图1-1 需求:如图1-1,R1上有两个环回口模拟私网,在R2上进行NAT转换,R3,R4分别模拟两个不同的运营商,电信和网通,R5上的环回口模拟公网。 要求内网loop0平常访问公网NAT走R3,当R3的E0/1口down了,自动切换到E0/2 内网loop1平常访问公网NAT走R4,当R3的E0/2口down了,自动切换到E0/1
第一步配置基本3层连通性 R2: ip route 0.0.0.0 0.0.0.0 Ethernet0/1 23.1.1.3 //加上下一跳地址模仿点到点,不然三层连通性失败,当然你也可以用串口 iproute 0.0.0.0 0.0.0.0 Ethernet0/2 23.1.1.4 iproute 192.168.1.0 255.255.255.0 Ethernet0/0 iproute 192.168.2.0 255.255.255.0 Ethernet0/0
R1:ip default-gateway 172.16.1.2
R3、R4、R5配置OSPF,略过 最后检测一下R3的E0/1、E0/2 ping 5.5.5.5是否联通
第二步设置策略路由,并且调用
route-mapCCIE permit 10 match ipaddress 10 //匹配192.168.1.00.0.0.255的路由 match interfaceEthernet0/1 //检测E0/1是否up set interface Ethernet0/1 //以上两条都符合就把下一跳设置为E0/1,如果E0/1down了,这时候就会选择缺省路由的另一个下一跳了 ! route-mapCCIE permit 20 match ip address 20 match interface Ethernet0/2 set interface Ethernet0/2 ! interfaceEthernet0/0 ip address 172.16.1.2 255.255.255.252 ip nat inside ip virtual-reassembly in ip policyroute-map CCIE //接口调用 end
access-list10 permit 192.168.1.0 0.0.0.255 access-list20 permit 192.168.2.0 0.0.0.255
第三步配置NAT 主备份 NAT的route-map: route-mapnat1_active permit 10 match ip address 10 match interface Ethernet0/1 route-mapnat1_backup permit 10 match ipaddress 10 //加不加 match nterface Ethernet0/2 都行 ! route-mapnat2_active permit 10 match ip address 20 match interface Ethernet0/2 ! route-mapnat2_backup permit 10 match ip address 20
nat中调用route-map ip natinside source route-map nat1_active interface Ethernet0/1 overload ip natinside source route-map nat1_backup interface Ethernet0/2 overload ip natinside source route-map nat2_active interface Ethernet0/2 overload ip natinside source route-map nat2_backup interface Ethernet0/1 overload
接口开启NAT interfaceEthernet0/1 ip address 23.1.1.2 255.255.255.0 ip nat outside ip virtual-reassembly in ! interfaceEthernet0/2 ip address 24.1.1.2 255.255.255.0 ip nat outside ip virtual-reassembly in
测试 ping 5.5.5.5 sou loop0/loop1
Shutdown R2的E0/1,测试备份
noshut掉R3的E0/1,shut掉R3E0/2
| 
QQ群⑧:
窥视卡
雷达卡
发表于 2016-4-6 10:04:22
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡