标签：0.0 map 00 100.100 Route ISP 192.168 ip address

一.实验目标及拓扑

1.目标

内网只有172.16.1.0/24一个网段，双链路都正常的情况下，主机172.16.1.2走电信接口出公网，其他走联通接口出公网，当任意一条出口链路出现故障时，能保证内网所有主机能从未出故障的线路出公网。

2.拓扑

二.基本配置

1.Internet路由器

hostname Internet

interface Loopback0

    ip address 100.100.100.100 255.255.255.0

interface Ethernet0/0

    ip address 202.100.1.2 255.255.255.252

    no shutdown

interface Ethernet0/1

    ip address 61.128.1.2 255.255.255.252

    no shutdown

ip route 192.168.1.0 255.255.255.0 61.128.1.1

ip route 192.168.11.0 255.255.255.0 202.100.1.1

line vty 0 4

    password Cisco

    login

2.Unicom路由器

hostname Unicom

interface Ethernet0/0

    ip address 192.168.11.1 255.255.255.0

    no shutdown

interface Ethernet0/1

    ip address 202.100.1.1 255.255.255.252

    no shutdown

ip route 0.0.0.0 0.0.0.0 202.100.1.2

3.Telecom路由器

hostname Telecom

interface Ethernet0/0

    ip address 192.168.1.1 255.255.255.0

    no shutdown

interface Ethernet0/1

    ip address 61.128.1.1 255.255.255.252

    no shutdown

ip route 0.0.0.0 0.0.0.0 61.128.1.1

4.Router路由器

hostname Router

interface Ethernet0/0

    ip address 192.168.11.12 255.255.255.0

    no shutdown

interface Ethernet0/1

    ip address 192.168.1.12 255.255.255.0

    no shutdown

interface Ethernet0/2

    ip address 172.16.1.1 255.255.255.0

    no shutdown

三.Router路由器的其他配置

1.浮动路由配置

---思路：默认路由走联通，当联通的线路出现故障时，走电信。

ip sla 2

    icmp-echo 192.168.11.1 source-ip 192.168.11.12

    frequency 10

ip sla schedule 1 life forever start-time now

track 2 ip sla 2 reachability

ip route 0.0.0.0 0.0.0.0 192.168.11.1 10 track 2

ip route 0.0.0.0 0.0.0.0 192.168.1.1 254

2.策略路由配置

---思路：基于内网源地址进行策略路由，策略路由指定下一跳地址时调用track

ip sla 1

    icmp-echo 192.168.1.1 source-ip 192.168.1.12

    frequency 10

ip sla schedule 1 life forever start-time now

track 1 ip sla 1 reachability

ip access-list extended telecom-lan

    permit ip host 172.16.1.2 any

route-map pbr permit 10

    match ip address telecom-lan

    set ip next-hop verify-availability 192.168.1.1 1 track 1

    set ip next-hop verify-availability 192.168.11.1 2 track 2

interface Ethernet0/2

     ip policy route-map pbr

3.NAT配置

---思路：基于内网源地址进行策略路由，策略路由指定下一跳地址时调用track

ip access-list extended telecom

    permit ip any any

route-map unicom permit 10

    match ip address unicom

    match interface Ethernet0/0

ip access-list extended unicom

    permit ip any any

route-map telecom permit 10

    match ip address telecom

    match interface Ethernet0/1

ip nat inside source route-map telecom interface Ethernet0/1 overload

ip nat inside source route-map unicom interface Ethernet0/0 overload

四.验证

1.PC1路由器telnet 100.100.100.100显示的源地址为电信接口地址

PC1#telnet 100.100.100.100

Trying 100.100.100.100 ... Open

User Access Verification

Password:

Internet>show users

    Line       User       Host(s)              Idle       Location

   0 con 0                idle                 00:00:49   

*  2 vty 0                idle                 00:00:00 192.168.1.12

  Interface    User               Mode         Idle     Peer Address

Internet>exit

2.PC2路由器telnet 100.100.100.100显示的源地址为联通接口地址

PC2#telnet 100.100.100.100

Trying 100.100.100.100 ... Open

User Access Verification

Password:

Internet>show users

    Line       User       Host(s)              Idle       Location

   0 con 0                idle                 00:03:48   

*  2 vty 0                idle                 00:00:00 192.168.11.12

  Interface    User               Mode         Idle     Peer Address

Internet>exit

3.关闭Telnecom路由器的E0/0接口，在Router路由器上可以看到sla 1 down

Telecom(config)#int e0/0

Telecom(config-if)#shu

Telecom(config-if)#shutdown

Telecom(config-if)#

Router(config)#

*May  7 15:01:34.842: %TRACK-6-STATE: 1 ip sla 1 reachability Up -> Down

Router(config)#

4.PC1路由器再次telnet 100.100.100.100显示的源地址为联通接口的IP地址

PC1#telnet 100.100.100.100

Trying 100.100.100.100 ... Open

User Access Verification

Password:

Internet>show users

    Line       User       Host(s)              Idle       Location

   0 con 0                idle                 00:06:00   

*  2 vty 0                idle                 00:00:00 192.168.11.12

  Interface    User               Mode         Idle     Peer Address

Internet>exit

5.恢复Telecom路由器的接口

Telecom(config-if)#no shutdown

Telecom(config-if)#

*May  7 15:05:59.630: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up

*May  7 15:06:00.630: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to up

Telecom(config-if)#

Router(config)#

*May  7 15:06:20.082: %TRACK-6-STATE: 1 ip sla 1 reachability Down -> Up

Router(config)#

6.关闭Unicom路由器的E0/0接口

Unicom(config)#int e0/0

Unicom(config-if)#shutdown

Unicom(config-if)#

*May  7 15:07:30.457: %LINK-5-CHANGED: Interface Ethernet0/0, changed state to administratively down

*May  7 15:07:31.462: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to down

Unicom(config-if)#

Router(config)#

*May  7 15:07:45.164: %TRACK-6-STATE: 2 ip sla 2 reachability Up -> Down

Router(config)#

7.路由器再次telnet 100.100.100.100显示的源地址为电信接口的IP地址

PC2#telnet 100.100.100.100

Trying 100.100.100.100 ... Open

User Access Verification

Password:

Internet>show users

    Line       User       Host(s)              Idle       Location

   0 con 0                idle                 00:11:23   

*  2 vty 0                idle                 00:00:00 192.168.1.12

  Interface    User               Mode         Idle     Peer Address

Internet>exit

五.EVE中Route使用早期版本的配置

---备注IOS文件使用的是c3725-advsecurityk9-mz.124-25d.image。

1.浮动路由配置
---思路：默认路由走联通，监控联通线路，当其出现故障时，走电信。
ip sla monitor 2
type echo protocol ipIcmpEcho 192.168.11.1 source-ipaddr 192.168.11.12
frequency 10
ip sla monitor schedule 2 life forever start-time now
track 2 rtr 2 reachability
ip route 0.0.0.0 0.0.0.0 192.168.11.1 10 track 2
ip route 0.0.0.0 0.0.0.0 192.168.1.1 254
2.策略路由配置
---思路：基于内网源地址进行策略路由，策略路由指定下一跳地址时调用track
ip sla monitor 1
type echo protocol ipIcmpEcho 192.168.1.1 source-ipaddr 192.168.1.12
frequency 10
ip sla monitor schedule 1 life forever start-time now
track 1 rtr 1 reachability
ip access-list extended telecom-lan
    permit ip host 172.16.1.2 any
route-map pbr permit 10
    match ip address telecom-lan
    set ip next-hop verify-availability 192.168.1.1 1 track 1
    set ip next-hop verify-availability 192.168.11.1 2 track 2
interface vlan1
     ip policy route-map pbr
3.NAT配置
---思路：nat配置时调用route-map，同时匹配地址和接口
interface FastEthernet0/0
ip address 192.168.11.12 255.255.255.0
ip nat outside
interface FastEthernet0/1
ip address 192.168.1.12 255.255.255.0
ip nat outside
interface vlan1
ip nat inside
ip access-list extended lan
    permit ip 172.16.1.0 0.0.0.255 any
route-map unicom permit 10
    match ip address  lan
    match interface f0/0
route-map telecom permit 10
    match ip address  lan
    match interface f0/1
ip nat inside source route-map unicom interface FastEthernet0/0 overload
ip nat inside source route-map telecom interface FastEthernet0/1 overload

标签：0.0,map,00,100.100,Route,ISP,192.168,ip,address
来源： https://blog.51cto.com/u_333234/2769360

本站声明： 1. iCode9 技术分享网（下文简称本站）提供的所有内容，仅供技术学习、探讨和分享；
2. 关于本站的所有留言、评论、转载及引用，纯属内容发起人的个人观点，与本站观点和立场无关；
3. 关于本站的所有言论和文字，纯属内容发起人的个人观点，与本站观点和立场无关；
4. 本站文章均是网友提供，不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属；如您发现该文章侵犯了您的权益，可联系我们第一时间进行删除；
5. 本站为非盈利性的个人网站，所有内容不会用来进行牟利，也不会利用任何形式的广告来间接获益，纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。