC2路由器telnet 100.100.100.100显示的源地址为联通接口地址

PC2#telnet 100.100.100.100

Trying 100.100.100.100 ... Open


User Access Verification


Password:

Internet>show users

    Line       User       Host(s)              Idle       Location

   0 con 0                idle                 00:03:48   

*  2 vty 0                idle                 00:00:00 192.168.11.12


  Interface    User               Mode         Idle     Peer Address


Internet>exit

3.关闭Telnecom路由器的E0/0接口,在Router路由器上可以看到sla 1 down

Telecom(config)#int e0/0

Telecom(config-if)#shu

Telecom(config-if)#shutdown

Telecom(config-if)#

Router(config)#

*May  7 15:01:34.842: %TRACK-6-STATE: 1 ip sla 1 reachability Up -> Down

Router(config)#

4.PC1路由器再次telnet 100.100.100.100显示的源地址为联通接口的IP地址

PC1#telnet 100.100.100.100

Trying 100.100.100.100 ... Open


User Access Verification


Password:

Internet>show users

    Line       User       Host(s)              Idle       Location

   0 con 0                idle                 00:06:00   

*  2 vty 0                idle                 00:00:00 192.168.11.12


  Interface    User               Mode         Idle     Peer Address


Internet>exit

5.恢复Telecom路由器的接口

Telecom(config-if)#no shutdown

Telecom(config-if)#

*May  7 15:05:59.630: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up

*May  7 15:06:00.630: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to up

Telecom(config-if)#

Router(config)#

*May  7 15:06:20.082: %TRACK-6-STATE: 1 ip sla 1 reachability Down -> Up

Router(config)#

6.关闭Unicom路由器的E0/0接口

Unicom(config)#int e0/0

Unicom(config-if)#shutdown

Unicom(config-if)#

*May  7 15:07:30.457: %LINK-5-CHANGED: Interface Ethernet0/0, changed state to administratively down

*May  7 15:07:31.462: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to down

Unicom(config-if)#

Router(config)#

*May  7 15:07:45.164: %TRACK-6-STATE: 2 ip sla 2 reachability Up -> Down

Router(config)#

7.路由器再次telnet 100.100.100.100显示的源地址为电信接口的IP地址

PC2#telnet 100.100.100.100

Trying 100.100.100.100 ... Open


User Access Verification


Password:

Internet>show users

    Line       User       Host(s)              Idle       Location

   0 con 0                idle                 00:11:23   

*  2 vty 0                idle                 00:00:00 192.168.1.12


  Interface    User               Mode         Idle     Peer Address


Internet>exit

五.EVE中Route使用早期版本的配置

---备注IOS文件使用的是c3725-advsecurityk9-mz.124-25d.image。

1.浮动路由配置
---思路:默认路由走联通,监控联通线路,当其出现故障时,走电信。
ip sla monitor 2
type echo protocol ipIcmpEcho 192.168.11.1 source-ipaddr 192.168.11.12
frequency 10
ip sla monitor schedule 2 life forever start-time now
track 2 rtr 2 reachability
ip route 0.0.0.0 0.0.0.0 192.168.11.1 10 track 2
ip route 0.0.0.0 0.0.0.0 192.168.1.1 254
2.策略路由配置
---思路:基于内网源地址进行策略路由,策略路由指定下一跳地址时调用track
ip sla monitor 1
type echo protocol ipIcmpEcho 192.168.1.1 source-ipaddr 192.168.1.12
frequency 10
ip sla monitor schedule 1 life forever start-time now
track 1 rtr 1 reachability
ip access-list extended telecom-lan
    permit ip host 172.16.1.2 any
route-map pbr permit 10
    match ip address telecom-lan
    set ip next-hop verify-availability 192.168.1.1 1 track 1
    set ip next-hop verify-availability 192.168.11.1 2 track 2
interface vlan1
     ip policy route-map pbr
3.NAT配置
---思路:nat配置时调用route-map,同时匹配地址和接口
interface FastEthernet0/0
ip address 192.168.11.12 255.255.255.0
ip nat outside
interface FastEthernet0/1
ip address 192.168.1.12 255.255.255.0
ip nat outside
interface vlan1
ip nat inside
ip access-list extended lan
    permit ip 172.16.1.0 0.0.0.255 any
route-map unicom permit 10
    match ip address  lan
    match interface f0/0
route-map telecom permit 10
    match ip address  lan
    match interface f0/1
ip nat inside source route-map unicom interface FastEthernet0/0 overload
ip nat inside source route-map telecom interface FastEthernet0/1 overload

标签:0.0,map,00,100.100,Route,ISP,192.168,ip,address
来源: https://blog.51cto.com/u_333234/2769360