图1-1
需求:如图1-1,R1上有两个环回口模拟私网,在R2上进行NAT转换,R3,R4分别模拟两个不同的运营商,电信和网通,R5上的环回口模拟公网。
要求内网loop0平常访问公网NAT走R3,当R3的E0/1口down了,自动切换到E0/2
内网loop1平常访问公网NAT走R4,当R3的E0/2口down了,自动切换到E0/1
第一步配置基本3层连通性
R2:
ip route 0.0.0.0 0.0.0.0 Ethernet0/1 23.1.1.3 //加上下一跳地址模仿点到点,不然三层连通性失败,当然你也可以用串口
iproute 0.0.0.0 0.0.0.0 Ethernet0/2 23.1.1.4
iproute 192.168.1.0 255.255.255.0 Ethernet0/0
iproute 192.168.2.0 255.255.255.0 Ethernet0/0
R1:ip default-gateway 172.16.1.2
R3、R4、R5配置OSPF,略过
最后检测一下R3的E0/1、E0/2 ping 5.5.5.5是否联通
第二步设置策略路由,并且调用
route-mapCCIE permit 10
match ipaddress 10 //匹配192.168.1.00.0.0.255的路由
match interfaceEthernet0/1 //检测E0/1是否up
set interface Ethernet0/1 //以上两条都符合就把下一跳设置为E0/1,如果E0/1down了,这时候就会选择缺省路由的另一个下一跳了
!
route-mapCCIE permit 20
match ip address 20
match interface Ethernet0/2
set interface Ethernet0/2
!
interfaceEthernet0/0
ip address 172.16.1.2 255.255.255.252
ip nat inside
ip virtual-reassembly in
ip policyroute-map CCIE //接口调用
end
access-list10 permit 192.168.1.0 0.0.0.255
access-list20 permit 192.168.2.0 0.0.0.255
第三步配置NAT 主备份
NAT的route-map:
route-mapnat1_active permit 10
match ip address 10
match interface Ethernet0/1
route-mapnat1_backup permit 10
match ipaddress 10 //加不加 match nterface Ethernet0/2 都行
!
route-mapnat2_active permit 10
match ip address 20
match interface Ethernet0/2
!
route-mapnat2_backup permit 10
match ip address 20
nat中调用route-map
ip natinside source route-map nat1_active interface Ethernet0/1 overload
ip natinside source route-map nat1_backup interface Ethernet0/2 overload
ip natinside source route-map nat2_active interface Ethernet0/2 overload
ip natinside source route-map nat2_backup interface Ethernet0/1 overload
接口开启NAT
interfaceEthernet0/1
ip address 23.1.1.2 255.255.255.0
ip nat outside
ip virtual-reassembly in
!
interfaceEthernet0/2
ip address 24.1.1.2 255.255.255.0
ip nat outside
ip virtual-reassembly in
测试 ping 5.5.5.5 sou loop0/loop1
Shutdown R2的E0/1,测试备份
noshut掉R3的E0/1,shut掉R3E0/2
原文地址:http://yaotongshaonian.blog.51cto.com/11001675/1760382
