NAT双出口的热备份
图1-1需求:如图1-1,R1上有两个环回口模拟私网,在R2上进行NAT转换,R3,R4分别模拟两个不同的运营商,电信和网通,R5上的环回口模拟公网。 要求内网loop0平常访问公网NAT走R3,当R3的E0/1口down了,自动切换到E0/2 内网loop1平常访问公网NAT走R4,当R3的E0/2口down了,自动切换到E0/1
第一步配置基本3层连通性R2:ip route 0.0.0.0 0.0.0.0 Ethernet0/1 23.1.1.3 //加上下一跳地址模仿点到点,不然三层连通性失败,当然你也可以用串口iproute 0.0.0.0 0.0.0.0 Ethernet0/2 23.1.1.4iproute 192.168.1.0 255.255.255.0 Ethernet0/0iproute 192.168.2.0 255.255.255.0 Ethernet0/0
R1:ip default-gateway 172.16.1.2
R3、R4、R5配置OSPF,略过最后检测一下R3的E0/1、E0/2 ping 5.5.5.5是否联通
第二步设置策略路由,并且调用
route-mapCCIE permit 10 match ipaddress 10 //匹配192.168.1.00.0.0.255的路由 match interfaceEthernet0/1//检测E0/1是否up set interface Ethernet0/1 //以上两条都符合就把下一跳设置为E0/1,如果E0/1down了,这时候就会选择缺省路由的另一个下一跳了!route-mapCCIE permit 20 match ip address 20 match interface Ethernet0/2 set interface Ethernet0/2!interfaceEthernet0/0 ip address 172.16.1.2 255.255.255.252 ip nat inside ip virtual-reassembly in ip policyroute-map CCIE //接口调用end
access-list10 permit 192.168.1.0 0.0.0.255access-list20 permit 192.168.2.0 0.0.0.255
第三步配置NAT 主备份NAT的route-map:route-mapnat1_active permit 10 match ip address 10 match interface Ethernet0/1route-mapnat1_backup permit 10 match ipaddress 10//加不加 match nterface Ethernet0/2 都行!route-mapnat2_active permit 10 match ip address 20 match interface Ethernet0/2!route-mapnat2_backup permit 10 match ip address 20
nat中调用route-mapip natinside source route-map nat1_active interface Ethernet0/1 overloadip natinside source route-map nat1_backup interface Ethernet0/2 overloadip natinside source route-map nat2_active interface Ethernet0/2 overloadip natinside source route-map nat2_backup interface Ethernet0/1 overload
接口开启NATinterfaceEthernet0/1 ip address 23.1.1.2 255.255.255.0 ip nat outside ip virtual-reassembly in!interfaceEthernet0/2 ip address 24.1.1.2 255.255.255.0 ip nat outside ip virtual-reassembly in
测试ping 5.5.5.5 sou loop0/loop1
Shutdown R2的E0/1,测试备份
noshut掉R3的E0/1,shut掉R3E0/2
页:
[1]