实验要求:
1、 实现SLA、PBR、NAT
2、 192.168.1.0/24的主机访问外网下一跳为R3;
192.168.2.0/24的主机访问外网下一跳为R4;
并且互为备份
配置:
R2:
interface f1/0
ip address 23.0.0.2 255.0.0.0
ip nat outside
interface f2/0
ip address 24.0.0.2 255.0.0.0
ip nat outside
Interface f0/0
ip address 12.0.0.2 255.0.0.0
ip nat inside
ip policy route-map cisco
一、设置SLA及PBR:
access-list 1 permit 23.0.0.3
access-list 2 permit 24.0.0.4
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 20 permit 192.168.2.0 0.0.0.255
access-list 100 permit ip any any
ip sla monitor 1 (ip sla monitor可用rtr替代)
type echo protocol ipIcmpEcho 23.0.0.3 source-interface f1/0
frequency 5
ip sla monitor schedule 1 life forever start-time now
ip sla monitor 2
type echo protocol ipIcmpEcho 24.0.0.4 source-interface f2/0
frequency 5
ip sla monitor schedule 2 life forever start-time now
track 1 rtr 1 reachability 设置跟踪1 监控可达性
track 2 rtr 2 reachability 设置跟踪2 监控可达性
route-map cisco permit 10 建立route-map
match ip address 10
set ip next-hop verify-availability 23.0.0.3 1 track 1
set ip next-hop verify-availability 24.0.0.4 2 track 2
设定若下一跳存活则下一跳为23.0.0.3【ISP1】并进行对端下一跳跟踪
设定若下一跳存活则下一跳为24.0.0.4【ISP2】并进行对端下一跳跟踪
(track前的1和2为管理距离)
route-map cisco permit 20
match ip address 20
set ip next-hop verify-availability 24.0.0.4 1 track 2
set ip next-hop verify-availability 23.0.0.3 2 track 1
设定若下一跳存活则下一跳为24.0.0.4 【ISP2】并进行对端下一跳跟踪
设定若下一跳存活则下一跳为23.0.0.3 【ISP1】并进行对端下一跳跟踪
(track前的1和2为管理距离)
二、NAT配置:
!
route-map nat2 permit 10 建立NAT route-map 设置满足条件下一跳为R1[ISP2]
match ip address 100
match ip next-hop 2 (acl号)
!
route-map nat1 permit 10 建立NAT route-map 设置满足条件下一跳为R2[ISP1]
match ip address 100
match ip next-hop 1 (acl号)
ip nat inside source route-map nat1 interface f1/0 overload
当下一跳为R2【ISP1】将IP转化成f1/0
ip nat inside source route-map nat2 interface f2/0 overload
当下一跳为R1【ISP2】将IP转化成f2/0
ip route 192.168.1.0 255.255.255.0 12.0.0.1
ip route 192.168.2.0 255.255.255.0 12.0.0.1
试验结果测试:
在内网主机上分别在接口断开前后测试
traceroute 23.0.0.3
traceroute 24.0.0.4
或:(在R2上启用debug ip nat)
Ping 45.0.0.4
Ping 45.0.0.5
