双出口NAT配置,
1.1.1.1网段访问4.4.4.4网段,默认走R2.如果走R2那条线路出现故障,则切换为走R3.
11.11.11.11网段访问4.4.4.4网段,默认走R3.如果走R3那条线路出现故障,则切换为走R2.
一.基本配置
R5
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Loopback1
ip address 11.11.11.11 255.255.255.255
!
interface FastEthernet0/0
ip address 15.15.15.5 255.255.255.0
!
router ospf 1
network 0.0.0.0 255.255.255.255 area 0
R1
interface Serial0/0
ip address 12.12.12.1 255.255.255.0
!
interface Serial0/1
ip address 13.13.13.1 255.255.255.0
!
interface FastEthernet1/0
ip address 15.15.15.1 255.255.255.0
!
router ospf 1
network 0.0.0.0 255.255.255.255 area 0
R2
interface Serial0/0
ip address 12.12.12.2 255.255.255.0
!
interface Serial0/1
ip address 24.24.24.2 255.255.255.0
!
router ospf 1
network 12.12.12.2 0.0.0.0 area 0
default-information originate
!
ip route 0.0.0.0 0.0.0.0 24.24.24.4
R3
interface Serial0/0
ip address 13.13.13.3 255.255.255.0
!
interface Serial0/1
ip address 34.34.34.3 255.255.255.0
!
router ospf 1
network 13.13.13.3 0.0.0.0 area 0
default-information originate
!
ip route 0.0.0.0 0.0.0.0 34.34.34.4
R4
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface Serial0/0
ip address 24.24.24.4 255.255.255.0
!
interface Serial0/1
ip address 34.34.34.4 255.255.255.0
二.NAT配置
R2,R3
interface Serial0/0
ip nat inside
!
interface Serial0/1
ip nat outside
!
ip nat inside source list 1 interface Serial0/1 overload
!
access-list 1 permit 1.1.1.1
access-list 1 permit 11.11.11.11
!
三.策略路由配置
R1
interface FastEthernet1/0
ip policy route-map abc
!
access-list 1 permit 1.1.1.1
access-list 11 permit 11.11.11.11
!
route-map abc permit 10
match ip address 1
match interface Serial0/0
!同时满足这两个条件,才set下一跳到12.12.12.2
!若匹配了ACL1,但接口down,则不匹配第二个条件,于是不满足route-map abc permit 10
!继续向下匹配ACL1,只有route-map abc permit 40才匹配ACL1
!于是服从route-map abc permit 40所set的下一跳
set ip next-hop 12.12.12.2
!
route-map abc permit 20
match ip address 11
match interface Serial0/1
set ip next-hop 13.13.13.3
!
route-map abc permit 30
match ip address 11
set ip next-hop 12.12.12.2
!
route-map abc permit 40
match ip address 1
set ip next-hop 13.13.13.3
!
四.正常情况下测试
R5#traceroute 4.4.4.4 so l 0
Type escape sequence to abort.
Tracing the route to 4.4.4.4
1 15.15.15.1 28 msec 76 msec 32 msec
2 12.12.12.2 76 msec 60 msec 16 msec
3 24.24.24.4 92 msec * 116 msec
R5#traceroute 4.4.4.4 so l 1
Type escape sequence to abort.
Tracing the route to 4.4.4.4
1 15.15.15.1 60 msec 68 msec 40 msec
2 13.13.13.3 24 msec 48 msec 104 msec
3 34.34.34.4 224 msec * 48 msec
五.链路发生故障时,测试
R5#ping 4.4.4.4 so l 0 r 100000
Type escape sequence to abort.
Sending 100000, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!..............!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
R5#traceroute 4.4.4.4 so l 1
Type escape sequence to abort.
Tracing the route to 4.4.4.4
1 15.15.15.1 48 msec 60 msec 32 msec
2 13.13.13.3 60 msec 24 msec 36 msec
3 34.34.34.4 84 msec * 76 msec