最近客户有一需求,新购买CISCO1841路由器,申请网通和电信双线路,都各申请到一个公网IP.想实现以下功能.
1.内部用户通过NAT上网
2.如果访问网通的服务器则智能选择走网通线路,电信同理
3.如果网通或电信任一线路有问题,则自动切换.保障线路实时畅通
解决方法:
1.内部通过NAT上网.配置电信和网通两个地址池,且都进行动态聚合地址转换
2.配置通往网通IP段的路由走网通的线路
3.配置一条默认静态路由到电信的网关
几点思考:
1.如果用户访问网通的服务器,则走网通的静态路由出去.
2,如果用户访问网通的服务器,但网通的线路down掉,则自动切换到"默认静态路由"通过电信的线路进行访问
3.如果用户访问电信的服务器,则走"默认静态路由"通过电信的线路出去
4.如果用户访问电信的服务器,但电信的线路down掉,怎么办? 这个问题没有找到解决方法
对于第4个问题,我的考虑是用浮动路由实现,即再增加一条默认静态路由,此路由到网通的网关,但优先级低.但用此中方法配置后测试一直不成功,不知道是什么原因.
路由器配置后,状态如下.经过测试基本达到客户要求.
注释: 申请的网通IP: a.b.c.d 申请的电信IP: e.f.g.h
!This is the running config of the router: 10.10.10.1
!----------------------------------------------------------------------------
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname YongTaiRouter
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$Q561$BBCciXC9irt9374vc0gBN/
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 8
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
no ip dhcp use vrf connected
!
!
no ip bootp server
ip domain name yongtaigroup.com
!
username yongtai privilege 15 secret 5 $1$qImA$HKoq7g00wzaUI/9XJOUMQ1
!
!
!
interface FastEthernet0/0
description IN$FW_INSIDE$$ES_LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ETH-LAN$
ip address 10.10.10.1 255.255.255.0 /* 内网IP
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside /*内网NAT inside
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description ChinaNet$FW_OUTSIDE$$ES_WAN$$ETH-WAN$
ip address e.f.g.h 255.255.255.248 /*电信提供的ip
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside /*外网NAT outside
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/0/0
!
interface FastEthernet0/0/1
!
interface FastEthernet0/0/2
!
interface FastEthernet0/0/3
!
interface Vlan1
ip address a.b.c.d 255.255.255.248 /*网通IP
ip nat outside /*网通NAT outside
!
ip classless
ip route 0.0.0.0 0.0.0.0 e.f.g.1 /*默认静态路由到电信的网关
ip route 58.16.0.0 255.248.0.0 221.2.234.193 /*-〉以下为到网通的静态路由
ip route 58.240.0.0 255.240.0.0 221.2.234.193
ip route 60.0.0.0 255.224.0.0 221.2.234.193
ip route 60.208.0.0 255.240.0.0 221.2.234.193
ip route 60.255.0.0 255.255.0.0 221.2.234.193
ip route 61.52.0.0 255.252.0.0 221.2.234.193
ip route 61.133.0.0 255.255.128.0 221.2.234.193
ip route 61.134.96.0 255.255.224.0 221.2.234.193
ip route 61.134.128.0 255.255.128.0 221.2.234.193
ip route 61.135.0.0 255.255.0.0 221.2.234.193
ip route 61.136.0.0 255.255.128.0 221.2.234.193
ip route 61.137.128.0 255.255.128.0 221.2.234.193
ip route 61.138.0.0 255.255.128.0 221.2.234.193
ip route 61.138.128.0 255.255.192.0 221.2.234.193
ip route 61.139.128.0 255.255.192.0 221.2.234.193
ip route 61.148.0.0 255.254.0.0 221.2.234.193
ip route 61.156.0.0 255.255.0.0 221.2.234.193
ip route 61.158.0.0 255.255.0.0 221.2.234.193
ip route 61.159.0.0 255.255.192.0 221.2.234.193
ip route 61.161.0.0 255.255.192.0 221.2.234.193
ip route 61.161.128.0 255.255.128.0 221.2.234.193
ip route 61.162.0.0 255.254.0.0 221.2.234.193
ip route 61.167.0.0 255.255.0.0 221.2.234.193
ip route 61.168.0.0 255.255.0.0 221.2.234.193
ip route 61.176.0.0 255.255.0.0 221.2.234.193
ip route 61.179.0.0 255.255.0.0 221.2.234.193
ip route 61.180.128.0 255.255.128.0 221.2.234.193
ip route 61.181.0.0 255.255.0.0 221.2.234.193
ip route 61.182.0.0 255.255.0.0 221.2.234.193
ip route 61.189.0.0 255.255.128.0 221.2.234.193
ip route 121.16.0.0 255.240.0.0 221.2.234.193
ip route 122.198.192.0 255.255.192.0 221.2.234.193
ip route 124.21.0.0 255.255.0.0 221.2.234.193
ip route 124.64.0.0 255.254.0.0 221.2.234.193
ip route 124.66.0.0 255.255.128.0 221.2.234.193
ip route 124.67.0.0 255.255.0.0 221.2.234.193
ip route 124.88.0.0 255.248.0.0 221.2.234.193
ip route 124.128.0.0 255.248.0.0 221.2.234.193
ip route 124.160.0.0 255.248.0.0 221.2.234.193
ip route 124.248.64.0 255.255.192.0 221.2.234.193
ip route 124.254.0.0 255.255.192.0 221.2.234.193
ip route 125.32.0.0 255.240.0.0 221.2.234.193
ip route 202.74.8.0 255.255.248.0 221.2.234.193
ip route 202.75.208.0 255.255.248.0 221.2.234.193
ip route 202.96.0.0 255.255.192.0 221.2.234.193
ip route 202.96.64.0 255.255.224.0 221.2.234.193
ip route 202.97.128.0 255.255.128.0 221.2.234.193
ip route 202.98.0.0 255.255.224.0 221.2.234.193
ip route 202.99.0.0 255.255.0.0 221.2.234.193
ip route 202.102.128.0 255.255.192.0 221.2.234.193
ip route 202.102.224.0 255.255.224.0 221.2.234.193
ip route 202.106.0.0 255.255.0.0 221.2.234.193
ip route 202.107.0.0 255.255.128.0 221.2.234.193
ip route 202.108.0.0 255.255.0.0 221.2.234.193
ip route 202.110.0.0 255.255.128.0 221.2.234.193
ip route 202.110.192.0 255.255.192.0 221.2.234.193
ip route 202.111.128.0 255.255.192.0 221.2.234.193
ip route 202.127.112.0 255.255.240.0 221.2.234.193
ip route 202.142.16.0 255.255.240.0 221.2.234.193
ip route 203.93.0.0 255.255.0.0 221.2.234.193
ip route 203.166.160.0 255.255.224.0 221.2.234.193
ip route 210.12.0.0 255.254.0.0 221.2.234.193
ip route 210.14.160.0 255.255.224.0 221.2.234.193
ip route 210.14.192.0 255.255.192.0 221.2.234.193
ip route 210.15.0.0 255.255.128.0 221.2.234.193
ip route 210.15.128.0 255.255.192.0 221.2.234.193
ip route 210.21.0.0 255.255.0.0 221.2.234.193
ip route 210.22.0.0 255.255.0.0 221.2.234.193
ip route 210.51.0.0 255.255.0.0 221.2.234.193
ip route 210.52.0.0 255.254.0.0 221.2.234.193
ip route 210.74.96.0 255.255.224.0 221.2.234.193
ip route 210.74.128.0 255.255.224.0 221.2.234.193
ip route 210.75.144.0 255.255.240.0 221.2.234.193
ip route 210.76.160.0 255.255.224.0 221.2.234.193
ip route 210.78.0.0 255.255.224.0 221.2.234.193
ip route 210.82.0.0 255.254.0.0 221.2.234.193
ip route 211.152.32.0 255.255.224.0 221.2.234.193
ip route 218.7.0.0 255.255.0.0 221.2.234.193
ip route 218.8.0.0 255.252.0.0 221.2.234.193
ip route 218.12.0.0 255.255.0.0 221.2.234.193
ip route 218.21.128.0 255.255.128.0 221.2.234.193
ip route 218.24.0.0 255.252.0.0 221.2.234.193
ip route 218.28.0.0 255.254.0.0 221.2.234.193
ip route 218.56.0.0 255.252.0.0 221.2.234.193
ip route 218.60.0.0 255.254.0.0 221.2.234.193
ip route 218.62.0.0 255.255.128.0 221.2.234.193
ip route 218.67.128.0 255.255.128.0 221.2.234.193
ip route 218.68.0.0 255.254.0.0 221.2.234.193
ip route 218.104.0.0 255.252.0.0 221.2.234.193
ip route 219.154.0.0 255.254.0.0 221.2.234.193
ip route 219.156.0.0 255.254.0.0 221.2.234.193
ip route 219.158.0.0 255.255.0.0 221.2.234.193
ip route 219.159.0.0 255.255.192.0 221.2.234.193
ip route 220.114.204.0 255.255.252.0 221.2.234.193
ip route 220.114.208.0 255.255.248.0 221.2.234.193
ip route 220.114.216.0 255.255.252.0 221.2.234.193
ip route 220.114.220.0 255.255.254.0 221.2.234.193
ip route 220.248.0.0 255.252.0.0 221.2.234.193
ip route 220.252.0.0 255.255.0.0 221.2.234.193
ip route 221.0.0.0 255.248.0.0 221.2.234.193
ip route 221.8.0.0 255.252.0.0 221.2.234.193
ip route 221.12.0.0 255.255.128.0 221.2.234.193
ip route 221.12.128.0 255.255.192.0 221.2.234.193
ip route 221.13.0.0 255.255.0.0 221.2.234.193
ip route 221.14.0.0 255.254.0.0 221.2.234.193
ip route 221.192.0.0 255.252.0.0 221.2.234.193
ip route 221.196.0.0 255.254.0.0 221.2.234.193
ip route 221.198.0.0 255.255.0.0 221.2.234.193
ip route 221.199.0.0 255.255.128.0 221.2.234.193
ip route 221.199.128.0 255.255.192.0 221.2.234.193
ip route 221.199.192.0 255.255.240.0 221.2.234.193
ip route 221.199.224.0 255.255.224.0 221.2.234.193
ip route 221.200.0.0 255.248.0.0 221.2.234.193
ip route 221.208.0.0 255.240.0.0 221.2.234.193
ip route 222.128.0.0 255.240.0.0 221.2.234.193
ip route 222.160.0.0 255.252.0.0 221.2.234.193 /*以上为到网通的静态路由
!
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool ChinaNetPool e.f.g.h e.f.g.h netmask 255.255.255.248 /*电信地址池
ip nat pool CNCPool a.b.c.d a.b.c.d netmask 255.255.255.248 /*网通地址池
ip nat inside source list 1 pool ChinaNetPool overload /*动态聚合地址转换(NAT)--到电信
ip nat inside source list 2 pool CNCPool overload /*动态聚合地址转换(NAT)--到网通
!
logging trap debugging
access-list 1 remark SDM_ACL Category=2 /*可NAT到电信的ACL
access-list 1 permit any
access-list 2 remark SDM_ACL Category=2 /*可NAT到网通的ACL
access-list 2 permit any
no cdp run
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!
scheduler allocate 4000 1000
end
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。