思科路由器双ISP+SLA+Route-map NAT配置测试（思科路由器双wan口负载均衡）

思科路由器双ISP+SLA+Route-map NAT配置测试（思科路由器双wan口负载均衡）

一.实验目标及拓扑

1.目标

内网只有172.16.1.0/24一个网段，双链路都正常的情况下，主机172.16.1.2走电信接口出公网，其他走联通接口出公网，当任意一条出口链路出现故障时，能保证内网所有主机能从未出故障的线路出公网。

2.拓扑

二.基本配置

1.Internet路由器

hostname Internet

interface Loopback0

ip address 100.100.100.100 255.255.255.0

interface Ethernet0/0

ip address 202.100.1.2 255.255.255.252

no shutdown

interface Ethernet0/1

ip address 61.128.1.2 255.255.255.252

no shutdown

ip route 192.168.1.0 255.255.255.0 61.128.1.1

ip route 192.168.11.0 255.255.255.0 202.100.1.1

line vty 0 4

password Cisco

login

2.Unicom路由器

hostname Unicom

interface Ethernet0/0

ip address 192.168.11.1 255.255.255.0

no shutdown

interface Ethernet0/1

ip address 202.100.1.1 255.255.255.252

no shutdown

ip route 0.0.0.0 0.0.0.0 202.100.1.2

3.Telecom路由器

hostname Telecom

interface Ethernet0/0

ip address 192.168.1.1 255.255.255.0

no shutdown

interface Ethernet0/1

ip address 61.128.1.1 255.255.255.252

no shutdown

ip route 0.0.0.0 0.0.0.0 61.128.1.1

4.Router路由器

hostname Router

interface Ethernet0/0

ip address 192.168.11.12 255.255.255.0

no shutdown

interface Ethernet0/1

ip address 192.168.1.12 255.255.255.0

no shutdown

interface Ethernet0/2

ip address 172.16.1.1 255.255.255.0

no shutdown

三.Router路由器的其他配置

1.浮动路由配置

---思路：默认路由走联通，当联通的线路出现故障时，走电信。

ip sla 2

icmp-echo 192.168.11.1 source-ip 192.168.11.12

frequency 10

ip sla schedule 1 life forever start-time now

track 2 ip sla 2 reachability

ip route 0.0.0.0 0.0.0.0 192.168.11.1 10 track 2

ip route 0.0.0.0 0.0.0.0 192.168.1.1 254

2.策略路由配置

---思路：

ip sla 1

icmp-echo 192.168.1.1 source-ip 192.168.1.12

frequency 10

ip sla schedule 1 life forever start-time now

track 1 ip sla 1 reachability

ip access-list extended telecom-lan

permit ip host 172.16.1.2 any

route-map pbr permit 10

match ip address telecom-lan

set ip next-hop verify-availability 192.168.1.1 1 track 1

set ip next-hop verify-availability 192.168.11.1 2 track 2

interface Ethernet0/2

ip policy route-map pbr

3.NAT配置

---思路：

ip access-list extended telecom

permit ip any any

route-map unicom permit 10

match ip address unicom

match interface Ethernet0/0

ip access-list extended unicom

permit ip any any

route-map telecom permit 10

match ip address telecom

match interface Ethernet0/1

ip nat inside source route-map telecom interface Ethernet0/1 overload

ip nat inside source route-map unicom interface Ethernet0/0 overload

四.验证

1.PC1路由器telnet 100.100.100.100显示的源地址为电信接口地址

PC1#telnet 100.100.100.100

Trying 100.100.100.100 ... Open

User Access Verification

Password:

Internet>show users

Line       User       Host(s)              Idle       Location

0 con 0                idle                 00:00:49

*  2 vty 0                idle                 00:00:00 192.168.1.12

Interface    User               Mode         Idle     Peer Address

Internet>exit

2.PC2路由器telnet 100.100.100.100显示的源地址为联通接口地址

PC2#telnet 100.100.100.100

Trying 100.100.100.100 ... Open

User Access Verification

Password:

Internet>show users

Line       User       Host(s)              Idle       Location

0 con 0                idle                 00:03:48

*  2 vty 0                idle                 00:00:00 192.168.11.12

Interface    User               Mode         Idle     Peer Address

Internet>exit

3.关闭Telnecom路由器的E0/0接口，在Router路由器上可以看到sla 1 down

Telecom(config)#int e0/0

Telecom(config-if)#shu

Telecom(config-if)#shutdown

Telecom(config-if)#

Router(config)#

*May  7 15:01:34.842: %TRACK-6-STATE: 1 ip sla 1 reachability Up -> Down

Router(config)#

4.PC1路由器再次telnet 100.100.100.100显示的源地址为联通接口的IP地址

PC1#telnet 100.100.100.100

Trying 100.100.100.100 ... Open

User Access Verification

Password:

Internet>show users

Line       User       Host(s)              Idle       Location

0 con 0                idle                 00:06:00

*  2 vty 0                idle                 00:00:00 192.168.11.12

Interface    User               Mode         Idle     Peer Address

Internet>exit

5.恢复Telecom路由器的接口

Telecom(config-if)#no shutdown

Telecom(config-if)#

*May  7 15:05:59.630: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up

*May  7 15:06:00.630: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to up

Telecom(config-if)#

Router(config)#

*May  7 15:06:20.082: %TRACK-6-STATE: 1 ip sla 1 reachability Down -> Up

Router(config)#

6.关闭Unicom路由器的E0/0接口

Unicom(config)#int e0/0

Unicom(config-if)#shutdown

Unicom(config-if)#

*May  7 15:07:30.457: %LINK-5-CHANGED: Interface Ethernet0/0, changed state to administratively down

*May  7 15:07:31.462: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to down

Unicom(config-if)#

Router(config)#

*May  7 15:07:45.164: %TRACK-6-STATE: 2 ip sla 2 reachability Up -> Down

Router(config)#

7.路由器再次telnet 100.100.100.100显示的源地址为电信接口的IP地址

PC2#telnet 100.100.100.100

Trying 100.100.100.100 ... Open

User Access Verification

Password:

Internet>show users

Line       User       Host(s)              Idle       Location

0 con 0                idle                 00:11:23

*  2 vty 0                idle                 00:00:00 192.168.1.12

Interface    User               Mode         Idle     Peer Address

Internet>exit

五.EVE中Route使用早期版本的配置

---备注IOS文件使用的是c3725-advsecurityk9-mz.124-25d.image。

1.浮动路由配置---思路：默认路由走联通，监控联通线路，当其出现故障时，走电信。ip sla monitor 2 type echo protocol ipIcmpEcho 192.168.11.1 source-ipaddr 192.168.11.12 frequency 10ip sla monitor schedule 2 life forever start-time nowtrack 2 rtr 2 reachabilityip route 0.0.0.0 0.0.0.0 192.168.11.1 10 track 2ip route 0.0.0.0 0.0.0.0 192.168.1.1 2542.策略路由配置---思路：基于内网源地址进行策略路由，策略路由指定下一跳地址时调用trackip sla monitor 1 type echo protocol ipIcmpEcho 192.168.1.1 source-ipaddr 192.168.1.12 frequency 10ip sla monitor schedule 1 life forever start-time nowtrack 1 rtr 1 reachabilityip access-list extended telecom-lan    permit ip host 172.16.1.2 anyroute-map pbr permit 10    match ip address telecom-lan    set ip next-hop verify-availability 192.168.1.1 1 track 1    set ip next-hop verify-availability 192.168.11.1 2 track 2interface vlan1     ip policy route-map pbr3.NAT配置---思路：nat配置时调用route-map，同时匹配地址和接口interface FastEthernet0/0 ip address 192.168.11.12 255.255.255.0 ip nat outsideinterface FastEthernet0/1 ip address 192.168.1.12 255.255.255.0 ip nat outsideinterface vlan1 ip nat insideip access-list extended lan    permit ip 172.16.1.0 0.0.0.255 anyroute-map unicom permit 10    match ip address  lan    match interface f0/0route-map telecom permit 10    match ip address  lan    match interface f0/1ip nat inside source route-map unicom interface FastEthernet0/0 overloadip nat inside source route-map telecom interface FastEthernet0/1 overload

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。