有感:静态路由-多链路出口_静态路由nat

 

说明:所有设备使用思科路由器模拟

      R1和R2属于企业内网路由器;

      R3属于电信网络;简称线路A;3.3.3.3/32代表电信网络IP

      R4属于联通等其他网络;简称线路B;4.4.4.4/32代表联通等其他网络IP

      配置目的:使用静态路由实现:访问联通等其他网络的数据走线路B,访问电信的数据走线路A

                线路B故障自动变更到线路A,线路A故障自动变更到线路B

      使用到的一些技术:静态路由;NAT;SLA等

 

R1 配置:

  

en

conf t

hostname R1

enable secret cisco

line vty 0 4

 no login

 exit

no ip domain-lookup

int lo0

 ip add 1.1.1.1 255.255.255.255

 exit

int e1/0

 ip add 192.168.12.1 255.255.255.0

 ip nat inside

 no shut

 exit

int e1/1

 ip add 192.168.13.1 255.255.255.0

 ip nat outside

 no shut

 exit

int e1/2

 ip add 192.168.14.1 255.255.255.0

 ip nat outside

 no shut

 exit

 

router ospf 123   /*定义内网路由协议,让R2可以获得相关路由信息*/

 router-id 1.1.1.1

 network 192.168.12.1 0.0.0.0 area 0

 network 1.1.1.1 0.0.0.0 area 0

 default-in ori always

 exit

 

/*定义sla(使用默认参数配置)和track给静态路由条目进行线路检测*/

ip sla 13

   icmp-echo 192.168.13.3 source-ip 192.168.13.1

   exit

ip sla 14

   icmp-echo 192.168.14.4 source-ip 192.168.14.1

      exit

track 13 rtr 13 reachability

 exit

track 14 rtr 14 reachability

 exit

ip route 4.4.4.4 255.255.255.255 192.168.14.4   /*添加联通等网络静态路由*/

ip route 0.0.0.0 0.0.0.0 192.168.13.3 track 13  /*其他默认走电信线路*/

ip route 0.0.0.0 0.0.0.0 192.168.14.4 track 14 14 /*当电信线路故障时走联通等线路*/

 

/*NAT配置*/

 

1.定义next-hop地址:

access-list 13 permit host 192.168.13.3

access-list 14 permit host 192.168.14.4

2.定义nat地址转换所需acl:

access-list 130 permit ip host 2.2.2.2 any    /*主机地址2.2.2.2模拟内网网段*/

access-list 140 permit ip host 2.2.2.2 any

3.定义route-map所需转换NAT

route-map 13

 match ip add 130

 match ip next-hop 13

 exit

route-map 14

 match ip add 140

 match ip next-hop 14

 exit

4.定义IP NAT

 ip nat inside source route-map 13 interface e1/1 over

 ip nat inside source route-map 14 interface e1/2 over

 

到此,R1配置完成;

 

R2

en

conf t

hostname R2

line vty 0 4

 no login

 exit

enable secret cisco

int lo0

 ip add 2.2.2.2 255.255.255.255

 exit

int e1/0

 ip add 192.168.12.2 255.255.255.0

 no shut

 exit

router ospf 123

 router-id 2.2.2.2

 network 2.2.2.2 0.0.0.0 area 0

 network 192.168.12.2 0.0.0.0 area 0

 exit

 

R3

en

conf t

hostname R3

line vty 0 4

 no login

 exit

enable secret cisco

int lo0

 ip add 3.3.3.3 255.255.255.255

 exit

int e1/1

 ip add 192.168.13.3 255.255.255.0

 no shut

 exit

int e1/0

 ip add 192.168.34.3 255.255.255.0

 no shut

 exit

/*模拟isp内网*/

router ospf 123

 router-id 3.3.3.3 

 network 3.3.3.3 0.0.0.0 area 0

 network 192.168.34.3 0.0.0.0 area 0

 exit

 

R4

 

en

conf t

hostname R4

line vty 0 4

 no login

 exit

enable secret cisco

int lo0

 ip add 4.4.4.4 255.255.255.255

 exit

int e1/2

 ip add 192.168.14.4 255.255.255.0

 no shut

 exit

int e1/0

 ip add 192.168.34.4 255.255.255.0

 no shut

 exit

/*模拟isp内网*/

router ospf 123

 router-id 4.4.4.4

 network 4.4.4.4 0.0.0.0 area 0

 network 192.168.34.4 0.0.0.0 area 0

 exit

 

效果:

 

达到实验目的:

1.访问电信线路时R1将内网地址NAT为192.168.13.1;访问联通等其他线路时R1将内网地址NAT为192.168.14.1

2.线路故障时,实现线路自动切换;